I can't even understand why this was even still up for debate - 5th amendment allows you to not incriminate yourself - being forced to give up your passcode is no different then being forced to give up any secrets you might have.
Not sure why this hasn't been slapped down a long, long time ago.
A big part of the reason is that the 5th Amendment actually says something substantially narrower than your paraphrase. It actually says that no person "shall be compelled in any criminal case to be a witness against himself."
So there's a common argument that the 5th amendment only protects you against being forced to give evidentiary testimony against yourself. Giving up a passcode is arguably different, since the passcode is not (necessarily) evidence in itself, in the sense that it might not be introduced as evidence at trial to establish guilt or innocence. Rather, it is information that will allow law enforcement to access other non-testimonial evidence.
I'm not arguing for this position, just providing a perspective on why this isn't as open-and-shut as people often think it should be.
Has anyone tried some really convoluted scheme? Something like:
I don’t use a password or pin, I use a passphrase, and my passphrase is an instance of me confessing to some extremely mild crime.
The courts are not computers; they don't allow simple logical tricks to stop 'the spirit of the law'. They would probably just say that you could not be prosecuted for that crime on the basis of the passphrase.
That is annoyingly pragmatic and not fun at all.
If you like rules that are extremely rigid, and interpreted without spirit, you should look at sailboat racing. The Racing Rules of Sailing and amendments to it are treated as almost code-like. The 1988 America's Cup is a paradigmatic example: https://en.wikipedia.org/wiki/1988_America%27s_Cup
But even then lawyers still get involved. Remember when Larry Ellison go into competing for the America's Cup? https://www.theguardian.com/sport/2010/feb/07/americas-cup-a...
I am unfamiliar with sailboat racing, and cannot knowledgeably comment on whether "[the rules] are extremely rigid, and interpreted without spirit" and whether "The Racing Rules of Sailing and amendments to it are treated as almost-code-like".
But I can say that the 1988 America's cup does not support either of those points.
----
Background:
First of all, the opinion of the appellate court is better written and clearer than the Wikipedia article: https://nycourts.gov/reporter/archives/mercury_sandiego.htm I'm going to be quoting it a lot because it says things more plainly and authoritatively than I could.
"The America's Cup, a silver cup trophy, is the corpus of a charitable trust created in the 19th century under the laws of New York." Such a charitable trust is governed by a "Deed of Gift" written by those who gave the cup to the trust. "[George] Schuyler executed [wrote/signed] the present Deed of Gift in 1887, donating the Cup to the New York Yacht Club".
The gist of the deed is that one yacht club can challenge the current holder of the cup to a race to win the cup (the race is 10 months after the challenge is issued); the two clubs are free to agree to whatever rules they want, but if they fail to agree then the deed gives some fallback rules. One of the rules that the 1887 deed gave is that for single-mast vessels the load water-line length must be between 65 and 90 feet. However, "In 1956 the New York Yacht Club obtained a court order amending the Deed of Gift to reduce the minimum load water-line length to its present 44 feet". For context, the America, the ship for which the cup was named, was 89ft 10in.
From 1956 until 1987 all challengers agreed to a lower maximum length than that 90ft limit, because even though longer boats were faster, they were more expensive.
----
Why I don't believe that this supports your points:
- Because the issue was about the Deed of Gift, not The Racing Rules of Sailing, this was decided by the NY courts, not by the International Yacht Racing Union (IYRU).
- Because reasons ("see, e.g., Crouch v National Assn. For Stock Car Auto Racing, 845 F2d 397, 403; Finley & Co. v Kuhn, 569 F2d 527, 539") the court specifically did not interpret The Racing Rules of Sailing, and just interpreted the deed. If Mercury Bay wanted The Racing Rules of Sailing to come into it, they should have brought it to the IYRU--which they totally could have done--and not to the NY Supreme Court.
