Sophos Cloud Optix
The URLs you visit; the phone numbers you text or dial; the email addresses with which you correspond; the books, groceries and medications you buy online; and the communications required to set up heroin purchases from your dealer.
What do these things have in common? US courts have failed to protect such data when it’s found on your cell phone.
In one such case, filed in June and covered recently by Forbes and by Ars Technica, Washington police seized the iPhone of a suspected drug dealer, Daniel Lee.
Detective Kevin Sawyer heard the sound of a text message coming in from Shawn Hinton, asking that Lee call him.
Pretending to be Lee, the detective texted him back.
Here’s the conversation, from the court filing:
[Hinton]: Hey whats up dogg can you call me i need to talk to you.
[Sawyer]: Can't now. What's up?
[Hinton]: I need to talk to you about business. Please call when you get a chance.
[Sawyer]: I'm about to drop off my last.
[Hinton]: Please save me a ball. Please? I need it. I'm sick.
As Sawyer testified, a “ball” is a drug weight equivalent to about 3.54 grams, and “sick” describes drug addicts coming off a high and needing to buy more.
Sawyer and Hinton continued to text, setting up a heroin sale in the parking lot of a local grocery store, where police arrested Hinton on the charge of attempted possession of heroin.
Hinton wasn’t the only one the detective went after: according to the court filing, Sawyer spent about 5 to 10 minutes looking at text messages on Lee’s iPhone, also checking to see who had been calling. Many of the text messages were from people looking to buy drugs.
Sawyer went so far as to text one of the individuals he found in the phone, Jonathan Roden, asking him if he “needed more.”
Is it legal for police to do this with seized cell phones?
Cell phones and privacy – the law is evolving
Both Hinton and Roden argued in court that their privacy rights had been violated by Sawyer intercepting, without a warrant, private communications intended for Lee – specifically, privacy rights granted by Washington’s state constitution and by the Fourth Amendment to the US constitution.
(The Fourth Amendment guards against unreasonable searches and seizures and requires warrants to be judicially sanctioned and supported by probable cause.)
The Washington state appeals court disagreed, handing down a decision that could have a far-reaching impact on cell phone privacy.
In that decision, Judge Joel Penoyar wrote that cell phones are, basically, just fancy address books, or, quoting from a similar case, “nothing more than a contemporary receptacle for telephone numbers”.
Also, Penoyar wrote, it’s an individual’s choice to transmit a message to an electronic device that could be in anybody’s possession. The sender can’t expect privacy, given that heaven knows who could be on the receiving end.
Is this the final say? Can we expect no privacy whatsoever in our cell phone communications?
The law continues to evolve. Justices have written compelling arguments that when police rifle through seized cell phones, they’re conducting searches and should thus first obtain warrants.
And as Forbes’s Timothy B. Lee points out, the Obama administration itself has argued that police violated a Baltimore, Maryland, man’s constitutional rights when they seized his phone and deleted videos he had taken of the officers’ conduct as they arrested his girlfriend.
In other words, the law is, at this point, murky. But what’s clear is that police don’t feel much compunction about freely searching cell phone data on seized devices.
Securing your cell phone
Of course, people who find our lost cell phones are equally capable of accessing our sensitive data.
We at Naked Security are not overly concerned about giving tips on securing phones to drug dealers.
But seeing as how Sophos’s own Carole Theriault ‘fessed up to losing her own smartphone four times in one year, it’s good to review some general advice about how to lock phones and clear call/text histories to avoid snooping.
Last year, a Sophos survey found that 22% of people admitted to losing their phones, and a whopping 70% of mobile phone users reported that they don’t password-protect their phones.
Obviously, password protection will go a long way to keeping your cell phone data safe. Deleting logs is another easy step to protecting your cell phone privacy.
Sophos also has a free Mobile Security Toolkit that includes these tools to keep your mobile phone secure:
- Mobile Security Threats and How to Stay Safe (Presentation)
- Why You Should Always Lock Your Phone (Video)
- What Senior Managers Need to Know About Mobile Device Security (Article)
- Mobile Security–What’s Coming Next? (Whitepaper)
- Safe Passcodes for Mobile Devices (Tips)
- Example Mobile Security Policy (Template)
- Seven Tips for Securing Mobile Workers (Whitepaper)
These tools are free, but you do have to fill in some fields to help Sophos’s marketing people understand who is downloading the toolkit.
Don’t plan on losing your phone or having a brush with the law? Note that one reader who commented on Carole’s article about mobile security said that their 5-year-old broke into their phone that very morning, called the reader’s sister, moved apps around, and downloaded “stuff”.
Police poking around without warrants, thieves or 5-year-olds are all good reasons to keep our phones locked down tight.
