Gov. Brown: Sign Bill Outlawing Warrantless Smartphone Searches

ANALYSIS — There’s a bill sitting on the desk of California Governor Jerry Brown, which if signed would ban police from searching the mobile devices of people arrested for a crime.

Instead, police would need to get a warrant from a judge to search a person’s smartphone or tablet, the same as they would if they wanted to search someone’s house or home computer. The governor has until October 9 to sign or veto the bill, but his office is giving no indication which way he’s leaning.

However, there are rumors in the privacy community that Gov. Brown will veto the bill, known as SB 914, as a favor to law enforcement.

That would be a mistake.

Increasingly, the mobile devices we carry around are portals into our personal and professional lives, full of photos, our e-mails and banking information.

It’d be absurdly unconstitutional to give the police carte blanche to come search through your home and your home computer and your online accounts without a warrant if they arrested you at a protest or for any other reason. Just because we now carry a portal to that information around with us in our pockets does not mean that the rights of people to be secure in their papers and possessions should be left in the 20th century.

The bill includes an exception for emergencies — so in the extremely rare instance where a suspected kidnapper had been apprehended, an officer could search the device to look for clues pointing to the location of the abducted — without having to get a warrant.

If anything that exception is too large, given that it doesn’t require any annual reporting on how often such “exigent” circumstances are used to bypass the warrant requirement. In absence of such audits, officers are likely to abuse the “exigent” clause, just as FBI agents did with the Patriot Act when they broke the law to get the phone records of American citizens.

Despite the bill being weaker than we’d like, Governor Brown should take this opportunity to join with the legislature in overturning a January Supreme Court ruling that mistakenly decided that searching through the contents of the computing devices in our pocket was equivalent to searching through a suspect’s pockets.

Of course, law enforcement wants as much power and as little paperwork as possible, and it is a powerful lobby in California that Brown wants on his side (L.A.’s District Attorney’s office spent more than $144,000 on lobbying in just the first six months of 2011.)

But in this case, Governor Brown should put the rights of the people first and respect that California has long been on the forefront of privacy laws that protect citizens.

Or to put it more simply, just because we live in a wireless world, that doesn’t mean we should live in a warrantless world.

Photo: SunFox/Flickr

FBI Arrests U.S. Suspect in LulzSec Sony Hack; Anonymous Also Targeted

A 23-year-old man was arrested in Arizona on Thursday in connection with the hack of Sony Pictures Entertainment last May, according to news reports.

The suspect, Cody Andrew Kretsinger, is believed to be a member of the LulzSec group, an offshoot of the online griefer collective known as Anonymous. LulzSec called it quits in June after 50 days of high-profile breaches made public through a fascinating and oddly entertaining Twitter account.

A second unidentified man was arrested in San Francisco the same day in connection with Anonymous cyberattacks on web sites belonging to Santa Cruz County government offices, according to Fox News. Search warrants were also being executed against other Anonymous suspects in New Jersey, Minnesota, and Montana, an FBI source told the news agency.

The actions continue an ongoing law-enforcement crackdown against alleged members of the two groups. In July, federal agents arrested 14 suspected Anonymous members on charges of participating in denial-of-service attacks against online payment service provider PayPal.

Five additional suspects were arrested overseas — one in the United Kingdom and four in the Netherlands — for related crimes. The U.K. arrest was reportedly of “Tflow”, a former member of LulzSec, identified by police as a 16-year-old male.

The majority of the individuals were allegedly acting as part of Anonymous, which took credit for denial-of-service attacks last year against PayPal, Visa, and Mastercard after the payment service providers announced they would stop processing donations intended for the secret-spilling site WikiLeaks.

As for the latest arrest on Thursday, according to the indictment against Kretsinger (.pdf), on May 23 the Tempe, Arizona resident registered a virtual private network at hidemyass.com using the handle “recursion.” He and others allegedly used the masking service to conduct a SQL injection attack on Sony’s servers and steal data, before announcing the hack on the LulzSec web site and Twitter feed. Kretsinger then allegedly erased his hard drive in an effort to wipe out evidence of the hack.

He’s currently facing one count of conspiracy and one count of computer fraud.

Hackers breached several divisions of Sony this year, beginning in April with its PlayStation Network, where they stole data pertaining to more than 75 million customers. This was followed by another breach at Sony Online Entertainment, which compromised an additional 25 million customers, and still more breaches at Sony Pictures and Sony BMG. The initial intrusion forced Sony to take its PlayStation Network offline for 40 days. No one has taken responsibility for that hack.

In April the tech giant was hit with a class-action lawsuit by customers complaining, in part, that the company failed to adequately secure their data, failed to notify customers of the breach in a timely manner, and deprived customers of the use of the network for an extended period of time.

Sony estimated the breaches would cost it more than $170 million this year, including expenses for shoring up its network against future attacks.

An FBI spokesman said he had no immediate information to provide about the latest arrests.

Photo: Jim Merithew/Wired.com