Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment

from the we'll-take-a-win,-no-matter-how-small dept

Passwords and PINs still beat fingerprints when it comes to the Fifth Amendment. But just barely. Nothing about the issue is settled, but far more cases have been handed down declaring fingerprints to be non-testimonial. Fingerprints are obtained during the booking process -- a physical, traceable representation of the suspect. If they can be obtained during booking, they can certainly be obtained again to unlock a device. A physical aspect of a human being can't be considered "testimonial" as far as courts have interpreted the Fifth Amendment.

Passwords are a different story, but not by much. In a handful of cases, courts have said the compelled production of passwords and PINs has no Fifth Amendment implications. Defendants, conversely, have argued compelled password production forces them to testify against themselves by facilitating the production of evidence to be used against them.

This argument hasn't had much success. Judges have frequently found password production to be just as non-testimonial as a person's fingerprint. The argument here is that all law enforcement wants is a password, not the production of evidence. Under the "foregone conclusion" theory, all the government has to prove is that the person being asked to unlock a device can unlock the device.

This decouples password production from its consequences: the production of evidence by defendants that the government will use against them in court. When this theory is applied, the Fifth Amendment is sidelined and replaced with the ultra-low bar of foregone conclusion.

But passwords aren't fingerprints and can be testimonial. Unlocking a device law enforcement is going to search for evidence states clearly that a person owns or controls the device and its contents. That makes it very easy for the government to link a device's illicit contents to the person who was ordered to unlock it.

A case from Indiana's Court of Appeals -- via FourthAmendment.com -- addresses these arguments with a bit more sympathy for compelled testimony arguments. The government argued there's nothing testimonial about a password. The court, in a lengthy decision [PDF], disagrees.

[W]e consider [Kaitlin] Seo’s act of unlocking, and therefore decrypting the contents of her phone, to be testimonial not simply because the passcode is akin to the combination to a wall safe as discussed in Doe. We also consider it testimonial because her act of unlocking, and thereby decrypting, her phone effectively recreates the files sought by the State. As discussed above, when the contents of a phone, or any other storage device, are encrypted, the cyphertext is unintelligible, indistinguishable from random noise. In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. Thus, compelling Seo to unlock her phone goes far beyond the mere production of paper documents at issue in Fisher, Doe, or Hubbell. Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents.

The court also says there's nothing to the government's argument that unlocking a phone for police is somehow different -- and less of a Fifth Amendment issue -- than turning over a password to police.

[B]ecause we believe that electronic data and the devices that contain it are fundamentally different than paper documents and paper storage, we reject the State’s attempt to distinguish between compelling Seo to convey her passcode to the State and compelling Seo to simply unlock her phone by entering the passcode itself. It is a distinction without a difference because the end result is the same: the State is compelling Seo to divulge the contents of her mind to obtain incriminating evidence.

This decision shores up Fifth Amendment arguments against compelled decryption and password production. The state appeals court then goes further, instructing state judges and law enforcement agencies to seek less invasive -- and less constitutionally-problematic -- methods of obtaining evidence.

Going forward, we ask reviewing courts of last resort to consider the following structure for resolving decryption requests from law enforcement authorities:

1. Requiring a defendant to decrypt digital data should be legally recognized for what it is—coerced recreation of incriminating evidence— and compulsory process for that purpose should be strictly limited for precisely that reason.

2. In some instances, law enforcement officials will have legitimate need of digital information that is protected by encryption.

3. If the law enforcement request is a bona fide emergency, with verified concern about the possibility of further and immediate serious criminal acts, a warrant that describes the other imminent crime(s) suspected and the relevant information sought through a warrant, both with reasonable particularity, will likely satisfy Fourth and Fifth Amendment requirements.

4. In non-emergency situations, law enforcement should be required to first seek the digital data it wants from third parties, such as internet “cloud” sources, cellphone companies, or internet providers (ISPs), where a defendant has practically, if not explicitly, consented to production upon legal process from a court of competent jurisdiction.

5. Exceptions to the Fourth Amendment and its state analogues, such as the plain view doctrine and the good faith exception, should be inapplicable to, or strictly limited in, the search and seizure of digital data stored on devices owned or controlled by that defendant, or from “Cloud” subscriptions that defendant owns or uses.

