Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Encrypt Your Smartphone — Or Else

timothy posted more than 3 years ago | from the red-phone-repeat-red-phone dept.

Encryption 304

pin0chet writes "Modern smartphones contain ever-increasing volumes of our private personal data — from text messages to images to emails — yet many smartphone security features can easily be circumvented by thieves or police officers equipped with off-the-shelf forensics equipment. Worse, thanks to a recent California Supreme Court ruling, police officers may be able to search your smartphone for hours without a warrant if you're arrested for any reason. Ars Technica has an article exploring the legal issues surrounding cell phone searches and explaining how you can safeguard your smartphone from the prying eyes of law enforcement officers."

cancel ×

304 comments

Or Else What (1)

sexconker (1179573) | more than 3 years ago | (#34922920)

Or Else What?

C'mere boy... (3, Funny)

Mr. Underbridge (666784) | more than 3 years ago | (#34922960)

You ever seen Deliverance?

Re:Or Else What (3, Insightful)

AHuxley (892839) | more than 3 years ago | (#34923384)

The police/feds can do more than just read your IMEI number now [nydailynews.com] . The sneak has been removed from "sneak and peek".
The peek is now more a search too. Add in "they are free to try to crack the password by guessing it or by entering every possible combination (a brute-force attack)" - how strong is your average MS (patch on the way some time)/Apple(optional ?)/Google(3rd party/soon?) OS NSA allowed crypto effort?
If its strong, what about a useful plain text like backup database back on your desktop/laptop?
Bookmarks and that autocomplete cache that never gets wiped?
Will a country have an encrypted container detection software kit? Could you be held on not providing a pw when requested?
The smart thing to do is have a very dumb phone and just give up a list of numbers. Back to pen register vs your online life in plain text.

Re:Or Else What (3, Interesting)

TheGratefulNet (143330) | more than 3 years ago | (#34923868)

seriously, this is the near definition of 'chilling effect'.

don't want to reveal your whole life to some badged thug? guess you cannot HAVE a portable computer with you.

lets tell this to the smartphone companies and carriers. lets pit the economic interests of those behemoths to the thugs in blue. maybe if the carriers and vendors realize that smartphone sales are plummeting they'll get the laws changed.

wait - what am I saying?! you folks are like crack addicts with your cellphones and the lawmakers KNOW IT. you'll never give them up, sadly.

Simple... (0)

Anonymous Coward | more than 3 years ago | (#34922968)

Don't carry a smartphone... that nokia 6310i still works miracles for me...

Re:Simple... (3, Interesting)

TheGratefulNet (143330) | more than 3 years ago | (#34923188)

as a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion is nullified at the state (maybe even fed) level.

until then, I can EASILY do without carrying another computer with me. I spend enough time in front of an actual pc (work and home) that its somewhat of a relief NOT to have to carry yet another 'bother me' device while I'm out.

even if you have done 'nothing wrong' the fact that some thug in a badge can ruffle thru your correspondence for NO good reason - just ends the conversation on getting a smart phone.

thanks - you just saved me close to $100/mo for a 2yr minimum.

Re:Simple... (4, Insightful)

Dr Max (1696200) | more than 3 years ago | (#34923226)

It doesn’t only affect smartphones they will be able to search all your messages to make sure you weren’t planning something illegal check you don't talk to any known criminals. Also by taking your phone off you it stops you from contacting legal help, which could shut down their operation very quickly.

Re:Simple... (1)

Cheech Wizard (698728) | more than 3 years ago | (#34923828)

Yup - And the simplest thing to do is to never carry a 'dirty' phone. I keep very little on my smart phone other than some 'apps' I use now and again so they can look through it any time they want to. I always assume my phone will be lost or stolen when I leave the house. I've never had a phone stolen, nor have I ever lost one, but I know people who have lost their phones and a couple ended up very sorry that they kept all the info they did on it. I also have a 'clean' laptop for travel. Same principle. I can VPN to my home server when I'm away and do what I want that way.

Re:Simple... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34923254)

> as a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion is nullified at the state (maybe even fed) level.

As a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion can be nullified [[BY ME having the ultimate control over my own device, rather than Apple or whichever telecom]].

That's the *only* way to trust it. Laws cannot accomplish that. If nothing else, the law cannot protect you from the government that made the law.

FTFY.

Re:Simple... (1)

c0lo (1497653) | more than 3 years ago | (#34923446)

Enjoy it while it lasts.
You reckon it will take long for the single choice you have for a mobile to be a smart-phone?

Re:Simple... (0)

Anonymous Coward | more than 3 years ago | (#34923784)

The FCC has already mandated that ALL cellphones put in service now (even old ones per Verizon) must have e911 capability, so there's imposed tracking ability already. Plus, per prominent organized crime busts recently, it seems most phones can be turned on remotely to eavesdrop on whatever is being said around them (only under court order of course...).

So yank the battery except whenever you are planning on calling or being called - paranoid enough?

Re:Simple... (2)

TheGratefulNet (143330) | more than 3 years ago | (#34923884)

no cell phone is trackable if the BATTERY IS REMOVED.

simple things sometimes work wonders.

and yes, when I used to carry a phone, I would remove the battery when I didn't need the phone on. lots of reasons, really.

Re:Simple... (2)

harvey the nerd (582806) | more than 3 years ago | (#34923500)

We've moved out of the US to a third world country. Either you have influence or you don't. The US is a big mess now with too many dangerous criminals. The government variety doing their [illegal] supposed job are the most common hazard.

Re:Simple... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34923770)

Don't be such a downer. Instead, develop software that makes your phone look completely unlocked (and mostly vanilla and innocent data on it) if you don't swipe the screen unlock thing the correct way.

