Are Your BYOD Policies Fifth Amendment-Ready? The Growing Tension Between Biometrics & Individual Rights

Chief Justice Roberts observed in 2014 that modern cell phones are “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.” Since then, cell phones and other digital devices remain ubiquitous as new technologies evolve to ensure data security and privacy. 

Digital devices use biometric prompts like Touch ID (fingerprint recognition), Face ID (facial recognition) or Optic ID (iris recognition) to authenticate a user’s identity while others employ patterns or PIN numbers to unlock devices, make purchases and access sensitive data.

These technologies pose challenges for law enforcement when seizing or compelling the disclosure of this data. In the past year, two circuit courts have reached conflicting decisions and district courts have issued diverse holdings on this issue. 

Fifth Amendment concerns in the context of compelled disclosure of biometrics seems clearly a subject ripe for Supreme Court review. 

Compelled biometrics are a significant issue for ephemeral communications in the context of corporate investigations. Companies do not have a Fifth Amendment privilege, but employees do, and the lines of when ephemeral communications are business records or personal communications blur depending on context and circumstances. In light of BYOD policies, compliance programs should strike a balance between individual rights and data security. 

Fifth Amendment & the act of production doctrine

The Fifth Amendment provides that “[n]o person … shall be compelled in any criminal case to be a witness against himself.” The privilege against self-incrimination extends not only “to answers that would in themselves support a conviction under a federal criminal statute but likewise embraces those which would furnish a link in the chain of evidence needed to prosecute … [an individual] for a federal crime.” To assert the privilege against self-incrimination, a witness must show that information is: (1) compelled; (2) incriminating; and (3) testimonial. A statement is considered “testimonial” when an accused’s “communication must itself, explicitly or implicitly, relate a factual assertion or disclose information.” The government may not compel a witness “to use the contents of his own mind” to communicate something factual since this is equivalent to testimony and barred by the Fifth Amendment.

Certain communications or acts are not considered testimonial even when incriminating. For example, “a suspect may be compelled to furnish a blood sample; to provide a handwriting exemplar, or a voice exemplar; to stand in a lineup; and to wear particular clothing.”

The act-of-production doctrine recognizes that although “the Fifth Amendment does not independently proscribe the compelled production of every sort of incriminating evidence,” it does apply “when the accused is compelled to make a testimonial communication that is incriminating.” The Supreme Court has held that the “act of producing evidence in response to a subpoena … has communicative aspects of its own, wholly aside from the contents of the papers produced.” The Supreme Court has observed that the “more difficult issues are whether the tacit averments of the [individual] are both ‘testimonial’ and ‘incriminating’ for purposes of applying the Fifth Amendment. These questions perhaps do not lend themselves to categorical answers; their resolution may instead depend on the facts and circumstances of particular cases …” 

Compelled disclosure of biometric data is one such “difficult” issue that focuses heavily on the act-of-production doctrine.

Data Privacy

Data Privacy Laws Protect Consumers, But They Can Apply to Your Employees, Too

by Ashley Orler and Sarah Rugnetta

August 6, 2024

States increasingly enacting laws covering employee data

Read moreDetails

The conflict among the Ninth & DC circuits

Last year in United States v. Payne, the defendant argued that the officers violated his Fifth Amendment right against self-incrimination when they compelled him to unlock his phone with his fingerprint. During a traffic stop, the defendant, Jeremy Payne, a California parolee, was arrested and compelled to unlock his phone for officers. 

During legal proceedings, the officers conceded that Payne satisfied the first two prongs for Fifth Amendment protection, that the use of his fingerprint was compelled and incriminating, but they disagreed it was testimonial. 

The Ninth Circuit explained that a testimonial communication requires some factual assertion or disclosure of information to trigger the privilege, but here, Payne said nothing after his fingerprint was used to unlock his phone. Thus, the Ninth Circuit found the use of Payne’s fingerprint required no cognitive exertion and was more like compelled physical acts, such as submitting to fingerprinting or having blood drawn — all the types of physical trait cases in which courts have held certain physical acts as non-testimonial, unafforded Fifth Amendment protection. Accordingly, the Ninth Circuit affirmed the district court’s ruling and denied Payne’s motion to suppress information obtained from his phone at the time of his arrest.

Several district courts reached the same conclusion as Payne. Namely, that an officer compelling an arrestee to unlock their phone with biometrics is non-testimonial although compelled and despite providing access to incriminating information.

