Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint

from the but-it-still-may-not-have-worked dept

Law enforcement is still trying to break into iPhones and still using the All Writs Act to do so. A sex trafficking prosecution involving the ATF has resulted in a suspect being ordered to cough up his, um, fingerprint, in order to allow investigators to access the contents of his phone. Matt Drange of Forbes has more details [caution: here there be ad-blocker blocking]:

Prosecutors hoped that the search, conducted on an iPhone 5s by special agent Jennifer McCarty of the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives, would help them piece together evidence in an alleged sex trafficking case involving a man named Martavious Keys. Keys had the iPhone with him when he was arrested on May 19, according to recently unsealed court filings. A week later, on May 26, prosecutors asked the judge in the case to force Keys to open the device with his fingerprint, unlocking a potential trove of information including emails, text messages, contacts and photos stored on the device that could be used as evidence.

While courts generally agree that a fingerprint is non-testimonial — despite its ability to unlock all sorts of testimonial stuff — there aren’t too many courts willing to extend that coverage to passwords. There are exceptions, of course, but items held in someone’s mind are given a bit more deference than those at their literal fingertips.

And that’s likely why the All Writs-compelled fingerprint access hasn’t allowed the ATF inside Keys’ phone. The feds can force Keys to place his finger on the iPhone screen all they want, but it likely won’t unlock the device. Apple’s security requires a passcode as well as a fingerprint if it’s been more than 48 hours since the phone was last unlocked. The time elapsed between when the phone was seized and the order obtained for Keys’ fingerprint added another layer of security to the phone — one not so easily defeated with All Writs orders.

Keys is no one’s idea of a sympathetic party. He allegedly forced two teen girls, aged 14 and 15, to have sex with men for several hours a day by drugging them into submission. Whether or not his phone contained more evidence is unknown. It’s unclear from the recently unsealed documents whether federal investigators found another way into the device after the application of Keys’ fingerprint failed to unlock the phone.

And that’s sort of a problem. The government is using All Writs orders for a great many things these days, often during sealed cases and with little to no transparency. The fact that Congress apparently authorized this as a fill-in for things warrants couldn’t necessarily reach has made the use of All Writs requests both indispensable and easily-abused. The fact that Congress authorized this in 1789 — with no conceivable idea of the form “papers” would take over the next 200+ years — usually seems to work in the government’s favor.

A bit more transparency would go a long way to assuage concerns about abuse, but overuse/abuse of the 1789 Act is likely the reason there isn’t more transparency. If the court decides it’s going to compel Keys to turn over his passcode as well (assuming the phone hasn’t already been cracked), at least it won’t have to toss him in jail if he doesn’t. Keys is already behind bars awaiting trial for his sex trafficking indictment. On one hand, that lowers the coercive value of imprisonment. On the other hand — if he refuses and is hit with a contempt order — he’ll remain in jail indefinitely, even without having been found guilty of anything more than contempt of court.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint”

Subscribe: RSS Leave a comment
27 Comments
Anonymoussays:

?Keys is no one’s idea of a sympathetic party.?

Much like the whole ?free speech? issue, you might find yourself defending some horrible people when you stake out a position on a subject like this. But in the same vein as ?defending odious speech?, defending horrible people from abuses of law is important. The law should (in theory) treat its worst offenders no differently than innocent people. If we can?t expect the law to protect the rights of criminals, how can we trust the law to protect the rights of innocents?

Keys might not be sympathetic, but he deserves the same protections of law as anyone else.

Anonymoussays:

Wouldn’t knowing which finger will unlock the phone be “in his mind” like a passcode? Shouldn’t his lawyer be asking for clarification as to which finger(s) he is being compelled to use so he’s not hit with more charges for using the wrong one(s)? I’m assuming there’s a limit to the number of failed attempts at this.

Rapnelsays:

I understand the argument but I think it’s quite a stretch.

When asked to point to the person in the room that I saw commit the crime I speak with my finger.

I can sign.

A fingerprint in this application is speaking. You telling your phone to unlock is no different speaking your mind – with your voice, your finger, your face, your pin or any other mechanism requiring your person or parts thereof.

The act of unlocking the thing is speaking. In this case, or others like it, this is potentially self-incriminating speech by any reasonable standard, imo.

Anonymoussays:

Re: Re: Stop using fingerprints

Depends on your adversary.
If they can force your finger into the scanner then yes that’s a bad form of authentication.

For me I’m mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.

I would like to see additional ways to authenticate such as finger print combinations like index, middle, pinky, pinky.

John Fendersonsays:

Re: Re: Re: Re: Stop using fingerprints

“For me I’m mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.”

I suppose so, but it’s pretty easy to lift a print and reproduce such that the scanner is fooled. Your print might be on the touch screen of the phone itself.

Personally, I find this an inadequate amount of security, considering the sensitive nature of the data that phones tend to accumulate. The odds may be low of a breach, but the consequences could be high. I’d prefer a slightly less convenient, but much more secure, method such as a long PIN.

But I do believe that the answer to “how secure should I be” is a very individual one, and so my preference isn’t relevant to you.

I just worry that, particularly with fingerprint scanners, people tend to overestimate their security and might make different choices if they understood.

Anonymoussays:

The All-Writs act is older than the Bill of Rights

The All Writs Act (1789) was passed during that time that predates the Bill of Rights (1792), and may be held up as an example of the time of tyranny that the Bill of Rights was intended to curb. It is hard to understand how an old, ordinary law, older than the Bill of Rights, could be interpreted as having a higher priority an amendment to the consitution that was passed after it.

Anonymoussays:

ad blocking

Hrm. Via NoScript and Firefox, I permitted forbes.com and forbesimg.com (and nothing else) and had no problem.

Still, if you don’t permit those two, the site is nonfunctional. Still poor (IMO) design, requiring Javascript to allow any functionality. It’s as if they created a site using a Flash engine….

Rekrulsays:

Re: Re: Re: Re: ad blocking

If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.

I don’t know about trackers, but I have most advertising blocked with a large Hosts file that directs all connections to advertising servers to 0.0.0.0. I also have Flash blocked unless I allow it. I was able to read the Forbes story without any problem. I have encountered other sites though, which won’t allow me to see the site as long as Firefox can’t connect to the advertising servers.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow