Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,365
35,440



Law enforcement officials can't force smartphone users to unlock their devices using fingerprints or other biometric features such as facial recognition, according to a Northern California court ruling from last week.

The ruling, which was shared this morning by Forbes, was the result of an Oakland investigation into possible extortion. Police officers asked the court for permission to seize multiple devices and then compel the suspects to unlock the devices using biometric authentication.

faceidangle-800x644.jpg

The court said that there was indeed probable cause to grant a search warrant, but that it was denied because the request to force the suspects to unlock their devices using biometric authentication "funs afoul of the Fourth and Fifth Amendments." From the ruling:
The Government, however, also seeks the authority to compel any individual present at the time of the search to press a finger (including a thumb) or utilize other biometric features, such as facial or iris recognition, for the purposes of unlocking the digital devices found in order to permit a search of the contents as authorized by the search warrant.

For the reasons set forth below, the Court finds that the Government's request funs afoul of the Fourth and Fifth Amendments and the search warrant application must be DENIED.
In further analysis, the court equated biometric authentication to a passcode rather than something like submitting to a DNA swab. It has been previously established that under the Fifth Amendment, a suspect cannot be compelled to provide the passcode of a device.

Biometric features like Touch ID and Face ID, said the court, serve the same purpose as a passcode, securing the owner's content, "pragmatically rendering them functionally equivalent."

The ruling also made an interesting point about the urgency with which law enforcement officials attempt to get a suspect to unlock a device biometrically, because after a device is passcode locked (iPhones will passcode lock after a short period without a biometric unlock), the government can't compel a person to enter the passcode. This urgency essentially confirms that a passcode and a biometric lock are one and the same.
This urgency appears to be rooted in the Government's inability to compel the production of the passcode under the current jurisprudence. It follows, however, that if a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one's finger, thumb, iris, face, or other biometric feature to unlock that same device.
Biometric authentication measures have been a hotly debated topic, and previous rulings have suggested that Touch ID and Face ID are not equivalent to a passcode, though most rulings have pertained to Touch ID as Face ID is newer.

This has allowed law enforcement to force suspects to unlock their iPhones and other devices using biometric authentication. In October, for example, the FBI was able to force a man accused of child abuse to unlock his iPhone using Face ID.

The California court's most recent ruling could potentially have an impact on future court cases of this type, perhaps putting an end to the practice of forced biometric smartphone unlocking and the belief that a passcode is not equivalent to a biometric lock.

For now, though, Apple has implemented a method to quickly and temporarily disable Touch ID and Face ID by pressing on the side button of recent iPhones five times in quick succession.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Police Can't Force You to Unlock an iPhone Using Face ID or Touch ID, California Judge Rules
 
  • Like
Reactions: zuiram and hulugu
This issue is now officially all over the map. Previously, biometrics were not regarded as "testimony", as passwords were by at least some courts in the U.S. This judge disagrees. Cue the Supremes.
 
Just prepare for a looooong detention if refusing to open your phone when requested by law enforcement.
 
  • Like
Reactions: Huck
the distinction between entering a passcode to unlock, and, using any biometric to unlock (face or finger) has been ridiculously insane for any court to upheld.

loving both california and new york!
 
This issue is now officially all over the map. Previously, biometrics were not regarded as "testimony", as passwords were by at least some courts in the U.S. This judge disagrees. Cue the Supremes.
Previously it was ‘something you know’ is protected, like a password, but ‘something you have’ is not, like a face.
 
Previously it was ‘something you know’ is protected, like a password, but ‘something you have’ is not, like a face.

It would be like this:

Something you are (biometrics)
Something you know (password)
something you have (token or cipher)

For complete security, you could use all three, and even be able to give up two of them. But as long as they don't have the 3rd, you'd still be secure. Case in point:

If you had a mechanism in place where you needed to supply the something you have, you can refuse and be protected. For example, let's say your password was flight number of a flight you recently took. If they forced you to give up your fingerprint for TouchID (something you are), refused to give them your password (something you know) and even gave them the flight schedules for every flight that airline makes (something you have), they still have to figure out what it is from that cipher that makes up your password, still leaving you secure; and on top of that, just because the flight number is there doesn't mean that your password is there.

So right now, they could force you to supply one of the three above (two, with a warrant) still leaving you secure. This ruling now makes it so they can't force that one, and could get one with a warrant (the something you have).

BTW, OP: I should report this thread, as there is already one here, posted earlier than yours. ;) :D

BL.
 
Very happy to see this. I agree this will almost certainly be appealed and it is anyone's guess what SCOTUS will do with it. Privacy issues are one area where traditional "Left / Right" dividing lines sometimes blur. Now, if a judge would just hand down a similar ruling on all the mobile devices being searched / cloned / confiscated by people re-entering the country after foreign travel.
 
The basis of the denial was that the police wanted to unlock all the phones found at the residence, not just the phones belonging to two people in question ie: the request was too broad. Once the scope of the request was narrowed to the phones belonging to the people in question then the actual issue of whether biometric security is protected will be adjudicated.
 
Just prepare for a looooong detention if refusing to open your phone when requested by law enforcement.

I don’t care. Give them 3 fake passwords until the phone got deleted automatically. No proof no crime dude because the right of the people 2 b secure in their papers and effects against unreasonable searches and seizures shall not be violated and no warrants shall issue you know what i mean? Ill b free in 5 minutes just like that
 
  • Like
Reactions: miniyou64
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.