Idaho judge denies warrant to compel suspect to unlock smartphone with biometrics

Posted:
in iPhone
An Idaho court has denied a warrant asking for authorization for law enforcement to make a smartphone owner unlock their device with their fingerprint, with the decision the latest in an ongoing debate on whether or not police and security services have the right to unlock biometric security on a device like the iPhone's Face ID or Touch ID.




The introduction of biometric security on mobile devices has helped make it easier to keep documents and media safe from prying eyes, at the same time as simplifying access to the content. Law enforcement officials, which are keen to gain access to computing devices to acquire evidence, have found ways to bypass security that works within the law, but in many cases attempts to acquire warrants relating to biometrics are not granted for constitutional reasons.

In a US district court filing in Idaho concerning a sealed complaint, dated May 8, law enforcement officials obtained a warrant for the search of an individual, their vehicle, and place of residence, due to suspicious of the presence of child pornography. The warrant allowed for the seizure of computers, mobile devices, and other items if they were deemed to be evidence of a crime.

As part of the search, officers seized a Google Pixel 3 XL from the residence's bathroom, but it was locked and could be opened by solving a swipe pattern or using a fingerprint. As the suspect was arrested but declined to unlock the device, officers petitioned the court for a warrant to compel the person to unlock it, claiming that the device was owned by the suspect as they identified it was in the bathroom prior to answering the door and being arrested.

The judge declined to grant that particular warrant, citing issues with both the fourth amendment and the fifth amendment. Under the fourth, the search and seizure would be lawful if it was "reasonable," and would be unreasonable if it violated the person's constitutional rights, so the search had the potential to go ahead.

However, the fifth amendment protects against self-incrimination, which the judge believed applied as the compelled unlocking via fingerprint would determine ownership or control over the device. As it was not possible to determine ownership before unlocking, this would in effect incriminate the person via the act of unlocking.

In the end, Chief US Magistrate Judge Ronald E. Bush denied the application.






The use of biometrics and law enforcement's aims in relation to the US constitution has been an issue for some time, with judges varying between states and cases as to whether or not permit members of law enforcement the ability to abuse the biometric security process to gain access without requiring a username or password.

Passwords and passcodes can be stated as a "testimonial communication" in the eyes of a court, meaning that they can be uttered and used as evidence due to the suspect advising of the codes willfully. Biometrics, however, can be acquired through unwilling means, making their legal status less clear cut.

On May 3, a Massachusetts judge granted a warrant to unlock an iPhone with Touch ID in a case relating to gun trafficking. The time-limited warrant may not necessarily have been used successfully, as there is a limited window available to use a fingerprint before Touch ID demands a passcode is used.

A January court filing in California denied a warrant as it risked running "afoul of the Fourth and Fifth Amendments," as well as for being "overbroad" in targeting any devices at a crime scene, rather than ones owned by the suspect.

A 2016 case had a woman forced to use Touch ID on an iPhone confiscated from a property owned by an Armenian Power gang member, in prison at the time for unrelated charges. The fingers of corpses have also been used on iPhones to try and unlock them, though with limited success.

Face ID has also been the subject of warrants, including one in August 2018 where the FBI wanted to unlock an iPhone X as part of a child abuse investigation in Columbus. Face ID's security policies has also led to a warning to police form a forensic firm warning not to look at the display of an iPhone X or other Face ID-equipped device, to avoid accidentally attempting an unlock that would almost certainly fail.

«1

Comments

  • Reply 1 of 31
    22july201322july2013 Posts: 663member
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    bigtdsburnsidedewme
  • Reply 2 of 31
    22july201322july2013 Posts: 663member
    I didn't read the whole ruling. Would the ruling also potentially also apply to a Face ID biometric?
  • Reply 3 of 31
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    n2itivguy
  • Reply 4 of 31
    This makes me happy to live in Idaho. Also, you don't HAVE to use the biometrics. Use a 16 digit code to access your phone so they don't hold it up to your face or cut your finger off to get access. Biometrics is a complacency that can get you in trouble. I've seen people pass out at parties and other people unlock their phones with finger tips. I'm glad they are upholding the rules of personal devices. This puts confidence into the consumer's pocket. There are millions of "what if" scenarios on the need to force access, but like I said before, use a 16 digit code if your planning on doing dirt, not bio-metrics. I do like the idea of zeroing out a device if a certain digit is used as a counter measure. Ooh Rah on that one.
    chasm
  • Reply 5 of 31
    MplsPMplsP Posts: 1,370member
    The judge cited a combination of 4th and 5th amendment questions; if the authorities can prove that the phone belongs to the suspect how would that affect the ruling? It seems like it should be easy to verify the ownership via service records. 
  • Reply 6 of 31
    macguimacgui Posts: 1,260member
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    It's only evidence one seized by police. At least have the 'fingerprint wipe' feature would allow you to quickly erase the phone before it's seized, if you have that opportunity.

