FBI makes suspect unlock iPhone X in first confirmed instance of forced Face ID
The FBI recently ordered a suspect to unlock his iPhone X via Face ID, in the first known example of police doing so anywhere in the world.
The incident occurred on Aug. 10, when the FBI searched the house of Grant Michalski in Columbus, Ohio during a child abuse investigation, Forbes reported on Sunday, citing court documents. Special agent David Knight ordered Michalski to face the iPhone, triggering Face ID.
Michalski was ultimately charged with receiving and possessing child pornography. The search uncovered related Kik conversations, including a chat with someone who was really an undercover officer.
Only some data was obtained from the iPhone however as the FBI didn't have Michalski's passcode, which put up roadblocks for forensic tools after the device had been locked for more than an hour. Knight noted he wasn't able to document things like app use or deleted files, but added that he'd discovered that the Columbus Police Department and the Ohio Bureau of Investigation have "technological devices that are capable of obtaining forensic extractions from locked iPhones without the passcode," presumably referring to hardware offered by Cellebrite and/or Grayshift.
A lawyer for Michalski, Steven Nolder, told Forbes that the FBI turned to Cellebrite, but has so far failed to get anything useful. He also commented that police are now using boilerplate language in warrants to cover Face ID.
Mandatory Touch ID unlocks have been happening for years, even being used on corpses. Though controversial the practice is currently legal, and sometimes claimed to be necessary by U.S. law enforcement since suspects can't be forced to turn over their passcodes. Conventional forensic tools are often defeated by the full-disk encryption and other security measures in iOS.
Cellebrite and Grayshift recently scored major contracts with the U.S. Secret Service, valued at $780,000 and $484,000, respectively. Grayshift also picked up a $384,000 deal with Immigration Customs Enforcement.
The incident occurred on Aug. 10, when the FBI searched the house of Grant Michalski in Columbus, Ohio during a child abuse investigation, Forbes reported on Sunday, citing court documents. Special agent David Knight ordered Michalski to face the iPhone, triggering Face ID.
Michalski was ultimately charged with receiving and possessing child pornography. The search uncovered related Kik conversations, including a chat with someone who was really an undercover officer.
Only some data was obtained from the iPhone however as the FBI didn't have Michalski's passcode, which put up roadblocks for forensic tools after the device had been locked for more than an hour. Knight noted he wasn't able to document things like app use or deleted files, but added that he'd discovered that the Columbus Police Department and the Ohio Bureau of Investigation have "technological devices that are capable of obtaining forensic extractions from locked iPhones without the passcode," presumably referring to hardware offered by Cellebrite and/or Grayshift.
A lawyer for Michalski, Steven Nolder, told Forbes that the FBI turned to Cellebrite, but has so far failed to get anything useful. He also commented that police are now using boilerplate language in warrants to cover Face ID.
Mandatory Touch ID unlocks have been happening for years, even being used on corpses. Though controversial the practice is currently legal, and sometimes claimed to be necessary by U.S. law enforcement since suspects can't be forced to turn over their passcodes. Conventional forensic tools are often defeated by the full-disk encryption and other security measures in iOS.
Cellebrite and Grayshift recently scored major contracts with the U.S. Secret Service, valued at $780,000 and $484,000, respectively. Grayshift also picked up a $384,000 deal with Immigration Customs Enforcement.
Comments
2) I'm glad he was dumb enough to use Face ID if it gets a child pornographer and child abuser off the streets.
3) Slight segue, but still very much the same issue: a recent study has shown that the one thing all human traffickers have in common is that they use the internet for sales. I wish we had better tools to stop this.
Do you support back doors to allow police to get into any device they want?
People do not need to have "something to hide" in order to hide "something". What is relevant is not what is hidden, rather the experience that there is an intimate area, which could be hidden, whose access should be restricted. Psychologically speaking, we become individuals through the discovery that we could hide something from others.
Julian Assange states: "There is no killer answer yet. Jacob Appelbaum (@ioerror) has a clever response, asking people who say this to then hand him their phone unlocked and pull down their pants. My version of that is to say, 'well, if you're so boring then we shouldn't be talking to you, and neither should anyone else', but philosophically, the real answer is this: Mass surveillance is a mass structural change. When society goes bad, it's going to take you with it, even if you are the blandest person on earth.
There's the security/IT-person part of me that wants to just yell "mooove", and show them how to secure data.
There's the privacy/integrity/politician/philosopher-part of me, that's very anti anyone being able to intrude on data that's basically an extension of our most inner thoughts.
And then there's that fantasy vigilante-persona, that after reading "child abuse" and "child pornography" would like to do things that would make even batman shy away in fear.
At the end of the day I'm just happy knowing that predators like these get caught because they are stupid, and that they can't help themselves talking to other people(/police).
(Then, of course, there's the group of personalities that are fighting about whether or not he should get medical help, or just have his private parts put into a meat grinder.)
Knowing that we basically know that the arms race, in this particular case, must, for technological reasons, end up being lost by "the government", should that compel us to take a certain stance on this issue?!
IMNSHO I think that knowing that those having something to hide always will be able to (successfully) do so, knowing that, we should protect the privacy/integrity of individuals before granting more powers to the government. Meaning that we should be against forced backdoors into iOS, against TSA accessing (non-public) social media etc.
Anyone here that feel that they have good arguments against this?
Didn't they have a warrant? This wasn't some case of them stopping a random guy on the street and looking for something to charge him with. Nor is it mass surveillance. Nor did they ask Apple for a risky backdoor. They had grounds for search. They searched. Where is your problem with this?
This! Exactly. I’ve long held the position in this debate that society is going to have to decide whether our minds are truly sacrosanct, in the long run, because there may very well come a day when we will be able to detect/scan/record/read thoughts directly from a human brain. And along the path to that day we need to determine whether smartphones and other personal data-containing devices represent an extension of our minds.
There already exists a technique that can infer some of what’s in a person’s mind. It’s a system that measures brain activity and it can tell with a very high degree of accuracy whether a person recognizes a scene shown to him/her. The example is a murder scene where the public has not been informed of the murder weapon, left at the crime scene, or shown the crime scene. A suspect is monitored while shown a series of images, some of a different location (a mock crime scene or unrelated one) along with images of the actual crime scene, and then the murder weapon. The method can accurately determine whether the suspect recognizes the actual crime scene and murder weapon. It’s a big leap from there to mind reading, because it’s generally accepted that everyone’s mind is a series of associations and snippets rather than whole stored images; a very complex set of data that can store the same memory vastly differently encoded from one brain to the next, but such inference techniques as described above might be able to take us a fair way along the path toward gathering data from a person’s mind, with or without his/her permission.
If you don’t give them your pin code, or open phone with fingerprint, you can be fined $5000 and have your device seized.
https://www.tvnz.co.nz/one-news/new-zealand/travellers-refusing-hand-over-phone-password-airport-now-face-5000-customs-fine
Just saying that there are different ways to implement backdoors to data.
Digital security is either that something is secure, or it isn't; there's no way to make digital security safe enough from criminals while at the same time be weak enough that it can be broken after some sort of legal review/warrant.
There have been several attempts at making solutions that have "secure" backdoors, but they've all ended up the same as with those suitcases with TSA approved locks (to which anyone can 3D-print a masterkey).
It's the world that evolves, and our previous view on security can't easily be applied to this new digital world.