Feds Walk Into A Building. Demand Everyone's Fingerprints To Open Phones

Oct 16, 2016 @ 12:30 PM


Apple phones are just one target of the DoJ’s numerous attempts to force 
suspects to open devices with their fingerprints. (AP Photo/Kiichiro Sato)

In what’s believed to be an unprecedented attempt to bypass the security of 
Apple iPhones, or any smartphone that uses fingerprints to unlock, California’s 
top cops asked to enter a residence and force anyone inside to use their 
biometric information to open their mobile devices.

FORBES found a court filing, dated May 9 2016, in which the Department of 
Justice sought to search a Lancaster, California, property. But there was a 
more remarkable aspect of the search, as pointed out in the memorandum: 
“authorization to depress the fingerprints and thumbprints of every person who 
is located at the SUBJECT PREMISES during the execution of the search and who 
is reasonably believed by law enforcement to be the user of a fingerprint 
sensor-enabled device that is located at the SUBJECT PREMISES and falls within 
the scope of the warrant.” The warrant was not available to the public, nor 
were other documents related to the case.

According to the memorandum, signed off by U.S. attorney for the Central 
District of California Eileen Decker, the government asked for even more than 
just fingerprints: “While the government does not know ahead of time the 
identity of every digital device or fingerprint (or indeed, every other piece 
of evidence) that it will find in the search, it has demonstrated probable 
cause that evidence may exist at the search location, and needs the ability to 
gain access to those devices and maintain that access to search them. For that 
reason, the warrant authorizes the seizure of ‘passwords, encryption keys, and 
other access devices that may be necessary to access the device,’” the document 

Legal experts were shocked at the government’s request. “They want the ability 
to get a warrant on the assumption that they will learn more after they have a 
warrant,” said Marina Medvin of Medvin Law. “Essentially, they are seeking to 
have the ability to convince people to comply by providing their fingerprints 
to law enforcement under the color of law – because of the fact that they 
already have a warrant. They want to leverage this warrant to induce compliance 
by people they decide are suspects later on. This would be an unbelievably 
audacious abuse of power if it were permitted.”

Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation 
(EFF), added: “It’s not enough for a government to just say we have a warrant 
to search this house and therefore this person should unlock their phone. The 
government needs to say specifically what information they expect to find on 
the phone, how that relates to criminal activity and I would argue they need to 
set up a way to access only the information that is relevant to the 

“The warrant has to be particular in how it describes the place to be searched 
and the thing to be seized and limited in scope. That’s why if a government 
suspects criminal activity to be happening on a property and there are 50 
apartments in that property they have to specify which apartment and why and 
what they expect to find there.”

Whilst the DoJ declined to comment, FORBES was able to contact a resident at 
the property in question, but they refused to provide details on the 
investigation. They did, however, indicate the warrant was served. “They should 
have never come to my house,” the person said. (In an attempt to protect the 
residents’ privacy, FORBES has chosen to censor the address from the memorandum 
posted below and concealed their name. But the document is public – search hard 
enough and you’ll find it). “I did not know about it till it was served… my 
family and I are trying to let this pass over because it was embarrassing to us 
and should’ve never happened.” They said neither they nor any relatives living 
at the address had ever been accused of being part of any crime, but declined 
to offer more information.

“We’ve never seen anything like this,” Lynch added. Indeed, the memorandum has 
revealed the first known attempt by the government to acquire fingerprints of 
multiple individuals in a certain location to unlock smartphones.

The document also showed the government isn’t afraid of getting inventive to 
bypass the security of modern smartphones. Faced with growing technical 
difficulties of unlocking phones, the government has sought to find new legal 
measures allowing them easy routes in, hence the All Writs Act order that 
demanded Apple open the iPhone 5C of San Bernardino shooter Syed Rizwan Farook. 
But with Apple refusing to comply with the order, and pushback from the likes 
of Google and Microsoft, cops are increasingly looking to fingerprints as one 
option for searching smartphones.

FORBES revealed earlier this year one of the first-known warrants demanding a 
suspect depress their fingerprints to open an iPhone, filed by Los Angeles 
police in February. This publication also uncovered a case in May where feds 
investigating an alleged sex trafficking racket wanted access to a suspect’s 
iPhone 5S with his fingerprints. Both were ultimately unsuccessful in opening 
the devices.

The Michigan State Police Department had more luck this summer by asking a 
university professor to create a fake fingerprint that could unlock a Samsung 
Galaxy S6. The team, led by Dr. Anil Jain, succeeded. He told FORBES in July 
the same techniques worked on an iPhone 6 and a Samsung S7.

Is it legal?

The memorandum – which specifically named Apple, Samsung, Motorola and HTC as 
manufacturers of fingerprint-based authentication – outlined the government’s 
argument that taking citizens’ fingerprint or thumbprint without permission 
violated neither the Fifth nor Fourth Amendment. In past interpretations of the 
Fifth Amendment, suspects have not been compelled to hand over their passcode 
as it could amount to self-incrimination, but the same protections have not 
been afforded for people’s body data even if the eventual effect is the same. 
Citing a Supreme Court decision in Schmerber v. California, a 1966 case in 
which the police took a suspect’s blood without his consent, the government 
said self-incrimination protections would not apply to the use of a person’s 
“body as evidence when it may be material.”

It also cited Holt v. United States, a 1910 case, and United States v. 
Dionisio, a 1973 case, though it did point to more recent cases, including 
Virginia v. Baust, where the defendant was compelled to provide his fingerprint 
to unlock a device (though Baust did provide his biometric data, it failed to 
open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks 
for the code to be re-entered.).

As for the Fourth, the feds said protections against unreasonable searches did 
not stand up when “the taking of fingerprints is supported by reasonable 
suspicion,” citing 1985′s Hayes v. Florida. Other cases, dated well before the 
advent of smartphones, were used to justify any brief detention that would 
arise from forcing someone to open their device with a fingerprint.

The justifications didn’t wash with Medvin or Lynch. Of the Fourth Amendment 
argument, Medvin said the police don’t have the right to search a person or a 
place in hopes of justifying the search later as reasonable. “That’s not how 
the 4th Amendment works,” Medvin added. “You need to have a reasonable basis 
before you begin the search – that reasonable basis is what allows you to 
search in the first place.”

“The reason I’m so concerned about this … is that it’s so broad in scope and 
the government is relying on these outdated cases to give it access to this 
amazing amount of information… The part the government is ignoring here is the 
vast amount of data that’s on the phone,” Lynch added.

“If this kind of thing became law then there would be nothing to prevent… a 
search of every phone at a certain location.”

Tips and comments are welcome at tfox-brews...@forbes.com or 
tbthomasbrews...@gmail.com for PGP mail. Get me on Twitter @iblametom and 
tfoxbrews...@jabber.hot-chilli.net for Jabber encrypted chat.

It's better to burn out than fade away.

Infowarrior mailing list

Reply via email to