If someone wants to view your photos or contacts on your passcode-protected iPhone they may be able to gain access to the device with Siri.
But if the federal authorities in the US want to see the contents of your phone in the old fashioned way – by asking you your password – they won’t get any help from the judicial system.
So says Judge Mark Kearney of the federal district court in Eastern Pennsylvania who recently ruled that passcodes on all such smartphones are protected by the Fifth Amendment of the US Constitution.
The ruling came as an insider trading case between the Securities and Exchange Commission and two ex-employees of credit card company Capital One drew to a conclusion on Wednesday.
The two men in question – Bonan Huang and Nan Huang – were charged with illegal insider trading. They are said to have used their positions as data analysts – along with privileged information about consumer retail corporations – to make stock market bets on as many as 170 companies, turning an initial $150,000 investment into $2.8 million via illegal profiteering.
When the pair were dismissed by the bank they were forced to return the smartphones they’d been issued, prompting the SEC to request access to the devices so it could search for evidence of their alleged wrongdoing.
The issue, though, was whether the defendants could be compelled to give up passcodes, chosen by themselves, but applied to devices provided by their employer.
Where personal devices are concerned, the answer to that question has generally been a resounding “no,” but the SEC argued that, in this case, the smartphones were actually owned by the company and only provided to its employees.
Under US law, defendants can generally be compelled to hand over evidence, even if it is self-incriminating, if its existence has already been confirmed. What the government cannot do, however, is force someone to grant access to potentially self-incriminating evidence in cases where it has no specific knowledge that the evidence it seeks exists.
So, in this case, the SEC argued that because it knew the smartphones were used by the defendants, asking them to unlock them merely provided access and did not wilfully incriminate them.
Judge Kearney disagreed though, noting in his analysis that the existence of evidence on the devices had not been proven:
The SEC focuses on the contents of the underyling documents contained on the device, claiming without any cited evidence, there are Bank records on the smartphones.
Furthermore, the judge said the fact that the SEC was was asking for passcodes meant it was looking into the defendants’ personal thought processes rather than searching for specific documents on the smartphones.
That, combined with the fact that the bank had asked Huang and Huang (as well as its other employees) to assign their own passcodes to the devices without keeping a written record of them (for security purposes), meant the pair were well within their rights to claim Fifth Amendment protection.
So, unless the SEC can now somehow prove that the handsets do indeed contain incriminating documents, it looks as though the only option available to it will be to appeal the ruling in a higher court.
Until such time as a firm and final ruling is made on passcodes applied to corporate devices, businesses may end up enforcing a policy of fingerprint-only authentication to the devices it hands out to employees – judges have previously ruled that biometric data does not reveal anything a defendant knows and therefore cannot possibly lead to any self-incriminating testimony.
Image of passcode phone courtesy of ymgerman / Shutterstock.
Anonymous
Apple has fixed it in iOS 9.01. You can’t share the time with imessage anymore. It asks for the passcode.
Paul Ducklin
By “Apple fixed it in iOS 9.0.1”, I assume you are referring to the Siri passcode-bypass bug that Lee links to in the first paragraph:
https://nakedsecurity.sophos.com/change-this-setting-or-siri-could-spill-your-selfies
However, the tests we did for that spill-your-selfies bug were on an iPhone 6 running 9.0.1, and our intrepid tester was able to trigger the bypass.
Sammie
Feels like the laws are purposefully crafted to aid the guilty while the innocent continues to suffer.
JR
I’m sure you will also feel that way if one day you are wrongfully accused of something. There’s a very good reason why those men designed such a magnificent document over 200 years ago.
Sammie
As you said, its 200 years old…
lee
and in the USA they can get you for a completely unrelated crime (as the USA legal system will try to put you in jail for any thing)
kids/tenagers/17 moving onto 18 are the worst for it now with selfies sending pictures to each other(love friends but under age), if the police ask you to unlock your phone you need to BURN it into the Kids/tenager Heads to NEVER unlock your phone to the police or law person unless you have a lawyer (and Never enroll in the fingerprint/sire/voice unlock or you cant use the 5th in the USA) as some thing as innocant as 2 under age kids sending picturers of them selfs to each other can get into some Serious trouble if the police person is an ASS and takes it as child porn
in the UK it seems we can be compelled to do it (norm some sort of fine or jail time if its Paedophile rated crime even if your not the person)
lee
as related to this topic pasted last month
https://nakedsecurity.sophos.com/2015/09/21/sexting-teens-banned-from-using-their-phones-for-a-year/
Anonymous
Typical legal crap. Of course the end product is that personal biological data could in fact cause you to have to turn over evidence against yourself.