A court document obtained by the ACLU reveals the kind of data federal agents are able to pull off of a seized iPhone using “advanced forensic analysis tools.”
“The list,” writes electronic privacy expert Chris Soghoian, “starkly demonstrates just how invasive cell phone searches are—and why law enforcement should be required to obtain a warrant before conducting them.”
The iPhone was seized from a suspect’s bedroom during a drug bust. In a single sweep, Immigration and Customs Enforcement agents were able to extract call activity, contact lists, voice mails and text messages, photos and videos, apps, eight different passwords and 659 “geolocation points,” including connections to 227 cellphone towers and 403 Wi-Fi networks.
Before smartphones arrived, Soghoian writes, police had to gain a warrant to access such information, which would be stored in a suspect’s home or office. “Our pockets and bags simply aren’t big enough to carry paper records revealing that much data. We would have never carried around several years’ worth of correspondence, for example—but today, five-year-old emails are just a few clicks away using the smartphone in your pocket. The fact that we now carry this much private, sensitive information around with us means that the government is able to get this information, too.”
Although the ICE obtained a warrant to search the phone in this case, courts are divided about whether one is necessary in these circumstances, and no law requires it. Police officers have claimed they don’t need a warrant during moments of lawful arrest and at U.S. border crossings.
—Posted by Alexander Reed Kelly.
Chris Soghoian at ACLU:
The police should not be free to copy the contents of your phone without a warrant absent extraordinary circumstances. However, that is exactly what is happening. Last year in California, for example, Governor Jerry Brown vetoed a common-sense bill that would have required the police to obtain a warrant before searching seized phones, despite the bill’s broad bipartisan support in the state legislature.
Intrusive cell phone searches are becoming ever easier for law enforcement officers to conduct. Companies such as Cellebrite produce portable forensics machines that can download copies of an iPhone’s “existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags” in minutes. This type of equipment, which allows the government to conduct quick, easy phone searches, is widely available to law enforcement agencies—and not just to federal agents.
While the law does not sufficiently protect the private data on smartphones, technology can at least provide some protection. All modern smartphones can be locked with a PIN or password, which can slow down, or in some cases, completely thwart forensic analysis by the police (as well as a phone thief or a prying partner). Make sure to pick a sufficiently long password: a 4 character numeric PIN can be cracked in a few minutes, and the pattern-based unlock screen offered by Android can be bypassed by Google if forced to by the government. Finally, if your mobile operating system offers a disk encryption option (such as with Android 4.0 and above), it is important to turn it on.
Johann Larsson (CC BY 2.0)