Two Florida cases suggest that if you really, truly can’t remember your iPhone or Android password, don’t hand over mumbo jumbo and then claim to have given the cops your password.
Case in point: Christopher Wheeler. He gave cops something he claims was his password, only to have them fruitlessly jab in characters without managing to unlock his phone.
The 41-year-old from Hollywood, Florida, was sentenced on Tuesday to 180 days in jail over the password/not-a-password. As the Miami Herald reports, he was convicted for contempt of court for failing to unlock his Android phone to authorities looking into a child abuse case.
Wheeler had been arrested on March 6 for aggravated child abuse, domestic violence and child neglect after detectives said he repeatedly assaulted his daughter, causing “severe bruising, swelling and scratches,” according to documents filed in Broward Circuit Court in Florida.
When he was arrested, police seized Wheeler’s Android smartphone. They’ve argued that it contains photographic evidence of the alleged crimes. They want to get at photos of the alleged crimes, but that passcode is locking them out. Wheeler was convicted on the contempt charge on May 12 and was sentenced to 180 days during a sentencing hearing Tuesday in Fort Lauderdale.
It will all go away once Wheeler forks over a password that works, Circuit Judge Michael Rothschild wrote:
Should defendant provide a password which unlocks the phone prior to sentencing or thereafter, the court will purge the contempt and vacate the sentence.
But I did give them my password, a distraught, handcuffed Wheeler told the judge, according to the Miami Herald:
I swear, under oath, I’ve given them the password.
Wheeler is Florida phone passcode case No. 1.
Florida passcode case No. 2 is that of Wesley Victor. Victor, along with his reality show girlfriend Hencha Voigt, have been charged with extorting social-media celebrity Julieanne Goddard, better known as YesJulz, the “Queen of Snapchat”.
Both Victor and Voigt have been ordered by a judge to produce passcodes to unlock their phones, where police suspect they’ll find text messages showing that the duo last year colluded to demand $18,000 from YesJulz in exchange for not leaking sex videos taken from her phone. YesJulz’s phone had mysteriously disappeared during a party that Voigt also attended.
Wesley Victor did not hand over a bowl of tangled noodles and claim that it was his passcode. Rather, as the Miami-Herald reports, he told the court that he simply didn’t remember the number.
Give me a break, you may well be thinking, particularly if you recall the Pennsylvania court that wasn’t impressed by the “I forgot” excuse in March.
In Pennsylvania, it was a “John Doe” who “forgot” the passwords needed to unlock external hard drives that the Justice Department believes contain child abuse imagery. Make that strongly believes: investigators had found the telltale hash values of known abuse images and presumed that those images had been downloaded to the external drives.
Doe had argued that he wasn’t in contempt of court because being forced to reveal his password violates his Fifth Amendment protection against self-incrimination. The thinking behind this frequently used (but not guaranteed) interpretation of revealing passcodes is that they’re something locked away in your brain, or what’s referred to as “something we know”. The police have had a much easier time with forcing people to unlock their phones with biometrics such as fingerprint swipes, given that our fingers are simply a part of us, and not something we know, and hence can’t be considered self-incriminating speech.
One example: in May 2016, government lawyers requested, received and executed a warrant to enter a building in Lancaster, California, to seize mobile devices, and to force anyone inside – or in the immediate vicinity – to use their fingerprints to unlock them.
But back to Pennsylvania and the “I forgot my passcode” John Doe who claimed the Fifth Amendment protected him from the self-incrimination of turning over the data in the first place. In short, it didn’t work out too well for him.
In August 2015, the magistrate judge said that Doe’s decrypting his devices couldn’t be considered testimony against himself, because the government already knew that there would be child abuse imagery on the devices.
That’s where the hashes that identified the child abuse images came in: investigators had spotted the tell-tale hashes, so John Doe wouldn’t be self-incriminating himself by handing over his passcode, the judge said. Rather, the DOJ already knew the images were there. Investigators might not have been able to find the actual images on John Doe’s Mac, but they did find evidence of Doe having allegedly downloaded thousands of files with the hash values of known child abuse images.
Victor, the Florida man accused of extorting the Queen of Snapchat, is the latest “I forgot my passcode” case. But he’s fared far better with the excuse than did John Doe in Pennsylvania.
As the Miami Herald reports, on Tuesday, Miami-Dade Circuit Judge Charles Johnson ruled that there was no way to prove that Victor actually remembered his passcode, given that more than 10 months had passed since his initial arrest. The judge therefore declined to hold Victor in contempt of court.
Victor’s lawyer, Zeljka Bozanic, said that he himself has holes in his memory about these things:
The judge made the right call. My client testified he did not remember. It’s been almost a year. Many people, including myself, can’t remember passwords from a year ago.
The ruling doesn’t mean the “I can’t remember” excuse for not handing over our passcodes is convincing, regardless of what Victor’s lawyer says. What’s more relevant is that a judge has said that there’s no way to prove whether Victor remembers or not.
As it is, Johnson had no concerns about abrogating Victor and Voigt’s Fifth Amendment rights against self-incrimination when he ordered them to turn over their passwords. What he said at the time of that order:
For me, this is like turning over a key to a safe-deposit box.
According to the Miami-Herald, both Wheeler and Victor were ordered to give up their passcodes under a decision from a Sarasota, Florida appeals court that allowed police to compel a passcode for a suspected video voyeur. The Florida Supreme Court has yet to take up the issue.
Readers, what would you do if law enforcement, or border patrol agents, demanded you turn over your phone passcode? Refuse? Claim to have forgotten? Something else entirely?
Please do share your thoughts in the comments section below. This is an area of data privacy that’s in constant in regarding American courts, and we’ll do our best to bring you the latest court cases, with all their twists and turns.