Being Smart With Your Smartphone, Police Search Edition
Ryan Radia of the Competitive Enterprise Institute has a thorough explanation over at Ars Technica of the current state of the law and technology when it comes to police searching your phones when they've arrested you. Some highlights:
Last week, California's Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals' persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.
California's opinion in Diaz is the latest of several recent court rulings upholding warrantless searches of mobile phones incident to arrest. While this precedent is troubling for civil liberties, it's not a death knell for mobile phone privacy. If you follow a few basic guidelines, you can protect your mobile device from unreasonable search and seizure, even in the event of arrest…..
The takeaway from Diaz, therefore, is that you should store your mobile phone in your luggage, footlocker, or in some other closed container that's not on your person, particularly when driving an automobile….
While the search incident to arrest exception gives police free rein to search and seize mobile phones found on arrestees' persons, police generally cannot lawfully compel suspects to disclose or enter their mobile phone passwords….
However, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you've been Mirandized.
What if you're not a criminal and think you have nothing to hide? Why not simply cooperate with the police and hand over your password so that you can get on with your life?
For one thing, many Americans are criminals and they don't even know it. Due to the disturbing phenomenon known as "overcriminalization," it's very easy to break the law nowadays without realizing it….
While police cannot force you to disclose your mobile phone password, once they've lawfully taken the phone off your person, they are free to try to crack the password by guessing it or by entering every possible combination (a brute-force attack)…..
Alarmingly, in many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software. For instance, Android and iPhone devices are vulnerable to a range of exploits, some of which Ars documented in 2009.
The article details various technical security fixes for a variety of smartphone platforms, which is worth consulting. It then contemplates the legal future of smartphone privacy:
With the ascent of cloud computing, smartphones increasingly provide a window into our private lives, enabling us to access and store practically limitless amounts of sensitive personal data. As ultra-fast 4G wireless networks emerge, mobile devices will likely grow even more intertwined with our digital lives. Just as we have long stored our personal papers and effects in our desks or file cabinets at home, today we're just as likely to store such information in digital format on cloud services like Windows Live or Google. Thus, the Fourth Amendment demands that mobile phones—a primary gateway to our lives in the cloud—be treated as an extension of the home, rather than mere physical containers analogous to cigarette packs.
California Deputy Attorney General Victoria Wilson, who argued Diaz for the state, has told reporters that the matter of warrantless cell phone searches is ripe for resolution by the US Supreme Court. If that happens, let's hope the nation's high court sides with common sense and reaffirms its 2001 ruling in Kyllo v. US that the Fourth Amendment's protections must adapt to safeguard our rights as technology evolves.
Lookout Mobile Security with a list of common-sense user techniques for smartphone security even before you end up arrested. My blogging on the Diaz decision. Julian Sanchez's always-vital 2007 Reason cover story on new technologies and the Fourth Amendment, including much on the Kyllo decision.