Thumb Print or Password: Which is more constitutionally protected?
This blog post is designed for informational purposes only. It is not legal advice. For legal advice, contact us.
Our mobile devices are both increasing in complexity and increasing in importance in legal matters. Additionally, because of their capabilities, they often house our most personal information. So the question is—what is the best way, legally speaking, to protect your device’s contents: thumb print (or other biometric information) or password?
The devices themselves are improving their own digital security as there is overwhelming support from the public for restricting access to personal information. But these measures don’t matter without a constitutional framework protecting people’s information. Fortunately, the US Supreme Court in Riley v. California, 573 US 373 (2014), held that these devices require a warrant before being searched in most instances.
This case gives people a general right of privacy in their devices, but there are exceptions. Additionally, simply because police have your device and a warrant to search it doesn’t mean they have the ability to do so. Often our devices have digital security that the police have to overcome to open them. This is where technology and the law intersect and the form of security used on your device matters. Can the police compel you to open your device? Does it matter which method of unlocking the device you choose? The law has a partial answer.
There are cases that indicate that compelling a person to provide a biometric information—voice, DNA, or the like is legal. As early as 1967 the US Supreme Court in United States v. Wade held that compelling a person to utter a statement so the jury could hear their voice did not violate the Constitution. In Muniz v. Pennsylvania, the US Supreme Court held that compelling someone to provide “real or physical evidence” does not violate the Constitution. In Schmerber v. California, the US Supreme Court reaffirmed this holding and found that the Constitution only protects compelled testimony.
Courts that have found that compelling people to provide fingerprints or eye scans to be constitutional have relied on this line of cases. For example, in Commonwealth v. Baust, 89 Va. Cir. 267 (2014), a circuit court in Virginia held that police can force people to provide biometric information to unlock their phones. Similarly, in In re: Search of, 317 F.Supp.3d 523 (DC Cir. 2018), the court held that the police can compel people to provide biometric information to unlock their phones.
Passwords have faired better when under legal scrutiny. In United States v. Doe (In re Grand Jury Subpoena Duces Tecum) 670 F.3d 1335 (11th Cir. 2012) the court held that passwords are not like biometric information. Instead they are more akin to testimony and thus constitutionally protected. A number of courts have followed the 11th Circuit’s lead. The Eastern District of Kentucky did in In re Search Warrant, 2020 US Dist. Lexis 117049, as did the Eastern District of Michigan in United States v. Sabit, 2014 US Dist. Lexis 45715.
Until this issue is decided by the US Supreme Court there is no definitive answer, but there is some case law to suggest that passwords are more protective than thumb prints or other biometric data. Since both are easy to implement on most devices, passwords are better. Additionally, this legal trend likely applies to other biometrically locked devices such as gunsafes and high tech pad locks. These devices should be seen as less secure than similar devices protected by a password.
If you have questions about technology and criminal investigations, contact us. If the police want you to hand over or unlock a device, contact us.
Other Resources: