by Eric A. Haskell
As great quantities of data have come to repose in electronic devices, obtaining access to the content of those devices has come to be greatly important to law enforcement in many criminal investigations. It sometimes happens that law enforcement has a right—typically pursuant to a search warrant—to search for data on a particular device, but is prevented from doing so by the presence of a password or other “key” that makes the data inaccessible or unreadable. Law enforcement sometimes can bypass the password on its own. See generally O.S. Kerr & B. Schneider, Encryption Workarounds, 106 Geo. L.J. 989 (2018). But, other times, the only practical way law enforcement can execute the search is with the help of a person who knows the password. Because the person who knows the password often is the suspect, their help generally is available only if compelled by court order. Such “compelled decryption” implicates not only the constitutional requirement that the search of the device be “reasonable,” but also the suspect’s constitutional privilege against compelled self-incrimination.
Basic Principles of the Privilege Against Self-Incrimination
The Fifth Amendment to the federal Constitution provides that “[n]o person . . . shall be compelled . . . to be a witness against himself . . . .” Article 12 of the Massachusetts Declaration of Rights similarly provides that “[n]o subject shall . . . be compelled to accuse, or furnish evidence against himself.” Decisional law has interpreted these privileges to bar the government from: (1) compelling a person; (2) to make a testimonial communication; (3) that is incriminating. Fisher v. United States, 425 U.S. 391, 408 (1976); Commonwealth v. Burgess, 426 Mass. 206, 218 (1997).
The privilege does not protect against compelled provision of a physical identifier such as fingerprints, a blood sample, or a handwriting exemplar. See generally Schmerber v. California, 384 U.S. 757, 767 (1966); Commonwealth v. Brennan, 386 Mass. 772, 776-83 (1982). This is because such identifiers do not “extort . . . information from the accused” or “attempt to force him to disclose the contents of his own mind,” and thus are not viewed as sufficiently “testimonial” for the privilege to attach. Doe v. United States, 487 U.S. 201, 210-11 (1988). Nor does the privilege shield documents from being disclosed pursuant to compulsion, even if their contents are incriminating. United States v. Hubbell, 530 U.S. 27, 35-36 (2000). This is because “the creation of those documents was not ‘compelled’ within the meaning of the privilege.” Id.
The privilege may apply where the mere act of producing a document or a thing is “testimonial” in that it implies an incriminating assertion of fact, such as: that the demanded object exists; that the object produced is authentic; or that the suspect possesses or controls the object. Fisher, 425 U.S. at 410; Commonwealth v. Hughes, 380 Mass. 583, 588-93 (1980). But this “act of production” doctrine does not apply where law enforcement already has independent evidence of the incriminating assertions that the act of production would imply. In other words, if the act of production “adds little or nothing to the sum total of [law enforcement’s] information,” then any facts implied by the act of production are “foregone conclusions” and the privilege does not apply. Fisher, 425 U.S. at 411; Hughes, 380 Mass. at 592.
Commonwealth v. Gelfgatt
In Gelfgatt, the defendant was arrested in connection with a complex fraud scheme that involved the creation and recording of forged mortgage assignments. Commonwealth v. Gelfgatt, 468 Mass. 512, 514-15 (2014). On the day of his arrest, investigators seized several encrypted devices from his home and also interviewed the defendant, who asserted that he was capable of decrypting them. Id. at 516-17. After the defendant was charged with forgery, uttering, and attempted larceny, the Commonwealth filed a motion seeking to compel him to enter the passwords into the encrypted devices. Id. at 517-18 & n.10. The Superior Court denied the motion and reported the case to the SJC.
The SJC determined that the contents of the devices were not privileged on self-incrimination grounds because they had been “voluntarily created by the defendant in the course of his real estate dealings.” Id. at 522 n.13. The SJC then held that the defendant’s act of entering the passwords would be a testimonial act of production, because it would implicitly acknowledge his “ownership and control of the computers and their contents.” Id. at 522. But, the SJC continued, the defendant had already acknowledged as much in his statement to the police; thus, any facts implied by his entering the passwords were foregone conclusions. Id. at 523-24. In doing so, the SJC commented that the “foregone conclusion” exception would apply where law enforcement already was aware of “(1) the existence of the evidence demanded; (2) the possession or control of that evidence by the defendant; and (3) the authenticity of the evidence.” Id. at 522 (citing Fisher, 425 U.S. at 410-13).
