Passcodes are protected by Fifth Amendment, says court – Naked Security

There was an underage driver at the wheel, driving on a Florida highway. Police say he was speeding.

When he crashed, one of the passengers in his car died. At the hospital, a blood test showed that the minor had a .086 blood-alcohol content: slightly over the legal limit of .08% for non-commercial drivers.

According to court documents, police found two iPhones in the car: one that belonged to a surviving passenger and one that allegedly belonged to the driver. The passenger told police that the friends had been drinking vodka earlier in the day and that she’d been talking with the driver on her iPhone.

The police wanted the driver’s phone, so they got a warrant to search it for data, photos, text messages, and more. They also sought an order compelling the minor to hand over the passcode for the iPhone and for an iTunes account associated with it.

And this is where we get into the evolving world of the Fifth Amendment and compelled passcode disclosure. Last Wednesday, 24 October, the Florida Court of Appeal quashed a juvenile court’s order for the defendant – identified only by his initials, G.A.Q.L., since he’s a minor – to disclose his passcodes.

A trial court had agreed to compel the disclosure, given that “the act of producing the passcodes is not testimonial because the existence, custody, and authenticity of the passcodes are a foregone conclusion.”

No, the Appeal Court said last week, we disagree. As other, but certainly not all, courts have decided, compelled password disclosure amounts to forcing the defendant to disclose the contents of his own mind – a violation of Fifth Amendment rights against self-incrimination.

The “foregone conclusion” standard keeps cropping up in these cases. It allows prosecutors to bypass Fifth Amendment protections if the government can show that it knows that the defendant knows the passcode to unlock a device.