California Judge Makes Major Decision in Biometric Privacy Rights

A California judge ruled that the government can not force any person involved in an investigation to use biometric means, such as a fingerprint, thumbprint, face or iris scan, to unlock a phone or other device. This decision is potentially major, and could affect personal privacy rights everywhere in the future.

US Magistrate Judge Kandis Westmore of the Northern District of California ruled that federal authorities were potentially in violation of the Fourth and Fifth Amendments by coercing an individual to unlock a device for search with biometric means. This had been allowed previously despite passwords and PIN numbers being protected under the Fifth Amendment.

A New Frontier

The government had considered using a thumb press or facial scan to unlock a device the same as submitting a fingerprint or a DNA sample. The thinking was that since investigators could require an individual to give their fingerprints as evidence they could also ask them to use their fingerprints to open a phone or device. Westmore’s decision forbids this and classifies biometrics as testimonial like passwords and PINs which must be spoken to be given, and are therefore protected by the Fifth Amendment.

Biometric access to a device can confirm ownership or use of the device and therefore makes arguing against any incriminating information that’s found difficult. This is another violation of established Fifth Amendment rights, yet this has been largely untested.

Technology Moves Faster than the Law

The order comes as the result of a case involving extortion carried out through Facebook Messenger in which two individuals allegedly threatened to release an embarrassing video of the victim unless he paid them. In its investigation of this case the government applied for a warrant that included all phones and computers on the premise, regardless of to whom they belonged, and the stipulation that these devices all be unlocked using biometric means in order to be searched.

Westmore deemed this too broad a request and a violation of the Fourth and Fifth Amendments. She cited Supreme Court case Carpenter v United States, which dealt with advancing technology and the Fourth Amendment. “Courts have an obligation to safeguard constitutional rights and cannot permit those rights to be diminished merely due to the advancement of technology. Citizens do not contemplate waiving their civil rights when using new technology, and the Supreme Court has concluded that, to find otherwise, would leave individuals ‘at the mercy of advancing technology,’” Westmore said in her order.

Going Forward

Westmore’s order could set a precedent across the nation. As biometrics become more popular and have more applications, such as for authorizing payments or transactions, cases involving their use will increase. A US Magistrate judge in Illinois made a very similar decision in 2017, one cited in Westmore’s order. These two cases were perhaps the first in biometrics privacy law but certainly not the last.

American Civil Liberties Union attorney Brett Max Kaufman, who was involved with Carpenter v United States, feels confident that this is only the beginning of such cases since we have widely adopted biometrics as a way to protect devices. “I think we’re going to see a lot more judges take on this analysis,” he says.