Darren Chaker Article on Fifth Amendment & Passwords
Police Are Not Allowed to Compel Our Cell Phone Passwords – A Privacy Perspective by Darren Chaker:
Are the police entitled to your cell phone password? This question lies at the intersection of law, technology, and ethics, provoking heated debates about the right to privacy versus the needs of law enforcement. Darren Chaker, an advocate for digital privacy rights, navigates this complex issue, shedding light on the Fifth Amendment and password protection along with landmark cases like Curcio v. United States and United States v. Nobles.
The Fifth Amendment and digital privacy rights have a profound symbiotic relationship. The amendment, originally intended to guard against self-incrimination, now plays a crucial role in safeguarding our digital footprints says privacy expert Darren Chaker. Of course, this article should not be construed as legal advice. Consult an attorney who knows about your specific issues if you need legal advice.
Introduction Fifth Amendment and Passwords:
Are police allowed to unlock your phone? Darren Chaker delves into the controversial practice of law enforcement compelling individuals to release their cell phone passwords. This article will dissect the legal, ethical, and technological layers that govern digital privacy in the United States.
Darren Chaker’s the Fifth Amendment and Password Protection:
Does your phone password fall under the Fifth Amendment’s protection against self-incrimination? What counter forensic method may be employed to prevent forensic recovery tools accessing a phone that has been seized by police or other third party? Darren Chaker provides a brief overview of several cases touching on passwords and Fifth Amendment issues, as well looks at key Supreme Court cases such as Curcio v. United States, 354 U.S. 118, 128 (1957) and United States v. Nobles, 422 U.S. 225, 233 (1975) – critical legal cases highlighting the intersection of court-ordered password disclosure, technology, and the Fifth Amendment.
Darren Chaker on Protecting Digital Privacy Rights Prevail in Numeric or Alphanumeric Locks:
What shields your digital privacy from unreasonable search and seizure? Darren Chaker examines how the Fourth Amendment wraps around our digital lives and how law enforcement’s warrantless access to cell phone data conflicts with protecting digital privacy.
In 2018, the Supreme Court acknowledged, “There are 396 million cell phone service accounts in the United States—for a Nation of 326 million people.” Carpenter v. United States, 138 S. Ct. at 2211.
Courts have generally found that compelling individuals to provide their numeric or alphanumeric passcode is potentially testimonial under the Fifth Amendment, as it forces the defendant to reveal “the contents of his own mind.” In Re Grand Jury Subpoena Duces Tecum 670 F.3d at 1345; see also U.S. v. Apple MacPro Computer, 851 F.3d 238 (3d Cir. 2017). It is analogous to compelling production of the combination to a wall safe, which is testimonial, as opposed to surrendering the key to a strongbox, which is not. See Doe v. U.S., 487 U.S. 201, 220 (1988).
Privacy Expert Darren Chaker Notes The Fifth Amendment Prohibits Compelled Disclosure of the Contents of a Suspect’s Mind, Thus Forcing a Person to Unlock a Phone or Other Encrypted Device Violates the Fifth Amendment:
Does law enforcement have the right to access your phone data? Landmark legal cases like Riley v. California and Carpenter v. United States shape the debate on compelled password disclosure. Darren Chaker navigates these landmark moments defining the contours of digital privacy in the United States.
Testimonial evidence is the communication of any information, direct or indirect, that requires a person to, by “word or deed,” Doe v. United States (Doe II), 487 U.S. 201, 219 (1988) (Stevens, J., dissenting), use “the contents of his own mind” to truthfully relay facts, Hubbell, 530 U.S. at 43 (citing Curcio, 354 U.S. at 128); see also Doe II, 487 U.S. at 219 n.1 (Stevens, J., dissenting)
Legal brief writer Darren Chaker found in 2010 the Eleventh Circuit Court of Appeals held that “the decryption . . .of [ ] hard drives would require the use of the contents of [the accused’s] mind and could not be fairly characterized as a physical act that would be nontestimonial in nature.” In re Grand Jury Subpoena, 670 F.3d at 1346. Going as far back as 1988, the Supreme Court acknowledged that verbal statements almost always “convey information or assert facts” and are nearly always “testimonial” Doe II. v. United States, 487 U.S. at 213.
