Court Says Fifth Amendment Covers Smartphone Passcodes, But It's Hardly A Victory For Constitutional Rights

from the blueprint-for-fifth-amendment-evasion-currently-in-progress dept

A recent opinion issued in a prosecution by the Securities and Exchange Commission seems to indicate the government can't force members of the public to hand over passwords without violating the Fifth Amendment. But the details suggest something else: that this is limited to a very specific set of circumstances and is not in any way precedential, at least not at this point.

The courts have previously weighed in on the legality of forcing people to basically provide incriminating evidence against themselves through the compelled relinquishment of passwords. Back in 2013, a magistrate judge rejected an order compelling a defendant to decrypt a seized hard drive by providing the government with his password. A year later, the Massachusetts Supreme Court came to the opposite conclusion: that the compelled production of passwords did not have Fifth Amendment implications.

The DOJ has argued that it does have the right to demand passwords to unlock seized items and actually found a judge that agreed with it. In that case, the court found that unlocking a device was no different than producing documents at the government's request -- distancing it from the "compelled speech" against a person's own interests that the Fifth Amendment is supposed to guard against.

This case falls along those same lines, but the legal conclusions are a bit different.

The Securities and Exchange Commission (SEC) is investigating Bonan and Nan Huang for insider trading. The two worked at the credit card company Capital One as data analysts. According to the complaint, the two allegedly used their jobs as data analysts to figure out sales trends at major U.S. companies and to trade stocks in those companies ahead of announced company earnings. According to the SEC, they turned a $150,000 investment into $2.8 million.

Capital One let its employees use company-owned smartphones for work. Every employee picked his own passcode, and for security reasons did not share the passcode with Capital One. When Capital One fired the defendants, the defendants returned their phones. Later, as part of the investigation, Capital One turned over the phones to the SEC. The SEC now wants to access the phones because it believes evidence of insider trading is stored inside them.
But here’s the problem: The SEC can’t get in. Neither can Capital One. Only the defendants know the passcodes. And the defendants have refused to disclose them. As much as Capital One may want to aid the SEC in prosecuting its former employees, it can't.

The SEC sought an order to compel the production of the passcodes. The suspects refused on Fifth Amendment grounds. This brings us to the tricky details of this case, which suggest it won't become an across-the-board Fifth Amendment-protected "right" to deny the government access to password-protected devices and storage.

The government argued for the compelled production of passwords using the "foregone conclusion" doctrine.
The doctrine, introduced in Fisher v. United States, says that the Fifth Amendment doesn’t block complying with a court order when the testimonial part of complying with a court order is a foregone conclusion. In other words, if the government already knows the testimonial part of complying with the order, and they’re not seeking to prove it from the order, then you can’t use the Fifth Amendment to avoid compliance with the order.
In the government's creative interpretation of the doctrine, the production of passcodes would be no more than the defendants acknowledging they used the phones Capital One supplied them with -- something the government already knows and which has been confirmed by Capital One. Therefore, there are no Fifth Amendment implications. The judge disagreed, correctly pointing out that the government was seeking access to documents possibly contained on the phones, rather than simply seeking to confirm what it already suspected: that the phones were used by the defendants.

By using one thing to achieve another, the government was stretching its "foregone conclusion" to cover any evidence discovered on the unlocked phones. If the defendants have reason to believe incriminating documents resided on those phones, they are well within their Fifth Amendment rights to refuse the government's request. Or so you would think.

Should the SEC ultimately succeed with this interpretation of the "foregone conclusion" doctrine, it will have compelled incriminating testimony. It claims that it's merely seeking to confirm ownership by seeing if the passcodes unlock the phones. But once they're unlocked, it can compel the production of documents. Should these prove to be incriminating, it already has the defendants' admissions that these are their cell phones.

So, this case is less about securing Fifth Amendment rights than the government exploring options on how to obtain permission to compel defendants to hand over access to possibly incriminating information. If the court holds firm in its view of the government's true aims, it will be a small win for constitutional rights but one unlikely to be applied broadly.

