Featured Papers: iOS Anti-Forensics, Google Drive Forensics, and Cell Phone Searches

Here's a roundup of new papers on SSRN:

IOS Anti-Forensics: How Can We Securely Conceal, Delete and Insert Data?

Abstract:

With increasing popularity of smart mobile devices such as iOS devices, security and privacy concerns have emerged as a salient area of inquiry. A relatively under-studied area is anti-mobile forensics to prevent or inhibit forensic investigations. In this paper, we propose a "Concealment" technique to enhance the security of non-protected (Class D) data that is at rest on iOS devices, as well as a "Deletion" technique to reinforce data deletion from iOS devices. We also demonstrate how our "Insertion" technique can be used to insert data into iOS devices surreptitiously that would be hard to pick up in a forensic investigation.

Google Drive: Forensic Analysis of Cloud Storage Data Remnants

Abstract:

Cloud storage is an emerging challenge to digital forensic examiners. The services are increasingly used by consumers, business, and government, and can potentially store large amounts of data. The retrieval of digital evidence from cloud storage services (particularly from offshore providers) can be a challenge in a digital forensic investigation, due to virtualisation, lack of knowledge on location of digital evidence, privacy issues, and legal or jurisdictional boundaries. Google Drive is a popular service, providing users a cost-effective, and in some cases free, ability to access, store, collaborate, and disseminate data. Using Google Drive as a case study, artefacts were identified that are likely to remain after the use of cloud storage, in the context of the experiments; on a computer hard drive and Apple iPhone3G, and the potential access point(s) for digital forensics examiners to secure evidence.

Cell Phone Searches in a Digital World: Blurred Lines, New Realities and Fourth Amendment Pluralism

Abstract:

State and federal courts are split over whether cell phone searches incident to a lawful arrest are permissible under the Fourth Amendment. The Supreme Court has the opportunity to create uniformity by accepting a certiorari petition in a cell phone search incident to arrest case, either United States v. Wurie or Riley v. California. The Court should do so to create an analysis that incorporates sensory enhancing technology, not avoids it, as it has done to date. 

The split in case law evidences a central contradiction. Fourth Amendment rules need to be predictable and based on clear guidelines for effective and safe crime interdiction. Technological advances cloud the application of the rules by introducing new facts into the calculus, facts that separate form from function and transform the analysis. In the past, as evidenced by search cases Katz and Jones, and exception cases for searches incident to lawful arrest, Chimel and Robinson, the Supreme Court analysis tended to be based on abstract and grand theory, which has led to a form of Gresham’s Law of constitutional application, where general principles often end up marginalizing specific provisions. Because of advancing technology, however, Fourth Amendment protection has been eroding, as predicted in Kyllo. Searches of cell phones incident to lawful arrests can provide a huge source of discretionary information for police, and searches of "smart" phones without cause can seem like a fishing expedition. Comparisons and analogues have not worked. Neutral narratives have been fractured and unsatisfying. 

This paper suggests using local structures accommodating post-digital technology instead of pre-digital comparisons like containers and walls and doors. Facts, and new realities, matter. In essence, analyses should incorporate the capabilities of the technology in question. The new doors and walls of the advancing technology era create new privacy encroachments, including nondiscoverable information without permission, but are still guided by the same textual and Framers’ intent considerations, such as invasiveness, duration and intent of the government conduct, as well as the nature and impact of the invasion. In light of this calculus, cell phone searches incident to a lawful arrest generally should require some sort of independent and legitimate reason to search the device, a search of which does not fit neatly into existing rationales of container, officer safety, or destruction of evidence. 

Read More

Featured Paper: Upcoming law review article addresses cell tower dumps and the Fourth Amendment

A recently accepted article in the University of Pennsylvania Journal of Constitutional Law addresses the use of cell tower dumps by law enforcement. A tower dump allows police to request the phone numbers of all phones that connected to a specific tower within a given period of time (see a prior post about the type of process needed for tower dumps here).

The article by Texas Tech Visiting Assistant Professor Brian Owsley, "The Fourth Amendment Implications of the Government's Use of Cell Tower Dumps in its Electronic Surveillance", is an excellent look at this little-known but widely used technology and the legal issues arising therefrom. Here's the abstract:

Privacy concerns resonate with the American people. Although the right to privacy is not explicitly protected in the United States Constitution, the Supreme Court has found the right to privacy rooted within the Constitution based on various amendments. In the modern era, with rapid advances in technology, threats to privacy abound including new surveillance methods by law enforcement. There is a growing tension between an individual’s right to privacy and our collective right to public safety. This latter right is often protected by law enforcement’s use of electronic surveillance as an investigative tool, but may be done at times inconsistent with constitutional rights.

Recently, the American Civil Liberties Union brought to light the popular use of government surveillance of cell phones, including the gathering of all cell phone numbers utilizing a specific cell site location. Known as a “cell tower dump,” such procedures essentially obtain all of the telephone number records from a particular cell site tower for a given time period: “A tower dump allows police to request the phone numbers of all phones that connected to a specific tower within a given period of time.” State and federal courts have barely addressed cell tower dumps. However, the actions by most of the largest cell phone providers, as well as personal experience and conversations with other magistrate judges, strongly suggest “that it has become a relatively routine investigative technique” for law enforcement officials.

No federal statute directly addresses whether and how law enforcement officers may seek a cell tower dump from cellular telephone providers. Assistant United States Attorneys, with the encouragement of the United States Department of Justice, apply for court orders authorizing cell tower dumps pursuant to a provision in the Electronic Communications Privacy Act of 1986. The pertinent provision poses a procedural hurdle less stringent than a warrant based on probable cause, which in turn raises significant constitutional concerns.

