Florida Appeals Court Says Producing Passwords Is Testimonial And Protected By The Fifth Amendment
from the A-CHALLENGER-APPEARS dept
The Florida State Appeals Court is bucking the trend on compelled decryption. While most courts have held forcing someone to relinquish the password to a locked device does not raise Fifth Amendment issues, this court has decided that act is testimonial in and of itself. This makes the state's demand unconstitutional and sends it up the ladder to the state's highest court. (via FourthAmendment.com)
The facts of the case may play a role in future deliberations. It involves a drunk driving accident. Phones belonging to the driver and passenger were were taken from the crashed car. The search of the driver's phone didn't go far, thanks to it being locked with a password. Prosecutors sought an order compelling password production but were met with arguments from the driver's lawyer claiming this would violate his Fifth Amendment rights. The appellate court agrees. From the decision [PDF]:
[R]evealing one’s password requires more than just a physical act; instead, it probes into the contents of an individual’s mind and therefore implicates the Fifth Amendment. The very act of revealing a password asserts a fact: that the defendant knows the password.
This is normally where the "foregone conclusion" standard is set -- the one that allows the government to bypass Fifth Amendment protections if it can show it knows the defendant knows the password to unlock a device. That's (usually) the only conclusion the government needs to reach. It does not need to show that it knows evidence needed to prosecute the case resides on the device. It only needs to tie the device to the defendant and show that there's a reasonable certainty the device can be unlocked by the person targeted by the order.
When applying this standard, courts usually don't consider production of passwords testimonial. And if it is, it's only verifying a fact the government has already shown it knows. Often, the government is forbidden to use this particular evidence -- that the defendant unlocked the phone -- against the person in court.
This court goes a different direction. It says, foregone conclusion or no, the production of passwords is testimonial and has the potential to harm the defendant just like any other Fifth Amendment violation would. The court notes the government gains nothing by obtaining a password. It wants what the password provides: access to information that might be used as evidence against the person supplying the password.
Here, the state seeks the phone passcode not because it wants the passcode itself, but because it wants to know what communications lie beyond the passcode wall. If the minor were to reveal this passcode, he would be engaging in a testimonial act utilizing the “contents of his mind” and demonstrating as a factual matter that he knows how to access the phone. As such, the compelled production of the phone passcode or the iTunes password here would be testimonial and covered by the Fifth Amendment.
Rather than use a standard used elsewhere, the court demands more from the government than a reasonable certainty the phone's owner knows how to unlock the phone. It needs to show the evidence it seeks can be found on the device.
Below and on appeal, the state’s argument has incorrectly focused on the passcode as the target of the foregone conclusion exception rather than the data shielded by the passcode, arguing that “because the State has established the existence of the passcode and iTunes password, evidence on the Petitioner’s cell phone, and that he can access the content of his phone,” the compelled search was acceptable. Similarly, the trial court specifically held that the “existence, custody, and authenticity of the passcodes are a foregone conclusion” in the order appealed. This holding, which focuses on the passcodes rather than the data behind the wall, misses the mark.
On this subject, we again disagree with the Second District. In Stahl, the court focused on the “reasonable particularity that the passcode exists,” a fact that the state had established. 206 So. 3d at 136 (emphasis in original). However, this is not the proper focus of the inquiry—it is not enough to know that a passcode wall exists, but rather, the state must demonstrate with reasonable particularity that what it is looking for is in fact located behind that wall. Contrary to the Stahl court’s conclusion, which the trial court adopted, the “evidence sought” in a password production case such as this is not the password itself; rather, it is the actual files or evidence on the locked phone. Without reasonable particularity as to the documents sought behind the passcode wall, the facts of this case “plainly fall outside” of the foregone conclusion exception and amount to a mere fishing expedition.
This is where the facts of the case may result in a ruling that aligns with the trial court's take on the "forgone conclusion" exception, but still denies access to the phone's contents. Everyone carries a phone. Drunk drivers are like sober drivers. That a drunk driver was carrying a phone at the time of an accident does not make it likely that evidence of the crime -- drunk driving -- will be found on the driver's phone. The court goes back to its "fishing expedition" comment, pointing out the state barely has any reason to search the phone at all, much less attempt to weaken Fifth Amendment protections in the process.
Here, the state’s subpoena fails to identify any specific file locations or even name particular files that it seeks from the encrypted, passcode-protected phone. Instead, it generally seeks essentially all communications, data, and images on the locked iPhone. The only possible indication that the state might be seeking anything more specific was the prosecutor’s statement at the hearing that the surviving passenger had been communicating with the minor via Snapchat and text message on the day of the accident and after the accident, a fact that the trial court briefly mentioned in its order but did not appear to rely on in reaching its conclusion.
The concurring opinion raises another issue seldom touched on in other password-related rulings. The "foregone conclusion" exception to the Fifth Amendment is, like the "good faith" exception, something fabricated by courts rather than by laws or Constitutional amendments. As such, it cannot be applied to oral testimony -- such as the relinquishment of passwords to law enforcement.
