In the “what could go wrong with this” department, New York lawmakers are considering a piece of legislation that would require drivers who are involved in an accident to submit their phone to roadside testing to determine if they were using their device prior to crashing the vehicle. License, registration, proof of insurance and phone, please.
Refusing to turn over your phone would cause an immediate suspension of your license or cross-state permission to drive in New York.
While this bill has not been passed – or signed into law – the mind boggles as to how this could be abused and misused.
Here is the concept: the cop would take your phone and plug it into a forensic analyzer like the ones that the police already use when they seize a phone at a crime scene. Companies like Cellebrite, the Israeli/Japanese company that was originally thought to have unlocked the San Bernadino shooter’s phone, are already working on software to do this.
To attempt to get around the Fourth – and Fifth – Amendment issues, the software that Cellebrite is developing, supposedly, would not capture conversations, contacts, phone numbers and other stuff that, in theory, would require a warrant. I *definitely* believe that.
This bill follows some intense lobbying from a group called Distracted Operators Risk Casualties (DORC). Like MADD, the son of the group’s co-founder was killed by a supposedly distracted driver.
Assuming this bill makes it into law, I am sure it will be the source of many court cases, possibly up to and including those 8 folks in black robes in Washington.
If the phone is locked or encrypted, I gather, you will be required to unlock and thereby decrypt the data for the cops.
What the FBI could not get Apple to do, maybe the NYPD can get the owner to do. Note that, it appears, it does not matter if you are at cause.
While Cellebrite could, possibly, be honest in what data they are extracting, the FBI has already admitted that they have technology to snoop on your phone. What is to stop a police officer from inserting that technology while “checking” your phone for distracted driving? Or, in an admittedly even more far fetched case, causing an accident to happen in order to get their hands on your phone to insert that technology.
It is also unclear if the law applies to passenger’s phones.
On the other hand, having a burner phone handy could be a simple way around the problem.
A more subtle way around this is to use virtualization technology like Samsung Knox or Google’s Android for Work, which encrypts the data on the phone in a separate partition. As long as that partition is not active at the time, my guess is that the Cellebrite tech would not be able to read it – short of any bugs in the software that make it vulnerable.
One more other thing to consider. There is already a way to get this data which is a lot less invasive and that is to ask the driver’s cell phone carrier for usage data. This requires a warrant, which requires more work, but also protects people’s privacy. Curiously, this is exactly what they did in the case of DORC’s co-founder’s son’s accident – and they did find that the phone was in use near the time of the accident.
Information for this post came from Ars Technica.