As Orin Kerr points out in a second post on the case, some unanswered questions point towards the government being able to successfully argue that simply providing a password to a locked device isn't self-incriminating testimony.
If this analysis is right, then the password is incriminating because it provides a link to the evidence. The government could grant the defendants immunity, but it would need to be use and derivative use immunity — that is, immunity not just from the actual testimony but from what the testimony would reveal.See Counselman v. Hitchcock, 142 U.S. 547, 585 (1892). The defendants should win. That’s where Jonathan comes out, and it might be correct.

But I’m not sure. Here’s my question: Does the “link in the chain” test include a merely causal link — that is, a link in the chain to the evidence? Or does “link in the chain” mean that the testimony was part of the evidence of guilt but not enough to prove the entire offense — that is, a link within the body of evidence? If testimony is solely of value for its causal connection to evidence, and it has no evidentiary value itself, is the testimony incriminating?
If the government can argue that compelled production of passwords that leads to the discovery of incriminating material is merely causal (rather than the password itself being evidence of guilt), it may be able to skirt the Fifth Amendment entirely. This has obvious implications in the ongoing law enforcement war on encryption. With no firmly established legal footing for the argument that demanding passwords violates the Fifth Amendment, password-protected encryption will be ultimately no more safe than leaving everything unlocked and in plaintext.

So, while the court has -- for the moment -- denied the government's request to compel the production of passwords, the underlying legal entanglements don't exactly bode well for the future of the Fifth Amendment.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fifth amendment, passcodes, phone, self-incrimination


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 28 Sep 2015 @ 8:10am

    Distinction without meaning

    If the prosecution isn't allowed to force someone to answer question like "Tell us where/what the murder weapon is" then they absolutely shouldn't be able to force someone to provide a password.

    In both cases the fact that the one forced to talk was able to provide the answer creates a solid and damning link between the suspect and the evidence. If they knew were the weapon was, then it's very easy to argue that that's because they were the ones who placed it there. Likewise if someone is able to provide a password to an encrypted device/drive, it proves that they have access to it.

    In both cases while the compelled information may not be a notable piece of evidence on it's own, what it reveals, and what it leads to, can absolutely be incriminating, meaning in both cases compelling the information should be barred by the fifth.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Sep 2015 @ 8:25am

      Re: Distinction without meaning

      If the prosecution isn't allowed to force someone to answer question like "Tell us where/what the murder weapon is" then they absolutely shouldn't be able to force someone to provide a password.

      I don't think that's the same question. Asking for a password would be more like demanding the key to a locked door or safe. You'd need a search warrant or court order to do it, but I don't see the difference between compelling someone to turn over a key and compelling them to disclose a password.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Sep 2015 @ 8:53am

        Re: Re: Distinction without meaning

        The catch on BOTH scenarios: you have the right to remain silent and not incriminate yourself after you have been arrested! Before arrest it's anything goes. Yes, the authorities should make their case airtight by obtaining a warrant to compel the disclosure. It is no different than a court order to show cause or provide documents.

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 28 Sep 2015 @ 9:42am

        Re: Re: Distinction without meaning

        Demanding someone turn over a key would be a better comparison, yes, but even then I'd still argue that the Fifth should apply.

        The fact that you can produce the key/'key' links you to the locked/encrypted container, which is a solid piece of potentially incriminating evidence. A safe or HD filled with incriminating evidence is useless if you can't link it to someone after all.

        If the safe/HD does indeed contain incriminating evidence, able to be used against the owner, then providing the ability to unlock it, and establishing a link of ownership/control should be considered no different than someone being forced to provide the incriminating evidence directly.

        If you can't be forced to directly provide self-incriminating evidence, it shouldn't be allowed for someone to force you to do so indirectly.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Sep 2015 @ 10:31am

          Re: Re: Re: Distinction without meaning

          I would agree with you, if the ownership of the safe/HD was unknown. In that case, a person being compelled to produce the key would be self-incriminating, as it would demonstrate access/ownership to the evidence locked inside.

          However, if the ownership/control of the safe/HD is already known, then a person's ability to open/decrypt it is not self-incriminating. The police already know it's theirs, and the warrant/order is just allowing them to see what's inside.

