Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint

from the but-it-still-may-not-have-worked dept

Law enforcement is still trying to break into iPhones and still using the All Writs Act to do so. A sex trafficking prosecution involving the ATF has resulted in a suspect being ordered to cough up his, um, fingerprint, in order to allow investigators to access the contents of his phone. Matt Drange of Forbes has more details [caution: here there be ad-blocker blocking]:

Prosecutors hoped that the search, conducted on an iPhone 5s by special agent Jennifer McCarty of the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives, would help them piece together evidence in an alleged sex trafficking case involving a man named Martavious Keys. Keys had the iPhone with him when he was arrested on May 19, according to recently unsealed court filings. A week later, on May 26, prosecutors asked the judge in the case to force Keys to open the device with his fingerprint, unlocking a potential trove of information including emails, text messages, contacts and photos stored on the device that could be used as evidence.

While courts generally agree that a fingerprint is non-testimonial -- despite its ability to unlock all sorts of testimonial stuff -- there aren't too many courts willing to extend that coverage to passwords. There are exceptions, of course, but items held in someone's mind are given a bit more deference than those at their literal fingertips.

And that's likely why the All Writs-compelled fingerprint access hasn't allowed the ATF inside Keys' phone. The feds can force Keys to place his finger on the iPhone screen all they want, but it likely won't unlock the device. Apple's security requires a passcode as well as a fingerprint if it's been more than 48 hours since the phone was last unlocked. The time elapsed between when the phone was seized and the order obtained for Keys' fingerprint added another layer of security to the phone -- one not so easily defeated with All Writs orders.

Keys is no one's idea of a sympathetic party. He allegedly forced two teen girls, aged 14 and 15, to have sex with men for several hours a day by drugging them into submission. Whether or not his phone contained more evidence is unknown. It's unclear from the recently unsealed documents whether federal investigators found another way into the device after the application of Keys' fingerprint failed to unlock the phone.

And that's sort of a problem. The government is using All Writs orders for a great many things these days, often during sealed cases and with little to no transparency. The fact that Congress apparently authorized this as a fill-in for things warrants couldn't necessarily reach has made the use of All Writs requests both indispensable and easily-abused. The fact that Congress authorized this in 1789 -- with no conceivable idea of the form "papers" would take over the next 200+ years -- usually seems to work in the government's favor.

A bit more transparency would go a long way to assuage concerns about abuse, but overuse/abuse of the 1789 Act is likely the reason there isn't more transparency. If the court decides it's going to compel Keys to turn over his passcode as well (assuming the phone hasn't already been cracked), at least it won't have to toss him in jail if he doesn't. Keys is already behind bars awaiting trial for his sex trafficking indictment. On one hand, that lowers the coercive value of imprisonment. On the other hand -- if he refuses and is hit with a contempt order -- he'll remain in jail indefinitely, even without having been found guilty of anything more than contempt of court.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Jul 2016 @ 1:17pm

    “Keys is no one's idea of a sympathetic party.”

    Much like the whole “free speech” issue, you might find yourself defending some horrible people when you stake out a position on a subject like this. But in the same vein as “defending odious speech”, defending horrible people from abuses of law is important. The law should (in theory) treat its worst offenders no differently than innocent people. If we can’t expect the law to protect the rights of criminals, how can we trust the law to protect the rights of innocents?

    Keys might not be sympathetic, but he deserves the same protections of law as anyone else.

    reply to this | link to this | view in chronology ]

    • identicon
      David, 27 Jul 2016 @ 1:21pm

      Re:

      Larry Flynt was no one's idea of a sympathetic party, either, but he did some great things in support of the 1st Amendment. Just because he's a douchebag doesn't mean he is less deserving of a strong 4th and 5th Amendment.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jul 2016 @ 1:22pm

      Re:

      No sh*t, that was his point.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jul 2016 @ 3:57pm

        Re: Re:

        You’d be surprised how many times people have to hear that kind of sentiment before they actually get the point—if they ever get it at all.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 2:18pm

    Wouldn't knowing which finger will unlock the phone be "in his mind" like a passcode? Shouldn't his lawyer be asking for clarification as to which finger(s) he is being compelled to use so he's not hit with more charges for using the wrong one(s)? I'm assuming there's a limit to the number of failed attempts at this.

    reply to this | link to this | view in chronology ]

  • icon
    Todd Shore (profile), 27 Jul 2016 @ 2:18pm

    Even with the finger made available to them, it is still law enforcement's problem to figure out which direction to swipe. That knowledge is of the mind.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 2:56pm

    Fingerprints are good as a username, not as a single factor-password.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 2:58pm

    I forsee middle finger swipe-to-wipe-device functionality becoming a popular feature.

    reply to this | link to this | view in chronology ]

  • icon
    Rapnel (profile), 27 Jul 2016 @ 4:13pm

    I understand the argument but I think it's quite a stretch.

    When asked to point to the person in the room that I saw commit the crime I speak with my finger.

    I can sign.

    A fingerprint in this application is speaking. You telling your phone to unlock is no different speaking your mind - with your voice, your finger, your face, your pin or any other mechanism requiring your person or parts thereof.