This article provides a brief description of cellular telephone and cell-site technology in Part I. Next, Part II addresses the evolution of Fourth Amendment jurisprudence and argues that the reasonable expectation of privacy standard applies to electronic surveillance such as cell tower dumps. In Part III, the discussion follows the development of statutes addressing electronic surveillance and argues that cell tower dumps request more information than simply just telephone numbers. Part IV analyzes records from both cellular service providers and the federal government to conclude that cell tower dumps routinely occur. Part V assesses the few decisions that even discuss cell tower dumps and argues that the analysis is either non-existent or flawed regarding the use of the Stored Communications Act to permit cell tower dumps. Next, Part VI asserts that cell tower dumps cannot be analyzed pursuant to the Stored Communications Act because the language of the statute is inapplicable and the amount of information sought requires a warrant based on probable cause and concludes by proposing some protocols to safeguard individual privacy rights.

Read More

1st Circuit holds that cell phone searches incident to arrest violate the 4th Amendment

In United States v. Wurie, No. 11-1792 (1st Cir. 2013), the First Circuit held that the search of a cell phone incident to arrest categorically violates the Fourth Amendment. As a result, the court reversed the defendant's motion to suppress, vacated the conviction, and remanded the case.

While performing routine surveillance, a Boston police officer observed a man conducting what appeared to be a drug sale. The man was then stopped, and crack cocaine was found in his pocket. He was arrested, and upon arriving at the police station, two cell phones were confiscated from his person.

The phone soon thereafter received several calls, each displaying "my house" on the screen as the incoming caller. Police opened the call log and obtained the phone number for "my house." The number was entered into an online white pages directory, and officers then went to that location to "freeze" it while a search warrant was obtained. A large amount of drugs were seized from the home.

Before trial, the defendant moved to suppress the evidence obtained from his person and home, and the district court held that "[t]he search of Wurie's cell phone incident to his arrest was limited and reasonable." On appeal, the defendant reasserted his motion.

Having not yet dealt with the issue, the First Circuit extensively evaluated the potential effect of making cell phones searchable under the search incident to arrest exception. Here are a couple excerpts:

• [Data stored on a phone] is the kind of information one would previously have stored in one's home and that would have been off-limits to officers performing a search incident to arrest.
• Just as customs officers in the early colonies could use writs of assistance to rummage through homes and warehouses, without any showing of probable cause linked to a particular place or item sought, the government's proposed rule would give law enforcement automatic access to "a virtual warehouse" of an individual's "most intimate communications and photographs without probable cause" if the individual is subject to a custodial arrest, even for something as minor as a traffic violation.

As to whether the search was necessary to prevent destruction of evidence on the phone by remote wiping, the court discussed three methods for preserving the data and concluded:

Indeed, if there is a genuine threat of remote wiping or overwriting, we find it difficult to understand why the police do not routinely use these evidence preservation methods, rather than risking the loss of the evidence during the time it takes them to search through the phone. Perhaps the answer is in the government's acknowledgment that the possibility of remote wiping here was "remote" indeed.

Ultimately, the First found it necessary to create a uniform rule governing the search of cell phones incident to arrest, holding that "[a]llowing the police to search that data without a warrant any time they conduct a lawful arrest would, in our view, create 'a serious and recurring threat to the privacy of countless individuals.'"

The court did leave open the possibility for using the exigent circumstances exception in order to search a cell phone without a warrant, for example when there is a "compelling need to act quickly" such as to "locate a kidnapped child or to investigate a bombing plot or incident."

In a dissent, Judge Howard suggested a variety of reasons why the majority was incorrect, including that the caller from "my house" might have otherwise destroyed evidence in the home.

Read More

Maryland appeals court reverses conviction due to lay witness testimony connecting defendant to crime scene with CSLI

In a recent Maryland case, the Court of Special Appeals found that it was improper for the trial court to use lay testimony from a detective to suggest that the defendant's cell phone was in close proximity to the location of the crime. Because the detective was not presented as an expert witness on the technology, the testimony was improper, and the conviction was reversed and remanded. Payne v. State, No. 2156 (Md. Ct. Spec. App. 2013).

The defendant had been charged and convicted of first-degree felony murder. At trial, the detective testified as to how he was able to use call records to find the cell tower in which the defendant's phone was connected at the time of the call. Defense counsel objected, arguing that the detective was "offering expert testimony without a proper foundation." The detective was allowed to testify without the proper foundation.

On appeal, the defendant argued that the cell site location information should not have been allowed from a lay witness. The state countered, "there was no 'opinion' testimony, lay or otherwise, in this case and, even if it did constitute opinion testimony, there was no need for the State to produce an expert to testify regarding the facts relating to appellants' cell phone records."

Ultimately, here's what caused the appeals court to take issue with the testimony:

Subsequent to the court's ruling, Detective Edwards testified that a telephone call from Bond's cell phone registered off of a cellular tower "at a latitude and longitude of 39.350854 by negative 76.696565 located on Menlo Drive" which was approximately one and one half to two miles away from the crime scene at approximately the time when the crime occurred. At approximately 1:00 a.m. on August 27, 2007, another call had been placed from Bond's cell phone registering off of a cellular tower at latitude and longitude 39.34364 by negative 76.72851, a location known as Balmoral Towers, located approximately one mile from the crime scene. Over objection, Detective Edwards then identified the map which has been generated as a mapping program that depicted the aforesaid locations. Finally, Detective Edwards testified that Paynes' cellular-phone activated off of one of the towers located in proximity to the crime scene at 10:02 a.m. on August 26, 2007.

