Feds Finally Get Around To Using Someone's Face To Unlock Their Cellphone

from the FaceTime:-FBI-Edition dept

The only surprise about this is that it took this long to happen.

A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect’s iPhone. That’s by any police agency anywhere in the world, not just in America.

It happened on August 10, when the FBI searched the house of 28-year-old Grant Michalski, a Columbus, Ohio, resident who would later that month be charged with receiving and possessing child pornography. With a search warrant in hand, a federal investigator told Michalski to put his face in front of the phone, which he duly did. That allowed the agent to pick through the suspect’s online chats, photos and whatever else he deemed worthy of investigation.

This won’t become a Fifth Amendment test case for several reasons.

First, Michalski apparently consented to the search by using his face to unlock the phone. If this was as voluntary as it appears, it pretty much eliminates a Constitutional challenge.

Beyond that, it’s unlikely a court would find someone’s face testimonial. For the most part, courts haven’t found fingerprints to be testimonial, even if the application of a fingerprint leads directly to the production of evidence to be used against the phone’s owner.

The “foregone conclusion” argument would only require law enforcement prove the phone belongs to the person they’re asking to unlock it — information easily acquired with a subpoena from the service provider.

Even if all these hurdles could be jumped, actions taken by the investigating agent pretty much eliminated any evidence the defendant might have challenged, as Forbes’ Thomas Brewster reports.

Whilst Knight may’ve found some evidence of criminal activity when he manually searched the device, in one respect the forced Face ID unlock of the iPhone X was a failure. It wasn’t possible to siphon off all the data within using forensic technologies. That was because the passcode was unknown.

In modern iPhones, to hook the cellphone up to a computer and transfer files or data between the two, the passcode is required if the device has been locked for an hour or more. And forensic technologies, which can draw out far more information at speed than can be done manually, need the iPhone to connect to a computer.

It appears Knight didn’t keep the device open long enough and so couldn’t start pulling out data with forensic kits. He admitted he wasn’t able to get all the information he wanted, including app use and deleted files. What Knight did get he documented by taking pictures.

Michalski’s lawyer confirms in a comment to Forbes there’s been no evidence produced from the unlocked iPhone, leaving him nothing to challenge in court.

Even if this case is a wash in terms of Constitutional challenges, that doesn’t mean the status quo will remain unchanged as more phone manufacturers move towards biometric-based security features. Courts may recognize — as they have with smartphones and cell location data — that old assumptions about privacy and presumed government access are no longer valid in a world almost wholly reliant on portable devices filled to the brim with personal data and documents.

Filed Under: , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Feds Finally Get Around To Using Someone's Face To Unlock Their Cellphone”

Subscribe: RSS Leave a comment
zarprime (profile) says:

I have a stupid question...

So the whole problem is that a face or a fingerprint, or even a passcode on a phone isn’t “testimony” and so the 5th Amendment doesn’t factor in. So what happens if my passphrase for unlocking my phone is “I robbed a bank”? I suppose if they let me type it in and didn’t see what it was then it wouldn’t be an incriminating statement, but what if I had to say it aloud, or if they wanted to type it in themselves (so I couldn’t do it incorrectly several times and lock up the phone)?

Anonymous Coward says:

Re: I have a stupid question...

Because a password is just a password and NOT a statement even if its appearance is equivalent to that of a statement.

If you want protection from decryption orders by a judge you must introduce a system before hand that automatically destroys data as part of its regular every days cycle.

For example, require that a USB key you posses be presented to an encrypted system at least once per day or it changes encryption keys regardless of if it is attached or not. Justice works slowly you will be in jail and if your system AND encryption device changes keys apart from each other then you are safe.

Like a dead mans switch. As long as this process is enshrined in your daily routine then you are free of criminal charges of evidence tampering unless such evidence already meets laws the require you to keep it for x amount of time. It is not your fault if the police throw you in jail preventing you from performing the daily requirement of key encryption recovery.

Not only that but you should most certainly keep a shadow partition filled with even more critical data so that nothing looks amiss under forensic scrutiny. There are many ways to keep your data secure. Fake profiles is one simplified example of this.

Bergman (profile) says:

Re: Re: I have a stupid question...

You could also use a longer password, and if you’re feeling cute, make it a confession to what you are trying to hide. A password of “BlueFlower013” is not testimonial. But securing evidence of an armed robbery behind “I committed robbery on that day at that time against that person” is a confession to that crime.

Any confession is testimonial.

ECA (profile) says:

Re: Re: Re: I have a stupid question...

Could also use…
multiple passwords..1 open the phone, the other simple ones, Erase data..corrupt the phone..

Or open different sections of the phone, safe, and Private sections..

dongles are nice, but dongles get lost. OR left in the device.

What would be Neat, is a skin tag, that has a mag signature to open the phone..and only YOU know on what part of the body to use it.

Nathan F (profile) says:

So in a future case, what exactly is stopping the police from sitting a suspect down, holding the phone up to get his face to unlock it and then proceeding. The suspect doesn’t have to do anything, just sit there (unlike swiping his finger over a sensor). If providing a biometric like a fingerprint or face isn’t testimonial would there even be a 4th or 5th amendment breach?

Michael Long (profile) says:


For those unaware, on the new iPhone OS’s, squeezing the sleep/wake button and the lower volume button for a couple of seconds will lock the phone such that a passcode is required to open it.

If at all possible, I’d do this before (or while) having to hand the phone over, and I’d definitely do it before hitting a TSA or Homeland security checkpoint.

It’s gotten to the point where some people recommend traveling with a burner phone that has a minimum amount of personal information contained within it.

Anonymous Coward says:

Re: Protection

Lots of folks have pointed this option out but IMHO the execution of the act will be hit or miss.

I get where Apple was going with how Face-ID works. The camera catches your eyes, recognizes your face and unlocks the phone in next to no time, that’s pretty handy. Just the execution wasn’t well thought out.

The ‘Fix’ should be to add a voice command prompt to complete the unlock. Nothing extraordinary, just the basics: Open/Unlock; Shutdown/Restart; SOS; LOCK. If I were Apple I’d probably throw in voice print recognition to the owner just for an extra layer of security.

Coyne Tibbets (profile) says:

Submission versus consent

First, Michalski apparently consented to the search by using his face to unlock the phone. If this was as voluntary as it appears, it pretty much eliminates a Constitutional challenge.

Was it truly consent? Or just submission to authority?

When held at gunpoint by a mugger and one voluntarily gives over one’s money, that does not imply consent.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...