EnlargeJustin Sullivan / Getty Images News
reader comments 28
Share this story
Federal prosecutors in Los Angeles have been successful in getting judicial approval for two highly unusual searches.
The warrants allowed the authorities to force suspects, who were inside their California homes, to press their fingerprints on a seized smartphone to see if it would unlock, Ars has learned.
On Sunday, Forbes published the first-known redacted court filing associated with the search of a home in Lancaster, California, about 70 miles north of downtown Los Angeles.
The 12-page memo filed in federal court outlines the government’s argument as to why it believes it can conduct such a search under the Fourth and Fifth Amendments, which protect against unreasonable search and seizure, and against compelled self-incrimination, respectively.
The Lancaster document is dated May 9, and Forbes managed to contact an unnamed resident at the home, who confirmed that the search had taken place.
That person said that “neither they nor any relatives living at the address had ever been accused of being part of any crime, but declined to offer more information,” according to Forbes.
A spokesman for Los Angeles federal prosecutors, Thom Mrozek, told Ars that there was also the same type of search conducted May 10 at a different house in West Covina, California, nearly 90 miles southeast of Lancaster. Mrozek would provide no other details, such as whether criminal charges in either case had been filed. He also would not say how many people were forced to press their fingerprints on the smartphone—the model of which was not divulged.
Ars was unable to make immediate contact with the residents of the West Covina residence.
In both of these two incidents, the targets did not get a chance to argue in court against this type of novel search.
The cases seemingly represent an unprecedented expansion of the government’s attempts to thwart encrypted smartphones—and raise important privacy issues that were not considered in another high-profile case in which a California federal judge had required Apple to build software to help the authorities unlock an iPhone.
The government eventually unlocked that phone without Apple’s assistance, and the case was dropped.
“Not only does it make it difficult to have a public debate about these issues, the courts could make a whole bunch of case law based solely from arguments from the government, and that’s not how it’s supposed to work,” Marcia Hoffman, a San Francisco-based attorney who has written extensively about this area of law, told Ars in a recent interview.
“When the case law gets developed like this, when the cases are sealed, and the government is the only one doing the briefing, that can’t happen.
That’s what I find most frustrating about this, frankly,” Hoffman continued.
Prosecutors involved in both cases did not respond to Ars’ request for comment. Peter Carr, a spokesman for the Department of Justice, explained the government’s position.
“The Supreme Court has also long held that a suspect can be required to give his fingerprints,” he e-mailed Ars. “For devices that use the owner’s touch to unlock, the department may seek to obtain fingerprints to unlock a cell phone seized within the scope of a court-authorized search warrant if the court finds there is probable cause to obtain the fingerprints.” Carr said he did not have “readily available a list of cases when this has been used in other search warrants.”
A clerk at the Central District of California Western Division courthouse in downtown Los Angeles told Ars that the documents associated with the Lancaster and West Covina searches are “not available for public view” and should have been sealed. Online access to the Lancaster document was revoked on Wednesday morning after Ars called the courthouse to inquire about the West Covina search.
A different clerk e-mailed Ars, saying that the record in the searches was not publicly available in paper form at the courthouse, either.
Echoes of Riverside
These searches bring up images of the Apple court battle earlier this year in Riverside County.
In that case, however, a judge signed off on the government’s request that would have forced Apple to create a new customized firmware as a way to access the data found on a seized iPhone 5C, which was used by Syed Rizwan Farook, the now-dead terrorist involved in the December 2015 San Bernardino shooting. (Ultimately that legal battle became moot when the government withdrew from the case after an unnamed third-party managed to get into the phone.)
The legal dispute that emerged from Farook’s iPhone was the focus of much national attention for several weeks, with both the government and Apple trading briefs, and barbs, in open court.
“What you know” vs. “What you are”
Without further court filings, or explanation from the government, it’s hard to know exactly how many people’s fingerprints were pressed on the phone.
The tone of the government’s Lancaster memo suggests that the judge asked for additional briefing pending approval of a search warrant.
It begins by plainly stating what investigators want to do:
The government submits this supplemental authority in support of its application for a search warrant which seeks authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be a user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.
