It’s official – they now outnumber us: tablets, cell phones, and the like. Mobile devices topped the 8 billion mark in 2016, with only 7.5 billion people. Think about all the data floating around and how this data could be potentially relevant in the legal realm. Before we get into that, while many of the principles discussed here apply to most mobile devices, for the purposes of this article we’ll be focusing on smartphones. Smartphones are defined as any phone with advanced computing capabilities (something more than the ability to play snake) and 3G network connectivity. You might use a smartphone to browse Facebook, complete a Google search, check emails, watch a few videos, or even to complete a call.
So now that we have a definition in mind, let’s talk about smartphone use in the U.S. 95% of Americans own a cell phone of some type, while 75% own a smartphone. A majority of users consume more than 2GB (gigabytes) of data per month. Two gigabytes of data may not sound like much, however that would be equivalent to roughly two truckloads full of office documents. As if that were not enough, consider the fact that unlimited data plans are making a comeback (and that the average unlimited plan usage is 7GB per month). The high U.S. ownership numbers span across all demographics – male/female, educated or not, rich or poor. In fact, the only demographic that has less than a 50% smartphone penetration is the 65+ age range – those who already spent a majority of their lives without cell phones.
All of these users – young or old – are using their phones for a number of tasks. They’re sending text messages, they’re checking emails, they’re reading on WebMD about how their headache might mean they have a life-threatening disease (they don’t, but WebMD suggested it), they’re using dozens of applications (apps) – sometimes simultaneously – and they’re (rarely) making calls. Current statistics show that 80-90% of mobile device usage takes place in apps, the heavyweight being Facebook at a whopping 19% of the time spent. Messaging/Social apps fall in at 12%, and internet browsing is not far behind at 10%. Although most users are unaware of it, data associated with their activity is being written to their device (typically in real-time). This data sits idle and is innocuous until potential litigation arises.
In the event that a user’s smartphone activity is of interest, a qualified forensic examiner can easily preserve and/or search the data held on the smartphone. In my experience, the following items were generally the most useful:
- Active and deleted text messages (deleted text messages can usually be recovered)
- Facebook conversations (without the need for a password)
- Internet history
- Full content of emails
- Audit logs (they can offer a granular view of user activity, logs of the power cycles or the last computer the phone was plugged into, applications installed, and more)
The implications of the data stored on mobile devices in general is limitless. Below are some examples of how smartphone data can be used in criminal and civil matters.
- To determine the user’s state of mind/motive/establish an alibi
- To determine the user’s location at a given time
- To determine known associates
- To uncover evidence of plans to go to work for and/or take sensitive information to a competing company
- Justifications for child custody (or lack thereof)
- To confirm/validate contractual terms/debts
- Excessive internet or app usage used to deem a person “addicted to their phone” and unfit for full-time custody of special needs children
- Proof of infidelity
- To provide evidence of cyber bullying of a child
After reading all of this, it may seem like the world is your oyster – you can get a hold of a mobile device and all this great evidence automatically rains down from it, right? The legality of gathering this information is a little more complex than that. The biggest issue of all is the right to preserve and/or search the device/data. To determine if you have those rights or will need a court order to gain access to the phone, consider the following:
- Did you purchase the mobile device, or did someone else?
- Do you pay the monthly bills?
- Did you sign anything providing another individual or company the right to access your data, or is it yours and yours alone?
- For the parents out there – depending on your jurisdiction, the fact that you bought and pay for your child’s phone may still not be enough to allow you the right to take possession of the device and review its content.
- Husbands and wives – depending on the shared property laws in your jurisdiction, you may or may not have the right to view your spouse’s data.
Does the right to review that data create a roadblock? Certainly. But in reality it’s little more than the thresholds for other evidence. With due legal process, the right can be obtained for a forensic examiner to preserve the devices and their contents, search that data based on the particulars, and present the findings for review. If you’re new to the incorporation of ESI (electronically stored information) in your practice, it may seem like a daunting task. But, as with any new evidence category, there are qualified experts in the digital forensics field ready to help you navigate the waters and ensure you get reliable evidence. Regardless of the type of law you practice, you likely have current cases that could benefit from the inclusion of digital evidence.
Ryan Ferreira is a Digital Forensic Examiner at One Source Discovery who specializes in mobile device forensics and call detail record analysis. He has a Master’s degree in Digital Forensics and holds the Certified Computer Examiner (CCE) designation from the International Society of Forensic Computer Examiners, among various other certifications.