A smartphones is a goldmine of personal data for criminal investigators, from credit card information to compromising photos. But can law enforcement search the contents of a smartphone without a warrant? Can they force someone to give them access to a passcode-protected phone?
It all hinges on Fourth Amendment protections against unreasonable search and seizure and, to a lesser extent, the Fifth Amendment right to avoid self-incrimination.
Got a warrant?
Police have the right to search an arrested person and their immediate possessions without a warrant. But in 2014, the Supreme Court decided unanimously that cell phones deserve special protections under the Fourth Amendment. That’s because of the sheer volume of information they contain, and the fact that the data itself doesn’t pose an immediate danger to arresting officers.
As such, police need a warrant to search the contents of a smartphone, according to Michael Benza, a senior instructor at the Case Western Reserve University School of Law — even if it’s not protected by a passcode.
“You can of course consent to unlock your phone,” Benza said, and “waive your Fourth Amendment rights.”
Breaking down the virtual door
Armed with a warrant, law enforcement can often circumvent the phone’s owner entirely and get access to their data without their assistance.
“It’s like if they get a warrant to search your house,” Benza said. If you refuse to allow law enforcement to enter, “they’re allowed to kick in your door because they have a lawful order that authorizes them to search your phone.”
It’s fair game for law enforcement to hack your device, though that process can take days, weeks or even months and isn’t a guaranteed success. With a different search warrant, authorities can also reach out directly to third parties including Facebook or Twitter to request copies of your data.
Anyone you’ve exchanged messages with, even through encrypted channels such as Signal or WhatsApp, can voluntarily share their side of the conversation from their device.
Passcodes, fingerprints and encryption
The Supreme Court has yet to settle whether divulging a password to a smartphone, computer or other device counts as testimony. That would trigger Fifth Amendment rights to avoid self-incrimination — meaning a defendant couldn’t be compelled to unlock their device. State and district-level decisions to date disagree.
Fundamentally, the Fifth Amendment protects a defendant from being forced to divulge the “contents of his own mind,” Benza said. Alpha-numeric passwords fall more clearly in that category, but biometric passcodes — like using fingerprints, retinal scans and facial recognition to unlock a phone — further muddy the waters.
In some cases, authorities have argued that biometric locks only require use of the suspect’s body or image and not the contents of their mind. Court orders and warrants routinely allow authorities to collect data about a suspect’s body (think DNA from blood or saliva samples, fingerprints) and their physical likeness (think mugshots and suspect lineups), and that’s not considered self-incrimination — or so the argument goes.
Laura Jehl, head of privacy and cybersecurity at McDermott Will & Emery, points to a decision out of the Northern District of California as a well-respected judgment on how biometric locks should be treated in the eyes of the law.
The magistrate judge found “using biometric information to unlock as more analogous to using a password, partly because it provides the same function (as an alpha-numeric password),” Jehl said. “It opens the whole device, associates you with that device and testifies, essentially, that you have a prior relationship with that device.”
Which kind of passcode should I use?
To best protect the privacy of the information in your smartphone, Jehl says, “go with the best law you can and go with, honestly, the thing that really can’t be compelled from you” — an alpha-numeric passcode. “I’m a strong person, but if a police officer grabs my thumb and sticks it on my iPhone, it’s probably going to open.”