Law enforcement require suspect to unlock phone using Face ID in first known case
02 October 2018 11:12 GMT Posted by • Nicholas Clark Bryan

Forbes has discovered that a Columbus, Ohio resident Grant Michalski has become the first person anywhere in the world to be forced by a law enforcement agency to use phones facial recognition to unlock their phone.

On August 10 the FBI executed a search warrant of Michalski’s residence related to a child abuse investigation. Using a search warrant a federal investigator ordered Michalski to put his face in front of the phone, an iPhone X, which he did unlocking it. This allowed the agent to browse the suspect’s messages, photos and online chats among other areas deemed important to the investigation. He was later charged with child pornography offenses.

It appears everything was conducted perfectly legally by the FBI in executing the warrant. US law does not give the same protections to a person’s biometric data as it does to PIN codes or passwords.

Face ID and Touch ID are currently considered the same legally and fingerprints have already been used to unlock suspect’s phones, even deceased ones. However, passcodes exist in the persons mind are considered protected by the 5th Amendment. As a result, an individual cannot be forced to tell law enforcement their passwords as forfeiture of such knowledge would be considered self-incrimination. Biometric data is not covered under the same laws as it is not deemed a piece of knowledge. There is debate as to whether it should be updated with the increase in biometrically protected smartphones and this case is likely to add fire to that debate.

The new iPhone does have some security features to add layers of security to the biometric data. If the phone has not been unlocked for more than 48hrs or it is connected to a computer, it will require a passcode. Furthermore, there is an emergency SOS mode that, when activated, disables the biometric security requiring a passcode to reactivate it.

On the other hand, passwords do not seem to be safe from law enforcement anymore either. An American start-up named Grayshift is offering a tool for $15,000-$30,000 that can unlock any iOS system called GrayKey. There are also reports on an Israeli company Cellebrite has been used by feds for the same purpose. Grayshift have managed to secure a $484,000 deal with the Secret Service following on form a $384,000 contract with Immigration Customs Enforcement (ICE). The Secret Service has also spent $780,000 on Cellbrite’s technology.

In this particular case it seems that the device was not unlocked indefinitely but rather the agent searched the phone and took documenting photos and allowed the phone to relock itself after it timed out. The Bureau are now requesting further data extraction form the phone which will likely use equipment from Grayshift.

Michalski has been charged and awaiting trial (No date has been set) after conversations over the Kik Messenger App discussing the abuse of minors were discovered, according to an affidavit for a search warrant of that iPhone X. Kik, the $1 billion app billed as the West’s alternative to WeChat, as struggled with a number of child exploitation cases over recent years.

While important evidence was found on the manual search of the iPhone it was not possible to retrieve all the data as the passcode was unknown. Moreover, the Face ID tool requires liveness detection which has prevented New York narcotics cops using it unlock the devices of overdosed heroin victims. In these situations tools like GrayKey offer a key alternative to law enforcement.

Industry Events