Could the iPhone X Erode the 4th Amendment?

September 15, 2017 Criminal Defense 4th Amendment, iPhone Law, iPhone X

Could the iPhone X Erode the 4th Amendment?

The FBI and Apple famously squared off when the FBI argued that the All Writs Act of 1789 entitled them to solicit Apple’s assistance in unlocking a potential terrorist’s iPhone.[1] The FBI knew they would be able to use a computer to guess the pin in about 26 minutes, but needed Apple to turn off the phone’s setting that only allowed 10 failed attempts before the phone was erased;[2] Apple’s response was to file suit.[3] That suit has since become a non-point when the FBI figured out how to hack the phone without Apple’s involvement;[4] the only issue that remains is whether or not the tool can and should be shared with state and local law enforcement.[5] Police and Apple friction over locked iPhones may resurface though, now that the new iPhone X as has been announced and fingerprint logins are being replaced with a new type of unlock feature, facial recognition.[6] Apple advertises the ease of using this new feature, asking “[w]hat could be more natural than a touch? A look.”[7]Facial recognition has been a part of mainstream phones since the December 2011 release of Android 4.0 (Ice Cream Sandwich).[8] Defeated by a picture of the owner’s face, Google and Samsung have never advertised this recognition as particularly secure.[9] Instead Samsung developed Iris scanning software.

Every eye has a unique pattern in the iris.Your left eye even has a different pattern than your right. Iris patterns are actually more distinct than a fingerprint. Because every eye is unique, Samsung is able to use your eyes to identify you and act as your credentials. These credentials can be used for anything a fingerprint or even a passcode could. You hold the phone so the special camera can see your eyes and your phone will unlock.[10]

This feature is secure enough to properly prevent other from unlocking your phone, and the simple action of closing your eyes is enough to prevent an unwanted intruder from using your eyes against your will. Far more complex than the original face recognition, but without needing the imprint of the owner’s eyes, Microsoft released face recognition software of their own, as secure as the iris scanner Samsung employs.[11] Hackers have been able to fool this software using Facebook, but the dual-camera nature of it requires a full 3D render of a face;[12] it’s reliable enough that twins can’t even fool it.[13] Microsoft’s software, found primarily on the Surface line has one unique factor that prevents heat-of-the moment unwanted searches from taking place, these are essentially full computers, and a spontaneous unlocking by law enforcement is unlikely. An iPhone does not share this characteristic. The Washington Post, days after the iPhone X and Face ID announcement has already raised the question:

Imagine you’ve been detained at customs, waiting to cross the border. Or maybe you’ve been pulled over for a traffic violation. An officer waves your cellphone at you.

“Look at this. Is this yours?” he asks.

Before you can respond, a tiny infrared sensor in the phone has scanned your face. Matching those readings against the copy of your face that is stored in its archive, the phone concludes that its owner is trying to unlock it. The device lowers its defenses, surrendering its contents in moments to the law enforcement officer holding your phone.[14]

Fung distills this “nightmare scenario,” if an iPhone owner ever finds themselves confronted by this officer, “without you saying a word, he has gotten everything he wanted.”[15] From a practical perspective this kind of action would be easy for an officer, the question is whether or not evidence gained in this manner would ever be admissible in court.

The Supreme Court has ruled that cell phone data fails to satisfy the Chimel rule for searches incident to arrest.[16] Warrants are required in order to search a cell phone, as the Riley court answered a long-standing circuit split on this issue.[17] There are two primary areas to are yet unanswered: how does this new technology affect plain-view doctrine, and how does it affect searches with a warrant?

Imagine a police officer, holding a person’s phone unlocks it using their face and without any type of search, sees criminal activity on the screen. Was the unlocking a search? What if the unlock happened on accident? Scholars have analyzed this issue, prior to Apple’s announcement, post Riley, “[w]hat if an officer observes, in plain view, a text message on the cell phone screen mentioning criminal activity?”[18] Riley did not outline how the Court’s ruling would affect plain view doctrine of digital containers.[19] Courts have ruled that evidence is admissible if police officers come across evidence in a place they are lawfully allowed to be (a valid search) and the incriminating character is immediately apparent.[20] If a police officer accidentally (or even “accidentally) unlocks a person’s phone and sees something that is immediately known to be incriminating, is this plain view? Some courts have addressed similar issues, and if those decisions are any indication, this evidence will likely be admissible.[21]

Perhaps even more disturbing is the idea of an officer holding a phone during a warranted search. Does that officer have the legal authority to demand your face to unlock a phone? Does that right, if even possible, need to be outlined in the search warrant? Right before the famous brawl between the FBI and Apple, nearby local police working for the LAPD were able to receive the first known search warrant where an individual was compelled to unlock their smartphone with their fingerprint.[22] Federal officials have made similar attempts, later that year the Department of Justice sought a warrant that would require all individuals present at the searched property to unlock their phones with their fingers, hoping incriminating evidence will be secured, a requirement that legal scholars believe is an entirely overbroad requirement for a search warrant.[23] The May 9th, 2016 court filing is the only available document for the case, including any warrants that were eventually issued, but the memorandum requested “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.”[24] The Department of Justice likened this search to Schmerber (suspects blood drawn without consent) as well as others, including Virginia v. Baust, which compelled a defendant to unlock a device with a fingerprint, but requiring admission of a password was a Fifth Amendment violation.[25] The results or carrying out of that warrant are unknown at this time, but all of the unanswered legal questions surrounding it apply to the Apples new Face ID, and with that inference the mysteries to be left up only to courts.

