Judge refuses FBI request to force iPhone fingerprinting

The Chicago warrant was too vague and outdated to be granted, judge rules

A court in Chicago has denied the FBI a warrant that would have forced a building's occupants to open their Apple devices using their fingerprints.

If granted, the request would have allowed federal agents to compel people in the premises to put their finger or thumb "onto the Touch ID sensor of any Apple iPhone, iPad or other Apple brand device in order to gain access to the contents of any such device".

The judge, M David Weisman, granted the warrant's request to seize equipment and search the premises of the building, in which the FBI believes someone has used the Wi-Fi network to receive and traffick child pornography pictures. However, he denied the Touch ID element.

The reason for his decision, laid out in this opinion, isn't that there's insufficient probable cause, as this would have led to the rejection of the whole warrant, but that the language used in reference to forcing fingerprint unlocking wasn't specific enough.

Advertisement - Article continues below
Advertisement - Article continues below

"Despite the apparent seriousness of the offenses involved, the Court notes that some of the 'boilerplate' background information included in the warrant is a bit dated, such as its explanation that '[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;' ... and its suggestion that the use of 'cloud technology' is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer," the opinion states.

The judge also noted that the application made no mention of wireless internet, nor the fact that in the context of this warrant Wi-Fi could have a decisive influence on grounds for suspicion.

"For example, an unsophisticated internet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously," the opinion reads, adding that this leaves open the possibility "that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises".

"The warrant application also lacks any detailed information about the resident(s) of the subject premises other than the name of the individual who is likely residing there. There is no assertion that the resident has a known link to criminal acts involving child exploitation," the ruling reads, adding that it's not even certain there are Touch ID-enabled Apple devices on the premises, or what kind they might be.

Consequently, the judge said there is insufficient probable cause to force anyone to open their device using Touch ID in the event of a raid.

Parallels with other cases?

Advertisement - Article continues below

As noted by Sophos, at first glance the case seems to have parallels with two other recent cases involving iPhones, that of the San Bernardino iPhone and particularly a May 2016 case unearthed by Forbes, which did grant the FBI access to devices using "forced fingerprinting", as the US government calls the practice, in California.

There are notable differences, though. In the case of the San Bernardino iPhone, the owner was dead and the phone had apparently become locked as a result of a mistake during the handling of the device by the FBI.

In the case of the California warrant, the FBI did specify who it thought might be involved in the crime, whereas failing to do so seems to be the fatal error in this latest case.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020