Another Illinois Appeals Court Handles Compelled Password Production, Says There's No Fifth Amendment Issue Here

from the residents'-rights-are-now-determined-by-where-they-reside-in-the-state dept

The Fifth Amendment implications of compelled password production has reverted from “somewhat settled” to “not settled at all” in the state of Illinois.

In 2019, an Illinois appellate court said the Fifth Amendment protects people against compelled password production to unlock devices. As the court pointed out in that decision, investigators had zero interest in the password itself. They were interested in what it would give them access to, which was all the evidence allegedly on the locked phone.

The state relied on the “foregone conclusion” theory. In the government’s view, the only information it needed to know with certainty is that the phone belonged to the suspect and that the suspect knew the passcode to unlock it. But the appellate court said that wasn’t the right conclusion. What investigators wanted was access to the phone’s contents, and it could not compel production of a passcode just to see if its guess about evidence contained in the phone was correct.

Here, the State is not seeking the passcode per se but the information it will decrypt. The cases that declare the passcode to be a nontestimonial communication operate under the framework that the passcode is the testimonial communication and that it falls under the foregone conclusion exception to the fifth amendment privilege. We consider that the proper focus is not on the passcode but on the information the passcode protects. The State claims it sustained its burden of proving with reasonable particularity that it knew the passcode existed, that Spicer knew the passcode and that it would be authenticated by entering it into Spicer’s phone. However, what the State actually needed to establish with reasonable particularity was the contents of the phone, which it did not do.

That decision didn’t settle every open question about the Fifth Amendment’s application to locked devices and compelled production, but it did set a baseline for law enforcement to reach if it expected courts in this district to ask for orders demanding the surrender of passcodes.

But that was the Third District. The Fourth District Appellate Court has a different set of standards and it has sided [PDF] with the state, finding that the Fifth Amendment doesn’t apply to compelled production. (via FourthAmendment.com)

The trial court sided with the defendant, saying the state had not met its “foregone conclusion” burden and recognizing the constitutional implications of, in essence, forcing someone to testify against themselves by compelling access to possibly incriminating evidence. It specifically cited the 2019 Third District Appeals Court decision in its opinion.

[R]elying on Spicer, the court found that, for the doctrine to apply, the State must show with reasonable particularity that, when it sought the act of production, it “knew the evidence existed, the evidence was in the [d]efendant’s possession and it was authentic.” The court noted (1) a valid search warrant had issued for the phone’s contents, which defendant did not challenge, and (2) law enforcement has a right to access the contents of the cell phone. The court concluded, however, that it “would be speculation to presume at this point that the photograph would still be on the phone,” and it “[could not] find here that it’s more likely to be found on the [d]efendant’s phone any more than it might be on the [co-defendant’s] phone.” Accordingly, the court found that the State did not show the foregone conclusion doctrine applied and denied the State’s motion to compel defendant to provide access to his cell phone.

The Appellate Court disagrees with this assessment. It sets the “foregone conclusion” bar much lower than the Third District did, saying the only thing the government needs to know is whether or not the phone likely belongs to the defendant and that they likely have the ability to unlock it.

Investigators obtained phone records linking the seized phone to the defendant and double-checked this by calling the number listed on the phone records. The lockscreen showed the incoming call from the police station phone, adding more evidence that the phone held by investigators belonged to the suspect facing fraud charges.

To reach this conclusion, the court considers — and discards — rulings from the state and federal level that found that compelled production is a form of testimony. Instead, it decides that punching in a passcode is an effort so free of mental effort it’s no different than a fingerprint or a blood sample.

The questions raised in Stahl and Andrews regarding the continued viability of the key/combination analogy (i.e., mental/physical dichotomy) in the digital age deserve consideration. We, too, observe that a cell phone passcode is a string of letters or numbers that an individual habitually enters into his electronic device throughout the day. A passcode may be used so habitually that its retrieval is a function of muscle memory rather than an exercise of conscious thought. A fair question that arises, then, is whether the rote application of a series of numbers should be treated the same as the Hubbell respondent’s “exhaustive use of the ‘contents of his mind’ ” to produce hundreds of pages of responsive documents. The two scenarios appear to bear no resemblance to each other.

Going further, the court says the defendant isn’t actually going to be telling investigators anything. He is not being ordered to turn over his passcode, but rather enter it to unlock the phone investigators have a warrant to search. While the lower court was correct to rely on precedent set in 2019, the precedent doesn’t make any difference in this district.

After comparing conflicting opinions from across the nation on what “foregone conclusion” needs to be reached (a. phone can be unlocked by the defendant, or b. phone contains evidence relevant to the case), the court decides it’s the former.

Placing the focus of the foregone conclusion doctrine on the passcode rather than the documents or evidence contained on the phone appears to strike the most appropriate balance between fifth amendment concerns and fourth amendment concerns. In this case, the State’s motion seeks the compelled production of the passcode. The production of the passcode will lead to the contents of the phone, for which the State has obtained a valid search warrant that defendant does not challenge.

