Imagine this scenario: You’re driving home. Police pull you over, allegedly for a traffic violation. After you provide your license and registration, the officer catches you off guard by asking: “Since you’ve got nothing to hide, you don’t mind unlocking your phone for me, do you?” Of course, you don’t want the officer to copy or rummage through all the private information on your phone. But they’ve got a badge and a gun, and you just want to go home. If you’re like most people, you grudgingly comply.
Police use this ploy, thousands of times every year, to evade the Fourth Amendment’s requirement that police obtain a warrant, based on a judge’s independent finding of probable cause of crime, before searching someone’s phone. These misleadingly named “consent searches” invade our digital privacy, disparately burden people of color, undermine judicial supervision of police searches, and rest on a legal fiction.
Legislatures and courts must act. In highly coercive settings, like traffic stops, police must be banned from conducting “consent searches” of our phones and similar devices.
In less-coercive settings, such “consent searches” must be strictly limited. Police must have reasonable suspicion that crime is afoot. They must collect and publish statistics about consent searches, to deter and detect racial profiling. The scope of consent must be narrowly construed. And police must tell people they can refuse.
Other kinds of invasive digital searches currently rest on “consent,” too. Schools use it to search the phones of minor students. Police also use it to access data from home internet of things (IoT) devices, like Amazon Ring doorbell cameras, that are streamlined for bulk police requests. Such “consent” requests must also be limited.
“Consent” Is a Legal Fiction
The “consent search” end-run around the warrant requirement rests on a legal fiction: that people who say “yes” to an officer’s demand for “consent” have actually consented. The doctrinal original sin is Schneckloth v. Bustamonte (1973), which held that “consent” alone is a legal basis for search, even if the person searched was not aware of their right to refuse. As Justice Thurgood Marshall explained in his dissent:
All the police must do is conduct what will inevitably be a charade of asking for consent. If they display any firmness at all, a verbal expression of assent will undoubtedly be forthcoming.
History has proven Justice Marshall right. Field data show that the overwhelming majority of people grant “consent.” For example, statistics on all traffic stops in Illinois, for 2015, 2016, 2017, and 2018, show that about 85% of white drivers and about 88% of minority drivers grant consent.
Lab data show the same. For example, a 2019 study in the Yale Law Journal, titled “The Voluntariness of Voluntary Consent,” asked each participant to unlock their phone for a search. Compliance rates were 97% and 90%, in two cohorts of about 100 people each.
The study separately asked other people whether a hypothetical reasonable person would agree to unlock their phone for a search. These participants were not themselves asked for consent. Some 86% and 88% of these two cohorts (again about 100 participants each) predicted that a reasonable person would refuse to grant consent. The authors observed that this “empathy gap” appears in many social psychology experiments on obedience. They warned that judges in the safety of their chambers may assume that motorists stopped by police feel free to refuse search requests--when motorists in fact don’t.
Why might people comply with search requests from police when they don’t want to? Many are not aware they can refuse. Many others reasonably fear the consequences of refusal, including longer detention, speeding tickets, or even further escalation, including physical violence. Further, many savvy officers use their word choice and tone to dance on the line between commands—which require objective suspicion—and requests—which don’t.
“Consent Searches” Are Widespread
In October 2020, Upturn published a watershed study about police searches of our phones, called “Mass Extraction.” It found that more than 2,000 law enforcement agencies, located in all 50 states, have purchased surveillance technology that can conduct “forensic” searches of our mobile devices. Further, police have used this tech hundreds of thousands of times to extract data from our phones.
The Upturn study also found that police based many of these searches on “consent.” For example, consent searches account for 38% of all cell phone searches in Anoka County, Minnesota; about one-third in Seattle, Washington; and 18% in Broward County, Florida.
Far more common are “manual” searches, where officers themselves scrutinize the data in our phones, without assistance from external software. For example, there was a ten-to-one ratio of manual searches to forensic searches by U.S. Customs and Border Protection in fiscal year 2017. Manual searches are just as threatening to our privacy. Police access virtually the same data (except some forensic searches recover “deleted” data or bypass encryption). Also, it is increasingly easy for police to use a phone’s built-in search tools to locate pertinent data. As with forensic searches, it is likely that a large portion of manual searches are by “consent.”
“Consent Searches” Invade Privacy
Phone searches are extraordinarily invasive of privacy, as the U.S. Supreme Court explained in Riley v. California (2014). In that case, the Court held that an arrest alone does not absolve police of their ordinary duty to obtain a warrant before searching a phone. Quantitatively, our phones have “immense storage capacity,” including “millions of pages of text.” Qualitatively, they “collect in one place many distinct types of information – an address, a note, a prescription, a bank statement, a video – that reveal much more in combination than any isolated record.” Thus, phone searches “bear little resemblance” to searches of containers like bags that are “limited by physical realities.” Rather, phone searches reveal the “sum of an individual’s private life.”
“Consent Searches” Cause Racial Profiling
There is a greater risk of racial and other bias, intentional or implicit, when decision-makers have a high degree of subjective discretion, compared to when they are bounded by objective criteria. This occurs in all manner of contexts, including employment and law enforcement.