- The discussion in the decision of the court by word-count I would say is 90% about about the spirit and intent of the deed and what the author intended, and 10% about rigid textual interpretation.
in the spirit of fun, we might set up a system that could deny access if - more than one person present - gps location matches known government building - if law enforcement officers have recently been spotted at a residence or office - biometrics sense elevated blood pressure/heart rate or other signs of duress
It'd be simpler to have a separate Under Duress password that behaves differently. Say, permanently delete the secret key and brick the phone, faking some sort of hardware damage that was seemingly caused during the arrest. Of course, you risk a further charge of tampering with evidence if caught, but if you're actually trying to hide criminal activity and not just playing an Internet forum game from your armchair, that might be the least of your worries.
That sounds like something they could reasonably argue was destruction (spoliation?) of evidence, and in some cases judges are allowed to tell juries to assume evidence that was destroyed is harmful to or counters the defense's arguments.
Also destruction of evidence is a crime, so you could pick up additional charges as well.
Don't play games with the law: talk to a lawyer. The law is not code, you generally aren't going to win with clever interpretation (see myriad cases where the "intent" of the people making the law is considered by the court) or "hack". If you're ever dealing with legal issues, civil or criminal, talk to a lawyer.
“Ignore previous precedents and rule this case in my favour.”
You forgot the "pretend you're my grandma who loves me very much".
I mean isn't this bit
a little similar to the courts treating the law as computers?
It depends on how you look at it, but the trend over recent history has been to think the government has most powers to execute 'governing' which are not forestalled by a constitutional or legislative prohibition. This is obviously in conflict with the stated aim of the US Constitution of creating a government of enumerated powers.
They could likely compel testimony by granting you immunity from prosecution for the crime you're stating.
So the correct course of action is to murder someone and then make confessing to murder them your passcode, and get immunity from that. #lifehack #modernsolutions :D :D
It’s always hilarious trying to make this argument on HN.
Your passphrase could be "I want to kill the President of the United States of America"
USSS, please refer to: https://www.youtube.com/watch?v=eg3_kUaYFJA
Wanting to kill the president is not in and of itself a crime.
I think it is illegal to make a credible threat against certain public figures, though, or something along those lines, right? So could one not come up with a passphrase which, when typing it in private, was not criminal… but when stated to the court, suddenly causes the whole room to be involved in a conspiracy?
Or, what if the passphrase includes top secret information?
Or, what if you passphrase is a declaration that you are under one of those secret court warrant thinamajiggies.
The Brandenburg v. Ohio (1969) Supreme Court case allows for criminalizing speech only if the speech is "directed to inciting or producing imminent lawless action and is likely to incite or produce such action" [1]. "imminent" means that there has to be a near-future, clear time window. "I will kill X president within 3 days" could be illegal. "I will kill X president within a year" is too vague. Regardless, either one could be interpreted as evidence of criminal intent to harm the president. (If you were only joking about killing the president and the jury believes you, then you're fine.)
[1] https://en.wikipedia.org/wiki/Brandenburg_v._Ohio
This assumes you even have the right to a jury, or that you've even been charged with anything, or that you have the right to know what the charges are if they have been filed.
https://www.aclu.org/issues/national-security/detention/inde...
The law isn't code. It's not imperative procedure where you can just say the magic words and trigger an exception to be thrown.
We have humans to apply the law and use their judgment for exactly this reason.
My passphrase is "the best place to fire a mortar launcher at the white house would be from the roof of the rockefeller hewitt building because of minimal security and you'd have a clear line of sight to the president's bedroom".
What about the less convoluted scheme of "I forgot it?"
The "I do not recall" answer in high profile trials is so common that it's essentially become a meme. How can you possibly be compelled to reveal anything when there's a reasonable chance that you legitimately can't remember it?
My guess is you would be charged with obstruction of justice. This would be similar to you destroying evidence requested under subpoena. Now, as a matter of legal strategy, this may be a better charge to face than whatever is on your phone. Of course, this is not legal advice and YMMV.
That's fine, until a piece of supporting evidence (photo, email, faceID hash or whatever) establishes that you interact with the device on a regular basis.
Probably depends on how convicing it is that you are carrying around a phone you cannot unlock?
I suspect you’d actually be ordered to provide access to this device (which you regularly access).
