Court Says Fifth Amendment Covers Smartphone Passcodes, But It's Hardly A Victory For Constitutional Rights
from the blueprint-for-fifth-amendment-evasion-currently-in-progress dept
A recent opinion issued in a prosecution by the Securities and Exchange Commission seems to indicate the government can't force members of the public to hand over passwords without violating the Fifth Amendment. But the details suggest something else: that this is limited to a very specific set of circumstances and is not in any way precedential, at least not at this point.
The courts have previously weighed in on the legality of forcing people to basically provide incriminating evidence against themselves through the compelled relinquishment of passwords. Back in 2013, a magistrate judge rejected an order compelling a defendant to decrypt a seized hard drive by providing the government with his password. A year later, the Massachusetts Supreme Court came to the opposite conclusion: that the compelled production of passwords did not have Fifth Amendment implications.
The DOJ has argued that it does have the right to demand passwords to unlock seized items and actually found a judge that agreed with it. In that case, the court found that unlocking a device was no different than producing documents at the government's request -- distancing it from the "compelled speech" against a person's own interests that the Fifth Amendment is supposed to guard against.
This case falls along those same lines, but the legal conclusions are a bit different.
The Securities and Exchange Commission (SEC) is investigating Bonan and Nan Huang for insider trading. The two worked at the credit card company Capital One as data analysts. According to the complaint, the two allegedly used their jobs as data analysts to figure out sales trends at major U.S. companies and to trade stocks in those companies ahead of announced company earnings. According to the SEC, they turned a $150,000 investment into $2.8 million.But here’s the problem: The SEC can’t get in. Neither can Capital One. Only the defendants know the passcodes. And the defendants have refused to disclose them. As much as Capital One may want to aid the SEC in prosecuting its former employees, it can't.
Capital One let its employees use company-owned smartphones for work. Every employee picked his own passcode, and for security reasons did not share the passcode with Capital One. When Capital One fired the defendants, the defendants returned their phones. Later, as part of the investigation, Capital One turned over the phones to the SEC. The SEC now wants to access the phones because it believes evidence of insider trading is stored inside them.
The SEC sought an order to compel the production of the passcodes. The suspects refused on Fifth Amendment grounds. This brings us to the tricky details of this case, which suggest it won't become an across-the-board Fifth Amendment-protected "right" to deny the government access to password-protected devices and storage.
The government argued for the compelled production of passwords using the "foregone conclusion" doctrine.
The doctrine, introduced in Fisher v. United States, says that the Fifth Amendment doesn’t block complying with a court order when the testimonial part of complying with a court order is a foregone conclusion. In other words, if the government already knows the testimonial part of complying with the order, and they’re not seeking to prove it from the order, then you can’t use the Fifth Amendment to avoid compliance with the order.In the government's creative interpretation of the doctrine, the production of passcodes would be no more than the defendants acknowledging they used the phones Capital One supplied them with -- something the government already knows and which has been confirmed by Capital One. Therefore, there are no Fifth Amendment implications. The judge disagreed, correctly pointing out that the government was seeking access to documents possibly contained on the phones, rather than simply seeking to confirm what it already suspected: that the phones were used by the defendants.
By using one thing to achieve another, the government was stretching its "foregone conclusion" to cover any evidence discovered on the unlocked phones. If the defendants have reason to believe incriminating documents resided on those phones, they are well within their Fifth Amendment rights to refuse the government's request. Or so you would think.
Should the SEC ultimately succeed with this interpretation of the "foregone conclusion" doctrine, it will have compelled incriminating testimony. It claims that it's merely seeking to confirm ownership by seeing if the passcodes unlock the phones. But once they're unlocked, it can compel the production of documents. Should these prove to be incriminating, it already has the defendants' admissions that these are their cell phones.
So, this case is less about securing Fifth Amendment rights than the government exploring options on how to obtain permission to compel defendants to hand over access to possibly incriminating information. If the court holds firm in its view of the government's true aims, it will be a small win for constitutional rights but one unlikely to be applied broadly.
As Orin Kerr points out in a second post on the case, some unanswered questions point towards the government being able to successfully argue that simply providing a password to a locked device isn't self-incriminating testimony.
If this analysis is right, then the password is incriminating because it provides a link to the evidence. The government could grant the defendants immunity, but it would need to be use and derivative use immunity — that is, immunity not just from the actual testimony but from what the testimony would reveal.See Counselman v. Hitchcock, 142 U.S. 547, 585 (1892). The defendants should win. That’s where Jonathan comes out, and it might be correct.If the government can argue that compelled production of passwords that leads to the discovery of incriminating material is merely causal (rather than the password itself being evidence of guilt), it may be able to skirt the Fifth Amendment entirely. This has obvious implications in the ongoing law enforcement war on encryption. With no firmly established legal footing for the argument that demanding passwords violates the Fifth Amendment, password-protected encryption will be ultimately no more safe than leaving everything unlocked and in plaintext.
But I’m not sure. Here’s my question: Does the “link in the chain” test include a merely causal link — that is, a link in the chain to the evidence? Or does “link in the chain” mean that the testimony was part of the evidence of guilt but not enough to prove the entire offense — that is, a link within the body of evidence? If testimony is solely of value for its causal connection to evidence, and it has no evidentiary value itself, is the testimony incriminating?
So, while the court has -- for the moment -- denied the government's request to compel the production of passwords, the underlying legal entanglements don't exactly bode well for the future of the Fifth Amendment.