One of the perils of our increasingly-connected lives is the extent to which many of the constitutional protections we rely on in our non-digital lives either do not apply or work differently when applied to our electronic devices. Perhaps the most important example of this lies in fifth amendment jurisprudence, or what is more commonly referred to as the right against self-incrimination. Specifically, the judicial system has established that this right does not apply in the case of electronic devices secured by biometrics, such as nearly all modern iPhones. In other words, police can compel individuals to unlock their devices with a warrant so long as those devices are secured by a fingerprint. In theory, this fits with existing legal precedent around the fifth amendment. In practice, it amounts to an erosion of basic fifth amendment protections in the digital age.
Case law going back decades has established a constitutional difference between testimonial evidence—which involves requiring the accused to divulge the contents of their mind—and other forms of evidence, like requiring the accused to submit a handwriting sample. Only testimonial evidence is protected by the fifth amendment. As a result, the courts have historically held that individuals can be compelled to turn over biometrics, including fingerprints and DNA samples. Other evidence, like direct answers to questions and things like memorized safe combinations, are considered testimonial and are protected by the fifth amendment.
This distinction between testimonial and non-testimonial evidence makes a certain degree of sense in traditional, non-digital contexts. It is hard to imagine a court system where defendants invoke the fifth amendment to avoid a DNA test, for example. In a digital context, however, it is hard to shake the feeling that biometrics used to unlock devices are little different than passwords, regardless of the traditional differences between testimonial and non-testimonial evidence. If an individual is compelled to unlock their phone, it is silly to consider the evidence that has been compelled to be the fingerprint itself. In reality, the individual has been compelled to turn over whatever data is on their phone. The existing case law creates a false dichotomy between passwords and biometrics, ignoring this crucial fact.
There is a case to be made that, as a practical matter, this distinction between biometrics and passwords has little effect on the real world. In most cases where biometrics could be compelled, the hardware itself has established limits on the use of biometric unlocks after a certain period of time. On most Apple devices, for example, the fingerprint reader has a 48-hour timeout after which it must be reactivated with a password. In these cases, law enforcement has only two days after the phone was last unlocked to secure a warrant for the device. As well, users can quickly deactivate the fingerprint reader by tapping the sleep/wake button five times, and tech-savvy users are likely to employ that functionality in any situation where they might encounter law enforcement. In all likelihood, the utility of the biometric carveout for law enforcement is limited, especially as tech companies seem to be aware of the role their devices play in the legal system.
However, despite these on-device protections, it is important that courts think carefully about this issue and the unique ways traditional distinctions between testimonial and non-testimonial evidence break down in the case of modern digital technology. As technology becomes an increasingly integral part of our lives, it becomes a part of ourselves and a part of our cognition much more than the safes and lockboxes of the past. In this reality, it is important to enshrine the information contained on devices as testimonial evidence, and as such protected by the fifth amendment. Without it, we risk the gradual erosion of that protection.