The Ongoing Legal Battle: Biometrics, 5th Amendment, and Phone Decryption

Jonathan Hofer
The Berkeley Table
Published in
4 min readJan 6, 2024
Photo by BRUNO CERVERA on Unsplash

Does the Fifth Amendment’s protection against self-incrimination mean that police cannot unlock your smartphone? It might be concerning to know that the answer to that question is in a legal gray area. However, with a recent ruling in the Utah Supreme Court, it is an issue that is presumably one step closer to finding its way to the U.S. Supreme Court.

Back in 2019, I wrote about a discrepancy between how courts handle whether or not police can compel an individual to unlock their smartphone, either after the individual was arrested or after police applied for a search warrant to see the contents of the phone. With modern smartphones, screen locks like passcodes or biometric locks, such as fingerprint or facial recognition, encrypt the data on the phone. This encryption means that the data from the phone’s hard drive is largely inaccessible without the screen being unlocked, making this issue all the more potent.

In an era where biometrics is increasingly integrated into everyday technology, the legal battles surrounding its implications for privacy and constitutional rights remain critical to monitor. While password-protected phones seem to enjoy 5th Amendment protection, the legal landscape appears less favorable for those who use biometrics.

There is well-established case law that the Fifth Amendment means that the government cannot compel criminal suspects or defendants to disclose the “contents of their mind.” For example, in Doe v. United States (1988), the U.S. Supreme Court emphasized that the government cannot force a suspect to reveal their combination to a bank safe because that would be compelling self-incriminating testimony. Logically, this precedent would seem to cover passcodes for smartphones as well.

However, a nuanced aspect arises when considering whether protecting against compelled testimony also encompasses biometric locks.

There are broadly two camps in this debate. In 2019, the United States District Court of Northern California held that unlocking a phone using biometrics fundamentally differs from obtaining a fingerprint while investigating a crime and, importantly, violates the 5th Amendment. The court made the point that a biometric lock is effectively a substitute for a password and, therefore, should have the same protection. In contrast, during the same year, the United States District Court for Idaho held that police should have leeway when searching a phone because “physical characteristics” are not a form of testimony. While the Idaho court concluded that an individual could not be forced to give up a passcode, unlocking a phone with a thumbprint is not compelling the contents of one’s mind and is, therefore, permissible.

Will the U.S. Supreme Court clarify? When considering which cases to review, the U.S. Supreme Court typically hears cases that split the appeals courts or state supreme courts. Over the last few years, chiefly low courts have heard arguments on this issue. However, a recent ruling from the Utah Supreme Court in State v. Valdez (2023) has once again brought up this topic from a higher court.

In Valdez, the government had a warrant to search the defendant’s phone for evidence of suspected kidnapping. Valdez’s phone was locked with a pattern lock, and he refused to give the police the code. After the police were unable to access Valdez’s phone, the prosecution wanted to put on testimony that Valdez refused to hand over the code during the pre-trial. In the context of the question of whether or not the government can bring up Valdez’s refusal at pre-trial, the Utah Supreme Court held that Valdez’s conviction cannot stand and that “Providing a passcode is testimonial because it is a communication that discloses information from the person’s mind.”

With the results of Valdez, there is now a 2–1 split among state supreme courts when it comes to compelled passcodes. As Orin Kerr writes,

Valdez joins the Pennsylvania Supreme Court’s ruling in Commonwealth v. Davis in upholding the privilege in that setting. On the other hand, the New Jersey Supreme Court disagreed with that view in State v. Andrews, ruling that the foregone conclusion doctrine applies and the defendant can be forced to disclose the password if the government can show he knows it.

Will this prompt the intervention of the U.S. Supreme Court? It is hard to say, but this topic is a plausible candidate for review. While State v. Valdez specifically focuses on passcodes, rather than explicitly taking up the issue of biometrics, its determination that providing a passcode is testimonial brings the discussion of biometrics and compelled disclosure close enough to the forefront that the Supreme Court might contemplate addressing these intertwined concerns collectively. What is certain is that a definitive ruling will shape the future landscape of digital privacy.

--

--

Jonathan Hofer
The Berkeley Table

Public Policy Research Associate| Ad hoc consultant| Former Comparative Political Economy Researcher| Oakland, CA. B.A Political Science, UC Berkeley