Judge Grants Search Warrant Forcing Woman to Unlock iPhone With Touch ID

[techwhiz]

The courts, not surprisingly, are wrong and that's a distinction without a difference. The whole notion of TouchID verification is predicated on the idea of uniqueness and lack of single-step reproducibility, just like a mentally-held combination or password. Courts have rendered numerous decisions in recent years that are blatantly unconstitutional. It is merely the general acceptance of the population at large, and their unwillingness to engage in broad civil dissent, that allows it to continue. That failure to object does not make it any more legal than blue or segregation laws were.

Actually the judge's ruling made the distinction very clear.
A password requires speech and/or testimony against oneself. It is covered by the 5th.
A fingerprint, just like a DNA sample does not require knowledge or speech. A suspect can be compelled to produce or submit to DNA testing and a fingerprint is no different.

Lock your phone with a secure PIN. Issue solved.

 

[WordsmithMR]

I wonder if the tried to use a finger of the dead bodies of the San Bernardino shooters?

Well, they would have had to thought about this within 48 hours, or before the battery on their phone died... If they even thought about it, they still have to guess which finger... Which I believe my iPhone only allows 3 failed attempts before it asks for the actual passcode.

 

[PBRsg]

Well there you go. Privacy is essentially over, as is our fifth amendment right. Not an advocate for criminals but this slippery slope leads to a lot more than criminal persecution.

Since everyone's entire life is in their phone (contacts, GPS information, browser history, emails, etc.), they will pretty much anyone to unlock every time they are accused of a crime. Something needs to be done about this.

 

[macfacts]

... The only reason the FBI was in the wrong was because they were asking for a master key/Backdoor into every iOS device. This is just for one criminals device. ...

Wrong, that was not what the FBI was asking for and not what the court order asked for.

The court order asked for modifications to be made to iOS. The modifications requested were the following: remove the restriction on max number of password tries before a wipe, add restriction so it can only be installed on the iPhone ID given in the court order, add a new feature; ability to enter passwords over USB wire and over the Internet (iPhone would be in Apple HQ and FBI entering passwords remotely).

When you read people saying all iphones would have a backdoor and would set a precedent, the precedent they meant was all suspected criminals that have a court order against them would have their phone backdoored.

The main difference between this and the other case is the court forcing Apple, someone not involved with the case, to help.

 

[Glideslope]

Actually the judge's ruling made the distinction very clear.
A password requires speech and/or testimony against oneself. It is covered by the 5th.
A fingerprint, just like a DNA sample does not require knowledge or speech. A suspect can be compelled to produce or submit to DNA testing and a fingerprint is no different.

Lock your phone with a secure PIN. Issue solved.

Correct, it's the only way. Custom: 6-10 digit Alphanumeric. Sleep easy.

 

[doelcm82]

Also very interesting is that your fingerprints are captured when you enter US for a non citizen . Fingerprint scanners are not a good form of security, they are a convience

They are a good form of casual security, for many reasons.

• If someone steals your phone (or finds a lost phone), they cannot access the information on it without your fingerprint. You can set up an ICE number in case someone finds your phone and wants to return it, or in case you are in an accident and emergency personnel need to find someone who knows you.
• Unlocking your phone with your finger prevents people from seeing you enter your passcode. You may be observed by one or more security cameras that record you as you enter it.
• As many have pointed out, the fingerprint reader doesn't work after 24 hours, or after you turn off your phone. You have to enter a passcode.

Apple's aim is to provide security that's easy to use, so most customers can set it up and use it with hardly any effort. Before TouchID, many people didn't lock their phones at all, because keying in a passcode every time they want to use the iPhone is just too much of a hassle.

 

[citysnaps]

Since everyone's entire life is in their phone (contacts, GPS information, browser history, emails, etc.), they will pretty much anyone to unlock every time they are accused of a crime. Something needs to be done about this.

Why? If someone is accused of a particular crime, and the arresting authorities can convince a judge that certain information may be contained within a phone and is evidence of and corroborates that crime being committed, causing a judge to sign a court order to search that phone for that information, I don't see what the issue is.

It is no different than searching someone's home, car, wallet, file cabinet, computers, safe deposit box, desk at work, locker, etc when the arresting authorities produce a court search warrant signed by a judge.

 

[doelcm82]

Well, they would have had to thought about this within 48 hours, or before the battery on their phone died... If they even thought about it, they still have to guess which finger... Which I believe my iPhone only allows 3 failed attempts before it asks for the actual passcode.

An iPhone 5C (i.e., the phone from the San Bernardino case) requires a passcode even before the first failed attempt. There is no fingerprint reader on that model.

 

[zorinlynx]

How about an auto-destruct wipe finger.

Say you put your middle finger and all your phones content gets wiped.

That could get you in trouble for destruction of evidence.

Just set a finger so that if you try to use that finger, touch-ID is disabled until you enter the passcode. Accomplishes the same thing without outright destroying the data.

 

[doelcm82]

Why? If someone is accused of a particular crime, and the arresting authorities can convince a judge that certain information may be contained within a phone and is evidence of and corroborates that crime being committed, causing a judge to sign a court order to search that phone for that information, I don't see what the issue is.

