MN Supreme Court: OK to demand suspect’s fingerprint to unlock phone

You’re not protected by the Fifth Amendment’s right against self-incrimination when a judge orders you to use your fingerprint to unlock your cellphone, the Minnesota Supreme Court ruled Wednesday.

The state’s high court backed a January 2017 ruling by the Minnesota Court of Appeals in the case of Matthew Vaughn Diamond, who had been convicted by a jury of burglary and theft charges in the break-in of a home in Chaska and sentenced to 51 months in prison.

In the investigation, a detective had obtained a search warrant for Diamond’s cellphone but was unable to unlock it, so a judge ordered Diamond to use his fingerprint to unlock it. Diamond challenged the order, arguing it violated his constitutional right not to incriminate oneself.

His attorney argued that by unlocking the cellphone, Diamond was providing incriminating information.

Minnesota justices on Wednesday, though, said that while the Fifth Amendment bars a state from forcing “oral and physical testimonial communications from a defendant,” that’s different than seeking physical evidence, like a fingerprint.

“Diamond merely provided his fingerprint so that the police could use the physical characteristics of the fingerprint to unlock the cellphone,” the court wrote. Since using a warrant to get physical evidence from Diamond’s body “did not reveal the contents of his mind, no violation of the Fifth Amendment privilege occurred.”

  • Use a pattern unlock, since demanding that would constitute “revealing the contents of your mind”. Note, though, that you should regularly clean your phone’s screen to avoid leaving a visible smear that reveals the pattern unlock. Presumably facial recognition unlock would also fall into the same category as fingerprints. The 4th Amendment is already in tatters, but we do what we can, I guess.

    • jon

      Pin, or password. (password is best, pin is ok) they will use the same part of the screen as the keyboard, which is already going to be smudged up from being used as a keyboard.

      Patterns might be protected from the government but as you pointed out the smudges on your screen will give it away.

      • Yes, a password or pin is better, but only if it isn’t too much trouble, given how often phones need unlocking. I use an Android feature on mine that keeps it unlocked at home as long as it’s not left alone too long. This is determined by the location hardware and motion sensor. It’s a compromise for convenience that is unlikely to be a security issue. It’s hard to believe, but lots of people don’t use security at all – yikes!

        • Jared

          I can’t imagine many people these days have much on their phone that couldn’t already be found on their social media. Not sure what the advantage of locking their phone would be if that’s the case.

          • Jack Ungerleider

            Call history and text messages would be on the phone and not on social media.

          • Also many images and videos, browsing history, location data, email messages and whatever apps you use – open a fishing expedition to every app company. User preferences and saved passwords also, plus probably access to your Nest and Amazon Echo accounts, showing when you have been at home, what you asked Echo, and on and on.

          • Call history may also be with the carrier.

    • BJ

      Yeah in a world of crazy people what does – unreasonable searches and seizures – mean anymore.

  • wjc

    Interesting outcome for tech consumers. So if the cellphone had been locked with a PIN number or a password, would that have changed the outcome? Has that been litigated? If I don’t have to talk to the police, I can’t see how I can be compelled to supply a password, PIN or an unlock pattern.

    • jon

      it has been litigated. Pins and patterns are in your brain and are secured from the government, biometrics are a grey area (well not in minnesota any more) until the courts rule on it.

      • Dan

        “Pins and patterns are in your brain and are secured from the government”

        Still up in the air, isn’t that? There’s a defendant currently sitting in jail (for two years now) on contempt of court charges, because he won’t provide a password to decrypt a hard drive. He’s appealed to the SCOTUS, case 17-3205, “United States vs. APPLE MACPRO COMPUTER APPLE MAC MINI COMPUTER APPLE IPHONE 6 PLUS CELLULAR TELEPHONE, WESTERN DIGITAL MY BOOK FOR MAC EXTERNAL HARD DRIVE, Western Digital My Book Velociraptor Duo External Hard Drive”

        “I forgot” has been used successfully as a defense, but I’m not sure it’s bulletproof.

      • Laurie K.

        “it has been litigated”. Really, what are you cites? As far as I know there is no U.S. Supreme Court decision on it and I know there is no Minnesota decision from either the Minnesota Court of Appeal or Minnesota Supreme Court on whether a password is protected under the Fifth Amendment.

