Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint
from the but-it-still-may-not-have-worked dept
Law enforcement is still trying to break into iPhones and still using the All Writs Act to do so. A sex trafficking prosecution involving the ATF has resulted in a suspect being ordered to cough up his, um, fingerprint, in order to allow investigators to access the contents of his phone. Matt Drange of Forbes has more details [caution: here there be ad-blocker blocking]:
Prosecutors hoped that the search, conducted on an iPhone 5s by special agent Jennifer McCarty of the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives, would help them piece together evidence in an alleged sex trafficking case involving a man named Martavious Keys. Keys had the iPhone with him when he was arrested on May 19, according to recently unsealed court filings. A week later, on May 26, prosecutors asked the judge in the case to force Keys to open the device with his fingerprint, unlocking a potential trove of information including emails, text messages, contacts and photos stored on the device that could be used as evidence.
While courts generally agree that a fingerprint is non-testimonial — despite its ability to unlock all sorts of testimonial stuff — there aren’t too many courts willing to extend that coverage to passwords. There are exceptions, of course, but items held in someone’s mind are given a bit more deference than those at their literal fingertips.
And that’s likely why the All Writs-compelled fingerprint access hasn’t allowed the ATF inside Keys’ phone. The feds can force Keys to place his finger on the iPhone screen all they want, but it likely won’t unlock the device. Apple’s security requires a passcode as well as a fingerprint if it’s been more than 48 hours since the phone was last unlocked. The time elapsed between when the phone was seized and the order obtained for Keys’ fingerprint added another layer of security to the phone — one not so easily defeated with All Writs orders.
Keys is no one’s idea of a sympathetic party. He allegedly forced two teen girls, aged 14 and 15, to have sex with men for several hours a day by drugging them into submission. Whether or not his phone contained more evidence is unknown. It’s unclear from the recently unsealed documents whether federal investigators found another way into the device after the application of Keys’ fingerprint failed to unlock the phone.
And that’s sort of a problem. The government is using All Writs orders for a great many things these days, often during sealed cases and with little to no transparency. The fact that Congress apparently authorized this as a fill-in for things warrants couldn’t necessarily reach has made the use of All Writs requests both indispensable and easily-abused. The fact that Congress authorized this in 1789 — with no conceivable idea of the form “papers” would take over the next 200+ years — usually seems to work in the government’s favor.
A bit more transparency would go a long way to assuage concerns about abuse, but overuse/abuse of the 1789 Act is likely the reason there isn’t more transparency. If the court decides it’s going to compel Keys to turn over his passcode as well (assuming the phone hasn’t already been cracked), at least it won’t have to toss him in jail if he doesn’t. Keys is already behind bars awaiting trial for his sex trafficking indictment. On one hand, that lowers the coercive value of imprisonment. On the other hand — if he refuses and is hit with a contempt order — he’ll remain in jail indefinitely, even without having been found guilty of anything more than contempt of court.
Filed Under: all writs act, encryption, fingerprint, phones, unlock
Comments on “Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint”
“Keys is no one’s idea of a sympathetic party.”
Much like the whole “free speech” issue, you might find yourself defending some horrible people when you stake out a position on a subject like this. But in the same vein as “defending odious speech”, defending horrible people from abuses of law is important. The law should (in theory) treat its worst offenders no differently than innocent people. If we can’t expect the law to protect the rights of criminals, how can we trust the law to protect the rights of innocents?
Keys might not be sympathetic, but he deserves the same protections of law as anyone else.
Re: Re:
Larry Flynt was no one’s idea of a sympathetic party, either, but he did some great things in support of the 1st Amendment. Just because he’s a douchebag doesn’t mean he is less deserving of a strong 4th and 5th Amendment.
Re: Re:
No sh*t, that was his point.
Re: Re: Re:
You’d be surprised how many times people have to hear that kind of sentiment before they actually get the point—if they ever get it at all.
Wouldn’t knowing which finger will unlock the phone be “in his mind” like a passcode? Shouldn’t his lawyer be asking for clarification as to which finger(s) he is being compelled to use so he’s not hit with more charges for using the wrong one(s)? I’m assuming there’s a limit to the number of failed attempts at this.
Even with the finger made available to them, it is still law enforcement’s problem to figure out which direction to swipe. That knowledge is of the mind.