Hands using phone, drugs, police car and locked phone images courtesy of Shutterstock.
"In that decision, Judge Joel Penoyar wrote that cell phones are, basically, just fancy address books, or, quoting from a similar case, "nothing more than a contemporary receptacle for telephone numbers"."
Well lets put it like this. The guy who got arrested for texting is one thing, he contacted them. Them lookin through the numbers is fine too.
The line is drawn when they are texting a suspects contacts to arrest others for attempted possession, by seeing who previously was buying from texts and call logs.
Looks like my next project is supplying encryption for Cell phones.
There is no reason to lose photos or videos, when police order you to delete them.
Everyone should have at least two email addresses. As soon as you take a photo or a video, attach it to email and then send it.
If a cop orders you to delete photos/videos, comply.
To mislead the cop, object briefly and not too strongly. Don't give a cop an excuse to arrest you and/or to steal or to destroy your phone.
Resist the impulse to be a smartass. Don't say, "Neener neener neener — I emailed them to myself. Too bad, pig!"
Wonderful advice, Foo. I would hazard a guess that using the term "neener neener neener" is likely counterproductive in most conversations with law enforcement, regardless of whatever nyah-nyah-nyah-ism with which you fill in the rest of the sentence. 🙂
Did he have a notice on his back saying," Arrest me".
How odd.
Sophos is all about privacy protection and security.
Went to download their toolkit and they wanted to know entirely too much information.
No thanks, Sophos.
So you are willing to download and install a program from a company, but balk at giving them your e-mail address?
If ytou've been around the Internet long enough, you would be asking the question 'why does any web site need an email address to let someone download anything?' Simple answer – they don't. It's just a form of tracking. Anyway, doesn't matter – just do what spammers do, get a temporary gin-mill type of webmail account, download, and drop the email account.
At SOHOS, on this page, I blocked 12 unwanted eyeballs including the GPS spyware. While I trust SOPHOS a great deal, giving up an email address to get anything "free", is a red flag.
What GPS spyware?
That was my thought too. Too much information wanted, so I didn’t download the toolkit.
And that "stuff" could very easily have been illegal content downloaded (directly or indirectly through malware) by clicking on one of those nice, flashy links we adults know (or should know) better than to click on. Authorities would of course jump to the conclusion that it was YOU who deliberately downloaded it and react accordingly. To me, that has always been one of the biggest dangers of letting someone else use my PC or phone without supervision. The owner gets blamed, and saying that someone else must have done it when you weren't looking always looks like a cop out (pardon the pun) to the authorities.
Its the same for wifi, or even accessible ports onto your network.
I respectfully disagree with the court's decision for a variety of reasons.
Simply having a mobile device, instead of a desktop computer or electronic handset
connected to a landline, should make no difference because of the connection type
or technologies used. A search warrant should be required, upon probable cause,
and sufficient evidence, describing the things to be seized and/or searched from any
type of electronic device, regardless of nature or type. There should be no distinction
drawn nor privacy rights surrendered or lessened, because they are all personal pro-
perty of a person or business entity, which the laws treat all equally as an individual.
The state court has commited reversable error on appeal under Federal law in my
opinion, and any evidence obtained should be disallowed.
Has it not been the trend for the last 20 years of the 'authorities' pressing for a Internet police state? After all, if police can save just one life by accessing what they want, when they want, without cause and using anything they want however they want, even as a an entrapment tool and get away with it, then as they will tell us, is worth it. And, we can't argue with that.
Already, many places charge fees, or taxes based on what someone _might_ do.
There will be big money for those that come up with rock-solid undetectable means of ensuring privacy. Are we all not seeing our privacy whittled away every day in the name of safety and policing of crime, including anonymity?
How much longer will it be before it is illegal to encrypt anything on your phone, computer, or automobile tacking systems?
The court filing is worth a read, the dissenting opinion in particular. Sotomayor, whose writings on this are cited, is putting forth arguments that you'd find encouraging on 4th Amendment grounds.
I tend to agree with the court ruling on this. I briefly considered the idea that texting the contacts might be considered entrapment, until I realized why the contacts were in that phone to begin with. Nobody is being enticed into performing a crime they would not ordinarily do.
I'm no expert on enticement law or addiction, but I would suggest that it is possible that for people battling addiction, enticement might lure them at exactly the moment they might otherwise have been teetering between sobriety and continued addiction. Unlikely, but possible.
Tough s___ to the dealers and purchasers.
Let's replace the drugs with child sex. Would what the police did be ok then? One would certainly hope so.
Illegal is illegal.
Ahhh, and see there is the issue right there.
"Let's replace the drugs with child sex. Would what the police did be ok then?"