It is no different than searching someone's home, car, wallet, file cabinet, computers, safe deposit box, desk at work, locker, etc when the arresting authorities produce a court search warrant signed by a judge.

I don't have a problem with the judge's authority to issue a warrant to search the accused's phone.

But even a warrant to search a suspect's home doesn't guarantee that the authorities will find what they are looking for. There might be a cleverly-disguised floor safe or other hiding place. Or incriminating evidence might exist somewhere else that the authorities don't know about or don't have the authority to access.

If they have a warrant to search a phone and the phone is encrypted in such a way that no one but the suspect has the passcode (or no one alive has it), then the authorities may be out of luck.

In the U.S., much of the Bill of Rights is there mainly to protect the rights of the accused against abuses by the government. (Other countries may have similar provisions or common law traditions that do the same.) Like much of the Constitution, its purpose is to protect against authoritarian mob rule. For the sake of our republic, it is better for some criminals to get away with it than for many innocent people to be incarcerated.

 

[gnasher729]

Even if a cop asked you for your phone and he started thumbing through it, you realize any information they obtain would have been collected illegally. The dumbest public defender who took the bar 8 times while living in his mothers basement would be able to get that evidence thrown out. Secondly, the cop knows he'd have a lawsuit brought upon the city if he ever did that right?

You never know what happens in court. Better not take any risk. And your phone should be switched off in the car anyway

 

[doelcm82]

Up to 48 hours, but the legal system works well at expediting the appeals process (or at least granting injunctions) if there is a short deadline like this. In other words: you won't be able to delay long enough.

It might be long enough, depending on the last time you unlocked your iPhone.
[doublepost=1462221153][/doublepost]

I hope that was meant as a joke, because the FBI would have the last laugh. It would be "destroying evidence", which is a crime in itself, and any jury would be told that they must assume there _was_ evidence on the phone against you.

But your lawyer will also tell the jury that whatever was on your phone that you didn't want revealed could have nothing to do with the case for which you are on trial, and so they cannot consider it.

This might even be true: Whatever you didn't want revealed on the phone might not even be a crime in itself, but protecting it might be worth being found guilty of "destroying evidence".

 

[citysnaps]

I don't have a problem with the judge's authority to issue a warrant to search the accused's phone.

But even a warrant to search a suspect's home doesn't guarantee that the authorities will find what they are looking for. There might be a cleverly-disguised floor safe or other hiding place. Or incriminating evidence might exist somewhere else that the authorities don't know about or don't have the authority to access.

If they have a warrant to search a phone and the phone is encrypted in such a way that no one but the suspect has the passcode (or no one alive has it), then the authorities may be out of luck.

In the U.S., much of the Bill of Rights is there mainly to protect the rights of the accused against abuses by the government. (Other countries may have similar provisions or common law traditions that do the same.) Like much of the Constitution, its purpose is to protect against authoritarian mob rule. For the sake of our republic, it is better for some criminals to get away with it than for many innocent people to be incarcerated.

It goes without saying. It's never a certainty, no matter what the "container" is. It's also possible exculpatory evidence may be found, though that would not happen very often.

 

[ladeer]

pro tip that will make all these moot:
if you are getting pulled over or facing the risk of being arrested, quickly attempt finger print unlocking with a wrong finger 10x. This will guarantee that the phone will not be unlocked by even the correct fingerprint unless a pw is given.

bonus point:
if u don't have the possession of the phone at the time of arrest and later was asked to provide finger print, make sure u wait 24 hrs since last unlock. that will also trigger the pw required prompt

 

[sudo1996]

My Touch ID used to work well, but it's deteriorated over time. I have to very carefully place my finger a certain way and also get lucky; I use my passcode instead now. If they wanted me to unlock my phone, I could probably get away with pretending it won't accept my fingerprint at all.

 

[Anonymous Freak]

So, the lesson is - if you store information your phone that you don't want law enforcement to be able to force out of you, don't register your thumbs or index fingers in TouchID. That way, even if they get the warrant, they'll try your thumbs and index fingers, and when you fail enough times, TouchID will disable. TouchID isn't perfect, so you'd get 2-3 tries on a given finger before they move to another one.

 

[jasnw]

So, the lesson is - if you store information your phone that you don't want law enforcement to be able to force out of you, don't register your thumbs or index fingers in TouchID. That way, even if they get the warrant, they'll try your thumbs and index fingers, and when you fail enough times, TouchID will disable. TouchID isn't perfect, so you'd get 2-3 tries on a given finger before they move to another one.

Or just don't use TouchID at all. Got along without it just fine up to now, and I mostly see it as one more component (software and hardware) to fail. It mainly provides a modicum of security for people whose time is FAR too important to waste time keying in even a four-digit passcode.

 

[MH01]

They are a good form of casual security, for many reasons.

• If someone steals your phone (or finds a lost phone), they cannot access the information on it without your fingerprint. You can set up an ICE number in case someone finds your phone and wants to return it, or in case you are in an accident and emergency personnel need to find someone who knows you.
• Unlocking your phone with your finger prevents people from seeing you enter your passcode. You may be observed by one or more security cameras that record you as you enter it.
• As many have pointed out, the fingerprint reader doesn't work after 24 hours, or after you turn off your phone. You have to enter a passcode.

