I have previously posted on the topic of biometrics and the 5th Amendment (especially in the context of mobile technology). A reprint of my initial article can be found in the November 2016 issue of the Texas Bar Journal. Now, it seems the debate on this issue may heat-up – in a May 26, 2016 court filing in California, federal prosecutors sought a warrant to search a premises located in Lancaster, California. Although the warrant application has not been made public, the memorandum in support of this warrant application is quite revealing – for mobile devices found as a result of the search that have passcodes but can be unlocked by the use of a fingerprint, the government specifically seeks “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” (emphasis added). On page 4 of its memorandum, the government admits that “it does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search” but it stresses that probable cause exists that the devices are at the specific location and that it’s need to search those devices justifies authorization to seize the “passwords, encryption keys, and other access devices that may be necessary to access the device”. In the case of an iPhone, a user’s security passcode will be required as an additional validation step for authentication if 48 hours have passed since use of their fingerprint(s) to unlock the device. In fact, the memorandum even attached a news article describing a warrant issued in February 2016 by Central District Magistrate Judge Alicia G. Rosenberg that authorized law enforcement to compel the Glendale woman (she apparently was the girlfriend of an Armenian gang member who may have been under investigation) to depress her fingerprint on her iPhone to unlock it – this decision itself relying on a 2014 ruling by a Virginia Circuit Court Judge that held a passcode could not be compelled the smartphone user, but the fingerprint could.
What is troubling about this memorandum is not that the access is sought per se, but that the scope of the request includes anyone present, as well as “passwords, encryption keys, and other access devices that may be necessary to access the device”. As far as I have been able to uncover, this is the first instance where the government has sought to compel everyone present at the scene of a search to provide their fingerprints to unlock mobile devices seized during the search. In the wake of the Apple/FBI standoff regarding unlocking the iPhone of one of the San Bernardino shooters (something I wrote about here and was fortunate enough to have reprinted in the July 2016 issue of the Texas Bar Journal), it is no surprise that the U.S. government is relying more heavily on fingerprints to unlock mobile devices to circumvent the 5th Amendment restrictions applicable to passcodes for such devices. Under current law, compelling a fingerprint does not equate to compelling testimony under the 5th Amendment…but how far is too far? Given the current 48 hour limitation on TouchID on iPhones, will Apple take offense to the governments position and revise its TouchID framework?
Needless to say, this latest development underscores the the legal issues surrounding biometrics and mobile devices. Whether the scope of the warrant as described above (and current jurisprudence on the 5th Amendment and biometric identifiers) will stand is anyone’s guess… but at least we know you won’t need to give a retinal scan to see the results.