    The act of unlocking the thing is speaking. In this case, or others like it, this is potentially self-incriminating speech by any reasonable standard, imo.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 27 Jul 2016 @ 4:26pm

    Stop using fingerprints

    Using fingerprint scanning for authentication is a security disaster. Stop doing it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jul 2016 @ 5:00pm

      Re: Stop using fingerprints

      Depends on your adversary.
      If they can force your finger into the scanner then yes that's a bad form of authentication.

      For me I'm mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.

      I would like to see additional ways to authenticate such as finger print combinations like index, middle, pinky, pinky.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 27 Jul 2016 @ 9:34pm

        Re: Re: Stop using fingerprints

        "For me I'm mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well."

        I suppose so, but it's pretty easy to lift a print and reproduce such that the scanner is fooled. Your print might be on the touch screen of the phone itself.

        Personally, I find this an inadequate amount of security, considering the sensitive nature of the data that phones tend to accumulate. The odds may be low of a breach, but the consequences could be high. I'd prefer a slightly less convenient, but much more secure, method such as a long PIN.

        But I do believe that the answer to "how secure should I be" is a very individual one, and so my preference isn't relevant to you.

        I just worry that, particularly with fingerprint scanners, people tend to overestimate their security and might make different choices if they understood.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jul 2016 @ 10:55pm

        Re: Re: Stop using fingerprints

        > For me I'm mostly worried about losing my phone and some crook finding it, in that case fingerprint auth works well.


        Me, I'm more worried about losing my index finger and thus losing access to my Pokeballs...

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 4:56pm

    If he used his middle finger,

    would it be contempt of court?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 4:58pm

    The All-Writs act is older than the Bill of Rights

    The All Writs Act (1789) was passed during that time that predates the Bill of Rights (1792), and may be held up as an example of the time of tyranny that the Bill of Rights was intended to curb. It is hard to understand how an old, ordinary law, older than the Bill of Rights, could be interpreted as having a higher priority an amendment to the consitution that was passed after it.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 29 Jul 2016 @ 7:15am

      Re: The All-Writs act is older than the Bill of Rights

      It is hard to understand how an old, ordinary law, older than the Bill of Rights, could be interpreted as having a higher priority an amendment to the consitution that was passed after it.

      Is there a court that declared that?

      reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 27 Jul 2016 @ 5:35pm

    the problem is while the man is scum we know where this leads to thanks to history.

    A corrupt government will abuse all its powers and continue to demand more and more while using those powers to go after anyone it doesn't like even if they are innocent of any crimes.

    reply to this | link to this | view in chronology ]

  • icon
    MikeF1974 (profile), 27 Jul 2016 @ 6:15pm

    Time may stand still

    What mechanism is Apple using to count 48 hours? If it's purely clock based, I imagine a stingray device could continually feed the wrong time to the phone until such time the fingerprint is provided.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 7:32pm

    They've already got the alleged perp's prints;

    just print them out & hold them up to the phone.

    Duh!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jul 2016 @ 10:50pm

    ad blocking

    Hrm. Via NoScript and Firefox, I permitted forbes.com and forbesimg.com (and nothing else) and had no problem.

    Still, if you don't permit those two, the site is nonfunctional. Still poor (IMO) design, requiring Javascript to allow any functionality. It's as if they created a site using a Flash engine....

    reply to this | link to this | view in chronology ]

    • icon
      John85851 (profile), 28 Jul 2016 @ 9:49am

      Re: ad blocking

      That's not surprising.
      If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.

      reply to this | link to this | view in chronology ]

      • identicon
        Rekrul, 28 Jul 2016 @ 2:42pm

        Re: Re: ad blocking

        If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.

        I don't know about trackers, but I have most advertising blocked with a large Hosts file that directs all connections to advertising servers to 0.0.0.0. I also have Flash blocked unless I allow it. I was able to read the Forbes story without any problem. I have encountered other sites though, which won't allow me to see the site as long as Firefox can't connect to the advertising servers.

        reply to this | link to this | view in chronology ]

    • icon
      John85851 (profile), 28 Jul 2016 @ 9:50am

      Re: ad blocking

      That's not surprising.
      If a site requires people to allow Flash and javascript, the coding for ads and trackers will get through almost by default.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 28 Jul 2016 @ 10:13am

      Re: ad blocking

      That's a change in their design. Only a few months ago, the site worked just fine without allowing special exceptions.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 28 Jul 2016 @ 2:38pm

    What we need is phones with multiple, user-selectable authentication methods. Like being able to choose two fingerprints to use to unlock it, but without any indication from the phone that more than one print is required. Or multiple passwords. Or a password that corrupts the contents while looking like it unlocked it normally.

    reply to this | link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 28 Jul 2016 @ 4:29pm

    Feature request please

    Anyone working on mobile phone locking software, please consider adding a duress passcode separate from the real passcode that would open the device with only some generic data included and simultaneously erase/invalidate all other data on the phone.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Aug 2016 @ 9:40am

      Re: Feature request please

      That is actually the best idea I've heard all year. It would certainly put a stop to all this all writs B.S. in a hurry.

      Whoever writes it, the ACLU and the EFF should buy them free beer for the rest of their lives.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Home Cooking Is Killing Restaurants
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.