Because the testimony was improperly allowed by a lay witness, it was in error. The court found the testimony to be "critical," and thus reversed and remanded the case.

Read More

Minn. Ct. App. affirms suppression of CP images from cell phone, agrees phones may contain a weapon under Terry

In State v. Cooper, No. A12-1027 (Minn. Ct. App. 2013), the Minnesota Court of Appeals affirmed the suppression of images of child pornography found on a cell phone because the search of the phone was not authorized under the search warrant. The warrant specified the search of phones "at the premises," but the phone in question had been seized by police in a traffic stop just prior to the search of the home.

Officers had obtained a search warrant for the defendant's home as part of a drug investigation, and the warrant specifically authorized the search for cell phones "at the premises" which might be used in drug transactions. Because the defendant had two pit bulls, the officers decided to avoid simply walking up to the home. After learning that the defendant's driver's license was expired, they followed him home from work and stopped his car three blocks away.

During a Terry search, the defendant's cell phone was seized. Later, after the pit bulls had been secured, a large amount of marijuana was found in the home, and the defendant was taken to jail. One of the officers began looking through the defendant's phone and found child pornography. Before trial, the defendant moved to suppress the phone's images, and the trial court agreed, finding that the Terry search and later search of the phone were both impermissible. The state appealed.

The Court of Appeals first found that the Terry search resulting in the seizure of the phone was permissible for two reasons. First, the state successfully argued that a cell phone "might contain a weapon," and considering "that 'officer safety is a paramount interest,'" the seizure was justified. Further, the seizure prevented the defendant from notifying others that police were in route.

However, the actual search of the cell phone was held to be unconstitutional because it was outside the warrant's scope. The warrant specified the search of phones "at the premises," meaning it had to be found there. According to the court, "it did not authorize the search of cell phones brought onto the premises by the police."

The state also argued that the phone would have been searched incident to the defendant's arrest after finding the drugs. Because the phone had been placed outside of the defendant's reach, the court held, the search incident to arrest doctrine does not apply.

Lastly, the state argued that the exclusionary rule should not apply because it "does not serve the purpose of preventing future police misconduct." The court disagreed, holding:

Because application of the exclusionary rule deters the police from seizing evidence that is outside the scope of a search warrant, we conclude that the district court did not err by applying the exclusionary rule in this case.

Thus, the suppression of the images from the cell phone was upheld.

Read More

Fifth Circuit surprises no one with decision that accessing another's text messages on their cell phone doesn't violate SCA

In Garcia v. City of Loredo, Texas, No. 11-41118 (5th Cir. 2012), the Fifth Circuit held that a person accessing text messages and images on the cell phone of another does not violate the Stored Communications Act (SCA). Those of you who have ever studied the SCA are certainly not surprised.

Garcia worked as a police dispatcher, and the wife of a coworker took Garcia's phone from her locker at work. After finding text messages and photos that showed department policy violations, the coworker's wife set up a meeting with the deputy assistant city manager and the interim police chief. The images and texts were shown, the videos were copied off of the phone, and Garcia was fired. Garcia later filed suit, and summary judgement was granted with regard to her SCA claim.

Her argument before the Fifth Circuit was that her cell phone was a "'facility' in which electronic communication is kept in electronic storage in the form of text messages and pictures stored on the cell phone." The Fifth cited a variety of district court cases, a law journal article by Professor Kerr, and the legislative history to back up its holding that devices such as cell phones are not facilities under the act.

The court also held that even if the cell phone was a "facility," the text messages and images certainly do not fit into the SCA's definition of "electronic storage." A common sense definition might make one think that would be the case, but we are, of course, dealing with statutes. Under the SCA, data is only in electronic storage when it "has been stored by an electronic communication service provider." If you want to know what that means, click here.

Thus, the Fifth affirmed the district court's grant of summary judgment, dismissing Garcia's SCA claim.

Read More

District court upholds CSLI order with erroneous phone number, finds defendant doesn't have standing

In United States v. Cannon, No. 6:11-cr-02302 (D.S.C. 2012), the court held that a typographical error did not violate an order for cell site data and that the defendant's failure to prove he had an interest in the phone removed his ability to challenge the search for lack of standing.

The defendant had been charged with multiple crimes related to the distribution of drugs. As part of the investigation, law enforcement obtained GPS data from his cell phone company. He filed a motion to suppress, arguing that the data was obtained in violation of his constitutional rights.

In challenging the use of the data, the defendant argued that the court order was invalid because it contained a phone number different than the one that information was provided for. The court found the argument to be without merit, holding, "Mere typographical errors do not undermine a finding of probable cause and do not invalidate a warrant." Because the correct number was used elsewhere, it was clear that it was a mistake.

The government argued that the defendant did not have standing because he was not the owner or authorized user of the phone. The defendant was unable to prove that he had any interest in the phone, and thus could not challenge any potential Fourth Amendment violation.

Read More

Kansas appellate court okays warrantless cell phone search during search incident to arrest

In State v. James, No. 106,083 (Kan. Ct. App. 2012), as a matter of first impression in the state, the Court of Appeals of Kansas held that officers may read an arrestee's text messages in a cell phone found on his person as part of a search incident to arrest.