          In this case, the SEC and Capital One know who used the phones, so it would seem to me that the second case applies.

          reply to this | link to this | view in chronology ]

        • icon
          btr1701 (profile), 28 Sep 2015 @ 11:23am

          Re: Re: Re: Distinction without meaning

          > The fact that you can produce the key/'key'
          > links you to the locked/encrypted container,
          > which is a solid piece of potentially incriminating
          > evidence.

          The difference is they wouldn't need you to produce the key to a safe, because if you refuse, they could just do it the hard way and drill it open.

          With encryption, that option isn't available to the government. There is no "doing it the hard way" that doesn't involve tying up very expensive processing power for centuries.

          Encryption really has opened up a whole set of legal issues that never needed to be addressed before, because in the past, the government could almost always work around a recalcitrant defendant. For the first time the government is faced with a tool that the ordinary citizen can use to completely thwart it.

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 28 Sep 2015 @ 6:24pm

            Re: Re: Re: Re: Distinction without meaning

            I'm going to go with 'working as intended' for that. The government and/or police don't get to bypass constitutional protections just because it's 'too hard' to comply with them.

            If they're not allowed to force you to hand over self-incriminating evidence when they can bypass you entirely to get it, they shouldn't be able to force you to do so simply because they have to go through you to get it.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:14am

    Invoke Regan

    I can't remember.
    I can't remember.
    I can't remember.
    ...

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 28 Sep 2015 @ 8:32am

      Re: Invoke Reagan

      That might not go over well with the Department of Justice.

      Or maybe it would:
      I can't remember.
      I can't remember.
      I can't remember.
      - Alberto Gonzales, Attorney General, head of the Department of Justice

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:19am

    Wouldn't it be easier...

    .. to just claim you forgot the passcode? I mean, we've had sitting presidents use that excuse before and it worked.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 28 Sep 2015 @ 8:50am

      Three words:

      Contempt of court.

      You can claim that you don't remember, but if they don't believe you they just toss you in a cell until you 'remember', and the real fun bit regarding contempt of court is that it has no maximum sentence, meaning they could conceivably keep you locked up until you either handed over the password or died of old age.

      (And for added fun, if you do 'remember' at some point, and they really feel like twisting the knife, they can hit you with perjury charges or charges for lying during an investigation, in addition to any other charges you might face thanks to the decrypted info you handed them via the password.)

      reply to this | link to this | view in chronology ]

      • icon
        btr1701 (profile), 28 Sep 2015 @ 11:36am

        Re: Three words:

        > You can claim that you don't remember, but if
        > they don't believe you they just toss you in a
        > cell until you 'remember'

        Well, if you know that by remembering, you're going to give them evidence of something serious, like a murder, then you have to weigh which is the lesser evil of your two options:

        Sit in the county jail for a few months, or maybe a couple years on the outside, until the judge gets tired of it and vacates the contempt, or give them the code and send yourself to the state penitentiary for the rest of your life.

        Me? I'd choose the former.

        > and the real fun bit regarding contempt of court
        > is that it has no maximum sentence, meaning they
        > could conceivably keep you locked up until you either
        > handed over the password or died of old age.

        There's a big difference between theory and practice. In reality, no one has ever, nor would likely ever, be held in contempt for more than a few years, certainly not for multiple decades. Due process would prohibit it. And the longer they hold you, away from your belongings and files, the more realistic your claim that you can't remember the code, as memories fade over time, (especially for things like strings of random characters and numbers) and so their justification for the continuation of the contempt charge will in turn start to suffer.

        There are solid judicial precedents which hold that contempt cannot be punitive, only coercive, and if the government cannot maintain reasonable proof that continued incarceration for contempt is likely to coerce cooperation, then the contempt charge must be vacated.

        reply to this | link to this | view in chronology ]

        • identicon
          Pyrosf, 28 Sep 2015 @ 1:24pm

          Re: Re: Three words:

          Not true,

          http://abcnews.go.com/2020/story?id=8101209

          14 Years for Contempt, based on the Judge's estimate that he had money and simply did not want to pay it. Despite a 2nd Judge looking into his transactions and not finding anything.

