GSP_july_2007

Prisons Are Inundated with More than Cell Phone Contraband

For this article, we interviewed Megan Radcliffe, CCO, CCPA, a certified instructor for the State of Georgia, and the program manager for a digital forensics contractor to the Georgia Department of Corrections. The Lab has been active since 2018 and has changed the way the State of Georgia now handles contraband interdiction on its institution grounds. Read the full article here or watch our shortened video interview.

What are the biggest challenges you face when collecting contraband digital evidence?

When the Lab first started, we processed mostly contraband cell phones–the large, bulky kind from the flip-phone era, such as Nokia. Then there was a shift to basic smartphones. But over the last 2 years, everything’s become much more high-tech, such as the latest iPhones and Samsungs.

Inmates get them and they’re in good condition. They’re figuring out how to get them in and how to keep them in working condition and charged. As soon as we get one, we research “Okay, how did you get this in?” It’s a constant game of cat and mouse.

With Lab data, we’re able to hit them where it hurts when inmates use cellphones in prisons for drug conspiracy or other criminal activities.

Just the sheer number of devices! When the Lab first started, we saw 50 – 60 devices a month. Now we see 1,500 devices a month–and that’s just the ones that we find.

That includes cell phones, drones, tablets, SD cards, SIM cards, game consoles, cameras, Bluetooth devices, and hotspots. We’ve even gotten a couple of floppy disks. We see all types of digital devices that have the potential to store any kind of media files that have been confiscated from Georgia state correctional facilities.

Inmates are not allowed to have these items, but somehow they get their hands on them and do all kinds of illegal things with them.

The other big challenge is technology–it changes so rapidly. The devices change, the operating systems update and apps publish new releases. It’s really hard to keep up with it all.

Then there are the legal and ethical challenges. Inmates don’t have the same Fourth Amendment privacy rights that you and I have. We do have to be careful because correctional officers are dealing with people’s lives and private information. It’s a balance between collecting the evidence that we need, but not overstepping our bounds and violating other’s rights at the same time.

Why is there such a surge in devices coming to you to process?

First, prisons, like other organizations, have staffing shortages. They have inmates going on details who just have more access to contraband. Second, the GDC has a strong emphasis on shakedowns and interdictions, because they want to get more contraband out.

The GDC does shakedowns constantly. They have canine officers finding stuff in the woods, finding drops, finding people. It’s just constant. As a result, our Lab is critical to these activities because they rely on us to catalog, track, and download the numbers so they see what’s going on and how the inmates get the contraband in the first place.

Do you have a few examples of the more creative ways inmates smuggle these devices in?

Some devices are one-offs, like floppy disks, for example, or SD cards that are inside of legal mail. We had a couple take a legal letter, cut out a portion of it, put the SD card inside, tape it back together, and mail it. We’ve had some devices that were hidden inside of books, and inside an envelope with a piece of cardboard so that when you run the envelope through the X-ray machine, it just looks like a piece of cardboard.

We’ve even had some wireless devices delivered by drone! The drones fly in with a device attached and it’s dropped inside the yard. The device is just left in the yard. And then the inmate goes out during the day and picks it up and brings it inside.

Then there are the more straightforward methods, such as bribing correctional staff, paying them to bring them contraband. They pay visitors, vendors, and anyone they can think of. And as soon as that stops working, they move on to the next idea. It’s a constant game of whack-a-mole.

You said they’re getting wireless phones and electronic devices in working condition. What are they doing with these devices?

They’re definitely using them to access social media, that’s probably the bulk of the illegal cell phone use. They’re also using them to coordinate activities outside prison walls for things like drug conspiracy, human trafficking, prostitution, and planning assaults and murders.

Or there are communications of inmates or contact with family outside to plan escapes, blackmail victims, or run scams. They use them to intimidate witnesses and victims–anything they can think of that could further their criminal enterprise. And it’s all done from behind bars within institution grounds!

Are the inmates aware of the legal consequences of being caught with a device or using it to commit more crimes?

Yes, to some extent, but I don’t think they understand the legal ramifications they’re getting themselves into.

They think, “Oh, it’s just wireless phones. What’s the big deal?” They don’t understand that it’s not just wireless phone possession that’s the problem, it’s the crimes they commit with them.

It’s the additional victims’ pain and suffering they’re causing. We’re pushing the envelope on charges and hitting them with as much as we can.

How did the GDC handle contraband evidence before contracting with your Lab?

