As the impact of technology on our lives expands, sometimes the law fails to do so accordingly, creating questionable legal gray areas. Many of us store our entire lives in our cell phones, usually just protected by a short four-digit password. The question of whether or not it’s legal for the government to ask for someone’s phone password was just decided by a Pennsylvania court, at least temporarily solving at least one of those legal gray areas.
The case, SEC vs. Huang, dealt with two former Capital One data analysts who were suspected of insider trading. They were using phones that were provided by Capitol One, but used passwords that the suspects had chosen themselves. They were not required to disclose these passwords to Capitol One. Although they returned the phones to Capitol One when they were fired, they did not turn over the passwords. When the investigators asked the two suspects (both with the last name Huang, although not related) they refused, arguing that the Fifth Amendment, which protects an individual from self-incrimination, allowed them to refuse to hand over that information.
On Wednesday a district court in Pennsylvania decided in favor of the Huangs, meaning that they don’t have to turn over their passwords.
There were a lot of questions particular to the case, including the application of a particular legal doctrine called “foregone conclusion.” Essentially, pieces of information aren’t protected under the Fifth Amendment when the government knows what they contain, and their location. In this particular case, Judge Kearney wrote that the government “has no evidence any documents it seeks are actually located on the work-issued smartphones, or that they exist at all.” However, some legal experts, including the Volokh Conspiracy writer Professor Orrin Kerr, argue that the doctrine was applied incorrectly, pointing out that there’s a difference between asking for records of insider trading and asking for the passwords. If this case is appealed, that may be one of the questions that ends up being dealt with.
But back to that legal gray area–while the court may have ruled that phone passwords can be protected under the Fifth Amendment, other aspects of our mobile security probably aren’t. For example, last year a Virginia Circuit Court ruled that while cops can’t require individuals to unlock their phones using passwords, they can make them unlock them using biometric data–like the TouchID feature popular on most recent iPhone models. While these are obviously very different cases, in different courts, these cases and many others highlight the fact that the conversations over privacy and Fifth Amendment issues in the digital age are far from over.