The defendant had been pulled over for having a headlight out. The officer smelled alcohol and soon learned the defendant and his passenger had been making drinks and consuming alcohol while in the vehicle. A search of the car revealed marijuana, and the defendant suggested it may belong to his brother. He did not know his brother's phone number, but because he was in handcuffs, he "stuck out his hip" as a gesture to get the officer to obtain his phone and call his brother. Here's what happened next:

While removing the cell phone from James' pocket, the deputy asked "are there going to be any text messages on here relating to drug sales?" And James responded that there was nothing about drugs on his phone. 

Deputy Voigts proceeded to look at the cell phone in James' presence. In scrolling through James' text messages, the deputy found two incoming messages that caught his attention. On December 8, 2009, a person named Ash sent a text message to James' cell phone, which read: "U got green I will meet U somewhere." Another text message, sent on December 9, 2009, said, "Hey T-Ray this is Cotie. U got a 20?"

Never was the officer told he could not search the messages, and the phone did not require a password. The defendant was later charged with various drug crimes. The text messages were used as evidence at trial, and the defendant was convicted and sentenced  to 44 months in prison.

On appeal, he argued that the search violated his Fourth Amendment rights and that the use of the messages was improper under the rules of evidence.

The Court of Appeals found that the search of the cell phone for text messages "probative of criminal conduct ... was a valid search incident to a lawful arrest." Further, the court found unpersuasive the defendant's arguments that cell phones should be treated differently than other containers including Ohio's Smith v. State (finding that the search of cell phone requires a warrant) and Kansas's own State v. Rupnick (holding that the search of a computer hard drive requires a warrant). The state made a consent argument, but the court did not need to consider it.

Finally, the court found that the text messages were not inadmissible hearsay. The questions "U got green" and "U got a 20" were not "offered to prove the truth of the matter stated." The questions are "neither true nor false" and thus do not qualify as hearsay.

Read More

Mass. trial court finds obtaining one day of CSLI without cause to violate the Mass. Constitution

In Commonwealth v. Wyatt, 30 Mass. L. Rep. 270 (Mass. Sup. Ct. 2012), the Superior Court of Massachusetts held that obtaining cell site location information (CSLI) without a showing of cause (the court did not specify if probable cause was a requirement) was a violation of the Massachusetts Constitution. As a result of this finding, the defendants' motions to suppress were granted.

As part of a murder investigation, law enforcement acquired nine 2703(d) orders covering five different cell phone companies and eighteen phone numbers seeking subscriber information and call records for a near two-month period and CSLI for one day. Officers later admitted they did not have probable cause to acquire this information. The four defendants filed a motion to suppress their historical CSLI .

The court began by discussing the similarities of cell phones and a GPS device, noting that "CSLI enables a cellular telephone to be treated as a de facto Global Positioning System (GPS) tracking device." As such, they conducted an evaluation of a state high court opinion in Connolly (holding that installation of a GPS device on a vehicle is a seizure) and the Supreme Court's opinion in Jones.

Next, the court applied the expectation of privacy test to the use of CSLI. Because "[i]t is unlikely that the average cellular telephone user knows that when he or she makes or receives a call or a text message, the service provider creates and maintains a record of the cellular telephone’s location," the defendants had a subjective expectation of privacy in the cell records.

As to an objective expectation of privacy, the court held:

Allowing the government to track our movements without evidence that the person whose CSLI is sought engaged in criminal activity compromises what it means to be a citizen of the United States of America free from arbitrary surveillance.... 

Allowing the government to track a citizen’s movement through CSLI, without requiring the government to show probable cause or even reasonable suspicion that the target is engaged in criminal activity is contrary to the very freedom we hold dear.

Thus, the defendant's motion to suppress their cell site location information was granted.

Cybercrime Review blogger Justin Webb contributed to this post.

Read More

GAO produces report on cell location data protection

The Government Accountability Office recently released a report entitled "Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy." It covers:

(1) how mobile industry companies collect location data, why they use and share these data, and how this affects consumers;
(2) the types of actions private sector entities have taken to protect consumers’ privacy and ensure security of location data; and
(3) the actions federal agencies have taken to protect consumer privacy and what additional federal efforts, if any, are needed.

The GAO recommends that mobile industry companies adopt a variety of practices, enforce their policies consistently, and implement certain safeguards to protect the data. Additionally, employees must be held accountable for policy breaches. Action was also recommended for the FTC, FCC, and Department of Commerce.

Read More

Nevada district court applies good faith to GPS evidence, denies standing to one-time driver

In United States v. Smith, No. 2:11-cr-00058-GMN-CWH (D. Nev. 2012), the district court found that the defendants were not entitled to suppression of GPS evidence and that one of the defendants did not have a legitimate expectation of privacy in the car which he had driven on at least one occasion.

Law enforcement had placed a GPS device on defendant Smith's vehicle in May 2010, and Smith sought to suppress the evidence obtained from the device under the 2012 Supreme Court decision in Jones. Defendant Merritte sought similar protection though the car did not belong to him.

The court found that Merritte was not entitled to suppression because he did not have a legitimate expectation of privacy in the vehicle. He was not the owner and had only been seen driving the car by police on one occasion as he was usually a passenger. Further, he presented no information that he had permission from Smith to drive on that one occasion or on any other. He argued that an Eighth Circuit case should apply, but the court acknowledged it was not binding nor factually similar. In that case, the defendant had a set of keys to the car and drove it multiple times per week.

With regard to Smith, the court found that the good faith exception applies as the Ninth Circuit's decision in Pineda-Moreno was binding at the time the device was installed. The application of the good faith exception has been extensively discussed on this blog.

