Smartphone searches – using encryption to protect yourself
Apple has been grabbing headlines as of late, for its high-profile battle against the FBI and DOJ over unlocking an encrypted iPhone. While this issue may seem important only to terrorists and others with something to hide, the long-term legal ramifications will undoubtedly affect all Americans.
This particular fight could take years to resolve. But that doesn’t mean there aren’t steps you can take right now to protect your sensitive data from being used against you — in a court of law, by hackers bent on financial gain, or anyone who might want to violate your privacy.
In the last few years, Americans have become much more concerned with the security of their smartphone data. Aside from the hacking incidents frequently in the news, the federal government is aggressively pursuing access to locked cell phones, and even some local police departments have access to advanced cell phone surveillance technology. As such, there is a very real danger that information retrieved from your mobile phone could be used against you in a court of law.
Any adult who uses a smartphone should know how to protect their privacy in the event they are arrested or detained by police. Knowing your rights is key to ensuring they are upheld.
Warrantless searches of smartphones prohibited
In 2014, the Supreme Court issued a unanimous ruling stating that law enforcement agencies cannot search the phones of people they arrest without a warrant. This means that if you are pulled over by a police officer or taken into police custody, they cannot legally search your phone without your consent. Withholding consent forces the police to obtain a search warrant from a judge, which requires them to show that they have “probable cause” to believe that the phone contains evidence of suspected criminal activity.
Your right to remain silent extends to your passwords
While the police may be able to obtain a warrant to search your smartphone, actually searching it may be easier said than done. The Fifth Amendment to the United States Constitution states that “no person shall be compelled in any criminal case to be a witness against himself,” and recent case law has held that forcing a suspect to divulge electronic passwords or encryption keys violates that right.
In a 2010 case, United States vs. Kirschner, the Eastern District of Michigan ruled that a grand jury subpoena that would have forced a defendant to provide the password to decrypt his hard drive was unconstitutional because it violated the defendant’s Fifth Amendment rights. Subsequent court decisions have upheld this standard.
Data encryption provides another level of protection
Although the Fifth Amendment may protect you from being forced to provide your smartphone unlock code, law enforcement (and hackers) have tools which enable them to defeat the lock screen and access your data. Since this would render any Fifth Amendment concerns moot, anyone concerned with safeguarding data on their smartphone should consider using encryption. Encryption stores your smartphone data in a “scrambled” form, making it unreadable to anyone who doesn’t have the decryption key. But if you forget your password, you are also out of luck – so don’t use encryption unless you are sure you can remember the unlock code.
Most smartphones on the market today have built-in encryption software. For iPhones that use iOS 8 and above, all significant data on the phone is automatically encrypted. This includes messages, photos, call history, contacts – basically any information that the police could potentially use against you if they obtained it.
Enabling encryption on your smartphone
For Apple iPhones running iOS 7 or earlier (like the popular iPhone 4), encryption must be enabled manually. To do so, first tap the “Settings” option on your home screen. From there, select “Touch ID and Passcode” (or simply “Passcode” for older devices that lack a fingerprint scanner). Then, tap the button that says “Turn Passcode On”. This will allow you to set a simple four-digit number code or a longer alphanumeric code. Generally, the longer and more complex the code, the more difficult it is for someone to crack. Trying every possible combination, it would take about five years to break a six-digit alphanumeric code that contains numbers, uppercase, and lowercase letters. Once the passcode has been set, go back to the “Settings” menu. At the bottom of the page, you should see “Data protection is enabled”. Your phone is now encrypted and protected.
Android users can also encrypt their smartphones. Make sure your phone is plugged in before beginning since Android encryption can take an hour or longer depending on the amount of data. The procedure for enabling encryption may vary based on the customizations applied to Android by the phone manufacturer. But for most phones, open the Settings screen and tap “Security”. Then tap “Screen Lock” and then “PIN or Password”. The phone will now prompt you to set up a PIN or password. Again, a more complicated code will be more secure than a simpler one. After setting up your password, open the Settings screen again, tap “Security”, and tap “Encrypt Phone”. Enter the lock-screen password when prompted and agree to the warning message. Do not use the phone while the encryption process is running. A progress indicator will let you know how much time is left until encryption is complete.