A brave new smartphone world
As sometimes occurs with the rapid uptake of a new technology, consideration of the risks lags behind adoption. David McGrath makes a case for being concerned about smartphone usage.
Undeniably, Smartphones, like Blackberry, iPhone and Android make valid claims as a significant new technology.
Combining exceptional interconnectivity (think wifi, wireless mobile, GPS, network etc.) slick interfaces, serious computing power and excellent portability their uptake, both personally and by business in recent years, has been nothing short of dramatic.
Clearly, smartphones are capable of storing immense amounts of both personal and business data often with sometimes surprisingly little security protecting it. The question is, are you clear about what the risks to your business information are?
It might also interest you to know that one of those risks may in fact be coming from the local constabulary.
A recent article by Joshua Engle in Law Technology News “Courts Struggle with Police Searches of Smartphones”, highlights an emerging conflict concerning smartphones in the United States between the police right to police to search and an individual’s right to privacy.
The Fourth Amendment to the United States Constitution, which provides protections against unreasonable searches and seizures, provides that searches conducted without a warrant are per se unreasonable.
There are however some exceptions such as the ‘search incident to arrest’ which permits the searching of an arrested person and the area within their immediate control including possessions. The exception is justified by the need for officer safety and evidence preservation.
The US courts are currently divided over the question as to whether a smartphone should be characterised as another item, like an address book or pager, or something different like a laptop, because of their capacity to store enormous amounts of confidential personal and business information.
The bizarre outcome is that, even if you are arrested for a minor traffic offence, your smartphone including texts, photos, address book contacts and emails could end up being searched by police.
In a similar vein, another U.S article, Michigan: Police Search Cell Phones During Traffic Stops claims that Michigan police are now using “a high-tech mobile forensics device” that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations.
So, could your smartphone be searched in the same way in Australia? Well generally speaking yes. Upon arrest, police are entitled to search you and property in your possession, without a warrant. Again, the justification is evidence protection and police safety.
Of course, there are limits on search powers. Generally speaking, there must be reasonable grounds for suspecting that relevant incriminating information is present and the search conducted should be limited to the original purpose it is being carried out for.
At court, the judge has discretion not to admit evidence which has been improperly or unlawfully obtained by police.
Ultimately however the law of search and seizure is necessarily complex. It strives to strike a balance between a public interest in law enforcement and the protection of individual rights, including privacy. The outcome will often depend on the particular factual circumstances under review.
There is little doubt however that mobile phone evidence can used to devastating effect in court proceedings, to both prove direct facts and undermine witness credibility.
For example, in Powercor Australia Ltd v Pacific Power [1999] VSC 110, mobile telephone records and other documents were used in cross examination to raise doubts about the accuracy of critical evidence given by two witnesses about the course of events on a particular day.
Also, in Charmyne Palavi v Queensland Newspapers Pty Ltd& Anor [2011] NSWSC 274, the plaintiff’s defamation proceedings were dismissed after the court found that she had disposed of one iPhone and had deleted material from another, with the intention of destroying material which could have been used in the proceedings.
In Metz Holdings Pty Ltd v Simmac Pty Ltd [2011] FCA 263, the plaintiff secretly recorded mobile telephone conversations between himself and other parties to the litigation over a six month period.
When he attempted to put the recording into evidence, the defendant argued that the recording was illegal under the Surveillance Devices Act 1998 and should not be admitted.
The judge however found that the recording, made of a private conversation for the protection of the lawful interests of the person making the recording, was in fact permitted under the Act. The recordings, which were relevant to the plaintiff’s claim of unconscionable conduct against the defendants, were duly admitted into evidence.
What About eDiscovery?
When it comes to discovery, will you be burdened with the obligation to also collect, review and disclose contents of your smartphones in addition to all the data on your network?
Again, the answer is yes, it’s quite conceivable that potentially relevant information, particularly emails, stored on a company's smartphone, could be relevant to a proceeding.
For example, in Austal Ships Pty Ltd v Incat Australia Pty Ltd [2009] FCA 368, a Blackberry/proxy server used for communication between the Blackberry mobile phone devices and the email server and 24 Blackberry mobile phone devices were listed by the Incat’s IT Manager as falling within the scope of discovery.
A sound strategy for excluding such portable devices from the discovery process is to ensure that their data is regularly synchronised with the organisation’s network. In this way, it will only be necessary to search the network and ignore the smartphone devices. Similar to the case of backup tapes however, given the likely complexities and burden associated with retrieval of smartphone data, your opponent will likely have to show more than a “theoretical possibility that something might turn up” from the additional search Slick v Westpac Banking Corporation (No 2) [2006] FCA 1712.
Clearly however if a company allows users to hold data separate to the network in a mobile device, it leaves itself exposed to the risk that it will need to separately search these devices.
Bin Laden’s Technology
Just in case you are not convinced of the risks posed by mobile technology consider the recent US operation which finally killed Osama Bin Laden. Americans were jubilant when, on 2 May this year, nearly ten years after September 11, the US finally got their man. It was reported by MSN, however that some consider that the real win was in the intelligence gathered from Bin Laden’s compound# which included 10 hard drives, five computers and more than 100 storage devices.
The thousands of documents recovered, both hardcopy and electronic, have been described by US officials as the “most significant amount of intelligence ever collected from a senior terrorist” revealing a series of planned threats including hijacking and blowing up oil tankers.
Although heavily reliant on technology, it was clear that Bin Laden was aware of the associated risks and took measures to mitigate them. There were no land lines or internet connections at the compound. There was no evidence that he personally used a mobile.
Five mobile phones were however used by his aides. Interception of phone calls from these five mobiles by US intelligence combined with overheard stallite imagery, gave the US a clear picture of daily life at the compound which was invaluable in planning the raid.
Just as the use of mobile technology was critical to Bin Laden’s operations it also contributed to his downfall and will assist his enemies to continue to attack Al-Qaeda.
Clearly, technology is a double-edged sword.
David McGrath is a Sydney solictor with specialist experience in ediscovery.