In Wake of Passcode Ruling, Fifth Amendment Jurisprudence May Need an Update in The Legal Intelligencer

December 5, 2019

By: Gaetan J. Alfano , Alexander M. Owens

On Nov. 20, in Commonwealth v. Davis, — A 3d. —, 56 MAP 2018, (Pa. 2019), the Pennsylvania Supreme Court held that compelling an individual to provide their password to an encrypted electronic device violates the Fifth Amendment. In this case of first impression, the government had moved to compel a defendant accused of distributing child pornography to provide the password to his encrypted computer, a device which itself had been lawfully seized. While the government’s request was through a pretrial motion, Davis’ holding is not limited to that context and will apply equally to grand jury practice.

In Davis, the court found that the act of producing the password was “testimonial” in nature and thus the government’s request violates the defendant’s Fifth Amendment right against self-incrimination. The court reviewed decades of U.S. Supreme Court precedent on the Fifth Amendment and distilled the caselaw to a few key points:

First, the Supreme Court has made, and continues to make, a distinction between physical production and testimonial production. As made clear by the U.S. Supreme Court, where the government compels a physical act, such production is not testimonial, and the privilege is not recognized. Second, an act of production, however, may be testimonial when the act expresses some explicit or implicit statement of fact that certain materials exist, are in the defendant’s custody or control, or are authentic. The crux of whether an act of production is testimonial is whether the government compels the defendant to use the “contents of his own mind” in explicitly or implicitly communicating a fact. Third, and broadly speaking, the high court has recognized that the vast majority of compelled oral statements of facts will be considered testimonial, as they convey information or assert facts.

Applying those principles, the Pennsylvania Supreme Court held that Davis’ provision of his password would be “testimonial” in nature:

“Distilled to its essence, the revealing of a computer password is a verbal communication, not merely a physical act that would be nontestimonial in nature. There is no physical manifestation of a password, unlike a handwriting sample, blood draw or a voice exemplar. As a passcode is necessarily memorized, one cannot reveal a passcode without revealing the contents of one’s mind. Indeed, a password to a computer is, by its nature, intentionally personalized and so unique as to accomplish its intended purpose—keeping information contained therein confidential and insulated from discovery. Here, under U.S. Supreme Court precedent, we find that the commonwealth is seeking the electronic equivalent to a combination to a wall safe—the passcode to unlock an appellant’s computer. The commonwealth is seeking the password, not as an end, but as a pathway to the files being withheld. As such, the compelled production of the computer’s password demands the recall of the contents of the appellant’s mind, and the act of production carries with it the implied factual assertions that will be used to incriminate him. Thus, we hold that compelling appellant to reveal a password to a computer is testimonial in nature.”

While the holding in Davis will have substantial implications going forward, Davis leaves open a major question that was not before the court: whether the compelled production of biometric data (e.g., one’s fingerprints or face) to unlock a device violates the Fifth Amendment. While encrypted devices previously were only unlockable via alphanumeric passwords, increasingly phones and other consumer devices are unlocked (typically for the sake of convenience) via a facial or fingerprint scan. Courts outside the commonwealth have squarely diverged on the issue. The majority of courts have held that disclosing such biometric data is not testimonial in nature and thus does not implicate the Fifth Amendment, see Matter of White Google Pixel 3 XL Cellphone in a Black Incipio Case, 1:19-MJ-10441-DCN, (D. Idaho July 26, 2019). A growing number of courts, however, have come to contrary conclusions, e.g., Matter of Residence in Oakland, California, 354 F. Supp. 3d 1010, 1016 (N.D. Cal. 2019).

There is, after all, some logic to the principle that the application of an important constitutional protection should not depend simply on the fact that one chooses to lock their device with a fingerprint scan instead of an alphanumeric password. Yet, the Fifth Amendment may turn on such a seemingly arbitrary distinction: in Doe v. United States, 487 U.S. 201 (1988), the U.S. Supreme Court suggested that the government could force one to provide the key to a safe but not its combination. Courts also have suggested in the Fourth Amendment context that such biometric data may lack constitutional protection as well, see, e.g., In re Grand Jury Proceedings (Mills), 686 F.2d 135, 139 (3d Cir. 1982) (request for facial and scalp samples was akin to a request for voice samples, handwriting samples or fingerprints and thus was not a search or seizure for Fourth Amendment purposes). If a fingerprint or facial scan is simply a “key” to the phone or other device, then prosecutors will argue that the Fifth Amendment provides defendants no protection. Relatedly, the disclosure of biometric data may not fit into the conventional “testimonial” framework set out in U.S. Supreme Court jurisprudence. Prosecutors also may argue that providing a fingerprint or facial scan is not akin to disclosing “the contents of one’s own mind,” which has typically been provided constitutional protection, and, at least as to facial scans, an individual would arguably not have to perform any affirmative act at all (an investigator could simply take an iPhone, for example, and put it up to the defendant’s face to unlock it). See Doe, 487 U.S. at 211 (“It is the extortion of information from the accused, the attempt to force him to disclose the contents of his own mind that implicates the self–incrimination clause.”).

These legal principles were formed during a technologically simpler time. Thus, the old tenets of Fifth Amendment jurisprudence may need to realign with the realities of an increasingly digital world. Given the widespread use of encrypted devices and the growing use of biometric data to unlock those devices, there will be no shortage of cases for courts to wrangle with these issues.

 

Gaetan Alfano is a partner with Pietragallo Gordon Alfano Bosick & Raspanti. He is a member of the executive committee and the employment and labor practice group. He represents clients in commercial and employment disputes, insurance insolvency, and receivership matters, as well as complex white-collar criminal defense cases.

Alexander Owens is an associate in the Philadelphia office of the firm and a member of the qui tam/False Claims Act and commercial litigation practice groups.

 

Reprinted with permission from the December 4, 2019 edition of the Legal Intelligencer© 2019 ALM Media Properties, LLC. All rights reserved.

News & Events

Related News

20 Pietragallo Lawyers Named in 2022 The Best Lawyers in America and Ones to Watch
August 19, 2021
Pietragallo Gordon Alfano Bosick & Raspanti, LLP is pleased to announce that 20 lawyers have been named as 2022 The Best Lawyers in America and 2022 Ones to Watch, including two lawyers who were recognized for Bet-the-Company Litigation. Read More
Alliance Family of Companies and Ancor Capital Partners Pay $15.3M to Settle False Claims Suits
July 22, 2021
The Department of Justice and the United States Attorney’s Office for the Southern District of Texas, has announced the settlement of six qui tam cases filed in Houston, Dallas, and Philadelphia.  Read More

Upcoming Events

Bitcoin, Cryptocurrency, and Civil Litigation CLE (Webinar)
November 3, 2021
As Bitcoin and other cryptocurrencies gain further acceptance in the portfolios held by persons, corporations, trusts, and estates, fiduciaries and civil litigants must be aware of how courts will handle claims when the ownership or stewardship of these assets becomes disputed.
Read More
Privacy, Data and Cyber Security: The Current Legal Landscape CLE (Webinar)
November 11, 2021
Companies and consumers alike are under perpetual assault from bad actors as IoT, work from home, and cloud migration – all intended to improve productivity – have expanded the cyber attack surface.
Read More
View More News & Events