Judge refuses FBI request to force iPhone fingerprinting
The Chicago warrant was too vague and outdated to be granted, judge rules
A court in Chicago has denied the FBI a warrant that would have forced a building's occupants to open their Apple devices using their fingerprints.
If granted, the request would have allowed federal agents to compel people in the premises to put their finger or thumb "onto the Touch ID sensor of any Apple iPhone, iPad or other Apple brand device in order to gain access to the contents of any such device".
The judge, M David Weisman, granted the warrant's request to seize equipment and search the premises of the building, in which the FBI believes someone has used the Wi-Fi network to receive and traffick child pornography pictures. However, he denied the Touch ID element.
The reason for his decision, laid out in this opinion, isn't that there's insufficient probable cause, as this would have led to the rejection of the whole warrant, but that the language used in reference to forcing fingerprint unlocking wasn't specific enough.
"Despite the apparent seriousness of the offenses involved, the Court notes that some of the 'boilerplate' background information included in the warrant is a bit dated, such as its explanation that '[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;' ... and its suggestion that the use of 'cloud technology' is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer," the opinion states.
The judge also noted that the application made no mention of wireless internet, nor the fact that in the context of this warrant Wi-Fi could have a decisive influence on grounds for suspicion.
"For example, an unsophisticated internet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously," the opinion reads, adding that this leaves open the possibility "that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises".
"The warrant application also lacks any detailed information about the resident(s) of the subject premises other than the name of the individual who is likely residing there. There is no assertion that the resident has a known link to criminal acts involving child exploitation," the ruling reads, adding that it's not even certain there are Touch ID-enabled Apple devices on the premises, or what kind they might be.
Consequently, the judge said there is insufficient probable cause to force anyone to open their device using Touch ID in the event of a raid.
Parallels with other cases?
As noted by Sophos, at first glance the case seems to have parallels with two other recent cases involving iPhones, that of the San Bernardino iPhone and particularly a May 2016 case unearthed by Forbes, which did grant the FBI access to devices using "forced fingerprinting", as the US government calls the practice, in California.
There are notable differences, though. In the case of the San Bernardino iPhone, the owner was dead and the phone had apparently become locked as a result of a mistake during the handling of the device by the FBI.
In the case of the California warrant, the FBI did specify who it thought might be involved in the crime, whereas failing to do so seems to be the fatal error in this latest case.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now