Skip to content
Naked Security Naked Security

Forcing iPhone unlock violates Fifth Amendment, says Court of Appeals

Police want to unlock the iPhone of a woman who accused a man of rape after it was alleged that she was actually stalking him.

In July 2017, Katelin Eunjoo Seo called police in Hamilton County, Indiana, claiming that she’d been raped.
As part of the investigation, she allowed Detective Bill Inglis to view her Apple iPhone 7 Plus. With Seo’s consent, Inglis also did a forensic download of its contents, after which he handed it back to her.
After investigating the phone, the tables turned. Inglis decided not to pursue charges against the alleged rapist. Rather, he began to investigate Seo herself for what looked like stalking and harassing of the alleged rapist – identified as “D.S.” in court documents.
When Inglis questioned D.S., he explained that he was getting up to 30 phone calls and text messages from Seo’s phone, and that at some point, whoever was sending the messages switched their phone number on a daily basis – likely by using a third-party app, Inglis suspected.
On 19 Jul, 2017, Seo was charged with felony stalking, intimidation, theft, and harassment for allegedly trying to harass D.S. into either marrying or impregnating her. When police arrested her at her workplace that day, they seized what looked like the same iPhone they’d seen in her possession before.
The state got a warrant to search that phone on 8 August, 2017. This time, however, Seo didn’t willingly unlock it for them. This time, she refused to unlock the phone, citing her right against self-incrimination under the Fifth Amendment to the Constitution of the United States.
Initially, a trial court agreed with the state, holding Seo in contempt. But last week, in a split decision, the Indiana Court of Appeals overturned the contempt charge, saying that it agrees with Seo.
From the majority opinion of the lengthy decision in Katelin Eunjoo Seo v. State of Indiana, written by Judge Paul Mathias:

A modern smartphone, with its central purpose of connecting its owner to the Internet and its ability to store and share incredible amounts of information in ‘the Cloud’ of online storage, is truly as close as modern technology allows us to come to a device that contains all of its owner’s conscious thoughts, and many of his or her unconscious thoughts, as well. So, when the State seeks to compel a person to unlock a smartphone so that it may search the phone without limitations, the privacy implications are enormous and, arguably, unique.

During oral arguments on 1 May, Seo’s counsel argued that requiring her to disclose her password was the same as requiring her to disclose the “contents of her mind,” a violation of her Fifth Amendment rights against self-incrimination.
That, in fact, has been a refrain heard in other court cases that have distinguished between compelled fingerprint unlocking of phones v. production of passcodes: a fingerprint is something that we “are” (and which is captured when police book a suspect), whereas a password is something that we “know,” and hence can be considered testimony that can self-incriminate.
The state pushed back, maintaining that it was a “foregone conclusion” that Seo knew her passcode and that there were text messages to D.S. on the device, making the Fifth Amendment argument inapplicable. She had, after all, already given them her passcode once before.
The Court of Appeals – which included judges Mathias, Melissa May and Patricia Riley – grappled with the fact that existing Fifth Amendment caselaw focuses on self-incrimination in the context of physical documents, not electronic data. Mathias, for one, noted that data stored on iPhone 7 models is encrypted, meaning that it’s unintelligible to outsiders – a far cry from paper documents that previous caselaw pertained to.

That difference played an important role in reversing the trial court’s decision to compel a passcode from the unwilling Seo. From Mathias’s decision:

We consider Seo’s act of unlocking, and therefore decrypting the contents of her phone, to be testimonial not simply because the passcode is akin to the combination to a wall safe as discussed in Doe [a reference to Doe v. United States, 487 U.S. 201 (1988)]. We also consider it testimonial because her act of unlocking, and thereby decrypting, her phone effectively recreates the files sought by the State.

Besides which, the state doesn’t just want Seo’s passcode: it wants to use the passcode to get into her iPhone for its entire contents:

Thus, for the foregone conclusion doctrine to apply, the State must be able to describe with reasonable particularity the discrete contents on Seo’s phone – e.g., all texts to D.S. created on Seo’s iPhone – that it is compelling her to not only produce, but to re-create by entering her passcode and decrypting the contents of the phone. This is a burden the State has not met.

The majority also held that the search warrant failed to describe with reasonable particularity the digital information it covered.
There are considerable differences between paper and electronic records, and those differences make it tough to apply existing Fifth Amendment caselaw to Seo’s and similar cases, Mathias concluded. To that end, he created a structure “for resolving decryption requests from law enforcement authorities” and asked reviewing courts of last resort to consider following it.
The Indiana Lawyer summed up the structure’s tenets:

  • Requiring the decryption of data should be recognized as data recreation and, thus, strictly limited.
  • Law enforcement will have legitimate need of encrypted data in some instances.
  • Law enforcement requests that are identified as bona fide emergencies should be supported by “a warrant that describes the other imminent crime(s) suspected and the relevant information sought through a warrant.”
  • Law enforcement should be required to seek digital data through third parties in non-emergency situations.
  • Fourth Amendment exceptions and state analogues should be inapplicable or strictly limited in “the search and seizure of digital data stored on devices owned or controlled by that defendant, or from ‘Cloud’ subscriptions that defendant owns or uses.”

Despite last Tuesday’s decision, the case against Seo can continue, the majority wrote in a footnote.


Absolutely ridiculous and doubt it stands. Nothing more personal than a journal on a good old fashioned dead tree.


I took a course in Surveillance law that presented this as established law. Forcing someone to disclose a combination or a password is compelling potentially self-incriminating testimony, and so violates the 5th amendment. On the other hand, a fingerprint is evidence, and there is clear precedent that it can be compelled (arrests are commonly accompanied by fingerprinting, for instance). This is a factor that people should know when they choose to allow fingerprint (or face) unlocking of their phone.
Another factor mentioned in the article is that a secret shared has fewer protections. The 5th amendment protects against self-incrimination, but there is no protection against incriminating someone else. So, if your co-worker knows your password, that co-worker can be compelled to disclose your password, even though you can’t be so compelled. This is one reason Apple no longer keeps a master password for your account – as a third party, they *could* be compelled to open your device or account; the 5th amendment doesn’t apply (however, the 4th does apply; they can still insist on a warrant). However, they cannot be compelled to provide information they do not have.
These legal principles have been in play for awhile. What makes this case legally interesting is the determination that having waived her 5th amendment rights at an earlier time does not mean it is automatically waived subsequently. This may be common sense, but now it is founded in legal precedent.


Excellent case to review. Not much else can be added but for technology to progress and to allow people to use it with biometrics, such a convenience cannot discard the consumer’s Fifth Amendment rights. It is good to see the courts are embracing technology, security and the Fifth Amendment in one swift opinion.
Best to everyone here and for staying informed – Darren Chaker


How warrants are obtained and executed should become the public’s focus also regarding privacy and security concerns. Executing approved search warrants have often caused irreversible damage including death as we saw in Kentucky with Breonna Taylor case.
There are some parts of our criminal justice system off the public’s radar. Next should be a renewed look at sentencing and the appropriateness of punishment including minimum sentencing. I feel certain in the light of day we would all agree too large a % of people are jailed and punishment is not working and often has the opposite effect.
Once person’s are put in system or jailed there is no accountability. They are forgotten to the detriment of society as a whole.
Peace all!


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!