Not only could it hide/wipe personal data when the pigs are trying to rummage through your phone, it could also record them talking to each other about it - with a false data transfer icon showing low or no bandwidth use (lying) as it uploads their chatter to a server they could never hope to reach, even if they knew about it. Not only while they screw with your phone, but the whole time they have it near them. Trying to unlock it wrong would trigger the recording, but only the battery dying (or extended silence) would stop it. You would have to turn this decoy mode off once you got your phone back.

Imagine how useful this insider knowledge could be to you! This thing cuts both ways. Pigs might have physical might/intimidation, but they tend to not have a lot of brains. A smart enough person could easily trick some pigs into revealing a lot about themselves, while the pigs learn nothing (and suspect nothing) of the phone owner.

P.S. I don't hate police (one of my best friends is one). I do hate (and unfortunately, know some) pigs.

How? (5, Insightful)

sirsnork (530512) | more than 3 years ago | (#34922994)

I read this yesterday and it basically says "No apps can actually encrypt your entire phone, so buy a Blackberry". They point to some apps that will selectivly encrypt parts of your data but none seem to do all of it. I found myself wondering about the headline if for %99 of the phone sout there it's actually impossible.

Re:How? (2, Insightful)

Lehk228 (705449) | more than 3 years ago | (#34923096)

blackberry still has a huge install base, far huger still if you only consider phones with anything worth stealing on them. blackberries access things like corporate and government secrets, iphones access things like angry birds and youtube.

Re:How? (1)

Anonymous Coward | more than 3 years ago | (#34923250)

Americentric too. Not mention of Nokia or if it's possible to encrypt another phone... As far as I know the Nokia Eseries phones have complete phone and SD card encryption along with such goodies as remote wipe and erase on tamper.

Re:How? (3, Informative)

Anonymous Coward | more than 3 years ago | (#34923336)

And the N900 has TrueCrypt -- I know of at least`3 guys running whole-filesystem encryption.

Re:How? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34923350)

N900's can presumably do the same encryption as debian, and have truecrypt as an installable package.

As for Blackberries... don't they store most of your data on Blackberry's servers? That doesn't sound very secure.

Re:How? (3, Informative)

natehoy (1608657) | more than 3 years ago | (#34923508)

No. BES (Enterprise) users have their data stored on the corporate Blackberry Enterprise Server, which is company equipment, and data is generally backed up by that server. BIS users have their stuff stored on the phone and you have to back it up to Blackberry Desktop if you wish to do that.

Plus, merely getting their paws on your phone wouldn't be enough even if Blackberry did have it. They'd have to contact RIM, which is a Canadian company.

My Blackberry is set with an 8-character moderately complex password, but the key is to have a try limit. If you enter a bad password ten times, my Blackberry will nuke itself clean of all data. Only music and pictures are unencrypted, the rest is a very hard nut to crack. Probably not impossible, but very tough.

Re:How? (0)

Anonymous Coward | more than 3 years ago | (#34923906)

Probably not impossible, but very tough.

The only way I could figure to brute force a BlackBerry is to install a backup and brute force until it wipes, then repeat. You'd need a lot of phones.

I believe that the phones themselves, even of BIS users, are AES encrypted. The password assigned to backup files is a joke for security. Don't even bother.

Re:How? (1)

AHuxley (892839) | more than 3 years ago | (#34923450)

Yes Canada loves the US/NSA, Nokia/German interests love the BND who love the NSA.
You might be safe from the local feds, but message has to be routed somewhere.
Your message is safe but the number links you... then your phone is fair game.

Re:How? (3, Informative)

Gaygirlie (1657131) | more than 3 years ago | (#34923256)

I found myself wondering about the headline if for %99 of the phone sout there it's actually impossible.

I guess in most cases it is indeed impossible to encrypt everything; apps simply don't have low enough access to the filesystem and there is no way to use an encrypted filesystem. Parts of your data would always remain unencrypted and be recoverable.

Android is very malleable but I doubt even that would support such without some heavy modifications. My Nokia N900 on the other hand could sport encrypted filesystems and home directory, thus encrypting everything but it's such a unique little thing that that's of no help here.

Re:How? (1)

Anonymous Coward | more than 3 years ago | (#34923650)

If you have root on your android phone you should be able to encrypt everything. Under the android environment is just an embedded Linux install without a gui. Of course the only practical way to enter a password on boot is if you have a physical keyboard (unless you could get a minimal graphical touch screen environment prior to loading the rest of the OS off the encrypted volume).

Re:How? (4, Informative)

teridon (139550) | more than 3 years ago | (#34923356)

Blackberries can be securely encrypted, but it caused me a unforeseen problem.

I use my blackberry to filter incoming emails and alert me based on the message contents (or subject, sender, time of day, etc.) You can't do that with the default email program -- you have to get a third-party app.

Unfortunately, if you encrypt the phone, the third-party app can't read the incoming emails anymore. It seems to be a platform limitation. (If someone can prove me wrong, please do so!) I *want* to encrypt my blackberry, but it would then become basically useless to me.

I have a password on it, of course, but that's not nearly as good as using device encryption.

Re:How? (1)

MyFirstNameIsPaul (1552283) | more than 3 years ago | (#34923914)

What is the app? I'll install it on mine and let ya' know.

The answer to this privacy invasion is data wipe (1)

rsborg (111459) | more than 3 years ago | (#34923834)

My iPhone is set with a non-PIN password, which will wipe the phone after 10 bad entries.

The solution, if you have recent backups, is to nuke the phone (entering 10 bad attempts) immediately upon being pulled over in your car... it would be nice if you could say, enter a "self-destruct" password and just do it with one go, but 10 is easily doable (10 blank entries, for example).

It's sad we have to resort to these tactics, but it is wise if you have any even marginally questionable content or are worried about LEO corruption, to clean your phone as needed.

Re:The answer to this privacy invasion is data wip (1)

TheGratefulNet (143330) | more than 3 years ago | (#34923902)

then they get you on 'destroying evidence'.

citizen: ANYTHING you do can be construed as a violation of SOME US law. there are over 10k laws in the US! we are all breaking the law 5 times a day, at least, technically.