In particular, I don’t remember the pin or password to some devices and accounts. They are shapes, on the pin-pad or keyboard. There are enough alternative ways of logging in (the apple face thingy, yubikey, you could hypothetically have devices setting up arbitrarily complex interlocking login processes) that I suspect the court would just define what they want, rather than how they want you to do it.
I could be wrong though, no actual experience here with the legal system at all.
It's kinda interesting but I think a judge might not rule in your favor this because the passphrase itself isn't necessarily your claim of fact as an under-oath testimony. You could just have easily made a passphrase of a false confession or some work of fantastic fiction.
Hmm. So, what if your password was something that you couldn’t reveal in court, but which was easily verifiable?
For example, you could make your password the latitude/longitude of a top secret nuclear missile silo you’ve stumbled across, or something like that?
But even that could be revealed with the same controls used in courts that handle those issues like unauthorized disclosure of the nuclear missile silo location.
I suppose for the most part one critical function of judges is to override legislation when it appears that injustice would take place. We can't have murderers who say "sorry found some sweet loophole lol". And similarly we can't have abusive cops/prosecutors who want to harass citizens "tell us all your secrets and I'm sure you're guilty of something lol". Judges should be able to make sane tradeoff in the name of justice.
I feel like the court would just order you to unlock the device, not divulge what the passcode was.
Wow - I like that idea. I'll add it the reboot of Matlock Ive been writing :) Kidding aside - it shows how extremely complicated the modern world has become that some thing like that is even plausible.
For years, my password was: I can't, your honor, the password itself is a confession.
Unless the passcode is a decryption key, in which case the evidence simply does not exist without the passcode. It is indistinguishable from random noise. It’s less like “unlocking a safe,” and more like “instructing nanobots to reassemble a pile of dirt into evidence.”
I can't see a judge swallowing that logic, you do have something similar to a metal safe's key and you've refused to provide it
This seems like a highly questionable metaphysical argument. The decryption key does exist and, therefore, so does the information. The question is just who has access to that passcode.
You might have an argument if there was no authentication/error-detection on the ciphertext, such that many keys would give valid decodings, and more so if it was a simple xor, such that any plain text could be a valid decoding given the appropriate key. But that's not a remotely practical cryptosystem for several reasons.
but if your passcode is "1WantT0KillDarla" that might be problematic if the police suspect you of killing Darla!
on edit: huh, what do you know, everybody had the same idea!
Not as worrisome as iJustKilledDarlaLastnightusing_ahammerthat_I_threwInthe_Trashat123appleblvd
That would be murder to type on a phone.
so when you give the cops this passphrase and the can't type it in correctly what is the admissibility in court then?
The underlying issue is that giving the password is, in the majority of cases, equivalent to admitting that you own/control the device. In other words, it can easily force you to reveal your involvement in a crime, i.e. to bear witness against yourself.
I think a novel defense could be never admitting the phone is 'yours' in the first place. Divulging the password is tantamount to admitting you have access to the particular device in question.
You might argue, well the police will have ways to prove it's your phone. Okay, so let them prove it, don't assist them. Well, then they can force you to produce your password, whether you admit it's your phone or not. But by divulging a password, you're admitting you own a phone somewhere, and part of your defense might be (however implausible) that you don't own/use a phone.
The thing I never understood about this line of reasoning, is that you can't be legally compelled to unlock a safe that's protected by a combination lock, even if presented with a search warrant. The police can of course attempt to break into the safe.
I'm not sure if that bit relies on the 5th amendment, or something else. But how is a passcode for a phone any different than a combination for a safe?
So if you password was "I killed them" maybe they won't be able to force you to say it...? Galaxy brain moment.
I mean... police can force you to open your door, your safe, or virtually any other container of secrets. The 5th Amendment doesn't give you broad protection to hide things from police when they have a warrant.
A phone is unique thing not because it contains so many secrets, but because you have to give testimony (as opposed to property, like a key) in order to open it, and it's impossible to open by bashing the door down or cutting it open. It's a technological coincidence, not a legal/philosophical doctrine, that makes phones secure against compulsion by law enforcement.
