Just say no

This would not be acceptable to me:

The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations.

If a cop were to ask me to allow him to connect his device to my cell phone the answer would be, “No”. If that wouldn’t be allowed I would attempt to do a hard reset of the phone (know how to do this so you can do it quickly) or attempt to call someone who could remotely wipe it for me.

Via email from retired co-worker Chet.

16 thoughts on “Just say no

  1. This gets even sticker for people in my shoes who carry a blackberry supplied by their employer. I some cases emails on the device ay contain sensitive information. How can I be compelled to turn over corporate information that does not belong to me during a traffic stop without a warrant?

  2. Police Officers are allowed to use Social Engineering techniques to extract information and/or perform actions otherwise not acheivable “without a warrant?”. If Joe said “No” to the officer, the officer can reply with an out right lie to accomplish his goal.
    If an Officer thinks he has probable cause then he can search anything he wants without a warrant, correct?
    “We’ve had reports of war dialing and wireless hack attempts from a mobile device. I need to check your phone. And your laptop.”

    It would not surprise me one bit if they could accomplish this. Or at least fool people into thinking they have the right to do so.

  3. Reading the article, I wonder if a “hard reset” of the phone would be sufficient to prevent this device from being read. From the device’s website:
    “UFED Physical Pro provides access to data inaccessible by logical methods:
    * Phone user lock code
    * Deleted data including: deleted call history, text messages, images, phonebook entries and videos
    * Access to internal application data
    * Phone internal data including: IMSI history, past SIM cards used, past user lock code history”

    Sounds like they are doing a memory dump and just zeroing the directory/FAT/catalog/whatever they call the VTOC today doesn’t actually delete the underlying data and this tool can still extract it.

    I wonder if anything short of smashing the memory unit to bits with a hammer would be sufficient to wipe the phone.

  4. Sigh. Here we go again. “Dear Michigan Cops: Please refer to Amendment 4 of the U.S. Constitution. Quote: “The right of the people to be secure in there persons, houses, papers and EFFECTS, against unreasonable searches and seizures, SHALL NOT BE VIOLATED…” In Layman’s terms, you want to check out my phone, get a Court-Ordered Wiretap with a good case of Probable Cause First. Yours Truly, YOUR BOSSES, the Citizens of the United States.

  5. @danno,

    I couldn’t imagine they could do that with Windows Phone 7 (I’ll try to check the “wipe” source code later). We are pretty hardcore about privacy (I just fixed a privacy bug last week). There are some areas I think we could improve but this isn’t one of them.

    I checked UFED’s website and they don’t support the Samsung Focus which is the most popular WP7.

  6. Doubt the device will work when the phone has a yanked battery. If the phone can’t power up, it can’t give up its contents.

  7. @Tango – Most phones now use micro or mini USB connections to charge. I’m pretty sure their device would power a dead phone.

  8. If faced with loss of the data on your device, and such loss would REALLY screw up your life (think, highly incriminating data, financial mis-dealings, kiddy-porn, etc), you need to be able to disable the device forever, quickly, not just wipe it, you need to be able to destroy it utterly. Nothing less will do. What is a $200-400 replacement cost versus loss of liberty? I would think of some sort of mini-oven in the car into which you could pop the device and melt it within seconds. Something along those lines could be built using smokeless powder as fuel for the oven.

  9. I some cases emails on the device ay contain sensitive information.

    I work at a law firm. Some (though not many, since I do try to keep my work and personal lives separate) texts and emails on my phone contain information that is legally protected by attorney-client privilege. That would be fun for the cops to straighten out in court.

  10. I’ve got my iPhone setup to wipe itself after 10 failures to unlock. I’m curious if that would really wipe it in this situation.

  11. Well, thanks to your previous warnings, my Incredible locks itself a minute or two after I stop using it, and we made sure to buy it over other options because its battery is removable.

    Time to learn how to do a hard-reset to boot…

    Is that an app you have, Jeff, or an inherent functionality of the iPhone platform? If the former, which?

    (On a security related note, the comment pages of your site have been throwing security certificate errors for a little bit now, Joe, thanks to the certificate issued to “www.openidselector.com” by “Starfield Secure Certification Authority”. Just thought you should know…)

  12. The way the gummint works around ALL your rights, silly: The implied consent law. By driving in the state, you give your implied consent to search, especially (but not limited to) DUI stops, etc. Failure to give consent at the time you are pulled over, refusing a breathalyzer, field sobriety test, or to have your trunk rifled through, gives the state the right to revoke your driver’s license.

    Since about 99% of people don’t live within walking distance to their work, this means your choice is simple: your rights, or your job. Certainly an easier choice to make when you don’t have a family to feed, but really, what purpose would this serve, except for the police to determine if you were using your phone to send text messages while driving (which could also be hard to prove if you are using dictation software.)

    Hell, why not just give them a machine to see the car’s computer or GPS data, so they can tell if you’ve been speeding anytime in the last few hours, or if you have OnStar, let them see if you’ve been speeding, ever.

    Officer: “I need to search your cell phone”
    Citizen: “Why?”

    I can’t think of ONE good reason why they would need to search your phone. Further, it is in your best interests to refuse, demand to be released or arrested, and if arrested, say these words: “I want a lawyer.” After that, don’t open your pie hole until you are talking to your lawyer.

Comments are closed.