It's a thoughtful decision that runs contrary to many rulings covering the same subject. But it is limited to the state of Indiana, so it's not going to undo any federal precedent. But it does give those representing clients facing demands for password production another citation in their favor. More importantly, it sets a new baseline for lawful demands for data production, wresting control away from law enforcement agencies unlikely to impose these constraints of their own.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 29 Aug 2018 @ 9:42am

    "It's not a violation of the fifth!" "Prove it."

    As always if they really want to claim that compelling a suspect to hand over a password and/or unlock a device isn't forcing them to provide self-incriminating evidence, they have a very simple way to put their money where their mouth is:

    A signed, legally binding document granting immunity for anything resulting from the unlocking/decryption of a device/account.

    If they weren't going to use the evidence against the suspect then this costs them nothing, and as such it should be the first thing they go to when a suspect objects to a demand for a password. Such a document would only be problematic if they are planning to use the results of an unlock/decryption, in which case the fifth would absolutely apply.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 29 Aug 2018 @ 10:24am

      Re: "It's not a violation of the fifth!" "Prove it."

      Wouldn't that just open a pathway to parallel construction? In fact, those parallels exist, but are harder to find without 'leads'. Or so it appears. Working harder AND smarter seems beyond the current abilities of law enforcement. Why aren't they finding those 'leads' on their own. The answer seems to be they don't want to do the work.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Aug 2018 @ 10:35am

        Re: Re: "It's not a violation of the fifth!" "Prove it."

        Someone here once said that "parrallel construction" should just be called evidence laundering.

        If I served on a jury that learned that evidence was tampered with even a smidgen like this or any other way I would enact nullification.

        Sadly, most Americans are too stupid to even understand why or would do the same for their fellow citizens. They would instead sit back and allow the government to railroad every fucking person that is dragged through the fucking inJustice system. All because it suits their politics and because everyone if fucking guilty of something and if they had nothing to hide they would not be accused.

        reply to this | link to this | view in chronology ]

        • icon
          Bergman (profile), 29 Aug 2018 @ 4:30pm

          Re: Re: Re: "It's not a violation of the fifth!" "Prove it."

          This. If the only reason you had to look in a given place for a specific thing was information acquired through an illegal search, then looking for that thing in that place was a product of the illegal search, and is also inadmissible.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 29 Aug 2018 @ 4:55pm

            Exceptions to inadmissibility.

            Our judges have long decided that if someone is too awful to set free based on a procedural error (such as an illegal search) then the evidence that convicts them is regarded anyway.

            Of course this fails to acknowledge that setting a guilty man free is supposed to be a penalty to the state for being sloppy with procedure.

            But we've forgotten that.

            reply to this | link to this | view in chronology ]

        • icon
          Tanner Andrews (profile), 1 Sep 2018 @ 2:11am

          Re: Re: Re: "It's not a violation of the fifth!" "Prove it."

          If I served on a jury that learned that evidence was tampered with even a smidgen like this or any other way I would enact nullification.

          I think a better way to put it would be that, if either side offered tampered evidence or otherwise knowingly offered unreliable evidence, you would weigh that very heavily against them. In other words, you would be performing one of the core functions of a juror, which is assessing credibility.

          This has the advantage of fairness: if either side is trying to be dishonest, they suffer the consequences. It also makes it clear during jury selection that you are going in there intending to fairly weigh the evidence, not going in there with bias or intent to do anything improper.

          Many judges and essentially all assistant state's attorneys would object loudly to the idea of nullification. Indeed, they would probably argue that mention of the term is sufficient to strike you for cause. Since improper nullification is probably not what you intended, you should be clear.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 1 Sep 2018 @ 9:00am

            Jury Nullification

            Really, nullification should be well known enough as a means to get out of Jury Duty given that plenty of those summoned can't afford the time off work to oversee a protracted case.

            If enough people come in wearing an Ask me about Jury Nullification pin, eventually they'll have to accept that it's a thing.

            I'm not sure which is more frightening: That our court system depends on the ignorance of its jurors or that its judges knowingly accept this state.

            reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    The Ongoing Routing Snark, 29 Aug 2018 @ 9:44am

    What millions do routinely many times a day isn't "coercion".