Related Case: The same standing rule the court used to decide Merritte's argument also came up in a recent federal case in South Dakota. In United States v. Clinton, 2012 U.S. Dist. LEXIS 150171 (D. S.D.), the court held that the defendant's possession of a cell phone, "without more, is insufficient to establish a Fourth Amendment right to privacy in its contents." He was not the owner or registered as a user, and he did not provide evidence that he had permission to use the phone.

Read More

Arkansas Supreme Court upholds murder conviction over argument that text messages were improperly obtained by a prosecutor's subpoena

In Gulley v. State, 2012 Ark. 368 (Ark. 2012), the Supreme Court of Arkansas held that the defendant's argument that text messages obtained by a prosecutor's subpoena violated the federal Stored Communications Act and Fourth Amendment would not be considered because the objection was not made at trial, and the defendant did not argue on appeal that the prosecutor had abused the subpoena power.

The defendant had been convicted and sentenced for capital murder and attempted capital murder, and three text messages were presented at trial which had been obtained through a prosecutor's subpoena. One included that the victim's child is "going to be left without any parents," and another containing "dat b**** gonna pay, it's just a matter of time." At trial, counsel argued:

DEFENSE COUNSEL: If I send a text message out it is digitally transmitted through the air wave just like a telephone call is. There is no difference. The fact that they maintained it and printed it out is what the difference is but there is a reasonable expectation of privacy. It may have been subject to a warrant but not to a subpoena.
. . .
DEFENSE COUNSEL: You do not expect the telephone company is going to take it upon themselves to give it to a third party based on a subpoena. It has to be probable cause to get it not just carte blanche you issue a subpoena and go get it. That is what happened here. It may otherwise be something that could be used if a Judge says it but not by a Prosecutor just exercising its own subpoena. 

PROSECUTOR: I respectfully disagree, Your Honor, with regard to the Prosecutor's subpoena. Like I say, it is just like a grand jury, it's a quasi-magisterial function and it is a power that is conferred upon the office of the Prosecuting Attorney, same as grand jury in the State of Arkansas.

The judge denied the motion, finding that there could not be an expectation of privacy because the messages "can be picked up by a scanner with the proper device." Defense counsel also argued the messages should not be admitted on the basis of relevancy, juror confusion, hearsay, and rule 403. The court limited admission to three text messages.

On appeal, the defendant argued that the use of the subpoena to acquire the text messages violated the SCA and the Fourth Amendment. However, because he did not make an SCA-related objection at trial and did not argue on appeal that the prosecutor abused the subpoena power, the court refused to consider the issue.

The defendant also appealed the admission of the messages as evidence, arguing they were hearsay and not properly authenticated. The supreme court disagreed on both issues.

Read More

Analysis of Fifth Circuit CSLI oral argument: Government likely to win on Fourth Amendment issue

The Fifth Circuit heard oral argument yesterday on the oft-discussed cell site data case. The Fives are the second federal court of appeals to consider this issue; the Third Circuit addressed cell site data in relation to the Fourth Amendment in 2010.

The issues presented in this case are two-fold: first, whether the Constitution requires a warrant based on probable cause (rather than a court order issued under a lesser standard provided by § 2703(d) of the Stored Communications Act) when the Government wants cell phone providers to turn over data showing the location of the cell phone. In other words, the issue is whether the Government needs to have probable cause to turn cell phones into semi-specific tracking devices. The second issue is, assuming that cell site data is not protected by the Fourth Amendment, whether the magistrate judge has discretion to deny the Government’s § 2703(d) application for this data and insist upon a showing of probable cause.

The argument in this case was an hour long, much longer than the customary forty minutes usually allotted to parties arguing before the Fifth Circuit. The extra time may have been a result of the truly bizarre procedural posture of this case. According to the Government, it presented “specific and articulable facts” pursuant to § 2703(d) of the Stored Communications Act that the cell phone numbers of three people were pertinent to criminal investigations. The magistrate judge, however, never granted or denied the Government’s § 2703(d) applications; and, instead, ruled that this data was protected by the Fourth Amendment and that the Government needed probable cause to obtain it. Thus, the Government’s argument was presented by Nathan Judish, an attorney from the Department of Justice. There was no traditional appellee represented at oral argument; the people whose cell site data the Government was trying to obtain are anonymous, so there was no one with a direct, personal interest in the outcome of this case advocating for Fourth Amendment protection. Instead, Professor Susan Freiwald and Hanni Fakhoury (EFF) presented the arguments of the “Fourth Amendment and the people,” whatever that means.

The three-judge panel appointed to hear oral arguments were Fifth Circuit Judges Thomas Reavley, Edith Clement, and James Dennis. Interestingly enough, this was a liberal-majority panel in a notoriously conservative circuit. Judge Reavley was appointed by the Carter administration, and Judge Dennis was appointed by the Clinton administration. A liberal-majority panel on the Fifth Circuit is like the Loch Ness Monster: there are reports of people seeing it happen, but I have always figured that it was a myth propagated by circus conductors and the ACLU.

When I saw the membership of the panel, my first instinct was that the panel would render a 2-1 decision holding that cell site data is protected by the Fourth Amendment. I figured that Judges Reavley and Dennis would make up the majority, and Judge Clement would be the lone dissenter. After hearing oral argument, I do not think my prediction could be more wrong. I think the majority of the panel will hold that this data is not protected by the Fourth Amendment, Judge Reavley (and possibly Judge Dennis) siding with Judge Clement.

Why do I think this?

