Recent legal developments reflect a positive outlook for biometric security
About four years ago we published a post on some of the legal issues surrounding the use of biometric security. At the time, a Virginia Circuit Court’s nonsensical decision about why a suspect could be forced to unlock a phone with his fingerprint but not give up his password reinforced the fact that the legal system had no idea what to do with biometrics. Fast forward to today and there are signs that at least some courts are finally coming around to recognize the legal issues implicated by biometric security and address them in a rationale manner.
The United States Supreme Court recognized the need for this change of direction in Carpenter v. United States (2018) 138 S. Ct. 2206, where it instructed all courts to adopt rules that “take account of more sophisticated systems that are already in use or in development (Id. at 2218-19) and that courts have an obligation to safeguard constitutional rights and cannot permit those rights to be diminished merely due to the advancement of technology. (Id. at 2214.) In short, the Supreme Court concluded that citizens do not contemplate waiving their civil rights when using new technology, lest individuals would be left “at the mercy of advancing technology.” (Id.)
Taking its guidance from the United States Supreme Court, a district court in Oakland, California recently denied a search and seizure warrant that would have compelled the suspect to unlock his cell phone with his fingerprint and provide access to his Facebook Messenger accounts. In its denial of the warrant, the court correctly found that compelling a suspect to unlock his phone with his fingerprint violated the Fifth Amendment protections against self-incrimination.
And earlier this week the Illinois Supreme Court dismissed a challenge to the state’s biometric privacy law. Six Flags had fingerprinted a minor guest without permission and then challenged the law after being sued, claiming that there had to be evidence that the guest had actually been injured. The Court, in dismissing this challenge, recognized that biometrics “are biologically unique to the individual” and that “once compromised, the individual has no recourse,” so as to make harm automatic and unable to be remedied.
While it is true that a handful of court cases do not necessarily reflect a sea of change on the topic, it is nonetheless reassuring that courts are finally asking the right questions and are willing to looking at the issue of biometrics with an open mind. So while jumping into biometric information and security is still something that should not be done by businesses without careful consideration, there is at least reason to be optimistic that the law will continue to develop in the right direction and eventually provide consumers and businesses alike with the needed protection and guidance for this technology to be responsibly used.
TLDR: Changes in the way courts are thinking about biometrics means that businesses and consumers alike can be more confident about the use of biometric security; however, caution and careful consideration should still be used before using it to replace traditional security.
If you’re involved in a lawsuit or risk management and have any questions regarding current or potential legal issues, we would urge you to contact an attorney as soon as possible to obtain advice, guidance and representation. At Baker, Keener & Nahra, we have the experience, skill, and drive to get the best possible results for our clients, no matter the size of the case or the scope of the problem. So if we can be of any assistance to you, please contact us and let us know how we can help.