    This sophistry won't stand review, either.

    It's foolish that if criminals simply encrypt their accounts / plans / whatever then it's beyond reach of all police. The criminality enabled by this would destroy civilization.

    Not surprising that minion finds its intoxicating.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 9:58am

      Re: What millions do routinely many times a day isn't "coercion".

      I know right?

      Lets just cut your fucking brain out so it can be scanned and all information extracted while we are at it! Once it become routine there is nothing to worry about! No reason to worry about what it does to the victim at all!

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Hero, 29 Aug 2018 @ 10:00am

      Re: What millions do routinely many times a day isn't "coercion".

      > It's foolish that if criminals simply encrypt their accounts / plans / whatever then it's beyond reach of all police. The criminality enabled by this would destroy civilization.

      Maybe I'm misunderstanding your comment, but yes, if someone simply strongly-encrypts their stuff, then it is beyond the reach of anyone. And yet, civilization persists.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 1 Sep 2018 @ 9:03am

        Millions of encrypted accounts

        As far as I'm aware, businesses larger than a mom-and-pop corner store routinely and necessarily encrypt their data and communications. And their administrators will absolutely engage in fraud, perjury or falsification of evidence in order to preserve the survival of the business.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:03am

      Re: What millions do routinely many times a day isn't "coercion".

      People routinely speak many times a day. Forcing them to speak is coercion.

      This really isn't a difficult concept.

      reply to this | link to this | view in chronology ]

    • identicon
      norahc, 29 Aug 2018 @ 10:07am

      Re: What millions do routinely many times a day isn't

      "It's foolish that if criminals simply encrypt their accounts / plans / whatever then it's beyond reach of all police. The criminality enabled by this would destroy civilization."

      Don't forget that thr lack of encryption allows criminals an easier path to commit their crimesm too. Crimes that claim a vast plethora of victims. You know, crimes like identity theft, trade secret espionage, and warrantless searches.

      reply to this | link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 29 Aug 2018 @ 10:11am

      Criminals have been “encrypting” their information in numerous ways since they could put pen to paper. They have been destroying such information, too. The criminal justice system must often arrest and prosecute criminals without access to such evidence; sometimes, guilty parties go free because the evidence of their guilt cannot be brought forth. Despite that fact, civilization lives on.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 29 Aug 2018 @ 10:17am

        Re:

        Even worse they've long made use of ways to avoid leaving any permanent record at all of their activities and plans, things like talking in areas where there's no-one else to hear them and not recording those conversations.

        Yet strangely despite the fact that such conversations are completely beyond the reach of police society somehow manages to survive, almost as though privacy and security, things which can protect both criminals and the innocent are not a recipe for disaster and societal collapse.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:38am

      Re: What millions do routinely many times a day isn't "coercion".

      Before the mobile phone and the Internet, almost all the data that can be obtained from a phone was unavailable to police, yet they managed to solve crimes. That is they used to solve crimes without the criminals recording their activities, and they should still be able if the cannot get that recorded infomation. Beside they also now have all the metadata,on phone calls, and where the phone has been to assists them, often without having to get a warrant.

      reply to this | link to this | view in chronology ]

    • icon
      Rapnel (profile), 29 Aug 2018 @ 10:41am

      Re: What millions do routinely many times a day isn't "coercion".

      Jesus, you really are a fucking idiot, aren't you?

      We, humans, our capabilities, passions, thoughts and things do not, actually, exist at the behest of law enforcement.

      The simple reasoning that "once we could, now we can't" is a mind-fuck fabrication of an unenforceable, non-existent reality.

      We are permitted simply by the mere fact that we exist and can access thoughts, ideas and ingenuity to build any sort of protective barrier for our things that we could possibly devise. Anything, mate, anything.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 29 Aug 2018 @ 11:29am

      Criminals like you...

      This is totally Poe. Either it's unironic but hyperbolic, or it's satire.

      Remember that you're already a criminal, waiting only for law enforcement that wants to book you. The only question is what you did, and how much time they can pile onto your sentence.

      Civilian criminals aren't destroying civilization, they are civilization.

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    HoT O Rod, 29 Aug 2018 @ 10:14am

    By the way: "plain ASCII" is PLAIN only because de-coded!