First, the judges struggled to understand the technology. When I read the briefs, I was astounded that they were not written with the understanding that these judges were not going to have an innate understanding of rather complicated cell phone technology. The judges on the panel ranged in age from sixty-four to ninety-one. I think it is safe to assume that they know how to use a cell phone, or at least, they have seen one of their law clerks use a cell phone at some point. Any imputed knowledge beyond that, i.e., the definition of a femtocell, is ludicrous. A number of the panel’s questions were geared toward trying to understand basic cell site technology, and I can see why. The Government’s brief does not define “cell site data” until page seven. Then, once you get to page seven, the Government defines cell site data as “the antenna tower and sector to which the cell phone sends its signal.” Now, imagine you are speaking to your grandmother and that is how you explain the concept of cell site data to her. Is she going to have any idea what you are talking about? I think not. I would offer the non-scientific estimate that at least a third of the questions during oral argument related to the basic tenets of the technology involved. These questions should have been addressed within the first five pages of the parties’ briefs; yet I doubt whether the panel understands the technology and the type of information being produced, even after oral argument. Ultimately, the real shortfalling is on the amici who were trying to convince the court that revelation of this data to the Government amounted to a significant intrusion into privacy. If the court cannot understand how cell phone technology works and why consumers have a privacy interest in this data, the Fifth Circuit cannot hold that cell site data is protected by the Fourth Amendment.

Second, there was no definite explanation about what kind of data would be produced as a result of these § 2703(d) applications. Judge Reavley told the parties, “It is critical to know exactly what information is being obtained in these . . . cases.” Yet, he received two different answers during oral argument. The Government mumbled something about call-times and cell phone towers; Professor Susan Freiwald and Hanni Fakhoury painted a picture that was positively Orwellian with the Government determining location of the cell phone within fifty feet, even when the cell phone was turned off. It is clear that the court did not have access to the § 2703(d) applications prior to oral argument and has no understanding whatsoever what type of data will be revealed if the applications are granted. Perhaps things will be clearer after an over-worked, under-paid law clerk receives the applications along with the case record after oral argument. But, as of oral argument, it is clear that only the Government was privy to this information, and the Department of Justice was less than forthcoming.

Third, the panel asked no questions during the time the parties were discussing the Fourth Amendment. This generally indicates a lack of interest. Also, Judge Reavley stated during oral argument, “I just don’t see us announcing a law that you have to have a probable cause showing from a magistrate under this statute. Period.”

One thing I found very interesting about argument was the judges’ constant questions to the parties about how they can avoid the Fourth Amendment issue altogether. Judge Clement raised a very good point during oral argument asking the Government whether the issue in the case was moot. The Government filed these § 2703(d) applications in 2010. Although the Government’s attorney assured the court that the criminal investigations were ongoing, I think Judge Clement found this doubtful. To my knowledge, however, the Fifth Circuit has no way of assuring that this case is not moot, and the Government is still pursuing these criminal investigations. Ultimately, the Fives’ continued jurisdiction over this matter rests upon the Government’s pinky swear that these criminal investigations abide. Oy vey.

Although the Government is likely to win the Fourth Amendment argument, I think the Fifth Circuit will hold that it is within a magistrate judge’s discretion to reject an application for cell site location information which would therefore impose a probable cause requirement to obtain the data. This is the result reached by the Third Circuit, and the judges seemed hesitant to create a circuit split.

So, my trepidatious prediction, based on oral argument, is that the parties will split the baby: cell site data, at least in its current iteration, is not protected by the Fourth Amendment, but there are certain situations where a magistrate judge can insist upon a showing of probable cause when considering a § 2703(d) application. If the case does reach the Fourth Amendment issue, I would not be surprised that there are some subsequent rumblings about an en banc vote.

Read More

Louisiana appeals court finds expectation of privacy for text messages

In State v. Bone, No. 12-KA-34 (La. Ct. App. 2012), the Louisiana Court of Appeal held that where a person is the "exclusive user of a cell phone," they are entitled to a reasonable expectation of privacy in text messages sent and received from the phone. However, the mistake in denying evidence suppression was harmless error, and the conviction was affirmed.

The defendant was a suspect in a murder case, and law enforcement obtained a subpoena duces tecum to receive a printout of text messages he had sent and received from his phone. Several of the messages appeared to show his involvement in the murder.

On appeal, the defendant argued that his motion to suppress the text messages should not have been denied. The state argued "it had reasonable grounds to obtain the requested information." The defendant's motion, however, argued the records were obtained "without a showing of probable cause as required under the Electronic Communications Privacy Act." (That's not the standard, of course.) The state argued that the defendant had no reasonable expectation of privacy because:

(1) defendant is not the subscriber or owner of the cell phone number at issue; (2) the privacy policies issued by Sprint Nextel specifically warn customers that information may for certain reasons be disclosed to authorities; and (3) defendant admits in the messages he sent from his phone that he did not have a subjective expectation of privacy in the messages.

The Court of Appeal first found that the "defendant did not have a reasonable expectation of privacy in the call detail record log associated with his phone number." On the other hand, the court held otherwise with regard to the text messages.

The issue before this Court is not whether the state is permitted to obtain the content of text messages sent on a defendant’s cell phone; rather, the question in this case is the standard that the state must meet in order to obtain such information. We find that here, where defendant was the exclusive user of the cell phone and was permitted to use the phone for personal purposes, he had a reasonable expectation of privacy in the text messages sent and received on the cell phone and further find that the collection and review of the content of defendant’s text messages sent and received by that phone constituted a search which required a showing of probable cause.

Thus, the court held that the motion to suppress was erroneously denied. The decision was, however, harmless error as the messages were "simply corroborative of other competent evidence introduced at trial." The trial court decision was affirmed.

