We are concerned that per press reports, some of the mobile devices that were involved in the TelegramGate scandal may have passed through the Puerto Rico Department of Justice, but have not been retained there. (See “Primera declaración jurada que establece la posibilidad de delito en el #TelegramGate” alluding to the second paragraph of page 4 of this “Orden de Allanamiento para el teléfono de Raúl Maldonado.”)We are also concerned that authorities might be too focused on the Telegram App and are knowingly or unknowingly being too lax with other potential sources of chat evidence.

 

We all know that mobile devices have many apps that work with each other (e.g. messaging apps are often linked to other apps for pictures or documents) and that even save backups that may be available even if messages themselves are unrecoverable (such as in “downloads” folders). If the Puerto Rico Department of Justice limits evidence gathering to the Telegram app, the process may not be encompassing of additional evidence sources. In the 889 page leaked Telegram chat, a participant says they should move to Signal, another secure messaging platform. This should already be a strong indicator to suggest that the search should be broader in scope.

Ideally the devices should be retained, turned off and stored in special containers that do not allow their manipulation from afar. We find troubling the possibility that they are simply examined and let go without creating backup copies of the entire devices. Prudency would dictate creating full copies of everything in a given device. The process of creating backup copies should be documented well and representatives of the device owners should be able to participate. Additionally those backups made by the devices during their normal operation would also be requested from the device manufacturers, and operating system makers (e.g. Google for Android devices, and android mobile phone manufacturers; Apple for iphones) as well as any third party services (e.g. dropbox, box, etc.). Activity logs from mobile phone providers (e.g. ATT, TMobile, Claro) should be requested too. At a minimum steps should be taken so that any of those third parties put litigation holds on their systems and preserve information that may be later requested through appropriate legal means. We won’t go into a lengthy discussion on how this may be done under Puerto Rico or federal law but there are legal avenues to address these challenges.

What concerns us is that in their urgency to produce something that can be given to the press to show that they are working and care about this case, the Department of Justice is not properly handling evidence. It would be shameful to discover that only some texts are extracted, and a report is published singling out whatever texts the examiner thought were relevant without giving any defense attorneys the opportunity to conduct their own examinations of copies of images of those devices. It would be even worse to find out that by the mere act of looking into phones, not into backups, the primary sources were altered and thus their probative value could be questioned. This would result in that whenever any accusations are introduced in court defense attorneys will have a field day claiming issues related to lack of chain of custody or context of text messages not being used because certain information was not recoverable from devices or similar situations. The criteria on what queries were made and their rationale should be very clear.

At BUDPR we are concerned that the people of Puerto Rico may never find out what really happened because, paradoxically, law enforcement at the Puerto Rico Department of Justice was in such a hurry to do a good thing -bring to justice any wrongdoers- that they may contaminate the entire evidence gathering process. Or that, and we hope this does not happen, the process is purposefully pushed so as to do it poorly and from the beginning contaminate it in such a way that persons that could be responsible for corrupt acts are never brought to justice, either because the evidence is altered or because it is not handled properly. Lastly the way the process is being handled right now -voluntarily asking them for information and letting them go but without taking full copies of their devices- may in effect be a signal for wrongdoers to delete chats, reset phones or take whatever other steps they may think could help them hide inculpatory evidence, thus hindering any investigations.

BUDPR