While authorities can't search for data on your cellphone without a warrant, once they've obtained that warrant they can force you to unlock your device with your fingerprint if you use biometric security, a magistrate in California recently ruled.
U.S. Magistrate Judge Alicia Rosenberg approved a request by the Federal Bureau of Investigation (FBI) to order a suspect to unlock her Apple iPhone with her finger, according to a report published Saturday in the Los Angeles Times. The case raises questions about whether such an order violates a person's rights against self-incrimination guaranteed under the Fifth Amendment to the U.S. Constitution.
However, some legal analysts say a fingerprint is not protected in the same way as, for example, a personal passcode. Court precedents have held that fingerprints are identifying information rather than testimonial communications that would be protected against self-incrimination.
"Apple's fingerprint sensor, known as Touch ID, is installed on phones and tablets rolled out after 2013, and the optional feature has a narrow window during which it is viable for an investigator," the LA Times noted. "The Touch ID biometric reader cannot be used if the phone has not been unlocked for 48 hours. If a phone is restarted, or goes beyond the 48-hour window, only a passcode can open it."
Fingerprint Order Part of 'Ongoing Investigation'
In this latest example of the FBI attempting to access information on an iPhone as part of a criminal investigation, Rosenberg approved the order requiring Paytsar Bkhchadzhyan to unlock her device with a fingerprint. Bkhchadzhyan, 29, who is described as "the girlfriend of an alleged Armenian gang member," had been taken into custody as part of an ongoing investigation.
"Why authorities wanted Bkhchadzhyan to unlock the phone is unclear," the Los Angeles Times reported. "The phone was seized from a Glendale residence linked to Sevak Mesrobian, who according to a probation report was Bkhchadzhyan's boyfriend and a member of the Armenian Power gang with the moniker of '40.' Asst. U.S. Atty. Vicki Chou said the search was part of an ongoing probe. She declined further comment."
Bkhchadzhyan was charged with a felony, identity theft, and pleaded no contest. She was sentenced on February 25. The news article added that other court documents related to the investigation have been sealed.
Cellphone Security Legal Issues 'Complicated'
Alan Butler, senior counsel with the Electronic Privacy Information Center, told us the legal issues surrounding this latest case are complicated and raise issues about Fifth Amendment rights as well as Fourth Amendment privacy rights.
On the issue of protection against self-incrimination, Butler said, "Courts have found that this privilege only applies to acts that are 'testimonial or communicative' in nature. So it can't be used, for example, to defend against a request for a blood or DNA sample or other physical evidence. This analysis gets complicated when passwords and other encryption keys are involved. Courts have traditionally allowed orders that require the production of a physical key, but not orders that have required the production of the combination for a lock."
In the case of cellphones, legal rulings haven't yet fully resolved "which passwords and unlocking actions can be legally compelled, and which ones will be protected under the Fifth Amendment," Butler said. Considering the wealth of sensitive information contained on cellphones, courts should strictly limit these types of searches, he added.
In another recent case involving an iPhone connected to a criminal investigation, reports emerged last month that the FBI paid "gray-hat" hackers more than $1.3 million for a zero-day vulnerability that enabled the agency to break into an iPhone 5C that had been used by Syed Rizwan Farook.
Farook and his wife, Tashfeen Malik, carried out a December 2 shooting in San Bernardino that left 14 people dead. The pair was shot dead by police later that day. The FBI has not revealed information to Apple regarding the vulnerability it exploited to access that device.
Read more on: Apple
, Touch ID
, Zero Day
, Customer Data
, Data Security
, San Bernardino
, Tech News
Posted: 2016-05-16 @ 7:37am PT
The funny thing is that after the order was produced, she complied. And it didn't unlock the phone. They used all ten fingers, and it didn't unlock the phone. IT WASN'T HER PHONE.
Personally, my phone requires a passcode: my finger unlocks iBooks and Amazon and a couple of other apps, but not the phone itself.