Commonwealth v. Jones
In Jones, the defendant was arrested and later charged with sex trafficking and deriving support from prostitution. Commonwealth v. Jones, 481 Mass. 540, 543-44 (2019). At the time of his arrest, he possessed a cellular telephone that, the police learned from other sources, he had used to facilitate prostitution transactions. Id. The Commonwealth filed a motion seeking to compel him to decrypt the telephone (although, as discussed below, the motion imprecisely described what it sought to compel him to do). The motion judge demurred, interpreting Gelfgatt to require the Commonwealth to establish “(1) the existence of the evidence demanded; (2) the possession or control of that evidence by the defendant; and (3) the authenticity of the evidence,” and concluding that the Commonwealth had failed to demonstrate those propositions with “reasonable particularity.” Id. at 545, 548, 553 n.14. The Commonwealth subsequently made a renewed motion, furnishing additional evidence that, it argued, showed that the defendant’s knowledge of the telephone’s password was a foregone conclusion. Id. But the motion judge declined to consider the newly-furnished evidence without a showing that it had been unknown or unavailable to the Commonwealth at the time of the initial motion. Id. at 545, 558-59. The Commonwealth then sought relief before a single justice of the SJC, who reserved and reported the case to the full Court on three questions: (1) what burden of proof the Commonwealth must bear to establish the “foregone conclusion” exception to the privilege under Gelfgatt; (2) whether the Commonwealth had met that burden; and (3) whether the Commonwealth was required, in a renewed Gelfgatt motion, to show that any newly-furnished evidence had been unknown or unavailable at the time of the initial motion.
Before answering those questions, the SJC addressed a threshold issue: What factual assertions must the Commonwealth demonstrate are “foregone conclusions” in order to obtain a Gelfgatt order? The SJC answered that, when the Commonwealth seeks to compel a defendant to enter a password into a device, “the only fact conveyed . . . is that the defendant knows the password, and can therefore access the device.” Id. at 547-48. The Court rejected the proposition that the compelled entry of a password also asserts the defendant’s ownership and control of the device, observing that “individuals may very well know the password to an electronic device that is owned and controlled by another person.” Id. at 547 n.8. Accordingly, the SJC concluded, the Commonwealth may invoke the “foregone conclusion” exception simply by showing that the defendant knows the password. Id.
Turning to the reported questions and relying on article 12, the SJC held that the Commonwealth must make that showing beyond a reasonable doubt. Id. at 551-55. Applying that standard, the Court found that the Commonwealth had shown the defendant’s knowledge of the password beyond a reasonable doubt, where: (1) the defendant possessed the telephone at the time of his arrest; (2) one month before his arrest, when asked by the police for his number, the defendant had provided the telephone’s number; (3) a woman told the police that the defendant used the telephone to facilitate prostitution transactions; (4) the telephone’s subscriber records were associated with a second number that was associated with the defendant; and (5) the telephone’s cellular site location information (CSLI) placed it in the same locations at the same times as another telephone that was confirmed to belong to the defendant. Id. at 555-58 (“[S]hort of a direct admission, or an observation of the defendant entering the password himself and seeing the phone unlock, it is hard to imagine more conclusive evidence of the defendant’s knowledge of the [telephone’s] password.”). Finally, the Court found that the motion judge abused his discretion by declining to consider evidence presented in the Commonwealth’s renewed motion that was not shown to have been unknown or unavailable at the time of the initial motion. Id. at 558-61. The Court observed that a Gelfgatt motion, “[m]uch like a search warrant application,” is an “investigatory tool,” the factual support for which may evolve over the course of an investigation. Id. at 559-60.