          He was only let out because the Judge felt that putting him in jail would no longer get him to comply with the order.

          http://www.nytimes.com/2007/02/16/business/16jail.html?pagewanted=all&_r=0

          8 Years of contempt for a case that had a max stay of 8 years.

          Contempt charges can and have been abused.

          reply to this | link to this | view in chronology ]

          • icon
            btr1701 (profile), 28 Sep 2015 @ 2:44pm

            Re: Re: Re: Three words:

            > He was only let out because the Judge felt
            > that putting him in jail would no longer get
            > him to comply with the order.

            What do you mean, "not true"? Your story supports what I said. He was released after the judge determined there was no coercive effect of the contempt charge left.

            reply to this | link to this | view in chronology ]

          • icon
            btr1701 (profile), 28 Sep 2015 @ 2:49pm

            Re: Re: Re: Three words:

            Besides, if you're really paranoid about this sort of thing, just don't memorize the key at all. Put it in a file on a different machine somewhere and set it to delete if a "reset button" isn't clicked every 24 hours or something.

            Then, if you're ever arrested, by the time they get around to questioning you, charging you, arraigning you, serving you with a warrant, then scheduling a contempt hearing before the judge when you refuse to comply, the file will have auto-deleted and you can honestly say that not only don't you know the password, but that you never di know it, and you have no way of ever knowing it.

            reply to this | link to this | view in chronology ]

      • icon
        btr1701 (profile), 28 Sep 2015 @ 11:39am

        Re: Three words:

        > (And for added fun, if you do 'remember' at
        > some point, and they really feel like twisting the
        > knife, they can hit you with perjury charges or
        > charges for lying during an investigation

        Ummm... no. Perjury, by definition, is lying under oath. People are rarely, if ever, under oath when talking with the cops during their investigation. Oaths don't come into play until the court proceedings.

        Some states (and the feds) have separate offenses for lying to investigators about facts material to the investigation, but that's an entirely different offense from perjury, and even so, the government would have a hell of a time proving beyond a reasonable doubt that someone lied rather than just was able to recover a memory, as he claimed.

        reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 28 Sep 2015 @ 1:03pm

        Re: Three words:

        You can claim that you don't remember, but if they don't believe you they just toss you in a cell until you 'remember'

        Don't they need a better reason than "I don't believe you", like some actual evidence that you're lying?

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 28 Sep 2015 @ 6:08pm

          Re: Re: Three words:

          While I would like to think so, given the fact that several courts haven't seen any problem compelling people to hand over passwords, asserting that the Fifth doesn't apply, I don't hold much hope that sanity would prevail if a judge got annoyed enough.

          reply to this | link to this | view in chronology ]

  • icon
    lars626 (profile), 28 Sep 2015 @ 8:28am

    From another view

    The phones were the property of Capital One.
    When they were fired they returned the phones to Capital One.
    If they did not delete the 'personal' information from the phone does that information now belong to Capital One?

    Can the government compel them to turn over the passwords to inspect Capital Ones property. How would this be different that if they knew the only password to a data server?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:46am

    How is this insider trading? It is outsider trading.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Sep 2015 @ 9:29am

      Re:

      because we said so and the only people allowed to use the system to cheat are the actual rich people behind it all.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:52am

    Re: Distinction without meaning

    The government is not interested in the password for its own sake but wants it in order to authenticate potentially incriminating evidence on the phone.

    Giving the government the password is testimonial because it authenticcates the person as the owner of the information.


    And the court has long held that if you are compelled to offer testimony leading to physical or derivative evidence, both the testimonial act and the derived evidence must be excluded at trial.

    Even Professor Kerr recognizes that the act of entering or disclosing the password might be testimonial and incriminating if it authenticates something.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:58am

    Same huh?

    "the court found that unlocking a device was no different than producing documents at the government's request"

    A judge that was able to critically think would have came up with a better analogy:

    "Not unlocking a device is like producting documents locked in a safe. The government is free to hire an expert capable of unlocking the safe to obtain its contents"

    reply to this | link to this | view in chronology ]

  • icon
    Whatever (profile), 28 Sep 2015 @ 9:08am

    I would think that all they would need to show is that the passcode could be inevitably obtained via brute force methods, and that would end the discussion. Now if the content of the phone was encoded with, say, aes256 or similar, the inevitability of the discovery would be much lower.

