Blog

Should You Wipe Your Phone When Getting Arrested?

Nathan Bartram

Nathan Bartram

7 min read
Should You Wipe Your Phone When Getting Arrested?
Photo by Samuel Angor / Unsplash

Privacy isn’t just about data. It’s about control. We often use security as a means to enforce privacy - for example, encryption forces providers to respect our wishes rather than simply pinky-promising they won't do anything untoward. And threat modeling requires us to ask ourselves to weigh the tradeoffs vs the consequences in the case of a risk.

At the intersection of these ideas we often find a particularly powerful but niche feature of many privacy-focused devices: the ability to quickly wipe a device in the face of danger. CalyxOS offers this in the form of a Panic Button, and GrapheneOS offers a duress PIN. But last week, we saw that these tools may not be right for every situation.

On December 9, an activist from Atlanta, Georgia was arrested and charged for allegedly wiping his phone before Customs and Border Patrol (CBP) was able to search it. This became the headline story for This Week in Privacy, so to make sure I was prepared I consulted with a lawyer I know. Thankfully, she had a lot to say on the matter. Sadly, most of it was professional opinion because I was quickly informed that cell phones are a legal gray area in the US right now.

The legality of phone search overwhelmingly comes from a 2014 court case called Riley v California. David Riley was pulled over while driving for having expired tags on his vehicle. During this routine stop, police also discovered that his license was expired. As such, the police impounded the car. During this process, police searched the car for inventory purposes and found two hidden (and loaded) handguns, as well as "gang paraphernalia." This prompted an arrest. During an arrest, police are authorized to search the person being arrested and the immediate area (such as the car) to ensure officer safety. As part of that search, the police searched Riley's phone.

Later, Riley argued that the search of his phone was a violation of the US Constitution's 4th Amendment because the data on the phone presented no risk to the police. Ultimately the Supreme Court agreed with Riley and thus it became legal precedent that searching a phone might require a warrant in some cases.

Adding to this already very narrow ruling are further legal complications at the border. There's a 100-mile buffer zone within any land, sea, or air border (Atlanta International Airport, for example) that gives CBP extra authority and weakens the rights of people in that zone, including citizens. Within that zone, CBP is allowed to do "routine searches" without a warrant on anyone. What's a "routine search?" Great question. We only know what it isn't: if it requires an agent to use "external equipment" to "review, copy, and/or analyze its contents" or gain access, it's no longer routine. This basically means anything that doesn't involve Cellebrite could potentially qualify as "routine."

There have been numerous court cases that have challenged the legality of searching phones, but none have gone before the Supreme Court to settle the answer once and for all. In the meantime, the lower courts have given a series of conflicting responses. Some courts have ruled that warrants aren't required, others have said they are.

The Atlanta story seems clear cut at first - after all, 404 Media suggests that the activist wasn't under arrest yet - but it's likely still not an open-and-shut case. For starters, we don't have any details at the time of this writing, so we don't if that's true or what the circumstances of his possible arrest were. Regardless, one could argue that if the activist knew that an arrest was imminent, then wiping his phone could be treated the same as flushing drugs down the toilet knowing that the cops are knocking on the door, which would likely qualify at very least as "obstruction of justice" and/or "destruction of evidence."

A Practical Compromise

An individual's privacy and/or security posture is about finding the right balance between convenience and protection, which is a largely subjective line that varies from person to person. This is the reason behind threat modeling: it lets you know if you need to do more to protect yourself or that it's okay to dial it back a little bit if you're going too far rather than continue to subject yourself to unnecessary stress and frustration.

There are truly some people with extremely high threat models, people who can't afford to make a single mistake or for whom the gamble of a court case is worth the guaranteed protection of keeping that data from falling into the wrong hands. And likewise, there are some people who are prepared to sacrifice everything for the sake of ideology. But for most people, there is a line in the sand. Most people have families, jobs, and other priorities that would be seriously inhibited by sitting in a jail cell or fighting a prolonged court case.

