Mobile device evidence tampering/copying possible to be done without detection?
My name is Chirantha Amerasinghe, I am a Civil and Human Rights Activist in Sri Lanka.
On the 17th of November 2020 I was arrested by the Criminal Investigations Department (CID)of the Sri Lanka Police on charges of posting Facebook posts that are against the state and violation of the quarantine ordinance.
Posts saying that COVID19 doesn't spread in water (which is the WHO position), and posts having my opinion of "President Gotabaya has failed" and posts questioning if the Terror attacks on Easter Sunday were allowed to happen as a part of a political deal were in question (Parliamentary select commitee had requested an investigation on the same question).
The posts were selected after my arrest (they wanted me to delete some, I refused). There had been no warrant for my arrest and no complaint against me.
My two mobile devices (Xiaomi Redmi Note 8, Samsung S5 Duos, unencrypted Micro SD card) were confiscated by the Police even though one did not have Facebook in it (it was only used to make calls). They took my PIN codes saying that they had a court order/legal power to do so (when no court order/legal power had existed).
Soon after the morning of the next day (18th), the devices were cello-taped into one envelope without my presence (when I went to the toilet). I objected and they took them out and put them back into a cello-taped envelope to be produced before the court and be submitted for the Government Forensics Analysist in Sri Lanka (no I did not check IMEI numbers). CID officers refused to follow the proper procedure and refused let me put my fingerprint and signature on the said sealed packet. They further refused to give copy of the data of the devices as required by law.
Further, on the 18th of November 2020, the CID did not produce the packet containing my mobile devices to the court when I was produced before the court (thus was not sent to the Government Forensics Analysist in Sri Lanka). They had charged/accused me for being a threat to national security via B report without Defense Ministers/Secretaries approval (to my knowledge).
Around a month later, 23rd Jan 2021, I received a blackmail threat from a anonymous email mainly saying that if I don't stop criticising the Government my private life will be leaked as the data of the mobile devices are with them, even if I get them back. And that I have no right to talk about the Easter Sunday terror attack issue which is one of my main topics that I am active in.
Nearly 3 months later, the CID produced the two mobile devices to court not in "one" packet put in before me but in "two" packets. Raising suspicion on the threat received. I also fear that someone might plant content into the device to say maybe I am connected to terrorism etc. and detain me for years without chance of bail to silence me.
The CID officials argue that the system log of the devices will contain information of tampering or copying of data and that it can not be tampered with. But I feel that given that they have full physical access to the devices anything is possible, and also given the malicious nature of the chain of events and the resources available to the Government entities of Sri Lanka.
What is your opinion? Is Mobile device evidence tampering/copying possible to be done without detection?