According to a new report, for the first time in the U.S. and possibly elsewhere, law enforcement recently accessed a suspect’s phone by using their face to unlock Face ID.
The incident took place on August 10, when the FBI searched the house of 28-year-old Ohio resident Grant Michalski, later charged with receiving and possessing child pornography. Michalski was told to put his face in front of the phone, thereby unlocking it. This allowed agents to look through his online chats, photos, and other material deemed worthy of investigation.
The iPhone X turned out to contain allegedly incriminating information, such as conversations using chat app Kik Messenger, discussing the abuse of minors. However, it wasn’t an entirely successful endeavor. The report notes that:
“Whilst [David Knight, special agent with the FBI] may’ve found some evidence of criminal activity when he manually searched the device, in one respect the forced Face ID unlock of the iPhone X was a failure. It wasn’t possible to siphon off all the data within using forensic technologies. That was because the passcode was unknown.
In modern iPhones, to hook the cellphone up to a computer and transfer files or data between the two, the passcode is required if the device has been locked for an hour or more. And forensic technologies, which can draw out far more information at speed than can be done manually, need the iPhone to connect to a computer.
It appears Knight didn’t keep the device open long enough and so couldn’t start pulling out data with forensic kits. He admitted he wasn’t able to get all the information he wanted, including app use and deleted files. What Knight did get he documented by taking pictures.”
While there have been plenty of instances of law enforcement butting up against the problem of passcodes on iPhones (heck, it was the subject of a whole contentious standoff between Apple and the FBI), this case is interesting because of what it suggests about the legality of using biometrics.
As Forbes‘ report notes, it appears that the FBI did everything by the book. It seems that Face ID, like Touch ID, is not necessarily protected by the same fifth amendment rule stating that a person can self-incriminate. Biometric passwords are not considered to be covered by the same law, although this could be open to argumentation going forward.
As Jerome Greco, staff attorney at the Legal Aid Society, says in the Forbes article: “Traditionally, using a person’s face as evidence or to obtain evidence would be considered lawful. But never before have we had so many people’s own faces be the key to unlock so much of their private information.”