Compelling Passwords from Third Parties

COMPELLING PASSWORDS FROM THIRD PARTIES: WHY THE FOURTH AND FIFTH AMENDMENTS DO NOT ADEQUATELY PROTECT INDIVIDUALS WHEN THIRD PARTIES ARE FORCED TO HAND OVER PASSWORDS

By: Sarah Wilson

ABSTRACT

In 2012, the FBI served a search warrant on Google when a suspect––a user of
Google’s phone services––refused to answer any questions about his cellphone, or provide
the agents with the password to unlock it. The search warrant compelled Google to hand
over the password information and other identifying information for the cellphone (account
log-in, password reset, and manufacturer default code), which Google refused to do.
Google’s refusal implicates a host of issues regarding our current understanding of privacy
and self-incrimination protections and concerns legal scholars with what will happen to these
doctrines if the government can simply bypass an individual and obtain passwords from a
third party. This Article only begins to scratch the surface of this complex debate by
analyzing the extent to which the Fourth and Fifth Amendments protect individuals when
the government forces third parties to hand over their passwords, and will illustrate why
these amendments do not adequately protect individuals in these situations. With constantly
evolving technology and almost daily reports of the government accessing electronic
communications and communication records, the time is ripe for Congress to legislate the
issue of the government compelling private information, such as passwords, from third
parties.

Full Article (PDF 1,200KB)