A federal magistrate in Los Angeles ordered the girlfriend of an alleged gang member to open her phone using her fingerprint so prosecutors could look at the data on it for a case they were working on, the Los Angeles Times reported last week.
Paytsar Bkhchadzhyan, 29, of Los Angeles pleaded no contest to identity theft earlier this year. Within 45 minutes after she was taken into custody, U.S. Magistrate Judge Alicia Rosenberg issued a warrant to force Bkhchadzhyan to press her finger to her iPhone to open it, according to the paper.
What authorities were looking for on the phone was unclear. It reportedly was seized at a residence connected to Sevak Mesrobian, who was identified as Bkhchadzhyan’s boyfriend and a member of the Armenian Power gang.
No Fifth Amendment Protection
Although the Fifth Amendment to the U.S. Constitution protects citizens from self-incrimination, that protection doesn’t extend to opening mobile phones with a fingerprint, according to Paul Rosenzweig, aGeorge Washington University professorial lecturer in law.
“None of your physical characteristics are subject to Fifth Amendment protection,” he told TechNewsWorld.
“You don’t have a right to refuse to stand in a lineup,” Rosenzweig said. “You don’t have a right to refuse an order to give your fingerprint to be compared to fingerprints at a crime scene.”
The Fifth Amendment protects only things that are testimonial in nature.
“There are requirements before the Fifth Amendment can apply, and one of those requirements is that whatever the government is trying to get you to do needs to be testimonial, it needs to convey something about what’s going on in your mind,” said Jennifer Lynch, a senior staff attorney with theElectronic Frontier Foundation.
“Because the fingerprint in this case could be interpreted to be a physical act, the judge thought it was all right to issue the order,” she told TechNewsWorld.
However, many courts have found that the Fifth Amendment does protect a passcode or PIN — considered a less secure way to protect access to a phone.
“About 85 to 90 percent of the court cases are going in favor of you not being required to give up your PIN,” Rosenzweig said. “It’s an oddity that the law protects the less secure access methodology.”
Many people negate that protection by writing down their passwords and PINs. “They can force you to give them all pieces of paper on which your PIN is written down,” he noted.
“It’s one of the reasons why I tell people, ‘Don’t write down your passwords,'” Rosenzweig added.
One potential outcome of decisions like the one in the Bkhchadzhyan case is that criminals, as well as others who want to protect their privacy, will avoid biometrics.
“If I’m a criminal and I’m storing data my phone, I’d stop using biometrics and go back to using a PIN because they can force me to put my fingerprint on my phone, but nobody can force me to tell them the password,” said Vishal Gupta, CEO ofSeclore.
“So the real effect of this incident is that people will stop using fingerprints and go back to using passwords,” he told TechNewsWorld.
Consumers are being forced to choose between security and privacy, the EFF’s Lynch said.
“It’s difficult to remember long passcodes, and a biometric stored on the phone can be a safe way to encrypt information on your phone,” she noted.
However, the law in the area of the search and seizure of electronic devices is fluid, pointed out Darren Oved, a partner withOved & Oved.
“The law is evolving, and because it’s becoming so prevalent, in the next 18 to 36 months we’ll have a body of case law that’ll be more refined,” he told TechNewsWorld.
Of course, there are legislative options.
“Nothing in the world prevents a legislature from protecting fingerprints in these cases,” Rosenzweig said. “It’s perfectly appropriate for the Congress of the United States to say fingerprints are protected as if they were PINs on phones.”