Exigent Circumstances: iOS 12’s USB Restricted Mode and Warrantless iPhone Access

Apple recently confirmed the introduction of a new feature called “USB Restricted Mode” in the latest version of the iPhone’s mobile operating system, iOS 12. If enabled in the user’s settings, USB Restricted Mode will disable data transfer from the iPhone over the Lightning cable once the phone has been locked for an hour unless the phone’s password is entered. I previously posted to the Stanford Center for Internet and Society blog about the many sound security reasons Apple has for implementing this feature. Yet in making it harder for anyone, including police, to access encrypted iPhones, this development may prompt the Justice Department (DOJ) to argue law enforcement does not need a warrant to search a seized iPhone thanks to the “exigent circumstances” doctrine.

Federal, state, and local U.S. law enforcement agencies have been using third-party forensic devices made by vendors Cellebrite and Grayshift (whose product is known as GrayKey) to get data off locked, encrypted iPhones. Those devices work by extracting data via the Lightning cable connecting the target phone to the device. Thus, starting with iOS 12, USB Restricted Mode will ostensibly preclude such devices from working on iPhones—at least until, as I explained in my previous post, those vendors inevitably update their tools to overcome this setback. (Apple announced a number of iOS 12’s features at its recent Worldwide Developers Conference (WWDC), but not this one, unsurprisingly.)

In the meantime, law enforcement agents may try to use USB Restricted Mode’s narrow one-hour time window as justification for warrantless searches of iPhones they seize. The Fourth Amendment generally requires a warrant in order for a police search of someone’s property to be considered reasonable. But that requirement is rife with exceptions. One exception is the “exigent circumstances” doctrine. “‘[E]xigent circumstances,’ including the need to prevent the destruction of evidence, permit police officers to conduct an otherwise permissible search without first obtaining a warrant.” Kentucky v. King, 131 S. Ct. 1849, 1853-54 (2011).

Prosecutors may argue that this exception allows police to attach a just-seized iPhone to a GrayKey or Cellebrite tool and extract data from it without first getting a warrant. They’ll assert that police seizing iPhones in the field won’t be able to tell how recently the phone was locked, or whether it’s running iOS 12 with USB Restricted Mode turned on. So, just in case it is, and just in case the hour isn’t up, they need to be allowed to forensically extract the data from the iPhone ASAP, without waiting for a warrant—otherwise the data port will be disabled, putting the evidence on the phone beyond their reach.

According to a recent report from Politico, DOJ is already mulling over this theory. An unnamed DOJ official speculated about employing a “copy first, get warrant later” plan: DOJ would claim “an exigency to use Cellebrite to unlock and dump an iPhone as soon as [they] possess it, even without a warrant,” but would “still get a warrant before actually reviewing the data.”

It is unclear how that argument will fare in front of a judge. The 2014 Supreme Court case Riley v. California requires police to get a warrant before searching a smartphone seized from someone who’s been arrested. The Court rejected the argument of DOJ (as amicus curiae) justifying warrantless searches on the rationale that the phone might lock and encrypt itself. 134 S. Ct. 2473, 2486 (2014). Its opinion (which doesn’t mention the availability of third-party tools such as Cellebrite) distinguished such “ordinary operation of a phone’s security features” from “any active attempt … to conceal or destroy evidence,” which is one of the principal justifications for searches incident to arrest. Id. at 2486. The Court further remarked that officers were already unlikely to begin searches before phones they encounter have locked. Id. at 2486-87.

This language would seem to foreclose the argument that USB Restricted Mode justifies warrantless search of iPhones. However, Riley expressly left an opening for the application of the “exigent circumstances” exception. “If ‘the police are truly confronted with a “now or never” situation,’ … they may be able to rely on exigent circumstances to search the phone immediately,” the Court said. Id. at 2487 (citation omitted). DOJ could thus thread the needle by arguing that the mere possibility that USB Restricted Mode is enabled on a seized iPhone creates “a ‘now or never’ situation” necessitating the immediate use of Cellebrite or GrayKey without waiting for a warrant.

Applied broadly to iPhones, this exception would swallow the Fourth Amendment’s general rule. The “we need to dump the phone ASAP just in case USB Restricted Mode is on” approach might fly in a one-off situation. But that uncertainty will probably be present most times police seize a locked iPhone. Under that logic, it would be OK to forensically search any iPhone immediately without a warrant, because there would always be exigent circumstances.

That is not how an exception to a rule works. “Exigent circumstances” are supposed to be situational and case-specific. The DOJ’s own manual for electronic evidence search and seizure acknowledges as much: “in electronic device cases, as in all others, the existence of exigent circumstances is tied to the facts of the individual case.” Given that recognition, DOJ would be hard-pressed to adopt or defend a policy allowing warrantless searches of iPhones a priori in all instances on the rationale that every single time police seize an iPhone, they “are truly confronted with a ‘now or never’ situation” as Riley said. That is particularly so given the alternative ways that police, with a warrant, could get data from a locked, encrypted phone, as a recent law review article about Riley explains—for example, going to the relevant service provider and asking for cloud backups of the phone’s contents.

