When drafting and interpreting the fourth amendment, neither the founding fathers, nor the countless legal scholars that followed them could have ever imagined that one day technology would allow us to walk down the street with our entire life chronicled in our pocket. The growing popularity of the cloud coupled with increasing power of smart phones has resulted in what not too long ago was tool for placing and receiving calls, today, in actuality, is a portal to one’s entire digital life. Imagine if a routine traffic stop, say, for failing to signal properly, would place in the state’s hands every e-mail you have ever sent, contact you have ever met, or financial transaction you have ever completed (not to mention your current Angry Birds score!). Regardless of how Orwellian it may sound, the California Supreme Court ruled in favor of just such an outcome.
In People v. Diaz, the court ruled that a warrantless search of text messages on a cell phone confiscated subsequent to a lawful arrest did in fact, constitute a valid search. While the dissent realized that mobile phones were increasingly becoming the hubs of our digital world, noting that the decision gave “carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person,” I do not believe they fully grasped the gravity of the ruling. 1
Much like Ben Stiller and Owen Wilson’s characters in the movie Zoolander, the dissent’s analysis is based on the assumption that information “can be carried on” or “in” one’s mobile phone, a reality which simply is not the case in today’s increasingly cloud-centric world.
Today, and even more so tomorrow, information will not be “carried on” a phone, but rather, that phone will merely be the vehicle used to access information stored elsewhere, information that would otherwise carry the highest expectation of privacy. Put another way, the device holds, both literally and metaphorically, the address, keys, and means to access one’s digital home, a breach of privacy that would not be tolerated if it occurred in a more tangible sense.
In a world where in reality, nearly every e-mail I have ever sent or received can be accessed by opening a folder on my phone virtually indistinguishable 2 from any neighboring folder that contains locally stored information, the majority’s interpretation grants the state access to nearly everything one says or does on a daily basis. Put another way, how much information do you think won’t be accessible from your mobile phone in 5 years? 10 years? 20? Just scroll through your home screen.3
The majority’s decision was well argued by legal minds much wiser than my own, but even reading through the verbiage of the opinion, discussing the nature of containers and cavities as they relate to what is “in” the phone, it leads one to believe that their analysis is handicapped by outdated concepts of storage and space.4
While it may not be practical to install Faraday cages in every police station to ferret out what information can be gleamed from a mobile device without it querying a remote server (if there is any information at all), the majority’s opinion fails to take into account the reality of how mobile phones are used today, let alone, how they will be most likely be used in the not-to-distant future. While the courts sort out what fourth amendment protections are extended into the digital world, I for one, will be sure to put a password on my phone next time I cross the California state line.5
[photo: Thomas Hawk]
While the question has been pondered to some extent, for example, in Professor Kerr’s 2006 paper Searches and Seizures in a Digital World, or Professor Gershowitz’s 2008 paper, the iPhone Meets the Fourth Amendment, technology has come a long way, even in the past two years, and will continue to evolve in the years to come. ↩
Even for the technologically adept, today, it is hard to tell exactly what information exists “on” my phone, and what information exists “in” the cloud. The subject and sender of an incoming e-mail may be pushed to my iPhone automatically, for example, but the body or attachments may not download until I access the message itself. Today’s calendar entries may be cached on the device (I wouldn’t consider my calendar “stored” on my device — it’s not the master copy), but yesterday’s and tomorrow’s agendas are both retrieved on demand from a distant server unrelated to any hypothetical search to which I may me subject. ↩
Beyond the obvious (e-mail, phone, contact, calendars), there’s dinner reservations, car rentals, TV viewing habits, financial data, recent purchases, even desktop browsing history — it’s like winning the lottery of personal information. ↩
It’s worth noting that the word “server” is not mentioned once in the opinion, yet the phrase “storage capacity” is used no less than five times — a concept that even as early as 2007 was considered a thing of the past. ↩
A password may only delay the inevitable. See Gershowitz, Adam M., Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine? (August 31, 2010). ↩
Ben Balter is a Senior Manager of Product Management at GitHub, the world’s largest software development network, where he oversees the platform’s Community and Safety efforts. Named one of the top 25 most influential people in government and technology, Fed50’s Disruptor of the Year, and winner of the Open Source People’s Choice Award, Ben previously served as GitHub’s Government Evangelist, leading the efforts to encourage government at all levels to adopt open source philosophies for code, data, and policy development. More about the author →