Being Smart With Your Smartphone, Police Search Edition

Brian Doherty | 1.19.2011 7:15 PM

Ryan Radia of the Competitive Enterprise Institute has a thorough explanation over at Ars Technica of the current state of the law and technology when it comes to police searching your phones when they've arrested you. Some highlights:

Last week, California's Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals' persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

California's opinion in Diaz is the latest of several recent court rulings upholding warrantless searches of mobile phones incident to arrest. While this precedent is troubling for civil liberties, it's not a death knell for mobile phone privacy. If you follow a few basic guidelines, you can protect your mobile device from unreasonable search and seizure, even in the event of arrest…..

The takeaway from Diaz, therefore, is that you should store your mobile phone in your luggage, footlocker, or in some other closed container that's not on your person, particularly when driving an automobile….

While the search incident to arrest exception gives police free rein to search and seize mobile phones found on arrestees' persons, police generally cannot lawfully compel suspects to disclose or enter their mobile phone passwords….

However, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you've been Mirandized.

What if you're not a criminal and think you have nothing to hide? Why not simply cooperate with the police and hand over your password so that you can get on with your life?

For one thing, many Americans are criminals and they don't even know it. Due to the disturbing phenomenon known as "overcriminalization," it's very easy to break the law nowadays without realizing it….

While police cannot force you to disclose your mobile phone password, once they've lawfully taken the phone off your person, they are free to try to crack the password by guessing it or by entering every possible combination (a brute-force attack)…..

Alarmingly, in many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software. For instance, Android and iPhone devices are vulnerable to a range of exploits, some of which Ars documented in 2009.

The article details various technical security fixes for a variety of smartphone platforms, which is worth consulting. It then contemplates the legal future of smartphone privacy:

With the ascent of cloud computing, smartphones increasingly provide a window into our private lives, enabling us to access and store practically limitless amounts of sensitive personal data. As ultra-fast 4G wireless networks emerge, mobile devices will likely grow even more intertwined with our digital lives. Just as we have long stored our personal papers and effects in our desks or file cabinets at home, today we're just as likely to store such information in digital format on cloud services like Windows Live or Google. Thus, the Fourth Amendment demands that mobile phones—a primary gateway to our lives in the cloud—be treated as an extension of the home, rather than mere physical containers analogous to cigarette packs.

California Deputy Attorney General Victoria Wilson, who argued Diaz for the state, has told reporters that the matter of warrantless cell phone searches is ripe for resolution by the US Supreme Court. If that happens, let's hope the nation's high court sides with common sense and reaffirms its 2001 ruling in Kyllo v. US that the Fourth Amendment's protections must adapt to safeguard our rights as technology evolves.

Lookout Mobile Security with a list of common-sense user techniques for smartphone security even before you end up arrested. My blogging on the Diaz decision. Julian Sanchez's always-vital 2007 Reason cover story on new technologies and the Fourth Amendment, including much on the Kyllo decision.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Red Eye Alert! Red Eye Alert! Nick Gillespie on Red Eye with Greg Gutfeld (with Guest Host Andy Levy)

Hide Comments (42)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Max 14 years ago

Call us when you get your science degree, Brian. (The police won't care.)
1. Episiarch 14 years ago
  
  Impotent and nonsensical! You're really reaching for the stars, Edward!
2. heller 14 years ago
  
  Science degree? Are you 9?
sevo 14 years ago

Max|1.19.11 @ 7:25PM|#
"Call us when you get your science degree, Brian. (The police won't care.)"

Knock, knock..........tap, tap....
Is there something in here? Sounds like, oh, a horse farting.
Bingo 14 years ago

And considering you can get arrested for almost any reason this gives cops blanket authority to search all cell phones.