This seems to leave us with two choices: reset our devices and risk prolonged legal hassle, or simply hand over our phones and suffer the humiliation of a privacy invasion. But as with most things in privacy, I think there is a middle ground that's acceptable for most people.

The Panic Button

Before I offer actual solutions, I want to address Calyx OS's panic button feature. While both Graphene and Calyx offer ways to quickly and completely factory reset your phone, only Calyx OS's panic button (a built-in integration of Ripple) can be configured to erase specific apps such as Signal while leaving the rest of the phone otherwise untouched. At first glance, this seemingly offers an advantage because erasing a few apps is less suspicious than having a phone that's clearly not new but somehow is on the initial setup page. (And if you prepared your phone properly, it would only contain data from that day such as any pictures or videos.) However, my research suggests this is a risky gamble. If you're lucky, the cop searching your phone shares this line of logic, decides that there's not enough evidence, and lets you go. But if they decide to arrest you anyways, forensic analysis can reveal that the apps were removed and thus you might still be open to the same "obstruction of justice" charge mentioned earlier. So what are the real solutions?

Digital Minimalism

I have long advocated for digital minimalism: the idea that you should strive to keep your digital life as small as possible. This includes things like not signing up for unnecessary accounts, deleting old content you no longer need, and keeping apps off your phone as much as possible.

Needless to say, many of these words as subjective, like "unnecessary" and "as much as possible." The right amount of digital minimalism - or even the possible extent of it - will vary person to person. But finding that sweet spot for yourself can help you reduce the risk to your data. If the data was never on your phone to begin with, then you never need to worry having it fall into the wrong hands. Try to avoid putting things on your phone if you don't have to - especially sensitive data - in the form of banking apps, email apps, and more. Enable disappearing messages and wipe old content you no longer want or need like photos.

BFU

While much of phone-related law is still up in the air, one piece of precedent seems relatively consistent: your password. As it currently stands, you are never required to hand over your password as that violates the 5th Amendment. A court may require you to unlock a device, but not to hand over your password. Therefore, if you suspect your phone might be confiscated or you might otherwise be about to lose control of it, reboot it. This will put your phone in "Before First Unlock" or BFU state. In BFU state, your phone will require the password or PIN to unlock for the first time, even if you normally use biometrics (I would still recommend disabling biometrics prior to attending any sort of high-risk event, and of course you'll still need a strong password or PIN in this case). As a secondary bonus, this is the most secure your phone can possibly be in case the police decide to do a more advanced forensic search. iPhones only offer the option to shut down your phone, which is fine. Androids offer more options to power off, reboot, or "Lockdown." When selected, Lockdown will disable biometric unlock options as a few other things, but is not as secure as a full reboot or shutdown.

Disclaimer: I did get the help of my aforementioned lawyer friend to look over this article, but it's important to note that every situation is unique and that she's 1) not your lawyer, and 2) not specialized in this area of law. Any time you're facing arrest, your best bet is always to remain silent and demand a lawyer.

When I first got into privacy, I told people how empowering and exciting it felt. I said that it felt like I was in a spy movie but without the risk of torture or death for messing up. Duress PINs and panic buttons are really cool, and I think that's why the community is largely drawn to them. They're exciting and empowering and feel cool. But I think sometimes we get so caught up in the excitement and romance of all these very powerful tools and lose sight of the practicality. Perhaps that particular activist really did have data worth protecting and would do this again, despite the legal repercussions. Regardless, we know have a better idea of some of the possible risks of these tools, and we can adjust our threat models accordingly. My sympathies go out that person, but we bystanders now have the chance to think about what we would do in that situation. Take advantage of this story to really consider your own threat model - especially the "how much effort am I willing to go through?" part - and prepare ahead of time rather than being caught off guard and taking that risk unnecessarily in the moment.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here.

Read more