This week, the Supreme Court listened to the government and defense attorneys argue over whether police should be allowed to snoop through people’s smartphones when they stop or arrest them. Most court watchersthink the justices will reach some kind of compromise, a “middle-ground rule”that permits some warrantless searches. At one point during the argument, Chief Justice John Roberts suggested that it might be okay for cops to look fire up Twitter and Facebook on someone’s smartphone, apps “that don’t have an air of privacy about them,” but maybe he was just trolling us.
Jonathan Zdziarski, an expert in iOS forensics who trains law enforcement how to get the digital goods from mobile devices, says it’s not just a privacy question but a pragmatic one. He argues that there’s a technological reason why cops shouldn’t fire up the smartphone and start poking around when they arrest someone: They might destroy evidence.
“If there are exigent circumstances –- such as an active kidnapping or someone’s life in danger –- police should go through a phone, but otherwise they risk destroying crucial evidence,” says Zdziarski. “They’ll play with it, go through apps — open Safari and Maps — and they do it wrong and destroy useful evidence. Then they ruin the data.”
The government argued that cops need to be able to search the phone to prevent someone from remotely deleting information from the phone, using tools that Apple AAPL +0.16% for example offers for the iPhone, leading Justice Sonia Sotomayor to suggest that the phone just be put into airplane mode until cops get a warrant. The government argued that we “shouldn’t craft a constitutional rule around airplane mode” because cops might not be able to turn it on for a given phone, or because phone makes might eliminate that mode if in five years, god forbid, we’re all allowed to use our phones on airplanes.
But Zdziarski says that disconnecting phones from WiFi and other connectivity is exactly what cops should do when they seize a device, except by turning it off or throwing it into a Faraday cage — a container that blocks signals from leaving or reaching the phone. Some police cruisers now have these; connected to a power supply, they create a magnetic field that blocks signals. There are also “Faraday pouches”, but Zdziarski says to be wary of these and make sure they work. “The joke about Faraday bags is that all they do is muffle the sound of the phone when it rings,” he says. When I visited a Secret Service forensics lab in Los Angeles, they had Faraday boxes, with hand insertions, so that an investigator could examine the phone without its connecting to anything. Zdziarski says the Canadian Mounties wired up a former bank vault as a Faraday room to which they can take devices for examination.
Ideally, police should freeze the phone so a forensics lab can get at it, ideally with a warrant, preserving the device exactly as it was last used to best make their case against a suspect. Zdziarski offered some examples of when preserving the phone as it was last used is crucial. It’s the rare time when I’ve seen “child porn” used in an argument to support giving people more privacy.
“If you’re dealing with online child porn or sex trafficking, the criminal participates in a lot of forums exchanging info and photos. Hypothetically, if a criminal was doing this with Safari on their phone, you can use a forensics tool to access cookies and a screenshot of their last visit,” he says. “But if you open Safari, it will refresh page, so last visit will be when cop has seized device — which looks bad in court — and if cookies have expired, it sends you back to a sign-in screen and you lose the last thing he was looking at and the url. These are a couple of little forensic artifacts that can be really helpful that are thrown away by tapping Safari.”
This is the case for any app that might boot you out when you reload it, or a maps app that would show your last location, say the scene of a crime, but if fired up, the map will instead hone in on the officer’s current location. If the cops don’t play with the device, all of that information will be saved to disk and accessible in an investigation. So by insisting on freezing the device, and getting a warrant to go through it, you’re not just protecting privacy, you’re improving policing.
“The best argument for why the phone shouldn’t be searched when it’s seized is that some cops aren’t smart enough,” says Zdziarski. They’ll make mistakes like pulling the SIM card, thinking that’s all you need to do to shut down the phone, but it can still connect to Wi-Fi in that state. “Most cops are trained to be cops not forensics experts. They can destroy and corrupt data and making a lot of mistakes. Just train them to properly secure the device and then get a warrant before you search it.”
Source: FORBES