online prescription solutions
online discount medstore
pills online
buy lorazepam without prescription
xanax for sale
buy xanax without prescription
buy ambien without prescription
ambien for sale
buy modafinil without prescription
buy phentermine without prescription
modafinil for sale
phentermine for sale
lorazepam for sale
buy lexotan without prescription
bromazepam for sale
xenical for sale
buy stilnox without prescription
valium for sale
buy prosom without prescription
buy mefenorex without prescription
buy sildenafil citrate without prescription
buy adipex-p without prescription
librium for sale
buy restoril without prescription
buy halazepam without prescription
cephalexin for sale
buy zoloft without prescription
buy renova without prescription
renova for sale
terbinafine for sale
dalmane for sale
buy lormetazepam without prescription
nobrium for sale
buy klonopin without prescription
priligy dapoxetine for sale
buy prednisone without prescription
buy aleram without prescription
buy flomax without prescription
imovane for sale
adipex-p for sale
buy niravam without prescription
seroquel for sale
carisoprodol for sale
buy deltasone without prescription
buy diazepam without prescription
zopiclone for sale
buy imitrex without prescription
testosterone anadoil for sale
buy provigil without prescription
sonata for sale
nimetazepam for sale
buy temazepam without prescription
buy xenical without prescription
buy famvir without prescription
buy seroquel without prescription
rivotril for sale
acyclovir for sale
loprazolam for sale
buy nimetazepam without prescription
buy prozac without prescription
mogadon for sale
viagra for sale
buy valium without prescription
lamisil for sale
camazepam for sale
zithromax for sale
buy clobazam without prescription
buy diflucan without prescription
modalert for sale
diflucan for sale
buy alertec without prescription
buy zyban without prescription
buy serax without prescription
buy medazepam without prescription
buy imovane without prescription
mefenorex for sale
lormetazepam for sale
prednisone for sale
ativan for sale
buy alprazolam without prescription
buy camazepam without prescription
buy nobrium without prescription
mazindol for sale
buy mazindol without prescription
buy mogadon without prescription
buy terbinafine without prescription
diazepam for sale
buy topamax without prescription
cialis for sale
buy tafil-xanor without prescription
buy librium without prescription
buy zithromax without prescription
retin-a for sale
buy lunesta without prescription
serax for sale
restoril for sale
stilnox for sale
lamotrigine for sale

There’s No App For That: Smartphone Data Privacy and Law Enforcement Searches

Smartphones have become repositories for vast amounts of personal information.  As their functionality grows, users store more and more of their details in their smartphone, from friends’ phone numbers, diary entries, photos, and messages, to shopping lists, bank details, and travel plans.  At the same time, phone manufacturers and app designers silently gather data on users’ movements, browsing habits and passwords.  The resulting bounty of data is extremely convenient for users, but also makes smartphones attractive targets for corporate marketers and law enforcement alike.


Regulating data collection

Many cell phone apps collect personal data from owners, unbeknownst to the user.  Some app manufacturers store the data, or even release it to advertisers.  This has attracted the attention of lawmakers.

On February 1, the Federal Trade Commission released a staff report, containing recommendations for smartphone manufacturers, app designers and advertisers regarding the collection and use of personal information.  Describing the data collection potential of smartphones as “unprecedented”, the FTC has issued these recommendations in response to widespread concern regarding the expansive and sometimes opaque data collected by their smartphones and third party app producers.  The report recommends that apps seek express consent before accessing “sensitive” data, like geolocation information, and that greater transparency be programmed in, so that users know and can easily determine what information is being collected and when it is being transmitted to a third party.  It also suggests that smartphones offer users a “do not track” feature.  The report is not binding, but its suggestions are considered likely to be highly persuasive to the big players in the cell phone market like Google and Apple.

Companies risk running afoul of the FTC if they access users’ personal information in a misleading fashion.  Last week, the FTC settled an action against the makers of a social networking app, “Path”, which it alleged had misled users about the data it would gain access to.  In particular, Path had accessed users’ phone contacts, regardless of whether they had expressly requested this.  This left consumers with “no meaningful choice” about what information would be collected.  Ars Technica later reported that other social networking app developers are engaging in similar activities.  The incident attracted the attention of the House Energy & Commerce Committee, which sought responses from various app makers regarding their approach to user privacy.

In 2011, New Jersey prosecutors considered criminal charges against app developers over similar activity (transmission of user information to third parties without consent).  App makers, including the makers of the internet radio app, Pandora, reported receiving grand jury subpoenas in relation to potential charges under the Computer Fraud and Abuse Act, also used to prosecute hackers and, notoriously, Aaron Schwartz (Schwartz’s prosecution for downloading the JSTOR database of academic articles without authorization attracted criticism, and led to complaints that the Act is too broad).  Such charges frame the app makers’ access to user data as a form of unauthorized access to a computer, thus falling within the terms of the CFAA.


Cellphone searches incident to arrest

When police place an individual under arrest, they are permitted to conduct a full search of the individual’s person, without a warrant, to look for weapons and preserve evidence.  This search authority includes the ability to search within “containers” the person is carrying, such as a cigarette packet inside a pocket (U.S. v. Robinson).

