Are you prepared to defend your cell phone data searches?
Photo credit: Frank Borelli
Last month the New York Times ran an article that detailed looming legislative and judicial restrictions on law enforcement cell phone searches:
As technology races ahead of the law, courts and lawmakers are still trying to figure out how to think about the often intimate data that cellphones contain, said Peter P. Swire, a law professor at Ohio State University. Neither the 1986 statute nor the Constitution, he said, could have anticipated how much information cellphones may contain, including detailed records of people’s travels and diagrams of their friends.
November’s Officer.com column gave you some guidelines on how to search and seize video documenting a crime. Again, consent, plain view, exigent circumstances, incidence to arrest, or a warrant are all justifications for a legal search of a mobile device.
As the Times pointed out, however, every court has its own interpretation of what “legal search” really means:
- Is it the text message that’s in plain view, or only the notification of an incoming text that you see on the phone’s screen?
- Did the suspect’s consent to let you search his phone for a specific phone number mean that you could search the entire phone, or only his phonebook?
- Does your search incident to arrest protect your safety or preserve the evidence on the phone?
Everything you do in a crime scene, from properly securing a perimeter to chain of custody for each piece of evidence you secure, impacts future analysis. Likewise digital evidence. Yet few standards exist for digital evidence. Some best practices exist, like isolating the phone from the network and (just as for physical evidence) maintaining chain of custody and documenting everything you do.
However, best practices aren’t the same as standards. As the National Academy of Sciences noted in 2009:
Those (scientific) advances, however, also have revealed that, in some cases, substantive information and testimony based on faulty forensic science analyses may have contributed to wrongful convictions of innocent people. This fact has demonstrated the potential danger of giving undue weight to evidence and testimony derived from imperfect testing and analysis. Moreover, imprecise or exaggerated expert testimony has sometimes contributed to the admission of erroneous or misleading evidence.
These imperfections, among other issues, are causing judges and lawmakers to scrutinize police work more closely when it comes to getting forensic evidence of any kind. How evidence is treated, not just by analysts but also by first responders and investigators, determines how cases are won and lost.
The standards that do exist, and the ones currently being put in place, have the potential to impact police departments at many levels -- for better or worse.
In a perfect world, a set of actions that police could refer and adhere to when obtaining digital evidence would make things a lot easier both for police and for the judges deciding cases. Infrastructure would be set up and maintained to assist agencies that don’t have the resources to collect and analyze digital evidence. Attorneys would have a baseline by which to determine expert testimony, and case law would be determined on the basis of accepted science rather than subjective interpretations.
But in the real world, standards have to be backed up with the right training, as well as a way to ensure compliance. They also need to be consistent; readily accessible; either easy to implement, or scalable according to an agency’s resources; and developed with real-world professionals’ input.
The current few standards, including recently announced standards by the International Standards Organization (ISO), International Electrotechnical Commission (IEC), and American Society for Testing and Materials (ASTM), are none of these -- and that’s a problem. At a basic level, the fact that the standards conflict means that no real standards exist.
Nonetheless, the existence of any standards means the potential for tougher cross-examinations and a greater burden on agencies to train their officers at every level—from first responders to lab analysts.
What does that mean for you? At minimum, educate yourself on the types of digital evidence you’re most likely to encounter on the job, how to preserve it, and how to document your actions from preservation through chain of custody.
If you’re a detective, work with your supervisors and administrators to develop standard operating procedure and policy for patrol officers on seizing and searching digital evidence, including mobile devices; train them to document what they do and how they do it, and when to contact an analysis expert.
Any officer or detective who anticipates obtaining evidence from a mobile device should go through training, either a vendor certification course or vendor-neutral classes, and should update their training or certification regularly.
These measures will prepare you and your agency not just for potential requirements to adhere to outside standards, but also overall for better case management, cooperation with outside agencies where necessary, and courtroom testimony.