Virginia Judge Rules Police Can Compel Suspect To Unlock Phone Locked Via Fingerprint

The Fourth and Fifth Amendments do not prevent the police from compelling you to unlock your phone if you used fingerprint scan technology to lock it, Virginia Judge has ruled.

Apple Fingerprint

A trial court judge in Virginia Beach, Virginia is the latest Judge to weigh in on the issue of when, and under what circumstances, a criminal suspect can be forced to unlock a smartphone or other electronic device, marking the latest in a trend of judicial opinions on the issue that have come down on both sides of the question:

A Virginia Circuit Court judge issued a ruling on Thursday that people do not have to unlock their password-protected phone for the state’s police, but that fingerprint-protected phones are a different story.

The ruling comes from the case of David Baust, an emergency medical services captain who was charged with trying to strangle his girlfriend in February. Prosecutors thought that video equipment located in his bedroom may have recorded the incident and wanted Baust to unlock his cellphone in case the video could be found there.

According to The Virginian-Pilot, Judge Steven Frucci ruled that making suspects provide their passwords so police can snoop through their phones is a violation of the Fifth Amendment because it would force suspects to incriminate themselves. But in the same ruling, the presiding judge decided that demanding suspects to provide their fingerprints to unlock a TouchID phone is constitutional because it’s similar to compelling DNA, handwriting or an actual key—all of which the law allows.

The Fifth Amendment states, “No person shall be compelled in any criminal case to be a witness against himself.” As Wired notes, this applies to memory-based passwords that reflect what we know and remember and not biometric-based fingerprints that reflect who we are.

TouchID technology is a new feature, which can be found on some iPhone 5s, 6 and 6 Plus models, that allows users to unlock their devices with a fingerprint. With the proliferation of iPhones, it is not far-fetched to assume this form of authentication may become more widely used and could have unintended consequences.

Macie Pridgen, a spokeswoman for the Commonwealth’s Attorney’s Office, said prosecutors are considering an appeal.

Orin Kerr at The Volokh Conspiracy goes into more detail about the legal issues involved here:

First, the court’s ruling on divulging a fingerprint is easy. There’s obviously no Fifth Amendment problem with that. On the government’s request for the passcode, the opinion is frustrating because the government’s request was poorly framed. In this case, the government doesn’t need to know the defendant’s passcode. It only needs to bypass the passcode gate, either through the fingerprint or by having the passcode entered in by the defendant. If the government couldn’t get into the phone with the fingerprint, then, the sensible request would be for an order to have the defendant enter in the code rather than an order disclosing it to the government. But the government didn’t ask for that: Instead it asked for an order that the defendant tell them his passcode.

What’s the difference? Having the defendant enter in his passcode would minimize the Fifth Amendment implications of the compelled compliance, as it would not involve disclosing the potentially incriminating evidence of the passcode itself. The passcode itself could be independently incriminating, at least in some cases. Imagine a conspiracy case in which members of the conspiracy use a common passcode. Proof that a suspect used that exact passcode on his own phone would be incriminating evidence, as it could help to show membership in the conspiracy.

Because the passcode itself could be incriminating, the smart way to limit the Fifth Amendment problem is for the government to ask for an order compelling the target to enter in the passcode rather than to divulge it to the police. That way, the government gets the unlocked phone but never gets the passcode. If the defendant has to enter in the passcode rather than tell it to the police, the testimonial aspect of complying would only be admitting knowledge of the passcode, which would very likely be a foregone conclusion in a case where the phone is used heavily by that person. But the government didn’t ask for that here, so the court didn’t consider how the Fifth Amendment would apply in such circumstances.

As Kerr notes, the Court’s opinion doesn’t reach the issue of whether or not a Defendant can be forced to decrypt the contents of an electronic device largely because that issue was apparently not argued in the Motions that were before the Court. Notwithstanding that, the issues presented here are quite similar to cases I’ve written about in recent years that raise the question of when a suspect in a criminal case can be compelled to provide investigators with access to a locked electronic device. In January 2012, I wrote about a case that was then pending in a Federal District Court in Denver regarding a woman under investigation by the Federal Government who was refusing to provide prosecutors with the password necessary to decrypt her hard-drive. After holding three separate hearings on the matter, the Judge hearing the case ultimately ordered the Defendant to produce the password. Just a month later, the 11th Circuit Court of Appeals issued an opinion in which a three judge panel ruled that a Defendant in a similar situation could not be required to produce the password or otherwise decrypt the hard drive. Then, in May of last year, a Federal Magistrate Judge in Wisconsin ordered a suspect in a child pornography investigation to provide the PGP password for his computer. There have also been rulings in factually similar cases from District Courts in Vermont and Michigan. Each of these rulings was made at the trial court level, though, and none of them appears to have been appealed at all, or ruled upon if they were appealed, so we don’t really have any guidance from appellate courts at either the Federal or state court level on the issue,

