Home Music and Digital Media Techdirt. Federal Court Says Dismantling A Phone To Install Firmware Isn’t A ‘Search,’ Even If Was Done To Facilitate A Search

Federal Court Says Dismantling A Phone To Install Firmware Isn’t A ‘Search,’ Even If Was Done To Facilitate A Search

Techdirt. 2024-12-04

This is probably the correct conclusion to arrive at, at least at this point in extremely limited jurisprudence, but it still raises some questions courts will likely have to confront in the future. Is manhandling a phone to make it responsive to a search itself a search, or does the Fourth Amendment not kick in until after the search of the phone’s contents occurs? (h/t FourthAmendment.com)

As is often the case when Fourth and Fifth Amendment concerns are raised during evidence suppression efforts, this one involves alleged possession of child sexual abuse material. That doesn’t mean the defendant doesn’t raise good points. That just means the public is less likely to sympathize with the defendant. It also means — given the hefty sentences often handed to child sexual abusers — they have more reason than most to try to get the evidence suppressed.

It doesn’t work here, though. The court notes in the opening of its decision [PDF] that the final search occurred months after devices were seized. And the search that produced the evidence used here wasn’t possible until after the government had done a lot of other stuff to the suspect’s phone.

The Government executed a search warrant at Defendant’s residence and seized fifty-two devices, including an iPhone and an iPad. Law enforcement identified contraband on several devices, but could not examine the iPad, which was passcode-protected, or the iPhone, which would not power on. The Government retained the iPad and iPhone for over a year.

Eventually, with the assistance of a digital forensics expert who had not previously been involved in the investigation, the Government was able to repair the iPhone and power it on. The Government then applied for, and received, a new search warrant. Pursuant to this authority, agents searched the iPhone and—thanks to intervening developments in digital forensics tools—the iPad.

First of all: wow. “Seized 52 devices.” I’d love to see a list of these devices because I don’t think I even own enough items with screens and/or internet connectivity in any condition to fill up an inventory list with 22 slots, much less the 52 taken here.

Second, there’s this twist: the government held onto all of these for more than a year and had to bring the suspect’s iPhone back to life to search it. The most logical assumption would be that a non-working device would be of limited evidentiary value. But the DHS (whose Homeland Security Investigations unit took point in this case) apparently felt otherwise.

What’s almost hidden here is that reviving the phone led to the government being able to crack it, despite the presence of a passcode. And, in case you’re still wondering about the value of walled gardens, cracking the iPhone immediately led to cracking the iPad, which suggests if the government has one Apple device owned by a suspect it can get into, it can probably get into the rest of their Apple devices.

There are more details further on in the court’s discussion. HSI took control of 52 devices in May 2022. Investigators couldn’t break into the devices so they applied for an extension two months later, which gave them another six months to accomplish this. HSI still couldn’t crack the devices so another six-month extension was sought. And granted, bringing this 14 months of no movement forward on the searches originally approved back in May 2022.

And that raises another question that isn’t answered here: do temporal limitations on warrants even matter anymore? I mean, if the government can just ask for (and obtain) six month extensions at will, why even bother placing time limits on the original warrants? At best, this only means government agents who are too stupid to seek a rubber stamp before expiration might see their evidence suppressed. At worst, it means the government is free to fold, spindle, and manipulate seized devices in perpetuity, because few judges are willing to tell the government that if they don’t have the stuff they’re looking for by now, they’re probably never going to get it.

Now, the narrative says the iPhone was “inoperable” (to use HSI’s own words). But the DHS sent it out to a “partner forensic laboratory” (I’m going to assume this was the FBI), which was able to finally obtain access to the phone by:

replacing its circuit board and re-flashing the device’s firmware.

Now, that looks like the sort of thing not covered or considered by previous case law or the original warrant request. This is something else. This is another government party extensively modifying seized property to make it more receptive to phone-cracking efforts. One would think a court would need to be apprised of this opportunity before it became a reality, if for no other reason than the original warrant only authorized a search, not the literal cracking of a cell phone (or its casing, at least) to replace a circuit board and install new firmware.

I think the defendant raises a good point. But I also think, given the lack of precedent, the court is not completely wrong to rule that reviving a device so it can be searched isn’t actually a search under the Fourth Amendment. To put it in other physical terms, no court would believe pulling a car out of the water after dredging a lake would be a search, even if the recovered vehicle was searched pursuant to a search warrant.

But maybe that’s not the best analogy. What if the onboard electronics were damaged and investigators had a warrant authorizing the recovery of GPS data and anything else recorded by onboard systems? Would it be ok to take the car to the shop to have the electronics re-flashed and the touchscreen replaced to provide easier access to stored info? If we look at it that way, I’m not so sure this should happen without a visit to the court to either extend the confines of the existing warrant or to submit a new one that addresses what efforts the government will be engaging in to recover this information.

As it stands now, firing up a phone defibrillator (so to speak) isn’t a search and therefore isn’t a Fourth Amendment violation. But that ruling won’t last. Investigators will, at some point, perform a resurrection a court can’t cope with. It’s one thing to seize, hold indefinitely, and hope for the best. It’s quite another thing to perform a series of physical and digital acts on a device — all without informing the court of your intentions — and pretend the circumstances are the same as they were more than a year earlier. If courts are going to ignore time limits just because cops haven’t gotten what they wanted in the first 6-18 months they’ve been in control of a device, the least they can do is start questioning the methods they use after the usual stuff has failed to give them what they want.