Using a facial or fingerprint scan has made unlocking one’s phone a breeze — and many people assume it’s also more secure than typing in a traditional numerical passcode. Apple touts that if 1,000,000 strangers looked at your iPhone, approximately one could unlock it with Face ID while one in 50,000 for Touch ID. But does that actually mean no one can get in? 

Biometric security features protect against intruders, but what many don’t consider is the legal ramifications of using them. While traditional numerical passcodes are typically constitutionally protected — because it would require you to “testify” and divulge the password to the government — facial and fingerprint scans are generally not. States that wish to protect privacy rights need to change this by passing clear legal standards for law enforcement to follow that apply to modern technology.

When police want to search something physical, such as a car or backpack, the legal process is generally straightforward: either obtain consent or get a warrant. Lawmakers have spent years refining the rules on what law enforcement can and can’t do, and courts have spent significant time ensuring these search practices are constitutional. But technology and innovation move at a much quicker pace than lawmakers and courts, resulting in many unresolved questions surrounding how to legally gain access to electronic devices. 

If police get a warrant to search the contents of a person’s device, they typically need the owner’s help to access the information. Numeric passcodes are generally protected under the Fifth Amendment; forcing you to divulge the “product of your mind” would be “testimonial” and therefore unconstitutional, as you would incriminate yourself. The U.S. Supreme Court has held that the contents of your mind are testimonial, while physical features, such as blood or writing samples are not. Building on this standard, courts have decided that the act of sharing one’s passcode is inherently testimonial, and thus protected by the Fifth Amendment. But the act of looking at a phone or pressing a fingerprint to a phone, which requires no oral or written communication, has been controversial for the lower courts to decide on. 

If someone uses biometric security protections, can courts compel an individual to look at or touch their phone to unlock it? Law enforcement officials argue that they can compel a person to look at their phone or press their fingerprint to unlock it. If the person is unwilling to comply, police can hold them in jail for contempt of court — and they argue that doing so doesn’t violate the constitution. Many people believe that biometric features increase their security, yet based on the current case law, it may actually decrease it, making it easier for the government to access what’s inside. While many courts have ruled that biometric device locks are not protected, two recent court decisions dissent, and demonstrate the judicial uncertainty that exists.

View Comments

In January 2019, Judge Kandis Westmore in the U.S. District Court of Northern California denied the government a search warrant that would compel individuals to “press a finger or utilize other biometric features” to unlock digital devices, citing Fourth and Fifth Amendment protections. In response to other court decisions ruling that body parts are nontestimonial, she said that “utilizing a biometric feature to unlock an electronic device is not akin to submitting to fingerprinting or a DNA swab.” Further, “biometric features serve the same purpose of a passcode” which is constitutionally protected — and biometric data doesn’t always work, and a password has to be entered anyways.

In a similar ruling, Judge Ronald E. Bush in the U.S. District Court of Idaho denied law enforcement a warrant request in May 2019, where officers were hoping to compel an individual, accused of possessing illicit materials, to use his fingerprint to unlock his cell phone. He wrote that “compelling the use of the individual’s fingerprints violates the Fifth Amendment rights against self-incrimination because the compelled unlocking of the phone with fingerprints would communicate ownership or control of the phone” and the search and seizure “would not be reasonable under the Fourth Amendment.”

Utah lawmakers should recognize that Judge Westmore and Judge Bush are right and codify these views into law to better protect our privacy in the digital era. Both judges have espoused the view that individual privacy should be upheld, even when the technicalities don’t specifically match precedent of somewhat similar cases. The spirit of the Fourth and Fifth Amendment — to protect personal privacy and freedom — remains strong in these decisions, and instead of waiting for Utah courts to rule on such a case in the decades to come, lawmakers should promptly pass a law to apply these privacy principles to changing technology. Without such a law, our rights remains at risk.

Molly Davis is a policy analyst at Libertas Institute.

Looking for comments?
Find comments in their new home! Click the buttons at the top or within the article to view them — or use the button below for quick access.