Technology, not legal niceties, may be one of the strongest reasons police shouldn’t be allowed to search the smartphones of people they’ve stopped or arrested. At least, that’s the view of a technology expert quoted in a recent Forbes story about a case currently before the U.S. Supreme Court
The court is considering the validity of evidence obtained without a court-issued warrant. Two defendants are challenging their convictions on the grounds that data found on their phones should not have been allowed as evidence at trial.
The legal question is whether the Fourth Amendment to the U.S. Constitution, which bars unreasonable searches, requires police to get court approval before searching a cellphone belonging to someone who’s been arrested.
But the real issue may be technological, not legal or moral, says iOS forensics expert Jonathan Zdziarski. Zdziarski, who trains police to search mobile devices, says the real problem is that police can inadvertently destroy evidence.
“If there are exigent circumstances – such as an active kidnapping or someone’s life in danger – police should go through a phone, but otherwise they risk destroying crucial evidence,” Zdziarski says. “They’ll play with it, go through apps — open Safari and Maps — and they do it wrong and destroy useful evidence. Then they ruin the data.”
The government position is that police need to be allowed to search a phone as quickly as possible to prevent someone from remotely deleting information on it.
Zdziarski says police should disconnect phones from Wi-Fi and other connectivity when they seize a device, unless they turn it off or put it in a “Faraday cage” that blocks signals. He notes that the RCMP has rebuilt a former bank vault as a room-sized Faraday cage where they can examine mobile devices.
However it’s accomplished, the smartphone needs to be ‘frozen’ until a forensics lab can examine it, so that the device is preserved exactly as it was when last used.
“If you’re dealing with online child porn or sex trafficking, the criminal participates in a lot of forums exchanging info and photos,” Zdziarski says. “Hypothetically, if a criminal was doing this with Safari on their phone, you can use a forensics tool to access cookies and a screenshot of their last visit.”
The problem is that if the browser is opened, it automatically refreshes the page so that the last visit shown will be when the police seized the device. And Zdziarski says that if the session cookies have expired, the browser launches the sign-in screen, deleting whatever the user looked at most recently along with the URL.
“The best argument for why the phone shouldn’t be searched when it’s seized is that some cops aren’t smart enough,” says Zdziarski. They may think that removing the SIM card will shut down the phone, not realizing that it can still connect to Wi-Fi in that state. “Most cops are trained to be cops, not forensics experts. They can destroy and corrupt data… Just train them to properly secure the device and then get a warrant before you search it.”