    This aspect of the wrongness didn't strike me at first, but this judge completely overlooks that without a machine to "de-code" EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY.

    So, even with one more step of "encryption" IT'S STILL JUST LIKE OPENING A SAFE.

    [But it'd be safe in EBCDIC!]

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:18am

      EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY

      Not true. Some of us can read and understand those bytes whether in binary or hexadecimal.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Aug 2018 @ 10:35am

        Re:

        I was going to point out the same thing. The day I found a hexeditor I could use in DOS, was the day I started looking at every file I could get my hands on. Reading the raw files of encyclopedias on CD was much faster than using the normal interface.

        reply to this | link to this | view in chronology ]

      • icon
        The Wanderer (profile), 31 Aug 2018 @ 9:56am

        Re:

        I think the alleged point was that you need a machine to decode the physical pattern in the storage medium into the form of the bytes, and then to display the result to you. That's still just as true whether the displayed result is in the form of binary, octal, hexadecimal, font-based glyphs, or graphics from simple 2D on up.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:21am

      Re: By the way: "plain ASCII" is PLAIN only because de-coded!

      out_of_the_blue just hates it when due process is enforced.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:24am

      Re: By the way: "plain ASCII" is PLAIN only because de-coded!

      "EVERY BYTE IN A COMPUTER IS EFFECTIVELY ENCRYPTED BEYOND HUMAN ABILITY."

      Looks like every byte in your noggin is effectively useless.

      The first computers required a lot of human processing to help them work. Machine code is quite readable by humans and hardly beyond human ability.

      Encryption is also quite readable by humans once the key or cipher is discovered. We just use computers to do it all faster!

      In fact, is is computers that have yet to reach human ability, NOT the other way around as you so ignorantly suggest!

      reply to this | link to this | view in chronology ]

  • icon
    Adam (profile), 29 Aug 2018 @ 10:23am

    Code words and ciphers pre-consumer electronics

    I tried to do some research and never found anything, but was there never any legal precedent set for someone being forced to give up a code word or cipher prior to consumer electronics?

    It seems like it would have been common for people who knew a call might be recorded to use code words for certain activities. Has a court ever ruled that a defendant must give up their private definition to a code word?

    Cryptography and other methods to obfuscate information has existed long before personal computing and I find it difficult to believe there isn't any legal precedent, but I can't find any.

    reply to this | link to this | view in chronology ]

    • icon
      btr1701 (profile), 29 Aug 2018 @ 10:36am

      Re: Code words and ciphers pre-consumer electronics

      It would be interesting if some criminals had come up with their own cipher-- something like the Navajo language that confounded cryptologists-- and what a court's reaction to reams of paper written in that language would be if found during a search warrant.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Aug 2018 @ 10:46am

        Re: Re: Code words and ciphers pre-consumer electronics

        uh... they have done things like this all throughout history. Read a little bit of it.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 29 Aug 2018 @ 11:06am

          Re: Re: Re: Code words and ciphers pre-consumer electronics

          The hypothetical wasn't 'Have they done it?' as that's obviously 'yes, just because they're criminals doesn't mean they're automatically idiots' so much as 'what would happen if the police found encrypted paper documents and brought it to the court?'

          Would it be treated the same as some courts have acted in response to digital encryption? 'You wrote it, you decipher it', or would the court rule that forcing the accused to decipher a code would be forcing them to provide incriminating evidence, and therefore prohibited?'

          The amount of work would obviously be much different between the two circumstances, encrypted digital files vs encrypted papers, but the general act would be the same or at the very least very similar, forcing someone to make use of what they know to decrypt/decipher potentially incriminating documents, hence the question as to how a court would react.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 29 Aug 2018 @ 11:37am

            Re: Re: Re: Re: Code words and ciphers pre-consumer electronics

            I do not understand what you mean then.

            Yes, judges are going to try to compel defendants to give up their ciphers, they ALWAYS have have not read a courts case that indicated otherwise, like EVER. The question is if they get by with it or if the will of the defendants break.

