Police Can Force You to Use Your Fingerprint to Unlock Your Phone

Denys Prykhodov/Shutterstock.com

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
Kaveh Waddell By Kaveh Waddell,
The Atlantic

By Kaveh Waddell,
The Atlantic

|

But they can’t make you cough up your passcode.

When Apple announced in 2013 that its next iPhone would include a fingerprint reader, it touted the feature as a leap forward in security. Many people don’t set up a passcode on their phones, Apple SVP Phil Schiller said at the keynote event where the Touch ID sensor was unveiled, but making security easier and faster might convince more users to protect their phones. (Of course, Apple wasn’t the first to stuff a fingerprint reader into a flagship smartphone, but the iPhone’s Touch ID took the feature mainstream.)

The system itself proved quite secure—scanned fingerprints are stored, encrypted, and processed locally rather than being sent to Apple for verification—but the widespread use of fingerprint data to unlock iPhones worried some experts.

One of the biggest questions that hung over the transition was legal rather than technical: How might a fingerprint-secured iPhone be treated in a court of law?

The question went unanswered for a year, until a Virginia judge ruled in 2014 that police can force users to unlock their smartphones with their fingerprints. But until this February, when a federal judge in Los Angeles signed a search warrant that required a woman to use her fingerprint to unlock her iPhone, it didn’t appear that any federal law-enforcement agency had ever used that power.

The iPhone belonged to Paytsar Bkhchadzhyan, the 29-year-old girlfriend of a man accused of being a member of an Armenian gang, according to Matt Hamilton and Richard Winton of the LA Times. She was sentenced in February for one count of identity theft, and just 45 minutes later, a federal judge signed a warrant authorizing law-enforcement officers to place her finger or thumb on the Touch ID sensor of her iPhone. It’s not clear what prosecutors are searching for on her phone.

The warrant was first discovered by Thomas Fox-Brewster of Forbes in March. Fox-Brewster examined “hundreds of court documents” but wasn’t able to find any previous example of a federal warrant for device-unlocking fingerprints.

The federal judge in Los Angeles may have moved quickly to sign and execute the warrant because there’s only a 48-hour window during which an iPhone will accept its user’s fingerprints. After that window—or after a restart—the phone will require a PIN or passcode to unlock.

The Fifth Amendment, which protects people from incriminating themselves during legal proceedings, prevents the government from compelling someone to turn over a memorized PIN or passcode. But fingerprints, like other biometric indicators—DNA, handwriting samples, your likeness—have long been considered fair game, because they don’t reveal anything in your mind. (Marcia Hofmann, a digital-rights lawyer, wrote a comprehensive rundown of the question in late 2013, when it was still hypothetical.)

Now that it’s clear that police are willing to ask for warrants for phone-unlocking fingerprints—and that judges are willing to sign them—security-conscious smartphone users are faced with a menu of mostly unsavory options.

A fingerprint and a long passcode provides a good balance between convenience and security—or it did, until courts began compelling fingerprint unlocks, said Chris Soghoian, the chief technologist at the American Civil Liberties Union. The alternatives are worse: A short PIN “lets you use your phone like a human,” Soghoian said, but can be guessed by a computer algorithm in certain cases. And a long passcode, while secure, is a pain to type in every time you want to check Tinder.

The only way to turn off an iPhone’s fingerprint-reader on the fly—without waiting for the 48-hour window to expire—is to turn it off. When it’s powered back on, it will ask for the device’s PIN or passcode, and won’t accept fingerprints. (If Bkhchadzhyan’s phone was off when police found it in her boyfriend’s home, her fingerprints won’t unlock it.)

Since Apple began encrypting its iPhones in 2014 and rolled out further security improvements alongside Touch ID, law enforcement has had to get increasingly creative to access the contents of the computers, tablets, and phones that they seize.

The court fight over an iPhone used by one of the San Bernardino shooters, for example, only ended when the FBI paid for a technique to bypass the phone’s security. Similar hacking techniques—and more warrants for fingerprints—may become commonplace as the government confronts increasingly secure devices.

NEXT STORY: Hundreds of comments shape final Data Act schema

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.