    For just a passcode to access the phone, there isn't much here.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 28 Sep 2015 @ 9:24am

      Re:

      Given there's no such thing as perfect encryption, every password could be eventually cracked, so it would come down to a matter of time. Can you force someone to hand over the password if it would theoretically take a week? A month? A year? 5 years?

      If they can crack the code, they should be required to prove it by doing so, the other person shouldn't be compelled to hand over the key to potentially incriminating evidence just to save time.

      reply to this | link to this | view in chronology ]

      • icon
        Whatever (profile), 28 Sep 2015 @ 10:16am

        Re: Re:

        I think there are two different issues at hand. A lock code, which generally is of limited number of characters, gestures, or similar is pretty much a no-brainer. You can easily calculate how long it would take to inevitably unlock the phone, and work from there.

        If that amount of time is less than the statute of limitations, it should be a slam dunk.

        When it comes to deeper encryption, you not only hit the question of how long is "too long" but also the question of intent. A simple phone lock may exist only to stop your phone from butt dialing someone. Encryption, especially strong flavors, suggests more intention to make something private.

        There is the other question, which is given unlimited computer resources, how long would it take to break even the most severe of encryption schemes by brute force. Think about the amount of computing power current chasing diminishing bitcoins. Can you imagine if they were put to work instead knocking down encryption with a $1000 bounty for each one done? Would that fall into a reasonable time frame or inevitable discovery by the courts?

        One thing is for certain: If you have a cell phone in your possession or in your home when you are arrested or a warrant is executed, it's reasonable to think that it may belong to you. No passcode is required to show that while not a given, it's very likely. The 5th amendment issue seems very narrow in application here (ie, not sure that any further incrimination occurs...). With lock codes easy enough to brute force, there is little in the game here.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Sep 2015 @ 10:46am

          Re: Re: Re:

          Modern encryption, with long keys and correct usage, will survive attack using every computer on earth for longer any record of why the crack is being attempted are likely to survive.

          reply to this | link to this | view in chronology ]

          • icon
            Whatever (profile), 28 Sep 2015 @ 12:22pm

            Re: Re: Re: Re:

            You just tossed in a whole lot of ifs and maybes, which don't add up to much.

            What percentage of people are going to use very long key encryption to start with? How many can do it without writing the key down somewhere because they will forget it?

            let's consider the math too on a 1024 bit:

            The most efficient method known to factor large integers, and the method used in the factorization record listed above, is via the number field sieve (NFS) - which is much faster than a brute force attack (where every combination is tried), so a brute force attack would have taken much longer than even this. The Lenstra group estimated that factoring a 1024-bit RSA modulus would be about 1,000 times harder than their record effort with the 768-bit modulus, or in other words, on the same hardware, with the same conditions, it would take about 1,000 times as long. They also estimated that their record achievement would have taken 1,500 years if they normalized processing power to that of the standard desktop machine at the time - this assumption is based on a 2.2 Ghz AMD Opteron processor with 2GB RAM.

            So 1500 years for a single computer, or put 1500 solder desktops on the job and get it in a year. Oh oops, it's not that hard, is it?

            2048? just up that by 1000 times the machines. Certainly not "all the computers in the world", but perhaps a couple of Google Datacenters worth. Still in the range of the possible - and that is to do it in a year.

            Now if you have a crime with 25 year statute of limitations, you can divide either of those down by a factor of 25. In the first case, 75 desktops would certainly get it within that time, and is certainly believable. In the second case, 75,000 desktops would be enough.

            Now, the real question would be at what point would the courts accept a theoretical achievement instead of an actual one?

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 28 Sep 2015 @ 1:11pm

              Re: Re: Re: Re: Re:

              2048? just up that by 1000 times the machines.

              I think you factor is out by several orders of magnitude, as there is a much larger increase in difficulty when going form 1024 to 2048 compared with 768 to 1024. Polynomial problems go up in difficulty by a power of the size, therefore the increase in difficulty between n^768 to n^1024 is very much smaller than that between n^1024 to n^2048. Modern key lengths are now often 4096, and some are 8192 bits long. These are way beyond what a single computer centre can reasonably deal with, where reasonably is within a human lifetime.

