Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment
from the we'll-take-a-win,-no-matter-how-small dept
Passwords and PINs still beat fingerprints when it comes to the Fifth Amendment. But just barely. Nothing about the issue is settled, but far more cases have been handed down declaring fingerprints to be non-testimonial. Fingerprints are obtained during the booking process -- a physical, traceable representation of the suspect. If they can be obtained during booking, they can certainly be obtained again to unlock a device. A physical aspect of a human being can't be considered "testimonial" as far as courts have interpreted the Fifth Amendment.
Passwords are a different story, but not by much. In a handful of cases, courts have said the compelled production of passwords and PINs has no Fifth Amendment implications. Defendants, conversely, have argued compelled password production forces them to testify against themselves by facilitating the production of evidence to be used against them.
This argument hasn't had much success. Judges have frequently found password production to be just as non-testimonial as a person's fingerprint. The argument here is that all law enforcement wants is a password, not the production of evidence. Under the "foregone conclusion" theory, all the government has to prove is that the person being asked to unlock a device can unlock the device.
This decouples password production from its consequences: the production of evidence by defendants that the government will use against them in court. When this theory is applied, the Fifth Amendment is sidelined and replaced with the ultra-low bar of foregone conclusion.
But passwords aren't fingerprints and can be testimonial. Unlocking a device law enforcement is going to search for evidence states clearly that a person owns or controls the device and its contents. That makes it very easy for the government to link a device's illicit contents to the person who was ordered to unlock it.
A case from Indiana's Court of Appeals -- via FourthAmendment.com -- addresses these arguments with a bit more sympathy for compelled testimony arguments. The government argued there's nothing testimonial about a password. The court, in a lengthy decision [PDF], disagrees.
[W]e consider [Kaitlin] Seo’s act of unlocking, and therefore decrypting the contents of her phone, to be testimonial not simply because the passcode is akin to the combination to a wall safe as discussed in Doe. We also consider it testimonial because her act of unlocking, and thereby decrypting, her phone effectively recreates the files sought by the State. As discussed above, when the contents of a phone, or any other storage device, are encrypted, the cyphertext is unintelligible, indistinguishable from random noise. In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. Thus, compelling Seo to unlock her phone goes far beyond the mere production of paper documents at issue in Fisher, Doe, or Hubbell. Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents.
The court also says there's nothing to the government's argument that unlocking a phone for police is somehow different -- and less of a Fifth Amendment issue -- than turning over a password to police.
[B]ecause we believe that electronic data and the devices that contain it are fundamentally different than paper documents and paper storage, we reject the State’s attempt to distinguish between compelling Seo to convey her passcode to the State and compelling Seo to simply unlock her phone by entering the passcode itself. It is a distinction without a difference because the end result is the same: the State is compelling Seo to divulge the contents of her mind to obtain incriminating evidence.
This decision shores up Fifth Amendment arguments against compelled decryption and password production. The state appeals court then goes further, instructing state judges and law enforcement agencies to seek less invasive -- and less constitutionally-problematic -- methods of obtaining evidence.
Going forward, we ask reviewing courts of last resort to consider the following structure for resolving decryption requests from law enforcement authorities:
1. Requiring a defendant to decrypt digital data should be legally recognized for what it is—coerced recreation of incriminating evidence— and compulsory process for that purpose should be strictly limited for precisely that reason.
2. In some instances, law enforcement officials will have legitimate need of digital information that is protected by encryption.
3. If the law enforcement request is a bona fide emergency, with verified concern about the possibility of further and immediate serious criminal acts, a warrant that describes the other imminent crime(s) suspected and the relevant information sought through a warrant, both with reasonable particularity, will likely satisfy Fourth and Fifth Amendment requirements.
4. In non-emergency situations, law enforcement should be required to first seek the digital data it wants from third parties, such as internet “cloud” sources, cellphone companies, or internet providers (ISPs), where a defendant has practically, if not explicitly, consented to production upon legal process from a court of competent jurisdiction.