(this was done on purpose. when you are always able to be arrested, it keeps the population 'in check'. ie, afraid to speak up.)

Encrypted texting on Android (4, Interesting)

intellitech (1912116) | more than 3 years ago | (#34923032)

I use TextSecure [whispersys.com] by Whisper Systems for text messaging. It's currently in beta, but secure sessions are easy to set up, and the whole application, in general, is working out quite well for me. Better than the stock messaging application in CyanogenMod [cyanogenmod.com] , at least.

Re:Encrypted texting on Android (0)

Anonymous Coward | more than 3 years ago | (#34923306)

That's taking things a step further - encrypting texts in transit as well as at rest. This has the downside that everyone you text is forced to use the same software, and it's not necessary to do this to preserve your 4th amendment rights (the US authorities can never intercept US citizens' communications, or any communications within the US, without a warrant; but there are cases where they can search data at rest without one, either on arrest or at the border).

Like email encryption, I don't expect text encryption to catch on, but full-disk encryption of data at rest is clearly going to be important.

Re:Encrypted texting on Android (3, Insightful)

Hatta (162192) | more than 3 years ago | (#34923420)

This has the downside that everyone you text is forced to use the same software

This has the upside of ensuring that everyone you text is aware of the importance of privacy.

it's not necessary to do this to preserve your 4th amendment rights

Apparently it is.

the US authorities can never intercept US citizens' communications, or any communications within the US, without a warrant

That's cute.

Like email encryption, I don't expect text encryption to catch on, but full-disk encryption of data at rest is clearly going to be important.

They are complimentary approaches. Those who really need it will use both.

How about... (1, Funny)

Haedrian (1676506) | more than 3 years ago | (#34923044)

Not storing any incriminating data on your phone to begin with?

This is like telling a person to buy a portable safe to carry illegal drugs on him.

Re:How about... (2)

WillDraven (760005) | more than 3 years ago | (#34923090)

Sounds about right to me. Using technology to subvert immoral laws (and immoral law-enforcement).

Re:How about... (2)

commodore64_love (1445365) | more than 3 years ago | (#34923108)

That's what I do. My phone is just a phone and I don't have anything stored on it, mainly because of fear that I might lose the phone & sensitive information. And now: Because of fear of search by police or Homeland Gestapo or the Airport SA.

I was already stopped once because Homeland Insecurity wanted to search my car w/o a warrant. Made me stand in the hot Texas sun over an hour before finally letting me go. The last thing I need is for these Stazi to peruse my phone, and charge me with something stupid, like transporting nudie pics over state borders, or having illegal MP3s, or whatever.

Re:How about... (3, Interesting)

Romancer (19668) | more than 3 years ago | (#34923116)

How about you have data required to do your job on a device supplied by your employer that also happened to have you sign a NDA?

How would this play out with a cellphone or a laptop now that you have two distinct laws you have to abide by.

Should the govt be able to request your password for information stored on your (or a company) device that you have signed contracts to keep secret?

Re:How about... (1)

Haedrian (1676506) | more than 3 years ago | (#34923154)

If your employer gave you that sort of data, then s/he should be able to take steps to ensure that this data can be properly kept safe.

Encrypting that particular data is a no-brainer.

Where I worked with, there were people who were allowed company laptops. To turn on the laptop they needed to be docked in a particular item and swiped with the company card.

If your company hands you top secret data, then they need to make sure that its protected.

Re:How about... (0)

Anonymous Coward | more than 3 years ago | (#34923218)

I don't think top secret data is given to most companies and the last place you would see it is a portable device. You could have companies most secret data and the cops would still have a right to look at that if it was significant.

Re:How about... (1)

Romancer (19668) | more than 3 years ago | (#34923362)

I'm not talking about plans for room temp superconducting intel chipsets, but things that the company has said are proprietary and they would not like to have public or in the hands of their competitors. This could be something as simple as a demographic response report of a new product design. Something that's not earth shattering and needs every protection but that you could have the responsibility to protect. Then do you tell the employer that it's now a matter of police record? It's all about balance here, everything isn't so important as to need a dual key, voiceprint and retna unlocking self destruct verification system but it may be under a contract to keep trade or process secrets, secret. Get it?

I don't think top secret data is given to most companies and the last place you would see it is a portable device. You could have companies most secret data and the cops would still have a right to look at that if it was significant.

The problem is that even though they have the right under a certain law, maybe that law isn't just. Or necessary, or narrow enough to actually do more good than harm to our rights. This isn't even taking to issue that I don't want my personal data out there even if it wouldn't ruin my life, I may just not care to have it viewed by others, and keeping it under a basic encryption set and taking care not to lose it should be enouogh protection for not "top secret" but personal information. At least in the land of the free.

Re:How about... (0)

Anonymous Coward | more than 3 years ago | (#34923602)

The company I work for does civil engineering work. While it doesn't sound exciting, something as simple as "a new burger king is going to be built" is considered information that needs to be kept safe. Our clients would be outraged if a real-estate deal or business deal went sour. Alot of mundane companies have alot of mundane secrets, that happen to be critical to their business.

Re:How about... (1)

Romancer (19668) | more than 3 years ago | (#34923326)

And since we are not all perfect, don't work for the brightest company bosses, and even the US government is still trying to work out a good process of handling sensitive material that needs to be transported by the user masses...

What happens when a business or government employee (ours or theirs) travels through one of these nations or states that have enacted a search process that allows them to take and make copies of data stored therein? Even if they're not in the limited class of people traveling with diplomatic immunity they should be given some measure of protection to the data they carry with them without having to do the almost impossible task of completely encrypting all data and making impenetrable any possible methods of gaining access by unauthorized peoples.

Even if they had a perfect system, they need to get to the data while traveling so they would have to have a method of accessing the data.
If traveling through the airports (and now we're one step away if arrested), then they can request the password to encrypted files. So the basic question stands...