For a Georgia inmate, just having a device is considered a violation of the Georgia Administrative Code. It’s the same as having a shank, drugs, or any contraband activity.

Then if an inmate uses a device to communicate with the outside world–especially if they use it to facilitate a crime, such as setting up the next drug deal, or using it to get items into the facility, traffic victims, or whatever–those are all separate charges.

The GDC corrections officials didn’t have a way to track these violations or answer any of the “how” questions. They just didn’t know how big of a problem they had. Our lab has been able to measure and report the size of the problem.

What’s your contraband filing process?

Any wireless phone possession or device that comes in the door, whether it’s as small as an SD card or as big as a drone, gets dropped off at our lab. The first people who touch it are our intake and data entry. They receive the items and they go through the process. They go through the device, and they start entering all of that information in ERIN7. We primarily use two different modules: the case screen and the items screens.

Everything related to the case, who it’s associated with, when it was found, the case numbers, all of those things get entered in the case information.

On the item screen, they enter all of the identifiers, such as IMEIs and serial numbers, and make and model of the contraband phone or device. Every single piece of information can be seen within the paperwork and with each contraband wireless item.

Next, the case rolls over to our extraction team. They try to download data on the wireless phones and devices. We’ve built out Erin7 to capture all of our steps taken:

      • Programs that we used for the extractions

      • What we’re able to perform

      • Dates for each piece of information

      • Whether each step was successful

      • The type of data we get from the contraband cellphones or devices

    And while doing all of this, we’re also using the chain of custody aspect of ERIN to be able to show where these devices are moving physically within our lab, as well as the statuses that are associated with those moves.

    Lastly, it rolls over to our analysis team. We’ve also been able to build out ERIN7 to capture when analysis is being done, who is doing it, the types of case information that they’re able to find, and where we forward the information after the fact.

    After analysis, the very final step is when we check that device back out to either the agent or putting it in the mail to send back to the regional evidence room.

    We put all of the tracking numbers, locations, and dates for each step in ERIN.

    Tell us about the technology tools and techniques you use to overcome these challenges.

    Once we find the devices, we use a variety of forensic tools and software to extract the data from them. Then we enter anything and everything about the device and where it came from so it can be analyzed to discover:

        • Who is the inmate talking to?

        • What are they saying?

        • What are they planning?

        • What are they organizing?

      Our digital evidence management software tool of choice is ERIN7. It helps us report on questions like:

          • How many devices have we received weekly, monthly, and annually?

          • How large is this case?

          • How long did it take to enter?

        Recently, we started to utilize ERIN7 to track the gigs of data that come from these devices. All of this info is searchable, so it’s easy to build reports, answer questions, and make presentations, all just with a couple of clicks.

        How does ERIN7 help you with court testimony?

        We get subpoenaed quite often for cases. Yesterday I had two different associates in court testifying on their work. As we know, the justice system is not exactly fast. Yesterday’s court cases were from around 2020. There is usually a large difference in time between the work that we’ve done and when we go to court to testify and try the cases.

        Having everything in ERIN7 has really helped us store critical information and evidence for long periods, especially with the volume of information that we put into ERIN7. It helps us be ready when somebody calls up and says, “Hey, we’ve got court coming up, what do you have? Do you still have the people who work there? Do you still have any of the evidence?”

        ERIN7 helped us try to keep everything collected in a centralized location to answer a lot of those questions. When it comes to revisiting items, there have been plenty of times where, a year or two years ago, were asked to download a phone and we didn’t have the capability to do it at the time, based on technology and things like that. We’ve been asked to reprocess items, we’ve been able to get into them then.

        And having all those records in ERIN7, it’s nice to see, “okay, we tried it in 2020. This was the version number of the software that we tried to use at that time, and this is what we attempted, and this is why it failed.”

        Once we have all that information, then we use ERIN7 reporting tools to document it in a format for use in a court or hearing.

        How has working in ERIN7 evolved over the years since you originally installed the platform?

        We’ve been able to look at those records to give us an idea on what our success may be in today’s world. Way back when we were first starting, we didn’t track as much information in ERIN7 or as detailed of information. And over time, I kept getting similar questions.

        And so Dennis came to Georgia and sat with me one time, and I just hounded him with questions, “Can we do this? Can we do that? How can we do this, that, and the other.” He really helped me learn all of the different ways that you can build out ERIN7.

        That alone has changed the lab, like being able to customize it the way that you need it. The way that I use ERIN7 versus how a police department may use it are going to be vastly different.

