Florida Appeal Court Provides Passcodes Protection Under Fifth Amendment

December 21, 2018

On October 24, 2018, the Fourth District Court of Appeal of the State of Florida decided in G.A.Q.L. v. State of Florida that under the Fifth Amendment, a minor could not be compelled to “disclose the contents of his own mind” by providing passwords for a cell phone and iTunes account. The decision follows other courts that have afforded to Fifth Amendment protection to cell phone passwords, which is interestingly distinct from fingerprint passcode protection, which is not testimony and therefore does not receive Fifth Amendment protection.

In G.A.Q.L. v. State of Florida, a minor had crashed his car while speeding, which resulted in the death of a passenger. The minor’s blood test at the hospital showed a .086 blood-alcohol content, and the surviving passenger told police that the group had been drinking vodka earlier and that the minor had communicated about it on his cell phone. Police obtained a warrant to search the cell phone for data, photographs, content, text messages, and other information, and thereafter sought an order compelling the minor to provide the passcodes for the cell phone and the iTunes account associated with it (the iTunes password was needed to complete an update.)

Although the minor argued that compelled disclosure of the passcodes violated his Fifth Amendment rights, the trial court disagreed, and concluded that the minor’s passcodes “are not testimonial in and of themselves . . .


merely allow the State to access the phone, which the State has a warrant to search.” They also stated that because the state had established the existence, possession, and authenticity of the documents as a “foregone conclusion,” which contributed to their determination that the act of producing the passcodes was not testimonial.

Future decisions may either produce a majority following G.A.Q.L. and its predecessors or a split with one side offering fewer protections on passwords.

The [appellate court disagreed, comparing the production of a password to a combination to a wall safe, rather than being forced to surrender a key to a strongbox. It concluded that revealing the passcode would be engaging in a testimonial act utilizing the “contents of his mind” and demonstrating as a factual matter that he knew how to access the phone. It also dismissed the trial court’s application of the “foregone conclusion” exception, because the state could not establish any files with reasonable particularity that it was seeking.

This is a continually developing area of law as jurisdictions continue to collide with developing technologies. Future decisions may either produce a majority following G.A.Q.L. and its predecessors, or a split with one side offering fewer protections on passwords. Depending on the ubiquity of fingerprint or facial recognition password technology, there may be an unusual practical split in compelled access to cell phones. Although the functional result – accessing an array of data within a cell phone – is the same regardless of the type of password protection, the law appears to be developing in a direction that physically-oriented applications will not receive Fifth Amendment protection. Therefore, while fingerprint and facial recognition passcode protections may be safer from casual abuse, only an old-fashioned password (and the Fifth Amendment) can protect you from being compelled to provide access to police.