I agree with Kerr, though, that on the narrow issue presented here, whether or not the police can compel a Defendant to unlock a phone using their fingerprint, that the Court got the issue correct. The distinction here is between what a Defendant can and cannot be compelled to do and, as we’ve seen in the passcode cases noted above, the question that Court have had to deal with is whether providing a passcode is a Fourth Amendment issue, in which case a Defendant can be forced to reveal it based on a warrant issued upon probable cause, or a Fifth Amendment issue, in which case providing the passcode is considered testimonial and potentially incriminating and thus not something that a court can force a Defendant to reveal. While the rulings on this issue have come down on both sides of that question, it has always seemed to me that being forced to provide a passcode is clearly testimonial in nature, To use an old analogy, it is similar to the combination to a safe which, pursuant to long standing legal authority, is clearly protected by the Fifth Amendment. The same cannot be said about fingerprints, though. Courts ruled long ago that there is no Fifth Amendment issue in a suspect being required to provide a fingerprint sample, which is why there are no ways to challenge the common practice of taking someone’s fingerprints upon arrest, or on other occasions during the course of an investigation. So, if you’re locking your phone or tablet using fingerprint technology, which is available on Apple devices and on many Android devices such as the Samsung Galaxy Tab S, there’s nothing in the law that would prevent the police from compelling you to unlock it.

Interesting, this case was largely anticipated last year when Apple first introduced the fingerprint technology that is becoming ubiquitous today. At the time, several legal scholars argued that users who locked their phones using this method would be making searches much easier for law enforcement than it would be if the were using passcodes to lock the phone. This case would seem to suggest that those warnings were correct. The interesting question, of course, is how a holding like this would apply to a two-step login process that included both a fingerprint and a passcode that was necessarily to unlock specific applications or files, which would present the Court with both a valid Fourth Amendment search and potentially testimonial evidence that could not be compelled under the Fifth Amendment. At some point, the appellate courts and, eventually, the Supreme Court is going to have to weigh in on these issues, because as this case makes clear, it’s something that police are likely to face on an increasingly regular basis.

Here’s the opinion (and yes, it is typical for Circuit Court Judges in Virginia to issue written opinions in letter form like this):

Commonwealth v. Baust by Doug Mataconis

FILED UNDER: Crime, Law and the Courts, Policing, Science & Technology, , , , , , , , , , , ,
Doug Mataconis
About Doug Mataconis
Doug Mataconis held a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020. He passed far too young in July 2021.

Comments

  1. EddieInCA says:

    I’ve resisted touch ID just for this reason.

    If a policeman ever asks me for my passcode, the answer will be “I’m sorry. I don’t remember it.”

  2. Tyrell says:

    @EddieInCA: I have the same question about just claiming forgetfulness, which in my case might just be true with dozens of passwords to keep up with.
    Also, I wonder if a judge could order outifits like Google, Amazon, ATT, Apple, Microsoft, HP, banks, public libraries, auto parts stores, gaming sites, and schools to hand over passwords. Wonder what would happen then ?
    I keep a table of all of my passwords in the computer. I need to make a hard copy and hide it somewhere that I can remember where it is at.

  3. James Joyner says:

    While I’m skeptical that being forced to give access to one’s phone isn’t a violation of the intent of the 5th Amendment, the courts whittled it down to nothingness long before people started carrying phones around. It’s among the weakest of our civil liberties guaranteed under the Bill of Rights.

    Regardless, it seems to me that the better argument is that it’s a violation of one’s 4th Amendment rights against unreasonable search and seizure. Without a warrant, police simply should not be able to search our computers or cellular phones. Even there, the warrant should describe particular things to be searched for and other things that happen to be found on the fishing expedition should be excluded.