Apple's aim is to provide security that's easy to use, so most customers can set it up and use it with hardly any effort. Before TouchID, many people didn't lock their phones at all, because keying in a passcode every time they want to use the iPhone is just too much of a hassle.

I'm not sure you can make an assumption that before touchid people did not lock thier phones. I'd go as far as saying that people have not changed thier habits, touchid just make it faster to unlock.

Security and privacy is not a question of how fast you access your machine. I've not seen anyone disable thier password on a Mac cause it did not have a finger scanner as an example.

The need to put in the passcode after 24hrs is a good feature

 

[jca24]

Good, now throw the pos in jail and then deport the pos.

 

[BoneDaddy]

I am a die hard constitutionalist and conservative and I see no issue here. I sure wasn't complaining about getting fingerprinted. This is essentially the same thing. Now trying to force her to giver her passcode would be a huge issue, in my opinion.

The finger print is a convenient and quick way to access your locked phone. It should not be considered to be similar to a safe key, or safe combo. Someone can chop your finger off and gain access to whatever they need the print for. You'd have to be tortured to give up any combo, code, or passphrase.

 

[goobot]

I wonder if the tried to use a finger of the dead bodies of the San Bernardino shooters?

It was a 5C, meaning no Touch ID.

 

[manu chao]

How about an auto-destruct wipe finger.

Say you put your middle finger and all your phones content gets wiped.

Just keep trying the wrong finger until iOS demands your actual password.

Hmmm, just managed to 'wrong finger' my 6s 5 times in about 3 seconds to get to the passcode requirement screen, so it could be possible to screw it up unless the rozzers are on top of their game.

The police aren't stupid. If you are right-handed, there is a very high likelihood that your right thumb and/or index finger is one of 'recorded' fingers. They will thus ensure that you first try these two fingers. There is still some wiggle room in that they don't know whether you 'recorded' the tip of the finger or an area slightly further down. You can also play with the orientation a bit.

If you have a few seconds with the phone before the police have control over your physical movements, shutting down the phone might be the safest option. In this case, however, the phone was taken into custody at a separate location meaning there was no time alone with the phone. In such a situation you can still try to 'sand down' your fingertips a bit. When I do an hour or two of rock climbing (in particular indoors with very grippy surfaces), it takes half a day before the phone will start to recognise my fingerprints again. I have heard from others who were on a week-long (outdoor) climbing trip that it took a week before the phone recognised their fingerprints again.
[doublepost=1462228438][/doublepost]

I'm not sure you can make an assumption that before touchid people did not lock thier phones. I'd go as far as saying that people have not changed thier habits, touchid just make it faster to unlock.

Apple has published numbers of what percentage of iPhone users used a passcode before the introduction of TouchID. If I remember it correctly it was in the order of 15%. They fairly recently published numbers of what percentage of people who have a phone with TouchID have it enabled and that number was about 85%.

 

[Luscious]

with a warrant i see no issue

Agreed. Apple can and should fix this by allowing you to specify a finger that, if used, automatically disables Touch ID and reverts back to requiring the passcode.

Then those who are worried about this could turn that feature on and use a finger or fingers that the authorities aren't likely to suspect to unlock the device.

 

[Renzatic]

pro tip that will make all these moot:
if you are getting pulled over or facing the risk of being arrested, quickly attempt finger print unlocking with a wrong finger 10x. This will guarantee that the phone will not be unlocked by even the correct fingerprint unless a pw is given.

If the circumstances align against you just right, you could end up being charged with tampering with evidence. That could net you jail time, even if the police can't net you on the original charges.

 

[CFreymarc]

If you're arrested for allegedly committing a crime and the courts order you to use your physical key to open a safe deposit box so they can examine the contents, is that legal? It seems like this case would be no different, with a key of a more modern kind being used to access the files.

Pretty much so. If there is a warrant, I have seen old school 2600-era cases debating over this if a person must divulge their password to access an account or decrypt a file. If not, it is considered "hindering an investigation" where the perp must weight that conviction over what the data would show for other incrimination.

One way to counter act is, at the OS level, implementing an "panic password" which already exists in some high security systems. If a user is in a "conscripted and commanded" position out of their free will, instead of entering their regular password, the user enters an alternative password. Upon the alternative password entry, several things can happen. An automatic SOS is sent out from the computer to a network administrator, the data in the account is deleted or some data is concealed and not accessible with this password.

There are some Linux builds that do this already. I have seen some systems with "Defcon passwords" where you have everything from green to red password reflecting normal operation to total destruction of hardware upon the "Defcon Five" password entered. One demo I saw, entering the "Defcon Five password" actually triggered a pre-wired EMP coil to blast in the hard disk wiping out the data physically.

Now move to this to bio-metrics. Most of us have more than one finger. Have one finger for regular entry. Have another finger for the "panic touch id" where the data on the phone is wiped out or some is hidden. Those in the iOS security group in The Loop reading this?