Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Iphone Privacy Technology

FBI Forced Suspect To Unlock His iPhone X Through Face ID (engadget.com) 238

In what may be a world first, the FBI has forced a suspect to unlock his iPhone X using Apple's Face ID feature. From a report: Agents in Columbus, Ohio entered the home of 28-year-old Grant Michalski, who was suspected of child abuse, according to court documents spotted by Forbes. With a search warrant in hand, they forced him to put his face on front of the device to unlock it. They were then able to freely search for his photos, chats and any other potential evidence. The FBI started investigating Michalski after discovering his ad on Craigslist titled "taboo." Later, they discovered emails in which he discussed incest and sex with minors with another defendant, William Weekly.
This discussion has been archived. No new comments can be posted.

FBI Forced Suspect To Unlock His iPhone X Through Face ID

Comments Filter:
  • 1. Can they do that legally?
    2. Can this be avoided by changing your facial expression while the phone is shoved in your face?

    • Re: (Score:3, Informative)

      1. Yes
      2. No
    • Re:Can they do that? (Score:5, Interesting)

      by Nutria ( 679911 ) on Monday October 01, 2018 @09:48AM (#57403694)

      Yet another FUD headline.

      The FBI did not force the suspect to do anything. The search warrant signed by a judge forced the suspect to unlock the phone.

    • from past rulings, yeah probably. The laws more or less said that they cannot force information out of someone (IE they cannot force the person to tell them a passcode), but they can have them put their finger on a fingerprint lock. It kind of makes sense as clearly the laws already permit the police to take a fingerprint and a photograph of people. In short if you don't want the authorities to sniff through your data. Don't use a security method that a 3rd party can do with your unconscious or dead body.
    • by kbonin ( 58917 )
      This is why you set a password/pin - you can be 'legally' compelled by law enforcement with nearly unlimited force to use biometric authentication, but they aren't yet allowed to force you to type in a password outside of some narrow circumstances (which are being rapidly expanded), at penalty of sitting in jail forever under contempt of court. TrueCrypt had nice partial solutions to this using hidden volumes.
      • by lactose99 ( 71132 ) on Monday October 01, 2018 @10:06AM (#57403850)

        Or, this is why you don't advertise child porn/abuse on Craigslist.

        • Or, this is why you don't advertise child porn/abuse on Craigslist.

          Indeed.

          Although, wrongful arrests can happen and coincidental evidence on your phone can be used against you; or something such as a joke text be misconstrued. The photo of you baby taking a bath could be said to be taken to be child porn. I don't know... all sorts of things could be used against you even if not really what they seem.

          I use biometric logging on my phone... I don't do anything illegal (well besides breaking the speed limit occasionally)... I don't do anything I think could be mistaken for i

      • This is why you set a password/pin - you can be 'legally' compelled by law enforcement with nearly unlimited force to use biometric authentication, but they aren't yet allowed to force you to type in a password outside of some narrow circumstances (which are being rapidly expanded), at penalty of sitting in jail forever under contempt of court. TrueCrypt had nice partial solutions to this using hidden volumes.

        I don't see the difference myself. Either they should be allowed to force you to unlock the phone or they should not be allowed to force you to unlock the phone. The method of lock shouldn't matter.

        • by msauve ( 701917 )
          "I don't see the difference myself."

          The difference is between something physical (a fingerprint, face, or key) and something which is knowledge (PIN or combination). They can get physical things via warrant or subpoena (inc. papers and possessions), but not knowledge (protected by 5th A).
        • by EvilSS ( 557649 )

          I don't see the difference myself. Either they should be allowed to force you to unlock the phone or they should not be allowed to force you to unlock the phone. The method of lock shouldn't matter.

          The difference is one requires you to divulge knowledge, the others don't. Your face and fingerprints are not protected, as shown by the fact that police can use photos and fingerprints without your consent as evidence in court. The reasoning around passwords is that it would require the person to testify against themselves. It's a tenuous argument and hasn't been fully tested legally.

          • By that same standard they cannot force you to divulge which finger will unlock your device. If they want someone to use a particular finger, they can ask and I suppose a person would be forced to comply, but if it happens to be wrong and locks law enforcement out or wipes the device, that's hardly the person's fault.

            Hopefully Apple builds in some kind of ability for the facial recognition system to be told to require an additional password (or other credentials) if a user looks at it in a certain way or
        • They would have to destroy a lot of your rights to force you to put in a code.

      • The courts have always been allowed to force you to reveal a password, there is work going on to roll this back but the sad fact is the supreme court ruled many years ago (back in the 80's) that the pa sword to a computer was no different than the lock to a safe and it could be compelled. Passwords and pin codes are routinely forced by courts to be disclosed.

        Now that we have things like smartphones that contain literally your entire life there is talk about rolling this power back and requiring high standar

    • on 2 just slam your face into the jail door / wall / bars are few times.

  • by Gabest ( 852807 ) on Monday October 01, 2018 @09:46AM (#57403678)
    What you know is generally safer than what you have.
  • by nospam007 ( 722110 ) * on Monday October 01, 2018 @09:49AM (#57403696)

    Dear sexual predators, rapists, pedos et. al. Please don't use your stupid face or your fingerprint to lock your evidence phone. Use a looooong password.
    Otherwise we'll get these stupid articles every other day.

    • Yeah, next you will be telling them not to have incriminating evidence on a phone they carry around with them, or send messages with illegal content from their personal device.