As of now, the introduction of ubiquitous facial recognition is simultaneously a science fiction fantasy and the potential for another chink in the armor of the Fourth amendment. Criminal defense attorneys and appellate attorneys will be arguing the validity of these searches in due time. In the near term, if you find yourself the proud owner of this waterproof, wirelessly charging supercomputer in the palm of your hand – it might be best to lock it with a code instead of your face, whether you have anything to hide, or simply desire to protect your rights as a citizen.


References

[1] Lev Grossman, Inside Apple CEO Tim Cook’s Fight With the FBI, Time (Mar 17, 2016), http://time.com/4262480/tim-cook-apple-fbi-2/.

[2] Ellen Nakashima, FBI Paid Professional Hackers One-Time Fee To Crack San Bernadino iPhone, The Wash. Post (Apr. 12, 2016), https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html.

[3] USA v. In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203 – Google, No. 5:16-cm-00010 (Cal. C. D. Ct. Feb 19, 2016), https://www.docketalarm.com/cases/California_Central_District_Court/5–16-cm-00010/USA_v._In_the_Matter_of_the_Search_of_an_Apple_iPhone_Seized_During_the_Execution….Google/.

[4] Nakashima, supra note 2.

[5] Ellen Nakashima & Adam Goldman, FBI Weighs if it Can Share Hacking Tool With Local Law Enforcement, The Wash. Post (Apr. 1, 2016), https://www.washingtonpost.com/world/national-security/fbi-weighs-if-it-can-share-hacking-tool-with-local-law-enforcement/2016/04/01/f4ff94ce-f831-11e5-a3ce-f06b5ba21f33_story.html?tid=a_inl.

[6] The iPhone X – Face ID,  https://www.apple.com/iphone-x/#face-id (last visited Sept. 14, 2017).

[7] Id.

[8] Jerry Hildenbrand, Examining the Differences Between iPhone X Face ID and Samsung Iris Scanning, AndroidCentral (Sept. 13, 2017), https://www.androidcentral.com/differences-between-samsung-and-apple-face-unlocking; AndroidCentral, Ice Cream Sandwich (last visited Sept. 14, 2017), https://www.androidcentral.com/ics (explaining the release schedule of Android 4.0).

[9] Hildenbrand, supra note 9.

[10] Id.

[11] Peter Bright, Windows Hello Facial Logins on the New Surfaces are Rather Impressive, Ars Technica (Nov. 1, 2015), https://arstechnica.com/gadgets/2015/11/windows-hello-facial-logins-on-the-new-surfaces-is-rather-impressive/.

[12] Lily Hay Newman, Hackers Trick Facial Recognition Logins With Photos From Facebook (What Else?), Wired (Aug. 19, 2016), https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos-facebook-thanks-zuck/.

[13] Adam Epstein,

[14] Brian Fung, What Happens if a Cop Forces You to Unlock Your iPhone X With Your Face?, The Wash. Post (Sept. 12, 2017), https://www.washingtonpost.com/business/technology/how-apple-is-hastening-the-age-of-fraught-facial-recognition-technology/2017/09/12/18303544-97ea-11e7-82e4-f1076f6d6152_story.html?utm_term=.0c1c25a875f1&tid=a_inl.

[15] Id.

[16] Riley v. California, 134 S.Ct. 2473 (2014); See Chimel v. California, 395 U.S. 752, 768 (1969) (evidence is able to be searched for if the arrestee may use it as a weapon, to ensure officer safety; or evidence that could easily be concealed or destroyed).

[17] Adam M. Gershowitz, The iPhone Meets the Fourth Amendment, 56 UCLA L. Rev. 27 (2008).

[18] Erica L. Danielsen, Cell Phone Searches After Riley: Establishing Probable Cause and Applying Search Warrant Exceptions, 36 Pace L. Rev. 970, 978 (2016); See Horton v. California, 496 U.S. 128 (1990) (outlining “plain view” doctrine).

[19] Michael Mestitz, Unpacking Digital Containers: Extending Riley’s Reasoning to Digital Files and Subfolders, 69 Stan. L. Rev. 321, 351 (2017).

[20] U.S. v. Dichiarinte, 445 F.2d 126, 129-30 (7th Cir. 1971).

[21] Danielsen, supra note 18, at 990 (citing Sinclair v. State, 444 Md. 16 (2015) (opening up a flip phone to turn if off; in order to prevent remote wiping and observe hidden weapons; was not a search, and the incriminating screen saver was admissible)).  

[22] Thomas Fox-Brewster, LAPD Warrant Lets Cops Open Apple iPhone With Owner’s Fingerprints, Forbes (Mar. 31, 2016), https://www.forbes.com/sites/thomasbrewster/2016/03/31/warrant-apple-iphone-fingerprints-hack-los-angeles/#398118093074.

[23] Thomas Fox-Brewster, Feds Walk Into a Building, Demand Everyone’s Fingerprints To Open Phones, Forbes (Oct. 16, 2016), https://www.forbes.com/sites/thomasbrewster/2016/10/16/doj-demands-mass-fingerprint-seizure-to-open-iphones/#3f24aec81288.

[24] Id.

[25] Id.See Schmerber v. California, 384 U.S. 757 (1966); U.S. v. Dionisio, 410 U.S. 1 (1973); Holt v. U.S., 218 U.S. 245 (1910); Virginia v. Baust, No. CR14-1439 (Va. Cir. Oct. 28, 2014).