If you have signed an NDA and have the unfortunate set of circumstances put upon you, do you have any option that would not land up with you breaking at a minimum a contract, and at worst the law?

Re:How about... (1)

TheGratefulNet (143330) | more than 3 years ago | (#34923208)

its not just YOU - if you have any contact info or emails, they can now connect THOSE people with you and maybe your friends don't want to get a knock on the door if the cop are on some fishing exped.

its like when I get spam from some moran who has me in their address book and runs a windows trojan that spams everyone in their contacts list. I had nothing to do with it but now because I'm 'associated' with a clueless moran, I now am added to some spam list.

so, its not just you. your contacts are also now on a 'watch list'. the ever growing watch list...

Re:How about... (1)

Cwix (1671282) | more than 3 years ago | (#34923232)

Everyone is on a damn watchlist. Just most of the id10ts think its the greatest thing in the world cause of OMG the Terrorists are out to get us !!!11!1!

Re:How about... (5, Insightful)

Lazareth (1756336) | more than 3 years ago | (#34923286)

What you're basically saying is that we don't need no stinking privacy, if you've done nothing wrong you got nothing to hide.

As the laws are now, the citizen has to take steps to prevent unjustified invasion of privacy by the state, which is completely backwards.

Re:How about... (1)

perpetual pessimist (1245416) | more than 3 years ago | (#34923626)

What you're basically saying is that we don't need no stinking privacy, if you've done nothing wrong you got nothing to hide.

It's not that we don't need privacy. It's that if you encrypt your phone, the cops will beat the password out of you anyway. And if you complain of being beaten, they'll beat you more, and no one will stop them.

Of course, not every cop is corrupt like this. Plenty of cops would never dream of beating a person in custody. They have other prisoners do the beating, instead.

The lesson is not "if you've done nothing wrong, you have nothing to hide", it's "don't put the stuff you need to hide on your damn phone".

Re:How about... (2)

klui (457783) | more than 3 years ago | (#34923328)

As per the article, difficult to do when there are tens of thousands of laws that are on the books. What if your phone's accelerometers show you were traveling greater than the speed limit? The data is captured and you didn't even know.

Re:How about... (1)

betterunixthanunix (980855) | more than 3 years ago | (#34923506)

Not storing any incriminating data on your phone to begin with?

Are you sure that you have never broken any laws? Are you sure that your phone does not store any incriminating data?

Re:How about... (1)

msauve (701917) | more than 3 years ago | (#34923542)

"Are you sure that you have never broken any laws?"

Everyone is guilty of something. It's only a matter of how much they want to get you, that they go to the trouble of figuring out what it is.

Vote Libertarian.

Re:How about... (1)

Darinbob (1142669) | more than 3 years ago | (#34923534)

Sure the police can search the phone, but they're going to do that whether it's encrypted or not. I'm not going to be happy if police can read my email, but it won't actually hurt me in any way. The real pain is when they go and confiscate the computer or phone and you don't have access to it. Encryption won't help you there.

Re:How about... (1)

rolfwind (528248) | more than 3 years ago | (#34923866)

Not storing any incriminating data on your phone to begin with?

This is like telling a person to buy a portable safe to carry illegal drugs on him.

Who modded this snarky, dumbass comment up?!

I take it you have never seen the video, "DON'T TALK TO THE POLICE!" by Professor James Duane and Officer George Bruch:
http://video.google.com/videoplay?docid=8167533318153586646# [google.com]

If it's too long for you, the gist is that we have SO MANY DAMNED LAWS that even the authorities can't count them. We're no longer in the land of common sense things, simply of arbitrary rules. Plus, thanks to treaties, even owning a lobster may sometimes be illegal.

So it's up to the Police/Prosecutor discretion, or if you are a smart person, you leave the discretion in your hands. So the best advice IS NOT TO GIVE the authorities any ammo against you. This is a police state, the table is tilted, guilty until proven innocent so many times it's not funny, so don't throw any balls on the table to begin with. Encryption is perfect for this.

As an example, you get a text from a buddy: "You coming to smoke up 2night?" Now, he may be joking, but do you want to explain that to a cop? Heck no, it's your business, not his, to begin with.

Re:How about... (1)

bored_engineer (951004) | more than 3 years ago | (#34923888)

And your friend who mentioned in an e-mail that he's staying home to smoke pot tonight? While you, as I choose, may not smoke pot, I would happily make the effort to protect him.

How much? (0)

Anonymous Coward | more than 3 years ago | (#34923052)

How much is this off-the-shelf equipment?

Re:How much? (1)

Wingit (98136) | more than 3 years ago | (#34923118)

In the wrong hands, very little except time. It is called social engineering. I am not concerned with law enforcement looking at my phone. Still, in the wrong hands, it is much like losing my wallet. There is no smartphone equivalent to canceling my credit or debit card.

Re:How much? (1)

natehoy (1608657) | more than 3 years ago | (#34923538)

Well, if you were really concerned about it, I suppose you could get a Blackberry and encrypt it (which means your data is pretty decently protected), then if you were REALLY concerned spend the extra to implement a BES and run your Blackberry as if it were a corporate one (which supports nice little features like "remote wipe", "remote brick", etc). It's costly for an individual, but...

CA Supremes are full of shit (5, Insightful)

commodore64_love (1445365) | more than 3 years ago | (#34923058)

What part of this Supreme Law do they not understand? "The right of the people to be secure in their persons, houses, papers[data], and effects[cellphones], against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things [phones] to be seized." It was adopted as a response to the abuse of the British Writ of Assistance, which is a type of general search warrant, during the 1760s and 70s and their use forbidden in 1776 when the Colonies declared themselves independent States.

Cellphones should not be searchable until a police officer stands before a judge and obtains a warrant, and swears an oath that he, the officer, is telling the truth (and punishable with Perjury if not).