    Though it would need system level access, having an app with a 'deadman's switch' might also work. Failure to check in with the switch (not necessarily the phone) would wipe it unless the app were accessed within a specified time frame. It could be initiated with a 'self-destruct' finger print or Siri shortcut. Getting that level of access would be the sticking point. 
  • Reply 7 of 31
    MplsPMplsP Posts: 1,370member
    macgui said:
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    It's only evidence one seized by police. At least have the 'fingerprint wipe' feature would allow you to quickly erase the phone before it's seized, if you have that opportunity.

    Though it would need system level access, having an app with a 'deadman's switch' might also work. Failure to check in with the switch (not necessarily the phone) would wipe it unless the app were accessed within a specified time frame. It could be initiated with a 'self-destruct' finger print or Siri shortcut. Getting that level of access would be the sticking point. 
    Not necessarily. If you have reason to believe that something may pertain to a crime or investigation then it's considered evidence regardless of whether it's in police custody or not.
    n2itivguy
  • Reply 8 of 31
    lkrupplkrupp Posts: 7,088member
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
    MplsPNotsofast
  • Reply 9 of 31
    chasmchasm Posts: 1,543member
    My understanding of US law is that a suspect can be compelled to give up a passcode with a warrant, but not biometrics. Did these officers and judge not know that a passcode is the fallback to all these other methods? There’s some information missing in the story regarding that.

    Having said that, I’m very glad the judge followed the law and disallowed the forcing of biometrics. As for those who use biometrics but have concerns, Apple (don’t know about Android, but I expect same) has a method to quickly disable biometric entry (rapid pressing of home button five times — same as calling emergency services), which prevents abuse of Face or Touch ID. Perhaps there is a Siri Shortcut that could be created to easily/quickly put a phone in “lost mode” before the cops (or robbers) take it from you.

    Face ID and Touch ID are incredibly useful but everyone who uses them should know the disabling shortcut, at the very least.
    edited May 13
  • Reply 10 of 31
    flydogflydog Posts: 280member
    MplsP said:
    The judge cited a combination of 4th and 5th amendment questions; if the authorities can prove that the phone belongs to the suspect how would that affect the ruling? It seems like it should be easy to verify the ownership via service records. 
    The article does a poor job of paraphrasing and interpreting the opinion. Whether police can prove ownership is irrelevant.  The issue is whether unlocking a phone with biometrics is self incrimination. Because only the owner can unlock the phone the answer is yes, and therefore it violates the 5th amendment.

    There’s no “we can prove what you would have testified about anyway” exception to the 5th amendment. 
  • Reply 11 of 31
    flydogflydog Posts: 280member

    lkrupp said:
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
    You can’t legislate away constitutional rights, so no. 
  • Reply 12 of 31
    sdw2001sdw2001 Posts: 17,035member
    If there is probable cause that child porn was on the device, I think a warrant should be granted.   That’s how it works for other warrants.  Make law enforcement specify what they are looking for.  What is the difference between a biometric lock and them searching your house, files, etc?  Seems not to be any.   
  • Reply 13 of 31
    flydogflydog Posts: 280member
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    There’s no “destroying evidence” crime. There’s obstruction with justice, which is when you knowingly interfere with an investigation by concealing, destroying, or tampering with evidence. That requires proof that the person who allegedly obstructed knew that a crime was committed and that the conduct would interfere with the investigation.

    Creating a a mechanism as described above would not be obstruction of justice, just as it isn’t illegal to manufacture paper shredders. Using it after a crime was committed to knowingly conceal evidence of that crime could be.  
  • Reply 14 of 31
    22july201322july2013 Posts: 663member
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    Wow, are you missing my point. It's not the user who would be destroying evidence, it's the police who are destroying it if they take each of your fingers to try to unlock it. The user can say he doesn't remember which fingers wipe, and they can't prove he's lying. The courts cannot compel you to reveal passwords or incriminating evidence. They can compel you to hand over a key to unlock your safe, but not a password for that safe. I'm talking about US constitutional law, even though I'm not American.
  • Reply 15 of 31
    22july201322july2013 Posts: 663member

    This makes me happy to live in Idaho. Also, you don't HAVE to use the biometrics. Use a 16 digit code to access your phone 
    And you too are missing my point. A biometric is effectively a password if one finger unlocks and nine other fingers wipe. It's not a great password, since there's a one in ten chance the police could unlock it, but most police would refrain from trying even with 50-50 odds, because they would be destroying evidence.
  • Reply 16 of 31
    22july201322july2013 Posts: 663member

    MplsP said:
    macgui said:

