The URLs you visit; the phone numbers you text or dial; the email addresses with which you correspond; the books, groceries and medications you buy online; and the communications required to set up heroin purchases from your dealer.
What do these things have in common? US courts have failed to protect such data when it's found on your cell phone.
Detective Kevin Sawyer heard the sound of a text message coming in from Shawn Hinton, asking that Lee call him.
Pretending to be Lee, the detective texted him back.
Here's the conversation, from the court filing:
[Hinton]: Hey whats up dogg can you call me i need to talk to you.
[Sawyer]: Can't now. What's up?
[Hinton]: I need to talk to you about business. Please call when you get a chance.
[Sawyer]: I'm about to drop off my last.
[Hinton]: Please save me a ball. Please? I need it. I'm sick.
As Sawyer testified, a "ball" is a drug weight equivalent to about 3.54 grams, and "sick" describes drug addicts coming off a high and needing to buy more.
Sawyer and Hinton continued to text, setting up a heroin sale in the parking lot of a local grocery store, where police arrested Hinton on the charge of attempted possession of heroin.
Hinton wasn't the only one the detective went after: according to the court filing, Sawyer spent about 5 to 10 minutes looking at text messages on Lee's iPhone, also checking to see who had been calling. Many of the text messages were from people looking to buy drugs.
Sawyer went so far as to text one of the individuals he found in the phone, Jonathan Roden, asking him if he "needed more."
Is it legal for police to do this with seized cell phones?
Cell phones and privacy - the law is evolving
Both Hinton and Roden argued in court that their privacy rights had been violated by Sawyer intercepting, without a warrant, private communications intended for Lee - specifically, privacy rights granted by Washington's state constitution and by the Fourth Amendment to the US constitution.
(The Fourth Amendment guards against unreasonable searches and seizures and requires warrants to be judicially sanctioned and supported by probable cause.)
The Washington state appeals court disagreed, handing down a decision that could have a far-reaching impact on cell phone privacy.
In that decision, Judge Joel Penoyar wrote that cell phones are, basically, just fancy address books, or, quoting from a similar case, "nothing more than a contemporary receptacle for telephone numbers".
Also, Penoyar wrote, it's an individual's choice to transmit a message to an electronic device that could be in anybody's possession. The sender can't expect privacy, given that heaven knows who could be on the receiving end.
Is this the final say? Can we expect no privacy whatsoever in our cell phone communications?
The law continues to evolve. Justices have written compelling arguments that when police rifle through seized cell phones, they're conducting searches and should thus first obtain warrants.
And as Forbes's Timothy B. Lee points out, the Obama administration itself has argued that police violated a Baltimore, Maryland, man's constitutional rights when they seized his phone and deleted videos he had taken of the officers' conduct as they arrested his girlfriend.
In other words, the law is, at this point, murky. But what's clear is that police don't feel much compunction about freely searching cell phone data on seized devices.
Securing your cell phone
Of course, people who find our lost cell phones are equally capable of accessing our sensitive data.
We at Naked Security are not overly concerned about giving tips on securing phones to drug dealers.
But seeing as how Sophos's own Carole Theriault 'fessed up to losing her own smartphone four times in one year, it's good to review some general advice about how to lock phones and clear call/text histories to avoid snooping.
Last year, a Sophos survey found that 22% of people admitted to losing their phones, and a whopping 70% of mobile phone users reported that they don't password-protect their phones.
Obviously, password protection will go a long way to keeping your cell phone data safe. Deleting logs is another easy step to protecting your cell phone privacy.
Sophos also has a free Mobile Security Toolkit that includes these tools to keep your mobile phone secure:
- Mobile Security Threats and How to Stay Safe (Presentation)
- Why You Should Always Lock Your Phone (Video)
- What Senior Managers Need to Know About Mobile Device Security (Article)
- Mobile Security–What's Coming Next? (Whitepaper)
- Safe Passcodes for Mobile Devices (Tips)
- Example Mobile Security Policy (Template)
- Seven Tips for Securing Mobile Workers (Whitepaper)
These tools are free, but you do have to fill in some fields to help Sophos's marketing people understand who is downloading the toolkit.
Don't plan on losing your phone or having a brush with the law? Note that one reader who commented on Carole's article about mobile security said that their 5-year-old broke into their phone that very morning, called the reader's sister, moved apps around, and downloaded "stuff".
Police poking around without warrants, thieves or 5-year-olds are all good reasons to keep our phones locked down tight.Follow @LisaVaas