Re:CA Supremes are full of shit (2)

Chaos Incarnate (772793) | more than 3 years ago | (#34923092)

The part they don't understand is that, even though you've been arrested with the phone on you, it's still an "unreasonable... seizure" of your effects. Their view is that it's not unreasonable once you're already under arrest.

Traditionally, how have the contents of wallets, etc. been considered? Because a phone is in much the same situation...

Re:CA Supremes are full of shit (2)

commodore64_love (1445365) | more than 3 years ago | (#34923156)

But that's too easy. Remember they arrested Professor Gates even though he had done nothing wrong (telling cops he's sick of being mistreated because of his skin color, is Protected speech). So since Gates was arrested, does that mean the cops get to search the Professors' phone, find nudie pics, illegal MP3s, or whatever, and charge him? In California "yes" but it shouldn't be that way.

A cop should not be able to arrest a person whenever they feel like it ("resisting") and then do a hunt through a person's papers, cellphone, and effects to hang them with something. And if they do, since it's done without warrant, any contraband should be thrown-out as illegally-obtained, warrantless evidence.

Re:CA Supremes are full of shit (2)

QuantumG (50515) | more than 3 years ago | (#34923276)

any contraband should be thrown-out as illegally-obtained

If it is illegally obtained then it will be.

Your scenario: false arrest -> search -> find something for legitimate arrest.

This is a classic "fruit of the poison tree" and will be thrown out in any court.

The point is: if you're arrested for a crime and they find evidence of that crime on your person, should it be admissible? And the answer is an obvious, resounding, yes. It doesn't matter if that evidence is blood on your watch band or threatening text messages on your cellphone.

Re:CA Supremes are full of shit (1)

Darinbob (1142669) | more than 3 years ago | (#34923620)

This also applies if you're arrested for one crime (drunk driving) but evidence is found of another crime after searching (dead body in the back seat). Of course if there's no blood dripping from the trunk, no foul smell, and no reasonable suspicion that anything is wrong they can't look in the trunk without a warrant.

Re:CA Supremes are full of shit (1)

dbcad7 (771464) | more than 3 years ago | (#34923838)

I don't think it's so much getting arrested for a crime and then searching for related evidence, that people find unreasonable search.. If it's relevant to what you arrested for, then it makes sense.. But,,, If for example. you ran a red light, and you had an unpaid parking ticket that became a warrant and were arrested.. would searching your phone be acceptable ?

Re:CA Supremes are full of shit (1)

whoever57 (658626) | more than 3 years ago | (#34923956)

Your scenario: false arrest -> search -> find something for legitimate arrest.

This is a classic "fruit of the poison tree" and will be thrown out in any court.

Your scenario of false arrest is unrealistic. They can always find some "legitimate" reason to arrest you. There was a study that suggested that every American commits an average of 3 felonies per day. Have you paid all your parking tickets? Then there is the old standby "resisting arrest".

Re:CA Supremes are full of shit (1)

Anonymous Coward | more than 3 years ago | (#34923414)

A smartphone isn't really in the same situation because of the sheer volume of data it can contain. Most people's wallets don't have any personal information apart from credit card numbers, a few business cards, and maybe a photo of a loved one. A phone, on the other hand, is quite likely to contain the equivalent of an entire filing cabinet, three bookshelves, and a stack of photo albums as high as your head. And that's assuming it's not currently connected to the cloud (and how would an average police officer know?)

Frankly you could equally well argue that it's like them claiming they can search your house without a warrant because you had the key in your pocket. The violation of privacy is simply disproportionately large, and the justification for it is very unclear.

And I'm not saying this as a typical Slashdot tinfoil "durr hurr the evil government is oppressing me with public CCTV and fluoride in the water" libertarian. I'm more worried about criminals than law enforcement. But there are still limits, and this is several steps too far.

Re:CA Supremes are full of shit (1)

myoparo (933550) | more than 3 years ago | (#34923728)

Actually, to put things in perspective for the non-technology people (the people making these decisions), we should express the amount of data contained in modern smartphones with an already well-known unit: the Library of Congress.

Would they really think searching smartphones is the same as searching wallets if they knew they can contain more data than all the printed texts of the Library of Congress, thousands of times over?

Re:CA Supremes are full of shit (1)

Darinbob (1142669) | more than 3 years ago | (#34923600)

True, none of this applies to them just searching your phone on the street or when stopped in traffic. The rules are about what happens after being arrested.

When you're arrested and tossed in the slammer, your personal effects that you had on your at the time are collected and put in a box. The police and investigators can look in the box to see what's there. That means opening up the wallet to see that piece of paper with a phone number on it. This however does not mean that they can search your home without a warrant though. Typically if you're in the slammer they're going to get the warrant anyway though. The point is that the police should still be required to go through the channels and get the warrant first, even if some people think it's too inconvenient.

The part that was debatable awhile back was whether contents of smart phones fell under this rule too. Ie, is the cell phone just a stupid phone with a list of numbers which is reasonable to search, or is it a portable computer in your pocket which is not reasonable to search without a warrant.

Re:CA Supremes are full of shit (1)

phantomcircuit (938963) | more than 3 years ago | (#34923764)

Traditionally, how have the contents of wallets, etc. been considered? Because a phone is in much the same situation...

That's a pretty obviously false statement. The contents of a wallet can be searched because they could be dangerous to the officer. How much data has ever physically harmed a police officer making an arrest?

Re:CA Supremes are full of shit (0)

Anonymous Coward | more than 3 years ago | (#34923300)

What part of this Supreme Law do they not understand? "The right of the people to be secure in their persons, houses, papers[data], and effects[cellphones], against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things [phones] to be seized." It was adopted as a response to the abuse of the British Writ of Assistance, which is a type of general search warrant, during the 1760s and 70s and their use forbidden in 1776 when the Colonies declared themselves independent States.

