It won't stand because it's not pragmatic. The issue around 'passwords being in your mind' is interesting, but they'll move past it.
If you have evidence of a crime on your phone, it must be part of the process.
There's nothing remotely unlawful about search of property so long as there is merit, oversight, warrant etc..
Ultimately, this will be no different than searching your car.
Now, the cops doing it without a warrant, shenanigans at the border, searchings stuff they should not be - this is all another matter entirely.
There will be some weird scenarios around people 'forgetting' passwords etc. but otherwise, it's just a new angle on the same old thing.
Those who would like to see better judicial reform I think should look elsewhere, into such issues as why/how warrants are issued, the transparency around them, etc..
The problem with forcing someone to reveal a secret (e.g. a password), is that ultimately, there's no way to prove that someone actually knows the password. If I say that I forgot the password, and a judge throws me in jail for contempt of court, I could rot there forever. There is absolutely no way for me to ever prove that I truly forgot the password. You can't prove a negative.
With fingerprints or face scanning, neither of these is an issue. You put your fingerprint on the device, or you scan your face.
So, I think that forcing someone to reveal a secret that is purely in their head is fundamentally different than compelling other forms of access (physical keys, fingerprint scans, face scans, etc.). The physical access methods can be verified to either work or not. That's not true for mental secrets.
However, that's a unique case, because the authorities know the hashes of the cleartext files on his machine match the hashes of illicit media. "Foregone conclusion" so long as you believe in the mathematics behind hash collisions.
Either what they have is enough for a conviction or it's not. If it is, then there's no need to actually get access to it, if it's not then it might as well not exist.
In the file sharing scenario, how would the feds know that the encrypted drive actually has the files? They can only know what they suspect is on the drive.
You've completely misunderstood the law here, unfortunately, and argued something that that goes in the opposite direction of this ruling.
The law is actually that physical features/etc can be compelled because they are not testimonial.
“[i]t is compulsion of the accused to exhibit his physical characteristics, not compulsion to disclose any knowledge he might have.”
United States v. Wade
"“the task that Diamond was compelled to perform—to provide his fingerprint—is no more testimonial than furnishing a blood sample, providing handwriting or voice exemplars, standing in a lineup, or wearing particular clothing.”"
State v. Diamond (This is a state case but applying the federal constitution).
Note also that fingerprints are almost always taken at booking, etc. They just aren't transferable in a way that lets the police use them to unlock the phone.
Passcodes, on the other hand are often testimonial. Entering the combination to a safe proves you probably had ownership/control of the safe, for example.
In those situations, generally the government has to be able to prove that you own it.
If they can, you will be forced to open the safe.
In the case of phones, the only interesting intermediate cases are phones where ownership can't be proven easily by other evidence.
(Note:I don't necessarily agree with these doctrines, but that is the current law)
> Passcodes, on the other hand are often testimonial. Entering the combination to a safe proves you probably had ownership/control of the safe, for example.
Is this not also true for face/fingerprint ID? Proving the face/fingerprint ID proves you probably had ownership control of the device.
Actually, there is a fingerprint in my phone. It isn't any of my fingers (I can't recall, maybe my elbow). Will I be in contempt of court for scanning my finger 'wrong'. I don't think my elbow will work a month later, it must have changed more than my finger.
I don't see why this is downvoted, parent brings up a good point. If a phone has a fingerprint or face lock, there is proof whose fingerprint or face (or whether it is a fingerprint or face) is the key. Is that knowledge not similar to a password? If the phone requires a PIN or passcode after say, 3 attempts, that's important information.
The issue arises when the knowledge of the password itself is incriminating. The 5th amendment prohibits forced self incrimination.
Forcing a suspect to divulge information that is directly incriminating will not stand constitutional review, regardless of the nature of the information.
Mugshot photographs are constitutional, no? Suppose the face biometrics were poorly implemented, such that holding a printout of the mugshot were sufficient to defeat the facial recognition. Would doing that violate the 5th amendment? What if the face biometrics are better than that, but they can still be defeated by a very carefully constructed 3d model of the suspects head, created from data taken from numerous mugshots taken from many angles?
Or what if a suspects fingerprint was taken without his consent by the police, and compared against a fingerprint taken from the murder weapon? Is that self incrimination?
I'm not seeing the "self incrimination" angle for face or fingerprint scans here. For classical passwords yes, but not for biometrics.
The issue is more related to the intent of the action regardless of the practicalities of it. Essentially the subjecting giving a password is giving their consent to the device to unlock it. Using their iris or facial pattern as something compelled in that context would be distinct from the gunshot residue or blood of a victim which also incriminates them since that is something about them as opposed to being compelled to testify against themselves.
