Over the last several years, biometric authentication – the use of unique identification features on the human body to provide secure access to buildings and electronic devices – has become ubiquitous. If you own a smart phone, there’s a very good chance you can unlock it using your fingerprint or a facial scan.
This development raises complicated legal questions, as such technologically advanced access tools were obviously not envisioned by the country’s Founding Fathers or by the legislators who spent decades building a statutory framework on top of the nation’s core constitutional principles.
Now, a ruling from a federal judge in California has extended Fifth Amendment protection to biometric data. It’s a decision that could have significant ramifications for privacy as the country’s tech industry continues to advance biometric authentication.
Biometrics Are Constitutionally Protected
The legal question with regards to biometrics is, essentially, one of compulsion. If the police arrest a suspect and find a mobile phone or other device that is secured by biometric authentication, can they compel the suspect to surrender the biometric data? Or is that data – the fingerprint, facial scan or other identifying feature – covered by the Fifth Amendment’s protections against self-incrimination?
As it stands, suspects cannot be forced to surrender their passwords. And in late January, Judge Kandis Westmore of the US District Court for the Northern District of California ruled that biometric data merited the same protections.
Police in Oakland had asked Judge Westmore to issue a warrant authorizing them to search a piece of property as part of an extortion investigation. They wanted Judge Westmore to sign a warrant that would compel anyone found at the scene to unlock their digital devices.
Judge Westmore said no, ruling that the request was “overbroad.” Specifically, she pointed out that the police named only two suspects but wanted permission to compel biometric data from anyone found at the scene. Judge Westmore said that the police had probable cause to search the location, but would need to narrow their warrant request to the two suspects.
Westmore went on to rule that biometric data qualified as “testimonial communication” under the Fifth Amendment, which meant they were protected by the Constitution and could not be compelled. The judge argued that compelling a suspect to unlock their phone using their fingerprint (or iris or facial scan) would amount to a forced self-incrimination.
Judge Westmore rejected the police’s comparison of biometric data to fingerprinting or DNA swabs, which are constitutionally permitted. As Judge Westmore wrote in her ruling, “Citizens do not contemplate waiving their civil rights when using new technology….”
Conflicts With Previous Rulings
Judge Westmore’s ruling is likely to be challenged, as it conflicts with previous opinions on the same issues. In 2016, a federal judge in Los Angeles issued a warrant compelling a woman who had recently been convicted on an identity theft charge to unlock her iPhone with her fingerprint.
And in 2014, a judge in Virginia Beach ruled similarly, saying that a suspect could be compelled to turn over his biometric data but not his password.
As a result, Americans should not be confident that their biometric-locked devices will be protected by the Fifth Amendment. A judge outside of the Ninth Circuit might well come to a different conclusion than Judge Westmore as to the status of biometric data.
In addition, law enforcement officials are legally allowed to “hack” or seek “back doors” into locked electronic devices, as the FBI did in the case of a phone belonging to the San Bernardino shooter in 2016 (after Apple refused to help the government access the phone).
However far Judge Westmore’s ruling extends, there’s no doubt the legal landscape relating to biometric data security will continue to evolve. Whether it can keep pace with technological advancement remains an open question.