Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment

from the we'll-take-a-win,-no-matter-how-small dept

Passwords and PINs still beat fingerprints when it comes to the Fifth Amendment. But just barely. Nothing about the issue is settled, but far more cases have been handed down declaring fingerprints to be non-testimonial. Fingerprints are obtained during the booking process — a physical, traceable representation of the suspect. If they can be obtained during booking, they can certainly be obtained again to unlock a device. A physical aspect of a human being can’t be considered “testimonial” as far as courts have interpreted the Fifth Amendment.

Passwords are a different story, but not by much. In a handful of cases, courts have said the compelled production of passwords and PINs has no Fifth Amendment implications. Defendants, conversely, have argued compelled password production forces them to testify against themselves by facilitating the production of evidence to be used against them.

This argument hasn’t had much success. Judges have frequently found password production to be just as non-testimonial as a person’s fingerprint. The argument here is that all law enforcement wants is a password, not the production of evidence. Under the “foregone conclusion” theory, all the government has to prove is that the person being asked to unlock a device can unlock the device.

This decouples password production from its consequences: the production of evidence by defendants that the government will use against them in court. When this theory is applied, the Fifth Amendment is sidelined and replaced with the ultra-low bar of foregone conclusion.

But passwords aren’t fingerprints and can be testimonial. Unlocking a device law enforcement is going to search for evidence states clearly that a person owns or controls the device and its contents. That makes it very easy for the government to link a device’s illicit contents to the person who was ordered to unlock it.

A case from Indiana’s Court of Appeals — via FourthAmendment.com — addresses these arguments with a bit more sympathy for compelled testimony arguments. The government argued there’s nothing testimonial about a password. The court, in a lengthy decision [PDF], disagrees.

[W]e consider [Kaitlin] Seo’s act of unlocking, and therefore decrypting the contents of her phone, to be testimonial not simply because the passcode is akin to the combination to a wall safe as discussed in Doe. We also consider it testimonial because her act of unlocking, and thereby decrypting, her phone effectively recreates the files sought by the State. As discussed above, when the contents of a phone, or any other storage device, are encrypted, the cyphertext is unintelligible, indistinguishable from random noise. In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. Thus, compelling Seo to unlock her phone goes far beyond the mere production of paper documents at issue in Fisher, Doe, or Hubbell. Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents.

The court also says there’s nothing to the government’s argument that unlocking a phone for police is somehow different — and less of a Fifth Amendment issue — than turning over a password to police.

[B]ecause we believe that electronic data and the devices that contain it are fundamentally different than paper documents and paper storage, we reject the State’s attempt to distinguish between compelling Seo to convey her passcode to the State and compelling Seo to simply unlock her phone by entering the passcode itself. It is a distinction without a difference because the end result is the same: the State is compelling Seo to divulge the contents of her mind to obtain incriminating evidence.

This decision shores up Fifth Amendment arguments against compelled decryption and password production. The state appeals court then goes further, instructing state judges and law enforcement agencies to seek less invasive — and less constitutionally-problematic — methods of obtaining evidence.

Going forward, we ask reviewing courts of last resort to consider the following structure for resolving decryption requests from law enforcement authorities:

1. Requiring a defendant to decrypt digital data should be legally recognized for what it is—coerced recreation of incriminating evidence— and compulsory process for that purpose should be strictly limited for precisely that reason.

2. In some instances, law enforcement officials will have legitimate need of digital information that is protected by encryption.

3. If the law enforcement request is a bona fide emergency, with verified concern about the possibility of further and immediate serious criminal acts, a warrant that describes the other imminent crime(s) suspected and the relevant information sought through a warrant, both with reasonable particularity, will likely satisfy Fourth and Fifth Amendment requirements.

4. In non-emergency situations, law enforcement should be required to first seek the digital data it wants from third parties, such as internet “cloud” sources, cellphone companies, or internet providers (ISPs), where a defendant has practically, if not explicitly, consented to production upon legal process from a court of competent jurisdiction.

