On Tuesday, the United States Supreme Court heard arguments in two cases in which information found on cell phones, obtained by searching those phones without a warrant, led to convictions: United States v. Wurie and Riley v. California. At issue is whether the Fourth Amendment’s rules on unreasonable searches and seizures apply to cell phones.
Civil liberty groups and others argue that because phones can contain virtually every detail of a person’s life, including photos, videos, bank account information, and medical information, they are far different than the paper address books or notepads that previously might have been found on a suspect and legally searched without a warrant. Law enforcement agencies argue that if they don’t search the devices immediately, they could be wiped remotely.
Can they? Or can law enforcement officials prevent them from being wiped? This was a matter of debate during the Supreme Court arguments, with Deputy Solicitor General Michael Dreeben, representing the United States, listing a number of technical obstacles to delaying a search of a cell phone.
First on that list: Encryption, which Dreeben said, “kicks in automatically…and then…you need the password to open it….And law enforcement’s forensic labs aren’t going to be able to get around it except with extraordinary efforts and extraordinary time.”
In “my experience,” he said, “from the people that I had spoken with is that a lot of phones are arriving at the lab in a locked and encrypted state and it’s very tough to deal with that.”
I turned to Richard Mislan, a visiting assistant professor in the Rochester Institute of Technology’s computer security department, for his thoughts about just how real those technical obstacles, including encryption, are. Mislan wrote about the use of cell-phone based evidence in “Cellphone Crime Solvers,” published in the July 2010 issue of IEEE Spectrum.
Mislan agreed that more and more phones are password-protected these days, and new security tools like fingerprint access add a layer of difficulty. But he, says, “there are tools that are well known to the [law enforcement] community to deal with passwords.”
Dreeben also expressed concern over the fact that cell phones can be wiped remotely. “Even if an officer has a cell phone in his hand, he cannot guarantee, unless it's disconnected from the network or somehow protected from the network, that there won't be a remote wipe signal sent to the phone that will wipe its data,” Dreeben told the Court.
Indeed, Dreeben is correct that wiping a phone remotely isn’t hard—for example, Apple’s iOS devices include a simple tool, “Find My Iphone” and Android 2.2+ users can set up the “Device Policy” app to allow them to remotely erase all the data on their phones.
But law enforcement officials need to preserve the evidence on phones even when they are searched on the scene, not just later with a warrant, and tools exist to allow them to do so. The basic solution is a Faraday bag, a simple sleeve with a layer of conductive material, either a solid or a mesh, that prevents wireless signals from getting in or out. A sleeve is widely available and cheap, around $30. More sophisticated versions specifically designed to preserve evidence cost in the hundreds of dollars, hold multiple phones, and keep them charged while they are being transported.
The Justices quizzed Dreeben about the practicality of using such cases. Dreeben said, “If you throw a phone into a Faraday bag, which is supposedly going to be able to block network signals, when you open it up, it has to be similarly shielded or it will pick up a signal from a cell tower, and that will wipe the phone.” This, he pointed out, doesn’t always work: “The F.B.I. tried to build a Faraday room in a building that they later discovered Verizon had put up a cell tower on it, and that cell tower put out a strong enough signal to go right through the Faraday room.”
Mislan indicated that most police departments understand the need to open phones in a protected enclosure and know where they can do so. They also know where the cell towers are.
Justice Sonia Sotomayor suggested that arresting officers simply put phones into airplane mode, preventing them from receiving calls or data. Dreeben’s counter-argument, essentially, was that phones are just too complicated. “It is not always possible to find airplane mode on all the 500, 600 models of phones that are out there,” he said. And, he said, consider that “The officer has a lot of things to do when he arrests suspects. Say he arrests five suspects in a car and they each have three cell phones. Trying to find and put each one of them into airplane mode and go the further step and...” (Sotomayor cut Dreeben off at this point.)
Five suspects might indeed have three cell phones each, in order to hide their identities when making certain calls. But, points out Mislan, these days, putting a phone into airplane mode is not rocket science. In recent years the wild world of phone operating systems has settled down to a dominant four—Apple iOs, Android, Windows Mobile, and Blackberry—and these are well understood. An arresting officer should have little trouble finding airplane mode.
The court is expected to issue its rulings on these cases in July.
Follow me on Twitter@TeklaPerry.
Tekla S. Perry is a senior editor at IEEE Spectrum. Based in Palo Alto, Calif., she's been covering the people, companies, and technology that make Silicon Valley a special place for more than 40 years. An IEEE member, she holds a bachelor's degree in journalism from Michigan State University.