The Future of Compelled Decryption
Although Gelfgatt and Jones mark the SJC as a national leader on compelled decryption issues, important questions remain to be answered.
- Non-Gelfgatt Decryption Procedures
The order in Gelfgatt required the defendant to appear at a digital forensic lab, to enter the password into each device, and “immediately [to] move on . . . .” 468 Mass. at 517 n.10. It also forbade the Commonwealth from viewing or recording the password entered by the defendant. Id. In contrast, the order sought in Jones was “not perfectly clear” as to what it would require the defendant to do, but “suggested that it sought to require the defendant to make a written disclosure of the actual password.” 481 Mass. at 546 n.9. Acknowledging the possible infirmity with such a procedure, the SJC construed the order sought in Jones as tracking the one sought in Gelfgatt, and approved its issuance on that basis. Id.
The SJC was correct to hesitate when faced with a request to compel the defendant to disclose his password to law enforcement. This is because the compelled disclosure of a password is not a testimonial act of production to which the “foregone conclusion” exception might apply: Rather, it is a “pure” testimonial statement to which the “foregone conclusion” exception cannot apply. See id. (acknowledging as much in dicta); see also United States v. Oloyede, Nos. 17-4102, 17-4186, 17-4191, & 17-4207, — F.3d —, 2019 WL 3432459 (4th Cir. Jul. 31, 2019) (distinguishing between suspect’s typing password into device and giving password to law enforcement).
Furthermore, in both Gelfgatt and Jones, the suspect was not compelled to produce any particular files from the device after decrypting it; that was left to the analyst executing the warrant. In Jones, the SJC highlighted this aspect of the decryption procedure, observing that “the analysis would have been different” if the suspect had been compelled to produce particular files, because doing so “would implicitly testify to the existence of the files, [the suspect’s] control over them, and their authenticity.” 481 Mass. at 548 n.10. In that situation, the Commonwealth would have been obligated to prove, beyond a reasonable doubt, that those additional assertions were foregone conclusions before it could obtain a corresponding Gelfgatt order. Cf. Hubbell, 530 U.S. at 44-45 (act of production is privileged where grand jury subpoena would require recipient to produce documents whose existence and location were previously unknown to government).
- Cloud-Based Storage
Gelfgatt and Jones both involved a tangible device that was in the physical possession of law enforcement. But their holdings as to the privilege against compelled self-incrimination can also be applied to a request to compel decryption of a cloud-based digital space. Such a request would follow the same analysis, with law enforcement required to: (1) have a right to search the cloud location; (2) show beyond a reasonable doubt that the suspect knows the password to access the cloud location, thereby availing itself of the “foregone conclusion” exception; and (3) allow the suspect to input the password in a way that law enforcement does not see or record.
- Biometric Keys
In both Gelfgatt and Jones, the sought-after “key” was an alphanumeric password. But a key can also take the form of a biometric such as a facial scan, retinal scan, or fingerprint. Biometric keys introduce two novel questions: (1) is compelled biometric decryption properly viewed as a testimonial act of production, and thus within the scope of the privilege against compelled self-incrimination?; and, if so, (2) what must law enforcement show is a “foregone conclusion” before it can compel such biometric decryption?
Courts have answered the first question both ways. Some have viewed the compelled biometric decryption as no different than compelled provision of a traditional physical identifier, and thus nontestimonial. See, e.g., State v. Diamond, 905 N.W.2d 870, 875-76 (Minn. 2018); In re Search of [Redacted], 317 F. Supp. 3d 523, 535-37 (D.D.C. 2018); In re Search Warrant Application for [Redacted], 279 F. Supp. 3d 800, 803-05 (N.D. Ill. 2017); Commonwealth v. Baust, 89 Va. Cir. 267, 2014 WL 10355635 (Va. Cir. Ct. Oct. 28, 2014). Others have reasoned that, unlike providing a physical identifier, compelled biometric decryption implies factual assertions about the suspect’s relationship with the device. See, e.g., Seo v. State, 109 N.E.3d 418 (Ind. App. 2018), vacated and transferred to Ind. Supreme Court, 112 N.E.3d 1082 (Ind. 2018); In re Application for Search Warrant, 236 F. Supp. 3d 1066, 1073-74 (N.D. Ill. 2017); In re Search of a Residence in Oakland, Cal., 354 F. Supp. 3d 1010, 1015-16 (N.D. Cal. 2019); In re Search of White Google Pixel 3 XL Cellphone, No. 1:19-mj-10441, 2019 WL 2082709 at *3-4 (D. Idaho May 8, 2019). No Massachusetts court has yet issued a published opinion on this issue.