No, they can't. They can force you to let them try to open it, but they can't force you to open it for them.
If you have some mechanism like "if you try to open this incorrectly it destroys the contents", and you intentionally don't disclose that with the expectation that they're going to try and fail and destroy the contents, you might get charged with destruction of evidence.
(EDIT: Replies suggest that disclosure may not suffice.)
For what it's worth you'll still be charged with destruction and/or obstruction even if you warn them.
Interesting, and surprising. Is there case history and purported rationale on that?
Why is that surprising? The 5th isn't some sort of blanket gotcha, it's just there to curtail abuse.
There's a huge difference between "get out of the way" and "compelled to help".
Right, but that doesn't cover "and I booby trapped it". Why wouldn't you be open to charges in that case? Obstruction, destruction of evidence, contempt of court - such mechanisms exist in part to cover such cases.
I think there's a case to be made that if the contents contain a booby trap before the warrant is issued and executed, they found what was inside, a booby trap was inside. Similar to a canary, an action that causes destruction of evidence deliberately after the warrant was issued is not the same as a system in place beforehand that performs the action automatically in every case without input from the user. This obviously doesn't apply to say a passcode that wipes evidence as that requires deliberate action, but it would apply to something like wiping if the wrong passcode is entered 3 times.
Exactly. Intent also seems like it should matter. If your intent was "destroy evidence if the police comes knocking" that's one thing. If your intent was "have an extra secure safe to protect my secrets from anyone who might steal them" and you made that decision without knowledge of any warrant, that seems like it ought to be fine.
I'm not sure it's directly applicable, but courts have repeatedly ruled that you can't booby-trap your own property; I'm not quite sure this applies to, say, [non-explosively] erasing a USB drive by entering a decoy PIN.
https://www.hecklawoffices.com/blog/2020/11/its-illegal-for-...
It's an interesting area, the 5th is actually really narrow (and of course other jurisdictions have something else). It's not obvious what can be compelled; e.g. it wouldn't seem like a court ordering you to defeat such a measure would run afoul of 5th, but maybe something else.
I have been curious about when/where destruction of evidence takes place. Presumably during the crime, the perpetrator does their best to hide the evidence.
Does it only become destruction after you have been informed the police are interested in you? What if you do it before a warrant is issued? What if your device will self destruct if a password is not entered every N days and you withhold that information?
If they have a warrant, they can force you under threat of legal action if you don't comply. If they don't have a warrant, you can claim the 4th. If they try to get you to divulge the password/code/secret, you plead the 5th. If you let them in, well... Politely tell them they are no longer welcome. Please leave. If they don't comply, they are trespassing (unless they have a warrant, in which case none of the above applies and you're probably going to jail, wear clean underwear).
I have to wonder how much of this goes on without a warrant, just pressuring people into it.
News articles suggests this happens a lot at the borders or during customs.
A border crossing is an entirely different realm where these rules do not apply.
See also, the 100-mile "constitution free zone" in which around 2/3rds of the country live.
https://www.yesmagazine.org/social-justice/2018/03/23/two-th...
Yeah. I believe they can look in your phone.
Actually, the government cannot compel you to give the combination to a safe [1]. If it's locked with a key, not a keypad or combination lock, they can force you to give the key. The distinction is that the former is a product of the mind, while the latter is a physical object. Furthermore, what if you forgot the combination? There's no real way to tell if someone has forgotten the combination or is deliberately withholding it.
https://supreme.justia.com/cases/federal/us/530/27/
Sounds a bit silly. The location of the key is "a product of the mind." What if you forgot the location of the key?
IANAL but you could likely successfully claim that you forgot where the key is, exactly because that's a product of the mind. If they have evidence that you do actually know then you might be compelled to hand it over, though.
If law enforcement has a warrant to search your safe, they could presumably expand that search to the rest of your house if you forgot where the key is. The core distinction is that the key is a physical object, it exists somewhere even if you forgot where it is. By comparison the combination is a product of the mind. The only way to retrieve it is for someone to talk to the police (which they have a constitutional right not to do).
