Online Exclusive

Warrants for Cell Phone Searches

Speed is fine; accuracy is final – with mobile device evidence, too

An old saying in firearms training is “Speed is fine; accuracy is final.” This applies as well to mobile device evidence collection. In fact, you could say this was the gist of the United States Supreme Court’s ruling in Riley v. US (573 U. S. _ [2014]).

In general, the ruling requires law enforcement to get a warrant to search subjects’ mobile devices incident to arrest. That’s if you don’t have consent or some other exception, including exigency.

The cornerstone of the Riley decision is evidence preservation. You can isolate a mobile device from its wireless network(s) to prevent evidence alteration or destruction; you don’t have to “search” its data to achieve this end, or, generally, to maintain officer safety. Acknowledging that some situations could involve imminent danger to police or civilians, the Court allowed for speed in true emergencies, when access to data means preventing harm.

However, officers must be able to articulate probable cause to search a device, in or outside of an emergency. In other words, the device must be a nexus to a crime, and you need to be able to show why you believe evidence of that crime exists on that device. That’s the “accuracy” part.

Does this mean you have to start submitting all your seized mobile devices to the forensic lab? Absolutely not. There is a variety of reasons why it’s good practice to obtain consent or a warrant to search mobile devices as soon as you can.

Among them, it can get you valuable “low hanging fruit” for a multitude of both misdemeanor and felony offenses, from stalking, assault and domestic violence to vehicular, narcotics or vice offenses (among many other examples).

Provided you can make use of electronic warrant systems in your jurisdiction, and you know how to properly customize a boilerplate warrant, this emerging technology stands to help reduce forensic labs’ workload and get you the data you need both quickly and accurately - whether it’s evidence you need to make a case, or actionable intelligence for an ongoing case.

To get to the point where everyone is comfortable with field personnel searching mobile devices incident to arrest, it is important to work with prosecutors, supervisory and command staff to implement policy, guidelines, equipment, and training on what to do and when to do it.

Developing strong policy and guidelines

As with any other law enforcement practice, good mobile data collection policies and guidelines support training by empowering field personnel to make judgment calls within the bounds of accepted laws. Policy standardizes mobile evidence collection across the entire spectrum of forensic evidence handling, from seizing and securing the device to detailed forensic analysis.

Of course, securing legal authority - written consent or a warrant - or discerning exceptions to the warrant requirement is part of this spectrum. Many agencies were already requiring warrants for mobile device searches incident to arrest, either because state supreme courts had ruled this way, or because prosecutors and commanders were anticipating similar rulings.

Policy should refer to procedures that help officers obtain search warrants in minimal time. In many state and local jurisdictions, this could mean - assuming officers are trained to adapt warrants to the situation - electronic or telephonic systems that enable officers to obtain judges’ signatures within minutes rather than hours.

Finally, policy and guidelines should enable investigators to use their first-hand case knowledge, including physical evidence and interviews they conduct, to make critical decisions regarding mobile device evidence. This includes using their judgment in situations that require they escalate a device to a forensic specialist for further analysis.

Procuring the right technology

Technology should be able to help supervisors enforce policies. This might include standard-issue Faraday containers or bags in all police vehicles, and/or the alternative, a roll of tin foil that can be layered over and around devices.

(Note: Faraday containers attenuate, rather than block, wireless signals, so it’s wise to test any Faraday bag, box, or even tin foil layers on various mobile device makes and models. Variables should include the number of layers, both towers and wireless modems, and various distances from each.)

Technology could also include mobile data extraction equipment. To be effective, the equipment needs to have two elements:

  1. Support extraction from a large variety of mobile devices, operating systems, and apps
  2. Present users with an easy-to-use interface that officers can deploy in as little time as possible following legal authorization to search

Preferably, to help enforce policy, data extraction technology should enable administrators - forensic specialists or commanders—to control data extraction privileges to front-line personnel.

Supporting policy and technology through training

Training should support both the proper use of equipment, and the proper application of policy. It should help you understand the many differences in mobile device platforms, operating systems, chipsets, security, and other issues; the different ways that you can protect these devices from being remotely wiped or otherwise altered, and how to use your judgment to determine which is most appropriate; and how to document each action you take. Training is also valuable when it helps you take the right approach to secure a subject’s written consent.

Why does it matter?

On an immediate level, being able to articulate probable cause to search a mobile device makes you a better investigator. Previous columns encouraged officers to be particular about searches when submitting devices to a lab for forensic analysis. Requests to “give me everything on the device” may seem faster, but pose two problems: courts tend to view them as “fishing expeditions,” and they only add to the amount of data you have to process to establish facts and follow up on leads.

By contrast, having to show the device and its data as a nexus to a crime enables you to build a much stronger case. Enforceable policy, clear training, and technology to support both puts both you and forensic lab examiners in a much better position to contribute timely AND accurate data to an investigation.