Cellphones should not be searchable until a police officer stands before a judge and obtains a warrant, and swears an oath that he, the officer, is telling the truth (and punishable with Perjury if not).

Dicktaters don't care about no stinkin' laws.
Anonymous coward until I think of a password, etc.

Re:CA Supremes are full of shit (2)

suomynonAyletamitlU (1618513) | more than 3 years ago | (#34923334)

Cellphones should not be searchable until a police officer obtains a warrant

Caution: IANAL zone

How about we generalize it to future-proof the idea. Your home and your car are both physically distinct spaces, and (in my understanding) officers are only allowed to search them without warrant because they're already there--if I understand correctly, being arrested while in your car doesn't give them right to search your house without a warrant, being arrested in your home doesn't give them right to search a car you own which isn't on the premises.

Your cell, your computers at home, any webservers you may own, etc, are all digitally distinct spaces; determining that a phone was (probably) used as part of a crime shouldn't allow access to any other device you own until a warrant is issued. Further, determining that your car or house was used to commit a crime doesn't allow access to digital spaces that happen to be in that car until a warrant is issued. That doesn't necessarily mean that the phone can't be impounded with the car, but it should mean that it can't be searched.

The only thing about all this BS that makes me feel better is that the people making these decisions today really are out of touch; in 20-30 years, the people making the laws will be people from a generation familiar with modern technology (even if they aren't necessarily geeks) and you presumably won't have to use baby words with them nearly as much. That it is necessarily going to be a generation or two behind is really upsetting, but unless someone makes some really, really stupid mistakes and forcibly keeps them there, a lot of this will change eventually.

You Have a computer in your pocket (1)

Wingit (98136) | more than 3 years ago | (#34923060)

The computer in your pocket deserves the same respect as any other. A simple password to access it will block the the same person that you invite into your house and use your bathroom with permission while you expect them to to not look in your medicine cabinet. Even worse, you can loose that phone. If you do not safeguard the location of your phone, consider having a second phone on occasion and use call forwarding, Do not save anything you do not wish to share on your person. Security in layers must be applied to smartphone usage behavior and if you don't know a little about that, consider asking a technical person that does. If a person has access to your smartphone and you have unprotected access to your email, it will take seconds for them to browse your email accounts that are not even associated with your phone. I am not paranoid, but you must consider that loss of your phone may grant access to any email or accounts that that you access regularly with your phone.

This is not news, but the limits related to abusing this ability have not been fully tested in the courts and I don't want to be the test case.

Slightly Inaccurate Summary (3, Informative)

Wrath0fb0b (302444) | more than 3 years ago | (#34923088)

TFS:

Worse, thanks to a recent California Supreme Court ruling, police officers may be able to search your smartphone for hours without a warrant if you're arrested for any reason.

First, not all Americans live in California. Other States can (and have) interpreted their 4A equivalents to provide more or less protection than the Federal one.

More to the point, it's probably not true that they can search your cellphone if you are arrested for any reason. Rather, the US Supreme Court explained recently in Gant[1], the idea is that the police can search for things "reasonably believed to contain evidence of the offense of arrest". So searching the cell phone of the CA drug dealer might come out differently than searching the cell phone of (say) a parole violator or a drunk driver.

To be fair, Gant was an automobile search and the court might distinguish a cellphone from a car in some important sense. Nevertheless, the blanket statement in the summary is not likely to hold up if the police do not have some nexus between the arresting crime and the cellphone.

And of course, Gant might be wrong as a matter of policy, although Orin Kerr has a very good writeup[2] of the extensive history of search incident to arrest in Anglo-Saxon law that's worth reading for some historical context.

[1] http://www.law.cornell.edu/supct/html/07-542.ZO.html [cornell.edu]
[2] http://volokh.com/2010/12/14/the-origins-of-the-search-incident-to-arrest-exception/ [volokh.com]

Re:Slightly Inaccurate Summary (1)

pin0chet (963774) | more than 3 years ago | (#34923714)

Fair point; my short summary doesn't specify that warrantless searches of cell phones seized incident to arrest are presumptively lawful (barring exigent circumstances) only if the cell phone is "immediately associated with the arrestee" (i.e. in the arrestee's pocket). The article explains this crucial distinction in detail, noting that if you're arrested, your phone enjoys substantially greater protection from warrantless search if it's in your luggage, glove compartment, or trunk, rather than on your person.

The article further notes that California's Supreme Court is one of several courts that have ruled that cell phones seized incident to arrest may be searched without a warrant. However, Ohio's Supreme Court reached a different conclusion in a 2009 case, so the matter ultimately be resolved by the U.S. Supreme Court.

If they ask for a password (3, Interesting)

tiberiumx (1221152) | more than 3 years ago | (#34923240)

It would probably be trivial to write a lockscreen program with a pair of passwords: One that you use personally to unlock it and another that silently wipes text messages / e-mail / saved data for selected applications (e.g. saved login for facebook, IM) for cases where you are compelled to provide a password.

But I would expect that as warrantless cell phone searches gain popularity software will be available to just about anybody to bypass any security at the application level.

Re:If they ask for a password (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34923584)

You really wouldn't want to do that on Android, unless you desire to wipe all data affiliated with that Google account. It syncs both ways.

A simpler script would unsync the account and clear the cache(s). Best thing is you don't really lose anything (except SMS/call history).

Re:If they ask for a password (0)

Anonymous Coward | more than 3 years ago | (#34923708)

And then, even though there's no incriminating evidence in the first place, and they didn't really have a good reason for arresting you, they have a rock-solid case for evidence tampering, obstruction of justice, or whatever they call it in your jurisdiction. A good lawyer can probably still get you off by showing the arrest was improper (no/insufficient cause), and thus all evidence resulting (including evidence of your subsequent phone-nuking) is off-limits, but 9 out of 10 public defenders will lose that case.

It's a really bad idea unless you actually do anticipate having genuine incriminating evidence on your phone.