        We’ve added all kinds of stuff. What type of a passcode is it? People will call and say, “Hey, I’ve actually got a passcode to this device.” They’ll give me a four digit number. We look at the case. It’s actually a pattern. “So you do not have the passcode. That is incorrect.”

        We get questions all day, every day. “Hey, I brought in a phone two years ago. Can you tell me where it’s at? Do you have any more information than that?” Since then, we’ve probably gotten in 10,000 devices. So the searching capabilities of ERIN7 are by far superior to anything else that we’ve tried to use.

        Before COVID we used three other items that were really duplicative to what were putting in ERIN7, but weren’t putting all the details in ERIN7. We were using PDFs and Excel worksheets to track things, and it was extremely hard to pull everything together. Nothing was searchable.

        When eventually, I was promoted to lab supervisor, I had a bit more authority to make changes. When I learned more of ERIN’s capabilities, Dennis taught me how more in-depth we could be going with it and the ways that you could be pulling data out of it.

        I went on a bit of a rampage with ERIN7. What started out as filling in about 20 windows of information, expanded to 60 to 80. But in doing that, we eliminated two or three other processes, PDFs and spreadsheets that were doing the same thing. We were putting in the same exact information, just in three different places that didn’t talk to one another and in a less efficient way. With ERIN7 we have grown tremendously and improved efficiency.

        Nowadays, when it comes to trying to kind of forecast what future questions might be, we reference questions asked in previous years. If I get the same question more than twice, I save that search in ERIN7 so it’s only a click away the next time. There’s been times when I’ve saved the actual data that I pulled out of ERIN7 into a folder. Sometimes, those become a common thing.

        We’ve got a couple of processes that we do on a weekly basis or a bi-weekly basis that we’ve built into ERIN7. And it makes work so much easier, so much more convenient and accurate. We’re not hand counting things anymore, We’re not keeping a tally sheet anymore. Or writing on a whiteboard. We got rid of the whiteboard when we got better with ERIN7. It brings you into modern world when you learn its capabilities.

        What are your favorite features in ERIN7?

        What I love most about ERIN7, is you can build different fields or different programs or systems so that everything is consistent. You don’t have all these variations of the same thing. Consistency made a world of difference when we started pushing everybody to use just ERIN7 and give up paper. It cleaned up so many problems and mistakes, and stats and data entry got more accurate.

        I’ve had other people come in to give us demos, they’ve started asking me questions. Some things I would be able answer off the top of my head. If not, I would start clicking around on my computer and come up with the answer quickly.

        They asked, “What is that there? What are you doing?” They were just amazed I could pull that kind of information out of ERIN7 so quickly. Just a couple of clicks and boom, there you are.

        The state has tried to look into other evidence management systems over five years, and I have insisted that we keep ERIN7. It’s our baby. It has all of our data over five years. I can pull up just about anything and everything asked.

        If your peers at other labs asked for recommendations on how to get the most out of ERIN7, what advice would you give them?

        When other labs come to talk to us, I always explain how our process is so dialed in now that they don’t have to go through the same growing pains we did and they can start off at a higher level!

        Many labs want to hold onto physical paper that they can hold in their hands. That’s not the most efficient way to do almost anything! A digital evidence management software system will be your best friend, even though there will be a learning curve for a few months. But after that, it pays you back many times over:

        You’ll locate items with a couple of clicks. You’ll be able to organize your evidence room to match your evidence system and they’ll be able to talk back and forth to one another. We have a fleet storage facility where we usually house around 10,000 items at a time.

        Most importantly, because of the way we customized ERIN7 to match and mirror online and in-person, we can find the exact item we need quickly in a 10,000-item evidence room. Before we had to open boxes and manually search. Papers were always getting lost or damaged or ink got smeared.

        Handwritten paper doesn’t stand up to the test of time. But if you use ERIN7 for tracking in-house chain of custodies, evidence is stored safely for as long as it’s needed. If you change status and location, it tracks each item’s information in real time. It’s so much cleaner and accurate versus writing out a paper chain of custody or a paper property receipt by hand. People don’t have the most legible handwriting, but typing info into a computer means everyone can read it.

        Lastly, by eliminating paper and consolidating records in a single system like ERIN7, you get long-term storage with unlimited combinations of searchable fields so you’re ready for court testimony, proving chain of custody, and providing usable statistics to manage your lab.

        Want to see a demo? Get in touch with ERIN Technology.