        • jon

          Multiple US district courts.

          Virginia, Pennsylvania, Florida etc.

          • Laurie K.

            District court decisions do not set legal precedent. Until it’s decided by either the U.S. Supreme Court or Minnesota Supreme or a published Minnesota Court of Appeals, there is no legal standard for whether having to give a password violates a defendant’s Fifth Amendment rights.

          • jon

            So let’s start with
            1) It has been litigated.
            2) Multiple courts have found that pins and passwords are protected.
            Since that was my claim, and those things appear to still be true, that will remain my claim.

            As for precedent…

            It seems you are applying a very specific definition to a very broad term.

            I believe you are talking about vertically binding precedent… (also you left out the US appellate courts from your list of courts).

            https://en.wikipedia.org/wiki/Precedent

          • You know you’re arguing with an attorney, right?

          • Laurie K.

            I am not an attorney. I have, however, been working in the legal field for three decades. I do legal writing and research which is why I have a bit of knowledge of legal issues.

          • Laurie K.

            True, Federal Court of Appeals decision based upon an interpretation of the U.S. Constitution would be stares decisis. A challenge, in Minnesota as to whether forcing someone to give up a password violates a person’s Fifth Amendment rights would likely be based upon both the U.S. Constitution and the Minnesota Constitution, so a federal decision could set precedent, but only as it applied to the U.S. Constitution. A State court would have to ultimately decide whether a citizen has more protections under the state constitution.

    • Jay Sieling

      The Supreme Court has not weighed in on that question yet. A footnote in the decision points this out: “We do not decide whether providing a password is a testimonial communication.”
      Other cases have though – particularly in regard to compelling the decryption of computer files. Since a pin or password is an object of knowledge, not a physical characteristic – it would still be protected by the Fifth Amendment privilege.
      I wonder if a password could be compelled by warrant or subpoena from a third party though? The Fifth may protect you from revealing your account number and password, for example – but could the government compel that information from a service provider?

      • Jack Ungerleider

        (not a lawyer, but I am an IT guy)
        Even if they could compel the account information the provider would not have access to the password. Most systems use “one way” encryption for storing passwords. They may be able to compel the provider to change the password, but I would think that comes close to the “no knock” warrant situation we heard about last summer with regard to Paul Manafort. I’m not sure what Law Enforcement has to provide the court to get one of those.

  • jon

    How long for a judge to issue a warrant in the state?
    After a few hours my phone doesn’t accept just a fingerprint but requires a pin…

    It also requires a pin on boot up… When I was doing jury duty I had to surrender my phone to a ramsey county sheriff during deliberations… I powered it off (completely off) before handing it to him, the most secure a phone can be is when it’s powered off (even powering it on doesn’t decrypt anything until the pin is entered, so even some of the more advanced methods of decapping chips to probe individual memory cells is fruitless at that point, only way to decrypt the data at that point that I’m aware of is with the key, which is locked by the pin.)

    Ultimately I’m waiting for the quick record option… something that will work like the double tap on the power button bringing up the camera on my phone presently does… something that will instead, with no outward appearances, disable the fingerprint scanner, record audio and video on both front and back camera, record acceleration, temperature and any other sensor data the phone has, and store them on the phone deleting them only if there is a need free up space and only after the phone can confirm the data has been uploaded to a server somewhere. Something that would keep doing that until the battery died.

    Any time you have an encounter with law enforcement (or encounter you think you will need a recording of afterwards, or have concerns about your phone being taken from you) trip that mode.

  • Ben Chorn

    I could have sworn I had heard about this before…

    Turns out exactly 1 year ago: https://blogs.mprnews.org/newscut/2017/01/court-no-5th-amendment-protection-against-being-forced-to-unlock-phone/

    • Stranger in the Alps

      That was the court of appeals. This is the supreme court.

  • Jack Ungerleider

    In two factor authentication the usual definition of what makes it better is that person attempting to log in to a device, account etc. needs “something you have” and “something you know”. The way that chip enabled debit cards work is an example. The “something you have” is the card with the chip. The “something you know” is the pin for the account. In the case of the cell phone, the fingerprint is “something you have”, the pin or pattern is “something you know”. While its possible to set the phone unlock to require both, most people don’t choose that option.

  • EarthToBobby

    And that’s why you don’t use the biometric lock.