Re:If they ask for a password (0)

Anonymous Coward | more than 3 years ago | (#34923910)

It wouldn't necessarily be that damning. For one thing, cloud-based phone services (e.g. Google) only sync over a short period, erasing old (expired) data. Erasing the entire cache wouldn't seem very unusual, especially if it's only set to sync 1-3 days. Secondly, unlike on a PC, wiping the phone data is damn-near instantaneous, so there is very little feedback which would suggest it happened at all.

The cops (1)

countertrolling (1585477) | more than 3 years ago | (#34923302)

Aren't they supposed to be the good guys?

Re:The cops (1)

Vyse of Arcadia (1220278) | more than 3 years ago | (#34923394)

Cops will be the good guys when they are replaced by robots. Until then, they are just as lazy, corruptible, malicious, greedy, biased, and negligent as the rest of humanity.

Giving cops as much power as they currently have is moronic.

Ran any red lights lately? (1)

Powercntrl (458442) | more than 3 years ago | (#34923582)

Cops will be the good guys when they are replaced by robots. Until then, they are just as lazy, corruptible, malicious, greedy, biased, and negligent as the rest of humanity.

Humans can at least exercise reasonable judgment over the enforcement of laws. How often have you been pulled over by a cop, only to be given a warning or a reduced ticket? About a year ago, I entered an intersection 0.6 seconds too late and ended up with an automated ticket that can't be disputed in court, nor could I face my accuser (since it is a machine). A human being would either not notice the roughly half-second difference, or would agree that it was safer to proceed through rather than slam on the brakes.

I'm sure a hypothetical future scenario of a hover drone detecting marijuana smoke, scanning your RFID national ID card and telling you to remain where you are for your apprehension by the authorities is not that far off. About the only good that could possibly come from that, though, is making people realize how bad absolute enforcement of every law on the books actually can be.

Re:The cops (1)

countertrolling (1585477) | more than 3 years ago | (#34923974)

Cops will be the good guys when they are replaced by robots.

Oh, I agree [youtube.com] !

Disturbing trend (1)

Anonymous Coward | more than 3 years ago | (#34923400)

It's unsettling how fast police rights are expanding. The courts seem to take little regard of what the intent is of the Constitution. You should have a reasonable expectation of privacy for your cell phone and laptop but the courts seem to feel your private data is fair game. How is a cop searching for nude photos of your wife protecting the public? If a cop was caught searching for personal photos they should be fired and loose all benefits but I'd bet money they wouldn't face any form of punishment. If we loose privacy rights what rights do we loose next?

What about data "in the cloud"? Or acessed via VPN (1)

whoever57 (658626) | more than 3 years ago | (#34923422)

Let's say, that my smartphone provides acess to my emails that are not stored locally, but on a server somewhere, or files that II acess using a key that is stored on my smartphone. Would the CA Supremes think that an arrest would allow the police to then rifle through my (remotely stored) files and emails?

What if the files and email are stored on my home PC and acessed over a VPN?

What if I can access a camera in my house?

Re:What about data "in the cloud"? Or acessed via (0)

Anonymous Coward | more than 3 years ago | (#34923568)

What if you have a limited data plan and their use causes that limit to be exceeded?

Why be worried about this? (1)

pookemon (909195) | more than 3 years ago | (#34923464)

or police officers equipped with off-the-shelf forensics equipment

So? If you're not doing anything wrong, then why worry about this?

Re:Why be worried about this? (3, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#34923494)

Well, for starters, we have the right to privacy; apparently, though, that right is not respected anymore, so we really need to be taking matters into our own hands and reminding the government that we do not want them spying on us.

Second, and probably the more practical reason, how do you know whether or not you are doing something illegal? There are a lot of laws on the books, and people can be arrested for all sorts of things that do not seem illegal but which actually are. I very strongly doubt that you can accurately claim to follow every law; you may even have committed felony offenses without realizing it. All it would take is a police department under pressure to engage in a crack down, or a cop who just does not like you, and you could find yourself arrested and in court (but they would never do that, right?).

Re:Why be worried about this? (1)

nhat11 (1608159) | more than 3 years ago | (#34923572)

Eh sorry you're not that important that they will have the time to spy on you. Why would they spend hundreds of man and money hours spying on you? You can try to remind the gov not to spy on us but please try to do it in a more effective way.

Re:Why be worried about this? (1)

myoparo (933550) | more than 3 years ago | (#34923810)

Who was talking about spying? What if you get pulled over by a cop who's just having a really bad day and just so happens to not like you or your attitude? If he pulled you over for something, even for speeding, I'm sure he can come up with a legitimate reason to arrest you if he really wants. Now that they'll be able to search your phone and view your text messages just because you were carrying, they can just read everything and probably find something minor to get you with.

Hopefully you keep all your texts with your friends are "business-like" and politically correct, because that's how people talk to their friends all the time, right?

Re:Why be worried about this? (0)

Anonymous Coward | more than 3 years ago | (#34923596)

I dont want the pictures of myself in 6 inch boots tied up and being fucked in the ass by a prositute to be seen?

Idiot, there's always things you want to hide, even if they are perfectly legal. No one has the right to search a fucking thing until they get a warrant.

Re:Why be worried about this? (1)

John Meacham (1112) | more than 3 years ago | (#34923766)

For instance, have you ever played online poker, even somewhere that it was legal?

If you happen to be driving through Oregon then "Possession of gambling records" showing 5 bets totalling over $500 is a Class C felony. Better be sure to purge those confirmation emails!

Do you live in a state with lax laws about ordering prescription drugs overseas? better not happen to have the money transfer go through while you are in another state.

Have you ever used a random open wifi network? You phone probably remembered the MAC and that can be considered criminal.

Ever help a friend move for cash? is it mentioned in a text? did you report it to the IRS?
 

Re:Why be worried about this? (0)

Anonymous Coward | more than 3 years ago | (#34923874)

Our laws require good reason and proper proceedure following in order to butt into our lives.