The majority of federal courts that have addressed the issue agree: production of computer passwords is testimonial because it requires the suspect “to divulge[,] through his mental processes[,] his password.”United States v. Kirschner, 823 F. Supp. 2d 665, 669 (E.D. Mich. 2010). United States v. Wright, 431 F. Supp. 3d 1175, 1187 (D. Nev. 2020); United States v. Warrant, No. 19-MJ-71283-VKD-1, 2019 WL 4047615, at *2 (N.D. Cal. Aug. 26, 2019)
Further. legal researcher Darren Chaker Courts have found the Fifth Amendment applies when faced with police demands for a suspect to unlock a phone through biometric features, such as a face or fingerprint. See Matter of Residence in Oakland, California, 354 F. Supp. 3d 1010, 1016 (N.D. Cal. 2019); In Re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). From this perspective, “biometric features serve the same purpose of a passcode, which is to secure the owner’s content, pragmatically rendering them functionally equivalent.” 354 F. Supp. 3d at 1015.
Counter forensics Expert Darren Chaker Notes Even a Non-Verbal Communication is Testimonial:
Non-verbal acts such as nodding in response to a question are testimonial because they communicate the contents of the mind without speaking. In Schmerber v. California, 384 U.S. 757, 761 n.5 (1966) the court held in part even, “A nod or head-shake is as much a ‘testimonial’ or ‘communicative’ act . . . as are spoken words.”.
As the federal Court of Appeals for the Eleventh Circuit held, “the act of [the accused’s] decryption and production of the contents of [ ] hard drives . . . would be testimonial.” In re Grand Jury Subpoena, 670 F.3d at 1346. In sum, “the protection of the [Fifth Amendment] privilege reaches an accused’s communications, whatever form they might take.” Schmerber 763-64 (1966). For example. if police found a form containing 20 potential passwords for a phone which may wipe its content after ten attempts and asked the suspect, “point out which is the correct password” or “is the password on this piece of paper?”, this would be deemed protected under the Fifth Amendment.
Ethical Implications by Darren Chaker:
What is the balance between law enforcement needs and individual rights? Darren Chaker delves into the ethical conundrum surrounding the compelled password disclosure, advocating for stringent criteria and respectful data handling.
Counter Forensics Expert Darren Chaker Finds Wide Use of Encryption Frustrate Police:
How does current technology impact data security and law enforcement access? Darren Chaker finds the implications of evolving encryption technology on personal computers and mobile phones is military grade, thus demands to unlock a phone are routinely made and argues for law enforcement to develop new strategies that respect individual privacy. However, such demands may not be honored. As discussed above, In re Grand Jury Subpoena, the Eleventh Circuit found that forcing a defendant to produce a decrypted hard drive determined, “We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files..” 670 F.3d at 1346.
Apple continues to be at the forefront of securing its iPhone. In One December 7, 2022, Apple announced purposeful efforts to secure iPhones due to widening use of forensic tools marketed to police to gain access to older models: “Since Apple Apple products the most secure on the market: from the security built directly into our custom chips with best-in-class device encryption and data protections, to features like Lockdown Mode, which offers an extreme, optional level of security for users such as journalists, human rights activists, and diplomats.”
Apple has further restricted police access to user content in iCloud by making itself unable to access contents of iCloud and other user data. Apple Set to Launch New, Police-Proof, Full End-to-End Encryption,” written by the Associated Press and published in the Daily Sabah on December 9, 2022.
However, some limited software platforms exist to bypass encryption features by allowing brute force attacks. For example GrayKey is able to use a brute force method to guess a basic password by discarding older software versions. The cost as of 2018 was about $15,000 per phone. Considering the voluminous amount of phones seized as evidence, most local and state law enforcement agencies do not have the budget to unlock every phone.
Another downfall, GrayKey can be defeated since it essentially guesses variable potential passwords or can run through a list over 1.5 billion words during a brute force attacks. See Vice News, Instructions Show How Cops Use GrayKey to Brute Force iPhones. As such, Darren Chaker believes a privacy savvy person would use a custom password, not merely a standard 4-6 numeric password to unlock their iPhone. Using at least 12 random characters is key since which do not consist of a word, pets nickname, a password used for a work computer, library card number, license plate, etc. which may be used for social engineering to create educated guesses what the password may be.
