Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

U.S. Supreme Court: Police Must Obtain Warrant Before Searching Cell Phones

by Glen Kopp
August 6, 2014
in Compliance
U.S. Supreme Court: Police Must Obtain Warrant Before Searching Cell Phones

with contributing authors Matthew Baker and Kedar Bhatia

In a decision that changes the way law enforcement officers collect electronic information, the U.S. Supreme Court ruled in Riley v. California, 573 U.S. ___ (2014), that officers may not search a cell phone during a lawful arrest without first obtaining a search warrant.  The ruling was a sweeping embrace of digital privacy, touching upon remotely stored private information—i.e., “cloud” computing—and geographic tracking data that cell phones often contain.  The result was the broadest constitutional ruling on privacy in the context of modern technology since the Court’s ruling two terms ago limiting police use of satellite-linked GPS tracking of a suspect’s movements by car.  The Court’s embrace and recognition of technological advances and distinctions raises important issues for companies to consider in the context of data retention and management.

The defendant in this case, David Leon Riley, was arrested on August 22, 2009, after a traffic stop resulted in the discovery of loaded firearms in his car.1  The officers seized Riley’s phone and searched through his messages, contacts, videos and photographs.  Based in part on data the officers discovered on his cell phone, Riley was charged with a gang-related shooting that had taken place several weeks prior to his arrest.

Chief Justice John Roberts, writing for the majority, held that the Fourth Amendment requires officers to obtain a warrant before searching the contents of an arrestee’s cell phone. The decision is both a full-throated defense of the Fourth Amendment’s warrant requirement and a meaningful clarification of the way electronic information differs from other types of physical evidence.

The Court distinguished cell phones as “minicomputers,” often containing diverse information that “reveal more in combination than any isolated record.”  (Slip op. at 18.)  More clearly than it ever had before, the Court delineated the distinction between ordinary physical objects—e.g., a diary or a letter—and electronic information stored in a cell phone or other comparable device. Chief Justice Roberts noted that there was both a quantitative and qualitative difference between the information stored on a cell phone and the information typically contained in compact physical storage.  Not only is the information quantitatively greater, but often qualitatively more descriptive and personal.  Due to the breadth of information stored on a cell phone, allowing officers to search a phone’s contents “would be like finding a key in suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house.” Id. at 21.

The Court summarily rejected the government’s arguments to allow warrantless searches of an arrestee’s cell phone for officer safety or evidence preservation purposes.  In rejecting these arguments, the Court emphasized that electronic data rarely, if ever, presents physical threats to an officer.  Furthermore, the government employs a multitude of methods to preserve electronic information without a warrantless search.  Recognizing the limitations that the ruling imposes, though, the Court held that officers have one option to search a cell phone without a warrant: in truly extraordinary circumstances where officers have reason to expect that electronic data presents imminent dangers, such as locating a missing child or foiling a dangerous plot.  (Id. at 11-12, 15.)  But even then, the Court explained, those “exigent” circumstances justifying an exception to the warrant requirement would have to satisfy a judge before the government could permissibly use the evidence.

Although the type of technology incorporated into a cell phone was the rationale behind the Supreme Court’s ruling, its constitutional foundation was the founding generation’s fear of the British practice of general searches.  In rejecting the government’s argument that it could employ protocols to limit the scope of warrantless searches into an arrestee’s electronic data, the Court noted that the “Founders did not fight a revolution to gain the right to government agency protocols.” (Id. at 22.)  The fact that modern technology allows an individual to access personal information on demand “does not make the information any less worthy of the protection for which the Founders fought.”  (Id. at 28.)

While the Riley decision has important implications for criminal law, the Court’s recent technology-related privacy cases suggest an evolving awareness by the Court of the shifting nature of technology and the need to reconcile these dynamics with privacy expectations.  The Court’s growing concerns center not merely on the mobile phone’s data, but also on the data stored remotely (in the cloud or elsewhere) and accessed “at the tap of a screen.”  (Id at 21.)  Companies issue employees mobile devices and laptops as a matter of routine business.  Some employees even access and retain corporate information through their personal devices.  Company information is stored, accessed and “carried in tow” just as often as personal information.  Because of these advancements, smartphones and other personal electronic devices—as access points for a range of services—have changed the dynamic of employee productivity and data storage, often leaving valuable and confidential corporate information vulnerable to loss.

The Court’s ruling gives corporations an opportunity to rethink the way their users access and store company information.  For example, corporations should consider hosting employee-specific data—such as corporate email accounts—remotely, allowing the user to access the information from a personal device even though the company retains complete control over the data.  The data would not reside on the mobile device; rather, the user would initiate a connection with the company-based server, providing the user either consistent or limited access rights to the data.  Once the connection with the server is severed, the data is no longer accessible—nothing is permanently stored on a local device.

A company could also consider limiting a user’s rights to move, download and store company data, effectively preventing company information from residing on a personal device.  Not only does this allow a company to retain control over confidential data, it can also help facilitate a company’s data retention policy.  Troves of corporate data may be protected from a search even if the government obtains a single access device because no company data would physically reside on the device.  Though we do not yet know precisely how courts will extend Riley into the world of data privacy, the case seems to support greater privacy rights for data that is properly segregated and secured.

Moreover, implementing such procedures could allow companies to effectively argue that information stored remotely can be seized only through specific warrants or document requests that reach that type of core information.  And although the Riley decision expressly addressed only digital privacy in the context of an arrest, companies may be able to use the decision to protect confidential company data against document requests in both civil lawsuits and criminal investigations.

___________________

[1] The case was consolidated with another, United States v. Wurie, for disposition.  For purposes of this article, we only address the facts of Riley.


Tags: board risk oversight
Previous Post

Alfredo Lizano Named Trade Compliance Officer LatAm for Syngenta Crop Protection

Next Post

NAVEX GLOBAL WHITEPAPER: Key Elements for Effective Compliance Program Board Reporting

Glen Kopp

Glen Kopp headshot 8-6-14Glen Kopp, former Assistant United States Attorney in the Southern District of New York, is a partner in Bracewell’s white collar, internal investigations and regulatory enforcement practice in New York. Prior to joining the firm, he served for five years in the U.S. Department of Justice, handling all phases of the federal criminal process. In private practice and at DOJ, he has handled regulatory enforcement matters, criminal proceedings, litigation and internal investigations relating to financial institutions; corporate, accounting, wire and bank fraud; insider trading; money laundering; options back-dating; securities; export control; and other matters. Since joining Bracewell, Glen has led an internal investigation into possible FCPA violations for a company with operations in the Middle East and drafted and reviewed FCPA provisions of international service contracts. Glen led an internal investigation involving possible improper billing practices for a government contractor. Glen has also guided a client through a criminal antitrust investigation and counseled clients victimized through cyber intrusions.

Related Posts

illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
King & Spalding: GC Decision Tree for Internal Investigations

King & Spalding: GC Decision Tree for Internal Investigations

February 19, 2021
mini businessmen separated by COVID particles

Compliance, Culture and COVID

February 9, 2021
closeup of gear shift with red face

Preparing for the Inevitable Regulatory Policy Shifts in Q1 2021

January 29, 2021
Next Post
NAVEX GLOBAL WHITEPAPER: Key Elements for Effective Compliance Program Board Reporting

NAVEX GLOBAL WHITEPAPER: Key Elements for Effective Compliance Program Board Reporting

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights