Your phone is confiscated by the authorities. What can you do to minimize damage once it's returned to you?
So, you’ve been arrested covering an event. You’re taken to the police station, you’re booked, and your phone is confiscated. When you’re let out, after a few hours or even a few days, your phone is handed back to you in a plastic baggie; the SIM card and SD card taped to the back. Someone has definitely gone through your digital belongings.
Your digital belongings - phone, SIM, SD card data could have been copied and gone through.
Your phone may have been turned on, apps and browsers opened. The cops might have access to any accounts your phone was logged into, this means they may have read personal communication, noted your personal accounts including email addresses, social media account names to follow, sent messages or made posts using your log in.
The SIM card contains a lot of personally identifying information that ties the phone to its user. It can also contain contact lists as a series of pairs of name and phone number. This means that if your SIM card is searched, it's possible that the police will now identify and target the people you have in your address book. Police track the location of individuals through the location of their mobile phone and SIM card, your unique phone and SIM combination may now be used to locate you.
The SD card contains photos and other media; could contain chat logs, and other user-generated content. Not only can this data be used to build a profile on you, but can be used to map social connections between people you frequently communicate with, and they can unjustly become "persons of interest" to investigators. Such tactics can also be used, sometimes under the flimsiest of pretexts, to justify warrants for escalated surveillance on you in the near future.
Depending on the circumstances of your arrest and the method of seizure of your mobile device, you are subject to a certain set of rights, laws, or protections. First off, know that it is your right to decline the warrantless search of your mobile phone. If you are arrested or taken into police custody, you should verbally state that you do not consent to a search of your devices. A law enforcement agency is only permitted to conduct a warrantless search of your device if a compelling case for an emergency can be made.
If you find that you are the victim of an unlawful search by police officials, you have various avenues for recourse.
If the authorities are using evidence obtained through an unlawful search of your mobile device against you in a criminal proceeding, you can move for that data to be suppressed under the Fourth Amendment right to freedom from incidental seizures.
Were you arrested for recording or photographing the police? As a participant in a public event, you have the right to photograph and take video of law enforcement officers, but often documentation is taken, destroyed, or obstructed by law enforcement. If you are arrested for reporting on an event as either a credentialed or non-credentialed journalist, you may be allowed enhanced protections or alternative avenues of legal recourse. Professional journalists — as well as bloggers and livestreamers — have the right to document police activity at protests and demonstrations without undue state interference under the First Amendment right to freedom of the press.
As the old saying goes, an ounce of prevention is worth a pound of cure. Follow these simple steps to keep your phone secure, your social media accounts safe, and your property out of reach from prying eyes, for the next time.
In addition to these tips here, have a look at EFF’s excellent guide for covering a protest; it has great tips for how you can protect yourself next time you go out there.
Encrypt your phone. Having an encrypted phone means that your data will not be readable to anyone when your phone is powered down and even if a copy is made of your phone data, it won't be readable without your code. This requires using a pin or passphrase to unlock your device, which might seem like a lot of work at first; but it's worth it, and you will get used to it.
Lock your phone. Change your settings so your phone locks immediately after sleep, and immediately after you press the power button. While this doesn't encrypt your phone (it's always unencrypted while it's on, especially on Android), it will prevent anyone from accessing and using your apps.
Prevent your SMS apps from showing the full text of a message while the phone is locked. No one should be able to read your communications with friends, or two-factor auth codes, without opening the app first.
Lock your SIM card. Set a PIN to control access to your SIM data and cellular network use. A SIM card may still be unlocked by your carrier, but locking it locally protects against people who grab your card from you. Note that when you first start this process, you will first need to enter the default passcode that is etched into your SIM before you can enter your desired passcode. You may not know what that default passcode is, and risk locking your SIM card after 3 incorrect attempts. So, before you start to set up SIM card lock, do a quick search online for the default PIN for your carrier. For example, Verizon’s default PIN is 1111.
Practice good login hygiene. Use strong passphrases, two-factor authentication, different passwords for different accounts with the help of a password manager.