    It's only evidence one seized by police.  
    Not necessarily. If you have reason to believe that something may pertain to a crime or investigation then it's considered evidence regardless of whether it's in police custody or not.
    Even if you are right, I never said YOU had to do the wiping. It's the police who won't use your fingerprints if they are worried the wrong fingerprint would wipe it.
  • Reply 17 of 31
    22july201322july2013 Posts: 663member

    lkrupp said:
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    Stuff like this would almost guarantee government back door legislation, in effect allowing the government to get into any device with a warrant just like they can now drill out your safe deposit box if you refuse to give them the key. People blather on about the 4th and 5th amendments but as one scholar pointed out, the fourth amendment only guarantees unreasonable search and seizure not any and all search and seizure. With a warrant issued by a judge and with probable cause there’s not much of an argument here.
    You have 7000 posts so I respect that, but I guess even 7000 doesn't make you infallible. We already have passwords for protecting phones, and there currently is no back door legislation. So adding a different password, namely which finger to unlock and which to wipe, won't make anyone change the law. And by the way, you can't refuse to give them the key to a safe deposit box (so now that's two errors from a 7000 poster). You can however refuse to give them a combination. And I think you're missing the point that search and seizure can NEVER apply to what's in your head. Is that three errors then? Off topic, may I please quote John Malkovich, "It's my HEAD, Schwartz, it's my HEAD."
  • Reply 18 of 31
    22july201322july2013 Posts: 663member

    chasm said:
    My understanding of US law is that a suspect can be compelled to give up a passcode with a warrant, but not biometrics. Did these officers and judge not know that a passcode is the fallback to all these other methods? There’s some information missing in the story regarding that. Having said that, I’m very glad the judge followed the law and disallowed the forcing of biometrics. 
    No, sigh, why is everybody wrong. Courts have generally accepted that telling the government a password or encryption key is “testimony". If any court or grand jury attempts to compel you to reveal a password you will get free legal support from the EFF. Not only are you wrong about giving up passwords, but you're missing the point. It's not any US law that matters, it's what the US constitution says. The constitution is neither federal nor state law. It is "the constitution" (and states must have their own constitution but the federal one trumps theirs.) I don't care about what any judge says about any law. I don't even care what any lower court judge says about the constitution. The final words comes from the US Supreme Court, and that's all that really matters. But you aren't alone. I have the same problem explaining these things to Canadians, where we share many of the same components of your constitution, worded differently.
  • Reply 19 of 31
    22july201322july2013 Posts: 663member

    sdw2001 said:
    If there is probable cause that child porn was on the device, I think a warrant should be granted.   That’s how it works for other warrants.  Make law enforcement specify what they are looking for.  What is the difference between a biometric lock and them searching your house, files, etc?  Seems not to be any.   
    Of course, you must agree that all warrants and laws are irrelevant to this issue if the US constitution, as interpreted by the US Supreme Court, declares the handing over of biometrics to be against the amendment protecting citizens from unreasonable search and seizure (I mean: providing incriminating evidence). The courts have said if you are dead you no longer have that protection, so some police have tried using dead fingers on iPhones but have failed to gain access. They didn't get in trouble for doing that. But using biometrics on a living human being, that's a line that the courts seem to be prohibiting as this story indicates. 
    edited May 13
  • Reply 20 of 31
    22july201322july2013 Posts: 663member

    flydog said:
    As I've said before, this whole issue becomes moot if Apple or other vendors allowed users to program one or more fingerprints to zeroize the phone upon usage. That's because only the phone's user knows which finger is the one that grants access and which finger zeroizes the phone. That's a password and no court can compel a password to be provided. 
    That could potentially constitute destroying evidence however, and I doubt that Apple would open themselves up to that accusation.  If destroying the phone itself can be so construed (and it can), so is destroying its contents.  Just as it's illegal to shred documents or set some kind of destructive device in a safe to destroy the contents.
    There’s no “destroying evidence” crime. There’s obstruction with justice, which is when you knowingly interfere with an investigation by concealing, destroying, or tampering with evidence. That requires proof that the person who allegedly obstructed knew that a crime was committed and that the conduct would interfere with the investigation.

    Creating a a mechanism as described above would not be obstruction of justice, just as it isn’t illegal to manufacture paper shredders. Using it after a crime was committed to knowingly conceal evidence of that crime could be.  
    Congratulations - there is a small possibility that you are right about obstruction; I'm not sure. But even if you are right, it's very unlikely that any jury in America would convict anyone of that crime since there's no way the prosecutor could know "beyond a reasonable doubt" that there was anything inculpatory on the phone you zeroized. The jury would not convict. They would consider it prosecutorial overreach. The prosecutor couldn't prove that there was evidence on the phone unless he already had it.
Sign In or Register to comment.