In the case of Paytsar Bkhchadzhyan, a California woman arrested in February on charges related to identity theft, the L.A. court obtained a search warrant which instructed Bkhchadzhyan to unlock her iPhone through Touch ID, Apple’s fingerprint sensor. The U.S. Supreme Court has ruled in the past that people in custody may be forced to hand over physical evidence, including fingerprints, without a court order, so the asking isn’t the part that has privacy and legal experts up in arms.
The Fifth Amendment protects persons from self-incrimination. Had Bkhchadzhyan been asked to provide her passcode, a piece of knowledge that only she (theoretically) knows, that information would have been protected. Unlike in the movies, technology has yet to be invented that leeches information from people’s minds (and even if it were, it would be illegal under the Fifth Amendment, until the U.S. Congress passed a law stating it could use the technology in criminal investigations).
What’s causing the buzz, though, is that unlocking a device—“i” or otherwise—provides law enforcement access into everything else on that device. Emails, photos, social media, texts, stored documents—it’s all up for grabs once the device is unlocked and handed over to authorities. Whether related or not, any piece of “evidence” on the device could lead to further investigation and, potentially, accusation.
Our phones are, for better or worse, treasure troves of information. In some cases, phone data has been useful in disproving a suspect’s involvement in a crime (think: geo information showing a suspect in a different location than the crime at the time of the crime). On the flip side, most people will never be arrested and therefore self-incriminating information from their phones will never come into question.
But what if it could be questioned? What if, say, you run a stop sign (a violation of the law, sure, and potentially very dangerous) and the officer who stops you asks you to unlock your phone which requires only a fingerprint scan and not a password? Now the officer has access to anything on the device. He finds photos that appear to be taken while driving. He also sees some texts that were clearly composed while you were driving (and your GPS is on, indicating your speed at the time). Now you have an escalating problem; a $50 infraction may now involve court dates, hefty fines, suspension of your license, or even jail time (depending on the state and the severity of information found).
Clearly, this is a devil’s advocate post, but it’s not an outrageous scenario if you stop and consider all that’s ensuing between device manufacturers, law enforcement, and consumers. In the case mentioned above, the woman is a convicted felon who has (alleged) ties to an Armenian gang. Most of us don’t, though, and while the data on our phones won’t reveal anything quite so incredible as a felony, we should stop and think about what this court order could mean for us, personally, or to those we care about. Four digit passcodes (which are the max on many devices) are easily crackable, and fingerprints don’t protect us from providing TMI. Maybe it’s time to compel device manufacturers for better solutions instead of being satisfied with the status quo.
More Infosec Articles