"With respect to the Fifth Amendment, Reffitt's entering his password in to the Subject Device does not violate his privilege against self-incrimination, because his act of production would not be testimonial, since the only potentially testimonial component implicit in his act of producing the unlocked/unencrypted device is a foregone conclusion."
In somewhat more detail, this is permissible because the act of unlocking his laptop does nothing that can be seen as incriminating himself:
* The laptop is already known to exist, and known to be owned by the user.
* What is being sought on the laptop [a video the defendant recorded at the event] is already known and admitted to exist, and it is known that the files in question are (at least were at one point in the past) on the laptop.
* The video in question was prepared prior to the search warrant and investigation, so it's not a Fifth Amendment violation to produce it unless the production itself is potentially incriminating (see https://en.wikipedia.org/wiki/United_States_v._Hubbell). But as mentioned above, the ability to produce the information isn't protected anymore, since there's no question that the individual could produce it.
This feels like it ought to be a violation of the Fifth Amendment, but it seems that it's pretty long-standing precedent that there's really nothing here that would violate the Fifth Amendment. Were this password-protected, or even a locked box in a safe, there would similarly be no Fifth Amendment violation, and the biometric aspect of the request doesn't (nor should it) change the analysis meaningfully.
Transactional immunity, commonly known as total or blanket immunity, protects you from future prosecution for any crimes related to your testimony.
Use immunity prevents the use of your testimony or any evidence derived from that testimony against you. You can still be prosecuted for the underlying crimes if they only use evidence that they got some other way.
For example, suppose your testimony shows you are fencing stolen goods, and that comes as a complete surprise to prosecutors. With transactional immunity you could never be prosecuted for your past fencing.
With use immunity they would essentially have to ignore that they now know you are a fence. But suppose later they catch a thief, and offer the thief a plea bargain if the thief tells them how the thief is getting the goods fenced--and that thief names you. Prosecutors can then come after you for that.
The test for whether something is protected by the 5th has generally been "is it testimony, or is it something that just is?"
Fingerprints, other biometrics, and physical keys are all things that just are. No testimony involved. Not protected. The government can compel you to provide them.
Passcodes and combinations are something you know. They're protected.
I'm certainly open to changing the law to protect biometrics, but I don't see anything in the reporting on this case that indicates it's any different than preceding cases in the last 10 years that dealt with fingerprints.
For nontrivial biometrics (and facial locking may not usually meet this) the act of unlocking is testimonial (as it demonstrates both the specific action and your knowledge thereof) as much as a password is. A command to “unlock this device with <biometric method>” is different than a command to simply provide, say, a fingerprint.
You're not revealing any knowledge about the specific action—they're directing you to do it.
For the face scenario, an order to look directly at the camera is similar. You're not testifying that this laptop is indeed yours, or that you have access. The laptop is going to respond to your stare however it was already configured to do so.
Right, it doesn't, for instance, reveal that as a combination of quirks of the sensor and how I trained it, it only unlocks with my left index finger at a slight angle and a particular rolling motion, and moreover, doesn't reveal that I know that to be the case.
I agree that if the demand was, "place whatever finger will unlock this device—in the orientation required—in this little circle," then that would be compelled witnessing against oneself.
Unless you are in the probably quite unusual situation where all they are trying to get you for is owning the device I don't think the act of unlocking is going to work well as something to hang your 5th hopes upon.
Are you arguing that fingerprint unlock and facial unlock should both be protected? I'm open to that argument, but I'm not seeing how they are any more testimonial than providing a fingerprint (or DNA sample) for matching other evidence?
As the article states, and some quick research would reveal, this is largely dependent upon which state, and which federal jurisdiction, the court is in. A final word has not been given on the matter and each court is allowed to interpret it as it chooses. As such, it has been ruled both for and against.
> No person ... shall be compelled in any criminal case to be a witness against himself
If you could compel someone to testify against themself, that would surely expedite justice. But we've decided that's not actually just.
Unlock this computer vs tell me your password. The password could contain "I did the murder and I buried the body under the bus stop" which is clearly testimony, but unlocking and changing the password to something the government asks you to seems well within range
Seems like a working system for me. Employers still are not allowed to spy, slackers still can get punished, no apocalypse, no slippery slopes.
use a strong passphrase, 15 characters or longer.
What they can do is take away your license for a year if you refuse.
Since you don't have a constitutional right to drive or a driver's license they can do this without running afoul of the state or federal constitution.
A subtle difference but then the law is filled with such subtleties.
You are not wrong though, as far as we know now bio-metrics are not protected. But I think this is just until some ruling comes down from a superior court and sets a precedence one way or another. I'm sad to say I won't be surprised whichever way it turns out though.
