The projected world population on January 1, 2024, was 8 billion people. In 2024, the number of mobile device users is forecasted to be 7.4 billion. The ubiquitous use of mobile phones has proven fruitful for law enforcement in multiple ways. Law enforcement can place a specific person at a specific place at a specific time. Additionally, through proper legal processes, communication, photographs, web searches, location history and deleted content are accessible to law enforcement.
Balancing legal processes and evidence admissibility
There is a delicate balance involved in obtaining the proper legal process to secure this invaluable evidence. Improperly navigating this balance could result in losing mobile phone evidence through the fruit of the poisonous tree doctrine. This legal principle holds that evidence (fruits) obtained from an illegal search (the poisonous tree) is not admissible in court and must be suppressed. By applying an irrefutable legal process, law enforcement can ensure this valuable evidence is obtained legally, making it admissible at trial.
Establishing nexus and probable cause
Law enforcement must establish a nexus and probable cause to search a device. This requires a specific link between the mobile device and the crime under investigation. The nexus cannot be established through a law enforcement officer’s training and experience alone. Establishing a nexus can be accomplished through the suspect’s device usage, social media information of the suspect with the device, video surveillance from a crime that captures the suspect with the device, and/or social media posts made by the suspect relating to the crime under investigation.
A law enforcement officer’s training and experience, combined with their knowledge that social media can be accessed from mobile devices and that many suspects utilize social media to communicate before, during, and after crimes to hide these communications from law enforcement, as social media communications are not depicted on call detail records, will likely establish probable cause.
Two recent cases have changed the criteria for law enforcement to obtain mobile device search warrants for criminal investigations in Pennsylvania:
- Commonwealth v. Lavalle Johnson: In October 2020, the Pennsylvania Supreme Court held, that there was no probable cause to search cellphones found on someone who was found in close proximity to drugs and guns.
- Commonwealth v. Ani: In April 2023, the Pennsylvania Supreme Court decided there was no nexus to search a device for photos and videos from a crime because there was no evidence that the suspect was using the device during the commission of the crime.
Documenting the affiant’s pedigree
The affiant’s pedigree should be the first paragraph or paragraphs of the affidavit of probable cause. The affiant should explain their current assignment, years in law enforcement, formal education, any mobile phone-related courses or certifications, prior experience with criminal investigations, prior legal process service in reference to mobile phones, evidence obtained through prior legal process, and any expert status.
It is imperative for law enforcement officers to properly document their pedigree because, at a suppression hearing, they are only permitted to testify to the information included within the four corners of the search warrant. Many officers summarize their experience with a blanket statement such as “through my training and experience"; however, it is unlikely that the judge presiding over the suppression hearing will know the extent of the officer’s training and experience unless it is included in their pedigree.
Specifying search locations and device descriptions
Each search warrant requires a specific location to be searched. In the case of a mobile device, the location is the device itself. For mobile phone records, the location is the physical location of the mobile phone provider. For example, if you are searching a device that is already in your custody, the description may be: a black Apple iPhone 13 Pro Max in a green case, currently assigned (place evidence number or property number), and in the custody of (insert police department evidence). It may be beneficial to include a more detailed physical description of the device, such as any damage to the device or device identifiers, including the serial number and IMEI number.
Mobile phone records are always stored at the device provider’s legal department. When searching for mobile phone records, an example location may be: T-Mobile, 4 Sylvan Way, Parsippany, NJ 07054. Additionally, the affiant should include the address of a local T-Mobile store within the affiant’s jurisdiction or area covered by the search warrant. Law enforcement should serve a copy of the search warrant to T-Mobile headquarters and a local T-Mobile store.
The search warrant affiant should not write “any and all” for items to be seized. The search warrant must be specific, including which data is to be seized and a date range. Because the items to be searched and seized are numerous, it is advisable for law enforcement to list the items on a search warrant face page attachment. Remember, if you are looking for photographs and they are not listed on the search warrant face page attachment, they will not be admissible in your investigation.
An example search warrant face page attachment would read:
Attachment A
- Address book
- Contacts
- Messaging
- SMS/MMS messages
- Emails
- Chats
- Instant messages
- Call logs
- Voicemail
- Photographs
- Videos
- Audio files
- Calendars
- Memos
- Note pads
- Tasks
- Voice memos
- Text
- Internet browsing history
- Web history
- Web bookmarks
- Cookies
- Searched items
- Maps
- Wi-Fi locations
- Navigation logs
- GPS locations
- Cellular tower locations
- Application data
- Databases
- Configurations
- Timeline
- Examination of the device’s memory, both available and deleted
- Examination of SIM card and secure digital (SD) card, which may or may not be inserted in the device
For your specific crime, list the time and date within each item of data you are requesting to search for. For example: “Before, during, and after the assault on January 2, 2024" or “photos.....etc....used to assault the victim.”
A date range should be included in the information you are requesting. The specific date range will be determined by the affiant but must be supported by probable cause. There is language that can be used to explain to the issuing authority that the date range for evidence extends beyond the day of the crime.
For example:
Your affiant knows through training and experience that mobile device content is not always categorized within the date range it is created, obtained, downloaded, or even deleted. The date range can change when the information is accessed or edited. From prior mobile device content extractions, your affiant knows that being restricted to specific date ranges, specifically only the days and hours immediately prior, during, and after a given crime, could cause investigators to miss data for which they have specific probable cause to recover.
Through this affiant’s training and experience, it is known that subjects often take photographs of themselves wearing articles of clothing that contribute to their identification, which may be found in the phone’s contents but taken just outside the requested date range. Additionally, specific content such as photographs or videos from the date of the crime may have been sent to the device by another party. These sent photographs or videos would be stored under the date and time they were received on the phone.
Therefore, your affiant’s search for specific material related to this crime may include content found outside the immediate timeline of the criminal event, but this specific material is supported by probable cause. Also, specific data may be stored in other locations within the device that are different from where the data originated. For example, communications can vary from phone calls, SMS/MMS messages, messaging applications such as WhatsApp, social media platforms, or audio messages. This communication would be stored in messaging folders, timelines, photographs, videos, and screenshots. The location of the communication is insignificant, as it still documents the communication, but it may be found within the photograph and video sections of an extraction.
Your affiant’s search for material related to this crime may extend beyond the specific type of content and location initially expected, but this specific material is supported by probable cause.
Explaining and substantiating broader searches
There is a specific paragraph that can be added to any legal process to further explain and substantiate a search outside a specific location in the device:
“When reviewing the data extracted from the mobile device, your affiant will handle the information similarly to searching a file cabinet or computer for specific documents. Data will be scanned to determine if it is relevant to the search. If the data is related to the crime under investigation, it will be reviewed. If the data is not related to the crime under investigation, it will be disregarded and no further review will be conducted. This approach is the same method that law enforcement would use during the search of a filing cabinet or computer.”
This explanation ensures the legal process accounts for the need to scan through various data locations within the device to identify relevant evidence while maintaining focus on the specific crime under investigation.
Please consult with your local prosecutor or district attorney for guidance.
NEXT: From calls to convictions: The crucial role of mobile data in policing today