The issue resurfaced again this past January, in United States v. Brown, where the DC Circuit reached an opposite conclusion. Peter Schwartz, a Jan. 6 defendant, argued that FBI officers violated his Fifth Amendment rights when the arresting agent found a black phone in Schwartz’s bedroom and compelled him to unlock it via his fingerprint. As in Payne, Schwartz moved to suppress the evidence obtained from his phone and all the parties agreed that the unlocking of the phone via fingerprint was compelled and incriminating, but the parties disagreed whether the act of unlocking the phone itself was testimonial.

The DC Circuit held that unlocking a phone with biometrics was distinctively different than submitting to a blood draw or handwriting test. The court interestingly highlights a commonsense point — most people who use biometrics to unlock their phone usually set only one or two of their 10 possible fingerprints as “passwords.” The court noted that among the physical trait cases, which are context-dependent, some physical responses like the heart beating faster or sweating during a compelled lie detector test are testimonial. 

In reviewing the denial of Schwartz’s motion to suppress, the court reasoned that compelling Schwartz to open his phone with his fingerprint reflected his thoughts and knowledge on: “how to open the phone,” “[his] control over access to this phone” and “the print of this specific finger is the password to this phone.” The court thus found Schwartz’s Fifth Amendment rights were violated.

Like the Ninth Circuit, the DC Circuit also reviewed act-of-production cases, but the courts diverged on whether using a fingerprint to unlock a phone reflected extensive cognitive thought. The DC Circuit reasoned that when the FBI agent compelled Schwartz to unlock the phone with his fingerprint, Schwartz demonstrated not only his ownership and control over the phone but also his ownership of the data accessible within it. The Ninth Circuit saw no cognitive exertion in that very same compelled physical act.

Future forecast

Several district courts reached the same holding as the DC Circuit, which when juxtaposed against those that have agreed with Payne, reflects a dramatically unsettled area of law.   

Several years earlier, in In re Grand Jury Subpoena Duces Tecum Dated Mar. 25, 2011, the accused was with a subpoena duces tecum requiring him to produce the unencrypted contents located on the hard drives of his laptop computer and five external hard drives. 

In responding to the show-cause order, Doe informed the court that he invoked his Fifth Amendment privilege against self-incrimination and refused to comply with the subpoena before the grand jury. The government, in turn, sought an order of immunity limited to “the use [of Doe’s] act of production of the unencrypted contents” of the hard drives. That is, Doe’s immunity would not extend to the government’s derivative use of contents of the drives as evidence against him in a criminal prosecution. 

The court accepted the US attorney’s position on the scope of the immunity to give Doe and granted the requested order. The order “convey[ed] immunity for the act of production of the unencrypted drives, but [did] not convey immunity regarding the United States’ [derivative] use” of the decrypted contents of the drives. Doe persisted and the court found him in civil contempt. The 11th Circuit reversed because Doe’s act of production would have testimonial aspects to it and the government’s offer of act-of-production immunity clearly could not provide the requisite protection because it would allow the government to use evidence derived from the immunized testimony. Doe could not be compelled to decrypt the drives.

The issue may be less complicated with facial or fingerprint recognition, but the 11th Circuit decision provides guidance for when a device can only be accessed if the accused is compelled to disclose a particular pattern or PIN. Such scenarios should accord greater testimonial weight, since the government is compelling what is contained in the accused’s mind, akin to being compelled to provide the combination to a safe with incriminating information in it. 

But what if the accused is compelled to provide a statement to unlock what may be accessed only through voice recognition? The Supreme Court has held that voice exemplars do not violate the Fifth Amendment since they are used “solely to measure the physical properties of the witnesses’ voices, not for the testimonial or communicative content of what was to be said.” However, if a voice exemplar is compelled as entry for access to a device, akin to a password, it is likely that the reasoning in Brown would apply and the compulsion would seem quintessentially and unavoidably testimonial under those circumstances.

For the past five years, federal district courts have wrestled with the implications of agents compelling arrestees to unlock their phones using biometrics. The conflicting rulings by the Ninth Circuit and DC Circuit bring the issues into greater relief where two circuits reached opposite conclusions on similar facts. It surely will lead to additional splits among other courts on the compelled use of biometrics to obtain data. The Supreme Court will likely have occasion to decide these issues when facts and an exercise of ordered liberty demand it.