What is more, the threat of evidence destruction animates both the “search incident to arrest” and “exigent circumstances” exceptions. Analyzing the former, Riley said “the ordinary operation of a phone’s security features” doesn’t qualify as such a threat. That distinction should apply with equal force to an argument under the latter exception based on the USB Restricted Mode security feature.

That this “exigent circumstances” argument is even available to DOJ (however risible it may be) illustrates the narrowness of Riley’s holding. It is easy to slip into thinking of Riley as requiring warrants for smartphone searches more generally. But on its face, it’s limited to one particular exception, searches incident to arrest. This constraint ensures that courts will spend years applying Riley to a series of other exceptions, in a protracted game of whack-a-mole.

The exceptions to the warrant rule illustrate why we need to be skeptical of law enforcement officials’ emphasis on warrants in the “going dark” debate. “We have warrants to get into these phones, therefore we have the legal right to get into them, and warrant-proof encryption frustrates that legal right,” the argument runs. It’s intended to make law enforcement look reasonable and Apple unreasonable.

But it’s disingenuous given the many situations in which the police can legally conduct warrantless searches. Searches incident to arrest are one such long-recognized exception. That’s why police didn’t get a warrant before searching arrestees’ cell phones until the Supreme Court told them they had to. The DOJ manual recognizes additional exceptions, and has policies for applying them to searches of electronic devices.

When law enforcement officials use the “but we have a warrant” line vis-à-vis smartphone encryption, they’re counting on you to forget their recent history and even current practice of warrantless searches pursuant to various exceptions. Now, with the introduction of USB Restricted Mode, DOJ is already thinking about how they can use the exigent circumstances exception to avoid getting the very warrants they hold out as sacrosanct when condemning Apple’s “warrant-proof” encryption (something Apple happened to announce only three months after Riley came down).

In short, the warrant requirement is a piece of Swiss cheese, and DOJ officials are actively thinking up ways to expand its holes as much as they can. They want the law to allow investigators to immediately hook every iPhone they seize to a forensic device (bought with your tax dollars), copy all the data off the phone, and only get a warrant once it’s time to look through the data they collected.

That last part is noteworthy on its own. Recall that the unnamed official quoted by Politico theorized that police would “use Cellebrite to unlock and dump an iPhone as soon as [they] possess it,” but would “still get a warrant before actually reviewing the data.” It’s not clear precisely what was meant by this. One interpretation is a recognition that even if exigent circumstances justify warrantlessly seizing the data before USB Restricted Mode disables the data port, the exigency then dissipates, so investigators must get a warrant before proceeding further and searching the data.

Another, more troubling possibility is that the DOJ official’s theory of when the warrant requirement applies doesn’t rely on the presence or expiration of exigent circumstances, but rather, whether it’s a human or a machine that’s handling the extracted data. That is, the official may be saying that the government can copy your iPhone’s data with a Cellebrite device and keep it stored on a server indefinitely, but that Fourth Amendment protections don’t attach unless and until a human actually looks at that data.

The government has previously used this “human eyes” theory to defend the National Security Agency’s bulk collection of Americans’ communications as part of the mass surveillance that began after 9/11. This interpretation distorts the meaning of “search” and “seizure.” When the government takes away your “dominion and control” over your electronic data, that is a seizure. That is what a Cellebrite device does by copying data from your phone. And its scanning the phone for data to extract is no less a “search” than an investigator’s manual perusal of the phone’s contents. (Indeed, arguably it is even more intrusive, as a Cellebrite device can find even deleted data.) If such meanings are stretched far enough, law enforcement won’t even need to rely on exceptions to the warrant requirement anymore, because there’s no need for a warrant in the first place if an act doesn’t count as a “search” or “seizure.”

Regardless, if USB Restricted Mode leads courts to OK warrantless searches of iPhones, then law enforcement officials will be incentivized to immediately forensically extract the data off every iPhone they seize. Even phones they don’t think will yield anything useful to an investigation, ones for which they’re in no rush to get a warrant. The limiting factor won’t be the Fourth Amendment; it will be whether an agency’s Grayshift or Cellebrite licenses and/or server bills make it cost-prohibitive. And budget will be less of a barrier than the Constitution for as long as being seen as “tough on crime” remains a tried-and-true way to loosen legislators’ purse strings.

If DOJ can successfully convince courts that USB Restricted Mode justifies perverting the exigent circumstances exception into a rule allowing warrantless iPhone forensic searches, then iOS 12 will turn out to have a hidden feature never mentioned at WWDC: One free backup of your iPhone, courtesy of your local police.

Photo by Justin Sullivan/Getty Images 

About the Author(s)

Riana Pfefferkorn

Cryptography Fellow at the Stanford Center for Internet and Society Follow her on Twitter (@riana_crypto).