Whether to ask a person for “consent” to search is a high-discretion decision. The officer needs no suspicion at all and will almost always receive compliance.
Predictably, field data show racial profiling in “consent searches.” For example, the Illinois State Police (ISP) in 2019 were more than twice as likely to seek consent to search the cars of Latinx drivers compared to white drivers, yet more than 50% more likely to find contraband when searching the cars of white drivers compared to Latinx drivers. ISP data show similar racial disparities in other years.
When it comes to phone searches, it is highly likely that police likewise seek “consent” more often from people of color. Especially during our growing national understanding that Black Lives Matter, we must end police practices like these that unfairly burden people of color.
“Consent Searches” Undermine Judicial Review of Policing
Judges often examine warrantless searches by police. This occurs in criminal cases, if the accused moves to suppress evidence, and in civil cases, if a searched person sues the officer. Either way, the judge may analyze whether the officer had the requisite level of suspicion. This incentivizes officers to turn square corners while out in the field. And it helps ensure enforcement of the Fourth Amendment’s ban on “unreasonable” searches.
Police routinely evade this judicial oversight through the simple expedient of obtaining “consent” to search. The judge loses their power to investigate whether the officer had the requisite level of suspicion. Instead, the judge may only inquire whether “consent” was genuine.
Given all the problems discussed above, what should be done about police “consent searches” of our phones?
Ban “Consent Searches” in High-Coercion Settings
Legislatures and judges should bar police from searching a person’s phone or similar electronic devices based on consent when the person is in a high-coercion setting. This rule should apply during traffic stops, sidewalk detentions, home searches, station house arrests, and any other encounters with police where a reasonable person would not feel free to leave. This rule should apply to both manual and forensic searches.
Upturn’s 2020 study called for a ban on “consent searches” of mobile devices. It reasons that “the power and information asymmetries of cellphone consent searches are egregious and unfixable,” so “consent” is “essentially a legal fiction.” Further, consent searches are “the handmaiden of racial profiling.”
Civil rights advocates, such as the ACLU, have long demanded bans on “consent searches” of vehicles or persons during traffic stops. In 2003, the ACLU of Northern California settled a lawsuit with the California Highway Patrol, placing a three-year moratorium on consent searches. In 2010, the ACLU of Illinois petitioned the U.S. Department of Justice to ban the use of consent searches by the Illinois State Police. In 2018, the ACLU of Maryland supported a bill to ban them. Of course, searches of phones are even more privacy-invasive than searches of cars.
Strictly Limit “Consent Searches” in Less-Coercive Settings
Outside of high-coercion settings, some people may have a genuine interest in letting police inspect some of the data in their phones. An accused person might wish to present geolocation data showing they were far from the crime scene. A date rape survivor might wish to present a text message from their assailant showing the assailant’s state-of-mind. In less-coercive settings, consent to present such data is more likely to be truly voluntary.
Thus, it is not necessary to ban “consent searches” in less-coercive settings. But even in such settings, legislatures and courts must impose strict limits.
First, police must have reasonable suspicion that crime is afoot before conducting a consent search of a phone. Nearly two decades ago, the Supreme Courts of New Jersey and Minnesota imposed this limit on consent searches during traffic stops. So does a Rhode Island statute. This rule limits the subjective discretion of officers, and thus the risk of racial profiling. Further, it ensures courts may evaluate whether the officer had a criminal predicate before invading a person’s privacy.
Second, police must collect and publish statistics about consent searches of electronic devices, to deter and detect racial profiling. This is a common practice for police searches of pedestrians, motorists, and their effects. Then-State Senator Barack Obama helped pass the Illinois statute that requires this during traffic stops. California and many other states have similar laws.
Third, police and reviewing courts must narrowly construe the scope of a person’s consent to search their device. For example, if a person consents to a search of their recent text messages, a police officer must be barred from searching their older text messages, as well as their photos or social media. Otherwise, every consent search of a phone will turn into a free-ranging inquisition into all aspects of a person’s life. For the same reasons, EFF advocates for a narrow scope of device searches even pursuant to a warrant.
Fourth, before an officer searches a person’s phone by consent, the officer must notify the person of their legal right to refuse. The Rhode Island statute requires this warning, though only for youths. This is analogous to the famous Miranda warning about the right to remain silent.
Other Kinds of “Consent Searches”
Of course, consent searches by police of our phones are not the only kind of consent searches that threaten our digital rights.
For example, many public K-12 schools search students’ phones by “consent.” Indeed, some schools use forensic technology to do so. Given the inherent power imbalance between minor students and their adult teachers and principals, limits on consent searches by schools must be at least as privacy-protective as those presented above.
Also, some companies have built home internet of things (IoT) devices that facilitate bulk consent requests from police to residents. For example, Amazon Ring has built an integrated system of home doorbell cameras that enables local police, with the click of a mouse, to send residents a message requesting footage of passersby, neighbors, and themselves. Once police have the footage, they can use and share it with few limits. Ring-based consent requests may be less coercive than those during a home search. Still, the strict limits above must apply: reasonable suspicion, publication of aggregate statistics, narrow construction of the scope of consent, and notice of the right to withhold consent.