Revisiting the Fourth Amendment and passwords

After posting the previous article, I decided to dig around a little more to see where the idea originated that passwords are protected by the Fifth Amendment as opposed to the Fourth. And in that, I discovered a rather key case out of the United States Circuit Court for the 11th Circuit called US v. Doe.

And at a cursory glance, it would appear that the Court is saying that a person has a Fifth Amendment protection from being compelled to produce a password. But that isn’t what the Court is saying.

First, let’s establish the facts of the matter. In 2010 the person represented by the alias John Doe was determined by investigators to be a key figure regarding the trafficking of child pornography. As part of their investigation, they seized computers and storage media in excess of 5TB (impressive for 2010). Everything was forensically imaged.

Unfortunately, much of the media was encrypted with TrueCrypt, and the examiners weren’t able to recover anything as a result.

So they tried to get the United States District Court to compel Doe to either turn over the password(s) or produce the unencrypted contents of the drive. This is where the Fifth Amendment claim was initially raised.

In response to the initial claim, the Court granted limited immunity to the production of the media contents, but did not extend that immunity to any derivative uses by investigators. And since any derivative uses could lead to charges, Doe again raised the Fifth Amendment. And he was held in contempt of Court.

But before you think that the Fifth Amendment absolutely controls here, a few key details come into play, specifically from the testimony of one of the forensic investigators, Timothy McCrohan:

Doe: So if a forensic examiner were to look at an external hard drive and just see encryption, does the possibility exist that there actually is nothing on there other than encryption? In other words, if the volume was mounted, all you would see is blank. Does that possibility exist?

McCrohan: Well, you would see random characters, but you wouldn’t know necessarily whether it was blank

Doe pressed the investigator to explain why they believed something specific was hidden on the drive.

McCrohan: The scope of my examination didn’t go that far.

Doe: What makes you think that there are still portions that have data[?]

McCrohan: We couldn’t get into them, so we can’t make that call.

What exactly was John Doe (likely his attorney, actually) doing with these questions? Trying to establish probable cause. And there’s a major reason he’s trying to do that which I’ll explain later.

But is producing evidence “testimony”? Well that depends.

The 11th Circuit references two cases at the Supreme Court to answer this question: Fisher v. United States, 425 US 391 (1976), and United States v. Hubbell, 530 US 27 (2000). Both cases refer to the production of evidence on the part of the accused in tax liability cases. Borrowing the 11th Circuit’s interpretation of Fisher:

[The Supreme Court of the United States] then held that the taxpayers’ act of production itself could qualify as testimonial if conceding the existence, possession and control, and authenticity of the documents tended to incriminate them.

Obviously this means that accused persons cannot be compelled to turn over evidence to investigators, right? Not so fast. There’s a limiting doctrine to this idea called the “foregone conclusion” doctrine. Again, borrowing the 11th Circuit’s summary:

The Court reasoned that, in essence, the taxpayer’s production of the subpoenaed documents would not be testimonial because the Government knew of the existence of the documents, knew that the taxpayer possessed the documents, and could show their authenticity not through the use of the taxpayer’s mind, but rather through testimony from others. Where the location, existence, and authenticity of the purported evidence is known with reasonable particularity, the contents of the individual’s mind are not used against him, and therefore no Fifth Amendment protection is available.

For the production of evidence to be privileged under the Fifth Amendment, the investigators could not have yet established probable cause. The Constitution states with the Fourth and Fifth Amendments that you cannot be compelled to help the government build a case against you.

But it should be obvious why Doe’s attorney, in questioning McCrohan, was attempting to determine what specifically the investigators were attempting to find. That specificity is necessary to establish probable cause. Quoting the Fourth Amendment, emphasis mine:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Probable cause means, in short, that investigators need to have some evidence giving them cause to believe you’re up to something illegal. For a search, they need to know in advance of the search what they hope to find. If you revisit McCrohan’s testimony above, you’ll see that they can’t even establish that there is anything on the drive at all. Again, the 11th Circuit, this time referencing Hubbell:

Asserting that the Government could not convict him without the immunized documents, Hubbell moved the district court to dismiss the indictment. The court held a hearing, found that the Government could not show that it had knowledge of the contents of the documents from a source independent of the documents themselves, and dismissed the indictment.

And quoting the Supreme Court of the United States directly, at 530 US 44-45:

While in Fisher the Government already knew that the documents were in the attorneys’ possession and could independently confirm their existence and authenticity through the accountants who created them, here the Government has not shown that it had any prior knowledge of either the existence or the whereabouts of the 13,120 pages of documents ultimately produced by respondent. The Government cannot cure this deficiency through the overbroad argument that a businessman such as respondent will always possess general business and tax records that fall within the broad categories described in this subpoena.

Again, the investigators must be able to establish through some other evidence specifically what they expect to find where they intend to search. Again, in the above testimony by the forensic investigator, they could not establish that any files exist on the media in question.

Absent probable cause and a warrant and affidavit testifying to that probable cause, the production of evidence is a violation of the Fifth Amendment protection against self-incrimination, as well as the Fourth Amendment protection against searches and seizures. Absent probable cause, police cannot search your car, home, or digital devices, nor can they compel you to hand over whatever they want. If they had probable cause, they’d be able to get a warrant.

Again, the 11th Circuit:

[U]nder 24 the “foregone conclusion” doctrine, an act of production is not testimonial—even if the act conveys a fact regarding the existence or location, possession, or authenticity of the subpoenaed materials—if the Government can show with “reasonable particularity” that, at the time it sought to compel the act of production, it already knew of the materials, thereby making any testimonial aspect a “foregone conclusion.”

And later:

The Government has not shown, however, that the drives actually contain any files, nor has it shown which of the estimated twenty million files the drives are capable of holding may prove useful.

And later statements by the 11th Circuit show what is already known to apply with the Fourth Amendment: before the government can obtain a warrant to search a home, car, or digital device, they must be able to specify to a reasonable level of clarity what they expect to find.

Case law from the Supreme Court does not demand that the Government identify exactly the documents it seeks, but it does require some specificity in its requests—categorical requests for documents the Government anticipates are likely to exist simply will not suffice.

And that is probable cause.

So what does this mean for a password or PIN lock on your phone? A few key things.

First, the government cannot search your phone without your explicit permission. To repeat what I said in my previous article, never give this voluntarily. Absent that permission, police must establish probable cause to search your phone. Once they have probable cause to believe there is evidence of a specific crime on your phone, they must also specify what specifically they intend to find by searching your phone. They can’t just go on a fishing expedition.

Unless you voluntarily let them. So don’t.

Note that I haven’t mentioned the password or PIN lock. Because in the end it’s largely immaterial. It’s merely a hindrance that ensures the police can demonstrate probable cause to search the phone, and demonstrate through some other evidence or testimony what they expect to find.

In the case of a man recently sentenced to 180 days for contempt for refusing to give up his iPhone password, the police were specific in what they expect to find: pictures documenting the injuries to a child the person was accused of abusing. So long as police can show some independent evidence supporting their assertion the pictures exist, such as testimony from another person, then they have probable cause and the Court can rightly compel the production of those pictures.

But the Fourth Amendment still controls here since we are still talking about a search. And all the quotes above from the 11th Circuit seem to dance around that quite a bit.