Privacy Law

Compelled-password decision is 'death knell' for Fifth Amendment, state justice argues

  •  
  •  
  •  
  • Print

password

Image from Shutterstock.

A defendant can be compelled to enter a password to his cellphone as long as prosecutors prove just one thing, Massachusetts’ top court has ruled.

Prosecutors must show beyond a reasonable doubt that the defendant knows the password, according to the Massachusetts Supreme Judicial Court. Prosecutors met that burden in the case of Dennis Jones, who was accused of sex trafficking a woman he met online, the court said. Courthouse News Service and the Boston Globe covered the March 6 decision.

The court said proof of the defendant’s knowledge of the password satisfies the “foregone conclusion” exception to the privilege against self-incrimination. The exception allows defendants to be compelled to disclose information that the government already knows.

The foregone conclusion exception originated in a Supreme Court case involving compelled production of documents in response to a government subpoena. Several federal courts have extended the exception to encrypted electronic devices, including the 11th U.S. Circuit Court of Appeals at Atlanta and the 3rd Circuit at Philadelphia.

The Massachusetts court said that a defendant forced to enter a password discloses only that they know the password and can access the device. Proof that the defendant knows the password is enough, the court reasoned.

A concurring justice, Barbara Lenk, would have gone further by requiring the government to also prove that it knows the existence of relevant, incriminating evidence it expects to find on the device.

“I think that compelled decryption of a cellular telephone or comparable device implicates more than just its passcode; what the government seeks is access to the files on the device, which the government believes will aid in inculpating the defendant,” Lenk wrote.

“The court’s decision today sounds the death knell for a constitutional protection against compelled self-incrimination in the digital age,” Lenk wrote. “After today’s decision, before the government may order an individual to provide it with unencrypted access to a trove of potential incriminating and highly personal data on an electronic device, all that the government must demonstrate is that the accused knows the device’s passcode.”

Despite her misgivings, Lenk concurred in the court’s judgment because prosecutors had demonstrated their knowledge of the existence and location of specific files on the phone.

The supreme judicial court had extended the foregone exclusion exception to compelled disclosure of passwords in a 2014 case involving an attorney who was accused of trying to divert mortgage payoff funds to himself through a sophisticated scheme using his computers.

The new case considered what proof is needed to qualify for the exception.

Prosecutors had argued that they have to show only proof of knowledge of the password, using a clear and convincing evidence standard. The Massachusetts Supreme Judicial Court opted for the higher reasonable doubt standard, finding that it was required by the state constitution’s protections against self-incrimination.

The standard of proof was satisfied in Jones’ case, the court said. Jones had the cellphone in his pants pocket when he was arrested; he had made statements to police characterizing the phone’s number as his number; subscriber information linked the phone to Jones; and the sex trafficking victim described Jones’ use of the phone, the court said.

“Indeed, short of a direct admission, or an observation of the defendant entering the password himself and seeing the phone unlock, it is hard to imagine more conclusive evidence of the defendant’s knowledge of the LG phone’s password,” the court said.

Give us feedback, share a story tip or update, or report an error.