              So 1500 years for a single computer, or put 1500 solder desktops on the job and get it in a year.

              Which of the thousands of disk encryption keys that the authorities want cracked, do they tackle with any amount of computing power that they can assemble. It would not be worth attempting to decrypt messages encrypted with such weak keys, as the messages would be piling up faster than they can be decrypted,

              reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 28 Sep 2015 @ 9:16am

    The difference in my view

    There is a point here that, in my opinion, makes all the difference in the world in this case:

    Capital One let its employees use company-owned smartphones for work.


    These phones are the property of Capital One, not the people who set the passcodes. On this basis alone, it seems that it should be possible to compel the users to reveal the passcodes to Capital One.

    reply to this | link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 28 Sep 2015 @ 12:09pm

      Re: The difference in my view

      To reference another topic we discuss here frequently; if you can't open it, you don't own it.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Sep 2015 @ 1:09pm

      Re: The difference in my view

      These phones are the property of Capital One, not the people who set the passcodes. On this basis alone, it seems that it should be possible to compel the users to reveal the passcodes to Capital One.

      That would be contract issue, wouldn't it?

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 29 Sep 2015 @ 6:47am

        Re: Re: The difference in my view

        "That would be contract issue, wouldn't it?"

        I don't think so. Cops go to Capital One and ask permission to unlock the phones. Capital One says "sure" and attempts to get the unlock codes from the employees.

        The employees failing to turn over the codes isn't a contract issue, it's the property owners being denied the use of their own property. A bit like if you loaned your house key to someone, but they refused to turn the key over to someone else when you ask.

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 29 Sep 2015 @ 7:21am

          Re: Re: Re: The difference in my view

          The property at issue would have to be the encrypted information, since Capital One has complete freedom to use the phones themselves. If they don't need the information, they can factory reset them and use them as normal. So it seems to me they would need to demonstrate (I don't know to what standard of proof) that the information belongs to Capital One in order to compel the ex-employees to reveal it. Something of a catch-22.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 30 Sep 2015 @ 6:23am

            Re: Re: Re: Re: The difference in my view

            "The property at issue would have to be the encrypted information, since Capital One has complete freedom to use the phones themselves. If they don't need the information,"

            True enough. That changes nothing of substance, though. Capital One owns every byte on those phones.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 9:21am

    BRILLIANT, make a distinction of what IS, covered by the 5th, so that everything else is NOT, covered by the 5th

    Twisting the constitution for those that know no better

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 9:26am

    Nothing new here

    "In the government's creative interpretation of the doctrine"

    is at the beginning to most criminal prosecutions and warrant-less spying and wiretapping.

    reply to this | link to this | view in chronology ]

  • identicon
    Pyrosf, 28 Sep 2015 @ 9:30am

    What this is about

    This is about proving ownership of the content of the phone.

    If you give the password, you prove that you had access to the phone and anything on the phone. As long as you cant be compelled to prove ownership, they can't draw as strong of a link between the contents and you as a person.

    This is the same as claiming ownership of set of plans to burn down a building. If the government has the plans but no link, you can't be forced to create the link via your own testimony.

    Capital One had power over their employee up to the point he was fired. At that point they are in possession of the cell phone and can freely wipe it and return it to service. They even have it in the handbook to NEVER give your password to anyone for any reason and that IT will never ask for your password.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Sep 2015 @ 10:05am

      Re: What this is about

      Two points:
      1) Capital One should have had the serial number of the phone linked to the employee who had the phone, so the employee putting in the passcode to prove it was their phone doesn't matter. If Capital One didn't have that linked already, that's not the fault of the employee.
      2) If it was a locked door/safe, the authorities would be allowed to just crack open the item in question, so that means they should be allowed to crack whatever encryption there is protecting the data on the phone. It's not like their friends at the NSA can't already do it trivially.

      reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 28 Sep 2015 @ 11:53am

    Papers, please

    I think we can come up with a reasonable analog to this problem in the physical world.
    Suppose a defendant is being charged with a crime, and the government wants certain papers that are presumed evidence. The government is certain the papers exist, as they were seen by another person and (without explanation) we'll also say the government is reasonably sure they were not destroyed.