5. Exceptions to the Fourth Amendment and its state analogues, such as the plain view doctrine and the good faith exception, should be inapplicable to, or strictly limited in, the search and seizure of digital data stored on devices owned or controlled by that defendant, or from “Cloud” subscriptions that defendant owns or uses.

It’s a thoughtful decision that runs contrary to many rulings covering the same subject. But it is limited to the state of Indiana, so it’s not going to undo any federal precedent. But it does give those representing clients facing demands for password production another citation in their favor. More importantly, it sets a new baseline for lawful demands for data production, wresting control away from law enforcement agencies unlikely to impose these constraints of their own.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment”

Subscribe: RSS Leave a comment
45 Comments
That One Guy (profile) says:

"It's not a violation of the fifth!" "Prove it."

As always if they really want to claim that compelling a suspect to hand over a password and/or unlock a device isn’t forcing them to provide self-incriminating evidence, they have a very simple way to put their money where their mouth is:

A signed, legally binding document granting immunity for anything resulting from the unlocking/decryption of a device/account.

If they weren’t going to use the evidence against the suspect then this costs them nothing, and as such it should be the first thing they go to when a suspect objects to a demand for a password. Such a document would only be problematic if they are planning to use the results of an unlock/decryption, in which case the fifth would absolutely apply.

Anonymous Anonymous Coward (profile) says:

Re: "It's not a violation of the fifth!" "Prove it."

Wouldn’t that just open a pathway to parallel construction? In fact, those parallels exist, but are harder to find without ‘leads’. Or so it appears. Working harder AND smarter seems beyond the current abilities of law enforcement. Why aren’t they finding those ‘leads’ on their own. The answer seems to be they don’t want to do the work.

Anonymous Coward says:

Re: Re: "It's not a violation of the fifth!" "Prove it."

Someone here once said that “parrallel construction” should just be called evidence laundering.

If I served on a jury that learned that evidence was tampered with even a smidgen like this or any other way I would enact nullification.

Sadly, most Americans are too stupid to even understand why or would do the same for their fellow citizens. They would instead sit back and allow the government to railroad every fucking person that is dragged through the fucking inJustice system. All because it suits their politics and because everyone if fucking guilty of something and if they had nothing to hide they would not be accused.

Uriel-238 (profile) says:

Re: Re: Re:2 Exceptions to inadmissibility.

Our judges have long decided that if someone is too awful to set free based on a procedural error (such as an illegal search) then the evidence that convicts them is regarded anyway.

Of course this fails to acknowledge that setting a guilty man free is supposed to be a penalty to the state for being sloppy with procedure.

But we’ve forgotten that.

Tanner Andrews (profile) says:

Re: Re: Re: "It's not a violation of the fifth!" "Prove it."

If I served on a jury that learned that evidence was tampered with even a smidgen like this or any other way I would enact nullification.

I think a better way to put it would be that, if either side offered tampered evidence or otherwise knowingly offered unreliable evidence, you would weigh that very heavily against them. In other words, you would be performing one of the core functions of a juror, which is assessing credibility.

This has the advantage of fairness: if either side is trying to be dishonest, they suffer the consequences. It also makes it clear during jury selection that you are going in there intending to fairly weigh the evidence, not going in there with bias or intent to do anything improper.

Many judges and essentially all assistant state’s attorneys would object loudly to the idea of nullification. Indeed, they would probably argue that mention of the term is sufficient to strike you for cause. Since improper nullification is probably not what you intended, you should be clear.

Uriel-238 (profile) says:

Re: Re: Re:2 Jury Nullification

Really, nullification should be well known enough as a means to get out of Jury Duty given that plenty of those summoned can’t afford the time off work to oversee a protracted case.

If enough people come in wearing an Ask me about Jury Nullification pin, eventually they’ll have to accept that it’s a thing.

I’m not sure which is more frightening: That our court system depends on the ignorance of its jurors or that its judges knowingly accept this state.

The Ongoing Routing Snark says:

What millions do routinely many times a day isn't "coercion".

This sophistry won’t stand review, either.

It’s foolish that if criminals simply encrypt their accounts / plans / whatever then it’s beyond reach of all police. The criminality enabled by this would destroy civilization.

