This week the New York Times published an op-ed which argued for allowing law enforcement officers with search warrants greater access to the cell phone data of criminal suspects. The piece was co-written by an impressive set of authors: the District Attorney of Manhattan, the chief prosecutor of Paris, the commissioner of the City of London Police, and the chief prosecutor of the High Court of Spain. They note that many modern cell phones are password protected, and that Apple and Google (whose operating systems together run about 96% of cell phones) no longer have a copy of that password and therefore police cannot access these cell phones even if they have legal authority to do so. The piece argues that once law enforcement officers have obtained a warrant (having thus proved to a neutral magistrate that there is probable cause to believe there is incriminating information on the cell phone), there should be no technical barrier (such as password protection) to extracting that information from the digital device. As they argue:
In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.
Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.
It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.
Judging by the comments posted by the Times, the op-ed was not well-received by the readership: readers argued that encryption protects our data from thieves and hackers as well as from police; that political dissidents and activists rely upon it to communicate safely; and (echoing Riley v. California) that the sheer amount of information on a cell phone means that they need to be protected, even from police officers with search warrants. The Electronic Frontier Foundation predictably warned that the piece was “nothing more than a blatant attempt to use fear mongering to further their anti-privacy, anti-security, and anti-constitutional agenda.”
It is hard to see what is “unconstitutional” about giving law enforcement access to information once they have obtained a warrant for that information. Just because we now have the ability to easily password-protect much of our personal data doesn’t mean that we somehow have greater constitutional rights in that information than we did twenty years ago. Indeed, if the police had a search warrant for a fine cabinet, they should be able to look inside the file cabinet whether or not the owner has locked it. The same argument should apply to cell phones–once a court has authorized the search, the police need to (and should be able to) conduct that search.
The real problem–and one that the authors of the op-ed do not really address–is how to go about ensuring that the police do have this ability once a warrant is issued. The op-ed merely states that “regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes.” But it is one thing to ask for a “balance” and another to figure out what laws need to be passed to ensure that balance. One option would be to require the manufacturers of digital devices to provide the government with a “master key” to every cell phone–but the danger of abuse in that context becomes quite obvious. Another option would be to require the companies that design operating systems to keep a copy of every password (thus making it illegal for Apple or Google to use the operating systems they are currently using)–but this seems like a particularly severe government intrusion into the private sector. Yet another option would be to allow police to compel the password from the owner of the device, but this raises serious Fifth Amendment questions. Some courts have held that forcing a suspect to give up his own password is akin to self-incrimination, citing a United States Supreme Court decision which stated that the Fifth Amendment protects a defendant from producing documents which may be incriminating.
In short, the op-ed correctly identified a problem, but was silent on the solution. Unless and until law enforcement officers develop the tools to break through password-protected phones, this problem will grow more and more severe until one of the more draconian solutions listed above becomes necessary.