It is admittedly a weaker argument from a pure physical standpoint but the law doesn't operate based upon that anyway. Any judge would throw out a request in discovery for the defendant to produce a recording confessing their guilt even for legitimate comparative purposes and many other requests or demands that would be unduly prejudicial for 5th amendment reasons.
I'm just not seeing a meaningful distinction between forcibly taking their fingerprint ("something about them") to check against prints found on a gun and forcibly taking their fingerprint ("something about them") to check a smartphone found on the scene.
If they have a warrant to check the phone, and if taking fingerprints of the arrested without consent has already been found constitutional, I just don't see a problem.
I'm guessing this ruling is about taking the suspects actual finger and placing it on the scanner.
This is different from building a fake finger based on fingerprints and using it to unlock your device.
Consider the password case, you can't be compelled to give your password, but the government is allowed to throw all of their hacking prowess against your device to crack that password. They can even ask you about the name of your first pet to get through security questions. Though they can't compel you to answer truly regarding the name of your first pet.
The important word in the comment you're replying to is "knowledge." The biometric properties of your face are not knowledge and are not protected by the 5th amendment.
If your password is “I killed him and the body is hidden under my deck” and that’s the literal crime you are being charged with, sure. But your password is usually not an admission of a crime, so that’s not the argument.
Even if your encrypted laptop contains evidence, you cannot plead the fifth if the prosecutors know it’s there. As long as they can get a warrant and when they get the data say “see your honor? Here is the evidence we knew was there!”, it doesn’t fall under the fifth.
Self incrimination would be if you are charged with tax fraud and proof is on your encrypted drive and the prosecution knows this, but also on that drive is records of money laundering, a separate crime they do not know about. This is when pleading the fifth would apply. By decrypting the laptop, you would incriminate yourself in a second crime, that you were not being charged with. Presumably if you were coerced into decrypting the laptop in this case, you could use the argument that the money laundering evidence can not be admitted into court because it was obtained inappropriately.
IANAL and this ain’t legal advice. Stay in school kids.
In a case of say, possession of stolen information, the laws of possession applied to contraband such as drugs would likely apply.
Since the information wouldn't be in your actual possession(literally in your hands or on your person), then they would fall under constructive possession laws.
In most states, constructive possession has 3 parts --
1) You must have knowledge of the presence of the contraband
2) You must know of the contraband's illicit nature
3) You must have the ability to exercise dominion and control over the contraband.
If I slip an encrypted thumb drive full of stolen trade secrets into your suitcase at the airport, you're not automatically in possession of those things because, absent any other information, none of the rules above could be satisfied.
But, if you knew the encryption key to the thumb drive, then that is evidence against you and that knowledge would be protected under the 5th amendment.
If police find a random iPhone in your house that you share with a roommate, they would have to prove constructive possession to tie anything found on that device to you. Knowledge of the password, regardless of what the password is, would be protected under the 5th amendment.
In both cases, the authorities could not compel you to incriminate yourself by forcing you to disclose your knowledge of the password to the device.
IANAL either. If you are ever in such a situation, be prepared to sit in prison for 10 years while you work your way through the appellate courts, because you're in for a long battle.
Thanks for the info. That makes sense: if by revealing that you know the password, you are also revealing constructive possession, then your explanation adds up. But if it’s very obvious that it is your phone, which I think is the more common case for some of these situations, it doesn’t, right?
> Even if your encrypted laptop contains evidence, you cannot plead the fifth if the prosecutors know it’s there. As long as they can get a warrant and when they get the data say “see your honor? Here is the evidence we knew was there!”, it doesn’t fall under the fifth.
That sounds like the 'foregone conclusion' doctrine.
When it is a 'foregone conclusion' that the data is present on a device, you can be compelled to produce that data by decryption. However, if you are so compelled, the fact that you were able to decrypt that data can't be used against you. So they will need another way to tie you to the data.
An example is if police saw you had classified documents on your computer (by e.g. a video camera) and later confiscate the computer and find it to be encrypted.
That could work if knowledge of the password itself is all they are trying to pin on you.
Usually, though, they are going to be after what the password is protecting. If you try to invoke the 5th claiming that admitting knowledge of the password itself would be incriminating, prosecutors can grant you immunity over that and that greatly reduces your 5th Amendment protections with regard to that particular subject.
What if they have a warrant? At that point I would argue that you are not self-incriminating. In my mind, it's like if the police had a warrant to search your apartment and you didn't let them in.
