Idaho judge denies warrant to compel suspect to unlock smartphone with biometrics

The introduction of biometric security on mobile devices has helped make it easier to keep documents and media safe from prying eyes, at the same time as simplifying access to the content. Law enforcement officials, which are keen to gain access to computing devices to acquire evidence, have found ways to bypass security that works within the law, but in many cases attempts to acquire warrants relating to biometrics are not granted for constitutional reasons.

In a US district court filing in Idaho concerning a sealed complaint, dated May 8, law enforcement officials obtained a warrant for the search of an individual, their vehicle, and place of residence, due to suspicious of the presence of child pornography. The warrant allowed for the seizure of computers, mobile devices, and other items if they were deemed to be evidence of a crime.

As part of the search, officers seized a Google Pixel 3 XL from the residence's bathroom, but it was locked and could be opened by solving a swipe pattern or using a fingerprint. As the suspect was arrested but declined to unlock the device, officers petitioned the court for a warrant to compel the person to unlock it, claiming that the device was owned by the suspect as they identified it was in the bathroom prior to answering the door and being arrested.

The judge declined to grant that particular warrant, citing issues with both the fourth amendment and the fifth amendment. Under the fourth, the search and seizure would be lawful if it was "reasonable," and would be unreasonable if it violated the person's constitutional rights, so the search had the potential to go ahead.

However, the fifth amendment protects against self-incrimination, which the judge believed applied as the compelled unlocking via fingerprint would determine ownership or control over the device. As it was not possible to determine ownership before unlocking, this would in effect incriminate the person via the act of unlocking.

In the end, Chief US Magistrate Judge Ronald E. Bush denied the application.

The use of biometrics and law enforcement's aims in relation to the US constitution has been an issue for some time, with judges varying between states and cases as to whether or not permit members of law enforcement the ability to abuse the biometric security process to gain access without requiring a username or password.

Passwords and passcodes can be stated as a "testimonial communication" in the eyes of a court, meaning that they can be uttered and used as evidence due to the suspect advising of the codes willfully. Biometrics, however, can be acquired through unwilling means, making their legal status less clear cut.

On May 3, a Massachusetts judge granted a warrant to unlock an iPhone with Touch ID in a case relating to gun trafficking. The time-limited warrant may not necessarily have been used successfully, as there is a limited window available to use a fingerprint before Touch ID demands a passcode is used.

A January court filing in California denied a warrant as it risked running "afoul of the Fourth and Fifth Amendments," as well as for being "overbroad" in targeting any devices at a crime scene, rather than ones owned by the suspect.

A 2016 case had a woman forced to use Touch ID on an iPhone confiscated from a property owned by an Armenian Power gang member, in prison at the time for unrelated charges. The fingers of corpses have also been used on iPhones to try and unlock them, though with limited success.

Face ID has also been the subject of warrants, including one in August 2018 where the FBI wanted to unlock an iPhone X as part of a child abuse investigation in Columbus. Face ID's security policies has also led to a warning to police form a forensic firm warning not to look at the display of an iPhone X or other Face ID-equipped device, to avoid accidentally attempting an unlock that would almost certainly fail.