Breadth of Cell Phone Searches

The problem, of course, is that you don’t always know what you don’t know - what might or might not be relevant. Although good investigation should be able to narrow your field of inquiry to a certain date range, or a certain set of communications between suspect(s) and/or victim(s), conflicting information and uncooperative subjects can make these types of filters hard to come by.
May 6, 2014
7 min read

Last week, the Supreme Court considered warrantless mobile device search and seizure in two cases: U.S. v. Wurie (13-212) and Riley v. California (13-132). While the justices have numerous issues to decide, at heart is the right of privacy from government intrusion, vs. the need for government access to private information to protect public safety.

More specifically:

  • Whether police access to data without a warrant should include any and all private data, or whether there should be exceptions.
  • What kinds of mobile device data should be searched right away.
  • Whether all types of crimes, from felonies to misdemeanors, left citizens’ mobile devices open to warrantless searches.
  • How mobile device searches are different from searches of other private containers, including wallets or purses.
  • How police might balance privacy rights against the need to preserve evidence that could be encrypted or remotely wiped.

Even before the Supreme Court heard arguments, though, the Washington Post had published an article about some federal judges’ concern that government searches can overreach and obtain data that isn’t relevant to their case, and then retain the data “for unspecified future use.” Justice Antonin Scalia likewise raised this issue, according to National Public Radio (NPR), when he “suggested that the rule could limit the search to material relevant to the crime for which the person is arrested.”

How could search limits impact your cases?

The problem, of course, is that you don’t always know what you don’t know - what might or might not be relevant. Although good investigation should be able to narrow your field of inquiry to a certain date range, or a certain set of communications between suspect(s) and/or victim(s), conflicting information and uncooperative subjects can make these types of filters hard to come by.

Furthermore, digital evidence isn’t always obvious. For example, it may be possible to uncover new, previously unknown victims of child enticement in a suspect’s chat logs, discover actual evidence hidden by innocuous-looking file names, or find evidence that the illegal activity has been going on for much longer than you initially thought.

In addition, a subject’s patterns of life - movements, communications, and so forth - can help establish means, motive, and/or opportunity following a crime, or can help to develop intelligence over long-term investigations or for operational planning.

Non-evidentiary content can also be important in authenticating evidence. It can show a subject’s state of mind before, during, and after an incident. Language patterns that match the evidence can indicate that the same person authored the messages. Locations and date and time stamps can show a suspect using a device for “normal” as well as criminal activity at the same time as the criminal conduct, showing that someone else couldn’t have posted the contraband content from that device at that time.

Finally, as the facts of Riley and Wurie demonstrate, encounters with suspects in the field don’t make it easy to decide how to treat their mobile devices. True forensic analysis doesn’t lend itself to the kind of rapid decision-making that’s often required to keep yourself and others safe, preserve and collect other forms of evidence, and maintain situational control.

Back to the SCOTUS arguments

In Riley, reported NPR, California Solicitor General Edward DuMont “said no warrant should be required for any information that is ‘of the same sort’ that police have traditionally been able to seize without a warrant — diaries, letters, photographs - when carried by an individual.”

However, the justices carefully considered that the amount of data a smartphone can carry is much greater than physical diaries, letters, or photographs; or for that matter, than purses, briefcases, or glove boxes contain, and which police have been allowed to search in the interests of their own safety or evidence preservation.

Meanwhile, a short analysis from law professor Orin Kerr concluded that the justices seemed to support neither a rule that digital devices could “always be searched in their entirety incident to arrest,” nor a bright-line rule that would require a warrant in every situation. Instead, Kerr believes the Court will set a “middle-ground rule” which, ultimately, will require police to limit their searches in most cases.

Search limits as a best practice

The Court isn’t expected to announce its decision until June, so in the meantime, think about how you might narrow mobile device search warrant language rather than using boilerplates. Keep in mind that search limits on digital data aren’t new; both wireless carriers and internet service providers, like Facebook, require specific date and/or time ranges for records and content requests.

In general, getting specific is just good practice. Apart from privacy issues, March’s column noted that “Give me everything on the phone” has become an unreasonable request as mobile devices’ storage capacity, and the amount of data being stored, grow larger. As you approach judges in your jurisdiction, here are a few things to help guide you.

(Note: this should not be considered legal advice. Be sure to work with prosecutors in your own jurisdiction to determine what policies and standard operating procedures to set.)

To preserve the evidence—to prevent it from being remote wiped, or some other action the suspect can take to hide or destroy it—isolate the device from the wireless network by placing it in Airplane Mode. Be sure that this action is on your consent form if you are seeking consent to search.

Document not just that you changed the network setting, but also each step you took to access the device’s settings and make the change. (RF shielded containers, such as Faraday bags or boxes, can work too, but they drain the battery. Seize chargers along with the device if you are using a Faraday container.)

Can you forensically collect data without “searching” it? Perhaps, but remember, part of the debate involves retention, or how long you keep the data after you collect it. If you think your investigation will take time, but you need to release the device back to the subject, obtain a warrant to collect the data you want to search.

Probable cause in a search warrant cannot be overstated. You should reasonably believe that a crime has been or is about to be committed, and that the evidence may exist on the device you want to search.

A warrant’s requirements for particularity - the device to be searched, the data to be seized - mean that yours should include specific data: chats, instant messages, images, emails, and date/time ranges where applicable. Your warrant should contain these details to enhance your probable cause to search.

However, don’t be overly particular either. Searching a mobile device may be like searching a house, but naming specific databases isn’t as simple as naming rooms. Even when houses’ layout differs, the names of different rooms (living room, bedroom, basement) remain consistent.

Mobile device database names do not. Relevant data could be stored in a number of different databases, and therefore different locations, in a device’s memory. This depends on the device make, model, operating system, firmware version, and other variables.

Images, for instance, could be in their own directory, or stored in the directory for the apps they’re associated with, or even deleted and fragmented across unallocated space in the device’s memory. In short, naming specific databases to be searched risks missing important evidence.

If you find evidence of a crime other than what you’re searching for, stop your search immediately and seek a new warrant. Plain view doctrine will protect your initial discovery, but not subsequent evidence if you continue your search without obtaining an additional warrant.

Finally, remember that legal requirements ultimately make you better at your job: more thorough, more credible, and more professional. At a time when government agencies are under more public scrutiny than ever, use whatever decision comes down in June to your professional advantage, and take the opportunity to learn as much as you can about the devices you’re searching.

More information

3 Questions about Mobile Device Evidence

Initial impressions from the oral argument in the Supreme Court cell phone search cases

Court seemingly at odds over cell phones and searches

Supreme Court Considers Limits on Warrantless Cellphone Searches

Supreme Court appears hesitant on cellphone searches

Low-level federal judges balking at law enforcement requests for electronic evidence

About the Author

Christa M. Miller

Christa M. Miller is Director of Mobile Forensics Marketing for Cellebrite USA. Christa has worked for more than 10 years as a journalist, specializing in digital forensics and other high tech topics for public safety trade magazines including Law Enforcement Technology and Officer.com. Christa is based in South Carolina.

Sign up for our eNewsletters
Get the latest news and updates

Voice Your Opinion!

To join the conversation, and become an exclusive member of Officer, create an account today!