Another Illinois Appeals Court Handles Compelled Password Production, Says There's No Fifth Amendment Issue Here
from the residents'-rights-are-now-determined-by-where-they-reside-in-the-state dept
The Fifth Amendment implications of compelled password production has reverted from "somewhat settled" to "not settled at all" in the state of Illinois.
In 2019, an Illinois appellate court said the Fifth Amendment protects people against compelled password production to unlock devices. As the court pointed out in that decision, investigators had zero interest in the password itself. They were interested in what it would give them access to, which was all the evidence allegedly on the locked phone.
The state relied on the "foregone conclusion" theory. In the government's view, the only information it needed to know with certainty is that the phone belonged to the suspect and that the suspect knew the passcode to unlock it. But the appellate court said that wasn't the right conclusion. What investigators wanted was access to the phone's contents, and it could not compel production of a passcode just to see if its guess about evidence contained in the phone was correct.
Here, the State is not seeking the passcode per se but the information it will decrypt. The cases that declare the passcode to be a nontestimonial communication operate under the framework that the passcode is the testimonial communication and that it falls under the foregone conclusion exception to the fifth amendment privilege. We consider that the proper focus is not on the passcode but on the information the passcode protects. The State claims it sustained its burden of proving with reasonable particularity that it knew the passcode existed, that Spicer knew the passcode and that it would be authenticated by entering it into Spicer’s phone. However, what the State actually needed to establish with reasonable particularity was the contents of the phone, which it did not do.
That decision didn't settle every open question about the Fifth Amendment's application to locked devices and compelled production, but it did set a baseline for law enforcement to reach if it expected courts in this district to ask for orders demanding the surrender of passcodes.
But that was the Third District. The Fourth District Appellate Court has a different set of standards and it has sided [PDF] with the state, finding that the Fifth Amendment doesn't apply to compelled production. (via FourthAmendment.com)
The trial court sided with the defendant, saying the state had not met its "foregone conclusion" burden and recognizing the constitutional implications of, in essence, forcing someone to testify against themselves by compelling access to possibly incriminating evidence. It specifically cited the 2019 Third District Appeals Court decision in its opinion.
[R]elying on Spicer, the court found that, for the doctrine to apply, the State must show with reasonable particularity that, when it sought the act of production, it “knew the evidence existed, the evidence was in the [d]efendant’s possession and it was authentic.” The court noted (1) a valid search warrant had issued for the phone’s contents, which defendant did not challenge, and (2) law enforcement has a right to access the contents of the cell phone. The court concluded, however, that it “would be speculation to presume at this point that the photograph would still be on the phone,” and it “[could not] find here that it’s more likely to be found on the [d]efendant’s phone any more than it might be on the [co-defendant’s] phone.” Accordingly, the court found that the State did not show the foregone conclusion doctrine applied and denied the State’s motion to compel defendant to provide access to his cell phone.
The Appellate Court disagrees with this assessment. It sets the "foregone conclusion" bar much lower than the Third District did, saying the only thing the government needs to know is whether or not the phone likely belongs to the defendant and that they likely have the ability to unlock it.
Investigators obtained phone records linking the seized phone to the defendant and double-checked this by calling the number listed on the phone records. The lockscreen showed the incoming call from the police station phone, adding more evidence that the phone held by investigators belonged to the suspect facing fraud charges.
To reach this conclusion, the court considers -- and discards -- rulings from the state and federal level that found that compelled production is a form of testimony. Instead, it decides that punching in a passcode is an effort so free of mental effort it's no different than a fingerprint or a blood sample.
The questions raised in Stahl and Andrews regarding the continued viability of the key/combination analogy (i.e., mental/physical dichotomy) in the digital age deserve consideration. We, too, observe that a cell phone passcode is a string of letters or numbers that an individual habitually enters into his electronic device throughout the day. A passcode may be used so habitually that its retrieval is a function of muscle memory rather than an exercise of conscious thought. A fair question that arises, then, is whether the rote application of a series of numbers should be treated the same as the Hubbell respondent’s “exhaustive use of the ‘contents of his mind’ ” to produce hundreds of pages of responsive documents. The two scenarios appear to bear no resemblance to each other.
Going further, the court says the defendant isn't actually going to be telling investigators anything. He is not being ordered to turn over his passcode, but rather enter it to unlock the phone investigators have a warrant to search. While the lower court was correct to rely on precedent set in 2019, the precedent doesn't make any difference in this district.
After comparing conflicting opinions from across the nation on what "foregone conclusion" needs to be reached (a. phone can be unlocked by the defendant, or b. phone contains evidence relevant to the case), the court decides it's the former.
Placing the focus of the foregone conclusion doctrine on the passcode rather than the documents or evidence contained on the phone appears to strike the most appropriate balance between fifth amendment concerns and fourth amendment concerns. In this case, the State’s motion seeks the compelled production of the passcode. The production of the passcode will lead to the contents of the phone, for which the State has obtained a valid search warrant that defendant does not challenge.
According to this appeals court, finding otherwise would allow defendants to hide behind the Fifth Amendment even when the Fourth Amendment has been satisfied.
[H]e seeks to utilize the fifth amendment to prevent the operation of the fourth amendment, which authorizes (as here) the issuance of a search warrant based upon a verified complaint showing probable cause for the presence of evidence of a crime in the premises (here, the cell phone) to be searched.
By focusing (1) the fifth amendment analysis on the production of the passcode and (2) the fourth amendment analysis on the evidence contained on the phone, one constitutional provision does not become either superior or subservient to the other. Further, doing so ensures that the protection against compelled self-incrimination and the interests of law enforcement in executing a valid search warrant are both respected.
