The judge cited a combination of 4th and 5th amendment questions; if the authorities can prove that the phone belongs to the suspect how would that affect the ruling? It seems like it should be easy to verify the ownership via service records.
The reasoning of this opinion isn't well fleshed out, particularly when it comes to the forgone conclusion exception. So I'm not sure whether it would matter to this magistrate judge in this situation. Some aspects of the opinion suggest that it might, others suggest that it wouldn't.
That said, generally speaking it would matter and has mattered in other decisions. If the government can independently demonstrate that a suspect has the ability to use biometrics to decrypt a device, that may - through the forgone conclusion exception - allow the government to compel them to do so. But I'd add that courts haven't been in complete agreement about what would need to be independently demonstrated. Just that the suspect can decrypt the device? Or the information that might be found on the decyrpted device?
I'd also note that, while this decision (not to allow the government to compel someone to use biometrics to decrypt a device) is framed as being based on both the 4th and 5th Amendments, it's really just based on the 5th Amendment. The magistrate judge is only saying that forcing the person to use biometrics to decrypt the smartphone would make the search unreasonable, and thus a violation of the 4th Amendment, because doing so would violate the 5th Amendment. It's not the search which would be unreasonable, it's the compelled decryption. If the compulsion wouldn't violate the 5th Amendment, then the search wouldn't violate the 4th Amendment.
As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided.
Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
The issue isn't whether the government is allowed to search something. The issue is whether the government can force people to aid in searching that something. Having a valid warrant to search a smartphone doesn't mean that the government can force someone to, e.g., enter a passcode to decrypt that device.
My understanding of US law is that a suspect can be compelled to give up a passcode with a warrant, but not biometrics. Did these officers and judge not know that a passcode is the fallback to all these other methods? There’s some information missing in the story regarding that.
Having said that, I’m very glad the judge followed the law and disallowed the forcing of biometrics. As for those who use biometrics but have concerns, Apple (don’t know about Android, but I expect same) has a method to quickly disable biometric entry (rapid pressing of home button five times — same as calling emergency services), which prevents abuse of Face or Touch ID. Perhaps there is a Siri Shortcut that could be created to easily/quickly put a phone in “lost mode” before the cops (or robbers) take it from you.
Face ID and Touch ID are incredibly useful but everyone who uses them should know the disabling shortcut, at the very least.
Courts have reached different conclusions on the various issues. The law isn't settled in either regard yet. But it's more so been the opposite of what you're suggesting: Suspects can't be forced to use passcodes to decrypt devices, but they can be forced to use biometrics.
As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided.
That’s called spoliation of evidence, and it’s illegal.
The judge cited a combination of 4th and 5th amendment questions; if the authorities can prove that the phone belongs to the suspect how would that affect the ruling? It seems like it should be easy to verify the ownership via service records.
The article does a poor job of paraphrasing and interpreting the opinion. Whether police can prove ownership is irrelevant. The issue is whether unlocking a phone with biometrics is self incrimination. Because only the owner can unlock the phone the answer is yes, and therefore it violates the 5th amendment.
There’s no “we can prove what you would have testified about anyway” exception to the 5th amendment.
There is such an exception when it comes to act of production doctrine. And here that's what we're dealing with.
A cursory review of the state of the law: Generally speaking, the Fifth Amendment doesn't prohibit the government from compelling you to take certain actions - e.g., to produce documents you have in your possession. (Note: In this context, produce refers to turning documents over to the government, not to creating them.) However, the Fifth Amendment might prohibit the government from compelling you to take certain actions if those actions would, by their nature, be testimonial. For instance, producing documents that the government wants necessarily implies that you know where such documents are. The information which the documents contain isn't protected by the Fifth Amendment. But your implicit concession that you know where the documents are is.
However, even if there's a testimonial aspect to an act, the government might be able to compel such act if the testimonial information it would convey is a forgone conclusion. So, e.g., if the government can independently demonstrate that you know where certain documents are, it might be able to compel their production even though your producing them effectively communicates that you know where they are. That's the forgone conclusion exception.
To be clear, the forgone conclusion exception doesn't apply to testimony. The government can't compel you to testify to something just because it can independently demonstrate that something. The forgone conclusion exception only applies to acts which have a testimonial aspect to them.
