How much data can police swipe from suspects' phones without a warrant? (Hint: A lot)

How much data can police swipe from suspects' phones without a warrant? (Hint: A lot)

Summary: A clearer picture has emerged as to just how much data is swiped by U.S. law enforcement when a cell phone is plugged in and its data is downloaded with forensic tools.

SHARE:
TOPICS: Security, Privacy
47

Call logs, text messages, geo-locations and even data relating to proprietary technologies, such as Apple's iMessage service: All of these can be downloaded by U.S. law enforcement when a suspect's phone is plugged in and the data harvested for intelligence purposes.

Up until now, most had no idea exactly what was collected or how it could be used, though it was believed this data could be acquired.

Discovered by the U.S.-based privacy group, the American Civil Liberties Union (ACLU), we now have a much clearer image of how much data from a seized cell phone or smartphone the U.S. government gets when a suspect's phone is plugged into a data collection device. 

Screen Shot 2013-02-27 at 07.31.23
A court document detailing the data collected from a seized iPhone (Credit: ACLU)

A court document submitted in connection with a drugs investigation shows that even Web history, data files, wireless networks and the user's custom dictionary are downloaded when advanced forensic tools are connected to a suspect's device.

Also collected were the device's geo-location points, including cell towers, allowing authorities to pinpoint roughly where the device—and therefore the suspect—may have been geographically.

And because many use their cell phones and smartphones to access email on the move, it could allow authorities access to a goldmine of data—whether it's used in the investigation or otherwise. This ultimately may allow authorities to bypass the need to submit subpoenas or search warrants -- under the Stored Communications Act -- to Apple, Google, Microsoft and others who provide email services, because the email data is already stored on the suspects' device.

On to the back story, according to the ACLU: U.S. Immigration and Customs Enforcement (ICE) officers seized an iPhone from the bedroom of a suspect in a drugs-related investigation. In just one data extraction session, a substantial amount of private and personally sensitive data was collected from the device, including passwords, pictures, videos and stored voicemails. 

In this case, ICE searched the suspect's house under a search warrant and obtained another warrant based on "probable cause" before conducting a search of the device. The ACLU notes that "even though ICE obtained a warrant for this cell phone search, courts are divided about whether a warrant is necessary in these circumstances, and no statute requires one."

For those who are at the border, for instance—ICE conducts most of its activities at the border and ports of entry—warrants are not required to search a device from a person entering the United States, including those who are forced to go through Secondary Security Screening Selection (SSSS).

Those at the border waiting to arrive on U.S. soil are therefore not yet subject to U.S. law and do not enjoy Fourth Amendment rights. Those who refuse may be disallowed entry to the country, even if they travel on a valid U.S. visa.

The privacy group sums up their concern:

We would have never carried around several years’ worth of correspondence [on our person], for example—but today, five-year-old emails are just a few clicks away using the smartphone in your pocket. The fact that we now carry this much private, sensitive information around with us means that the government is able to get this information, too.

Topics: Security, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

47 comments
Log in or register to join the discussion
  • Use a BlackBerry

    Using a BlackBerry, you can encrypt your data so they can not read it. Problem solved. And no, they can not decrypt it.
    Greggore
    • here is a link to a comparison

      http://n4bb.com/blackberry-10-encryption-comparison-ios-android/
      Greggore
      • Yes It Can

        If it can be encrypted, it can be decrypted. After all, there is an algorithm used to encrypt the data, in the first place. Do you really think the government is ignorant as to those algorithms? To those government workers that do these things, for a living, it is likely to be as elementary as solving a crossword puzzle.
        dharvell
        • *Facepalm*

          Welcome to security for the ignorant. The entire point of encryption is that you can happily give the algorithm you used to encrypt data to someone wanting your data, but it is so mathematically and computationally complex and time consuming to decrypt that your data is safe.
          Thinking your data is safe because your key security point is that the other person doesn't know what you did to secure it is simply security by obscurity and that is dangerous and ultimately useless.
          So no, it wouldn't be as easy as solving a crossword puzzle simply because they know what algorithm you used.
          beau parisi
      • FIPs has been broken before...

        And if you give the phone to one of the tech guys for the NSA, I'm pretty sure they'd be able to get the data.
        dtdono0
        • sure they can

          But the real question is how long will it take them? It's of no use if it takes them years to get it.
          Al_nyc
          • HA!