That's how it stands in the Fourth District. Even though it disagrees with the Third District's conclusions, it can't actually override that precedent. So, the Fifth Amendment has differing levels of protections depending on which district is handling criminal cases involving compelled production of passwords. Sooner or later, the state's top court is going to need to step in and reconcile these differences.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 5th amendment, compelled password production, illinois, passwords, self-incrimination
Reader Comments
Subscribe: RSS
View by: Time | Thread
Insanity to give you what you want
A passcode may be used so habitually that its retrieval is a function of muscle memory rather than an exercise of conscious thought
Talk about twisting yourself into knots to convince yourself you can get away with something.
Even if you're so used to entering a passcode that it is muscle memory you still have to engage in a conscious choice to trigger that memory. Entering the code is still a choice actively made by the user. Trying to run around that to pretend it's not an act of speech is absurd.
[ link to this | view in chronology ]
Re: Insanity to give you what you want
[ link to this | view in chronology ]
Admit to a crime
What do you suppose happens if the defendant's password is an admission of a crime? Like:
i-stole-$50-worth-of-floss-from-CVS
Does that make the production of the password testimonial?
[ link to this | view in chronology ]
Re: Admit to a crime
No.
[ link to this | view in chronology ]
Re: Re: Admit to a crime
Yes, it would.
[ link to this | view in chronology ]
If they could do it for him, it's not speech. For example the police could place a suspect's finger over a sensor. If they can't do it themselves, if they have to compel assistance from a suspect, it's compelled speech.
How Illinoiying.
[ link to this | view in chronology ]
I wonder what the warrant covers
The contents of the phone are encrypted, so if they are allowed (and able) to search the current content of the phone, they won't find much of use. What they want, of course, is the decrypted content of the phone, which surely is different (particularly as it presumably didn't even exist at the time the warrant was signed).
[ link to this | view in chronology ]
Re: I wonder what the warrant covers
[ link to this | view in chronology ]
Re: Re: I wonder what the warrant covers
Or more accurately:
they're just missing a number that would turn an incomprehensible sequence of 1s and 0s into what investigators want to find on a phone.
All things equal, the correct number could "prove" innocence by transforming the data into non-criminal evidence. Another "correct" number could frame the innocent by transforming the data into criminal evidence. Both numbers are "correct" in the sense that they produce intelligible data, but neither need be the number that the suspect actually used. Of course we all know which number the prosecution will choose to submit as evidence.
[ link to this | view in chronology ]
Personally, I'm not against the forced production of a password. If someone put a digital lock on a safe, would they be providing testimony by having to produce the pass code? I don't think so. But hey, that's just me.
[ link to this | view in chronology ]
Re:
Yes, they would be providing testimony. In the hypothetical you presented, authorities with a warrant would crack the safe to get at its contents rather than ask for the passcode or key.
[ link to this | view in chronology ]
Re: Re:
That is why booby trap mode in some phones exists where if they tried to crack it too many times, the phone would wipe and reset, then they are just SOL, since enabling booby trap not does not break any laws.
[ link to this | view in chronology ]
until it's one of them that has to produce their password!!
[ link to this | view in chronology ]
That is one reason you want to enable "booby trap" mode, as I like to call it, if your phone has it, and most Samsung phones do.
This will cause the phone to wipe itself and reset if there are too many failed password attempts.
Like I have said, enabling this mode does break the law anywhere in Canada, Mexico, or the USA
If your phone wipes and resets because they attempt to brute force it, and the phone resets after too many failed password attempts, it is their tough luck.
You cannot prosecuted because they input too many failed password attempts.
There is no law in any of the 14 provinces of Canada, the 50 states of the USA, or the 31 states of Mexico you can be prosecuted under if the phone wipes and resets itself while in their possession because they tried to brute force your password.
This setting is perfectly legal in the USA, Canada, or Mexico, or Samsung would not have that in their J7 Prime and J7 Star phones.
[ link to this | view in chronology ]
Canada
Where do you get "14 provinces" in Canada?
[ link to this | view in chronology ]
Not a problem at all... unless they're lying
One of these days I'd love for a defense attorney to call the 'it's not a fifth amendment violation' bluff/lie by asking for immunity for their client for anything that resulted from the unlock. After all if the defendant isn't being asked to provide evidence that might incriminate them and all that the police/prosecutors are after is the password then they would have no problem providing that immunity since that's all they claim to want.
Of course they would never accept such a deal for the simple reason that they and everyone else know full well that they're after what the password provides access to(and what providing it means) but it would at least force them to scramble to come up with some undoubtedly laughable excuse for why immunity for useless information is suddenly a huge problem to provide.
[ link to this | view in chronology ]
At the point when you erase a document, the information really isn't gone in any way. All that occurs, is that Android denotes the space where the data is put away as "void." https://alltechpride.com/ That implies you will not have the option to track down the record and it implies Android will regard it as absent.
[ link to this | view in chronology ]
Re: Permanent Deletion by Darren Chaker
For the person who thinks emptying a waste basket, or deleting a photo or other file on his/her phone results in permanent deletion demonstrates he should not venture into such a presumption. For anyone who values privacy, 1) do not back-up anything to the cloud and 2) invest an to permanently erase data you truly want unrecoverable.
As for photos and other data on your phone, connect the phone directly to a computer and sweep the data directly to your computer. Of course, be sure your computer uses Whole Disk Encryption since it's pointless to remove data from your phone to an insecure computer.
Last, going back to the focal point of this threat (police and passwords), if you think police will want to get into your phone, lock it as to disable facial recognition and invoke the right to an attorney.
[ link to this | view in chronology ]