The government seeks this authority because those fingerprints, when authorized by the user of the device, can unlock the device.
The memo then goes on to explain that modern smartphone manufacturers, including Apple, Samsung, and others commonly use fingerprint scanners that can be used to unlock their smartphones. Under both iOS and Android, there are limits as to how many fingerprints can be attempted before the phone requires a passcode to unlock.
Similarly, both operating systems cannot be unlocked solely with a fingerprint beyond 48 hours, a point that prosecutors highlight in their brief. (It’s worth noting that both searches seem to have been executed within that 48 hour window.)
The prosecutors’ legal analysis states that there is no Fifth Amendment implication at play. Under the Constitution, defendants cannot be compelled to provide self-incriminating testimony (“what you know”). However, traditionally, giving a fingerprint (“what you are”) for the purposes of identification or matching to an unknown fingerprint found at a crime scene has been allowed.
It wasn’t until relatively recently, however, that fingerprints could be used to unlock a smartphone.
Nearly all of the cases that the government cites pre-date the implementation of fingerprint readers, except for a 2014 state case from Virginia.
As Ars reported at the time, a Virginia Circuit Court judge ruled that a person does not need to provide a passcode to unlock their phone for the police.
The court also ruled that demanding a suspect to provide a fingerprint to unlock a phone would be constitutional.
However, the Virginia state case, while interesting, has little legal relevance to an ongoing federal case happening across the country.
The Lancaster memo continues:
The fact that a successful unlocking of the device could also demonstrate a connection between the person and the device thus does not make the requested fingerprints testimonial, any more than does a warrant’s authorization to seize a person’s keys.
If anything, the connection raises a Fourth Amendment concern, which is discussed and dispatched below.
Finally, as law enforcement will only be seeking to depress the fingerprints of those persons present at the search location for whom law enforcement has cause to believe may be a user of a device, neither the Fifth Amendment nor Fourth Amendment is violated.
Federal authorities contend that in fact, the search is entirely within bounds of the Fourth Amendment, and is not a dragnet, “since law enforcement will not obtain the fingerprints from any person for whom they do not have cause to believe may be a user of a device.”
Respect my authority
Legal scholars have been wrestling with this issue since it surfaced over the weekend.
On Wednesday, Orin Kerr, a well-known law professor at George Washington University and a former federal prosecutor, penned a lengthy explanation to the question: “Can warrants for digital evidence also require fingerprints to unlock phones?”
First, he cites a 1973 Supreme Court case known as Ybarra v.
In short, that case forbids the government from searching every person present at a location that was authorized by a search warrant unless the warrant specifically cites that person.
So, it would hold, Kerr argues:
[T]he government can’t just go in and grab the phones from the pockets of everyone in the home; it needs probable cause as to each person to search him.
And that’s true regardless of whether the phones are locked or unlocked.
It’s a limitation on the search of people that gets to the seizure of the phone, not a search of the phone after it has been seized.
But, Kerr continues, assuming that the government can get around this issue, there’s still a Fifth Amendment question, which may turn on whether officers can compel someone to place a specific finger on the phone. Here, he says, the Fifth Amendment wouldn’t apply.
“On the other hand, if the officers find a phone and tell a suspected owner to unlock the phone with his finger, responding to the order may imply testimony,” Kerr notes. “By responding to the order by picking the finger that was selected to unlock the phone, the person is admitting that it is his phone.”
By and large, there’s still a lot of lingering questions.
As Kerr concludes:
The government rightly points out that existing caselaw allows the government to seize keys and other tools needed to facilitate searches.
But it’s not obvious what the standard is when the key is a person’s body.
The problem is that Ybarra suggests that a different question is presented when the government searches a place for evidence vs. when it searches a person who is in the place. Maybe the standard should still be reasonable suspicion, but maybe it’s something else.
And if the standard is reasonable suspicion, reasonable suspicion of what? I understand the fingerprint cases to say that reasonable suspicion there is that the person has committed a crime.
In contrast, the warrant here talks about reasonable beliefs that the person is a user of the device found at the place.
That’s a very different question.