There is a fascinating constitutional showdown brewing in the U.S. that will have significant implications for how our law enforcement agencies are able to conduct digital investigations. The fundamental question at issue is whether the Fifth Amendment protection against self-incrimination can be lawfully asserted by a criminal defendant as a justification for refusing to provide a law enforcement professional with the password needed to access a personal technology device.
The most common example of how this issue manifests itself is when a police officer wants to search a cell phone or a notebook device as part of a criminal investigation, such as a child pornography investigation. The officer presents a search warrant to a judge to search the content of the device for the contraband, or evidence of an offense. The judge issues the warrant, commanding the officer to search the device, but the device cannot be opened without the person providing the password. The defendant refuses to provide the password so the content of the device can be searched, so the officer can’t execute the lawful search warrant issued by the judge. Can the defendant “beat the search warrant” by refusing to provide the password to open the device and perform the search?
To this point, there has been a difference of opinion in various state courts regarding whether the Fifth Amendment can be cited by a defendant who refuses to divulge the password. For example, a Pennsylvania court has ruled that it’s acceptable for defendants to refuse to provide the password to a device because the password is personal in nature — and producing it would require the individuals to speak or testify against themselves.
However, a Florida court held that simply divulging a passcode does not betray any knowledge a defendant may have about the circumstances surrounding his alleged offenses—so compelling a suspect to produce a passcode does not offend the Fifth Amendment privilege.
As we all know, any time we have a controversial social issue that is interpreted differently by state courts, it’s likely that the Supreme Court of the United States will eventually be called upon to resolve that conflict. I suspect this question of whether the Fifth Amendment applies to digital investigations by law enforcement professionals will be adjudicated sooner rather than later.
As of the writing of this article, the only Supreme Court case that may suggest how the Court rules on passwords to enter digital devices is U.S. v. Patane, 542 U.S. 630 (2004). In this case, the defendant was under arrest but had not been fully “Mirandized” when he was asked if he had a pistol in his house. He pointed to a drawer and the officer found the pistol in the drawer. Patane was convicted of being a felon in possession of a firearm. The defendant tried to suppress the gun, saying that it was found in violation of the 5th Amendment, because he was not fully Mirandized.
The Supreme Court held in this case that admission of non-testimonial physical fruits (the pistol here) does not run the risk of admitting into trial an accused’s coerced incriminating statements against himself. In light of reliable physical evidence’s important probative value, it is doubtful that exclusion can be justified by a deterrence rationale sensitive to both law enforcement interests and a suspect’s rights during an in-custody interrogation. Again, this is not directly on-point with the issue that we are facing with digital devices — but I believe that the 5th Amendment will not prevent the execution of a valid search warrant for contraband or evidence that is inside of a digital device, simply because the defendant refuses to provide the password to open the device so the warrant can be executed.
In the meantime, it’s a good idea for law enforcement agencies to reassess their practices for conducting digital investigations and think about how they approach digital searches. Here are a few key questions to address:
1. What is the rule for searching a cell phone?
Like it or not, the United States Supreme Court made a fairly “bright line” rule regarding the search of cell phones. In Riley v. California, together with U. S. v. Wurie, the Court held that the police generally cannot, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.
There is a limited exception to this rule based on exigent circumstances, but the Court ruling is clear: you’re going to need a warrant to search that phone.
2. Can we use data found in a cell phone as probable cause to get another search warrant?
If you are able to lawfully search a cell phone, you may want to try to develop probable cause to search a location based on what was found within that phone (e.g., a “trophy photo” of the suspect standing next to what appears to be the cocaine found in his vehicle). If the photo was taken at the suspect’s home, GPS coordinates and other metadata available in the image file may be used to justify a search of the residence for additional physical evidence.
While there may not be probable cause that the drugs in the picture taken in the house are in fact still in the house, it may be evidence — coupled with what the defendant was arrested with when the phone was seized — that provides probable cause that he is a drug dealer. Drug dealers, even when they are out of drugs, typically keep scales, packaging materials, names and contact information of people from whom they buy drugs and to whom they sell drugs, as well as “pay-owe” sheets showing monies owed to the dealer. I have drafted search warrants before, under similar circumstances, for those items. Coupled with the drugs that the defendant was arrested with when his phone was seized, they paint a very clear picture to a jury that he is a drug dealer and not just a one-time offender.
3. How do we deal with password-protected cell phones or devices that require fingerprints to open?
Most cell phones and computers have passwords that are required in order to open and operate the device. A lot of these passwords can be “broken” by experienced computer forensics examiners, but the newest generation of mobile devices have taken the level of security up a notch. The new “blocking devices” — which can now require the individual to press their finger on the screen to open the phone for usage — present such challenges that even the FBI was forced to go to court for assistance from a manufacturer to unlock devices. The best source of a solution to these challenges will be the computer forensics examiner.
I have the great privilege of exploring these and other issues as a keynote speaker at the 2018 AccessData User Summit. This event is regarded as a premier gathering for computer and mobile device forensics professionals — as well as e-discovery and litigation support professionals. In addition to various sessions designed to help attendees learn how they can lead the way for their organization’s success with digital investigations, the agenda also includes various opportunities to learn more about specific software tools that will equip all of us with the best technology available.
The 2018 AccessData User Summit will take place June 19 – 22, 2018, at the beautiful St. Anthony Hotel in San Antonio, Texas. For more information, please visit http://www.adusersummit.com. I hope to see you in San Antonio!
# # #
About the Author
L.E. “Ted” Wilson is a retired Assistant District Attorney from the Harris County District Attorney’s Office, a police instructor and consultant to law enforcement agencies nationwide, and is a nationally recognized expert in writing search warrants. Mr. Wilson is co-author of Warrants Manual for Arrest, Search and Seizure, a treatise focused on drafting affidavits and warrants for all types of arrests and searches, which contains a new section regarding how to obtain digital evidence and access cell phones.