Biometric Data – What Can The Police Make You do to Unlock Your Devices?
The Legal Quandary of Using Biometric Data During a Lawful Search
In 2018, a groundbreaking event happened in Columbus, Ohio. This landmark happening was so simple, ordinarily such a common event that millions do it dozens of times a day. In August of 2018, Grant Michalski used Face ID to open his iPhone.
What made this ordinary event so substantial was that the person holding the phone was not Grant Michalski. Special agent David Knight from the Federal Bureau of Investigations (FBI) was investigating the 28-year-old Michalski for receiving and possessing child pornography. The special agent presented a search warrant and instructed Michalski to put his face in front of his iPhone X.
The Apple Face ID facial recognition technology scanned the topography of the suspect’s face. The agent swiped through Michalski’s phone, digging into his photos, online chats, messages, emails, and any other digital items of interest.
This was a first—law enforcement using the biometric data of someone’s face to gain access to a suspect’s device to gather incriminating evidence. Michalski was charged later that month.
This is a significant blink in the ongoing staring contest between tech providers as they try to maintain security integrity, and law enforcement who continuously try to break or bypass the ever-evolving security protections.
A Brief History of the Battle of Biometric Data
This battle began back in 2016 when Apple refused access to an iPhone that belonged to one of the San Bernardino shooters. The FBI argued that they needed the digital information to potentially protect public safety and national security. Apple argued that opening the phone at the government’s request sets a dangerous precedent when they are tasked to keep their customers’ information secure.
Of course, in the San Bernardino shooter case, the owner of the iPhone had been killed in a shootout with police, and eventually, the FBI cracked the security and gained access to the deceased shooter’s phone.
Since then, various law enforcement agencies have tried to break smartphone encryption and unlock biometric protections to open user information for an investigation. Since the 2016 incident, law enforcement has used the fingerprints of both alive and dead suspects to unlock Apple’s biometric Touch ID login.
In 2018, GrayKey and other code-cracking tools were introduced to get through passcodes for the newer iOS models like the iPhone X. The use of Face ID is within the purview of a lawful search, but the tactic does open questions of constitutionality.
A representative of the Legal Aid Society explains that using someone’s face as an evidentiary item or to obtain evidence is not a new legal strategy. What is new is the level to which it is used. For so many people, the use of biometrical data as a key for securing such a large amount of confidential information is historically unparalleled.
Biometric Data and the Fifth Amendment
While discussing whether protecting biometric data like facial recognition and fingerprint logins is covered in the Bill of Rights of the Constitution, it is important to first define, not only the Fifth Amendment but also the Fourth. That is the one that requires the government to have probable cause and a warrant before they can arrest someone or search someone’s house and property. A search warrant can include computers, phones, tablets, and hard drives.
But once an arrest or search warrant is issued, the Fifth Amendment comes into play as agents of the government try to coerce a suspect into decrypting or opening these seized devices so they can be investigated. Here is where the conversation gets sticky.
The Fifth Amendment states that people in the United States cannot be forced to become a witness against themselves. Even more specifically, the amendment is meant to protect against self-incrimination and prevent someone from giving testimony that may divulge information or reveal the contents of a person’s mind as testimonial.
But there are incriminating acts that are not protected by the Fifth Amendment. When making distinctions concerning the differences between these two acts can be described as:
- Testimonial Acts – These are protected by the Fifth Amendment
- Nontestimonial Acts – These are not protected under the Fifth Amendment because by committing these acts, no personal knowledge is transmitted
Some nontestimonial acts that may incriminate a person but do not reveal the contents of a person’s mind may include:
- Photographic evidence
- Being a member of a lineup for identification
- Providing samples of blood, DNA, or urine
- Supplying handwriting sample
Where Cellphones Fit into the Constitution
The Fifth Amendment is usually seen during a court or a hearing when someone is asked a question, and they refuse to answer by saying something like, “I plead the fifth.”
Even though it may look different, being asked to decrypt a phone by a government agency can be a form of self-incrimination. The right to refuse this sort of testimony is covered by the Fifth Amendment?
When it comes to cell phones, the difference between testimonial and nontestimonial acts matter. There are a myriad of methods to lock a phone. The simple decision of a phone’s locking method can determine whether the act of being made to unlock it against a person’s will is protected by the Fifth Amendment.
An agent of the law cannot compel someone to use a testimonial act to unlock their phone if it reveals information that was not previously known by the agent. A phone can be forcibly unlocked by a nontestimonial act if no knowledge is transferred in the act of unlocking it.
This allows a person the right to refuse a request to unlock their phone if it is secured by a pattern/swipe lock or an alphanumeric password/passcode. Inputting a password or knowing the swipe pattern to unlock a phone demonstrates to law enforcement that a person has knowledge of the code or password. This is a testimonial act and can be seen as incriminating
When it is boiled down, a retina and a fingerprint are obviously not the contents of a person’s mind, so they are both examples of nontestimonial acts. Courts in various states have seen it the same way, and currently, law enforcement can require people to unlock their phones using fingerprint identification or facial recognition.