Read More

Rhode Island court finds expectation of privacy in text messages, orders suppression for nearly all of state's evidence

In State v. Patino, P1-10-1155A (R.I. Super. Ct. 2012), the court ordered suppression of text messages sent by the defendant on a cell phone belonging to another person. The defendant had standing to challenge the search which, according to the court, was conducted in violation of the Fourth Amendment and not saved by any exception.

The case concerned the murder of the defendant's six-year-old son. The child's mother called 911 to report that her son was not breathing. An ambulance took the child to the hospital, and police remained at the home to speak to the parents. The mother took the officer through the house, and he noticed stripped beds and vomit. A cell phone in the house later made a beeping sound, and the officer picked up the phone to view the message. It was unattainable because of lack of credit, and after pressing another button, he was taken to the sent messages folder. He noticed the word "hospital" in a message and proceeded to read the entire message which read: "Wat if I got 2 take him 2 da hospital wat do I say and dos marks on his neck omg." From the reading of this message, an investigation continued, and the case for murder against the defendant was built.

In its 190 page opinion, the court began with a standing issue. The first issue was the fact that he only occasionally stayed at the apartment where the phone was found, but the court found that this did not remove his expectation of privacy. Another issue was that the phone itself was shared, and the defendant was not the main user. As a result, the court, analyzing the phone "not as a container but as an 'access point' to potentially boundless amounts of digital information," held that the standing issue was in the text messages themselves rather than the phone in general.

Next, the court held that the defendant had a subjective and objective expectation of privacy in the text messages stored on the phone and that the possibility that someone other than the intended recipient will see the message is not enough to remove the expectation. With regard to the third-party doctrine, the court held that "the third-party doctrine is ill-suited for contemporary forms of communication and thus should not wholly defeat an individual's expectation of privacy in the contents of his or her text messages." As a result, the defendant had standing to challenge the search.

The court quickly labeled the search of the phone as unconstitutional and noted that the search of the phone was also not excused by any exception to the Fourth Amendment. The crime was not one that commonly involves cell phones nor was the cell phone an instrument that posed a danger to police. Further, the officer's continued manipulation after the beeping was objectively unreasonable and did not involve exigency. The state also argued that the incriminating message was in plain view, but the affirmative act of pressing buttons defeated the argument. Also, despite having consent to be in the apartment, it was limited to, for example, "a search for items that might have caused ... [the child's] health condition" and not to cell phone content.

As a result, the text messages were unconstitutional and subject to suppression. The messages were used to produce an extensive investigation including other cell phones, phone records from phone companies, and written confessions. This evidence was fruit of the poisonous tree and not saved by inevitable discovery or independent source.

Read More

Civil liberties groups file amicus brief in recent Sixth Circuit cell phone pinging case

Last month, a Sixth Circuit panel held in United States v. Skinner that repeatedly pinging a cell phone in order to obtain its GPS coordinates was not a Fourth Amendment search. This week, the ACLU, CDT, EFF, and EPIC filed an amicus brief asking the Sixth Circuit to reconsider the case en banc.

Greg Nojeim, senior counsel for the Center for Democracy & Technology, wrote on CDT's blog that the panel decision was based on a misunderstanding

that cell phones normally "give off" GPS location information. Instead, mobile providers have to take a special step -- sending a signal to the phone to direct it to produce the GPS data. Unless they take that step, there is no location data at the provider for the government to seize. As a result, the court should not have analyzed the case under the third party records doctrine, which says a person has no Fourth Amendment interest in information shared with a third party.

The groups suggest that the Supreme Court's decision in Jones conflicts with Skinner insofar as Sotomayor and Alito's concurring opinions can be read together to provide Fourth Amendment protection even when tracking does not involve a trespass.

Neither concurring opinion set a firm guideline as to when an act of surveillance will be unreasonable under the Fourth Amendment, and this amicus brief suggests that Skinner's "three days of cell phone tracking should be considered 'prolonged.'" Jones's surveillance by GPS was for 28 days, clearly a prolonged search according to Alito.

Read More

Jones II: DOJ files opposition to motion to suppress Jones's cell site data

Several months back, I mentioned that Antoine Jones, the defendant in the Supreme Court's Jones decision, is back in trial court after the high court's remand. The DOJ is now seeking to do with cell site data what it is not allowed to do with GPS information.

On Tuesday, the government filed its opposition to Jones's motion to suppress.

Here's the summary of the government's argument:

Defendant’s motion to suppress cell-site location records cannot succeed under any theory. To begin with, no reasonable expectation of privacy exists in the routine business records obtained from the wireless carrier in this case, both because they are third-party records and because in any event the cell-site location information obtained here is too imprecise to place a wireless phone inside a constitutionally protected space.  Even if defendant were able to establish a Fourth Amendment privacy interest, the government’s good-faith reliance upon judicial and statutory authorization here forecloses any claim for suppression.  

Finally, defendant expressly admits that the government lawfully relied upon the proper legal authority – 18 U.S.C. § 2703(d) – to obtain the disputed records. To the extent that defendant alleges that the government violated this (or other) statutes, his motion fails because no statutory suppression remedy is available. As a result, defendant’s motion must be denied.

The case is before the DC federal district court. The Electronic Frontier Foundation's brief is available here, and Jones' motion can be found here.

