In the past couple of years courts all over the country have been forced to confront the friction between evolving technology and civil rights, particularly privacy rights as they relate to mobile devices, tablets, and laptops. We’ve in fact covered a number of such cases in recent months. But as the courts struggle to interpret (with many conflicting outcomes) constitutional bearings on data storage and communication technology, a new question emerges: does the Fifth Amendment protect individuals from having to surrender device encryption passwords to police?
A Law.com article shares the following on this very question:
The Occupy Wall Street protestors have directly confronted this issue. The Electronic Frontier Foundation published a “Cell Phone Guide for Occupy Wall Street Protesters (and Everyone Else).” In this guide, the EFF recommended that people password protect their phones and encrypt the data. But the guide does not provide a definitive answer about what to do if the police demand the password or encryption key. Instead, the guide merely says, “If the police ask for the password to your electronic device, you can politely refuse to provide it and ask to speak to your lawyer.”
Any answer begins with the right to remain silent under the Fifth Amendment. The Fifth Amendment privilege against self-incrimination protects a person from being compelled to provide a testimonial communication that is incriminating in nature. See Schmerber v. California, 384 U.S. 757, 761 (1966).
The article cites a recent case in Colorado where police couldn’t access an arrestee’s laptop files because the data was encrypted. While the seizure of the laptop itself occurred per a warrant, authorities sought an order compelling the defendant to provide the encryption password so as to be able to access the data on the laptop. The case remains undecided, however other courts have concluded that defendants are protected under the Fifth Amendment from providing such encryption passwords because doing so would be an admission that they had possession of, control over, and access to the data. See United States v. Hubbell, 530 U.S. 27 (2000). As such, the very act of producing an access key is testimonial in nature, and therefore self-incriminating.
There is then the “foregone conclusion” doctrine which allows for an exception to Fifth Amendment protection. The doctrine states that providing information is not subject to the Fifth Amendment privilege against self-incrimination when the existence and location of information are known to the government, and the act of providing the information adds little or nothing to the government’s case. See Fisher v. United States, 425 U.S. 391 (1976).
As technology advances, the Fifth Amendment implications become even more complex. Law.com offers an example:
[T]he foregone conclusion doctrine will permit the government, in many circumstances, to compel a person to provide the password or encryption key to files stored on cell phones, laptops, and personal computers. However, the increasing use of cloud computing services to store documents and images is a further complication. Users of cloud services are less likely to actually save images and documents on hand-held or personal devices but, instead, will use hand-held devices to access and share images and documents saved on remote computers.
In those situations, the possession of an encryption key or password may become important in order for the government to show ownership or access to records, websites, or communications. As a result, suspects and defendants may be successful in arguing that the foregone conclusion doctrine does not make the privilege against self-incrimination inapplicable.
These issues are clearly profound, and particularly so as state and federal courts in recent months have heard and ruled on numerous cases involving the appropriate reach of police powers as they pertain to citizens’ use and/or possession of mobile and personal electronic devices.