A federal magistrate judge in Chicago recently denied the government’s attempt to force people in a particular building to depress their fingerprints in an attempt to open any seized Apple devices as part of a child pornography investigation.

This prosecution, nearly all of which remains sealed, is one of a small but growing number of criminal cases that pit modern smartphone encryption against both the Fourth Amendment protection against unreasonable search and seizure, and also the Fifth Amendment right to avoid self-incrimination. According to the judge’s opinion, quoting from a still-sealed government filing, “forced fingerprinting” is part of a broader government strategy, likely to combat the prevalence of encrypted devices.

Last year, federal investigators sought a similar permission to force residents of two houses in Southern California to fingerprint-unlock a seized phone in a case that also remains sealed. In those cases, and likely in the Illinois case as well, the prosecutors’ legal analysis states that there is no Fifth Amendment implication at play. Under the Constitution, defendants cannot be compelled to provide self-incriminating testimony (“what you know”). However, traditionally, giving a fingerprint (“what you are”) for the purposes of identification or matching to an unknown fingerprint found at a crime scene has been allowed. It wasn’t until relatively recently, however, that fingerprints could be used to unlock a smartphone.

In a 14-page opinion and order, which was published on February 16 but only began to circulate amongst privacy lawyers and legal scholars on Twitter on Wednesday, Judge M. David Weisman wrote that while investigators did have probable cause to search a particular home, “these limitations do impact the ability of the government to seek the extraordinary authority related to compelling individuals to provide their fingerprints to unlock an Apple electronic device.”

However, unlike the California warrant applications, this case doesn’t involve one particular seized device to check to see if anyone’s fingerprint unlocks it. Rather, authorities seem to be using the particular fact that most modern Apple iPhones and iPads can be unlocked and decrypted if Touch ID is enabled. While some Android devices also have a similar fingerprint scanning function, the warrant application (which remains sealed) apparently only sought out Apple devices. (Under both operating systems, the fingerprint unlock stops working after your phone has been unlocked for 48 hours.)

As the judge, who is both a former federal prosecutor and a former FBI special agent, wrote:

The request is made without any specific facts as to who is involved in the criminal conduct linked to the subject premises, or specific facts as to what particular Apple-branded encrypted device is being employed (if any).

First, the Court finds that the warrant does not establish sufficient probable cause to compel any person who happens to be at the subject premises at the time of the search to give his fingerprint to unlock an unspecified Apple electronic device.

This Court agrees that the context in which fingerprints are taken, and not the fingerprints themselves, can raise concerns under the Fourth Amendment. In the instant case, the government is seeking the authority to seize any individual at the subject premises and force the application of their fingerprints as directed by government agents. Based on the facts presented in the application, the Court does not believe such Fourth Amendment intrusions are justified based on the facts articulated.

Neither the Department of Justice nor the FBI immediately responded to Ars’ request for comment. Prosecutors could seek to appeal the opinion to a more senior judge.

Gov’t may be shooting itself in the foot with novel legal theory

Leave a comment

Your email address will not be published. Required fields are marked *