Granted Warrant Allowed Feds To Force Everyone At Searched Residence To Unlock Devices With Their Fingerprints
from the hello-dystopia dept
Thomas Fox-Brewster of Forbes has dug up an unsealed memorandum in support of a federal search warrant demanding… all the fingerprints of every occupant in the searched residence.
FORBES found a court filing, dated May 9 2016, in which the Department of Justice sought to search a Lancaster, California, property. But there was a more remarkable aspect of the search, as pointed out in the memorandum: “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” The warrant was not available to the public, nor were other documents related to the case.
The memorandum goes on to point out that simply demanding fingerprints implicates neither the Fourth nor Fifth Amendments. But the additional permissions sought certainly do.
“While the government does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search, it has demonstrated probable cause that evidence may exist at the search location, and needs the ability to gain access to those devices and maintain that access to search them. For that reason, the warrant authorizes the seizure of ‘passwords, encryption keys, and other access devices that may be necessary to access the device,’” the document read.
Not only are the devices being seized, but so are any passwords, which does carry some implications, but not necessarily at the point of seizure. It's the refusal to turn over passwords or encryption keys in the face of a court order that can result in contempt charges, and it's still less-than-settled that access information has no testimonial value.
But even the seizure of these devices in hopes of searching them later (but securing fingerprints to unlock them first) is a Fourth Amendment problem if they're accessed in nearly any way during the unlocking process. One court found, post-Riley, that simply opening a flip phone constituted a search. In that context, forcing a finger onto the phone and viewing the screen's contents could be considered a search -- and a warrantless one at that.
Of course, the government cited plenty of cases to back up its seizure, detention of residents, and its taking of fingerprints -- most of them at least 30 years old.
It also cited Holt v. United States, a 1910 case, and United States v. Dionisio, a 1973 case, though it did point to more recent cases, including Virginia v. Baust, where the defendant was compelled to provide his fingerprint to unlock a device (though Baust did provide his biometric data, it failed to open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks for the code to be re-entered.).
As for the Fourth, the feds said protections against unreasonable searches did not stand up when “the taking of fingerprints is supported by reasonable suspicion,” citing 1985′s Hayes v. Florida. Other cases, dated well before the advent of smartphones, were used to justify any brief detention that would arise from forcing someone to open their device with a fingerprint.
This is the reality of what the government is seeking: law enforcement officers detaining suspects and non-suspects alike and forcing them to apply their fingers to all locked devices on the premises. If this is the new normal for warrant service, it's time for the courts to step up and be a bit more aggressive in holding the government to particularity requirements.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, devices, fingerprints, search, unlocking, warrant
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
power down your phone if you think the police is going to make a grab for it. Your finger print won't work once it boots up again. You have to enter the passcode first.
[ link to this | view in chronology ]
They can't particularly describe unknown persons.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not only do you contradict yourself you and the dictionary disagree on terms.
We we have another journalist write these articles that cares more about the Constitution than you? You are obviously willing to imply "some implications, but not necessarily at the point of" calling a spade a spade.
At a fundamental level this is a bit insidious.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: Contempt for warrants
Contempt, as noted in the article, comes when the Court orders compliance and the subject fails to comply. This article is about a warrant wielded by a door-kicking SWAT team intent on property destruction, not a Court order. I have no doubt that the team would proceed to arrest anyone who did not comply, but I have some doubt that they would not arbitrarily arrest everyone at that location even if they did get full compliance. Once arrested, there would be an opportunity for the Court to issue a separate order, which could then lead to the contempt charge if not properly quashed.
[ link to this | view in chronology ]
Re: Re:
Contempt for what? I can't help it if I have a bad memory.
[ link to this | view in chronology ]
Re: Re: Re:
To which the judge simply has to respond with "I don't believe you, provide the password or rot in a cell until you remember'."
If the judge doesn't believe that you don't remember your password they don't have to prove that you did in fact forget it, you have to prove that you did, and since that's entirely based upon your word that you did...
Isn't the legal system just grand?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Which is why having a deniable encryption password would be so valuable for all systems. Despite my previous strident comment about a GFY message, the real way to implement this is to silently delete everything while the system comes up and looks like it simply does not have any data on it. Bonus points for creating some innocuous data in there so it is plausibly the real thing. What can the judge do once the system is unlocked and shows nothing of interest?
[ link to this | view in chronology ]
The current "false bottom" technology
disguises the encrypted data as unused memory clusters, so there is no clear proof that you even have encrypted data at all.
