Illinois Appeals Court Says Fifth Amendment Protections Apply To Cellphone Passwords

from the reel-those-rods-back-in,-boys dept

The key to determining Fifth Amendment protections against compelled production of passwords appears to be a court's definition of the term "foregone conclusion." In many cases, courts have decided the government only has to clear a very low bar to meet this demand. In those cases, the only "foregone conclusion" the government needs to prove is that the person being compelled to provide a password knows the password. Once the government has linked the person to the locked device, it can get on with the compelling.

If a court decides to raise the bar, it gets far more difficult for the government. In a few cases, the government has been asked to show it knows the evidence it seeks can be found in the locked device. Even if it meets this requirement, it can't just start throwing court orders at the criminal suspect. This "foregone conclusion" directly implicates the Fifth Amendment. The government is no longer simply asking someone to unlock a device. It's asking them to directly provide them with evidence that could be used against them.

An Illinois state appeals court has decided the Fifth Amendment protects defendants from producing evidence to be used against them. (via FourthAmendment.com) In this case, the defendant was a passenger in a car stopped by law enforcement. A drug dog alerted on a leather bag belonging to the defendant. The ensuing search uncovered a prescription pill bottle containing cocaine, resulting in a charge of possession with intent to distribute.

That's not all the cops found. They also found the suspect's cellphone, which he refused to unlock for them. The prosecution asked the court to force the defendant to provide the password. The trial court declined to do so, saying compelled production of evidence violated the Fifth Amendment. The appeal followed, and the government has now been told twice [PDF] there will be no compelled password production. First, it explains this exception to the Fifth Amendment, which is now enjoying its heyday (so to speak):

The foregone conclusion doctrine is an exception to the fifth amendment privilege. Fisher, 425 U.S. at 411. Per the doctrine, where the existence, location and authenticity of the evidence is a foregone conclusion, that is, it “adds little or nothing to the sum total of the Government’s information,” the fifth amendment does not protect the act of production. Id. The exception applies when the State demonstrates with “reasonable particularity” that when it sought the act of production, the State knew the evidence existed, the evidence was in the defendant’s possession and it was authentic. United States v. Greenfield, 831 F.3d 106, 116 (2d Cir. 2016).

The court then points out what the government ultimately wants is what lies beyond the password, not the password itself.

Here, the State is not seeking the passcode per se but the information it will decrypt. The cases that declare the passcode to be a nontestimonial communication operate under the framework that the passcode is the testimonial communication and that it falls under the foregone conclusion exception to the fifth amendment privilege. We consider that the proper focus is not on the passcode but on the information the passcode protects. The State claims it sustained its burden of proving with reasonable particularity that it knew the passcode existed, that Spicer knew the passcode and that it would be authenticated by entering it into Spicer’s phone. However, what the State actually needed to establish with reasonable particularity was the contents of the phone, which it did not do.

If the state wants to satisfy this requirement, it needs to do far more than it has. So far, all that's been shown is that the officer seeking the search warrant imagines the cellphone will contain plenty of information relevant to the distribution charges, like… um… pretty much the phone's entire contents. The appeals court doesn't care for the breadth of the government's supposition.

The State does not know what information might be on Spicer’s phone but surmises that cell phones are often used in unlawful drug distribution and such information would be available on Spicer’s phone. The State has not provided a particularized description of that information or even evidence that any useful information exists on the phone. The State sought and was granted in the search warrant access to most of the information in Spicer’s phone, including call logs, text messages, multimedia messages, instant messaging communications, voicemail, e-mail, all messaging applications, phonebook contacts, videos, photographs, Internet browsing and mapping history and GPS data between May 24 and June 24, 2017. The State does not identify any documents or specific information it seeks with reasonable particularity. The State is engaging in a fishing expedition and the foregone conclusion exception does not apply here.

The foregone conclusion the government has to work with is far smaller than the foregone conclusion it thought it had:

While the State is aware that the passcode existed and that Spicer knew it, the State could not know that the passcode was authentic until after it was used to decrypt Spicer’s phone. Moreover, the production of Spicer’s passcode would provide the State more information than what it already knew. Although the focus of the foregone conclusion is on the passcode, in our view, it properly should be placed on the information the State is ultimately seeking, which is not the passcode but everything on Spicer’s phone.