Not surprising that minion finds its intoxicating.

Anonymous Hero says:

Re: What millions do routinely many times a day isn't "coercion".

It’s foolish that if criminals simply encrypt their accounts / plans / whatever then it’s beyond reach of all police. The criminality enabled by this would destroy civilization.

Maybe I’m misunderstanding your comment, but yes, if someone simply strongly-encrypts their stuff, then it is beyond the reach of anyone. And yet, civilization persists.

norahc (profile) says:

Re: What millions do routinely many times a day isn't

“It’s foolish that if criminals simply encrypt their accounts / plans / whatever then it’s beyond reach of all police. The criminality enabled by this would destroy civilization.”

Don’t forget that thr lack of encryption allows criminals an easier path to commit their crimesm too. Crimes that claim a vast plethora of victims. You know, crimes like identity theft, trade secret espionage, and warrantless searches.

Stephen T. Stone (profile) says:

Re:

Criminals have been “encrypting” their information in numerous ways since they could put pen to paper. They have been destroying such information, too. The criminal justice system must often arrest and prosecute criminals without access to such evidence; sometimes, guilty parties go free because the evidence of their guilt cannot be brought forth. Despite that fact, civilization lives on.

That One Guy (profile) says:

Re: Re: Re:

Even worse they’ve long made use of ways to avoid leaving any permanent record at all of their activities and plans, things like talking in areas where there’s no-one else to hear them and not recording those conversations.

Yet strangely despite the fact that such conversations are completely beyond the reach of police society somehow manages to survive, almost as though privacy and security, things which can protect both criminals and the innocent are not a recipe for disaster and societal collapse.

Anonymous Coward says:

Re: What millions do routinely many times a day isn't "coercion".

Before the mobile phone and the Internet, almost all the data that can be obtained from a phone was unavailable to police, yet they managed to solve crimes. That is they used to solve crimes without the criminals recording their activities, and they should still be able if the cannot get that recorded infomation. Beside they also now have all the metadata,on phone calls, and where the phone has been to assists them, often without having to get a warrant.

Rapnel (profile) says:

Re: What millions do routinely many times a day isn't "coercion".

Jesus, you really are a fucking idiot, aren’t you?

We, humans, our capabilities, passions, thoughts and things do not, actually, exist at the behest of law enforcement.

The simple reasoning that “once we could, now we can’t” is a mind-fuck fabrication of an unenforceable, non-existent reality.

We are permitted simply by the mere fact that we exist and can access thoughts, ideas and ingenuity to build any sort of protective barrier for our things that we could possibly devise. Anything, mate, anything.

Uriel-238 (profile) says:

Re: Criminals like you...

This is totally Poe. Either it’s unironic but hyperbolic, or it’s satire.

Remember that you’re already a criminal, waiting only for law enforcement that wants to book you. The only question is what you did, and how much time they can pile onto your sentence.

Civilian criminals aren’t destroying civilization, they are civilization.

HoT O Rod says:

By the way: "plain ASCII" is PLAIN only because de-coded!

This aspect of the wrongness didn’t strike me at first, but this judge completely overlooks that without a machine to "de-code" EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY.

So, even with one more step of "encryption" IT’S STILL JUST LIKE OPENING A SAFE.

[But it’d be safe in EBCDIC!]

The Wanderer (profile) says:

Re: Re: Re:

I think the alleged point was that you need a machine to decode the physical pattern in the storage medium into the form of the bytes, and then to display the result to you. That’s still just as true whether the displayed result is in the form of binary, octal, hexadecimal, font-based glyphs, or graphics from simple 2D on up.

Anonymous Coward says:

Re: By the way: "plain ASCII" is PLAIN only because de-coded!

“EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY.”

Looks like every byte in your noggin is effectively useless.

The first computers required a lot of human processing to help them work. Machine code is quite readable by humans and hardly beyond human ability.

Encryption is also quite readable by humans once the key or cipher is discovered. We just use computers to do it all faster!

In fact, is is computers that have yet to reach human ability, NOT the other way around as you so ignorantly suggest!

