By Freddie Dyroff, CASA, CCO, CCPA, CBE, CMO

Just over one year ago, we considered the question of whether a court can compel someone to provide his or her private password information to government authorities, in light of the Fifth Amendment’s protections against self-incrimination. At that time [1], judicial analysis seemed to hinge largely on whether providing password-related information was deemed “testimonial” in nature, thus potentially triggering Fifth Amendment protections. The issue becomes even more complex in the forensics and eDiscovery fields, because the methods of password protection vary so widely, ranging from a series of numbers/letters that the device or account owner creates and must remember, to biometric markers such as one’s iris. As we discussed previously, some courts find that a password is “something you know,” and is therefore more likely to be protected under the Fifth Amendment. Others may say that biometric locks, like FaceID and fingerprints, are a “state of being” and not testimonial in nature, and thus not protected under the Fifth Amendment. This matter gets even muddier as most modern devices have pin/passwords unlock methods coupled with biometric tools. More than a year after we considered the interplay between the Fifth Amendment and password protection, we may have additional insights on where the law may be moving.

This summer, a federal judge has ordered a man who took part in the January 6th U.S. Capitol riot to unlock his laptop. The defendant, Guy Reffitt, was accused of obstruction of justice, illegally bringing a firearm to the Capitol, and other charges [2]. A criminal complaint was filed in the United States District Court for the District of Columbia. Investigators from the FBI seized Reffitt’s laptop, believing it contained video Reffitt recorded while at the riot. When the accused claimed he “forgot” the password to the laptop, the government moved to compel the unlocking of the laptop via facial recognition [3]. Ordering Mr. Reffitt to unlock the device via the facial recognition feature, the court found that the act of sitting in front of your laptop to unlock it is not protected testimony under the Fifth Amendment. The next logical question would be, how far will this thinking extend? If your face is fair game, then surely fingerprints can be, too. What about your voice? The likely, albeit sci-fi end of the road here, would be computers that are unlocked by thought. As with any advancement in technology, courts must adapt, and the law will evolve. Courts to date have taken divergent paths on the reach of the Fifth Amendment to biometric and other forms of passwords. Based on at least recent precedent, knowing that previously locked devices may be fair game for forensic and eDiscovery examinations could have an impact on how civil or criminal litigants approach pretrial discovery and investigations. Should you need help navigating the technical aspects of these waters, bit-x-bit is here to help.