Fingerprint, or Fifth Amendment Protection?

In 2019, most of us still use keys to lock up the protected contents of our house and car. In contrast, our personal devices, often where we store our most guarded information, are only protected by an iris, or a fingerprint. Recently, the federal district court of the Northern District of California was faced with the issue of whether biometric measures are just fingerprints, or something more. When discussing whether to consider if fifth amendment protections exist, they found “[t]o do otherwise would be a miscarriage of justice.”

In the case at hand, officers secured a warrant to search the “subject premises” in connection to an online extortion case. Officers had probable cause to show the suspects culpability and that they resided at the premises. However, the warrant issued to collect the devices connected to the crime also compelled all persons present at the “subject premises” at the time of the search to provide biometric information to unlock any potential device found on site. The court found this warrant to be overbroad in two distinct ways: in it’s compulsion of all persons present, not just the suspects of the crime; and in its inclusion of all devices found, not just those of the suspects.

However, the court identified a more profound constitutional issue, that the 5th amendment was violated when government agents used the warrant to compel the use of biometrics to open seized devices. They quickly acknowledged, “technology is outpacing the law,” and noted SCOTUS’s blessing in the Carpenter decision for lower courts to create law that is responsive, or even anticipatory, of burgeoning technology. Convenience continues to influence the direction new technology takes, and in the field of personal devices, biometric measures are becoming the leading method of accessibility. As popularity of biometric measures increases, so does the capacity, complexity, and sensitivity of data stored on such devices.

The court here considers the nature of biometrics, and quickly distinguishes them from acceptable forms of bio-data gathering, such as fingerprinting. Unlike fingerprinting, a biometric finger scan serves in lieu of a password, and provides not only the “face value” information of a fingerprint, but also access to a mass of data which would otherwise be encrypted. Additionally, the court found that compelling biometrics forces the compelled to concede ownership of the device because a “successful finger or thumb scan confirms ownership or control of the device, and, unlike fingerprints, the authentication of its contents cannot be reasonably refuted.” In essence, biometric measures become testimony that can incriminatingly link the evidence to any person who has biometric access to the device.

Although the court finds that cell phones contain “the [same] nonverbal, physiological responses elicited during a polygraph test,” it could be argued that the protections afforded to biometric measures are grounded as much in the “anatomical extension” rationale expressed in Carpenter as the testimonial nature of the polygraph test. The anatomical expression argument presented in Carpenter posits that cellular devices are so central to our daily lives, and subject to constant use, that the device has in effect become an extension of our anatomy. Arguably, biometric measures’ use of physical anatomy further strengthens this argument, which poses the question of whether biometric measures are also afforded protection under the 4th amendment, as given in Carpenter. If appealed, this case possesses the potential to become a landmark ruling in criminal procedure and constitutional law. The outcome on appeal would largely guide the courts growing consideration of intimate technology and the protections afforded to it. Additionally, any decision will likely impact the way that tech developers improve and change encryption. As we’ve seen before, Silicon Valley has no issue with prioritizing its customers at the government’s expense. Until this case gets some appellate facetime, biometric measures will continue to keep our data safe, until technology renders them obsolete, that is.

Chastan Swain, 25 February 2019