            On the iPhone most people are using a password of 4 numbers. That's 10 x 10 x 10 x 10 or 10,000 combinations... It would take no time for a computer to run through those ;)
            dunkin1433
          • that's the lock code - not encryption

            The 4-digit number is the lock code. Nobody thinks that is seriously secure. However, if you are running real encryption software (not sure it's even possible on non-jailbroken iOS) then it is much much harder.
            Twilight23
    • Galaxy S III, too

      Samsung's flagship can have encryption enabled, too.
      ejhonda
    • Know any Students

      Accessing and decrypting all forms of electrinic data is probaly taught to students at all of your local technology colleges. I teach it on mine. It's easy because there is software to do it for you.
      The best software is slightly expensince but it's not too costly for the government to spend our tax dollars on. If that's too easy for you learn how to do it yourself with free software and instructions on the internet. Caution, when you visit hacker sites some of them like to hack you while you're there.
      luv.laff.lern
      • better teachers

        You should find a better school. There is more to data encryption than a simple, or complex, algorithm. The tricky part is finding the key used in the encryption process. With out the key it could take many years to unencrypt the data.
        Al_nyc
    • OK, a UK perspective ...

      You may be able to encrypt stuff on your Blackberry, but over here in the UK that's not a problem for law enforcement. We now have a law which essentially means they can instruct you to hand over the decryption key. They can also tell you not to tell anyone else - so that key might be for some private conversation and revealing it also leaves others at risk.

      Just in case you decide not to tell, refusing to hand it over on demand is subject to 2 years in prison. Not knowing the key is allowed as a defence - but how to you go about proving you don't know it ?
      In effect, refusal to give up the key/password is likely to be taken as an admission that there is incriminating evidence on the device and the courts will act accordingly. We don't have anything like your 4th amendment rights :(

      This is one area where our government is ahead of our cousins across the pond. Usually we watch your government impose unreasonable laws (DMCA comes to mind) and then copy. With this one, our government (or actually, the last one) seems to have been ahead of the game.
      SimonHobson
      • We used to be free in the USA.

        Now we have Big Government feeling us up at the airport and everyone accepts this like it is normal.
        We have Government taking a computer (Smart Phones are computers no other way around it) from our houses, pockets and purses and do a forensics search on the device w/o a warrant or ANY OTHER SUSPICION OF A CRIME. Just that some TSA agent felt like giving someone a hassle.

        If we accept this behavior from out government we are finished as a free country and will go down in history as just another socialist/liberal policy failure.
        markaaaaaaaaa1
        • I agree except for the last sentence...

          What is it about a lack of 4th amendment protection that you perceive as being "liberal"? (Did you forget that the TSA was put in place under Bush's watch?)
          mlashinsky
  • Black box

    I guess we are all carrying our own "black box", just like an aircraft.
    smallbzznzz
  • Paranoid

    What exactly do you have on your phone that you would be concerned about? Since I'm not a criminal, terrorist or psycopath I really don't have anything to hide. Maybe the point of this story is that unless you have something to worry about on your phone, you have nothing to worry about .....
    I_h8_cats
    • Nothing to worry about?

      If you have nothing to hide, "I_h8_cats", why aren't you posting with your real name?

      Using your logic, why not allow the State to plant a camera in your house? After all, if you're not a criminal, terrorist or psychopath you really don't have anything to hide, right?

      Or could it be that you actually do understand the notion of a right to privacy?
      the_doge
      • Reading between the lines...

        I_h8_cats means the risk to anyone living a crime-free life is virtually nil.
        ejhonda
        • Re: the risk to anyone living a crime-free life is virtually nil.

          Which, given the frequency of high-profile cases of abuse of law-enforcement powers, is patently not true.
          ldo17
          • Frequency

            Yeah, I read at least 2 or 3 stories about police abuse everyday. Really? The number of times something is done wrong is a tiny fraction of the number of times that it is done correctly (replace 'it' with any number of things that law-enforcement has to do, like rescue car accident victims, write tickets, serve search and arrest warrants, etc.).
            Go on a ride-along with any law enforcement agency that will allow you to. It will be an eye opening experience. You don't have to fear cops, and they don't fear you as soon as they know your not a bad person.
            I_h8_cats