Los Angeles court orders woman to unlock Touch ID-equipped iPhone for FBI

Posted:
in iPhone
Through a Los Angeles court, the FBI recently obtained a warrant forcing a woman to unlock an iPhone equipped with Apple's Touch ID fingerprint technology, according to a report.




The woman, Paytsar Bkhchadzhyan, pleaded no contest to a felony charge of identity theft earlier this year, and was sentenced on Feb. 25, the Los Angeles Times said. Just 45 minutes after Bkhchadzhyan was taken into custody, U.S. Magistrate Judge Alicia Rosenberg approved a warrant forcing the Touch ID unlock. By 1 p.m. the same day an FBI agent had managed to take Bkhchadzhyan's print.

The iPhone was confiscated from a home in Glendale belonging to Sevak Mesrobian, a member of the Armenian Power gang, and Bkhchadzhyan's boyfriend. It's not known exactly why the FBI wanted access to Bkhchadzhyan's device, although Assistant U.S. Attorney Vicki Chou indicated that the search was part of an ongoing investigation, and an attorney that previously represented Bkhchadzhyan and Mesrobian -- George Mgdesyan -- said that while he isn't defending Bkhchadzhyan at the moment, the FBI may be looking into hacking and "other issues." Mesrobian has been in prison since Feb. 12.

The Glendale case isn't the first in which U.S. court officials have ordered someone to unlock a device with their fingerprint, but such incidents are relatively rare and still controversial. While fingerprints don't normally require warrants, for instance, the issue becomes more complex when they serve as a "key" to personal information. Some critics suggest this is a violation of the Fifth Amendment's protection against self-incrimination.

The Fifth Amendment means that a person can't be forced to supply a passcode, and indeed that's a particular problem for law enforcement when it comes to iPhones and iPads. iOS requires that a Touch ID user re-enter their passcode if a device is rebooted or hasn't been unlocked for 48 hours, which could potentially put data out of police reach.

The FBI has been managing to crack into some iPhones, but the techniques used may not apply to Touch ID devices, which have a "Secure Enclave" making hardware detours around encryption either difficult or impossible.
«13

Comments

  • Reply 1 of 42
    SpamSandwichSpamSandwich Posts: 30,862member
    As I've mentioned a number of times, for any who require complete security with their iPhone, Touch ID should only be used for Apple Pay, but not to open the phone.

    Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).
    edited May 2016 jbdragonlongpathstevehcornchipcaliaaron sorensonbadmonk
  • Reply 2 of 42
    RosynaRosyna Posts: 82member
    As I've mentioned a number of times, for any who require complete security with their iPhone, Touch ID should only be used for Apple Pay, but not to open the phone.

    Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).

    This isn't correct. TouchID has numerous safeguards for this exact type of situation. TouchID does not use the fingerprint as a master password and is automatically disabled in these cases:

    After 48 hours of non-use.
    After a reboot.
    After five incorrect attempts. (You cannot be forced to tell LEOs which finger it is).
    If a lock command is sent to the device via Find My iPhone.

    TouchID is meant to enable the usage of much longer and more secure passcodes without the risk of lookiloos seeing you enter it.

    When TouchID is disabled, people tend to choose extremely short, 4 digit PINs due to how tedious it is to enter better passcodes on a mobile device.
    redraider11iosfangirl6001williamlondonquadra 610banchopotatoleeksoupmagman1979caliration aljony0
  • Reply 3 of 42
    antonpabloantonpablo Posts: 90member
    Apple should provide options aside from the standard 48 hrs to shorten the window to include 12, 24, 1, to fully customizable.
    ration albaconstangaaron sorensonjony0badmonk
  • Reply 4 of 42
    longpathlongpath Posts: 217member
    As I've mentioned a number of times, for any who require complete security with their iPhone, Touch ID should only be used for Apple Pay, but not to open the phone.

    Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization).
    Completely agree with your assessment; but can't help but find that this is yet another example of the Founders (at least the Anti-Federalists) being excessively trusting, failing dismally to see that trusting the state to never expand the scope of its powers and actually enforce its own limitations, without any explicit sanctions, was a pipe dream. Clearly, this is an area where the Fifth Amendment has been eroded; but the state bears no penalty for having done so. Indeed, even if SCOTUS should eventually overturn all such cases involving involuntary use of fingerprint readers as a violation of the Fifth Amendment, no prosecutor, legislator, or police officer will ever suffer any sanction for their part in involuntarily compelling the use of the fingerprint readers.
    jbdragoncornchipSpamSandwichcalibaconstangjony0badmonk
  • Reply 5 of 42
    Rosyna said:
    As I've mentioned a number of times, for any who require complete security with their iPhone, Touch ID should only be used for Apple Pay, but not to open the phone.

    Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).

    This isn't correct. TouchID has numerous safeguards for this exact type of situation. TouchID does not use the fingerprint as a master password and is automatically disabled in these cases:

    After 48 hours of non-use.
    After a reboot.
    After five incorrect attempts. (You cannot be forced to tell LEOs which finger it is).
    If a lock command is sent to the device via Find My iPhone.

    TouchID is meant to enable the usage of much longer and more secure passcodes without the risk of lookiloos seeing you enter it.

    When TouchID is disabled, people tend to choose extremely short, 4 digit PINs due to how tedious it is to enter better passcodes on a mobile device.

    I use the longest passcode I can 
    also 48 hours seems long they should 1/2 that in future iOS or iPhone iterations just my 2 cents 
    badmonk
  • Reply 6 of 42
    cashxxcashxx Posts: 102member
    I'd tell them to go to hell! Invasion of right to privacy!
    williamlondonmagman1979calibadmonk
  • Reply 7 of 42
    mac_128mac_128 Posts: 3,400member
    MISSION IMPOSSIBLE was so much better at this.

    The IMF would have made a duplicate copy of the woman's phone and staged an 8.0 earthquake in an interrogation room with her phone, making her think all the Feds were killed, and giving her no other choice but to input her password to summon help to rescue her. IMF Would monitor the fake phone input and when they get the password, use it to unlock her real phone and then they would open up the door unharmed, and put her into custody again. 

    So much easier than all this legal stuff.
    edited May 2016 jbdragonnolamacguyicoco3baconstangjony0ktappebestkeptsecretargonaut
  • Reply 8 of 42
    jbdragonjbdragon Posts: 2,043member
    cashxx said:
    I'd tell them to go to hell! Invasion of right to privacy!
    That won't work. The police can already just fingerprint you. So it's not much of a step to use the same finger prints on your phone to unlock. In fact going the extra step to get a warrant is generally not needed. This is a issue that needs to be fixed, but I don't see it happening any time soon. If they started working on a fix, the end result would be even worse.
    SpamSandwich
  • Reply 9 of 42
    gatorguygatorguy Posts: 20,297member
    sog35 said:
    easy solution.

    She should put liquid on her finger. 5 tries and it will ask for password.
    And then she goes to jail for not following the legal order compelling her to unlock it.  Maybe easy for you. I wouldn't call it that nor would I go to jail "on principle". I had that choice back in the early 70's and didn't choose to go to jail then either. 

    Spam has it right IMHO. If it's really all that big a deal to you, for whatever reason I can't personally imagine outside of doing something I'm going to jail for if they see it, then use a passcode rather than TouchID to secure your phone. 
    edited May 2016 SpamSandwichration albaconstang
  • Reply 10 of 42

    This is why my phone is no longer secured by Touch ID.  It makes it a little more tedious to open it, but it's worth it.  Yes, I'm a paranoid jerk.  I no longer trust my government to respect my rights, so I take steps to protect them myself.

    I'd also like to see Apple implement a "wipe" code and Touch ID.  Touch with a specific finger, or input a specific wrong code, and the phone is wiped.

    SpamSandwichpotatoleeksoupmagman1979calibadmonkargonaut
  • Reply 11 of 42
    eightzeroeightzero Posts: 2,292member
    Privacy, meh. What do these people have to hide?