The so-called “search incident to arrest” doctrine has been relied upon by police to justify searching an arrestee’s cellphone.  These searches are not uncommon — according to Adam Gershowitz, by 2010 over 40 courts nationwide had been asked to assess the constitutionality of cell phone searches incident to arrest.  The argument for lawfulness relies on an analogy to physical containers.  Prior to the cellphone era, courts held that a pager could be searched by police upon its owner’s arrest, as it was no different from a purse or address book, which could also be lawfully searched (U.S. v Chan 830 F. Supp. 531 (N.D. Cal., 1993) and the cases which followed it).

The Supreme Court has not ruled on whether a warrantless cell phone search can be justified under the search incident to arrest doctrine.  But reviews of the caselaw conducted by Junichi Semitsu and Adam Gershowitz conclude that the majority of courts having considered the question found that warrantless searches of cell phones could be upheld on this basis.  For example, in U.S. v. Finley, the Fifth Circuit held that a search of Finley’s cellphone following his arrest for selling drugs to a police officer was justifiable on the basis of the container cases.

But there is division within the judiciary on this point, with a minority of courts rejecting the container analogy.  The Ohio Supreme Court concluded that warrantless cellphone searches could not be analogized to container searches, because cell phones contain intangible data, not physical objects, and do so on a scale which is incomparable to a physical container (State v. Smith).  A District Court judge in California also rejected the analogy, finding that a cellphone contained such a large amount of evidence that it was conceptually closer to a large container which was within the arrestee’s control, but not on their person (U.S. v. Park).

Further, if the police interaction with a suspect does not result in an arrest, a cellphone search is unlikely to be permissible.  In United States v. Zavala, the Fifth Circuit held that a pat-down search conducted during a Terry stop (also known as a “stop and frisk”) did not include the right to search the suspect’s cell phone.  Officers performing a Terry stop are only permitted to engage in a protective search for weapons or contraband, and not a search for evidence such as is contained on a cellphone.

Locking a cellphone using a passcode appears unlikely to put it beyond the reach of law enforcement personnel.  Gershowitz concludes that there is no legal impediment to police seeking to gain access to a passcode-protected phone by guessing or cracking the passcode, provided this is reasonably contemporaneous with arrest.  And from a practical standpoint, officers may have the technical capacity before long to gain access to phone data without knowing the passcode at all.  As the ACLU argued in 2011, it appears that some state police have purchased “forensic cellphone analyzers”, which enable extraction of a range of data (photos, text messages, contacts, and more), even if the phone passcode is not known.


Cellphones in vehicles

A further question arises regarding the lawfulness of police searching cellphones left in vehicles.  According to Supreme Court caselaw, if police have probable cause to search a vehicle, they are lawfully able to look inside containers within the vehicle for the object of their search (California v. Acevedo), even if that container belongs to someone other than the owner of the vehicle (Wyoming v. Houghton).  However, if the object of the search is a physical thing (e.g., drugs or weapons), this could not justify searching a cellphone.

In certain circumstances, the search incident to arrest doctrine, discussed above, can also be relied upon to allow police to search the vehicle occupied by the arrestee at the time of their arrest.  In Arizona v. Gant, decided in 2009, the Supreme Court held that police may conduct a search of the vehicle’s passenger compartment if the suspect is unsecured and could reach into the vehicle to grab something.  Alternatively, if the suspect has been secured (most commonly, using handcuffs), a search of the vehicle is permissible if it is reasonable to believe it contains evidence relevant to the crime which led to the arrest.  Junichi Semitsu argued in 2012 that, in the majority of post-Gant cellphone searches which have been challenged and upheld, the state relied on the Gant rule.

The Court of Appeals for the Fifth Circuit also held in Zavala that the accused’s consent to search his vehicle did not include consent to search his cellphone, which had been removed from him when he was stopped and placed on the roof of the vehicle.  It was not objectively reasonable for the officer to conclude that the consent granted extended to the cellphone.


Where law enforcement searches and data privacy coincide

If the weight of authority comes to be the settled law, there are many circumstances in which law enforcement may lawfully search smartphone without a warrant.  And thanks to the under-regulated and often opaque data collection practices of smartphone companies, what they find in their search may be more expansive than many users realise.

Further, as Junichi Semitsu explains, certain smartphone apps do more than just reveal the contents of the device to the user.  Some, like the Facebook app, also allow the user to access content stored on a server, with no signal to the user regarding which form of content is being observed.  This greatly expands the information to which police can gain access through a warrantless search (information which they would otherwise require a subpoena to obtain).  But, as Semitsu discusses, this distinction has not persuaded courts that the analogy with a “container” is inapt.

Along with apps collecting and storing more data, there are user-driven transformations to information storage taking place.  As the use of cloud storage expands, smartphone users are increasingly using apps like Evernote, Dropbox and Instapaper, along with OS-integrated facilities like iCloud, to synchronize information across multiple devices.  This means that in addition to having the user’s smartphone data at their fingertips, law enforcement personnel may have access to data from the user’s other devices as well.

The expansion of cloud computing has caused the Senate Judiciary Committee to reconsider the scope of the Electronic Communications Privacy Act of 1986 (which regulates law enforcement access to electronic records stored by third parties); perhaps the time has come for reconsideration of warrantless smartphone searches on the same grounds.  Far from being mere “containers,” these devices encapsulate more information than the search-incident-to arrest doctrine could ever have envisaged.


About the Author

Sharyn Broomhead

Sharyn Broomhead is a Staffer for the Columbia Science and Technology Law Review. She is an LLM candidate at Columbia Law School.
blog comments powered by Disqus