Despite the US ethos that you’ll be innocent until proven guilty in a court of law, law enforcement finding an excuse to search your digital devices only requires a presumption of wrongdoing. The tech to do this already exists, and murky legislation lets it happen, speakers from the Legal Aid Society said at DEF CON last Friday.
“Technically and legally there’s not much really truly blocking the government from getting the information they want if they want it,” Allison Young, digital forensics analyst at The Legal Aid Society, told Engadget. It’s easy, too. Without picking up any new skills or tools, Young was able to use her existing expertise in the field and access to forensics tools to find sensitive data that could be used to, for example, prosecute someone being targeted for getting an abortion as it becomes increasingly illegal across the country.
The problem isn’t just the state of local law either, but it’s embedded in the Constitution. As Diane Akerman, digital forensics attorney at the Legal Aid Society explained, the Fourth Amendment hasn’t been updated to account for modern problems like digital data. The Fourth Amendment intends to protect people from “unreasonable searches and seizures” by the US government. This is where we get legal protections like warrants, where law enforcement needs court approval to look for evidence in your home, car or elsewhere.
Today, that includes your digital belongings too, from your phone to the cloud and beyond, making way for legal loopholes as tech advancements outpace the law. For example, there’s no way to challenge a search warrant prior to it being executed, Akerman said. For physical evidence that makes some sense because we don’t want someone flushing evidence down a toilet.
That’s not how your social media accounts or data in the cloud work though, because those digital records are much harder to scrub. So, law enforcement can get a warrant to search your device, and there’s no process to litigate in advance whether the warrant is appropriate. Even if there’s reason for the warrant, Akerman and Young showed that officers can use intentionally vague language to search your entire cell phone when they know the evidence may only be in one account.
“You litigate the issues once they already have the data, which means cat is out of the bag a lot of the time and even if it’s suppressed in court, there’s still other ways it can be used in court,” Akerman said. “There’s no oversight for the way the government is executing warrants on digital devices.”
The issue only exacerbates across the third-party apps you use. As of right now, the protections of the Fourth Amendment have not been extended to all cloud data and other digital data, Akerman said. The government can often very easily get information from the cloud because of that, even if it’s not entirely relevant to the case. “You would be furious if police busted down your door and copied five years of texts for you walking out on a parking ticket five years ago, it’s just not proportional,” Young said.
There are no easy ways for an individual to better protect themselves from these searches. On a case by case basis, there are ways to lock down your device, but that changes with every update or new feature, Young said. Instead, both speakers pushed to put the onus back on the systems and structures that uphold this law, not the individuals affected by it.
“I live in a world where I have to opt out of modern society to not have other people housing my data in some way,” Akerman said. “The question really should be like, what responsibility do those people have to us, since they have made us into their profit, rather than forcing me to opt out in order to protect myself?”