    The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).
    fMRI is a thing.
  • Reply 12 of 42
    wizard69wizard69 Posts: 12,720member
    longpath said:
    As I've mentioned a number of times, for any who require complete security with their iPhone, Touch ID should only be used for Apple Pay, but not to open the phone.

    Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization).
    Completely agree with your assessment; but can't help but find that this is yet another example of the Founders (at least the Anti-Federalists) being excessively trusting, failing dismally to see that trusting the state to never expand the scope of its powers and actually enforce its own limitations, without any explicit sanctions, was a pipe dream. Clearly, this is an area where the Fifth Amendment has been eroded; but the state bears no penalty for having done so. Indeed, even if SCOTUS should eventually overturn all such cases involving involuntary use of fingerprint readers as a violation of the Fifth Amendment, no prosecutor, legislator, or police officer will ever suffer any sanction for their part in involuntarily compelling the use of the fingerprint readers.
    This is one of the reasons I support the NRA and other organizations trying to protect the Bill of Rights. If we loose the right to bear arms the rest of the Bill of Rights will be trashed rather quickly. This administration has been rather active in attacking the Constitution and the Bill of Rights, so this isn't some pipe dream. Unfortunately there doesn't seem to be a political party right now willing to stand up for our freedoms. While it doesn't do much good each and everyone of us must make a point to impress on our elected represetives just how important the Constitution is. Many don't give a damn but there are a few elected officials that still represent their constituents.
    potatoleeksoupbuzdotscaliicoco3
  • Reply 13 of 42
    VisualSeedVisualSeed Posts: 217member
    Rosyna said:

    This isn't correct. TouchID has numerous safeguards for this exact type of situation. TouchID does not use the fingerprint as a master password and is automatically disabled in these cases:

    After 48 hours of non-use.
    After a reboot.
    After five incorrect attempts. (You cannot be forced to tell LEOs which finger it is).
    If a lock command is sent to the device via Find My iPhone.

    TouchID is meant to enable the usage of much longer and more secure passcodes without the risk of lookiloos seeing you enter it.

    When TouchID is disabled, people tend to choose extremely short, 4 digit PINs due to how tedious it is to enter better passcodes on a mobile device.

    I use the longest passcode I can 
    also 48 hours seems long they should 1/2 that in future iOS or iPhone iterations just my 2 cents 
    I would have delayed until 48 hours lapsed. Certainly would have faced contempt charges and possible confinement but it wouldn't be indefinite. Grabbing my hand and forcing me to unlock the phone would by all counts be considered assault. I would have done this if I was innocent or guilty. If they want on your phone that bad, no matter what they find they will look for ways to make it incriminating. 
    edited May 2016 potatoleeksoupcali
  • Reply 14 of 42
    VisualSeedVisualSeed Posts: 217member

    gatorguy said:
    sog35 said:
    easy solution.

    She should put liquid on her finger. 5 tries and it will ask for password.
    And then she goes to jail for not following the legal order compelling her to unlock it.  Maybe easy for you. I wouldn't call it that nor would I go to jail "on principle". I had that choice back in the early 70's and didn't choose to go to jail then either. 

    Spam has it right IMHO. If it's really all that big a deal to you, for whatever reason I can't personally imagine outside of doing something I'm going to jail for if they see it, then use a passcode rather than TouchID to secure your phone. 
    She is probably going to jail anyway. But a contempt charge could be overruled by a higher court that could possibly find the order illegal. In any event, being in local jail for contempt is much better than going to prison for identity theft.  
  • Reply 15 of 42
    What I would want to suggest to Apple is to use the fingerprint ID not just for one finger, but a sequence of them e.g. index, thumb, ring, pinky, etc, like a numerical passcode. You can't keep them from taking your fingerprints, but you don't have to reveal the sequence.

    I create and use the premise of "multi-factor authentication" with a great deal of security modifications for real-world systems. On my android phone, I have a "panic widget" that I made for the specific device that will wipe and brick if not authenticated via input from hardware keys (thank you Tasker). It's not to hide anything nefarious, just to enforce my right to privacy and frustrate those who would violate it.