Read More

Sixth Circuit holds that "pinging" cell phone to obtain GPS location is not a search; opinion confuses everyone

In United States v. Skinner, a Sixth Circuit panel held that repeatedly pinging a cell phone in order to obtain its GPS coordinates (or something like that) was not a Fourth Amendment search and thus does not necessitate evidence suppression. No. 09-6497 (6th Cir., Aug. 14, 2012). In a concurring opinion, one judge argued that obtaining the data was a search, but the good faith rule saves the evidence from suppression.

The defendant was suspected of being involved in drug trafficking, and participants in the exchange were known to use pay-as-you-go cell phones equipped with GPS technology. Agents obtained the defendant's phone number and  "pinged" it in order to discover its location as the defendant traveled. They tracked him to his motorhome, and a K-9 dog alerted officers to the presence of narcotics. Over 1,100 pounds of marijuana were found.

Before trial, the defendant sought to suppress the search, arguing that the "use of GPS location information emitted from his cell phone was a warrantless search that violated the Fourth Amendment." The evidence was not suppressed, and he was found guilty on multiple counts.

On appeal, the Sixth Circuit concluded that no reasonable expectation of privacy existed "in the data given off by [the] voluntarily procured pay-as-you-go cell phone." The court continued:

If a tool used to transport contraband gives off a signal that can be tracked for location,  certainly the police can track the signal.  The law cannot be that a criminal is entitled to rely on the expected untrackability of his tools.... It follows that Skinner had no expectation of privacy
in the context of this case, just as the driver of a getaway car has no expectation of privacy in the particular combination of colors of the car’s paint.

The court considered this situation simply an advancement of the Supreme Court's 1983 decision in Knotts as it is law enforcement adapting to technological change. They also distinguished the case from Jones because no physical intrusion occurred in Skinner. "Skinner himself obtained the cell phone for the purpose of communication, and that phone included the GPS technology used to track the phone’s whereabouts." Further, the court noted that Justice Alito's concurrence also does not apply. Alito suggested that "relatively short-term monitoring" of movements may not violate the Fourth Amendment, and Skinner was only tracked for three days (opposed to 28 days in Jones).

In a concurring opinion, Judge Donald argued that Skinner did have a reasonable expectation of privacy in the GPS data, making the act by law enforcement here a search. However, she also noted that the Leon good faith exception would prevent the need for suppression "because the officers had probable cause to effect the search in this case and because the purposes of the exclusionary rule would not be served by
suppression."

If my analysis of the technology doesn't make sense, it's because the facts in the opinion leave a lot to be desired. This might be about cell site location data. The fact that Skinner was tracked to his home would make you think it was GPS data due to the accuracy, and the court called it GPS throughout. The court also referenced agents pinging the phone. No one - including the court, apparently - is really sure what was happening here. Check out Professor Kerr's discussion of this issue here (and the reader comments).

UPDATE: Professor Kerr dug into the case a little more. Be sure to read what he came up with on Volokh Conspiracy.

Read More

District Court denies motion to suppress cell site data

In United States v. Madison, 2012 U.S. Dist. LEXIS 105527 (S.D. Fla. 2012), the district court denied a motion to suppress cell site location information as the application contained facts asserting that the defendant was an associate of - and lived near - a known participant.

A 2703(d) order was obtained to get historical cell site records for the defendant after a shooting and other related crimes. To prove specific and articulable facts, law enforcement presented facts concerning the gunman they caught near the scene. They connected the defendant to the gunman with the following facts:

m. Sources have identified Bobby Ricky Madison as a person possibly involved in the armored car robbery that occurred on October 1, 2010. Madison is also a known associate of Moss and Moss's other associates. From document[s] regarding a prior arrest of Madison, the FBI has learned that Madison uses a cellular telephone assigned the number 754-234-7001. 

n. Madison lives in the Opa Locka area near where Moss resides. In May 2010, officers in the same Coconut Creek area from which the two stolen vehicles used in the October 1, 2010, robbery were stolen attempted to perform a traffic stop of a vehicle Madison was driving. He lead the officers on a high-speed car chase before eventually being apprehended. The car he was driving was reported stolen from that same Coconut Creek area at approximately the same time of day as the two vehicles used in the October 1, 2010, robbery.

Thus, the "specific and articulable facts" were that the defendant was a known associate and lived in the area (approximately eight miles away).

The court agreed that the application was sufficient. It presented facts surrounding the armed robbery, the defendant's ties to another participant, and his "skill set and modus operandi for stealing cars." Further, it alleged that at least three others were involved in the act, though only one had been found. As it was reasonable to believe the defendant's cell site data would be relevant and material to the investigation, the 2703(d) order was proper.

Read More

Google Play app containing malware may have been downloaded 100,000 times

Symantec blogger Irfan Asrar has found malware in the Google Play market known as Android.Dropdialer that sends text messages to premium-rate numbers, resulting in expensive charges on the user's phone bill. The malware, hidden in downloads entitled "Super Mario Bros." and "GTA 3 Moscow City," was available for download for over two weeks and may have been downloaded nearly 100,000 times.

Google attempts to scan all apps in the market for malware, but as here, some apps fall through the cracks when the actual harmful code is downloaded by the app after the initial download from Google Play (full process explained here).

Here are a few tips to follow to help ensure you avoid malware:

1. Read online reviews. Most malware will not function as a normal app.
2. Never download apps outside of the market for your phone.
3. Check out the publisher to see what other apps they offer. Research the company to be sure it is the actual developer (some malware will have the same name but be listed under a different publisher).
4. Review permissions that the app requires. Games, for example, do not need access to make phone calls or see your contacts.
5. Get antivirus protection for your phone.

Trend Micro predicts an epidemic of Android malware by the end of 2012.

Read More