    • Dear sexual predators, rapists, pedos et. al. Please don't use your stupid face or your fingerprint to lock your evidence phone. Use a looooong password.
      Otherwise we'll get these stupid articles every other day.

      I hope people who are really guilty DO use these methods of locking their phones. I'd rather predators go to jail than slashdotters getting to avoid seeing these stories.

    • Um.....I'd actually prefer such people use their face or fingerprint....or not lock their phones at all. And tell the local police about their "activities".

  • obXKCD (Score:4, Funny)

    by Thud457 ( 234763 ) on Monday October 01, 2018 @09:50AM (#57403706) Homepage Journal
    ob $5 wrench [xkcd.com]
  • by sjbe ( 173966 ) on Monday October 01, 2018 @09:52AM (#57403722)

    In what may be a world first, the FBI has forced a suspect to unlock his iPhone X using Apple's Face ID feature.

    Could see this coming. No different logically from forcing someone to unlock with a fingerprint which they've already done and gotten judicial cover for. If you want to keep it private best to require a code (that only you know) to unlock which US courts have upheld as a valid 5th amendment defense.

    My 1 year old daughter recently unlocked my wife's phone when my wife was standing behind her so that should give you a good idea how secure it is. It's the rough equivalent to a tiny luggage lock. Useful for keeping out the most causal snoopers but not really serious security.

  • If you don't want "the government" to use your face (or finger) to unlock your iPhone with a warrant, don't use Face ID (or Touch ID).

    Use a strong passphrase instead, which you cannot be compelled to provide under the 5th Amendment.

    Or, alternatively, don't be a murderer, child sex trafficker, or child pornographer. And no, that's not a different version of "if you have done nothing wrong, you have nothing to hide"; it's a literal recommendation.

    • Or, alternatively, don't be a murderer, child sex trafficker, or child pornographer.

      This sort of recommendation works to a point. This point is when the legislature expands the definition of child pornography to cover possession of things that were not previously illegal, such as non-photorealistic drawn porn.

  • by SirMasterboy ( 872152 ) on Monday October 01, 2018 @09:59AM (#57403802)

    On FaceID devices, hold a volume button + lock button for a couple seconds then press cancel. FaceID will now be disabled until you enter your PIN.

    For TouchID devices, hold the lock button for a couple seconds and then press cancel.

  • by Anonymous Coward on Monday October 01, 2018 @10:08AM (#57403862)

    So what is the problem here?

    If it was a properly obtained search warrant, what the police did was equally proper. If you have a locker or a storage area with a lock on it and the police have a search warrant, you can either open the lock yourself (or 'forced to' as per the article) or they can get out a set of bolt cutters and remove the lock themselves.

    If the warrant was not obtained properly, then the fruits of the search are inadmissible as well as any other evidence obtained as a result of the search.

    The courts have routinely ruled that you cannot be compelled to turn over your passwords as that information is inside your head but that physical protections are not so covered.

    As an aside, this is the reason biometrics is not really a good way to secure anything -- you have the person, you have the biometrics. Whether it is police or the mob, you can 'force' someone to unlock their devices with a fingerprint, retina scan, or facial recognition. This is a corollary to the hackers rules: if you have physical access, no security measure is 'secure.'

    If you want your device legally secured, only the information inside your head is sacrosanct, Your device will just be confiscated until they are able to hack into it by different methods. Although I am not a lawyer, I would guess that the act of not unlocking a device for a warranted search probably stops the clock on statute of limitations as well, so if it takes five years to hack your device, you will surely still be on the hook for it.

    • Or you have a safe that burns the contents when forced, so if you don't open it you don't incriminate yourself.

    • As an aside, this is the reason biometrics is not really a good way to secure anything

      It depends on what you are trying to secure. My phone doesn't have evidence of a crime on it, so all I really want to do is keep out people who may find my phone after I lose it somewhere.

      Whether it is police or the mob, you can 'force' someone to unlock their devices with a fingerprint, retina scan, or facial recognition

      You do realize that the mob has....alternative means to compel you to give up your password, right?

  • So (search warrants aside) something the authorities have always done is take mug shots of arrested people. To what extent could FaceID be fooled by holding up a good resolution photograph?
  • Just say lawyer over and over and refuse to do anything until they let you use your right to talk to one.

  • Don't have or use a phone that uses 'something you are' (like your face or fingerprints) to unlock it, use one that needs 'something you know'. Or better yet stop using smartphones, or at least don't put anything important on them. Going on a trip? Either get a burn phone that is empty and that you don't care about, or have your phone shipped separately, don't carry it to the border with you.
  • ... is to make sure you don't carry incriminating material in your wallet or purse. Remember those?

    They have been subjected to search since Moby Dick was a minnow.

    How long did it take for people to wise up to that?

    As technology gets smarter, people become dumber.

  • or whatever it's actually called. Hit power button 5 times rapidly, it'll open the emergency panel (SOS, 911-onetouch, etc.) and will then only allow a passcode (no biometrics)
  • There is already a published Siri shortcut called "I am being pulled over by the police" which performs a number of actions to record your interaction with the police including notifying contacts and even publish the video.

    I imagine that one of the options could be to disable faceID or touchID.

    Someone should write one that's like: "Hey Siri, BUG OUT!!!" which would promptly erase the phone.

A conference is a gathering of important people who singly can do nothing but together can decide that nothing can be done. -- Fred Allen

Working...