Both commit the same exact crime, one can't be forced to disclose a thing, the other can?
You can try to sugarcoat this in any way you like, if this is not defended against, this will come back to bite many regular people, probably even some who support it. Think of divorce cases, the lawyers are very creative, rest assured they will exploit this as much they can.
Don't get me wrong, I don't necessarily disagree with you and I'm not sure I like the fact that the safe's contents are fair game.
But my understanding is that is how it currently works. So I have a hard time seeing a difference between records kept in a safe and records kept on a laptop.
The question then becomes "what is testimony?"
Historically, the courts have ruled that physical things are NOT testimony. So, a court can demand you proceed a physical key to a safe. And now a fingerprint or facial scan.
On the other side, courts have ruled combinations, passcodes, and passwords (things you know) are testimony and are protected by the 5th.
I'm not sure of all courts have ruled the same way on fingerprints and facial scans, but if you consider them closer to a physical key than a secret code, then the current ruling makes sense.
Personally, I'm have mixed feelings about it. I could be swayed either way with a solid argument. So far, I lean slightly towards biometrics are closer to physical keys, but only just barely.
"The Indian Constitution provides immunity to an accused against self-incrimination under Article 20(3) – ‘No person accused of an offence shall be compelled to be a witness against himself’. It is based on the legal maxim “nemo teneteur prodre accussare seipsum”, which means “No man is obliged to be a witness against himself.”"
1. Checking to see if your fingerprint matches the pattern left on the stolen painting.
2. Checking to see if your DNA matches the DNA left under the victim's fingernails.
3. Checking to see if your face matches the face pattern stored on the laptop recovered during a search of your premises.
4. Checking to see if your fingerprint matches the pattern left in the Secure Enclave of the phone that was located near the scene of the crime via phone company records and GPS.
These scenarios are all slightly different. I'm not saying this is or is not a 5th Amendment issue. Would really like to get a legal argument on the important distinction between #1/2 and #3/4.
Yes, clear violation of a legal order, but it's in the same spirit as TrueCrypt's "hidden volume" feature.
The question here is still how the court would actually see this.
As far as I am aware, there is no easy way to make it happen. Maybe my googling skills are poor, but I wasn't able to find anything relevant to this, no matter what kind of queries I was trying. All I've found was just a bunch of complaints about Windows Hello either not working at all or something related.
If they had remorse? Very little.
If they believed the big lies and/or felt a superiority complex? Seems likely to me.
I'll note that with the pretext of the individual being guilty I've already disqualified someone smart enough to not commit nor record evidence of having committed a crime.
Yes, if a system is storing your biometric data remotely, then it can't be changed and it's a username, not a password.
But modern biometrics don't work that way, at all. The biometrics is stored client-side (hopefully securely and considerable effort is made to realize that hope), and it is used to access a private key which signs a challenge.
The biometric can be revoked, the private key can be revoked, all of these things can be changed by the user.
So let's say someone busts my fingerprint out of the TouchID secure enclave. That's not great (nor is it easy!), but they don't have an ability to generate a private key with it which Apple will recognize: that requires my password.
So I can generate a fresh key, confirm it with my password, and now my copy of the biometric works and theirs doesn't.
Edit: "courts or police can compel your fingerprint but not your password" is a completely different argument, and the solution is a way to rapidly lock out biometric authentication so that the password is a hard requirement. It also doesn't apply in a number of jurisdictions.
As a practical matter, actors who are unwilling to reach for the rubber hose can't get a password, while a fingerprint just requires the willingness to manhandle someone without injuring them, and that much is basically universal.
There is nothing secret about your biometrics. Especially not while you are in detention.
That would potentially upend decades of case law - the government can compel somebody to produce a physical key (which now includes fingerprints and other biometrics) but cannot compel production of a passcode/combination.
This article talks about a case in the 11th circuit in 2012 and another in the Pennsylvania Supreme Court, Commonwealth v. Davis. Apparently the only time you can compel someone to give their password (which biometrics serve the same purpose) is if the state already knows what's on there. It's called "foregone conclusion exception."
Yet if the government can show that it already knows of the existence and the suspect’s possession of the documents at issue—i.e., that these matters are a “foregone conclusion” and thus that the factual assertions implicit in the act of production add “little or nothing to the sum total of the Government’s information”—then “no Fifth Amendment right is touched because the ‘question is not of testimony but of surrender.’”
You can be forced to submit to fingerprinting, which could also be incriminating.
Here's some interesting copy on similar cases.
And should your username ever also be your password?
Other people can most likely still unlock your device if they make a perfectly molded silicone mask of your head+face or something else similarly complex, but a photo of your face printed on a piece of paper wouldn't work.