    But suspecting an upcoming arrest the defendant has hidden the papers somewhere.

    The government can, of course, search anyplace the papers might seem to reasonably be, and has searched without success.

    The question is: Can the government compel the defendant to reveal the hiding place, without violating the defendant's Fifth Amendment Rights?
    To me, it seems the answer is no, because revealing the location of the papers inevitably leads to the defendant's incrimination. Therefore, to compel the defendant to reveal the location is to compel him to inevitably incriminate himself: a violation of Fifth Amendment Right.

    Likewise, as mentioned in the article, the password seems to lead inevitably to incrimination and should be subject to Fifth Amendment protection.

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 28 Sep 2015 @ 12:24pm

    Inherent Right?

    Court Says Fifth Amendment Covers Smartphone Passcodes, But It's Hardly A Victory For Constitutional Rights

    A citizens rights only apply when the government, through it's biased/byzantine judicial system, say they do.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 1:24pm

    Property

    These phones are the property of Capital One, not the people who set the passcodes. On this basis alone, it seems that it should be possible to compel the
    users to reveal the passcodes to Capital One. 


    No that would not work, the FIfth Amendment is applicable even in a civil proceeding between two private parties.

    The government can't bby proxy compel a render of property to produce a murder weapon or dead body, just because it is suspected it's somewhere on property rented by a corporation.



    One thing is for certain: If you have a cell phone in your possession or in your home when you are arrested or a warrant is executed, it's reasonable to
    think that it may belong to you. No passcode is required to show that while not a given, it's very likely. The 5th amendment issue seems very narrow in
    application here (ie, not sure that any further incrimination occurs...).


    Yes, it's possible, but under the foregone conclusion exception to the FIfth Amendment the government must actually have prior proof that the individual being compelled is also the actual owner.

    So mere conjecture ore reasonable suspicion or even probable cause is not enough to overcome the Fifth Amendment.

    Actual knowledge which must rise to reasonable particularity is required in order to satisfy the foregone conclusion test.
    In the 11th circuit case, the government hasd probable cause that the suspect had en crypted something, but it lacked actual knowledge.

    And the takeaway is that you can't compensate for the lack of knowledhge by compelling the suspect to fill the evenditary gap.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 1:28pm

    Re: Re: Three words:

    No, this case was different.

    He did not plead the Fifth but simply refused to sign forms obligating the banks to disclose possible asetts belonging to him.

    reply to this | link to this | view in chronology ]

  • identicon
    John, 28 Sep 2015 @ 3:16pm

    Forgetting the passcode is not enough

    I think if you are in that situation you should reset the passcode to a random passcode in front of a witness. Your eyes should be closed/covered so that nobody knows the passcode. That way you can state before a judge that you don't know the passcode. Why did you do it? To protect your 5th amendment rights.

    reply to this | link to this | view in chronology ]

  • icon
    John David Galt (profile), 28 Sep 2015 @ 7:16pm

    The comments on those two WP posts explain it somewhat better.

    The kicker is that the court drew an analogy to where an accused person has a locked safe or lockbox that may contain evidence. Existing precedents say that prosecutors may demand you turn over the key -- but they may not demand you turn over the combination if it's a combination lock.

    And the password on your phone is more like that combination.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Sep 2015 @ 7:33pm

      Re:

      I was actually wondering if the key vs. combination distinction was still recognized. I'm waiting for the government to go linguistically literal, and claim an 'encryption key' is equivalent to a physical key because people call it a key.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 8:31pm

    So the government cannot access all of our phones? The encryption is too tough, they lack the computing power? All the manufacturers aren't working with the government to provide access? Smart phones are secure and private?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2015 @ 9:36pm

    Great explanation, Tim! Can't Judges jail a defendant indefinitely for failing to comply with a court order? Such as a order to produce a password that unlocks a device.

    The logic behind this indefinite detention is that the defendant can end their indefinite detention at any time by complying with the court order to produce the password.

    But what if the defendant claims to have forgotten the password? How can the defendant end their indefinite detention if it's impossible for them to comply with the court's orders?

    Sorry, I forgot my password.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.