            When was the last time you saw a judge get into trouble for breaching the fuck out of peoples rights? They just appeal their cases and get judgements overturned. The last time I saw a Judge get into any serious trouble was when he asked why a women did not close her legs? And that only happened because it made big news.

            reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 29 Aug 2018 @ 11:34am

      The Pizza Connection

      In the late 20th century the Mafia was running cocaine through pizzerias and not only used a code system but a post WWII change-up system that scrambled around the key words every week, and kept the FBI busy for years.

      As far as I know, no-one in court was ever forced to give up the codes, and only after the fact were the books discovered.

      But if there ever was a demand by a court to turn them over, or a pre-smart-phone challenge to the notion, that would be the case for it.

      reply to this | link to this | view in chronology ]

  • icon
    Gary (profile), 29 Aug 2018 @ 10:46am

    Enforcement

    Fortunately under common law no one can be compelled to do anything they don't want. Pay taxes, walk in the cross walk, shout gunman in a crowded school - it is all open game for sovereign citizens!
    Sure, you'll still go to jail if you don't comply. But they can't *actually* make you. No one can make a sovereign citizen do anything!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Aug 2018 @ 10:47am

      Re: Enforcement

      News flash, you have to do whatever those in authority tell you to do or you could get shot, tossed in jail, or just fined in all manor of ways.

      No, no one actually gives a shit about your rights or your situation... until it fits into their political agenda that is.

      reply to this | link to this | view in chronology ]

      • icon
        Stephen T. Stone (profile), 29 Aug 2018 @ 10:58am

        you have to do whatever those in authority tell you to do

        Tell that to a SovCit.

        reply to this | link to this | view in chronology ]

        • icon
          Gary (profile), 29 Aug 2018 @ 11:06am

          Re:

          you have to do whatever those in authority tell you to do

          Tell that to a SovCit.

          Well you see, once you allow the police to arrest you for failing to comply, you are no longer a SovCit because you have given up your rights under Common Law!!!
          I think. Still waiting for someone to explain this common law krap to me and how it keeps getting invoked.
          Also, I was Poe'd and should use the /s tag, my bad. Or maybe a /t tag for trolling since making fun of the SovCits does not really contribute to anything. :(

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 29 Aug 2018 @ 11:41am

            Re: Re:

            The premise is simple.

            The idea is that a government does not have any authority over you until you "accept" that authority.

            You may not be aware of this but all citizens are slaves of their governments whether they know it or not.

            Instead of calling it "do what your master says" it is "follow the law. Same thing, different words.

            Don't pay your taxes, someone with a gun comes for you or the property you don't technically own.
            Break the law, someone with a gun comes for you.
            Fail to perform certain civic duties, someone with a gun comes for you.

            No matter how free you feel, you are a slave, plain and simple. Go and call a cop a pig, see how free you really are.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 29 Aug 2018 @ 1:03pm

              Re: Re: Re:

              As long as you state your insult as an opinion the cop would have no legal ground to do anything to you. Not that this would stop them but they'd have no legal grounds. And good luck pressing charges.

              reply to this | link to this | view in chronology ]

            • icon
              nasch (profile), 29 Aug 2018 @ 2:29pm

              Re: Re: Re:

              I think this one is serious.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 29 Aug 2018 @ 8:29pm

              Re: Re: Re:

              The premise is simple.

              Ah, you forgot the "/s" tag. Been there.

              By using this website, all SovCit's accept Mike's authority to run the website the way he sees fit. This does seem kinda simple really.

              reply to this | link to this | view in chronology ]

  • icon
    REM(RND) (profile), 29 Aug 2018 @ 1:16pm

    I have the answer

    Make your password "iwillnottellyoumypassword".

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Aug 2018 @ 2:45pm

    What if...

    What if my password is "I swear under penalty of perjury killed Firstname Lastname" - that would be evidence of a crime and perjury if you didn't actually kill the person. It's a valid legal defense?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Aug 2018 @ 12:52pm

    DOJ crypto backdoorers should consider better defendants

    I would LOVE to see the DOJ go after a bank CEO -- e.g., Wells Fargo or Countrywide -- instead of some non-violent drug user; DOJ might get a lot more sympathy for wanting to shred the Fourth and Fifth Amendments in their cases.

    As it is, their hypocrisy of selective enforcement applying only to "little people" eliminates any moral authority they might once have had.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.