5. Exceptions to the Fourth Amendment and its state analogues, such as the plain view doctrine and the good faith exception, should be inapplicable to, or strictly limited in, the search and seizure of digital data stored on devices owned or controlled by that defendant, or from “Cloud” subscriptions that defendant owns or uses.
It's a thoughtful decision that runs contrary to many rulings covering the same subject. But it is limited to the state of Indiana, so it's not going to undo any federal precedent. But it does give those representing clients facing demands for password production another citation in their favor. More importantly, it sets a new baseline for lawful demands for data production, wresting control away from law enforcement agencies unlikely to impose these constraints of their own.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, 5th amendment, indiana, kaitlin seo, phone unlocking
Reader Comments
The First Word
“The premise is simple.
Ah, you forgot the "/s" tag. Been there.
By using this website, all SovCit's accept Mike's authority to run the website the way he sees fit. This does seem kinda simple really.
Subscribe: RSS
View by: Time | Thread
"It's not a violation of the fifth!" "Prove it."
As always if they really want to claim that compelling a suspect to hand over a password and/or unlock a device isn't forcing them to provide self-incriminating evidence, they have a very simple way to put their money where their mouth is:
A signed, legally binding document granting immunity for anything resulting from the unlocking/decryption of a device/account.
If they weren't going to use the evidence against the suspect then this costs them nothing, and as such it should be the first thing they go to when a suspect objects to a demand for a password. Such a document would only be problematic if they are planning to use the results of an unlock/decryption, in which case the fifth would absolutely apply.
[ link to this | view in chronology ]
Re: "It's not a violation of the fifth!" "Prove it."
[ link to this | view in chronology ]
Re: Re: "It's not a violation of the fifth!" "Prove it."
If I served on a jury that learned that evidence was tampered with even a smidgen like this or any other way I would enact nullification.
Sadly, most Americans are too stupid to even understand why or would do the same for their fellow citizens. They would instead sit back and allow the government to railroad every fucking person that is dragged through the fucking inJustice system. All because it suits their politics and because everyone if fucking guilty of something and if they had nothing to hide they would not be accused.
[ link to this | view in chronology ]
Re: Re: Re: "It's not a violation of the fifth!" "Prove it."
[ link to this | view in chronology ]
Exceptions to inadmissibility.
Our judges have long decided that if someone is too awful to set free based on a procedural error (such as an illegal search) then the evidence that convicts them is regarded anyway.
Of course this fails to acknowledge that setting a guilty man free is supposed to be a penalty to the state for being sloppy with procedure.
But we've forgotten that.
[ link to this | view in chronology ]
Re: Re: Re: "It's not a violation of the fifth!" "Prove it."
I think a better way to put it would be that, if either side offered tampered evidence or otherwise knowingly offered unreliable evidence, you would weigh that very heavily against them. In other words, you would be performing one of the core functions of a juror, which is assessing credibility.
This has the advantage of fairness: if either side is trying to be dishonest, they suffer the consequences. It also makes it clear during jury selection that you are going in there intending to fairly weigh the evidence, not going in there with bias or intent to do anything improper.
Many judges and essentially all assistant state's attorneys would object loudly to the idea of nullification. Indeed, they would probably argue that mention of the term is sufficient to strike you for cause. Since improper nullification is probably not what you intended, you should be clear.
[ link to this | view in chronology ]
Jury Nullification
Really, nullification should be well known enough as a means to get out of Jury Duty given that plenty of those summoned can't afford the time off work to oversee a protracted case.
If enough people come in wearing an Ask me about Jury Nullification pin, eventually they'll have to accept that it's a thing.
I'm not sure which is more frightening: That our court system depends on the ignorance of its jurors or that its judges knowingly accept this state.
[ link to this | view in chronology ]
What millions do routinely many times a day isn't "coercion".
It's foolish that if criminals simply encrypt their accounts / plans / whatever then it's beyond reach of all police. The criminality enabled by this would destroy civilization.