In this author’s view, law enforcement should be prepared for a Massachusetts court to depart from the traditional treatment of compelled provision of a physical identifier, and instead to view compelled biometric decryption as a testimonial act of production. Compelled provision of a physical identifier has been deemed nontestimonial not because it does not assert facts, but rather because the facts that it does assert are so “self-evident” as to be “[in]sufficiently testimonial for purposes of the privilege.” Fisher, 425 U.S. at 411 (compelled handwriting exemplar is nontestimonial for purposes of the privilege, despite its asserting both that handwriting belongs to suspect and that suspect is literate); accord Commonwealth v. Nadworny, 396 Mass. 342, 363-64 (1985) (fact that defendant is right-handed, unlike handwriting exemplar itself, is testimonial, although “trivial”). But, when law enforcement seeks to compel biometric decryption, its object is not merely provision of the biometric standing alone: If it were, the method of capturing the biometric would not matter, and investigators could just as well take a photograph of the suspect’s face, or ink-and-paper impressions of his fingerprints. Rather, the object of compelled biometric decryption is the interaction of the biometric, in a pre-programmed fashion, with a particular device. The successful interaction of biometric and device, in contrast to the biometric standing alone, asserts at least one fact that neither is trivial nor is self-evident from the biometric—specifically, it asserts that the suspect’s biometric is capable of decrypting the device. See In re Application for Search Warrant, 236 F. Supp. 3d at 1073. In other words, compelled biometric decryption asserts facts that are basically similar to those asserted by compelled decryption using a password.
This reasoning simultaneously answers both the first question of whether compelled biometric decryption should be viewed as a testimonial act of production (it should) and the second question of what law enforcement must establish is a “foregone conclusion” before it can compel such a biometric. If the assertion implied by the compelled biometric decryption is that the suspect’s biometric is capable of decrypting the device, then, pursuant to Jones, that is what the Commonwealth must prove beyond a reasonable doubt. As in Jones, the Commonwealth can do so through either direct evidence (e.g., that the suspect actually used his biometric to decrypt the device) or circumstantial evidence (e.g., that the suspect used the device in a manner indicating that he must have had the ability to do so).
As a practical matter, the utility of compelled biometric decryption to law enforcement may be circumscribed. This is because some biometric-based security technologies—including Apple’s popular fingerprint-based Touch ID—self-disable if, since the last time the device was unlocked, too much time has passed, or the device has been restarted or has lost power, or multiple attempts to unlock the device have been unsuccessful. See About Touch ID Advanced Security Technology. In addition, law enforcement may have limited ability to both maintain power to a biometrically locked device and to secure it from network activity (i.e., to minimize the risk of remote wiping or deletion of data). Perhaps for these reasons, federal practice has often encountered requests to compel biometric decryption made as part of an application for an omnibus search warrant to also authorize law enforcement: (1) to seize the device; and (2) to search the device for particular data after it has been seized and decrypted using the compelled biometric. See, e.g., In re Search of a Residence in Oakland, 354 F. Supp. 3d at 1013; In re Search of [Redacted], 317 F. Supp. 3d at 525-26; In re Search Warrant Application for [Redacted], 279 F. Supp. 3d at 801-02; In re Application for Search Warrant, 236 F. Supp. 3d at 1066-67.
