DOJ Uses Vague Court Request to Try to Demand People Unlock Any Fingerprint-Locked Phones
Amid debate over encryption access, feds try to just sneak right through.
Fun fact about fingerprint lock "Touch ID" system on iPhones or iPads: If its owner hasn't unlocked his or her device in the past 48 hours, it reverts back to a passcode system. This means if a phone gets, for example, seized by authorities of some sort and locked away, there's a window through which they can physically make its owner unlock it before they have to get a numerical passcode.
That may explain why, in a federal warrant uncovered by Forbes' Thomas Fox-Brewster, the Department of Justice attempted to get a judge's permission to attempt to force people to unlock any Touch ID-locked phones at the scene of the search itself.
This was a search of a home in Lancaster, California, last May, and while Fox-Brewster wasn't able to get his hands on the warrant itself, he was able to track down a very particular and concerning request. The Department of Justice wanted:
"authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant."
To simplify, the Department of Justice wanted to force anybody on scene with a fingerprint-locked phone or tablet to open it then and right there so they could review the contents.
There's two issues here: One, can authorities force somebody to provide a thumbprint to unlock a phone; two, even if they can, can the authorities just demand access to every device connected to a search scene without any proof it's connected to any crime?
For the first question, so far judges have been inclined to allow authorities to provide a thumbprint and do not believe this violates Fifth Amendment protections against self-incrimination. At least that's how things stand so far.
As for the second question, based on the vagueness of the memo, legal scholars were not impressed:
"They want the ability to get a warrant on the assumption that they will learn more after they have a warrant," said Marina Medvin of Medvin Law. "Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law – because of the fact that they already have a warrant. They want to leverage this warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse of power if it were permitted."
Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation (EFF), added: "It's not enough for a government to just say we have a warrant to search this house and therefore this person should unlock their phone. The government needs to say specifically what information they expect to find on the phone, how that relates to criminal activity and I would argue they need to set up a way to access only the information that is relevant to the investigation.
But we don't know exactly what was in the warrant so we don't know how specific the request was. Forbes tracked down the recipients of the warrant to determine that it was indeed served, but they wouldn't say much other than to say that nobody there had been accused of involvement in a crime.
Assuming they're telling the truth, the Justice Department's behavior is even more of a concern, because they used the vaguest possible justifications to try to access private data on devices that may have had absolutely no connection with any sort of crime. And we don't know how many times the Department of Justice (or another law enforcement agency) has attempted this method. Or even whether they succeeded. But it does make it clear that the federal government is going to quietly do whatever they can to get around private data security unless they're told otherwise by judges.
Read the memo over at Forbes here.