Los Angeles court orders woman to unlock Touch ID-equipped iPhone for FBI
Through a Los Angeles court, the FBI recently obtained a warrant forcing a woman to unlock an iPhone equipped with Apple's Touch ID fingerprint technology, according to a report.
The woman, Paytsar Bkhchadzhyan, pleaded no contest to a felony charge of identity theft earlier this year, and was sentenced on Feb. 25, the Los Angeles Times said. Just 45 minutes after Bkhchadzhyan was taken into custody, U.S. Magistrate Judge Alicia Rosenberg approved a warrant forcing the Touch ID unlock. By 1 p.m. the same day an FBI agent had managed to take Bkhchadzhyan's print.
The iPhone was confiscated from a home in Glendale belonging to Sevak Mesrobian, a member of the Armenian Power gang, and Bkhchadzhyan's boyfriend. It's not known exactly why the FBI wanted access to Bkhchadzhyan's device, although Assistant U.S. Attorney Vicki Chou indicated that the search was part of an ongoing investigation, and an attorney that previously represented Bkhchadzhyan and Mesrobian -- George Mgdesyan -- said that while he isn't defending Bkhchadzhyan at the moment, the FBI may be looking into hacking and "other issues." Mesrobian has been in prison since Feb. 12.
The Glendale case isn't the first in which U.S. court officials have ordered someone to unlock a device with their fingerprint, but such incidents are relatively rare and still controversial. While fingerprints don't normally require warrants, for instance, the issue becomes more complex when they serve as a "key" to personal information. Some critics suggest this is a violation of the Fifth Amendment's protection against self-incrimination.
The Fifth Amendment means that a person can't be forced to supply a passcode, and indeed that's a particular problem for law enforcement when it comes to iPhones and iPads. iOS requires that a Touch ID user re-enter their passcode if a device is rebooted or hasn't been unlocked for 48 hours, which could potentially put data out of police reach.
The FBI has been managing to crack into some iPhones, but the techniques used may not apply to Touch ID devices, which have a "Secure Enclave" making hardware detours around encryption either difficult or impossible.
The woman, Paytsar Bkhchadzhyan, pleaded no contest to a felony charge of identity theft earlier this year, and was sentenced on Feb. 25, the Los Angeles Times said. Just 45 minutes after Bkhchadzhyan was taken into custody, U.S. Magistrate Judge Alicia Rosenberg approved a warrant forcing the Touch ID unlock. By 1 p.m. the same day an FBI agent had managed to take Bkhchadzhyan's print.
The iPhone was confiscated from a home in Glendale belonging to Sevak Mesrobian, a member of the Armenian Power gang, and Bkhchadzhyan's boyfriend. It's not known exactly why the FBI wanted access to Bkhchadzhyan's device, although Assistant U.S. Attorney Vicki Chou indicated that the search was part of an ongoing investigation, and an attorney that previously represented Bkhchadzhyan and Mesrobian -- George Mgdesyan -- said that while he isn't defending Bkhchadzhyan at the moment, the FBI may be looking into hacking and "other issues." Mesrobian has been in prison since Feb. 12.
The Glendale case isn't the first in which U.S. court officials have ordered someone to unlock a device with their fingerprint, but such incidents are relatively rare and still controversial. While fingerprints don't normally require warrants, for instance, the issue becomes more complex when they serve as a "key" to personal information. Some critics suggest this is a violation of the Fifth Amendment's protection against self-incrimination.
The Fifth Amendment means that a person can't be forced to supply a passcode, and indeed that's a particular problem for law enforcement when it comes to iPhones and iPads. iOS requires that a Touch ID user re-enter their passcode if a device is rebooted or hasn't been unlocked for 48 hours, which could potentially put data out of police reach.
The FBI has been managing to crack into some iPhones, but the techniques used may not apply to Touch ID devices, which have a "Secure Enclave" making hardware detours around encryption either difficult or impossible.
Comments
Anything you "have on you" (including your fingerprint) may legally be used against you. The contents of your brain (including a passcode) are secure (for now, at least until they perfect live brain activity scans and thought visualization...and believe it or not, this is being worked on).
This isn't correct. TouchID has numerous safeguards for this exact type of situation. TouchID does not use the fingerprint as a master password and is automatically disabled in these cases:
After 48 hours of non-use.
After a reboot.
After five incorrect attempts. (You cannot be forced to tell LEOs which finger it is).
If a lock command is sent to the device via Find My iPhone.
TouchID is meant to enable the usage of much longer and more secure passcodes without the risk of lookiloos seeing you enter it.
When TouchID is disabled, people tend to choose extremely short, 4 digit PINs due to how tedious it is to enter better passcodes on a mobile device.
I use the longest passcode I can
also 48 hours seems long they should 1/2 that in future iOS or iPhone iterations just my 2 cents
The IMF would have made a duplicate copy of the woman's phone and staged an 8.0 earthquake in an interrogation room with her phone, making her think all the Feds were killed, and giving her no other choice but to input her password to summon help to rescue her. IMF Would monitor the fake phone input and when they get the password, use it to unlock her real phone and then they would open up the door unharmed, and put her into custody again.
So much easier than all this legal stuff.
Spam has it right IMHO. If it's really all that big a deal to you, for whatever reason I can't personally imagine outside of doing something I'm going to jail for if they see it, then use a passcode rather than TouchID to secure your phone.
This is why my phone is no longer secured by Touch ID. It makes it a little more tedious to open it, but it's worth it. Yes, I'm a paranoid jerk. I no longer trust my government to respect my rights, so I take steps to protect them myself.
I'd also like to see Apple implement a "wipe" code and Touch ID. Touch with a specific finger, or input a specific wrong code, and the phone is wiped.
fMRI is a thing.
She is probably going to jail anyway. But a contempt charge could be overruled by a higher court that could possibly find the order illegal. In any event, being in local jail for contempt is much better than going to prison for identity theft.
I create and use the premise of "multi-factor authentication" with a great deal of security modifications for real-world systems. On my android phone, I have a "panic widget" that I made for the specific device that will wipe and brick if not authenticated via input from hardware keys (thank you Tasker). It's not to hide anything nefarious, just to enforce my right to privacy and frustrate those who would violate it.
I do believe there are reasons to "interrogate the phone" as a "witness" to illicit activity in extreme cases, but this just looks like the FBI slowly moving the cyber security bar little by little until it is simply accepted.
This will not work though, as someone like myself can have an app to encrypt, locked by another password only accessible by a third, and so on, including a self-destruct mechanism. Some of my email passwords were easy for me to remember, but nearly impossible to crack, even if you saw it on the screen yourself (hint: non-display characters, Unicode is just two letters from Unicorn, and passwords made with it are just as elusive).
*All* manner of security to a device should be customisable in every possible way to the user. I don't like presets...if I want my phone to lock after exactly 00:11:34:7533 of inactivity, I should be able to set it that way if I feel it protects my tin-foil hat from the aliens, or if I believe it increases my current gas mileage...or maybe just because I simply want to...
I wouldn't want to rely on TouchID anyway. Should you say, get a cut on your finger, your fingerprint could change enough to make it invalid. The only saving grace would be the actual passcode after failed attempts. Crack the fascia glass over the reader, and it may never work reliably again.
They're learning and slowly adapting to the improved technology.