    I do believe there are reasons to "interrogate the phone" as a "witness" to illicit activity in extreme cases, but this just looks like the FBI slowly moving the cyber security bar little by little until it is simply accepted.

    This will not work though, as someone like myself can have an app to encrypt, locked by another password only accessible by a third, and so on, including a self-destruct mechanism. Some of my email passwords were easy for me to remember, but nearly impossible to crack, even if you saw it on the screen yourself (hint: non-display characters, Unicode is just two letters from Unicorn, and passwords made with it are just as elusive).

    *All* manner of security to a device should be customisable in every possible way to the user. I don't like presets...if I want my phone to lock after exactly 00:11:34:7533 of inactivity, I should be able to set it that way if I feel it protects my tin-foil hat from the aliens, or if I believe it increases my current gas mileage...or maybe just because I simply want to...

    I wouldn't want to rely on TouchID anyway. Should you say, get a cut on your finger, your fingerprint could change enough to make it invalid. The only saving grace would be the actual passcode after failed attempts. Crack the fascia glass over the reader, and it may never work reliably again.
  • Reply 16 of 42
    wizard69wizard69 Posts: 12,720member
    eightzero said:
    Privacy, meh. What do these people have to hide?

    The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).
    fMRI is a thing.
    This issue has little to do with privacy and everything to do with the erosion of freedoms outlined in the Bill of Rights. One of those freedoms is the idea that you can't be a witness against yourself. Seriously download a copy to the Constitution and the Bill of Rghts and read it. If you don't understand it get somebody to explain it to you. It is extremely sad people don't give a damn about this country and the significant erosion of our freedoms in the last ten or so years.
    SpamSandwichpotatoleeksoupcalircfa
  • Reply 17 of 42
    SpamSandwichSpamSandwich Posts: 30,862member
    wizard69 said:
    longpath said:
    Completely agree with your assessment; but can't help but find that this is yet another example of the Founders (at least the Anti-Federalists) being excessively trusting, failing dismally to see that trusting the state to never expand the scope of its powers and actually enforce its own limitations, without any explicit sanctions, was a pipe dream. Clearly, this is an area where the Fifth Amendment has been eroded; but the state bears no penalty for having done so. Indeed, even if SCOTUS should eventually overturn all such cases involving involuntary use of fingerprint readers as a violation of the Fifth Amendment, no prosecutor, legislator, or police officer will ever suffer any sanction for their part in involuntarily compelling the use of the fingerprint readers.
    This is one of the reasons I support the NRA and other organizations trying to protect the Bill of Rights. If we loose the right to bear arms the rest of the Bill of Rights will be trashed rather quickly. This administration has been rather active in attacking the Constitution and the Bill of Rights, so this isn't some pipe dream. Unfortunately there doesn't seem to be a political party right now willing to stand up for our freedoms. While it doesn't do much good each and everyone of us must make a point to impress on our elected represetives just how important the Constitution is. Many don't give a damn but there are a few elected officials that still represent their constituents.
    FYI, the GOA does a better job representing the rights and interests of citizens than the NRA.
    pacificfilmbaconstang
  • Reply 18 of 42
    El2016El2016 Posts: 7member
    eightzero said:
    Privacy, meh. What do these people have to hide?

    The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).
    fMRI is a thing.
    Hmm, interesting (though unrelated) point... can Functional Magnetic Resonance Imaging be used as a lie detector test? It shows you what sections of the brain are used for thinking about a subject, that should give some indication about whether you are remembering an answer or making one up, shouldn't it?
  • Reply 19 of 42
    nasseraenasserae Posts: 3,153member
    sog35 said:
    easy solution.

    She should put liquid on her finger. 5 tries and it will ask for password.
    They don't need her to touch the iPhone.




  • Reply 20 of 42
    mike1mike1 Posts: 1,852member
    Actually, by obtaining a warrant to compel her to unlock the phone, they did the right thing. Same as getting a warrant to draw blood after failing a breath test.
    They're learning and slowly adapting to the improved technology.
    baconstang
Sign In or Register to comment.