Credit: The Hacker News
Can feds force you to unlock your iPhone or Android phone?
A Northern California judge has ruled that federal authorities can’t force you to unlock your smartphone using your fingerprints or other biometric features such as facial recognition—even with a warrant.
The ruling came in the case of two unspecified suspects allegedly using Facebook Messenger to threaten a man with the release of an “embarrassing video” to the public if he did not hand over money.
The federal authorities requested a search warrant for an Oakland residence, seeking to seize multiple devices connected to the suspects and then compel anybody on the premises at the time of their visit to unlock the devices using fingerprint, facial or iris recognition.
However, Magistrate Judge Kandis Westmore of the U.S. District Court for the Northern District of California turned down the request, ruling the request was “overbroad and neither limited to a particular person nor device.”
“The Government cannot be permitted to search and seize a mobile phone or other devices that are on a non-suspect’s person simply because they are present during an otherwise lawful search,” the judge wrote in her ruling.
Even though the feds are not allowed to force a suspect to unlock their devices using their PIN or alphanumeric passcode, U.S. judges have previously ruled that protection did not apply to biometric features.
However, Westmore said forcing suspects to unlock their devices using biometric authentication “runs afoul of the Fourth and Fifth Amendments” of the US constitution, which protect people against unreasonable searches and self-incrimination, respectively.
The court equated biometric authentications like Touch ID and Face ID to a PIN or passcode rather than something like submitting to a DNA swab because those body features serve the same purpose as a passcode that secures the owner’s content.
The court ruling also made an interesting point over the Government’s urgency in forcing suspects to unlock their devices using the biometric features in order to bypass the need to enter a passcode.
It’s because once a device is locked using a passcode, the government can’t compel a suspect to enter the passcode under the current jurisprudence.
“If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device,” the judge wrote.
It totally makes sense, because if passcode and PIN are protected, then biometric authentication methods should not be considered any different.
Instead of forcing people to unlock their devices found during the raid, Westmore wrote the government can use other ways to legally access contents of a seized smartphone in the Facebook extortion case, like asking Facebook to provide Messenger conversations.
The California court’s recent ruling came as a potential landmark decision to protect people’s private lives from government searches and could potentially make an impact on future cases like this, provinding users the same protection for biometric locks as offered for passcodes.