By: Jordan Carrier
Nearly two-thirds of Americans own and use smartphones,[1] up from only two percent in 2005.[2] Cell phones, and particularly smart phones, have “an immense storage capability,”[3] which can have serious implications for what information is available to be police when the owner of the smartphone is suspected of criminal activity. In 2014, the Supreme Court held that cell phones are protected under Fourth Amendment restrictions and may only be searched after police have obtained a warrant for the contents of the cell phone, absent existent circumstances.[4]
Today, police may gain access to cell phones after obtaining a warrant, but how they are permitted to do so remains up for debate.[5] Smartphones offer a variety of ways consumers can secure their devices, including passcodes, fingerprint scanning, and facial recognition software.[6]
The Supreme Court has not addressed Constitutionality of compelling individuals to unlock their cell phones, nor have any federal appellate courts, so the decisions have so far been left to lower courts.[7] So far, lower courts have turned to the Fifth Amendment, which prohibits compelling individuals to provide testimony that would be incriminating against himself.[8] A Virginia Circuit Court held that “[a]n act is testimonial when the accused is forced to reveal his thoughts and beliefs with the government.”[9] Under that definition, a defendant cannot be required to divulge his passcode because it relies on his personal knowledge.[10] However, a fingerprint is not testimonial and is more like types of evidence that the Fifth Amendment privilege against self-incrimination does not protect, such as voice, handwriting, and blood samples.[11] The same court held that fingerprints are not protected under the Fifth Amendment, so a state may be granted a motion to compel a defendant’s fingerprint,[12] giving them access to the defendant’s cell phone and its contents.
Facial recognition has been used as a way to unlock smartphones since March of 2017, and has since become a popular way for consumers to secure their smartphones with the introduction of the iPhone X. So far, unlocking a cell phone with facial recognition has been treated similarly to the use of a fingerprint. For example, on August 10, 2018 FBI agents entered the home of a man suspected of receiving and possessing child porn and told him to put his face in front of his iPhone X, based on a search warrant.[13] With his phone unlocked, investigators were given access to online chats, pictures, and other evidence that could be used against the suspect.[14]
Based on the ability of the government to obtain access to cell phones through biometrics like fingerprints, faces, and conceivably irises,[15] consumers who are worried their security may be compromised have been advised to use a traditional passcode. However, law enforcement is now able to access cell phones despite not knowing the passcode to unlock them.[16] In 2016, Apple refused to provide the FBI with access to an Apple cellphone and was in the midst of litigating the issue when the FBI paid more than one million dollars for software that could unlock the phone.[17]
While the purchase of million dollar software by the federal government may have been concerning to some, it seemed unlikely that many local governments would be able to afford to use this technology.[18] Enter Grayshift, a startup company, that began selling “iPhone-unlocking boxes” for $15,000 apiece in early 2018.[19] The Indiana State Police, one government agency that has purchased GrayKey, reported that in the first 60 days of owning the device, investigators were able to unlock 96 iPhones.[20]
While Apple, the only company currently affected by the devices, has publicly stated that they support law enforcement and will assist in criminal and other investigations,[21] the company has actively worked to foil GrayKrey and other similar devices, implementing new security measures with almost every software update.[22] In the iOS 12 update, Apple reportedly blocked police from cracking phone passcodes.[23]
With the Fifth Amendment protections against compelling defendants to reveal their phone passcodes and the efforts of Apple to protect consumer privacy, consumers can feel confident that the data stored on their cell phones is secure and will not be used against them in court. At least until GrayKey counters Apples latest update.
[1] Aaron Smith, U.S. Smartphone Use in 2015, Pew Research Center (Apr. 1, 2015), http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/.
[2]Alexander Howard, Americans Think Smartphones Hurt Socializing, but Use Them Anyway, Huffpost (August 26, 2015), https://www.huffingtonpost.com/entry/americans-think-smartphones-hurt-socializing-but-use-them-anyway_us_55de233ee4b08cd3359e7031.
[3] Riley v. California, 134 S. Ct. 2473, 2478 (2014).
[4] Id. at 2487.
[5] Kaveh Waddell, Police Can Force You to Use Your Fingerprint to Unlock Your Phone, The Atlantic (May 3, 2016), http://www.leadingedgelaw.com/can-the-police-force-you-to-unlock-your-phone/.
[6]Adi Robertson, PSA: Samsung’s New Face Scanner Won’t Give You the Legal Protection of a Passcode, The Verge (Apr. 5, 2017 3:27 PM EDT), https://www.theverge.com/2017/4/21/15360584/samsung-galaxy-s8-unlock-face-iris-fingerprint-scanner-most-secure.
[7] Kaveh Waddell, Police Can Force You to Use Your Fingerprint to Unlock Your Phone, The Atlantic (May 3, 2016), http://www.leadingedgelaw.com/can-the-police-force-you-to-unlock-your-phone/.
[8] U.S. Const. amend. V.
[9] Commonwealth v. Baust, 89 Va. Cir. 267, 269 (2014).
[10] Id. at 271.
[11] Id. at 269.
[12] Id. at 271.
[13]Thomas Brewster, Feds Force Suspect to Unlock an iPhone with their Face, Forbes (Sept. 30, 2018, 10:01AM), https://www.forbes.com/sites/thomasbrewster/2018/09/30/feds-force-suspect-to-unlock-apple-iphone-x-with-their-face/#563ae3821259.
[14] Id.
[15] Adam Clark Estes, Let’s Take This Case all the way to the Supreme Court, Gizmodo (June 1, 2017, 11:51AM), https://gizmodo.com/can-we-please-make-a-decision-on-police-unlocking-iphon-1795721375.
[16]Jason Tashea, Cat-and-Mouse Game: Customers Demand Cybersecurity, Law Enforcement Wants Easier Access to Evidence, ABA Journal (Oct. 2018), http://www.abajournal.com/magazine/article/cybersecurity_law_enforcement_access.
[17] Roert McMillan, Meet Apple’s Security Headache: The GrayKey, a Startup’s iPhone-Hacking Box, Wall St. J. (June 14, 2018, 1:21PM ET), https://www.wsj.com/articles/the-hacking-box-that-led-to-a-golden-age-of-iphone-investigations-1528996893.
[18] Id.
[19] Id.
[20] Jason Tashea, Cat-and-Mouse Game: Customers Demand Cybersecurity, Law Enforcement Wants Easier Access to Evidence, ABA Journal (Oct. 2018), http://www.abajournal.com/magazine/article/cybersecurity_law_enforcement_access.
[21]Romain Dillet, Justice Department Drops Lawsuit Against Apple as FBI has now Unlocked Farook’s iPhone, Tech Crunch (2015), https://techcrunch.com/2016/03/28/justice-department-drops-lawsuit-against-apple-over-iphone-unlocking-case/.
[22]Thomas Brewster, Apple vs. GrayKey: Leaked Emails Expose the Fight for Your iPhone Privacy, Forbes (July 16, 2018, 10:55AM), https://www.forbes.com/sites/thomasbrewster/2018/07/26/apple-ios-security-boost-not-stopping-cops-hacking-iphones/#31c457637129.
[23]Chaim Gartenberg, Apple Seems to Have Completely Blocked Police Password Cracking Tool in iOS 12, The Verge (Oct. 24, 2018, 3:53PM EDT), https://www.theverge.com/2018/10/24/18019660/apple-blocked-police-password-cracking-tool-ios-12-graykey-law-enforcement.
Image Source: https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/
