Mobile devices are being collected for litigation more and more often, so lawyers need to know what information can be found and produced from a smartphone or tablet. There’s more information stored there than you think, including data that has been deleted.
What data can be found on a mobile device?
People use smartphones and tablets for tasks every day, which means there are more types of data stored on these devices than there were older model cell phones. Plus, the types of data vary based on the user’s apps and preferences.
Mobile devices keep a plethora of location data. The location of every call is stored because the device has to communicate with cell phone tower(s). Every Wi-Fi network you’ve joined is recorded, along with the date(s) that network was accessed. Apps that use location data, including the camera on the device and chat apps like WhatsApp also maintain a record of that information. Photos are automatically geo-tagged when they are taken, unless you have disabled location information. Even supposedly secure chat apps leave a record that can be collected from the phone.
You may think that deleting a text message gets rid of the record, but the message and its time stamp can still be collected from a device. Messages are eventually overwritten, though, so if a message was deleted months ago and enough new messages have been sent and received, the old one will be deleted from the database.
Generally, the farther back in time the message was sent, the smaller the chance the digital forensics team will be able to recover it.
The browsing history on mobile devices works similarly to computers: even if you have deleted your record of past site visits, the full browsing history can be restored. When a user deletes the history, those file records are marked in the database to not display, but they are still kept on the device.
Another example is Snapchat, which sends messages that are supposed to disappear from the user’s phone after its viewed. Even if the image isn’t saved by a screenshot, it can be collected from the device. All of the app’s information is stored so a forensics expert can easily access old snaps.
How is that data collected for litigation?
When a forensics expert collects data from a mobile device, he first must get access to the phone. In some cases, the court orders the custodian to share the necessary passwords. Without the password, the forensics expert must break into the phone. This is easy with a four-digit passcode, but cracking a more complex password requires more time and effort (more information on that below).
The latest iOS updates made some big changes in privacy and security, including having both an encrypted area of storage and a nonencrypted area. Digital forensics software providers are working on updates to bypass the encrypted area, which includes text messages, location data, and emails, but for now that area remains safe from collection if there is a password on the phone. Google has announced plans to follow suit with higher security and privacy settings in their new operating system for Android phones as well.
How can users protect their personal information?
The best way to protect your location data is to turn off that functionality, but that is often easier said than done. Apps commonly use location data to improve the way the app functions, but it is not necessary.
Passwords do not protect mobile devices from collection. Four-digit passcodes can easily be surpassed by collection software, so while law enforcement can’t force a user to unlock his phone, the password won’t completely protect the data. To protect data from collection software, use a longer password with uppercase letters, lowercase letters, numbers and symbols. While it is exponentially harder—and more time consuming—for collection software to break these kind of passwords, it is still possible.
Many new smartphones now use a thumbprint to unlock the phone. So far, law enforcement has been able to compel people to unlock their phones if they have this functionality turned on.
The amount of data stored on a mobile device, especially for heavy phone users, is staggering. There are ways for clients to protect their information, but forensics software can access most of the information stored on the devices, even if it has been deleted. Attorneys should make sure they know what could be possibly be collected in litigation at the beginning of a case because it could include messages, browser history, and location information you couldn’t see on the phone.