Woman ordered to type in iPhone passcode so police can search device

An Oregon appeals court last week decided that a woman who was high on meth when she crashed into a tree, seriously injuring one adult and five children passengers, can be forced to unlock her iPhone.

It’s not a violation of her Fifth Amendment rights against self-incrimination, the court said on Wednesday, because the fact that she knows her phone passcode is a “foregone conclusion.” Oregon Live reports that the court’s rationale is that police already had reason to believe that the phone in question is hers, given that they found it in her purse, the court said.

The foregone conclusion standard keeps cropping up in these compelled-unlocking cases. It allows prosecutors to bypass Fifth Amendment protections if the government can show that it knows that the defendant knows the passcode to unlock a device.

The woman in question, Catrice Cherrelle Pittman, was sentenced to 11 years in prison in March 2017.

According to court documents, at the time Pittman drove off the road and into a tree in June 2016, at the age of 27.

She pleaded guilty to second-degree assault, third-degree assault and driving under the influence of intoxicants (DUII). Prosecutors had wanted to use evidence from Pittman’s iPhone to help them build a case that she was also allegedly dealing meth, but that charge was later dismissed.

What does this change?

Ryan Scott, a criminal defense attorney in Portland who closely follows appeals cases, told Oregon Live that the ruling is an example of a continuing erosion of rights, given that federal case law has been heading in this direction for the past few years:

Our rights are a little less than they were yesterday. But for those of us following this area of law it’s not a surprise.

He’d be one to know, but it’s worth pointing out that the courts are far from marching in lockstep on this issue.

Some, but certainly not all, courts have decided that compelled password disclosure amounts to forcing the defendant to disclose the contents of her own mind – a violation of Fifth Amendment rights against self-incrimination.

One example is the decision that came out of the Florida Court of Appeal in November 2018 regarding a case that’s similar to that of Pittman, in that it involved an intoxicated person who crashed their car, leading to the injury or death of passengers, then refused to unlock their iPhone for police.

In Florida, the court refused a request from police that they be allowed to compel an underage driver to provide the passcode for his iPhone because of the “contents of his mind” argument about the Fifth Amendment.

But the Florida court also went beyond that, saying that whereas the government in the past has only had to show that the defendant knows their passcode, with the evolution of encryption, the government needed to show that it knew that specific evidence needed to prosecute the case was on the device – not just that there was a reasonable certainty the device could be unlocked by the person targeted by the order.

If prosecutors already knew what was on the phone, and that it was the evidence needed to prosecute the case, they didn’t prove it, the Florida court said at the time. From the order to quash the passcode request:

Because the state did not show, with any particularity, knowledge of the evidence within the phone, the trial court could not find that the contents of the phone were already known to the state and thus within the “foregone conclusion” exception.

Regardless of the “foregone conclusion” standard, producing a passcode is testimonial and has the potential to harm the defendant, just like any other Fifth Amendment violation would, the Florida court said. It’s not as if the passcode itself does anything for the government. What it’s really after is what lies beyond that passcode: information it can use as evidence against the defendant who’s being compelled to produce it.

In short, the Oregon decision doesn’t change the way all courts interpret these gadget-unlock, Fifth Amendment cases. What it does is to create yet another decision to which prosecutors and courts can refer when arguing and deciding future cases.

Can’t they just use their cracking tools?

As Oregon Live points out, some police departments already have tools to bypass the iOS lock screen – tools believed to be used by companies such as Grayshift and Cellebrite.

But the tools don’t always work. One example came up a year ago in a case concerning an investigation into a pedophile ring in the US state of Ohio.

With search warrant in hand, investigators searched a suspect’s house, demanding that he use Face ID to unlock the iPhone X that they found. He complied, which gave the FBI access to photos, videos, correspondence, emails, instant messages, chat logs, web cache information and more on the iPhone.

Or, at least, that’s what the search warrant authorized investigators to seize. However, they couldn’t get everything that they were after before the phone locked. A device can be unlocked by using Face ID, but unless you know the passcode, you can’t do a forensic extraction. The clock starts ticking down, and after an hour, the phone will require a passcode.

According to the suspect’s lawyer, the FBI wanted to use Cellebrite tools to get more data from his client’s phone, but they weren’t successful.