Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,942
34,730



touch_id_finger-250x344.jpg
For the first time in a federal case, authorities in a Los Angeles courtroom have issued a search warrant forcing a woman to bypass her iPhone's biometric security using Apple's Touch ID system (via LA Times). The woman in question -- Paytsar Bkhchadzhyan -- was arrested due to charges of identity theft and had previous strings of various criminal convictions.

According to jail records, U.S. Magistrate Judge Alicia Rosenberg signed the Touch ID-related search warrant about 45 minutes after Bkhchadzhyan was taken into custody on February 25. By the afternoon of her arrest, the suspect pleaded no contest to the charges of identity theft and gave the court her fingerprint to unlock the iPhone.

Police recovered Bkhchadzhyan's smartphone at the residence of her boyfriend, Sevak Mesrobian, known to be the member of a local gang, so it's unclear whether the contents of the device were sought after due to Bkhchadzhyan's crimes or her proximity to Mesrobian's gang.

The court's decision in the case follows the thin rules regarding a person's Fifth Amendment's protection against self-incrimination, which relates that numeric passcodes are protected individual privacies, but fingerprints are not. For this reason, some believe new modern laws need to be enacted specifically detailing fingerprint-related security features.
"It isn't about fingerprints and the biometric readers," said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, "the contents of that phone, much of which will be about her, and a lot of that could be incriminating."

Even with the limited outlines of the inquiry, Brenner said the act of compelling a person in custody to press her finger against a phone breached the Fifth Amendment's protection against self-incrimination. It forced Bkchadzhyan to testify -- without uttering a word -- because by moving her finger and unlocking the phone, she authenticated its contents.
Still, others believe the biometric nature of Touch ID might largely follow in line with the 5th Amendment's prohibition of self-incrimination. "Unlike disclosing passcodes, you are not compelled to speak or say what's 'in your mind' to law enforcement," Albert Gidari, the director of privacy at Stanford Law School's Center for Internet and Society, said. "'Put your finger here' is not testimonial or self-incriminating."

This line of thinking flows directly from a 2014 case in Virginia, wherein a judge ruled that a man could not be ordered to present his passcode to the court, because that "entailed revealing knowledge and therefore testifying." Using Touch ID on his iPhone was ruled legal, however, and compared to providing the court with a key, instead of divulging information known only to him.

Although unrelated, the Los Angeles case follows a couple of months of heated debate between Apple and the FBI, as the government agency attempted to compel Apple into helping it hack into the iPhone of San Bernardino shooter Syed Farook. Eventually the FBI withdrew its lawsuit after finding its own way into the iPhone 5c, which reportedly cost the agency less than $1 million.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Judge Grants Search Warrant Forcing Woman to Unlock iPhone With Touch ID
 
If you're arrested for allegedly committing a crime and the courts order you to use your physical key to open a safe deposit box so they can examine the contents, is that legal? It seems like this case would be no different, with a key of a more modern kind being used to access the files.
 
Mainstream civil libertarians don't really have an issue with this. Courts have long held that you have the right to remain silent and thus can keep your password a secret in your head. But you do not have the right to withhold a fingerprint, a cheek swab or something else, with a warrant.
 
Just keep trying the wrong finger until iOS demands your actual password.

only 10 times if you have the wipe feature enabled

Touchid is a great convience, but if you are very serious about privacy/security, disable it and use a long passcodes, it's very hard to remember those codes when stressed....

yup
 
If you're arrested for allegedly committing a crime and the courts order you to use your physical key to open a safe deposit box so they can examine the contents, is that legal? It seems like this case would be no different, with a key of a more modern kind being used to access the files.

This is a great analogy.

The only difference I can think of is brute force. The police can open most physical locks if you refuse to comply with a valid court order. In the case of the safety deposit box, they can subpoena the bank to open it for them. They seem to have trouble opening digital ones though. Not saying this is a reason to throw away all privacy, but it is a difference between the physical world and the digital one, at least for now.
 
Not sure how I feel about this yet, except to say that it's better than broadly installing back doors in every American operating system.

Was also thinking this: Couldn't they just take her fingerprints when they book her and then recreate them using that really complicated Touch ID hack? So even if this gets overruled somehow, I don't think it preludes them from using that hack. The only problem is they have 48 hours to do it before the phone requires a passcode. It's a trick to pull off—that much is certain! But doable in some cases.
 
  • Like
Reactions: Howyalikdemapls
Wait a minute, isn't the passcode automatically required after 48 hours of the phone being locked, or anytime after reboot?

The legal proceeding likely took longer than 48 hours after the phone was confiscated, no? So either A, the battery died, or B, 48 hours passed requiring the passcode.

Unless I'm mistaken, what's the point of this?

Edit: nevermind, I should read the article a bit next time, lol, the warrant was issued 45 minutes after she was arrested.
 
Wait a minute, isn't the passcode automatically required after 48 hours of the phone being locked, or anytime after reboot?

The legal proceeding likely took longer than 48 hours after the phone was confiscated, no? So either A, the battery died, or B, 48 hours passed requiring the passcode.

Unless I'm mistaken, what's the point of this?
It right in the article says they signed the warrant 45 minutes after taken into custody.
 
A fingerprint can be compelled. The courts have decided this. You cannot be compelled to provide a password.
The difference is in the definition of self incrimination and something that exists without you needed to be a party. Your fingerprint exists and you can be compelled to provide a fingerprint as evidence. Forcing disclosure of a password, implies speech and that cannot be compelled.

No issue. If you a a criminal, lock with a passcode or reboot your phone.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.