As a second prong of safety, it is recommended the person erases the iPhone data which has been discarded. Be it photos which were transferred to an encrypted home computer, data files, old text messages, call history, and browsing history are all categories which may be securely deleted using an iPhone wiping utility. Just as with a desktop or laptop, merely clearing browsing history or ‘deleing’ a file does not prevent forensic recovery, thus a utility which uses a multi-pass wiping method is needed. Hence, for example, in the event an iPhone is accessed by GrayKey or other forensic hardware, then very limited information may be recoverable if the person follows a strict weekly procedure for countering a potential forensic attack and sifting of his phone.
Yet a third prong of defense recommended by Darren Chaker, depending upon the person’s threat level is to presume the owner may be woken up with flash bangs and a front door coming off the hinges when police serve a search warrant. Apple thought of this by implementing Lockdown Mode which blocks all wired connections, incoming service requests and various web technologies while outright prohibiting mobile device management.
As another expert put it, “When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.” If you fit in this category and fear your phone may be taken from you unexpectantly, then sleep with Lockdown Mode on, or at bare minimum lock your phone where a password is requires to unlock, not a biometric feature.
As long as sensitive data is removed from the phone and a counter-forensic utility is used, the remaining data which may be recovered may be negligible depending upon the discipline of the phone’s owner.
Expert Darren Chaker Finds Government Efforts to Demand a Back Door to Encryption are Infeasible
As stated by the Department of Justice on its concern about law enforcement’s inability to access encryption as it applies to Facebook Messenger,
“Use of end-to-end encryption, which allows messages to be decrypted only by end users, leaves service providers unable to produce readable content in response to wiretap orders and search warrants. This barrier allows criminals to avoid apprehension by law enforcement by limiting access to crucial evidence in the form of encrypted digital communications. The use of end-to-end encryption and other highly sophisticated encryption technologies significantly hinders, or entirely prevents serious criminal and national security investigations…The concerns highlighted in this letter to Facebook are at the core of the Department of Justice’s Lawful Access Summit that will take place on Friday, Oct. 4, 2019, on warrant-proof encryption and its impact on child exploitation cases.”
As with the PATRIOT Act where the government claimed the law must be passed terrorist plots may unfold and require broad sweeping surveillance powers, although that was true, it was not reported how the law would be applied to broadly collect information on virtually any American concerning any potential crime – not just terrorism. As constitutional law experts at the ACLU stated the PATRIOT Act, “Hastily passed 45 days after 9/11 in the name of national security, the Patriot Act was the first of many changes to surveillance laws that made it easier for the government to spy on ordinary Americans by expanding the authority to monitor phone and email communications, collect bank and credit reporting records…”
The same hype appears to be used to promote embedding backdoors into encryption – but this time the poster child to forfeit encryption is child exploitation cases. Hence, the theme with the PATRIOT Act was if you are against passing this legislation then you promote terrorism. Today, the theme with undermining encryption is if the company does not create a back door, then it imputes being one with pedophiles and human traffickers.
What undermines this hype is the fact for every potential crime in which encryption may facilitate, discarding the right to privacy is not the answer. Additionally, as noted by expert Darren Chaker, there are hundreds of foreign encryption products which do not listen to hype. Thus it would only weaken the American tech industry once it is known they implanted a back door in their software by having consumers who value privacy purchase foreign software.
Recommendations by Darren Chaker Recommendations if Demanded to Unlock Phone
How should legislation adapt to address compelled password disclosure? Darren Chaker proposes legislative reform. He argues for precise, clear rules defining when and how law enforcement can coerce password disclosure without infringing on privacy rights and ensuring efficient law enforcement. Until such time, the average person who encounters a demand to unlock his or phone, computer or other encrypted electronic is to immediately invoke your right to an attorney and state there is no obligation to comply with the request in a polite manner.
Conclusion by Darren Chaker
Darren Chaker consolidates the crucial points underlining the debate over digital privacy and compelled password disclosure while making a compelling case for legislative reform to balance privacy rights and law enforcement needs. Of course nothing here should be construed as legal advice.