If there is probable cause that child porn was on the device, I think a warrant should be granted. That’s how it works for other warrants. Make law enforcement specify what they are looking for. What is the difference between a biometric lock and them searching your house, files, etc? Seems not to be any.
Whether the government is allowed to search something and whether it can force someone to assist in that search are different considerations.
As for the difference you ask about:
(1) The comparison that many people make between unlocking a smartphone and unlocking, e.g., a safe or a home is an inapt comparison. When you enter a passcode into an iPhone, you aren't unlocking it so much as you are decrypting it. Even without you entering that passcode (or using your fingerprint), the government can already access all of the data which is stored on that iPhone if it wants to. But it doesn't want the data as it is currently stored. What it wants is for you to decrypt that data - i.e., to change it to something else which the government thinks might be more useful to it as evidence. It wants you to assist in the recreation of evidence which doesn't currently exist or, conceived a different way, it wants you to help interpret what evidence currently exist. The first problem with current jurisprudential consideration of this issue is this fundamentally inaccurate conception of what happens when someone decrypts a device. They aren't merely unlocking it so as to grant access to what already exists. They are changing or interpreting what already exists.
(2) That problem aside, again, there's a difference between the government being allowed to search your house and the government being able to force you to do certain things to aid it in that search. Perhaps using biometrics to decrypt a device is (even if we accept the flawed conception I alluded to in (1)) more like providing a key to a safe than it is like inputing the combination to a safe. I don't think it is. But even if it is, under act of production doctrine the government would need, at a minimum, to be able to independently demonstrate that you had the ability to decrypt the the device using biometrics before it could compel you to do so. That's comparable to it being able to independently demonstrate that you know where the key that unlocks a safe is. That's required for the forgone conclusion exception (to the prohibition on requiring actions which have testimonial aspects) to apply.
As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided.
That’s called spoliation of evidence, and it’s illegal.
Do I have to repeat myself? Yes, I do. I never once said that the user had to zeroize anything! Did I say that? No. Please try to understand what I'm saying. Try harder. Read my post again. I did not say anyone should erase the data. I said if the feature existed police would never ask you to use your finger to unlock your phone because they don't know which finger you need to use to unlock it. Concentrate on that. The police cannot compel you to reveal which finger unlocks and which one zeroizes your phone. That's a password, and the police cannot compel you to reveal any password. Just as I cannot compel you to think logically, they can't compel you to reveal a password. At least not when doing so will incriminate you. The EFF will provide free legal defence for you if they ask you to provide a password.
So there is no spoliation of evidence because no evidence is destroyed. And even if you did destroy evidence on a phone, which is not what I'm advocating, you wouldn't be convicted by any jury because there is a very reasonable doubt that your phone contained anything incriminating at all. Some people actually don't store anything on their phones. Did you know that?
There's no mention of biometrics on the wikipedia page about the 5th amendment, but there are a few sentences about whether passwords are protected by the fifth amendment, and it's interesting/relevant reading: (the last two bullets show somewhat contradictory judgments.)
While no such case has yet arisen, the Supreme Court has indicated that a respondent cannot be compelled to turn over "the contents of his own mind", e.g. he cannot be compelled to reveal the password to a bank account if doing so would prove the existence of the bank account under his control.[79][80][81]
Lower courts have given conflicting decisions on whether forced disclosure of computer passwords is a violation of the Fifth Amendment.
In In re Boucher (2009), the US District Court of Vermont ruled that the Fifth Amendment might protect a defendant from having to reveal an encryption password, or even the existence of one, if the production of that password could be deemed a self-incriminating "act" under the Fifth Amendment. In Boucher, production of the unencrypted drive was deemed not to be a self-incriminating act, as the government already had sufficient evidence to tie the encrypted data to the defendant.[82]
In January 2012 a federal judge in Denver ruled that a bank-fraud suspect was required to give an unencrypted copy of a laptop hard drive to prosecutors.[83][84] However, in February 2012 the Eleventh Circuit ruled otherwise - finding that requiring a defendant to produce an encrypted drive's password would violate the Constitution, becoming the first federal circuit court to rule on the issue.[85][86] In April 2013, a District Court magistrate judge in Wisconsin refused to compel a suspect to provide the encryption password to his hard drive after FBI agents had unsuccessfully spent months trying to decrypt the data.[87][88]
As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided.
Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
Refreshing to read the occasional post based on accurate legal reasoning. Most people don't understand the key point you made about what the 4th Amendment to the Constitution actually protects, i.e., only against the government doing unreasonable searches and seizures, and that's similar to the widespread ignorance of the 5th Amendment's protection against COMPELLED self-incrimination, usually misstated as saying "you have the right to not incriminate yourself." That's why this judge's ruling is so obviously incorrectly reasoned as it relates to the 5th Amendment. The US Supreme Court has consistently ruled that the 5th Amendment right against compelled self incrimination doesn't apply to things like forcing you to give the police access to places or things you control, such as your home/car/safe deposit box, etc., or to information needed to book you into jail, your fingerprints, your photo, your blood, etc.
If there is probable cause that child porn was on the device, I think a warrant should be granted. That’s how it works for other warrants. Make law enforcement specify what they are looking for. What is the difference between a biometric lock and them searching your house, files, etc? Seems not to be any.
Of course, you must agree that all warrants and laws are irrelevant to this issue if the US constitution, as interpreted by the US Supreme Court, declares the handing over of biometrics to be against the amendment protecting citizens from unreasonable search and seizure (I mean: providing incriminating evidence). The courts have said if you are dead you no longer have that protection, so some police have tried using dead fingers on iPhones but have failed to gain access. They didn't get in trouble for doing that. But using biometrics on a living human being, that's a line that the courts seem to be prohibiting as this story indicates.
Of course if the US Supreme Court, or a state supreme court ruling on the actions of state/local officers in that particular state under that State's constitution, ruled that you had a constitutional right not to provide biometric data, it would be dispositive of the issue, but that's not likely to happen. There's no basis in the long history of rulings on this issue to deviate from the sound precedence that the 5th Amendment only protects you against the government FORCING you to give testimony against yourself. They have never ruled, nor would it make any sense to say that you can be compelled to provide fingerprints, keys to your car/home, etc.,photographs, blood, DNA, access to your home, etc., but that law enforcement can't put your finger on a Touch ID or hold it up to your face. Similarly, you can be held in contempt for failure to disclose your pass code.
As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided.
Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
You can’t legislate away constitutional rights, so no.
You're not understanding the legal issue. The constitutional issue is whether you can be compelled under the 5th Amendment to put your fingerprint against the sensor, which of course you can despite the silly ruling, but that wouldn't prevent Congress from requiring companies to build in a back door to allow LE to access the devices if the US Supreme Court ever lost its collective mind and overturned this well established precedent that the 5th Amendment only prevents the government from forcing you to give TESTIMONIAL evidence against yourself, and has nothing to do with being compelled to give data, records, blood, fingerprints, etc. etc.
Comments
That said, generally speaking it would matter and has mattered in other decisions. If the government can independently demonstrate that a suspect has the ability to use biometrics to decrypt a device, that may - through the forgone conclusion exception - allow the government to compel them to do so. But I'd add that courts haven't been in complete agreement about what would need to be independently demonstrated. Just that the suspect can decrypt the device? Or the information that might be found on the decyrpted device?
I'd also note that, while this decision (not to allow the government to compel someone to use biometrics to decrypt a device) is framed as being based on both the 4th and 5th Amendments, it's really just based on the 5th Amendment. The magistrate judge is only saying that forcing the person to use biometrics to decrypt the smartphone would make the search unreasonable, and thus a violation of the 4th Amendment, because doing so would violate the 5th Amendment. It's not the search which would be unreasonable, it's the compelled decryption. If the compulsion wouldn't violate the 5th Amendment, then the search wouldn't violate the 4th Amendment.
A cursory review of the state of the law: Generally speaking, the Fifth Amendment doesn't prohibit the government from compelling you to take certain actions - e.g., to produce documents you have in your possession. (Note: In this context, produce refers to turning documents over to the government, not to creating them.) However, the Fifth Amendment might prohibit the government from compelling you to take certain actions if those actions would, by their nature, be testimonial. For instance, producing documents that the government wants necessarily implies that you know where such documents are. The information which the documents contain isn't protected by the Fifth Amendment. But your implicit concession that you know where the documents are is.
