Crossposted from The Huffington Post.
How private is the data on your cell phone? That was the big question before the Supreme Court last week in a pair of cases, Riley v. California and United States v. Wurie, with the potential for huge consequences for the future of information privacy.
The cases involve a longstanding exception to the Fourth Amendment that permits the police to search items on or near someone they have arrested, no warrant required. The rule was intended to keep officers safe and prevent the destruction of evidence. In recent years, however, the rule has given police free rein to seize and search the devices that store our calls, text messages, e-mails, and troves of other personal data such as our financial history, medical information, and daily movements.
Many of the Justices expressed concern over the disproportionate invasion of privacy, suggesting that a warrant should be required for a cell phone search. But there was another question that caught the Court’s attention: What happens to all that data once the police have it?
It is common practice to copy the contents of device before searching it. But if the police don’t need a warrant to do that, then there is also no judicial check on what happens to that information, how it’s used, or who gets to see it. A warrant requirement would serve two purposes. It would be a bulwark against highly invasive fishing expeditions resembling the “general warrants” so abhorred by the nation’s Founding Fathers. And it would provide a way to limit the sensitive information that the government is allowed to keep and share about you.
The retention of cell phone data raises extraordinary privacy concerns above and beyond whatever visual inspection a police officer might need to conduct on the spot. In the Riley case, for example, a San Diego detective admitted to downloading “a lot of stuff” from the cell phone at a regional computer forensics lab run by the FBI. The lab gave local police access to sophisticated forensics technology capable of making mirror copies of data stored on electronic devices.
An amicus brief filed by the Brennan Center for Justice points out that this kind of sophisticated data extraction is not unusual. It is a law enforcement tactic that has become increasingly popular around the country. Since 1999, the FBI has partnered with local law enforcement agencies to establish a network of forensic computer labs in 19 states. When it comes to cell phone data, these laboratories provide local police access to “Cell Phone Investigative Kiosks,” which allow officers to “extract data from a cell phone, put it into a report, and burn the report to a CD or DVD in as little as 30 minutes.” In other words, the police can pull data off your cell phone about your ‘whole life’ in the time it takes you to upload pictures of your vacation to Facebook.
Local police policies vary from place to place, but the FBI’s procedures for handling digital evidence provides a glimpse into how highly personal information can wind up on government databases for decades. All cell phone data seized by the FBI feeds into a centralized database set up for criminal and counterterrorism purposes. The data is widely shared — about 12,000 government employees have access to it — and there are few limits on how long the data can be kept. This massive centralization of Americans’ data creates an enormous potential for abuse. Indeed, FBI agents were recently caught looking up the Bureau’s databases about friends working as exotic dancers or celebrities they thought were “hot.”
More than 12 million people are arrested each year, the vast majority for misdemeanors. Many of those arrested were likely carrying cell phones and other electronic devices. A warrant to search those cell phones will not make every privacy concern disappear, but it will at least help ensure that highly personal data does not end up on government databases without adequate justification. Unlike an officer in the heat of an investigation, a court has the capacity to design the search so it meets law enforcement needs in a particular case, but does not needlessly expose Americans’ private information. Courts can and should impose restrictions on what police can do with the data they seize, including procedures that segregate and purge irrelevant information.
The law must keep pace as technology evolves and the thirst for data grows. The old rules simply do not account for the volumes of personal information on modern cell phones, or the role such devices play in society. Requiring a warrant for cell phone searches related to an arrest will prevent our personal data from being searched needlessly, kept indefinitely, and used improperly.
Photo by Pieter Ouwerkerk.