Police: "We have a warrant for your apartment, let us in"
Suspect: "Sorry, I lost the key when I went hiking in the Rocky Mountains, there's no way in. Oh, and be aware that if you try to force your way in more than 5 times, the apartment will catch fire and destroy everything inside"
What would happen in this case? Can the suspect be held in contempt?
That is a degenerate argument. an apartment is clearly yours. Without your password there is no way to conclusively prove that a phone is yours. SIM cards can be swapped, for example. The incriminating is not stating the password. it is the fact that you are proving the phone as yours.
Which does not in any way prove that it is yours. Over my lifetime I purchased over 30 phones. Only two of them are currently mine. If you were to place another one I have purchased, but long ago sold in my possession, that would not be enough to prove that it is currently mine. if I happen to know the password, that might be very convincing.
Nominally, the reason they check your bag at the airport is for security. But in the process they can find all sorts of other stuff that isn't dangerous to fly with but is illegal, e.g. marijuana. So the whole thing becomes an avenue to warrantless search.
You can't make the same argument about a computer or phone -- you can't bring down a plane or hurt anyone by having certain pictures on your hard drive. Anything you could do with a phone (e.g. trigger a bomb) would require some other physical infiltration, which hopefully would be caught by all the scanning and searching of people and baggage that we do already.
So I would hope that a sensible explicitly disallows this "airport loophole" in the process of bringing phone search into the normal legal process of warranted search... but I am doubtful. There are powerful people in the USA, UK, Australia, etc. would love the unfettered ability to search the phone of every air traveler.
How does TSA know your giant laptop is really a laptop and not a bomb inside a laptop case? One indicator is whether it powers up and you can log into it. (I'm not saying I love that answer, but it's a better indicator than just popping up a backlit lock screen [which could be a sheet of acetate with a fixed image])
I agree, the physical phone itself should be part of discovery. Authorities should be allowed to physically disassemble the phone and inspect its insides or run forensic tests on it.
The content on the phone is a matter of interpretation, subject to proper decryption. It is just an idea, no different from decoding ideas in somebody's journal. It makes no sense to talk about discovery of this.
And in 20/30 years when the phone is embedded in your brain?
A phone isn't a car. It's an extension of my brain. I use it to store memories that I offload from my brain. As an example I used to have 50 to 100 phone numbers memorized. Now I have zero because they are on the external part of my brain.
I see this as no different than having to decode the secret code in the ledger. You can see the encrypted data. I'm not required to decrypt it. (or am I? I don't know the law on coded ledgers)
> If you have evidence of a crime on your phone, it must be part of the process.
Then access it. If you can't access, do good police work and (legally) acquire access to it. If the entire success of your case hinges on convincing someone to incriminate themselves by giving you the password, build a better case before arresting them or tipping them off to the investigation.
> Ultimately, this will be no different than searching your car.
This can be done 100% with the accused's intervention. A LEO can see something that gives them probable cause for a warrant. A locksmith can open the car or the LEO can simply break the window and unlock it.
Just because the police don't have the technical ability to get into a phone without the user's intervention doesn't mean that person should be forced to divulge information that could incriminate them.
It it's the same as searching the car, open the door and search. Break the window, if needed. But it is more like searching your brain, which is the whole point of the 5th, it seems.
On your argumentation, there is no 5th. You can get a warrant to search someone's mind by asking questions they need to answer, even if it's self-incriminating. End of story.
My understanding is that if you are in possession of a key to a safe then law enforcement or the court can compel you to produce the key. But if the safe has a combination, then the court cannot make you give up the combination as that may be self incriminating. Not to mention the practical aspects of trying to compel someone to give up a secret. What if they claim to have forgotten the combination? What if they actually _did_ forget?
I imagine the situation with electronics will be similar. If a key to, say, an encrypted volume is stored on a flash drive then they may compel someone to produce it (analogous to a safe key). But if the drive is protected by a password, then the government cannot compel someone to provide the secret.
I think you need to read the court opinion, because you're only addressing one half of it. There's a 5th amendment aspect too and that's a lot harder to overcome.
The only way for this to stand is if the 9th circuit upholds the ruling and the Supreme Court declines to hear it
Another circuit will disagree with the 9th circuit and the supreme is forced to take the case, they wont uphold a novel 9th circuit ruling
There isnt an interpretation of the constitution possible for them to, and a the composition of the court makes this even more unlikely to pluck from thin air
I hope that it doesn't so that hopefully people will stop using their body as a password (it should only be used as a login name if you absolutely need to use it)