According to this appeals court, finding otherwise would allow defendants to hide behind the Fifth Amendment even when the Fourth Amendment has been satisfied.

[H]e seeks to utilize the fifth amendment to prevent the operation of the fourth amendment, which authorizes (as here) the issuance of a search warrant based upon a verified complaint showing probable cause for the presence of evidence of a crime in the premises (here, the cell phone) to be searched.

By focusing (1) the fifth amendment analysis on the production of the passcode and (2) the fourth amendment analysis on the evidence contained on the phone, one constitutional provision does not become either superior or subservient to the other. Further, doing so ensures that the protection against compelled self-incrimination and the interests of law enforcement in executing a valid search warrant are both respected.

That’s how it stands in the Fourth District. Even though it disagrees with the Third District’s conclusions, it can’t actually override that precedent. So, the Fifth Amendment has differing levels of protections depending on which district is handling criminal cases involving compelled production of passwords. Sooner or later, the state’s top court is going to need to step in and reconcile these differences.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Another Illinois Appeals Court Handles Compelled Password Production, Says There's No Fifth Amendment Issue Here”

Subscribe: RSS Leave a comment
19 Comments
This comment has been deemed insightful by the community.
Cdaragorn (profile) says:

Insanity to give you what you want

A passcode may be used so habitually that its retrieval is a function of muscle memory rather than an exercise of conscious thought

Talk about twisting yourself into knots to convince yourself you can get away with something.

Even if you’re so used to entering a passcode that it is muscle memory you still have to engage in a conscious choice to trigger that memory. Entering the code is still a choice actively made by the user. Trying to run around that to pretend it’s not an act of speech is absurd.

Chris Brand says:

I wonder what the warrant covers

The contents of the phone are encrypted, so if they are allowed (and able) to search the current content of the phone, they won’t find much of use. What they want, of course, is the decrypted content of the phone, which surely is different (particularly as it presumably didn’t even exist at the time the warrant was signed).

Chris White says:

Re: I wonder what the warrant covers

That was my thought, they are physically in control of the phone, and can physically search it (though its hard to hide photographs inside modern phones), copy all the data from memory and analyze it, etc. The 4th amendment is not being circumvented, they’re just missing a piece of testimony that would turn an incomprehensible sequence of 1s and 0s into what investigators expect to be able to find on a phone.

Anonymous Coward says:

Re: Re: I wonder what the warrant covers

they’re just missing a piece of testimony that would turn an incomprehensible sequence of 1s and 0s into what investigators expect to be able to find on a phone.

Or more accurately:

they’re just missing a number that would turn an incomprehensible sequence of 1s and 0s into what investigators want to find on a phone.

All things equal, the correct number could "prove" innocence by transforming the data into non-criminal evidence. Another "correct" number could frame the innocent by transforming the data into criminal evidence. Both numbers are "correct" in the sense that they produce intelligible data, but neither need be the number that the suspect actually used. Of course we all know which number the prosecution will choose to submit as evidence.

Anonymous Coward says:

That is one reason you want to enable "booby trap" mode, as I like to call it, if your phone has it, and most Samsung phones do.

This will cause the phone to wipe itself and reset if there are too many failed password attempts.

Like I have said, enabling this mode does break the law anywhere in Canada, Mexico, or the USA

If your phone wipes and resets because they attempt to brute force it, and the phone resets after too many failed password attempts, it is their tough luck.

You cannot prosecuted because they input too many failed password attempts.

There is no law in any of the 14 provinces of Canada, the 50 states of the USA, or the 31 states of Mexico you can be prosecuted under if the phone wipes and resets itself while in their possession because they tried to brute force your password.

This setting is perfectly legal in the USA, Canada, or Mexico, or Samsung would not have that in their J7 Prime and J7 Star phones.

That One Guy (profile) says:

Not a problem at all... unless they're lying

One of these days I’d love for a defense attorney to call the ‘it’s not a fifth amendment violation’ bluff/lie by asking for immunity for their client for anything that resulted from the unlock. After all if the defendant isn’t being asked to provide evidence that might incriminate them and all that the police/prosecutors are after is the password then they would have no problem providing that immunity since that’s all they claim to want.

Of course they would never accept such a deal for the simple reason that they and everyone else know full well that they’re after what the password provides access to(and what providing it means) but it would at least force them to scramble to come up with some undoubtedly laughable excuse for why immunity for useless information is suddenly a huge problem to provide.

darren chaker (profile) says:

Re: Permanent Deletion by Darren Chaker

For the person who thinks emptying a waste basket, or deleting a photo or other file on his/her phone results in permanent deletion demonstrates he should not venture into such a presumption. For anyone who values privacy, 1) do not back-up anything to the cloud and 2) invest an to permanently erase data you truly want unrecoverable.

As for photos and other data on your phone, connect the phone directly to a computer and sweep the data directly to your computer. Of course, be sure your computer uses Whole Disk Encryption since it’s pointless to remove data from your phone to an insecure computer.

Last, going back to the focal point of this threat (police and passwords), if you think police will want to get into your phone, lock it as to disable facial recognition and invoke the right to an attorney.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...