Anyone want to guess the skin color(s) and neighborhoods that Cali cops start fishing for cell phone data?
1. Hugh Akston 14 years ago
  
  Malibu, Brentwood, Santa Monica, maybe Pasadena?
2. Spur 14 years ago
  
  Bario Laguna Niguel?
GroundTruth 14 years ago

One more reason I'm glad to be a luddite and not have one of the damned things!
1. heller 14 years ago
  
  Since when do luddites use computers to go on the internet to comment on blogs?
  1. Hugh Akston 14 years ago
    
    Ludditism is a relative thing. If everyone else is using the transporter, but you insist on taking a shuttle, you're a luddite.
Amakudari 14 years ago

So what exactly are the limitations on this? If the police get an iPhone/Android via arrest, in addition to seeing the most recent emails, they can easily hop on Safari and access the webmail versions of Gmail, Yahoo! Mail, Hotmail, etc., which offer complete email histories. They can open a banking app and scroll through purchases. Many other applications contain history that lends itself to fishing expeditions.

IANAL, but I could at least understand confiscation to prevent evidence tampering (which makes it a reasonable seizure but not yet a reasonable search), with a warrant required to view anything beyond unencrypted and recent emails and texts. I don't understand why that's apparently a burden on law enforcement.
1. heller 14 years ago
  
  Hopefully someone will remind the Supreme Court that cell phones are basically like miniature computers nowadays, and should be given the same privacy protections as laptops.
2. heller 14 years ago
  
  Hopefully someone will remind the Supreme Court that cell phones are basically like miniature computers nowadays, and should be given the same privacy protections as laptops.
3. Ryan Radia 14 years ago
  
  Article author here. There's no clear answer to your question, but all the law profs I've talked to who have expertise on computer crimes tell me that courts would likely distinguish between data stored on a phone and data accessible via a phone. This is based on the concept of the "grabbing area" that's long been a part of search incident to arrest doctrine. So your gmails are probably safe, except for those cached locally on your phone (3 days is the Android default, I believe).
  1. Cyto 14 years ago
    
    A salient point, if the police were smart enough to tell the difference between a cached email and one they downloaded and honor that difference as they thumb through your data. Unfortunately, they kinda look the same from the phone UI. So you'd be left arguing in front of a judge that the evidence is inadmissible. Not as good a position as "they didn't see it because it was encrypted."
    
    Are they allowed to break the lock on my briefcase without a warrant? I thought a password or a locked briefcase required a warrant.
Binky 14 years ago

Serious question: Can the police do a "brute-force attack" on my *locked* wallet?
1. Bingo 14 years ago
  
  I can't think of an answer either way, good question.
some other guy 14 years ago

so like which thread is everyone hanging out in tonight? I can't find it. Or is everyone like just watching American Idol?
1. Max's Mom 14 years ago
  
  Well, I finally got Max to sleep. What would you like to talk about?
  1. cynical 14 years ago
    
    How do you put up with all the implications of incest that are lobbed your way here? I would be pretty upset at having to deal with that. You've got a pretty thick skin; color me impressed.
    
    It's not like it's your fault the way he turned out. They didn't even have genetic testing back then.
    1. Max's Mom 14 years ago
      
      I know you boys like your trash-talking fun. I don't take it to heart. Max, though, can't seem to avoid getting upset. He wasn't always like this; he used to be even worse before he discovered Hit & Run as a kind of catharsis. Oh, there's a little whimpering down the hall, so I'd better check. Good night.
cynical 14 years ago

Even if a court did allow cops to search your phone as a "container", I'm not sure how that would justify accessing documents stored in the cloud -- at that point, they aren't searching the phone that was on your person, they're using information on your phone to search a remote, private database.

That isn't even close to the same as a container. By that logic, if they have the right to search your car, and the right to examine the keys on your person, they have the right to drive your car to your house, use the keys to unlock it, and ransack your house without a warrant, and consider it a part of the person/car search.
1. Bingo 14 years ago
  
  That confuses me as well. At what point is this accessing data on the phone and at what point is this illegally accessing your phone/email records without warrant? And why are they allowed to brute-force passwords without a warrant? Can they "brute-force" the door to your house or car or glovebox?
  1. Whappan? 14 years ago
    
    Yes.
  2. TrickyVic 14 years ago
    
    Logging into someone's account without their permission might be against the law.
    