Or the prying eyes of.... (1)

nhat11 (1608159) | more than 3 years ago | (#34923546)

A random person that wants to steal your information. Is the submitter of this article that paranoid of law enforcement?

If you've done nothing wrong (1)

martinX (672498) | more than 3 years ago | (#34923560)

If you've done nothing wrong, you have nothing to fe-... hang on, I just have to answer the knock at the door...................

just dont buy a smartphone (1)

FudRucker (866063) | more than 3 years ago | (#34923562)

just get a cheap dumb phone, no camera, no apps, no browser, nothing, just makes phone calls

Re:just dont buy a smartphone (1)

myoparo (933550) | more than 3 years ago | (#34923780)

just get a cheap dumb phone, no camera, no apps, no browser, nothing, just makes phone calls

Dumb phones still have text messages that can be read and probably even less security than smartphones. Do you really want someone reading all your texts, even if you don't think you've done anything wrong? Also, no passcode lock on most dumb phones-- the only thing they are likely to have is a keyboard lock to prevent butt-dialing.

If an officer of the law really really doesn't like you, I'm sure they can find something to charge you with. That's not good, even if it's something very minor.

Since they will probably shoot you anyway . . . (1)

NicknamesAreStupid (1040118) | more than 3 years ago | (#34923744)

. . . just use the smartphone as a shield and let them kill two birds with one bullet.

The grim present to become the dark future (1)

MrLint (519792) | more than 3 years ago | (#34923782)

The really frightening (and continuing) trend is for LEOs to seemingly look for ways to skip doing the work before hand, and swoop in and defend questionable search and seizures on people they claim to know are 'guilty'.

While somewhat off topic, it seems to go back to the Bush era warrantless wiretapping and the FISA court. The DoJ would wiretap anyone they wanted without a warrant beforehand, under the cover of clear and present danger (or some such) and then apply later for the warrant. Now think about this a moment, a situation was deemed *so* immanently dangerous they didn't have time to do the paperwork... and then even *afterwards* the DoJ claimed they didn't have the manpower to file it afterwards. Thats right.. the govt didn't have enough people to push paper.

But back to the point.. if you think someone in custody has evidence on the phone.. seize the phone and file the paperwork. Ya know what happens if it turns out you didn't need it? You're covered anyway.

Linux Ubuntu (0)

Anonymous Coward | more than 3 years ago | (#34923808)

Hi everyone, I hope I'm in the right place. This guy in class told me I have to use Linux Ubuntu, that it's better than Windows and that it is just like a Mac. I tried to install Ubuntu but the program won't start. I double click on it and nothing happens. I've installed other operating systems in the past, like Word and Excel, so I have some computer experience, but I don't know what to do. thanks, Jenny

Re:Linux Ubuntu (0)

Anonymous Coward | more than 3 years ago | (#34923918)

Don't worry Jenny, I've helped many a new user or "newsie" as we technologically indelible Floridans like to refer to it as.

First step is to remove the brassiere. Not your shirt, just the brasserie. The dangerous metal supports conflict with the linux shield generator's frequencies. Thats a classic "newsie" mistake.

Next get a nice drink of melonaide flavored beverage and spike it with your choice of vodka. Linux is Scandinavian in origin and is designed to only obey its own. to be double sure, gram some fussy moose head slippers and put those on too.

Next, put the Install cd under running tap water to remove the pesticides and dry with a lint free cloth. I'd recommend getting only organic optical media, but there aren't many computer farmers markets in many areas of the contry so I understand if you have to make do with the ones you can get at your local store. Keep a hold on that lint free cloth, you'll need it later to wipe your hard drive.

Now we are really ready to begin. Insert the cd and start the computer at a temperature of 345. The secret to Linux is that it was designed by right handed people who understand the true evil of the leftish liberals. Never click the left button, if given a choice between the two.

Ubuntu is a fairly easy varietal of Linux which should accent hearty pastas and shell fish. The installer should direct you through the maize of contradictions to the centaur. Defeat him with the brass sword and Linux will be installed as viceroy of your computer.

I hope that helps, if an extended state of confusion persists for 4 or more hours it may be a sign of a serious medical issue, please consult your witch doctor or shaman

Re:Linux Ubuntu (0)

Anonymous Coward | more than 3 years ago | (#34924008)

Ummm..., yeah. Are there any normal people here who can help me, please?

Does not matter (0)

Anonymous Coward | more than 3 years ago | (#34923844)

TSA will conficate your electronic devices next summer.

If you refuse, you will be charged with committing an act of terror, and take a ride to a 3x3x3 ft cell at Gitmo.

-308

Data on the phone vs. data presented on the phone (4, Interesting)

swb (14022) | more than 3 years ago | (#34923872)

Let's assume for argument's sake that I'm stopped by the police and I'm arrested. My phone is unlocked and they start to search it.

Are they entitled to data only ON the phone, or are they allowed to use an application on the phone which allows access to data stored elsewhere on the phone?

In theory, an email client setup for IMAP doesn't store data on the phone -- messages are retrieved from the server. This glosses over caching, butassume the device could be setup to NOT cache messages locally (or background erase them after N seconds/minutes), the data isn't "on the phone" it's only being *presented* on the phone.

My vague understanding of searches when arrested is that proximate searches are OK, but with an always-connected network device, what's proximate, especially if (like almost all IMAP clients, even ones with very limited caching) there's no perceptible difference between data that's local and data that's on some server somewhere else?

Is the limit some dump of flash (and RAM, if they could do that)?

And why stop at smartphone application data? What if I have an RDP or a SSH/telnet app on my phone that gives them access to dozens of machines (which, in turn, may ALSO offer dozens of machines)? Are those remote systems, because they can be accessed as if local, also eligible for a search?

I guess what's scary is that it's not hard to see a slippery slope where anything the phone allows them into they have access to.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...