- Ex Parte Gelfgatt Proceedings
Gelfgatt and Jones each arose in the posture of a motion filed in a criminal case in the Superior Court. This posture suggests that, in those cases, any evidence contained on the encrypted device was not necessary to support charges against the defendant. But some investigations will require a compelled decryption before charges can be brought. It thus seems likely that some Gelfgatt motions will arise in an ex parte posture.
The Appeals Court has already addressed a Gelfgatt motion arising out of a grand jury investigation, concerning a device that the police had previously obtained a warrant to search. See In re Grand Jury Investigation, 92 Mass. App. Ct. 531 (2017), further appellate review denied, 478 Mass. 1109 (2018). The Commonwealth filed a sealed Gelfgatt motion in the Superior Court and attached documents containing grand jury evidence that, the Commonwealth argued, satisfied its burden under the “foregone conclusion” exception. Id. at 532. The Commonwealth served the motion, but not the attachments, on counsel for the individual whom it sought to compel. The Appeals Court affirmed the Superior Court’s issuance of a Gelfgatt order, concluding that the attachments showed that it was a foregone conclusion that the individual knew the password, among other things. Id. at 534-35; see also Burgess, 426 Mass. at 215-16 (Fifth Amendment applies in same way to grand jury witness/target as to indicted defendant). The Appeals Court also specifically affirmed the non-disclosure of the attachments to counsel, reasoning that grand jury materials are secret, and that both the Superior Court judge and the appellate court could review the attachments on an ex parte basis. Id. at 535-36.
It is a small step from In re Grand Jury Investigation to think that at least some Gelfgatt orders may be sought as part of a search warrant application. Indeed, search warrant applications bear similarities to the motions sustained in Gelfgatt, Jones, and/or In re Grand Jury Investigation: They are ex parte, they rely on affidavits rather than live testimony, and they form an “investigatory tool that aids investigators in obtaining material and relevant evidence related to a defendant’s conduct.” Jones, 481 Mass. at 559. As noted, search warrant applications seeking compelled biometric decryption have appeared in federal practice. See, e.g., In re Search of a Residence in Oakland, 354 F. Supp. 3d at 1015-16; In re Search of [Redacted], 317 F. Supp. 3d at 535-37; In re Search Warrant Application for [Redacted], 279 F. Supp. 3d at 803-05; In re Application for Search Warrant, 236 F. Supp. 3d at 1073-74. Nonetheless, a search warrant application seeking a Gelfgatt order in state court would entail innovations to Massachusetts search warrant practice that the applicant must be prepared to address.
The applicant must be prepared to show that the act sought to be compelled is of a type of evidence for which the Legislature has authorized issuance of a search warrant. See G.L. c. 276, § 1 (enumerating categories of evidence that may be sought by search warrant). Compelled biometric decryption likely will fall into that category. See, e.g., In re Lavigne, 418 Mass. 831, 834-35 (1994) (statute authorizes use of warrant to procure bodily sample from suspect); cf. In re Search of [Redacted], 317 F. Supp. 3d at 540 n.13 (declining to decide whether Fed. R. Crim. P. 41 authorizes issuance of warrant to compel biometric decryption, and instead issuing warrant under All Writs Act, 28 U.S.C. § 1651). Compelled decryption using a password, on the other hand, might not.
The applicant must also be prepared to show that the application does not trigger an adversarial hearing, which the SJC has required as a prerequisite for issuance of warrants for some especially invasive searches. E.g., Lavigne, 418 Mass. at 835 (warrant to extract blood sample from suspect must be preceded by adversarial hearing at which court can weigh intrusiveness of procedure against need for evidence); Commonwealth v. Banville, 457 Mass. 530, 539-40 (2010) (warrant to obtain suspect’s DNA using buccal swab would have been preceded by adversarial hearing if it had occurred in Massachusetts). So long as compelled biometric decryption “[does] not involve penetration into [the suspect’s] body,” Banville, 457 Mass. at 539 n.2, it likely will not trigger such a hearing. See also Commonwealth v. Miles, 420 Mass. 67, 83 (1995) (ex parte order compelling suspect to appear and have his body inspected for poison ivy need not be preceded by hearing).
