Abstract
Each year, law enforcement seizes thousands of electronic devices—
smartphones, laptops, and notebooks—that it cannot open without the
suspect’s password. Without this password, the information on the device
sits completely scrambled behind a wall of encryption. Sometimes agents
will be able to obtain the information by hacking, discovering copies of data
on the cloud, or obtaining the password voluntarily from the suspects
themselves. But when they cannot, may the government compel suspects to
disclose or enter their password?
This Article considers the Fifth Amendment protection against compelled
disclosures of passwords—a question that has split and confused courts. It
measures this right against the legal right of law enforcement, armed with a
warrant, to search the device that it has validly seized. Encryption cases
present the unique hybrid scenario that link and entangle the Fourth and
Fifth Amendments. In a sense, this Article explores whose rights should
prevail.
This Article proposes a novel settlement that draws upon the best aspects
of Fourth and Fifth Amendment law: the government can compel a suspect
to decrypt only those files it already knows she possesses. This rule follows
from existing Fifth Amendment case law and, as a corollary to the
fundamental nature of strong encryption, also represents the best
accommodation of law enforcement needs against individual privacy.