Protect your mobile service account. Take the time to properly lock-down the account you have with your mobile carrier. Some people think of it as an afterthought, but it's alarmingly easy for anyone to take over your phone number, SIM card, and eventually, all mobile communications if such accounts aren't secured. Visit your provider's website to create a strong passphrase and/and back-up PIN for your account. Then call your provider and have a representative put a "Security Notice" on your account, saying something to the effect of "No one can make any changes to my account unless they give you the passphrase/PIN first."
Keep a list of all the accounts that are important to you. Having a list of accounts that need to be addressed in the event of compromise will save you time and worry.
Burst the cloud! Frequently delete your browsing history from your web browsing apps via their settings. If you're a Google services user, prune (or better yet, disable) your "Web and Web Activity". iPhone users must prevent messaging apps from syncing data to iCloud. We know it might seem scary, but unlinking your phone and mac computers from iCloud is the best way to protect your data from prying eyes. Journalists, activists, and concerned citizens usually want to sync photos and videos to the cloud as soon as they take them, and that's OK! However, consider using another cloud-based service that gives you more control over how, when, and where you sync your data-- something better than iCloud.
If you find yourself in a situation where you’re very sure your device has been compromised, the first thing you’ll want to do is to preserve evidence.
Preserve your old SIM and SD card somewhere safe.
Audit your account activity. From another, trusted computer, check your Google, Facebook, Dropbox (and other) account activity logs for activity that someone else might have generated while your phone was taken from you. Document any new IP addresses, locations, and devices by taking screenshots.
Be on the lookout for strange activity in social media. Investigators have been known to try to infiltrate you and your friends' networks with fake profiles, phishing, and other weird tricks. Get in the habit of taking documentation and screenshots of anything that looks strange to you.
Next, it’s time to regain control of your accounts and data. Follow these steps to restore your personal data and social media accounts.
Sign out of all important accounts. Any place you’re logged in will have session cookies set somewhere, and an adversary could potentially resume your session if they've copied these cookies from your device. By logging out, you signal to the service that the session has ended.
Refresh your device. At this point, you should either factory reset your phone, or get a completely new one. While it's unrealistic for most people to buy a brand new phone unexpectedly, it's also worth noting that every phone has a hardware ID which cannot be changed, even if you wipe the device and start from a fresh slate.
Rotate all credentials for services you use. On another, trusted computer, reset each account with brand-new, complex passphrases. If you enabled two-factor authentication on a particular service, the credentials will also have to be reset. Instructions depend on the service, but nearly all services offering two-factor authentication will also provide tools to reset these codes.
Get a new SIM. Your old SIM will be logged, and might have had extra metadata pushed onto it while it was out of your possession. Get a new SIM card from your carrier by simply walking into the store. Remember, it’s your right to bring your old phone number with you, and it should be handled easily at the store. Be sure to bring two pieces of proper identification (driver's' license, passport, social security card, etc.) because retailers require this proof of identity for customers' security.
Get a new SD card. Purchase a new one, or use another one you already have (other than the one taken from you!) You cannot trust the old one since it's left your possession.
An iPhone is a great phone, if you can afford one. Recent iPhones are encrypted by default, which is hugely beneficial to security. If you are an iPhone user, beware of what you sync to iCloud, and consider only syncing locally to your computer, rather than letting the phone sync automatically to the cloud.
Android is trickier, because there are so many hardware manufacturers on the market, and each manufacturer will implement Google’s open source Android operating system in different ways. Ideally, you should invest in a phone that implements Android the way Google intended it. The Nexus line is the best Google has to offer; it receives the latest software updates as soon as Google pushes them live, but it can be very expensive. Motorola’s Moto X is another great option as well. Whatever you choose, be sure to buy a phone that supports encryption. Some phones do not implement it properly, or at all, which will put you at risk. Go to a brick-and-mortar store, like Best Buy, where you can play with the phones on display. Go to Settings > Security and make sure there’s an option to turn on encryption and set up SIM card lock. That way, you know that whatever phone you buy has those capabilities in advance.
When these things happen, it’s important to know who’s got your back. Finding legal representation that understands your situation, and understands technology, is key. You and your legal team might also require assistance from digital forensics experts, or talk to digital security trainers who can help you navigate this tricky situation. Finally, self-care is hugely important. This work is extremely stressful; talking to the right people might help you recapture your courage, prevent you from doing harm to yourself and others, and help you get through the trauma.
Photo by WeissenbachPR. CC BY-NC 2.0