On January 31, 2025, the Kansas Supreme Court released its opinion in State v. Harris. There the Kansas Supreme Court held that law enforcement did not coerce Harris into revealing his cellphone password when they told Harris they would obtain a court order requiring Harris to disclose the password. A key aspect of this decision was that law enforcement could have had a reasonable basis to believe such an order would be granted—an issue which Kansas courts had not addressed.
Although the Harris opinion did not address the issue of whether law enforcement can compel an individual to provide the password to their cellphone or other password protected devices, this is an issue that has been cropping up repeatedly in recent years. Courts in some states have held that law enforcement cannot compel individuals to disclose their passwords without violating the individual’s Fifth Amendment right against self-incrimination. Other courts, however, have taken the opposite view and said that law enforcement can compel the disclosure.
The starting point of this issue is the Fifth Amendment’s Self-Incrimination Clause: “no person … shall be compelled in any criminal case to be a witness against himself.” As Justice Oliver Wendell Holmes explained more than a century ago, this protection constitutes “a prohibition of the use of physical or moral compulsion to extort communication from him”1 This protection applies not only in court but “any other proceeding, civil or criminal, formal or informal, where the answers might incriminate the speaker in future criminal proceedings.”2 The best explanation of this protection comes from Justice Stevens’ dissent in Doe v. United States: a person can be compelled to turnover the key to a strongbox containing documents, but not to disclose the combination to a wall safe.
In Comm. v. Davis, the Pennsylvania Supreme Court held that the Fifth Amendment protects individuals from being compelled to disclose their computer passwords. The court held that a computer password is the equivalent of the combination to a wall safe—meaning that it requires “revealing the content’s of one’s mind.” This premise has also been accepted by the New Jersey Supreme Court in State v. Andrews.
Where the Pennsylvania and New Jersey Supreme Courts disagreed, however, was the foregone conclusion exception. This exception applies when law enforcement already knows what the information is. The New Jersey Supreme Court reasoned that law enforcement knew the passwords existed, in Andrew’s possession, and would be authentic if the passwords unlocked the phones. Combined with the fact that the passcodes themselves had little to no evidentiary significance, the New Jersey Supreme Court held the foregone conclusion exception meant that law enforcement could compel the disclosure of Andrews’ passwords.
[1] Holt v. United States, 218 U.S. 245, 252-53 (1910).
[2] Minnesota v. Murphy, 465 U.S. 420, 426 (1984).
The Pennsylvania Supreme Court, however, did not apply the foregone conclusion exception because of the limited scope of the United States Supreme Court’s decisions on the exception. As the Pennsylvania Supreme Court noted, previous decisions on the exception were limited to items like business or financial records—not to “a defendant’s compelled oral or written testimony.” This rationale was shared by the Indiana Supreme Court in Seo v. State, which also held that law enforcement could not compel the disclosure of passwords and that the foregone conclusion exception did not apply.
These are not the only Courts to have addressed this issue, but these differing approaches demonstrate the unsettled nature of cellphone and computer passwords in the modern age. It seems likely that the United States Supreme Court will eventually have to step in and determine the constitutional requirements for requiring someone to provide their cellphone or computer password.