However, even if there's a testimonial aspect to an act, the government might be able to compel such act if the testimonial information it would convey is a forgone conclusion. So, e.g., if the government can independently demonstrate that you know where certain documents are, it might be able to compel their production even though your producing them effectively communicates that you know where they are. That's the forgone conclusion exception.
To be clear, the forgone conclusion exception doesn't apply to testimony. The government can't compel you to testify to something just because it can independently demonstrate that something. The forgone conclusion exception only applies to acts which have a testimonial aspect to them.
As for the difference you ask about:
(1) The comparison that many people make between unlocking a smartphone and unlocking, e.g., a safe or a home is an inapt comparison. When you enter a passcode into an iPhone, you aren't unlocking it so much as you are decrypting it. Even without you entering that passcode (or using your fingerprint), the government can already access all of the data which is stored on that iPhone if it wants to. But it doesn't want the data as it is currently stored. What it wants is for you to decrypt that data - i.e., to change it to something else which the government thinks might be more useful to it as evidence. It wants you to assist in the recreation of evidence which doesn't currently exist or, conceived a different way, it wants you to help interpret what evidence currently exist. The first problem with current jurisprudential consideration of this issue is this fundamentally inaccurate conception of what happens when someone decrypts a device. They aren't merely unlocking it so as to grant access to what already exists. They are changing or interpreting what already exists.
(2) That problem aside, again, there's a difference between the government being allowed to search your house and the government being able to force you to do certain things to aid it in that search. Perhaps using biometrics to decrypt a device is (even if we accept the flawed conception I alluded to in (1)) more like providing a key to a safe than it is like inputing the combination to a safe. I don't think it is. But even if it is, under act of production doctrine the government would need, at a minimum, to be able to independently demonstrate that you had the ability to decrypt the the device using biometrics before it could compel you to do so. That's comparable to it being able to independently demonstrate that you know where the key that unlocks a safe is. That's required for the forgone conclusion exception (to the prohibition on requiring actions which have testimonial aspects) to apply.
So there is no spoliation of evidence because no evidence is destroyed. And even if you did destroy evidence on a phone, which is not what I'm advocating, you wouldn't be convicted by any jury because there is a very reasonable doubt that your phone contained anything incriminating at all. Some people actually don't store anything on their phones. Did you know that?
Refreshing to read the occasional post based on accurate legal reasoning. Most people don't understand the key point you made about what the 4th Amendment to the Constitution actually protects, i.e., only against the government doing unreasonable searches and seizures, and that's similar to the widespread ignorance of the 5th Amendment's protection against COMPELLED self-incrimination, usually misstated as saying "you have the right to not incriminate yourself." That's why this judge's ruling is so obviously incorrectly reasoned as it relates to the 5th Amendment. The US Supreme Court has consistently ruled that the 5th Amendment right against compelled self incrimination doesn't apply to things like forcing you to give the police access to places or things you control, such as your home/car/safe deposit box, etc., or to information needed to book you into jail, your fingerprints, your photo, your blood, etc.
Of course if the US Supreme Court, or a state supreme court ruling on the actions of state/local officers in that particular state under that State's constitution, ruled that you had a constitutional right not to provide biometric data, it would be dispositive of the issue, but that's not likely to happen. There's no basis in the long history of rulings on this issue to deviate from the sound precedence that the 5th Amendment only protects you against the government FORCING you to give testimony against yourself. They have never ruled, nor would it make any sense to say that you can be compelled to provide fingerprints, keys to your car/home, etc.,photographs, blood, DNA, access to your home, etc., but that law enforcement can't put your finger on a Touch ID or hold it up to your face. Similarly, you can be held in contempt for failure to disclose your pass code.
You're not understanding the legal issue. The constitutional issue is whether you can be compelled under the 5th Amendment to put your fingerprint against the sensor, which of course you can despite the silly ruling, but that wouldn't prevent Congress from requiring companies to build in a back door to allow LE to access the devices if the US Supreme Court ever lost its collective mind and overturned this well established precedent that the 5th Amendment only prevents the government from forcing you to give TESTIMONIAL evidence against yourself, and has nothing to do with being compelled to give data, records, blood, fingerprints, etc. etc.