Smartphone Passwords Protected By 5th Amendment

Smartphone PasscodeIn the case of SEC v. Bonan Huang et al, a federal court in Pennsylvania has ruled that forcing people to give up their smartphone passwords to investigators is a violation of their Fifth Amendment protections against self incrimination.

The issue involves Securities and Exchange Commission investigators who are trying to force two insider trading suspects to give up the passwords to their smartphones so that the government’s investigators can look at their “personal thought processes.”

However, United States District Judge Mark Kearney decided last Wednesday against the investigators, stating: “We find, as the SEC is not seeking business records but Defendants’ personal thought processes, Defendants may properly invoke their Fifth Amendment right.”

The case of SEC v. Bonan Huang et al involves two data analysts who worked for Capital One and allegedly turned $150K into $2.8 million by trading stocks using inside information that they had access to on their jobs. SEC investigators believe that their mobile devices contain evidence to support the insider trading charges against them and have tried to force the analysts to reveal their passwords.

Although the phones in question belong to their employer, Capital One, the passcodes were chosen by the analysts themselves.

The analysts refused to reveal their passwords and their lawyers argued that the analysts were protected against self incrimination by the Fifth Amendment. Judge Mark Kearney agreed with the defendants and stated that the SEC investigators appeared to be on a fishing expedition against the two analysts.

Judge Kearney noted that the SEC did not show that any of the requested documents existed on the analysts’ smartphones and that simply possessing the smartphones is not enough to demand the passcodes if the SEC is not able to prove what is actually on the phones.

At the moment there is no law that forces tech companies to offer backdoor access to locked electronic devices to investigators and law enforcement. As a result, law enforcement has tried to force suspects to give up passwords and passcodes in order to gain access to these devices in criminal investigations.

So far, the United States Supreme Court has not ruled on the constitutionality of forcing people to turn over their passwords to police or other authorities.

For the time being, smartphones that are locked with passwords get more legal protections than smartphones that are locked using biometric identification like fingerprints. Past court decisions have decided that it is not unconstitutional to force people to use their own fingerprint data to give law enforcement access to their locked electronic devices.

This seems odd, since the legal issue is really whether law enforcement and government investigators have the right to access whatever they want on a person’s phone with a “fishing expedition” and not whether the phone is secured by a passcode or a fingerprint.