Skip to content
Naked Security Naked Security

LA judge forces woman to unlock iPhone with fingerprint

A case of an alleged Armenian gang member points to the view of biometrics as being like physical keys, not self-incriminating testimony.

The forced use of fingerprints to unlock an iPhone is playing out again in Los Angeles.

As the Los Angeles Times reports, this case involves a seized iPhone connected with an alleged Armenian gang member.

Authorities have obtained a search warrant to compel his girlfriend to press her finger to unlock the phone via Apple’s identification system.

Ever since Apple introduced Touch ID, privacy and legal experts have been saying that biometric information such as fingerprints are like our DNA samples or our voice imprints: they’re simply a part of us. They don’t reveal anything that we know, meaning that they don’t count as testimony against ourselves.

Therefore, the thinking has gone, forcing suspects to press their fingers to get into a phone doesn’t breach their Fifth Amendment rights against forced self-incrimination.

It’s similar to when police with a search warrant demand a key to a lockbox that contains incriminating evidence, the Supreme Court has hypothetically suggested: turning over the key is just a physical act, not “testimony” about something we know.

This interpretation of forced biometrics use being fair game in investigations has played out before. One such was the case of an Emergency Medical Services captain by the name of David Baust who in 2014 was charged with trying to strangle his girlfriend.

Law enforcement were after footage possibly recorded on video equipment in Baust’s bedroom that might have shown the fight. In that case, a judge declared that cops can force you to unlock your phone with your fingerprint, but not with your passcode.

In September, a federal district court in Eastern Pennsylvania confirmed Fifth Amendment protection for passcodes in an insider trading case between the Securities and Exchange Commission and two ex-employees of credit card company Capital One.

But passcode protection hasn’t been a foolproof shelter for all suspects who refuse to hand them over. Last week, a 17-year veteran and former sergeant of the Philadelphia Police Department who’s suspected of – but not formally charged with – possession of child abuse images was found in contempt of an order to decrypt two hard drives.

The “John Doe” has already been imprisoned for 7 months in Philadelphia’s Federal Detention Center on charges of contempt.

He’ll stay locked up indefinitely until he decrypts the drive, the court ordered, saying that he “[carries] the keys to his prison in his own pocket.”

As the LA Times reports, some legal experts are pushing back against courts’ interpretation that compelling use of fingerprints or other biometrics is Constitutionally kosher.

As it is, they say, being forced to unlock a digital device gives the state access to information that could be self-incriminating. The newspaper quotes Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law:

It isn’t about fingerprints and the biometric readers. [It’s about] the contents of that phone, much of which will be about her, and a lot of that could be incriminating.

The “her” in this case – the alleged gang member’s girlfriend – is Paytsar Bkhchadzhyan, a 29-year-old Los Angeles woman with a string of criminal convictions who pleaded no contest to a felony count of identity theft.

Records show that some 45 minutes after she’d been taken into custody, a federal judge signed off on a warrant for Bkhchadzhyan to press her finger on the iPhone. By 1 pm, an FBI agent had secured her print.

Beyond classifying the search as part of an ongoing investigation, authorities aren’t saying why they wanted her to unlock the phone.

The iPhone had been seized from a home linked to Bkhchadzhyan’s boyfriend, Sevak Mesrobian. A probation report lists him as a member of the Armenian Power gang.

While details on what data they were after on the phone remains unknown, it’s clear why authorities were in a rush to get at it: Touch ID has a narrow window of access. After 48 hours of not having been unlocked, a phone requires a passcode to unlock.

The debate over forced biometrics continues

While Brenner told the LA Times that the bar should be set higher for biometric data, other legal experts backed up the prevailing notion that compelling biometrics unlocking doesn’t amount to self-incriminating testimony.

George M. Dery III, a lawyer and criminal justice professor at California State University, Fullerton, echoed the Supreme Court’s analogy of biometrics being like a physical key, noting that search warrants commonly give police the authority to enter a home and seize paper records:

Before cell phones, much of this information would be found in a person’s home. This has a warrant. Even though it is a big deal having someone open up their phone, they’ve gone to a judge and it means there’s a likelihood of criminal activity.

Image of Fingerprint courtesy of Shutterstock.com

8 Comments

This makes sense. Bio-metrics is not a passcode. In theory they could do the same thing by taking a photo of you or using your fingerprint from booking. If they get the warrant they should have it and we all need to quit thinking of bio-metrics as a replacement for passwords. Biometrics are a username.

I disagree. Biometrics are both username and password. And if they are able to obtain her fingerprints legally and use that as a method to open the phone, bravo! But, in my opinion, forcing any action that is used to incriminate that person in a court of law is a violation of the fifth amendment.

Except that search and seizure is covered by the Fourth amendment, not the Fifth.

And AFAIK, there is no statutory protection in the Bill of Rights by which you can refuse (or attempt to interfere with) a lawfully-issued search warrant. You may refuse to provide your own account of events, but that’s not the same thing.

Trickier than the other example. You can’t claim to have forgotten your fingerprints.

Ah; but have you ever used a fingerprint reader? You’ve got to get your finger in just the right position, or it eventually switches to passcode-only. So you don’t need to claim to have forgotten, you just try the maximum number of times and it rejects your print.

Don’t train your phone against a part of your hand that leaves latent prints — that makes breaking into your phone trivial for anyone with the right equipment.

Isn’t this all a moot point anyway. If you have not used the TouchID sensor on the iPhone in a certain time period the pass code is required to unlock the phone and it does not sound like the ruling called for that to be disclosed.

gee…..I sure feel sorry for criminals…….but you know…..it’s their own fault for being silly enough to have an I phone.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?