Pando

Court document shows the feds are just grabbing suspects' hands to unlock their fingerprint iPhones

By Paul Bradley Carr , written on October 17, 2016

From The Security Desk

Here’s a fun story from Forbes this morning.

A newly unearthed court filing shows that California-based Department of Justice agents requested court authorization to force suspects to unlock their fingerprint-secured phones during a search. Yes, force them. As in grab their hands and force them.

Per Forbes, the text of the warrant application requested:

“[A]uthorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.”

The document also showed the DOJ didn’t even know what devices they might find in the house, or what their contents might be:

“While the government does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search, it has demonstrated probable cause that evidence may exist at the search location, and needs the ability to gain access to those devices and maintain that access to search them. For that reason, the warrant authorizes the seizure of ‘passwords, encryption keys, and other access devices that may be necessary to access the device,’”

Forbes was able to contact the owner of the property and confirm that the warrant was approved served.

There are a lot of takeaways from the terrifying document and its attendant implications, but I’ll focus on just two.

First, while the warrant is shocking, it also shouldn’t be surprising. Anyone who has ever seen a low-budget sci-fi movie knows the trope of forcing someone’s eyeball against a scanner to access a vault or chopping off a hand to beat a fingerprint reader.

It’s always going to be easier for a copy to grab someone’s hand vs forcING them to surrender a password, especially after they’ve been read their Miranda rights.  And of course the government is delighted that we’ve all become so lazy and so enraptured by cool gimmicks that we’ve willingly made our phones vulnerable to brutally physical hacks.  

Which brings me to the second point: Shit like this is precisely why I’m sticking to  old technology like my beloved dumb phone and passwords that require me to press a sequence of buttons. Old tech is not perfect, or secure against determined hackers -- nothing is -- but you can push my finger, or my eye, or anything else against this thing all day and all you’re going to do is smudge the screen.