The Files “in” the Computer – Zoolander and the California Supreme Court

TL;DR: Imagine if a routine traffic stop, say, for failure to signal or wear a seat belt would place in the state’s hands every e-mail you’ve ever sent, contact your ever met, or financial transaction your ever completed. The California Supreme Court ruled in favor of just that.

❗ Heads up! This post is archived and here for historical purposes. It may no longer be accurate or reflect my views. Proceed at your own risk.

3 minute read

When drafting and interpreting the fourth amendment, neither the founding fathers, nor the countless legal scholars that followed them could have ever imagined that one day technology would allow us to walk down the street with our entire life chronicled in our pocket. The growing popularity of the cloud coupled with increasing power of smart phones has resulted in what not too long ago was tool for placing and receiving calls, today, in actuality, is a portal to one’s entire digital life. Imagine if a routine traffic stop, say, for failing to signal properly, would place in the state’s hands every email you have ever sent, contact you have ever met, or financial transaction you have ever completed (not to mention your current Angry Birds score!). Regardless of how Orwellian it may sound, the California Supreme Court ruled in favor of just such an outcome.

In People v. Diaz, the court ruled that a warrantless search of text messages on a cell phone confiscated subsequent to a lawful arrest did in fact, constitute a valid search. While the dissent realized that mobile phones were increasingly becoming the hubs of our digital world, noting that the decision gave “carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person,” I do not believe they fully grasped the gravity of the ruling. ¹

Much like Ben Stiller and Owen Wilson’s characters in the movie Zoolander, the dissent’s analysis is based on the assumption that information “can be carried on” or “in” one’s mobile phone, a reality which simply is not the case in today’s increasingly cloud-centric world.

Today, and even more so tomorrow, information will not be “carried on” a phone, but rather, that phone will merely be the vehicle used to access information stored elsewhere, information that would otherwise carry the highest expectation of privacy. Put another way, the device holds, both literally and metaphorically, the address, keys, and means to access one’s digital home, a breach of privacy that would not be tolerated if it occurred in a more tangible sense.

In a world where in reality, nearly every email I have ever sent or received can be accessed by opening a folder on my phone virtually indistinguishable ² from any neighboring folder that contains locally stored information, the majority’s interpretation grants the state access to nearly everything one says or does on a daily basis. Put another way, how much information do you think won’t be accessible from your mobile phone in 5 years? 10 years? 20? Just scroll through your home screen.³

The majority’s decision was well argued by legal minds much wiser than my own, but even reading through the verbiage of the opinion, discussing the nature of containers and cavities as they relate to what is “in” the phone, it leads one to believe that their analysis is handicapped by outdated concepts of storage and space.⁴

While it may not be practical to install Faraday cages in every police station to ferret out what information can be gleamed from a mobile device without it querying a remote server (if there is any information at all), the majority’s opinion fails to take into account the reality of how mobile phones are used today, let alone, how they will be most likely be used in the not-to-distant future. While the courts sort out what fourth amendment protections are extended into the digital world, I for one, will be sure to put a password on my phone next time I cross the California state line.⁵

[photo: Thomas Hawk]

Notes:

1. While the question has been pondered to some extent, for example, in Professor Kerr’s 2006 paper Searches and Seizures in a Digital World, or Professor Gershowitz’s 2008 paper, the iPhone Meets the Fourth Amendment, technology has come a long way, even in the past two years, and will continue to evolve in the years to come. ↩

2. Even for the technologically adept, today, it is hard to tell exactly what information exists “on” my phone, and what information exists “in” the cloud. The subject and sender of an incoming email may be pushed to my iPhone automatically, for example, but the body or attachments may not download until I access the message itself. Today’s calendar entries may be cached on the device (I wouldn’t consider my calendar “stored” on my device — it’s not the master copy), but yesterday’s and tomorrow’s agendas are both retrieved on demand from a distant server unrelated to any hypothetical search to which I may me subject. ↩

3. Beyond the obvious (email, phone, contact, calendars), there’s dinner reservations, car rentals, TV viewing habits, financial data, recent purchases, even desktop browsing history — it’s like winning the lottery of personal information. ↩

4. It’s worth noting that the word “server” is not mentioned once in the opinion, yet the phrase “storage capacity” is used no less than five times — a concept that even as early as 2007 was considered a thing of the past. ↩

5. A password may only delay the inevitable. See Gershowitz, Adam M., Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine? (August 31, 2010). ↩

Originally published January 4, 2011 | View revision history

If you enjoyed this post, you might also enjoy:

• Four characteristics of modern collaboration tools
• Why everything should have a URL
• Why open source
• 15 rules for communicating at GitHub
• Ten ways to make a product great
• 19 reasons why technologists don't want to work at your government agency
• Five best practices in open source: external engagement
• How I over-engineered my home network for privacy and security
• The difference between 18F and USDS
• Twelve tips for growing communities around your open source project
• Why WordPress

Ben Balter is the Director of Engineering Operations and Culture at GitHub, the world’s largest software development platform. Previously, as Chief of Staff for Security, he managed the office of the Chief Security Officer, improving overall business effectiveness of the Security organization through portfolio management, strategy, planning, culture, and values. As a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development. More about the author →

This page is open source. Please help improve it.

Edit