Courts Can’t Put Their Finger on How to Handle Compelled Unlocking of Devices with Biometrics

Published On April 30, 2019 | By Bart Huff and Devron Brown | Law Enforcement, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

Law enforcement agencies are increasingly requesting that courts allow them to compel suspects to unlock electronic devices with their biometrics. As of yet, though, courts confronted with the question have come up with no unified answer whether they can do so.

For example, earlier this year, as part of a search warrant application for a house believed to be associated with the two suspects of an extortion plot, a federal magistrate judge in Oakland, California denied agents the authority to compel individuals present to use their biometrics to unlock digital devices found during the search. The Court denied the request, finding that (1) the search warrant application was overbroad in that it was not limited to particular persons or devices, and thus ran afoul of the Fourth Amendment and (2) requiring suspects to unlock digital devices using biometric features would be compelling nonverbal testimony in violation of the Fifth Amendment.

The Fourth Amendment 

With respect to the Fourth Amendment issue, the court found probable cause to support searching and seizing devices “reasonably believed … to be owned and controlled by the two suspects,” but found the request to search and seize devices of non-suspects who happened to be present overbroad. Similarly, in dicta, the Court held that the request to compel non-suspect individuals to use their biometrics to unlock devices overbroad, but did not comment on whether such a request to compel the identified suspects would be permissible as a matter of the Fourth Amendment. The court’s analysis of the Fourth Amendment issue was similar to that in In Re Application for a Search Warrant. Although the Illinois federal magistrate judge found the premises search valid, he denied the Government’s request to search all phones on the premises by compelling individuals to use their finger or thumbprints to unlock the devices because the request was “neither limited to a particular person nor a particular device.” 

In other cases, however, courts have found no Fourth Amendment violation, especially where the government was more targeted in its request. For example, in In the Matter of the Search of [Redacted] Washington, District of Columbia, a federal magistrate judge granted the Government’s request to compel the target of a Computer Fraud and Abuse Act investigation to use biometrics to unlock identified digital devices. The court found the search and seizure request sufficiently narrow because the Government: (1) identified specific digital devices “used or controlled by the Subject” and (2) made clear that law enforcement was not authorized to compel any other individuals found at the premises to provide biometrics to unlock any identified digital devices. Similarly, last week, a Massachusetts federal magistrate judge authorized law enforcement to compel the specified target of an investigation to unlock any devices discovered during a search that they had reasonable suspicion to believe were his.

The Fifth Amendment

While many of the outcomes surrounding the Fourth Amendment inquiry may be able to be reconciled based on the breadth of the law enforcement request, the courts’ analyses of whether compelling the use of biometrics to unlock a digital device violates the suspects’ Fifth Amendment right against self-incrimination has no clear guiding light. For example, the magistrate judge in Oakland found such a request violates the Fifth Amendment, noting that alpha-numeric passcodes are testimonial because they represent the contents of an individual’s mind and finding that biometrics are akin to passcodes because they serve the same purpose. Similarly, the court in In Re Application for a Search Warrant found differences between compelled fingerprints for identification purposes and compelled fingerprints to unlock digital devices that contain intimate details. In comparing physical fingerprints with biometric fingerprints, the court was concerned that the touch of a fingerprint on a digital device equates to an individual “testifying” that they accessed the device before and have some level of control and connection to the device.

By contrast, the Minnesota Supreme Court in State v. Diamond and the court in In the Matter of the Search of [Redacted] Washington, District of Columbia, found no Fifth Amendment violation for compelled biometrics to unlock digital devices, reasoning that biometrics are non-testimonial. In Diamond, the court held that the defendant’s fingerprints were non-testimonial physical evidence under the Fifth Amendment because (1) the police’s gathering of the fingerprint was akin to collecting a voice or blood sample and (2) the defendant’s provision of the fingerprint did not reveal any contents of his mind. And while the court in In the Matter of the Search of [Redacted] Washington, District of Columbia, admitted the line between testimonial and non-testimonial communications under the Fifth Amendment is not “crystal clear,” it found compelled biometric features akin to the surrender of a safe’s key rather than its combination. It reasoned that compelling password combinations run afoul of the Fifth Amendment because it requires an individual to divulge mental impressions, whereas compelled biometrics to unlock digital devices is only a physical act. 

As courts continue to grapple with government requests to compel individuals to unlock digital devices using biometric features, as it relates to Fourth Amendment issues, it will be important to monitor how carefully the government links the suspects and their digital devices to the evidence it presents. With respect to the Fifth Amendment issue, guidance from higher courts will be necessary to resolve whether the compelled unlocking of a device is testimonial in nature. 

About The Authors

Bart's practice focuses on representing clients on many areas related to online content and services, including criminal and internal investigations, internet privacy and security litigation, theft of trade secrets, compliance obligations relating to the use and disclosure of customer and subscriber information, and gaming law. Before ZwillGen, Bart was an AUSA in Chicago, prosecuting federal crimes including white collar fraud, securities and other regulatory violations, and computer and internet related crimes. Bart tried 18 jury trials and briefed and argued numerous appeals before the Seventh Circuit.

Prior to joining ZwillGen, Devron worked at Facebook, where he worked with the public policy team on issues related to election integrity, data privacy education, and augmented and virtual reality. Prior, Devron summered at PwC in its Technology, Media, and Telecommunications group (TMT), where he focused IRS reporting requirements for casino jackpots and researched and wrote thought-leadership pieces on autonomous vehicles, rural broadband, and Puerto Rican privacy laws.

Leave a Reply

Your email address will not be published. Required fields are marked *