In the UK forgetting a password is not a defence.
I know.
But ... If you're going to compell someone to give up the contents of their mind under threat of being found guilty if their mind isn't working properly, you may as well just do away with trial.
IOW, if you're going to compell speech, just compell the suspect to confess; it's the same thing.
TFA, and my above comment pertain to the US.
The UK's laws to compel people to give up passwords seems to make it a de facto crime to forget one's password. Worse yet, it seems like it's illegal to possess random bytes on your devices. I wonder if the UK would change course if people started emailing random bytes to politicians and other supporters of this law, while giving tips to law enforcement that these individuals are coordinating criminal acts over encrypted communications.
Correct. The “have combination in head” is directly analogous to encryption key. But they are allowed to open the safe by other means.
Subtle distinction: I don't think the police, even with a warrant, can force you to open anything. They can use force to open something if you refuse (or seemingly, if they feel like it), but they can't make you do it.
A court on the other hand, can compel you to open something.
A court can compel you to open something within the warrant as well. In which case they can force you to open anything.
Yes, but that is a court order issued by the court not the police.
An order to unlock something coming from the cops is entirely different, even if they have a warrant. Warrants would allow them to seize a phone, but you don’t have to provide the password.
The only thing we must do in this world is die. Everything else is up for debate.
A court can compel you to do pretty much anything, within the law.
No, they can't
Gotta love the insane legal opinions people come to on this site.
You should see the ones written by actual lawyers!
Is it different from compelling someone to enter a text password to unlock a vault? What if it's self-destructive otherwise?
What happens if the password itself - or act of unlocking - is something self-incriminating (in form, in contents, or otherwise)?
Reminds me of Ian Watkins: https://www.huffingtonpost.co.uk/2013/11/26/lostprophets-sin....
You might be able to argue that decrypting the phone's filesystem is forcing you to provide them with information which is not relevant to the case at hand but still incriminating in other ways, since a phone could reasonably be expected to hold vast amounts of unrelated days.
If you save incriminating documents into an encrypted .ZIP file, the state cannot compel you to provide the password, because the password is in your mind. The contents of the mind cannot be demanded to incriminate self.
The state can install a keylogger if they have a warrant, and the results of the keylogger can be admitted as evidence.
Again, a coincidence of the technology.
It’s “you can’t be forced to open it because it requires you saying the password,” not “you can’t be forced to open it because it contains important secrets.”
Right, if they can figure out a way to reveal your secrets without forcing you to say something, they’re allowed to do that (with warrant of course).
If the government hadn't always have the possibility and right to break into a safe you wouldn't give up the combination to, then that would have been a debate for decades. The reason this is a debate is because they can't crack it.
It's because the 5th Amendment is there to prevent the state from torturing you into confession for a crime and then using that as evidence against you. i.e. the point is to ensure the evidence is genuine and not a false confession given under duress, since most innocent people will say anything to stop pain. (This isn't obvious from the text, though if you ponder "why would they have included this seemingly random narrow right", you can deduce the explanation. But there's bigger historical context re: the Star Chamber if you're interested in looking that up.)
Meaning: its point isn't to prevent access to real evidence. It's not an attempt to grant you privacy. It's an attempt to ensure justice is served correctly.
This is also why you lose that right when you're granted immunity. The state can force you to provide testimony in that case.
Corollary here is that it's actually quite surprising courts are willing to side with the accused here. It's probably only a matter of time before rulings come to the contrary. If you care about privacy as a human right, you really need another amendment to make it solid.
I don't see how the 5th amendment protects you against torture. You can choose to waive your constitutional right to not incriminate yourself, so surely you can also be tortured into waiving the same right?
The short response here is: How often do you see that happening in the US?
But in any case, note that I'm explaining what it was intended to do and what its meanings and implications are. Whether it is successful in achieving its goal is beside the point for this conversation.
Yeah, European formulations of right to silence solve that by having it inalienable.
