Huge Privacy Win: Warrants Now Required for Searching Arrestees’ Mobile Phones

A victory for the smartphone-toting arrestee, and commonsense.

Police almost always have to get a warrant before intruding into our private spaces. That’s because courts consider warrantless searches to be unreasonable under the Fourth Amendment, subject to rare exceptions.

But searches incident to a lawful arrest can be reasonable without a warrant. Why? Because persuading a judge to issue a warrant takes time — which can allow the arrestee to (a) destroy evidence within their reach or (b) use something within their reach to assault an officer or escape arrest.  So it’s long been considered reasonable to search the wingspan of the suspect to protect the officer, prevent escape, and ensure that evidence is not destroyed (usually chewed and swallowed).

Before today’s decision, police claimed they could also search a smartphone on (or within reach) of a suspect.

But not anymore. Once the smartphone has been removed from your possession there’s no risk that it’ll be used as a weapon or destroyed in an attempt to destroy evidence. So, the Court held, there’s no special emergency that justifies allowing a cop to decide, unilaterally, whether you should have privacy or not — instead of an impartial  judge weighing probable cause against your right to privacy.

The government argued that searching a smartphone is no different than searching any other physical item (say a ziplock bag, or a wallet) accompanying an arrestee.  Justice Roberts, amusingly, called that argument crap — horsecrap, to be exact: “That is like saying a ride on horseback is materially indistinguishable from a flight to the moon.”

This gloriously commonsense analysis is now the law of the land after today’s unanimous decision in Riley v. California.

Is the Court finally starting to grok new technologies? They’re certainly off to a good start.

Surveillance, Mosaics, & What’s Next.

We’ve all had NSA and ECPA on the brain lately, so it’s fair to ask: “Wow! Does this mean an end to warrantless surveillance from the NSA or NYPD?” Sadly, no. The opinion was limited to searches incident to arrest. And if there was any doubt about that, the court felt the need to dispel it in a persnickety footnote at the bottom of page 18:

“Because the United States and California agree that these cases involve searches incident to arrest, these cases do not implicate the question whether the collection or inspection of aggregated digital information amounts to a search under other circumstances.”

Privacy law scholar Dan Solove, however, remains optimistic. He sees Riley as the beginning of the end of the Third Party Doctrine, which says that we’ve no reasonable expectation of privacy in any information we release to another person or business (like Google or Dropbox).

The Court, writes Solove, seems to now recognize that the blanket collection and aggregation of large quantities of our information (even if some of it is public or in the hands of third parties) contravenes our expectations of privacy.  In Riley, the Court seems to endorse what Solove calls the “aggregation effect,” what others call the “mosaic theory” of privacy:

“a cell phone collects in one place many distinct types of information—an address, a note, a prescription, a bank statement, a video—that reveal much more in combination than any isolated record. Second, a cell phone’s capacity allows even just one type of information to convey far more than previously possible. The sum of an individual’s private life can be reconstructed through a thousand photographs labeled with dates, locations, and descriptions; the same cannot be said of a photograph or two of loved ones tucked into a wallet.”

So, SCOTUS, if ya really mean it, if “storage capacity of cell phones has several interrelated consequences for privacy” then wouldn’t the same go for my Google Drive? How about my seemingly bottomless gmail storage?  My hangouts? My iChats? This isn’t apples and oranges, or horses and moon-rockets — it’s simple common sense.

We’ll keep working to fix ECPA (should require warrants for email, cloud, and location data), the Patriot Act § 215 (used by federal agencies to collect phone records without warrants), and FISA §702 (used to legitimize PRISM). But our goal isn’t just better statutes, it’s bringing constitutional law up to speed with the Digital Age — so we don’t have to keep relying on Congress to get privacy protection right when it legislates.

In other words: Barring special circumstances, either get warrant or get off my virtual yard.