The applicant must take care to particularly identify the person whose biometric is to be compelled, perhaps by including a photograph and/or detailed physical description of that person in the warrant application papers. This stems in part from the “particularity” requirement applicable to any search warrant. See G.L. c. 276, § 2. It also follows from this author’s view (above) that compelled biometric decryption may be analyzed under the “foregone conclusion” exception to the “act of production” privilege: If that view is accepted, the identity of the person whose biometric is to be compelled would form one aspect of the “foregone conclusion” that, under Jones, the Commonwealth must prove beyond a reasonable doubt. The need for particularity in identifying the person whose biometric is to be compelled likely precludes law enforcement from obtaining a warrant to compel “any person present” at the warrant execution to apply his/her biometrics to a device. Cf. In re Search of a Residence in Oakland, 354 F. Supp. 3d at 1014 (denying such authorization); In re Application for Search Warrant, 236 F. Supp. 3d at 1068-70 (same).
And the applicant should be explicit about the different burdens it must sustain to obtain such a warrant. That a crime has occurred and that evidence related to the crime reasonably may be expected to be found in a particular place—requirements for issuance of any search warrant—need be demonstrated only to the level of probable cause. That it is a foregone conclusion that a particular person’s biometric is capable of decrypting the device, however, must be demonstrated beyond a reasonable doubt in accordance with Jones. The applicant should consider explicitly articulating the applicable burdens in the warrant application papers, for the benefit of the reviewing judicial officer.
Eric A. Haskell is an Assistant Attorney General and a member of the BBJ Board of Editors. This article represents the opinions and legal conclusions of its author and not necessarily those of the Office of the Attorney General. Opinions of the Attorney General are formal documents rendered pursuant to specific statutory authority.
 To ensure that even the act of placing a finger on the screen of a device does not disclose the suspect’s thoughts, the orders in some of those cases have required the police—not the suspect—to select the finger that the suspect must place on the screen. See In re Search of [Redacted], 317 F. Supp. 3d at 537, 539; In re Search Warrant Application for [Redacted], 279 F. Supp. 3d at 804.
 It also strongly implies that the suspect was the person who previously programmed the device to decrypt in response to his biometric; unlike an alphanumeric password, a biometric is unique and non-transferable. Contrast Jones, 481 Mass. at 547 n.8 (suspect’s knowledge of password to device does not necessarily imply that he owns or controls device, because password can be transferred between persons).
 An additional showing might be required to authorize the suspect’s temporary detention for the purpose of compelling his biometric, although that showing may well be subsumed by the two discussed in the body text. See Hayes v. Florida, 470 U.S. 811, 816-17 (1985) (holding that police cannot transport suspect to station for fingerprinting without probable cause or prior judicial authorization, but suggesting that seizure of suspect in field for fingerprinting may be permissible based on less than probable cause in some circumstances); see also In re Search of [Redacted], 317 F. Supp. 3d at 532-33 (applying Hayes to authorize warrant to detain person for compelled biometric decryption if: “(1) the procedure is carried out with dispatch and in the immediate vicinity of the premises to be searched, and if, at time of the compulsion, the government has (2) reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and (3) reasonable suspicion that the individual’s biometric features will unlock the device, that is, for example, because there is a reasonable suspicion to believe that the individual is a user of the device”); cf. Commonwealth v. Catanzaro, 441 Mass. 46, 52 (2004) (search warrant implies authority to detain occupants of premises while search is conducted).
by John T. Mulcahy
The Supreme Judicial Court (the “SJC”) recently ruled in two factually similar cases that police can conduct a warrantless cell phone search pursuant to the “search incident to arrest” exception to the warrant requirement. The SJC’s holdings leave open many questions and evolving cell phone technology will create challenges for courts as they grapple with such searches under the Fourth Amendment. This article analyzes those two cases and considers their implications and some larger questions.