Fingerprints are good as a username, not as a single factor-password.
I forsee middle finger swipe-to-wipe-device functionality becoming a popular feature.
I understand the argument but I think it’s quite a stretch.
When asked to point to the person in the room that I saw commit the crime I speak with my finger.
I can sign.
A fingerprint in this application is speaking. You telling your phone to unlock is no different speaking your mind – with your voice, your finger, your face, your pin or any other mechanism requiring your person or parts thereof.
The act of unlocking the thing is speaking. In this case, or others like it, this is potentially self-incriminating speech by any reasonable standard, imo.
Stop using fingerprints
Using fingerprint scanning for authentication is a security disaster. Stop doing it.
Re: Stop using fingerprints
Depends on your adversary.
If they can force your finger into the scanner then yes that’s a bad form of authentication.
For me I’m mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.
I would like to see additional ways to authenticate such as finger print combinations like index, middle, pinky, pinky.
Re: Re: Stop using fingerprints
“For me I’m mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.”
I suppose so, but it’s pretty easy to lift a print and reproduce such that the scanner is fooled. Your print might be on the touch screen of the phone itself.
Personally, I find this an inadequate amount of security, considering the sensitive nature of the data that phones tend to accumulate. The odds may be low of a breach, but the consequences could be high. I’d prefer a slightly less convenient, but much more secure, method such as a long PIN.
But I do believe that the answer to “how secure should I be” is a very individual one, and so my preference isn’t relevant to you.
I just worry that, particularly with fingerprint scanners, people tend to overestimate their security and might make different choices if they understood.
Re: Re: Stop using fingerprints
If he used his middle finger,
would it be contempt of court?
The All-Writs act is older than the Bill of Rights
The All Writs Act (1789) was passed during that time that predates the Bill of Rights (1792), and may be held up as an example of the time of tyranny that the Bill of Rights was intended to curb. It is hard to understand how an old, ordinary law, older than the Bill of Rights, could be interpreted as having a higher priority an amendment to the consitution that was passed after it.
Re: The All-Writs act is older than the Bill of Rights
It is hard to understand how an old, ordinary law, older than the Bill of Rights, could be interpreted as having a higher priority an amendment to the consitution that was passed after it.
Is there a court that declared that?
the problem is while the man is scum we know where this leads to thanks to history.
A corrupt government will abuse all its powers and continue to demand more and more while using those powers to go after anyone it doesn’t like even if they are innocent of any crimes.
Time may stand still
What mechanism is Apple using to count 48 hours? If it’s purely clock based, I imagine a stingray device could continually feed the wrong time to the phone until such time the fingerprint is provided.
They've already got the alleged perp's prints;
just print them out & hold them up to the phone.
Duh!
ad blocking
Hrm. Via NoScript and Firefox, I permitted forbes.com and forbesimg.com (and nothing else) and had no problem.
Still, if you don’t permit those two, the site is nonfunctional. Still poor (IMO) design, requiring Javascript to allow any functionality. It’s as if they created a site using a Flash engine….
Re: ad blocking
That’s not surprising.
If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.
Re: Re: ad blocking
I don’t know about trackers, but I have most advertising blocked with a large Hosts file that directs all connections to advertising servers to 0.0.0.0. I also have Flash blocked unless I allow it. I was able to read the Forbes story without any problem. I have encountered other sites though, which won’t allow me to see the site as long as Firefox can’t connect to the advertising servers.
Re: ad blocking
That’s not surprising.
If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.
Re: ad blocking
That’s a change in their design. Only a few months ago, the site worked just fine without allowing special exceptions.
What we need is phones with multiple, user-selectable authentication methods. Like being able to choose two fingerprints to use to unlock it, but without any indication from the phone that more than one print is required. Or multiple passwords. Or a password that corrupts the contents while looking like it unlocked it normally.
Feature request please
Anyone working on mobile phone locking software, please consider adding a duress passcode separate from the real passcode that would open the device with only some generic data included and simultaneously erase/invalidate all other data on the phone.
Re: Feature request please
That is actually the best idea I’ve heard all year. It would certainly put a stop to all this all writs B.S. in a hurry.
Whoever writes it, the ACLU and the EFF should buy them free beer for the rest of their lives.