* * *

Last week, two separate news items highlighted the importance of what your phone knows. First, the American Civil Liberties Union in Michigan went public with its Freedom of Information Act request for data on how the state police are using a hardware system called Cellebrite UFED. The ACLU suggested that state troopers were using the UFED during routine traffic stops. While the $4,000-8,000 price tag of the systems would suggest it's unlikely that many cops have the systems in their cars, even the possibility of such a practice has got to set Fourth Amendment alarm bells ringing from here to 1791. Here's a word of advice: if a law enforcement official ever asks for your phone, just say no.

In a June 2008 article, Cellebrite bragged that it had sold 3,500 Cellebrite devices in the eleven months the UFED had been on the market. Throw in other common devices from companies like Cellebrite, Parabens, Micro Systemation and Katana Forensics, makers of Lantern, and you can begin to see the scale of mobile phone data extraction that must be occurring across the nation's law enforcement landscape.

I don't say that to suggest that the police are doing anything wrong. Like computers, phones certainly seem like fair game for investigators. They're scrambling like the rest of us to keep up with a rapidly changing mobile technology landscape that's forcing strange ethical choices onto them. Let's say someone was texting while driving, which may be against the law in your state. They might want that evidence, so they extract the data from the phone and when they look at it, lo and behold, there are several time-tagged photos of the person getting high earlier that day. Suddenly, a minor ticket gets turned into a DUI.



We're not sure how the courts are going to decide whether evidence like this is admissible because it's complicated. Doctrines like "plain view" -- that cops can seize evidence without a warrant if they can see it -- require informational friction and human embodiment to make sense. With a searchable stash of a phone's data, what is in plain view? What isn't? It's just so easy to find out more than you asked.

The other big mobile data news last week came out of O'Reilly's Where 2.0 conference during which two researchers showed in dramatic fashion that the iPhone keeps a location log of where the phone has been, a fact which Apple had declined to tell anyone and which had first been discovered by the same guy who helped Katana Forensics managing director Sean Morrissey create the Lantern software that opened up my phone for inspection.

* * *

Alex Levinson assisted on Lantern from his living room in Rochester, New York. He's still a student at Rochester Institute of Technology*, but he tells me that his room is "basically an information security and forensic laboratory." He ticks off the equipment at his disposal: four MacBooks, a couple other laptops, two desktop boxes running different operating systems, two iPhones, a couple Droids, a Blackberry, all kinds of wireless and networking equipment and terabytes of storage. He may also know Apple's iOS as well as anyone in the world. A mere 48 hours after Apple released the iPhone 4, Levinson had patched Lantern to support the upgrade. He waited in line for ten hours and spent the next two days poking around the file system that sits underneath the ultraslick user experience.