Your method of justification is saying "They are bad guys so it is ok to infringe on their rights". Well what if you get pulled over for drunk driving, should the cops be able to text your friends to try and see if they are also out on the road drunk? Maybe send a message pretending you have a flat tire to see how many of your friends will drive over drunk to try and help.
Most of us won't feel particularly sympathetic toward drug dealers or users. But we should remember that individual rights don't change from one group to another (unless you're talking about rich people!). If you strip away privacy rights from drug dealers, you're stripping away rights from everybody, including people such as the man who recorded police misconduct. I don't have such a grudge against drug users that I'd sacrifice my rights to privacy in order to see them nailed.
If the police succeed in catching a big-time drug dealer, by using a telephone belonging to a small-time drug user, that is morally right.
umm what's a big time drug dealer? Because really big time drug dealers will not be using a cell PERIOD
So, in other words, it's perfectly legal to pretend to be someone else to get them to perhaps do something they wouldn't normally do face to face with the fake communicator.
Interesting.
Where have I see this before? Hmm…
this is an excellent point…. impersonating a police officer to enforce a law is still illegal because you impersonated the officer…. but an officer can impersonate a Particular Person (Identity theft) to incriminate 2 other people (drug user or not) in which they had no warrant in the first place… I also believe they had violated the search and seizure …. they went in ( sawyers cell phone) for evidence to use against the offender (sawyer) and found evidence NOT pertaining to sawyer and used it to persue charges on 2 random people…. THAT IS ILLEGAL…. that judge needs a good bullet in the eye for not seeing that…..
Entrapment?
The larger issue here is not that the officer used the telephone, but that the court ruled that there is no expectation of privacy when sending a text message. This could have serious consequences for those people who do assume a basic level of privacy on their personal mobile device. The fact that devices come from manufacturers with the ability to self wipe if the correct pin is not entered or be remotely wiped in the event of their loss shows that consumers do place a value on the privacy of the content of their phone. This court has ruled that this does not extent to text messages. Given that you can receive rich content on this system by mms, it considers any photos that are sent to you as in public view. If you were thinking that sexting might be ok between consenting adults, bear in mind that you are now considered to be putting those images on public display.
Law Professor Susan Brenner has a detailed blog posting about this case: http://cyb3rcrim3.blogspot.kr/2012/07/text-messag…
Generally locking your phone or placing it in a place that is not reasonably in plain view is enough to ensure that law enforcement have to obtain a warrant to search the device. If you are still worried about it there are free services and applications that allow for the locking and encryption of personal content.
Yes, but is their shit any good?
So, if I am a bit paranoid, do not trust certain government and private entities, and believe that I basically have no true privacy expectations regarding anything at all…then using that judge's argument…I am warrantless open prey.
What if the cops contact people that are not associated with a drug transaction. Lets say that this guy may smoke weed here and there and the cops accuse him of being a dealer because of the amt he may have had on him and they begin to text his lets say employer etc. He gets the charges dropped…but loses his job…should he have the right to sue?
the judge was a moron… simple as that… the ruling should have been in favor of the drug users believe it or not… just because the government its too stupid to see their own loopholes doesn't mean they don't have to abide by the amendments…. they are set in stone plain as day…. they violated 2 guys 4th amendment… they had no warrant for them…. and they didn't incriminate themselves…. they simply stated their rights have been violated… and for all you pigs reading this…. feel free to come to my doorstep with a warrant cause I wont answer and if you break my door down…. your getting shot for trespassing…. (good luck getting passed that loophole)
Text messages are no where near private. There are companies out there mining the data for marketing purposes via carriers and also virtually every text message is analyzed by computers for key words or combinations thereof for "national security" and law enforecement purposes along with being stored for future reference such as in court cases. Most voice communications are not subject to this and therefore the best way to communicate (duh!). I could never understand why such an archaic form of communication would become so popular. Next we will be going back to Morse code and smoke signals!
If the police succeed in catching a big-time drug dealer, by using a telephone belonging to a small-time drug user, that is morally right.
Why is there a pic of tobacco, salt, and tylenol?
Straight up entrapment!
” police violated a Baltimore, Maryland, man’s constitutional rights when they seized his phone and deleted videos he had taken of the officers’ conduct as they arrested his girlfriend.”
No police officer, anywhere in the western world has the right to confiscate the assets of someone who is going about their lawful business – this includes filming the police breaking the law.
if the date and time is wrong on the camara durain a drug bust can they hold that on me durain trail
Whoever the idiot is that keeps saying “”Its morally right” WE ARE TALKING ABOUT OUR CONSTITUTIONAL RIGHTS HERE, NOT WHAT YOU BELIEVE TO BE MORALLY RIGHT!!!!