Never mind what's in your wallet what's in your iPhone?

The astonishing amount of personal data police can extract from your smart phone

A Michigan search warrant details all of the information police were able to extract from one women's iPhone seized from her bedroom last September

By Lesley Ciarula Taylor
Wednesday, February 27, 2013

The American Civil Liberties Union has detailed the astonishing amount of personal data contained on one woman's smart phone. (Josep Lago/AFP/Getty Images)

Your locations, even the deleted ones. Your chats. Your web browsing history. Your data files, even the deleted ones. And thousands more personal details buried on your mobile phone.

The American Civil Liberties Union has published details from a Michigan search warrant of all of the information police were able to extract from one woman’s iPhone seized from her bedroom last September.

“Before the age of smartphones, it was impossible for police to gather this much private information about a person’s communications, historical movements and private life during an arrest,” ACLU principal technologist Chris Soghoian wrote.

“Our pockets and bags simply aren’t big enough to carry paper records revealing that much data. Today, five-year-old emails are just a few clicks away.”

The findings have strong resonance in Ontario, where the Court of Appeal on Feb. 20 declared police can search any cellphone if it is not password-protected.

Police can still search a cellphone that is password-protected, but they need a search warrant, the court said.

In the U.S. case, police needed and won a search warrant, but American courts remain divided about whether it is necessary, Soghoian said.

The data stripped from the Grand Rapids, Mich., iPhone was done by Cellebrite, a company devoted to decoding and extracting information from mobile phones. They sell a variety of portable data mining machines.

The state-sanctioned hack of the Michigan phone, for example, revealed “Monica’s” 104 call logs, eight passwords, 422 SMS messages, six wireless networks and 10,149 data files of audio, pictures, text and videos, 378 of them deleted.

“The delete button on the phone should really be called the ‘hide’ button, because the data is still there, you just can’t see it,” Rod McKemmish, the head of the IT forensics practice at corporate advisory firm PPB Advisory, said after recovering files that let to the resignation of the Australian parliamentary speaker, Peter Slipper.

“In the forensic process we can bring it all back.”

Bradley Schatz of the Queensland University of Technology told the Australian Financial Review that smartphones were designed to keep data until the device runs out of all the space it has.

“The memory inside many of these small-scale digital devices is called flash memory, which is the same kind of memory that you would find in a USB key,” Schatz said.

Cellebrite, a subsidiary of the Sun Corp., is developing a “device wipe” that can scrub the memory of mobile phones. Device wipe is also an “enhanced” feature of Microsoft Exchange Server 2007 and available on Blackberry phones.

The Canadian Civil Liberties Union and the Criminal Lawyers’ Association had argued before the Court of Appeal for Ontario against police searches of cellphones.

“Text messaging is basically the equivalent of a modern wire tap. The court really understated the expectation of privacy that Canadians have in their cellphones,” said Susan Chapman, who spoke for the lawyers’ association.

For Chapman, the verdict was a disappointment. “This is a very insidious practice. There has to be some limits on the ability of police access.”

Ontario Justice Robert Armstrong had dismissed the appeal of an armed robbery conviction by Kevin Fearon, who contended his Charter rights were violated by the phone search without a warrant.