The road to jail is paved with smart phones

Could you get me out of jail?
(Man I aint even done nothin’)
Could you get me out of jail?
(Aye look, aye somebody get my cell phone. Aye get my cell phone.)
Could you get me out of jail?
From Get Me Out Of Jail by Petey Pablo

Possibly the coolest innovation spawned by Apple’s now ubiquitous iPhone was the concept of “jailbreaking” whereby iPhone owners, myself included, could free their device from the Apple/AT&T apps/carrier monopoly by using hacked firmware. Well now, thanks in part to the Supreme Court of the State of California, your phone may require you to do some very literal jailbreaking. This article by Ryan Radia in Ars Technica explains the situation thusly.

[The] decision in People v. Diaz (PDF), [holds] that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

So if you live in or plan to visit California any time soon it would probably be a good idea to lock down your cell phone and plan on doing a little time for obstruction or contempt. “Now just hang on a gosh darn minute there, bucko!“, you’re thinking about now, “I’m a law abiding citizen with nothing to hide, so how can this possibly affect me?“. With all due respect and attendant snarkiness, you are probably a criminal whether you know it or not. Sorry, it’s sad but true. There is a disturbing phenomenon called overcriminalization, described by the Heritage Foundation as follows.

Federal criminal law has exploded in size and scope. Federal criminal law used to focus on inherently wrongful conduct: treason, murder, counterfeiting, and the like. Today, an unimaginably broad range of socially and economically beneficial conduct is criminalized. More and more Americans who are otherwise law-abiding are being trapped and unjustly punished.

Regular readers of this blog, other than you Captain X-Ploit fans who consider laws as challenges to be hacked and overcome, will recall that past entries like this and this detail egregious legal abuses in the name of copyright enforcement. So given the penchant of the entertainment industry and their trained stooges in congress [sorry, that’s a bit harsh – the Three Stooges as well as Iggy and the Stooges were much smarter than congress – but I digress] to criminalize all sorts of behaviors that interfere with their unmitigated money grab (er… IP protection) I would ask you law abiding citizens this question, How certain are you that the music and videos on your smart phone are “legal” and not “pirated”?Now that’s just ridicules!“, you might respond, “Law enforcement does not enforce those kind of laws.” You think? Sorry to disabuse you of your delusions of freedom, but I’ve written about that very thing in this entry entitled Over the top copyright enforcement insanity.

Or how about those of you who engage in “sexting”? If your “sexts” sometimes include racy photos whose subject was under the legal age of adulthood at the time of the photo that’s child pornography. Or how about that clueless, tasteless friend you have – you know who I mean – that insists on sending you off-color jokes that are illustrated. If you get your email on your smart phone, and who doesn’t nowadays, guess what – potential pornography again. Law enforcement calls that “probable cause”, and no it doesn’t matter that you’ve deleted them. The point is this, again summed up by Ars Technica.

A May 2010 study from the conservative Heritage Foundation and the National Association of Criminal Defense Lawyers found that three out of every five new nonviolent criminal offenses don’t require criminal intent. The Congressional Research Service can’t even count the number of criminal offenses currently on the books in the United States, estimating the number to be in the “tens of thousands.”

So you are almost certainly a criminal whether you intend to be or not. And here is the rub: when I mentioned “locking down” your smart phone earlier, I failed to mention that it’s rarely possible to do so.

While police cannot force you to disclose your mobile phone password, once they’ve lawfully taken the phone off your person, they are free to try to crack the password by guessing it or by entering every possible combination (a brute-force attack). If police succeed in gaining access your mobile phone, they may make a copy of all information contained on the device for subsequent examination and analysis.

A “brute force” attack on a 4-digit lock code as the iPhone has, is hardly a daunting task since 80% of you will use “1234” or “1478”. Furthermore,

In many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software.

Ideally you would want full-disk encryption on your mobile device – just like you use on your laptop or netbook computer. But the news is grim in this area as well.

Unfortunately, few consumer-grade smartphones support full device encryption. While there are numerous smartphone apps available for encrypting particular types of files, such as emails (i.e. NitroDesk TouchDown), voice calls (i.e. RedPhone), and text messages (i.e. Cypher), these “selective” encryption tools offer insufficient protection unless you’re confident that no incriminating evidence exists anywhere on your smartphone outside of an encrypted container.

Despite the generally sorry state of mobile device security, a few options exist for privacy-conscious mobile phone owners. Research in Motion’s BlackBerry, when configured properly, is still widely considered to be the most secure smartphone platform. In fact, BlackBerry’s transport encryption is so robust that a few foreign governments have recently forced RIM to install backdoors for law enforcement purposes.

So basically if you want real protection, get a Blackberry. In the meantime there are some steps we non-Blackberry users can take to help shore up our eroding fourth amendment rights.

You should store your mobile phone in your luggage, footlocker, or in some other closed container that’s not on your person, particularly when driving an automobile. (For more on this subject, see our 2008 article summarizing the search incident to arrest exception in the context of mobile phones. Also see The iPhone Meets the Fourth Amendment, a 2008 UCLA Law Review article by law professor Adam Gershowitz.)

So always lock your phone and put it in a bag in the trunk when you drive. That’s a really good idea for a whole lot of reasons, many of which are your fellow travelers who won’t be at risk of you causing an accident because you won’t be able to text and drive.