On June 25, the Supreme Court handed down a landmark ruling on digital privacy. In U.S. v. Wurie and Riley v. California, the court unanimously held that police generally require a warrant to search information on cell phones seized from people who have been arrested. Writing for eight of the justices (Justice Samuel Alito issued his own concurring opinion), Chief Justice John Roberts acknowledged that the court understood how this ruling might pose issues for law enforcement but said, “Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple—get a warrant.”
The court was reviewing two cases, one from Massachusetts and one from California, in which arrestees were convicted on evidence obtained from police who examined their cell-phone data. The Massachusetts First Circuit had disallowed the conviction and the California Ninth Circuit had permitted it. The Supreme Court affirmed the first ruling and reversed the second.
The Ninth Circuit’s reasoning, and the U.S. government’s argument before the Supreme Court, was straightforward: the principle that the police can search the possessions of an arrestee is an accepted exception to the Fourth Amendment’s requirements. If you’re arrested, the police don’t need a warrant to examine the contents of your pockets, nor to look in your wallet. The same should hold for the cell phone in your pocket, the argument went, since that kind of search is “materially indistinguishable.”
The Supreme Court rejected that reasoning. As Roberts wrote, claiming that searching cell-phone data is materially indistinguishable from searching physical items is “like saying a ride on horseback is materially indistinguishable from a flight to the moon.”
RELATED STORIES View other articles provided by Symantec:
• Enterprise Mobility
• Secure Mobile Advisors
• Case Study: Quest Diagnostics Mobilizes their Clinicians and Sales Reps
Yesterday’s ruling continues an evolution in Fourth Amendment jurisprudence that increasingly decouples legal tests about search and privacy from a focus on physical objects and places, instead taking greater account of information. Our Fourth Amendment metaphors trace to a 17th-century English ruling known as Semayne’s case, which declared that “the house of everyone is to him as his castle and fortress” (more familiarly, “a man’s home is his castle”); even the sheriff must “signify the cause of his coming” (more familiarly, present a warrant) before attempting to enter. The criterion of physical intrusion was the basis for the court’s ruling in a 1920s case (Olmstead v. U.S.) that upheld the government’s right to secretly wiretap phone calls, on the grounds that the phone lines were tapped on public streets and there was no physical trespass to the building. That decision was explicitly overturned in the 1960s (Katz v. U.S.), with Justice Potter Stewart affirming for the majority that “the Fourth Amendment protects people, not places.” That ruling led to the requirement for a warrant in order to wiretap.
The latest ruling reinforces the idea that the Constitution protects people (and, by extension, their information) rather than places. The court clearly appreciates the range of digital technology and the difference it makes in terms of the “pervasiveness” (to use the court’s word) of digital searches, in view of the storage capacity of modern cell phones. As Roberts writes, comparing digital with physical media, “Most people cannot [physically] lug around every piece of mail they’ve received for the past several months, every book or article they have read,” but they can do just that with cell-phone data. (If people did attempt to treat physical communications that way, they’d need a container of the sort that’s been previously held to require a search warrant.)
In reading the opinion, it’s impressive to see how well the court understands the issues raised by mobile computing. The justices refer to storage capacity and range of apps; they even address law enforcement’s concern over destruction of evidence by means of remote wiping. How nice to see Faraday cages explained in a court opinion!
For me, the most encouraging part of yesterday’s ruling—aside from relief that it did not go the other way—was the demonstration that the court understands something many people do not: the information “on” a cell phone is not necessarily actually on the phone. In Roberts’s words: “Cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference.”
The court recognizes that this will present challenges in future cases, because searching data stored on remote servers raises different issues from searching data that we (supposedly) carry with us. But the distinction between what’s in our pockets and purses and what’s on remote servers is vanishing fast, and it’s about to vanish faster.
At the very same time the court was releasing its opinion in Washington, Google, at its San Francisco I/O event, was announcing the release of Android Wear and showing off a new generation of smart watches that connect to the cloud and perform many smartphone functions. Those, and similar products from Samsung and the forthcoming Apple iWatch (if that’s what Apple will call it), have the tech press proclaiming 2014 the “year of the wearable.” Before long, when police want to search a person, it won’t be just cell phones that are linked to a global infrastructure with gigabytes of sensitive personal information, but also watches, glasses, health monitors, rings, pendants, maybe even clothing with embedded circuits. Google also announced Google Mobile Cloud, a tool for application developers that lets an app’s data move easily and transparently between the cloud and the mobile device.
That takes us a long way from physical trespass as the basis for privacy protection. Our homes may still be our castles, but we don’t need to be at home to be protected by the Fourth Amendment. Our castles are increasingly in the clouds; and the sheriffs are in the clouds as well. Yesterday’s ruling is an encouraging demonstration of how to acknowledge the power of information technology without losing sight of first principles. Let’s hope the court can stay on that path, as must we all.
Hal Abelson, a professor of computer science and engineering at MIT, is a founding director of the Free Software Foundation and Creative Commons. At MIT he teaches 6.805: Foundations of Internet Public Policy.
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
Data analytics reveal real business value
Sophisticated analytics tools mine insights from data, optimizing operational processes across the enterprise.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.