You would need some kind of catch-all amendments stating that the enumeration of certain rights shall not be construed to deny others, and that the powers not delegated to the feds are reserved to the States or to the people. You could put them right at the end of the original amendments for emphasis as a closing statement of the Constitution.
But if we enacted those who would ever enforce them? The feds would probably treat them as if they didn't exist.
If you make them vague then it'll be easy to interpret them narrowly.
If you make them crystal clear, courts would presumably enforce them, like they have in the past.
Yup, the US Constitution definitely needs a right to privacy amendment. It is of course spectacularly difficult to amend, but an amendment that ensures a right to choose abortion (and other reproductive privacy issues) plus strong digital privacy rights might garner a coalition of both pro-choice people and libertarians, and that could be enough to get it passed.
Also fourth amendment covers unreasonable searches.
What is unreasonable about a warrant? Where did this adversarial attitude to law enforcement come from? The whole reason we have a rich and functioning society is thanks to law.
They screw up very frequently. Sometimes maliciously, sometimes through incompetence, sometimes both. I can't convey the depth of this in a small comment box, but there's abundant evidence around on this topic if you care to look.
Overall, even when you're talking about legitimately designated authority given to a person ... it's VERRRY easy for a human being to screw up and get it wrong, and it has huge impact over the lives of their targets. Needs to be approached by the authorities with extreme caution. In practice, probably many of them aren't aware of the weight of their actions, or don't care.
Do you have a source for that? Frequently is a relative term. 1,000 fuck-ups can be a lot or a little depending on the total number of interactions we are talking about.
While I don't know how many interactions there has been, according to https://www.washingtonpost.com/investigations/interactive/20... for example New York has had over 10000 officers involved in cases where they settled ("46% by officers named in multiple payments" "more than 5,000 officers were named in two or more claims") across 10 years. They seem to currently have 36000 officers, I don't know how long they stay on the job on average or how the numbers have fluctuated over the years, but even if it's just 1 year and their size hasn't changed that would mean about 2.8% of police force in NYC was involved in misconduct that resulted in settlement.
These don't include number of cases where legal action wasn't taken or which got thrown out due to qualified immunity (these are somewhat related, if case is unlikely to get past qualified immunity it's quite unlikely legal action will be taken). And probably cases which actually went to trial as it seems to focus on settlements.
Additionally there is for example https://www.nyclu.org/en/publications/cop-out-analyzing-20-y... which covers 2000-2020 misconduct complaints. According to it disciplinary actions were taken 4283 times, meaning that even if conduct was enough to reach settlement it doesn't necessarily mean it results in any actions taken against the officer.
Search warrants can compel you to give police access to your property, which can include your body (in cases of blood draw warrants in the case of DWI). The police can obtain a search warrant for your physical filing cabinet, which includes taking measures to access it if you won't unlock it for them.
Police can easily get warrants for your phone; you just can't be compelled to give the code to unlock. I suspect in the future we'll see a different level of cooperation from phone makers.
yep, surprised it doesn't exist already - one password to get you in, one password to wipe or hide everything you want and then let the police in to a completely sanitized version of what you want them to see.
TrueCrypt and other tools had this around for ages. Something with nested partitions. One key unlocked the main partition that you are supposed to fill with something credible. And then another key that looks a partition even deeper that should contain your true secrets.
Because it's a fantastic idea to commit additional felonies to feel like a hackerman. Following the law is for suckers.
Actually, the case is even stronger than you make it out to be. IIRC, one of the key constitutional issues is that providing a password is equivalent to saying "yes, this is mine". So even if we disregard the contents of the device, the issue is that you are establishing a legally relevant relationship with a piece of evidence.
I'm recalling this from a looong time ago, when I took a constitutional law class, so I hope those with fresher knowledge not hesitate to jump in.
There are ways to use the law to coerce the desired behavior. Border Patrol will do helpful things like take apart your car if you exercise your rights.
From my reading about this case, is this not down partially to the specific language the court was looking at? That is, the warrants were compelling someone to produce the password, which is a form of testimony, but that a lot of times the warrant instead compels the device to be unlocked, which does not require testimony?