iPhone Touch ID

Photo via Janitors/Flickr (CC-BY)

Think Touch ID will keep out the cops? Think again.

Police have begun to take unexpected steps to make sure they can access the phones of anyone they think is suspicious.

Court documents uncovered by Forbes show federal law enforcement in California attempted to receive a search warrant that would have allowed police to collect the fingerprints and passwords of everyone at a certain location for the purposes of unlocking their phones. 

While the search warrant and other related documents were not publicly available, the effort is seen by some legal experts as an unprecedented power grab by police in the face of rising technical challenges facing law enforcement.

The May 9, 2016, memorandum filed by U.S. attorney Eileen Decker in the U.S. District Court for the Central District of California, explained that the Department of Justice request included “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.”

Furthermore, Decker wrote, the request sought “the seizure of ‘passwords, encryption keys, and other access devices that may be necessary to access the device.’”

The legalese here means, according to legal experts, that police who obtain such a warrant would be able to collect the fingerprints, thumbprints, device passwords, and encryption keys of anyone at the location of the search in the event that they want to go back later, get another search warrant, and unlock those individuals’ phones. In other words, simply by being at, say, a house for which police have such a warrant would mean getting fingerprinted and potentially having your device searched by the cops. 

For law enforcement, this tactic may be crucial in an investigation where evidence is on a locked device protected by strong encryption, like Apple’s iPhone—exactly the scenario that sparked a public battle between the gadget giant and the FBI late last year. For civil liberties advocates, however, such a search warrant pushes the boundaries of constitutional protections.

“Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law—because of the fact that they already have a warrant,” attorney Marina Medvin told Forbes. “They want to leverage this warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse of power if it were permitted.”

The key portions of the U.S. Constitution at issue here are the Fourth and Fifth Amendments. The Fourth Amendment protects against unreasonable searches and seizures. The Fifth Amendment protects against self-incrimination. And this is where things start to get tricky.

As Gizmodo points out, prosecutors have successfully argued that Fifth Amendment protections do not apply to a person’s body—fingerprints—but rather something they know, like a password. 

The DOJ memorandum cites a number of court cases as setting precedent for this type of collection on the basis that police have reasonable suspicion of anyone at the location of an authorized search. However, most of those cases were decided well before the advent of smartphones—think 1960s, ’70s, ’80s, and even 1910—which contain infinite amounts of personal information. 

The wide breadth of the data police could obtain with such a search warrant, as well as the after-the-fact nature of the DOJ’s argument that obtaining login data for a person’s phone before they are suspected of a crime, are the primary reasons civil liberties experts say this tactic crosses the legal line. 

“If this kind of thing became law then there would be nothing to prevent … a search of every phone at a certain location,” Jennifer Lynch, a staff attorney at the Electronic Frontier Foundation, told Forbes. 

So, the next time you find yourself headed to a sketchy house party, perhaps think about how much you really want to keep what’s on your phone private—you know, just in case.

Promoted Stories Powered by Sharethrough
How a drug cartel used encryption and a fake website to launder millions
In a meeting with his favorite money launderer of the moment, Alejandro Javier Rodriguez-Jimenez laid down the new rules: All communications relating to the cartel they worked for would now go through encrypted apps, and emails would be saved to draft in a shared account.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!