The FBI used a suspect's face to unlock his iPhone in Ohio case
When Apple debuted Face ID with the iPhone X last year, it raised an interesting legal question: can you be compelled to unlock your phone by looking at it? In an apparent first, Forbes reports that the FBI got a suspect to unlock his phone during a raid in August.
In August, the FBI raided the home of Grant Michalski, looking for evidence that he had sent or received child pornography. They were armed with a search warrant [warning: this documentation contains explicit descriptions of sexual abuse] which allowed them to search Michalski's computer for evidence, and during the raid, agents recovered his iPhone X.
The agents who found the iPhone asked Michalski to unlock the device via Face ID, which he did. They "placed the [phone] into airplane mode and examined it by looking through the files and folders manually and documenting the findings with pictures."
The facial unlocking was voluntary (or so they claim), and the Columbus Police and FBI have devices capable of bypassing the phone's passcode protection. So much for security.
Also at AppleInsider.
Related Stories
Apple argues stronger encryption will thwart criminals in letter to Australian government
Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.
Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.
Letter here (#53), or at Scribd and DocumentCloud.
Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.
Police told to avoid looking at recent iPhones to avoid lockouts
Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.
Also at 9to5Mac.
Related:
California Lawmaker Tries Hand at Banning Encryption
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
FBI Chief Calls for National Talk Over Encryption vs. Safety
Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Law Enforcement Agencies Increasingly Cracking iPhones Using "GrayKey"
Australian Government Pursues "Golden Key" for Encryption
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't
Five Eyes Governments Get Even Tougher on Encryption
FBI Used Cooperative Suspect's Face to Unlock His iPhone
(Score: 4, Funny) by MostCynical on Monday October 01 2018, @12:03PM (4 children)
can the facial recognition work, once you have a black eye and swelling?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Insightful) by c0lo on Monday October 01 2018, @12:23PM
Black eye and swelling are not simultaneous with the vigorous application of the cause - there's a window of... errr, sorry, an apple I mean... an apple of opportunity a few minutes wide between the two.
(grin)
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by nitehawk214 on Monday October 01 2018, @03:09PM (1 child)
Use wrench or hammer on arms and legs instead.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 4, Informative) by MrGuy on Monday October 01 2018, @03:28PM
XKCD [xkcd.com], as always, is prescient.
(Score: 0) by Anonymous Coward on Monday October 01 2018, @10:50PM
Yes, if you shove the iphone in their face hard enough.
(Score: 4, Insightful) by MrGuy on Monday October 01 2018, @01:15PM (2 children)
The word “cooperative” dies not appear in TFA’s headline, and it shouldn’t appear here without the word “allegedly.”
The only evidence that the subject cooperated comes from the authorities conducting the search. And it may well be true. But I’m not sure their assessment of what’s voluntary should be taken as fact.
(Score: 2) by pkrasimirov on Monday October 01 2018, @02:15PM (1 child)
Yes, the headline does not match the FBI report. From the linked document https://www.documentcloud.org/documents/4951289-iPhone-X-Face-ID-Search-in-Ohio.html [documentcloud.org] page 12:
FBI already had his emails from Google and Craigslist so it can be argued if this falls under self-incriminating. Maybe I'm having the wrong idea of FBI but I don't imagine them politely asking a proven pedo for cooperation using words.
(Score: 3, Informative) by bob_super on Monday October 01 2018, @05:18PM
> Maybe I'm having the wrong idea of FBI but I don't imagine them politely asking a proven pedo for cooperation using words.
Yes, you indeed do have the wrong idea.
Most cops do their job by the book, because they don't want to be the one known to have let a pedo or murderer walk free by not doing the job right.
Yes, there are stupid angry power-tripping cops, way too many of them. But the US is supposed to be a civilized place, not a "Gestapo will torture you for kicks" secret-police state. The US needs a shrink, instead of blowing off your friends.
(Score: 3, Informative) by hemocyanin on Monday October 01 2018, @01:48PM (3 children)
What you know is protected by the 5th Amendment and the 5A protection against being forced to self-incriminate is the strongest protection people have.