In Commonwealth v. Phifer, 463 Mass. 790 (2012) and Commonwealth v. Berry, 463 Mass. 800 (2012), the SJC ruled as a matter of first impression that the police can search a cell phone incident to arrest. The Court noted that its holding in both cases was narrow. In Phifer, the defendant moved to suppress a warrantless search of his cell phone after he had been arrested and transported to the police station. The defendant had been arrested on two outstanding warrants related to drug charges. The detective checked the call history on the phone and discovered the phone number of a person whom the police knew to be a drug user. The defendant moved to suppress; the trial court denied the motion, citing federal circuit and district court decisions holding that a cell phone can be searched incident to arrest.
The SJC ruled that the detective’s review of the defendant’s recent call history was a proper search incident to arrest. The Court relied heavily on Commonwealth v. Madera, 402 Mass. 156, 159-161 (1998) in reaching its decision. In Madera, the Court upheld the search of a gym bag incident to arrest where the police had probable cause to believe that bag contained evidence of the crime charged. The Court ruled that, as in Madera, the police in Phifer had probable cause to believe that a search of the cell phone would turn up evidence of the crime at issue. Before the defendant’s arrest in Phifer, police saw the defendant on his cell phone and saw him with someone who was a known drug user. Also, the detective had testified that drug dealers use cell phones as part of the drug trade.
The Court also ruled that even though this search was conducted at the time of booking, not arrest, it was still justified as a search incident to arrest; the delay in the search was of no importance because the cell phone found during booking had to have been on the defendant’s person at the time of arrest.
The Court cautioned that its holding should be read narrowly, and that its decision would not “necessarily . . . be the same on different facts, or in relation to a different type of intrusion into a more complex cellular telephone or other information storage device.”
On the same date as the Phifer case, the SJC also issued its decision in Berry. In that case, the police saw the defendant sell heroin. After the defendant was arrested and brought back to the police station, the police officer looked at the recent call history on the defendant’s cell phone and dialed the most recent phone number, which called the heroin customer. Consistent with Phifer, in Berry, the Court stated that a search of a cell phone does not have to be contemporaneous with arrest, but that it can occur during booking at the police station. The SJC held that the search was proper because it was a “very limited search” and the police had reason to search based on their experience that cell phones are used in drug transactions. The SJC again cautioned that it would not necessarily come to the same conclusion if it were dealing with different facts.
In explicitly noting the limitations of its holdings in Berry and Phifer, the SJC recognizes that the law on cell phone searches is still developing. These cases make clear that court review of cell phone searches will be a fact-specific exercise; at least for the near term, courts will not be able to establish a bright-line rule for analyzing these scenarios. The different factual scenarios and ever-changing capabilities of cell phones make the formulation of such a rule difficult. As Justice Gants’ concurring opinion in Phifer points out, the SJC’s comparison of cell phone searches to the search of a gym bag in Commonwealth v. Madera might have over-simplified the analysis. A gym bag is a bounded object, while the information that can be accessed through a cell phone is potentially limitless. Phifer and Berry dealt only with call history, but the average smartphone also has a camera, a calendar, maps, contacts, email, text messages, and can even contain a user’s flight information and purchase information. It is obvious that this kind of information would be of great interest to law enforcement officials. Flight information and maps could quickly show a police officer the recent whereabouts of a suspect, while purchase information could reveal additional evidence.
Another example of technology’s unrestricted potential is Apple’s iCloud service. ICloud is a storage system that allows a user to access his or her music, email, contacts, and word-processing documents on several different devices. Information on the iCloud system exists on Apple’s computer servers outside the jurisdiction of the Commonwealth’s courts. Will police be able to seize a cell phone and access information that exists across multiple jurisdictions through iCloud?
A common criticism of warrantless searches of cell phones is that police can wait to obtain a warrant. The argument goes that a cell phone is different from an automobile, whose mobility means that evidence can be lost quickly. Automobiles therefore are the proper subject for warrantless searches while cell phones are not; an officer, in possession of a cell phone, can put it away and all of the incriminating material on it is safe until he obtains a warrant. But that argument ignores the current technology. As Courts have already warned, the data on cell phones can be destroyed remotely. United States v. Valdez, 2008 WL 360548, *3 (E.D. Wis. Feb. 8, 2008); United States v. Dinwiddie, 2008 WL 4922000, *12 (E.D. Mo. Jan. 29, 2008).