Or don't...which presents a problem.
Frankly, as things are, a judge can just declare that you have contraband data and have effectively hidden it. Even if he claims that it's some secret cloud account.
Which means, yeah, a judge could hold you for contempt for no actual reason with no actual evidence. You can try to invoke habeas corpus, but I don't think there is real proof they have except We have more guns than you. Or their court is backed by the power of force, not the power of law.
Then off to jail you go for fourteen years. Longer, since it's hard to get out when you're forgotten.
[ link to this | view in chronology ]
Longest contempt of court record...
is 14 years, so far.
So yeah, it's possible to be jailed for contempt for a long time.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Ahem. That said, they'd get nothing by having my fingerprints and I would certainly forget my password at that point.
[ link to this | view in chronology ]
Note to self:
[ link to this | view in chronology ]
Re: Note to self:
Sure, but good luck getting all the fingers adequately sliced and getting the knife somewhere safe before they shoot you for "having a knife" that threatened officer safety.
[ link to this | view in chronology ]
Re: Note to self:
Just turn your phone off (and make sure it's set to require a password at reboot).
[ link to this | view in chronology ]
Save yourself the painful process
They can photograph your sliced fingertips, edit out the scars and construct rubber fingers using 3D printing that works just fine.
Or at least it did when the Apple biometric access tech was released.
[ link to this | view in chronology ]
Re: Note to self:
Just turn off your phone! When they turn it back on, your Finger print will no longer work until you enter the Pass code that first time!!! You can touch it all you want and it won't do anything!!!
[ link to this | view in chronology ]
@Tim Cushing:
"...and it's still less-than-settled that access information has no testimonial value."
Excuse me????
That is a given fact, fundamental to the whole point of access information - or keys, or employee passes, or whatever else.
Having a password, key, biometric access - pick what form/mode of unlocking anything you wish - is prima facie evidence that either or both of a) you are authorized by the owner to operate/control/gain access to/use whatever is behind the lock or access control device; or b) you are the owner (impliedly subsuming authorization to use/control, etc.) of whatever is behind the lock or access control device/mechanism/etc.
To give just two obvious examples, possession of a key to a particular house implies that you do or may live at that address. Possess of a car key implies that you either are the owner of a car or are known to the owner of the car.
[ link to this | view in chronology ]
My password...umm, I don't recall it.
Works for rich or politically connected Dems.
[ link to this | view in chronology ]
The sooner Americans realize their government believes they have no constitutional rights the better. though I am sure "It can't happen here" will protect them.
[ link to this | view in chronology ]
welcome to Nazi USA!!
[ link to this | view in chronology ]
Dear Apple & Google: We need the "nuke it" fingerprint feature
I'd be happy to provide a fingerprint as long as my phone/device has an unlock fingerprint trained, and a separate "nuke everything on my phone and pop up a big GFY message on the screen" fingerprint.
Guess which one I will be providing to the feds?
[ link to this | view in chronology ]
Warrant
"Thomas Fox-Brewster of Forbes has dug up an unsealed memorandum in support of a federal search warrant demanding… all the fingerprints of every occupant in the searched residence...
In that context, forcing a finger onto the phone and viewing the screen's contents could be considered a search -- and a warrantless one at that."
How would that be warrantless?
[ link to this | view in chronology ]
Re: Warrant
I suppose you could say that an invalid warrant doesn't count? (Unless a good faith exception applies, of course.)
[ link to this | view in chronology ]
Invalid warrant
I'm sure a standard service pistol will validate any warrant.
They don't need you alive, do they?
[ link to this | view in chronology ]
Self Destruct Button
For anyone particularly concerned about this, the solution is simply to have a task that runs every time after login that starts a self-destruct timer in the background. If you don't launch the kill-switch, or if the tether to your smartwatch isn't available, it nukes everything.
[ link to this | view in chronology ]
Excellent for spies and terrorists.
For the rest of us, I suspect our lifestyles of convenience won't account for a daily plug-in.
Still, there are more tricks for hiding and encrypting data than there are for detecting it. I expect that eventually the courts will go full MiniPAX until people are filling our prisons on account of having suspected hidden data they won't reveal.
[ link to this | view in chronology ]
Thats a spiffy list of rights we allegedly have... when do we actually get them?
[ link to this | view in chronology ]
“authorization to depress the fingerprints and thumbprints..."
[ link to this | view in chronology ]