[H]ere, the State sought to compel the oral production of the requested information. The foregone conclusion exception has not been applied to oral testimony, and for good reason. In Fisher, the court explained that compelling a taxpayer to produce documents “involves substantial compulsion. But it does not compel oral testimony; nor would it ordinarily compel the taxpayer to restate, repeat, or affirm the truth of the contents of the documents sought.” Based on what the production in Fisher would not do, the Supreme Court allowed the government to compel the production of documents. Requiring the accused to orally communicate to the government information maintained only in his mind would certainly compel oral testimony. So, in my view, the basis for granting the petition is not that the State failed to satisfy the requirements of the foregone conclusion exception. Rather, the petition should be granted because the foregone conclusion exception is inapplicable to the compelled oral testimony sought in this case.
Of course, the workaround here is to have defendants punch in the passwords themselves or write them down. The latter would produce more issues than having them punch in the codes, but either way, it should be apparent -- at least in Florida -- that these alternate methods are being deployed to sidestep a precedential Fifth Amendment decision by the court.
The "foregone conclusion" exception is rarely applied in this fashion. A state-level appeals court decision isn't going to change things in the rest of the nation. But it does give defendants something to refer to when challenging compelled password production. And it also suggests the exception itself is being rethought in light of tech advancements that have made it possible for people to carry several houses-worth of documents with them at all times, protected only by a password the government can almost always obtain -- either through use of the exception or with indefinite jailing on contempt charges.
Fourth Amendment protections have undergone several adjustments over the past decade as courts seek to catch up with technology. The Fifth Amendment is due for the same overhaul.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 5th amendment, compelled decryption, encryption, florida, passwords, self incrimination
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Actually it's both, in that providing the password also provides evidence linking the contents with the person, proving that they have access to, and can almost certainly modify, what's on the device.
The most damning evidence you can think of is useless to the prosecution if they can't link it to someone, and providing a password can most certainly do that.
[ link to this | view in chronology ]
This is another toy we need to take away from the government. It amounts to punishment without having been proven guilty.
[ link to this | view in chronology ]
Re:
Not to mention as others have pointed out it's possible to frame someone and get them a life sentence in jail with that kind of a precedent.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Florida? Florida?
[ link to this | view in chronology ]
Re: Florida
[ link to this | view in chronology ]
Re: Re: Florida
That's already happened in Miami.
[ link to this | view in chronology ]
Re: Re: Re: Florida
Help us, Texas Man. You're our only hope!
[ link to this | view in chronology ]
Re: Re: Florida
Because climate change includes global cooling as well, while global warming would be disproven by the next ice age.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
It's good to see the password being treated as testimony, but it still bothers me that this "foregone conclusion" exception being considered all when it comes to passwords.
From reading this, it sounds like if it was conclusively proven by the state that there was evidence of a crime on the phone, that the court would have applied the foregone conclusion exception and compelled the production of the password.
But again, this system completely screws over any person who actually can't unlock their device. What if the person really doesn't remember their password. They'll be held in jail for contempt indefinitely for the crime of forgetting their password.
And why do you even need the evidence on the device if the evidence you know to be there is such a foregone conclusion? If you can prove some fact is store on the phone through other means, what do you need with the phone at all?
[ link to this | view in chronology ]
Re:
Bobbie Chadwick was stuck in jail for 14 years because the judge would not believe that he lost 2.75 million dollars in a failed investment. He produced records, others tried to track the money down, no one could provide proof the money existed.
For the crime of having a greedy wife, he got stuck in jail for 14 years unable to disprove a negative.
So yes, the courts will hold you for contempt of password till you get an appeal all the way to the supreme court, who may not take your case.
[ link to this | view in chronology ]
Re: Re:
Yeah, I've read that one and he sure looks guilty. I bet he HAD the money and thought he'd just dummy up and keep it, then trapped himself in perjury. And because a millionaire -- able to afford lawyers -- then likely IS guilty, and clearly the judge in case knows more than you or I and thinks so too.
It's not so arbitrary as you claim, wasn't jailed without multiple fair hearings. It's a one-off that's always trotted out, as if YOU'LL ever have problem.
[ link to this | view in chronology ]
Re: Re: Re:
Point is that contempt was abused to hold someone in jail longer than any charge would have delivered.
It would be easy for a court to say, "Provide the password or be held in contempt". 14 years later the court could then say "Well I guess contempt wont work on you, your free to go".
There is president on courts holding people for very long times on contempt charges.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
It isn't. The telco (in theory, without spy software and/or unreasonably detailed logs) can't readily differentiate automatic vs. manual vs. hands-free access. "In use" might just mean I was streaming some music. Encrypted messaging apps will make it hard for them to tell whether I'm sending or receiving messages, but a timestamped log from the phone would make that obvious.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Otherwise some format of "Where did you put the bodies" would always be asked. We've made that line of questioning Illegal for some time.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
How did it take this long...
Nice to see a court finally figure out that the ones demanding a password don't just want it for no reason, but because it provides access to something they don't have which could be incriminating.
Unfortunate that they buy into the abomination that is 'foregone conclusion' such that they didn't bar the act entirely, but baby steps I suppose.
[ link to this | view in chronology ]
"bucking the trend" -- and won't stand on appeal.
Whether persons choose to put their "whole life" into a portable device and carry it everywhere with them is irrelevant, a white herring. If persons thereby provide handy trove of evidence to be used criminally, that's HANDY for gov't, isn't it?
There's similarity to the Backpage sitch, where Techdirt claims that open advertising of prostituting trafficked persons is not just okay, but desirable because police will know where to look. -- So when did you reverse on making the job easier for police?
[ link to this | view in chronology ]