Not surprising that minion finds its intoxicating.
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't "coercion".
Lets just cut your fucking brain out so it can be scanned and all information extracted while we are at it! Once it become routine there is nothing to worry about! No reason to worry about what it does to the victim at all!
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't "coercion".
Maybe I'm misunderstanding your comment, but yes, if someone simply strongly-encrypts their stuff, then it is beyond the reach of anyone. And yet, civilization persists.
[ link to this | view in chronology ]
Millions of encrypted accounts
As far as I'm aware, businesses larger than a mom-and-pop corner store routinely and necessarily encrypt their data and communications. And their administrators will absolutely engage in fraud, perjury or falsification of evidence in order to preserve the survival of the business.
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't "coercion".
This really isn't a difficult concept.
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't
Don't forget that thr lack of encryption allows criminals an easier path to commit their crimesm too. Crimes that claim a vast plethora of victims. You know, crimes like identity theft, trade secret espionage, and warrantless searches.
[ link to this | view in chronology ]
Criminals have been “encrypting” their information in numerous ways since they could put pen to paper. They have been destroying such information, too. The criminal justice system must often arrest and prosecute criminals without access to such evidence; sometimes, guilty parties go free because the evidence of their guilt cannot be brought forth. Despite that fact, civilization lives on.
[ link to this | view in chronology ]
Re:
Even worse they've long made use of ways to avoid leaving any permanent record at all of their activities and plans, things like talking in areas where there's no-one else to hear them and not recording those conversations.
Yet strangely despite the fact that such conversations are completely beyond the reach of police society somehow manages to survive, almost as though privacy and security, things which can protect both criminals and the innocent are not a recipe for disaster and societal collapse.
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't "coercion".
[ link to this | view in chronology ]
Re: What millions do routinely many times a day isn't "coercion".
We, humans, our capabilities, passions, thoughts and things do not, actually, exist at the behest of law enforcement.
The simple reasoning that "once we could, now we can't" is a mind-fuck fabrication of an unenforceable, non-existent reality.
We are permitted simply by the mere fact that we exist and can access thoughts, ideas and ingenuity to build any sort of protective barrier for our things that we could possibly devise. Anything, mate, anything.
[ link to this | view in chronology ]
Criminals like you...
This is totally Poe. Either it's unironic but hyperbolic, or it's satire.
Remember that you're already a criminal, waiting only for law enforcement that wants to book you. The only question is what you did, and how much time they can pile onto your sentence.
Civilian criminals aren't destroying civilization, they are civilization.
[ link to this | view in chronology ]
By the way: "plain ASCII" is PLAIN only because de-coded!
This aspect of the wrongness didn't strike me at first, but this judge completely overlooks that without a machine to "de-code" EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY.
So, even with one more step of "encryption" IT'S STILL JUST LIKE OPENING A SAFE.
[But it'd be safe in EBCDIC!]
[ link to this | view in chronology ]
Not true. Some of us can read and understand those bytes whether in binary or hexadecimal.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: By the way: "plain ASCII" is PLAIN only because de-coded!
[ link to this | view in chronology ]
Re: By the way: "plain ASCII" is PLAIN only because de-coded!
Looks like every byte in your noggin is effectively useless.
The first computers required a lot of human processing to help them work. Machine code is quite readable by humans and hardly beyond human ability.
Encryption is also quite readable by humans once the key or cipher is discovered. We just use computers to do it all faster!
In fact, is is computers that have yet to reach human ability, NOT the other way around as you so ignorantly suggest!
[ link to this | view in chronology ]
Code words and ciphers pre-consumer electronics
It seems like it would have been common for people who knew a call might be recorded to use code words for certain activities. Has a court ever ruled that a defendant must give up their private definition to a code word?
Cryptography and other methods to obfuscate information has existed long before personal computing and I find it difficult to believe there isn't any legal precedent, but I can't find any.
