I recently bought a new laptop, one with a fingerprint sensor. I didn’t think much about this feature. My old laptop didn’t have it, but I never found entering a password inconvenient and I still use a numerical passcode for my phone. When I was first prompted to set up fingerprint authentication, I considered what that would mean for my security, privacy, and convenience. I never considered the effect on my constitutional rights.
For almost all of us, our cellphones and computers store deeply personal information about ourselves. It’s no wonder that the messages, call history, photos and videos, contacts, notes, and other data on these electronic devices would be of interest to law enforcement agents. But as many of us have passwords, passcodes, or biometric authentication enabled on our devices, law enforcement’s mere possession of a device doesn’t necessarily grant it access to the information it seeks.
As law enforcement agents increasingly seek warrants compelling individuals to unlock their electronic devices – whether by entering a passcode or providing the necessary biometric inputs – courts are split on how the Fifth Amendment comes into play.
The Fifth Amendment and the Passcode
The Fifth Amendment protects an individual from being “compelled in any criminal case to be a witness against himself.” This is known as the self-incrimination clause, the legal basis behind the concept (and popular Hollywood phrase) “pleading the Fifth.” In Fisher v. United States (1976), the Supreme Court held that while the Fifth Amendment’s privilege against self-incrimination does apply to acts of production, it does not prohibit the compelled production of all incriminating evidence. The privilege “protects a person only against being incriminated by his own compelled testimonial communications.”
Where do passcodes come in? The idea here is that compelling a defendant to reveal or enter the passcode to their device would be akin to compelling testimony of their knowledge, possession, and control of the potentially incriminating files on the passcode-protected device. In the 2000 case United States v. Hubbell, the Supreme Court discussed in dicta a distinction between compelling the surrender of a key and compelling the disclosure of a combination code. The former is a physical act whereas the latter requires a defendant to disclose “the contents of his own mind” – a violation of the Fifth Amendment right against self-incrimination. A passcode is clearly analogous to a safe’s combination code, so the Fifth Amendment kicks in, right? Not so fast.
Fisher also articulated the “foregone conclusion” exception to the Fifth Amendment privilege against self-incrimination, in which the privilege does not apply if the implied testimony of an act of production is a “foregone conclusion” that “adds little or nothing to the sum total of the Government’s information.” Some courts have found that proof of the defendant’s knowledge of the device’s passcode is sufficient to trigger the foregone conclusion exception (see examples from Massachusetts and Florida), whereas other courts have found that the foregone conclusion exception requires the government to actually be able to describe with reasonable particularity the specific contents it is looking for on the device (see examples from Indiana and Florida, again).
Passcodes Versus Biometrics
Unlike a passcode or password, a fingerprint or a face is obviously physical and thus closer to a key than a combination code. That’s the reasoning behind courts finding that providing a fingerprint to unlock a cellphone is not a testimonial communication under the Fifth Amendment, and thus does not receive protection under the privilege against self-incrimination.
But in early 2019, Magistrate Judge Kandis Westmore of the U.S. District Court in Oakland denied a search warrant to compel the unlocking, via biometric authentication, of digital devices founded in an authorized search, reasoning that such biometric features “serve the same purpose of a passcode.”
Intuitively, compelling an individual to use a biometric feature to unlock an electronic device seems categorically similar to compelling that same individual to submit to a DNA swab or a blood sample, which courts do not consider subject to protection under the privilege against self-incrimination. Westmore’s explanation of why they are different from each other is in many ways unsatisfying when considering the larger body of Fifth Amendment case law.
But viewing this issue normatively, it seems rather unintuitive that making use of your phone’s built-in fingerprint unlocking feature would affect your Fifth Amendment privileges, particularly as biometric recognition technology becomes increasingly popular on our everyday electronic devices.
Where to go from here
As Westmore states in her opinion, “the challenge facing the courts is that technology is outpacing the law.” This is true in more ways than one, even just in the area of law enforcement’s access to the troves of personal information on our cellphones. In the Fourth Amendment cases Riley v. California (2014) and Carpenter v. United States (2018), the Supreme Court recognized that cellphone data warrants heightened protection because cellphones are a “pervasive and insistent part of daily life” and store a vast amount of immensely personal data. The Court could similarly recognize, or at least clarify, whether the Fifth Amendment’s protections also deserve to keep pace with technological advances.
In the meantime, it seems that your mind is the only guaranteed safe place from the government, with or without a warrant.