Adam (profile) says:

Code words and ciphers pre-consumer electronics

I tried to do some research and never found anything, but was there never any legal precedent set for someone being forced to give up a code word or cipher prior to consumer electronics?

It seems like it would have been common for people who knew a call might be recorded to use code words for certain activities. Has a court ever ruled that a defendant must give up their private definition to a code word?

Cryptography and other methods to obfuscate information has existed long before personal computing and I find it difficult to believe there isn’t any legal precedent, but I can’t find any.

That One Guy (profile) says:

Re: Re: Re: Code words and ciphers pre-consumer electronics

The hypothetical wasn’t ‘Have they done it?’ as that’s obviously ‘yes, just because they’re criminals doesn’t mean they’re automatically idiots’ so much as ‘what would happen if the police found encrypted paper documents and brought it to the court?’

Would it be treated the same as some courts have acted in response to digital encryption? ‘You wrote it, you decipher it’, or would the court rule that forcing the accused to decipher a code would be forcing them to provide incriminating evidence, and therefore prohibited?’

The amount of work would obviously be much different between the two circumstances, encrypted digital files vs encrypted papers, but the general act would be the same or at the very least very similar, forcing someone to make use of what they know to decrypt/decipher potentially incriminating documents, hence the question as to how a court would react.

Anonymous Coward says:

Re: Re: Re:2 Code words and ciphers pre-consumer electronics

I do not understand what you mean then.

Yes, judges are going to try to compel defendants to give up their ciphers, they ALWAYS have have not read a courts case that indicated otherwise, like EVER. The question is if they get by with it or if the will of the defendants break.

When was the last time you saw a judge get into trouble for breaching the fuck out of peoples rights? They just appeal their cases and get judgements overturned. The last time I saw a Judge get into any serious trouble was when he asked why a women did not close her legs? And that only happened because it made big news.

Uriel-238 (profile) says:

Re: The Pizza Connection

In the late 20th century the Mafia was running cocaine through pizzerias and not only used a code system but a post WWII change-up system that scrambled around the key words every week, and kept the FBI busy for years.

As far as I know, no-one in court was ever forced to give up the codes, and only after the fact were the books discovered.

But if there ever was a demand by a court to turn them over, or a pre-smart-phone challenge to the notion, that would be the case for it.

Gary (profile) says:

Enforcement

Fortunately under common law no one can be compelled to do anything they don’t want. Pay taxes, walk in the cross walk, shout gunman in a crowded school – it is all open game for sovereign citizens!
Sure, you’ll still go to jail if you don’t comply. But they can’t *actually* make you. No one can make a sovereign citizen do anything!

Gary (profile) says:

Re: Re: Re: Re:

you have to do whatever those in authority tell you to do

Tell that to a SovCit.

Well you see, once you allow the police to arrest you for failing to comply, you are no longer a SovCit because you have given up your rights under Common Law!!!
I think. Still waiting for someone to explain this common law krap to me and how it keeps getting invoked.
Also, I was Poe’d and should use the /s tag, my bad. Or maybe a /t tag for trolling since making fun of the SovCits does not really contribute to anything. 🙁

Anonymous Coward says:

Re: Re: Re:2 Re:

The premise is simple.

The idea is that a government does not have any authority over you until you “accept” that authority.

You may not be aware of this but all citizens are slaves of their governments whether they know it or not.

Instead of calling it “do what your master says” it is “follow the law. Same thing, different words.

Don’t pay your taxes, someone with a gun comes for you or the property you don’t technically own.
Break the law, someone with a gun comes for you.
Fail to perform certain civic duties, someone with a gun comes for you.

No matter how free you feel, you are a slave, plain and simple. Go and call a cop a pig, see how free you really are.

Anonymous Coward says:

DOJ crypto backdoorers should consider better defendants

I would LOVE to see the DOJ go after a bank CEO — e.g., Wells Fargo or Countrywide — instead of some non-violent drug user; DOJ might get a lot more sympathy for wanting to shred the Fourth and Fifth Amendments in their cases.

As it is, their hypocrisy of selective enforcement applying only to “little people” eliminates any moral authority they might once have had.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...