Privacy

Police can search smartphone without a warrant on arrest

Smartphones today hold our entire digital lives. Not only do they hold our intimate emails and text messages, but much more importantly our smartphones also contains apps such as Dropbox and OneDrive which are already logged in and allows access to a treasure trove of our most personal files in the cloud. What happens when the police get a hold of our smartphone?

The good news is that the courts realize our smartphones are used to do more than just make phone calls, and recognize that a search of a smartphone is much more intrusive than, for example, a simple search of a bag. In R. v. Fearon, 2014 SCC 77, the Supreme Court wrote at at para 51:

[…] the search of cell phones, like the search of computers, implicates important privacy interests which are different in both nature and extent from the search of other “places” […]. It is unrealistic to equate a cell phone with a briefcase or document found in someone’s possession at the time of arrest. As outlined in Vu, computers — and I would add cell phones — may have immense storage capacity, may generate information about intimate details of the user’s interests, habits and identity without the knowledge or intent of the user, may retain information even after the user thinks that it has been destroyed, and may provide access to information that is in no meaningful sense “at” the location of the search […]

Moreover, the Supreme Court at para 53 recognizes that the law should not treat a smartphone differently whether it is password protected or not:

An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone.

But the good news ends there. In a ruling released today, the Supreme Court held in R. v. Fearon, 2014 SCC 77 at para 64 & 83 that the police can search a smartphone without a warrant when arresting a suspect, and that this does not infringe on our constitutional rights against unreasonable search and seizure (which is what s. 8 of the Charter is all about):

I therefore reject the idea that s. 8 of the Charter categorically precludes any search of a cell phone seized incidental to a lawful arrest.

[…]

To summarize, police officers will not be justified in searching a cell phone or similar device incidental to every arrest. Rather, such a search will comply with s. 8 where:

(1) The arrest was lawful;

(2) The search is truly incidental to the arrest in that the police have a reason based on a valid law enforcement purpose to conduct the search, and that reason is objectively reasonable. The valid law enforcement purposes in this context are:

(a) Protecting the police, the accused, or the public;

(b) Preserving evidence; or

(c) Discovering evidence, including locating additional suspects, in situations in which the investigation will be stymied or significantly hampered absent the ability to promptly search the cell phone incident to arrest;

(3) The nature and the extent of the search are tailored to the purpose of the search; and

(4) The police take detailed notes of what they have examined on the device and how it was searched.

This is in contrast to a series of rulings by the Supreme Court recently in R. v. Spencer, 2014 SCC 43, R. v. Vu, 2013 SCC 60, and R. v. Telus, 2013 SCC 16, where the court concluded that searches of a computer in a residence required a separate warrant for computer data, and searches of records at a telecommunications provider also required a warrant.

Fearon was a narrow 4-3 decision with a strong dissent, and in time it may be overturned. However,  given the state of the law at the moment, it would be prudent to lock your phone with a strong password (instead of a biometric feature like a fingerprint or a weak 4 digit passcode), and to enable strong data protection/encryption.  Finally, keep in mind that if questioned by the police, you are under no obligation to answer any questions, incriminate yourself, or to disclose your password to the authorities.

Telus records all your texts

Yesterday, the Supreme Court in R. v. Telus, 2013 SCC 16 made an interesting ruling on what types of warrants are applicable to text messages under the Criminal Code.  What’s interesting isn’t the ruling – as expected, the Court decided that text messages are “private communications” and require a more specific warrant authorizing the interception of private communications rather than a general warrant order.

What’s really interesting is this case provides a glimpse into the internal workings of Telus as it processes text messages from its mobile subscribers.

It starts off quite normally, just like any other service provider:

When Telus subscribers send a text message, the transmission of that message takes place in the following sequence.  It is first transmitted to the nearest cell tower, then to Telus’ transmission infrastructure, then to the cell tower nearest to the recipient, and finally to the recipient’s phone.  If the recipient’s phone is turned off or is out of range of a cell tower, the text message will temporarily pause in Telus’ transmission infrastructure for up to five days.  After five days, Telus stops trying to deliver the message and deletes it without notifying the sender.

But then things get interesting:

Unlike most telecommunications service providers, Telus routinely makes electronic copies of all the text messages sent or received by its subscribers and stores them on a computer database for a period of 30 days. Text messages that are sent by a Telus subscriber are copied to the computer database during the transmission process at the point in time when the text message enters Telus’ transmission infrastructure. Text messages received by a Telus subscriber are copied to the computer database when the Telus subscriber’s phone receives the message. In many instances, this system results in text messages being copied to the computer database before the recipient’s phone has received the text message and/or before the intended recipient has read the text message.

This is interesting for a few reasons:

  1. If the sender or recipient of a text message is on Telus, then the text message will be stored for at least 30 days, and
  2. In light of this SCC ruling, Telus will give up the contents of all your text messages for the last 30 days when given a specific warrant under Part VI of the Criminal Code that authorizes the interception of private communications. However, for other mobile providers which don’t routinely store text messages like Telus, even when given such a specific warrant for the interception of private communications, they will be unable to supply the police with the contents of your previous text messages because no record of it exists.