William & Mary Bill of Rights Journal
Abstract
Roughly fifteen years ago, courts started to regularly confront a fact pattern that I refer to as the unlocking scenario. In this kind of case, the government seeks evidence on a criminal defendant’s digital device, but it cannot access it due to a sufficiently strong system of password protection or encryption. May the government compel the defendant to unlock the device, or would this compulsion make the defendant “a witness against himself”?
Courts gave different answers to this question right from the start, but their answers have started to diverge even more markedly in recent years, notwithstanding two formative papers on the topic by Orin Kerr and Laurent Sacharoff in 2019 and an ensuing wave of commentary. Today, the range of judicial positions is wide and complicated by doctrinal distinctions between different forms of technology, e.g., biometrics, encryption keys, and passwords.
The disagreement is fueled by aging Supreme Court precedents, but its root is conceptual. First, courts and commentators have assumed that the unlocking scenario calls for the application of the act of production doctrine, and its counterpart, the foregone conclusion doctrine. Unfortunately, these two doctrines have never been connected to an underlying rationale for the privilege. Second, there is uncertainty about how producing something (i.e., documents) should apply to unlocking a device. Does the latter act produce the device’s contents, or the password itself? Or something else? A third issue concerns passwords themselves. There has not been much said about what a password is other than that it is like a key.
In this Article, I approach the unlocking scenario through these live conceptual questions. I first distinguish between producing incriminating evidence and merely making it accessible. I then use that distinction to survey and evaluate the fragmented case law. Next, I question the overwhelmingly prevalent assumption that the unlocking scenario is governed by the act of production doctrine and the foregone conclusion doctrine. I argue that they are poorly suited to the unlocking scenario. Finally, I offer my own proposal. I argue, on the basis of a discussion of the nature of passwords as well as the purpose and precedential principles of the Fifth Amendment, that unlocking a device, even with a password, is not testimonial and not protected by the Fifth Amendment. The argument is of special interest because it does not depend on premises that would generally restrict the scope of the Fifth Amendment. Rather, I contend that the privilege is generous, and yet, that its generosity is qualified in the narrow case of passwords.