    But cloud computing is a game changer with privacy. What you do on other people's computers can be fair game. If the owner of the data wishes to comply with the cops, or sells the data to clearinghouses to which LEO's subscribe, you're outta luck.
    1. Ryan Radia 14 years ago
      
      That's not entirely accurate. Thanks to a 1986 statute called the Electronic Communications Privacy Act (ECPA), private personal communications stored on servers owned by electronic service providers generally cannot be disclosed without the user's consent. Unless your provider's terms of service permit the disclosure of your correspondence, your provider can't disclose any of your content. If Google were to knowingly hand over your gmails to the police without a court order, the resulting statutory fines would be severe.
      1. Tulpa 14 years ago
        
        I'm sure our great statesmen in Congress will rush through an exemption so that Google wouldn't be punished for helping law enforcement track down dangerous evildoers.
        
        Ryan Radia 14 years ago
        
        Not if I, Google, Microsoft, AT&T, ACLU, EFF, ATR, FreedomWorks, and dozens of other organizations have anything to say about it: http://www.scribd.com/doc/3795.....-Liberties
        
        Cyto 14 years ago
        
        Counterexample. All based in this mess. Not that I don't support the EFF, IJ et. al. But when the guy who ran for office on an "I won't do that" platform begins arguing for "doing that"..... Well, four legs good, two legs better?
      2. TrickyVic 14 years ago
        
        ""Thanks to a 1986 statute called the Electronic Communications Privacy Act (ECPA), private personal communications stored on servers owned by electronic service providers generally cannot be disclosed without the user's consent.""
        
        I think the P.A.T.R.I.O.T. Act or some other anti-terrorist act has fixed that.
2. some other guy 14 years ago
  
  they will then access the history on your GPS and interrogate everyone you visited in the last year.
  1. TrickyVic 14 years ago
    
    If it stores a years worth of history and they decide you're a person of interest.
    1. Cyto 14 years ago
      
      Right. Like say you are a preacher and you give a lift to this known prostitute........
3. TrickyVic 14 years ago
  
  ""By that logic, if they have the right to search your car, and the right to examine the keys on your person, they have the right to drive your car to your house, use the keys to unlock it, and ransack your house without a warrant, and consider it a part of the person/car search.""
  
  Not really, you don't own the data in the cloud, nor the systems where the data sits. so it's not like breaking into your private residence at all.
  1. Tulpa 14 years ago
    
    OK, so it's like using the combination written on a piece of paper in your car to open your locker at the YMCA locker room.
Tulpa 14 years ago

You guys do realize that any sensitive data on your phone can be accessed equally easily without a warrant by the person who steals it.

Not saying that makes it OK for police to search it; but it does make it crazy to store sensitive info on your phone.
adam 14 years ago

Isn't the search incident to arrest exception supposed to be based on the safety of the officer? That is, to ensure there are no weapons or other items in close proximity. If so, how is searching a phone consistent with that rationale?
1. Cyto 14 years ago
  
  How 1960's of you.... we've moved on from there... Something, something - "Grab Area".... it's all very technical and legal and stuff... It seems that despite the recommendations from Ryan Radia, the courts might uphold a warrantless search of locked containers inside your car. Maybe it depends on your completion...
  1. Cyto 14 years ago
    
    complexion, completion - 220, 221, whatever it takes. The bottom row on my keyboard just gave out, so I have to rely on creative spelling and spell-check this morning.
2. Rich 14 years ago
  
  Damn inventors ruin it for everybody.
Enjoy Every Sandwich 14 years ago

Cue all of our resident statists: "...but, but, mobile phones didn't exist when the Fourth Amendment was written!"
Zeb 14 years ago

Someone should invent a self-destruct app for phones so that if you realize that your phone is likely to be seized by undesirable people you can push a button which stores data you want backed up at some external location and renders the phone inoperable.

Please log in to post comments

Being Smart With Your Smartphone, Police Search Edition

Latest

Report: California Continues To Spend a Lot of Money on Poor Quality Roads

Mahmoud Khalil Is an Easy Call

The 10 Worst Republican Budget Gimmicks

Elon Musk, Who Promised To Be 'Maximally Transparent,' Makes DOGE's Numbers Even Harder To Check

Trump's Threatened 200 Percent Tariffs on European Booze Are His Least Sensible Trade Move Yet

Recommended

Login Form