In this GD thread, I asked whether the FBI and various other American police agencies were justified in predicting gloom and doom as a result of stronger encryption becoming standard on the next generation of smartphones.
A number of discussants were of the opinion that the FBI et al had nothing to fear since, if they ever had a genuine need to inspect the information on a suspect’s smartphone, all they needed to do was get a proper (and properly justified) search warrant for it. This rationale was (IMO) the key one that supported having standard and powerful encryption on all future smartphones (and that we shouldn’t worry about law enforcement losing such a ‘powerful tool’ in the pursuit of criminals).
On the other hand, a number of participants seemed to be of the opinion that even if a suspect’s smartphone was subject to a search warrant, that it was another matter obtaining its password. Various examples were brought up in this regard including the suspect’s refusal to divulge the password on the basis of the Vth amendment, the suspect claiming the phone wasn’t his, or that he forgot the password, etc.
I asked in the thread for clarification of this point but it seems to have gotten lost in the [del]Smapti shuffle[/del] lively discourse that’s taking place. So, I ask again:
Does a warrant for someone’s smartphone compel the person to also divulge its password? If the answer is still evolving from a legal perspective, are there any relevant precedents or anything else that might indicate how a suspect’s refusal would be resolved?
Wikipedia provides a brief summary of how the 5th amendment has been interpreted regarding passwords. Tl;dr is that it’s probably unconstitutional but it hasn’t been tested in the Supreme Court yet.
Also unclear is whether biometric measures like fingerprint scanners are equivalent from a 5th amendment perspective or a separate category.
They need a warrant. An argument is that the arrestee can delete or corrupt the data while the warrant is being filed. The court addresses some of these, from my skim.
The warrant can specify that the owner must turn over a combination or password. Usually it won’t, and the law enforcement agency will have to get a court order after seizing it.
Traditionally, the 5th amendment has made a distinction between “things you know” and “things you own” so the court can compel them to produce a key but not the combination to a safe. This is playing out in the modern context with passwords vs fingerprints.
I thought the reasoning for this is because once they have the safe they have the contents already, in that even baring the handing over of the key/combo, the safe would just be broken into and the contents then available. It’s a done deal with the obtaining of the safe.
The difference with encryption is that without the password just possessing the phone does not mean you automatically also have the contents of the phone available to you.
Assuming that television and movies are reliable (doubtful, I admit), a safe can be designed so as to destroy information it contains in the event that its broken into. That seems like a fair analogy to a phone containing encrypted data - both contain information that the owner can be ordered to reveal, but which there is no way to obtain without their cooperation.
IMHO, a warrant for your smart phone can’t compel you to hand over the password because that’s like the combination for a safe, which you are not required to hand over. But others argue that a password is more like a key, which you CAN be compelled to hand over. The issue has not yet been settled by the supreme court.
The new TouchID means that all the cops need to do is take your fingerprints and make a fake finger pad to trigger the sensor. This is a straightforward process. Some private company will probably offer a service where they’ll produce a set of fake finger pads from a set of prints and Fedex them to any police department in the U.S. for a mere $1000 or so.
Come to think of it, that’s an excellent business idea…
Faking a fingerprint is pretty involved but it’s also only going to work in tightly circumscribed situations since if a phone has been rebooted or if it hasn’t had a fingerprint in 48 hours, you require a passcode to unlock it as well.
That’s just barely doable. The cops arrest a suspect, and have just 48 hours to get the fake fingers made and applied to the phone. Fedex next day delivery and a service that can print up the fake fingers within just a few hours would be needed.