The court's decision isn't a blanket statement saying compelled password production will always violate the Fifth Amendment. But it should serve as a warning to law enforcement officers who think they should be able to dig through every phone they seize, no matter how weak their affidavit rationalizations or how tangential the supposed evidence might be to the filed charges.

Filed Under: 5th amendment, illinois, mobile phones, passwords


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 Mar 2019 @ 11:31am

    Is there any hope this also applies to biometric "passwords"? So far law enforcement has refused to acknowledge that a fingerprint is information just as is a password and even in some jurisdictions where password production cannot be compelled sticking the suspect's finger on their phone still can.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2019 @ 1:48pm

      Re:

      Law enforcement already obtains their biometrics. You get fingerprinted on arrest, so law enforcement could (with a bit of work) print out a 3D printed fingerprint to use to gain access to the phone. I suspect they'd use that as a means to argue that compelling the arrested to unlock phones via fingerprint is merely a convenience and a time/money-saver and not something they actually need to do since they could print off the fingerprints in a usable form to unlock the phone.

      It'd still be bullshit though, and an example of why you NEVER use biometrics as a sole/primary form of authentication. It should only be secondary or tertiary (and frankly shouldn't be used at all if the system could lock you out if you happen to lose a digit due to amputation, etc).

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 21 Mar 2019 @ 2:30pm

        Re: Re:

        It'd still be bullshit though, and an example of why you NEVER use biometrics as a sole/primary form of authentication. It should only be secondary or tertiary (and frankly shouldn't be used at all if the system could lock you out if you happen to lose a digit due to amputation, etc).

        Biometrics can be used as a account name.

        Biometrics should never be used as an account password.

        reply to this | link to this | view in chronology ]

  • identicon
    bobob, 21 Mar 2019 @ 11:44am

    It's about finally fucking time the constitution showed up in court.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Mar 2019 @ 12:58pm

      Re:

      Oh it shows up regularly, the problem is that far too often(read: More than zero) it's quickly thrown under bus because the 'National Security'/'the defendant is really scummy'/the person making the accusations has a badge.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 21 Mar 2019 @ 12:54pm

    Ya think?

    Although the focus of the foregone conclusion is on the passcode, in our view, it properly should be placed on the information the State is ultimately seeking, which is not the passcode but everything on Spicer’s phone.

    About bloody time a court got enough of a spine to figure that out and actually rule accordingly. The goal isn't the password, it's what the password unlocks, and if they are trying for that the fifth most certainly applies.

    Per the doctrine, where the existence, location and authenticity of the evidence is a foregone conclusion, that is, it “adds little or nothing to the sum total of the Government’s information,” the fifth amendment does not protect the act of production.

    And this is just legalized bullshit. If the government has 'little or nothing' after forcing someone to provide information, then what exactly was important enough to force them to do so in the first place? If they already have the evidence they need then they don't need to force someone to provide it for them, the entire point is to get what they don't currently have, such that the idea that the fifth isn't implicated is beyond absurd and should have been seen as a blatant attempt to bypass it when it was first proposed.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2019 @ 7:45pm

    Less you're inside that 100 mile border less constitution free zone
    that encircles 80% of the population

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 21 Mar 2019 @ 8:40pm

    That sound you hear is out_of_the_blue stamping his feet in righteous indignance as he foams rabidly at the mouth.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Mar 2019 @ 5:55am

    Law enforcement and prosecutors don't want to do any actual investigative work. If the data is already there on the cell phone, just get the court to compel the defendant to unlock. And once we are in lets use anything we find, relevant or not, to screw up the defendant and get a conviction.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 22 Mar 2019 @ 11:45am

    Now that's kinda surprising. It should be the default, not the exception. To the govt it seems the Constitution is more and more optional up to when somebody smacks them down. And the courts aren't doing it as frequently as they should.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 22 Mar 2019 @ 1:19pm

      Re:

      They seem to see it rightly as a check against their ability to do what they want, and rather than accept that there's a good reason to have that check they instead work to bypass and/or weaken it so that they can get back to doing whatever they want, secure in the knowledge that as The Good Guys anything that prevents them from acting has to be Bad, and thereby they're doing nothing wrong getting rid of it.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.