Thus, by the time a police officer obtains a search warrant, even though the cell phone has been safely stored in an evidence locker, the incriminating evidence on that phone could be gone. Law-enforcement officials caution that this scenario could present significant problems in fighting crime.
Perhaps acknowledging that time can be of the essence in these searches, some courts rely on the exigent circumstances exception to the warrant requirement, rather than the search incident to arrest exception. United States v. Lottie, 2008 WL 150046, *3 (N.D. Ind. Jan. 14, 2008); United States v. Parada, 289 F. Supp. 2d 1291, 1303 (D. Kan. 2003). Indeed, in contrast to the SJC, other courts have disapproved of searches that are “incident to arrest” but separate in time from the arrest. See, e.g., United States v. Gibson, 2012 WL 1123146, *10 (N.D. Cal. Apr. 3, 2012); see also, United States v. Valdez, 2008 WL 360548, *3 (E.D. Wis. Feb. 8, 2008); State v. Isaac, 2009 WL 1858754, *5 (Kan.Ct. App. June 26, 2009).
The search incident to arrest doctrine raises concerns of its own. While the Phifer and Berry courts suggested that a search conducted at booking is still a search incident to arrest, other courts have interpreted the exception literally – any search later in time from the actual arrest is not a search incident to arrest. Practically speaking, police officers will not be able to search much of a cell phone at the exact time of arrest. Depending on how the search incident to arrest exception is applied going forward, a police officer might be able to get through only a small part of a suspect’s address book or recent call history before the arrest is completed. Then, police would presumably be required to obtain a search warrant for the rest of the cell phone. Police would then have to contend with the reality that they may not yet have seen the most damning evidence and that this relevant evidence could be destroyed remotely.
In fact, the developing law leaves undefined the limits on the scope of a search of cell phones incident to arrest. Should police officers be able to search any phone the defendant possesses for information or files related to the crimes that they are investigating? Or should police only be allowed to search a phone that is, itself, connected to the crime being investigated? One court has answered the second question affirmatively, finding that police were not warranted in searching a cell phone while arresting an individual for public intoxication and neglect because the phone could not be tied to those particular crimes. Kirk v. State, 974 N.E.2d 1059, 1071 (Ind. Ct. App. 2012).
One thing the cases make clear is that the law is not developing at a rate that keeps pace with technology. As the cases above indicate, courts disagree about how long a search may take place after arrest and still be “incident to arrest,” and there has been little consideration of how closely such a search must be tied to the crime being investigated. Ruling that the search is required by exigent circumstances also has its pitfalls – most obviously, the argument that, once seized and secured, a cell phone may properly by searched pursuant to a warrant. A Supreme Court concurrence offers one potential avenue for lawyers to explore in trying to explain the need for cell phone searches at the time of arrest. In the 2004 case of Thornton v. United States, 541 U.S. 615, 629-30 (2004), Justice Antonin Scalia, joined by Justice Ruth Bader Ginsburg, argued in a concurring opinion that, instead of its traditional justifications, search incident to arrest could be understood as an “evidence-gathering” tool used to compile, at the time of arrest, any evidence related to the crime charged. This conception of search incident to arrest could better be suited to the search of cell phones given the uncertainty over whether data on a cell phone can be or will be destroyed remotely.
As the SJC recognized in both Phifer and Berry, the law on cell phone searches is in its infancy. This body of law will likely force a significant development in Fourth Amendment jurisprudence. No longer is it the search of a glove box or a gym bag. Indeed, the rapid pace of innovation appears to prevent the establishment of any clear guiding principles for cell phone searches. Courts must carefully assess how traditional search and seizure principles should be applied to cell phones and how those principles could be altered to reach a common-sense approach that is constitutionally sound. The Legislature would be wise to consider these same questions in order to provide much-needed guidance to courts, and practitioners would be well advised to educate courts about the relevant technology where a cell phone search is at issue.