Judge refuses FBI request to force iPhone fingerprinting

The Chicago warrant was too vague and outdated to be granted, judge rules

A court in Chicago has denied the FBI a warrant that would have forced a building's occupants to open their Apple devices using their fingerprints.

If granted, the request would have allowed federal agents to compel people in the premises to put their finger or thumb "onto the Touch ID sensor of any Apple iPhone, iPad or other Apple brand device in order to gain access to the contents of any such device".

The judge, M David Weisman, granted the warrant's request to seize equipment and search the premises of the building, in which the FBI believes someone has used the Wi-Fi network to receive and traffick child pornography pictures. However, he denied the Touch ID element.

The reason for his decision, laid out in this opinion, isn't that there's insufficient probable cause, as this would have led to the rejection of the whole warrant, but that the language used in reference to forcing fingerprint unlocking wasn't specific enough.

Advertisement
Advertisement - Article continues below

"Despite the apparent seriousness of the offenses involved, the Court notes that some of the 'boilerplate' background information included in the warrant is a bit dated, such as its explanation that '[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;' ... and its suggestion that the use of 'cloud technology' is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer," the opinion states.

The judge also noted that the application made no mention of wireless internet, nor the fact that in the context of this warrant Wi-Fi could have a decisive influence on grounds for suspicion.

"For example, an unsophisticated internet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously," the opinion reads, adding that this leaves open the possibility "that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises".

"The warrant application also lacks any detailed information about the resident(s) of the subject premises other than the name of the individual who is likely residing there. There is no assertion that the resident has a known link to criminal acts involving child exploitation," the ruling reads, adding that it's not even certain there are Touch ID-enabled Apple devices on the premises, or what kind they might be.

Consequently, the judge said there is insufficient probable cause to force anyone to open their device using Touch ID in the event of a raid.

Parallels with other cases?

As noted by Sophos, at first glance the case seems to have parallels with two other recent cases involving iPhones, that of the San Bernardino iPhone and particularly a May 2016 case unearthed by Forbes, which did grant the FBI access to devices using "forced fingerprinting", as the US government calls the practice, in California.

There are notable differences, though. In the case of the San Bernardino iPhone, the owner was dead and the phone had apparently become locked as a result of a mistake during the handling of the device by the FBI.

In the case of the California warrant, the FBI did specify who it thought might be involved in the crime, whereas failing to do so seems to be the fatal error in this latest case.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019