[ link to this | view in chronology ]
Re: Code words and ciphers pre-consumer electronics
[ link to this | view in chronology ]
Re: Re: Code words and ciphers pre-consumer electronics
[ link to this | view in chronology ]
Re: Re: Re: Code words and ciphers pre-consumer electronics
The hypothetical wasn't 'Have they done it?' as that's obviously 'yes, just because they're criminals doesn't mean they're automatically idiots' so much as 'what would happen if the police found encrypted paper documents and brought it to the court?'
Would it be treated the same as some courts have acted in response to digital encryption? 'You wrote it, you decipher it', or would the court rule that forcing the accused to decipher a code would be forcing them to provide incriminating evidence, and therefore prohibited?'
The amount of work would obviously be much different between the two circumstances, encrypted digital files vs encrypted papers, but the general act would be the same or at the very least very similar, forcing someone to make use of what they know to decrypt/decipher potentially incriminating documents, hence the question as to how a court would react.
[ link to this | view in chronology ]
Re: Re: Re: Re: Code words and ciphers pre-consumer electronics
Yes, judges are going to try to compel defendants to give up their ciphers, they ALWAYS have have not read a courts case that indicated otherwise, like EVER. The question is if they get by with it or if the will of the defendants break.
When was the last time you saw a judge get into trouble for breaching the fuck out of peoples rights? They just appeal their cases and get judgements overturned. The last time I saw a Judge get into any serious trouble was when he asked why a women did not close her legs? And that only happened because it made big news.
[ link to this | view in chronology ]
The Pizza Connection
In the late 20th century the Mafia was running cocaine through pizzerias and not only used a code system but a post WWII change-up system that scrambled around the key words every week, and kept the FBI busy for years.
As far as I know, no-one in court was ever forced to give up the codes, and only after the fact were the books discovered.
But if there ever was a demand by a court to turn them over, or a pre-smart-phone challenge to the notion, that would be the case for it.
[ link to this | view in chronology ]
Enforcement
Sure, you'll still go to jail if you don't comply. But they can't *actually* make you. No one can make a sovereign citizen do anything!
[ link to this | view in chronology ]
Re: Enforcement
No, no one actually gives a shit about your rights or your situation... until it fits into their political agenda that is.
[ link to this | view in chronology ]
Tell that to a SovCit.
[ link to this | view in chronology ]
Re:
you have to do whatever those in authority tell you to do
Tell that to a SovCit.
Well you see, once you allow the police to arrest you for failing to comply, you are no longer a SovCit because you have given up your rights under Common Law!!!
I think. Still waiting for someone to explain this common law krap to me and how it keeps getting invoked.
Also, I was Poe'd and should use the /s tag, my bad. Or maybe a /t tag for trolling since making fun of the SovCits does not really contribute to anything. :(
[ link to this | view in chronology ]
Re: Re:
The idea is that a government does not have any authority over you until you "accept" that authority.
You may not be aware of this but all citizens are slaves of their governments whether they know it or not.
Instead of calling it "do what your master says" it is "follow the law. Same thing, different words.
Don't pay your taxes, someone with a gun comes for you or the property you don't technically own.
Break the law, someone with a gun comes for you.
Fail to perform certain civic duties, someone with a gun comes for you.
No matter how free you feel, you are a slave, plain and simple. Go and call a cop a pig, see how free you really are.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The premise is simple.
Ah, you forgot the "/s" tag. Been there.
By using this website, all SovCit's accept Mike's authority to run the website the way he sees fit. This does seem kinda simple really.
[ link to this | view in chronology ]
I have the answer
[ link to this | view in chronology ]
What if...
[ link to this | view in chronology ]
Re: What if...
[ link to this | view in chronology ]
Re: Re: What if...
[ link to this | view in chronology ]
DOJ crypto backdoorers should consider better defendants
As it is, their hypocrisy of selective enforcement applying only to "little people" eliminates any moral authority they might once have had.
[ link to this | view in chronology ]