Late last year, Thomas Fox-Brewster of Forbes uncovered a strange search warrant among a pile of unsealed documents. The warrant — approved by a magistrate judge — allowed law enforcement officers to demand that everyone present at the searched location provide their fingerprints to unlock devices seized from the same location.
In support of its request, the government cited cases dating back to 1910, as though they had any relevance to the current situation. The most recent case cited was 30 years old — still far from easily applicable to today’s smartphones, which are basically pocket-sized personal data centers.
The judge granted it, stating that demands for fingerprints, passwords, or anything (like encryption keys) that might give law enforcement access to the devices’ content did not implicate the Fourth or Fifth Amendments. While the magistrate was correct that no court has found the application of fingerprints to unlock devices to be a violation of the Fifth Amendment, the other access options (passwords, encryption keys) might pose Fifth Amendment problems down the road.
Riana Pfefferkorn has uncovered a similar warrant request, but this one has been rejected by the magistrate judge. Pretty much across the board, the order is the antithesis of the one revealed last year. The judge finds [PDF] that the broad request to force everyone present at the residence to apply their fingerprints to seized devices to unlock them implicates multiple Constitutional amendments.
The issues presented in this warrant application are at the cross section of protections provided by the Fourth and Fifth Amendments. Essentially, the government seeks an order from this Court that would allow agents executing this warrant to force “persons at the Subject Premises” to apply their thumbprints and fingerprints to any Apple electronic device recovered at the premises. (See Attach. B, tT 12.) The request is neither limited to a particular person nor a particular device. And, as noted below, the request is made without any specific facts as to who is involved in the criminal conduct linked to the subject premises, or specific facts as to what particular Apple-branded encrypted device is being employed (if any).
The judge notes the government is able to detain and search persons located at the premises being searched, but that does not extend to forcing every single person in a residence at the time of a search to comply with attempts to unlock seized devices. Because the warrant affidavit contained no particularity about the devices or who in the household the government suspected of engaging in criminal activity, the court can’t find anything that justifies the broad, inclusive language contained in the request.
This Court agrees that the context in which fingerprints are taken, and not the fingerprints themselves, can raise concerns under the Fourth Amendment. In the instant case, the government is seeking the authority to seize any individual at the subject premises and force the application of their fingerprints as directed by government agents. Based on the facts presented in the application, the Court does not believe such Fourth Amendment intrusions are justified based on the facts articulated.
The court has other problems with the affidavit — beyond the government’s unwarranted extension of Fourth/Fifth Amendment jurisprudence to cover any devices/fingerprints encountered at a searched location. Early in the order, it notes the government is deploying boilerplate nearly as outdated as its case citiations.
Despite the apparent seriousness of the offenses involved, the Court notes that some of the “boilerplate” background information included in the warrant is a bit dated, such as its explanation that “[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;” its explanation that a “Blackberry” is a common “Personal Digital Assistant” and its suggestion that the use of “cloud technology” is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer.
The judge notes outdated boilerplate isn’t enough to undo probable cause assertions, but it certainly doesn’t help — especially not when the government is requesting this sort of broad permission.
The inclusion of this somewhat dated view of technology certainly does not distract from the application’s goal of establishing probable cause. However, the dated “boilerplate language” is problematic for what is not included. There is absolutely no discussion of wireless internet service and the possibilities and capabilities that wireless service presents in this context. For example, an unsophisticated intemet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously. Such practices leave open the possibility that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises.
Obviously, this possibility holds true in all investigations that track the investigation outlined in the instant application. The limitations of this investigation are not fatal to establishing probable cause, but, in the Court’s view, these limitations do impact the ability of the government to seek the extraordinary authority related to compelling individuals to provide their fingerprints to unlock an Apple electronic device.
Then there’s the other assertions. The government’s application does nothing to narrow down which resident it’s seeking or what device(s) might contain evidence of criminal activity. What it does appear to be certain about — for reasons not included in the application — is that the devices it seeks are Apple products. A footnote in the order questions this assertion.
Why Apple devices are likely to be found at the premises is not explained. The Court is aware that Apple has a large market share in online hardware, but Microsoft’s Windows operating systems continue to dominate the overall market share of operating systems used.
What makes these broad, unsupported assertions even worse, especially when combined with the outdated boilerplate, is that this is apparently the direction the government is heading with its search warrants.
In closing, upon presentation of the warrant application to this Court, the government identified for this Court that the warrant application was seeking the forced fingerprinting discussed herein. The government further noted “[t]his is the language that we are making standard in all of our search warrants.” This declaration of standardization is perhaps the crux of the problem. As the Court hopes it is plain from the above, the issues presented here require a fact-intensive inquiry both for purposes of the Fourth Amendment and the Fifth Amendment.
More particularity, better probable cause, and fewer assumptions about the Fourth and Fifth Amendment’s application in a post-Riley world are what’s needed from the government, according to this order. Even though this application was rejected, it’s safe to say this same approach has worked elsewhere. We’ve seen one approved warrant already and there are likely several more safely hidden from the public eye in the government’s multitudinous sealed cases.
What’s troubling about the government’s assertions in this application is its apparent belief it’s found an encryption workaround: one that blows past Fourth and Fifth Amendment concerns using little more than boilerplate that still considers cables to be an essential part of “cloud computing,” and magistrate judges willing to buy its outdated legal arguments.