It must have seemed worth a try: within the window of time where it’s still possible to unlock a phone with a fingerprint, go to the funeral home and make use of the deceased’s finger. It’s a lot cheaper than paying some forensics outfit to crack it open, and likely quicker too. However, this most recent case was just as successful as previous attempts: as in, not at all.
According to the Tampa Bay Times, Florida police attempted to unlock the phone after they shot and killed 30-year-old Linus F. Phillip, whom they wanted to question in a drug investigation, on 23 March.
Phillip was detained at a gas station in Largo, Florida. An officer tried to search him. Phillip didn’t cooperate. Rather, he tried to drive away, which is when the officer shot him.
Lt. Randall Chaney told the Tampa Bay Times that investigators had a 48- to 72-hour window in which to unlock the phone’s fingerprint sensor. They had the phone, and once the state released the body to a funeral home, they got the chance to try out the dead man’s fingers, so that’s where they paid a visit.
It didn’t work.
That’s not surprising. Police have repeatedly tried to unlock phones with dead fingers, but if it’s ever worked, we haven’t heard about it.
It’s perhaps not surprising. We don’t know what type of phone Phillip had, but fingerprint sensors such as Apple’s Touch ID use capacitive touch, picking up on the slight electrical charge that runs through living skin in order to read a fingerprint at a sub-dermal level.
Even if the capacitance sensor was artificially triggered, Touch ID’s radio frequency only responds to living tissue.
Still and all, police have tried this before.
There are alternatives: multiple outfits that promise they can hack phones, but it doesn’t come cheap.
The most prominent name is that of Cellebrite, widely believed to be the firm that broke into the iPhone 5C belonging to dead San Bernadino terrorist and mass murderer Syed Rizwan Farook.
As The Intercept has reported, a US Drug Enforcement Administration procurement record shows that as of September 2016, Cellebrite’s premium unlocking subscription service cost $250,000 a year in the US. As of 2016, one-off hacks were selling for about $1,500 per phone.
Then too, there’s US startup GrayShift, which sells a $15,000 device called GrayKey that promises to unlock the iPhone 8 and X.
Cost isn’t the only incentive pushing police towards the use of dead people’s fingerprints. Warrants aren’t required to get a dead person’s prints, given that after death, people lose privacy interest in their own body. In other words, they have no standing in court to assert privacy rights.
The first known case of using a dead man’s fingers to try to unlock an iPhone was that of Abdul Razak Ali Artan, an 18-year-old Somali immigrant who plowed his car into a group of people on the Ohio State University campus, attacked victims with a butcher’s knife, and was shot dead by police in November 2016.
Police failed in that case: not only was Artan dead, but they were swiping his finger after the window of opportunity had closed, when the phone goes into sleep mode and requires a passcode to unlock.
Sources have told Forbes that it’s now a “relatively common” procedure to press dead people’s fingers to their phones. It’s been used in overdose cases, for example, as police have sought drug dealers.
In another case, from July 2016, police sought to make a cast from a dead man’s prints, but not from his actual fingers. They asked for 3D prints to be made from fingerprints they already had on file.
Phillip’s fiancée, Victoria Armstrong, was at the funeral home when Florida investigators swiped his fingerprints. She said she felt “disrespected and violated.”
Courts may have no problem with police swiping dead people’s fingers, but there are experts who want them to rethink the ghoulish practice. The Tampa Bay Times spoke to one, Greg Nojeim, director of the Freedom, Security and Technology Project at the Washington-base Center for Democracy and Technology, who said that the Largo detectives’ actions were “ethically unjustifiable.”
There should be some dignity in death. If I was writing the rules on this, it would be that the police would need a warrant in order to use a dead person’s finger to open up a phone, and I’d require notice to the family.
In the meantime, if you want to ensure that you can’t be compelled to use your fingerprints to unlock your phone – be you deceased or not – use a passcode instead of biometrics for authentication.
Courts have generally held that you can’t be compelled to give up your passcode because of Fifth Amendment protection against giving testimony (i.e., something you know) that could be used against you, whereas your biometrics (i.e., something you are) are pretty much up for grabs.