What you are or have is protected by the mostly gutted 4th Amendment and even if the 4A still had any meaning, the authorities can get the stuff it covers with a warrant, something the courts give out like Halloween candy.
Consequently, my phone has a sticker over the fingerprint sensor.
(Score: 3, Insightful) by pkrasimirov on Monday October 01 2018, @02:18PM
ALL YOUR FACE ARE BELONG TO US.
(Score: 0) by Anonymous Coward on Monday October 01 2018, @11:12PM
I'm not really sure how you could protect against this sort of thing, eventually, you have to sleep and at that point, they could probably have it in your face when you wake up.
The thing though is that there isn't really any constitutional amendment that prevents that sort of thing. What you look like is not something that is generally protected under the constitution, what you know is. So, having a password that you could plausibly forget is protected, but becoming disfigured on purpose is probably going to run afoul of obstruction of justice rules. Now, if it's an accident or if the police beat you causing the disfigurement, that would be an interesting test.
(Score: 0) by Anonymous Coward on Monday October 01 2018, @11:39PM
Good luck with that .. currently neither is protected as part of your liberty ... Search Warrant for Your Fingerprint https://soylentnews.org/article.pl?sid=16/05/03/0224254 [soylentnews.org] ... Man Jailed Indefinitely for Refusing to Decrypt Hard Drives Loses Appeal https://soylentnews.org/article.pl?sid=17/03/21/1953213 [soylentnews.org]
(Score: 3, Insightful) by bzipitidoo on Monday October 01 2018, @03:05PM (7 children)
Argh, another "think of the children" case. The info didn't say that the accused abused any children himself, or even that he was a known sex offender. It said only that he sent and received pictures. Maybe he is a baddie. But it is presuming a lot to suppose that the only reason for any man to have such pictures is that he is a pedophile who is willing to abuse children to get his kicks. Everyone is just one spoofed link away from child porn ending up in their browser's cache, and one virus infection away from having their computer used to distribute child porn. We also know that some police plant guns on citizens. The ones who would do that, why wouldn't they plant child porn as well?
The fear is so bad that any man who works with children is automatically suspect, basically guilty and can never prove his innocence no matter how many years he gives exemplary service and never does anything bad. You want to do what? Work in a day care, where you'd have to change baby girls' diapers?? You pervert!! It's okay for women to change diapers, but not for men.
Note also that this is election season. I find it just a little suspicious that we're hearing about this particular kind of offense at this time. How convenient for the "tough on crime" candidates who are running for reelection. The police could easily be feeling pressure to score a few sensational busts.
(Score: 2, Insightful) by Anonymous Coward on Monday October 01 2018, @03:31PM
This is also held as catch-22 "evidence" that women are superior beings. Well, some kind of circular logic.
There's the stuff from WSWS about the CIA Democrats. Everything happening right now, especially with 24/7 coverage of Kavanaugh and the apparent lack of time in the 168 hours in a week to cover the real reasons we should reject Kavanaugh--his support for torture, police overreach, disregard for the text of the Constitution, and possible perjury (perjury which isn't even being investigated)--, is a cynical political and propaganda ploy to boost Democratic voter turnout. And it might work. And given the completely debased and unprincipled state of the Republican Party... what else could one practically hope for.
If it doesn't work... I don't know. I think I've run out of fucks to give. No matter who wins, we're still getting a police state.
Well, one could hope that the working class immediately cease giving votes to either the Republican Party or the Democratic Party. The Libertarian Party and the Green Party are better alternatives. The only thing keeping the Republican Party and Democratic Party in power is the mass hypnosis of a self-fulfilling prophecy maintained by human susceptibility to propaganda. Neither of those two major parties gives a damned about the working class, and both of them want austerity and war.
Goddamned tragedy. There are way more in the working class than the bourgeoisie. Yet we dance like marionettes.
(Score: 3, Interesting) by Thexalon on Monday October 01 2018, @03:52PM (4 children)
So the short version of your argument appears to be: Possession and/or distribution of child pornography should not be a crime. Maybe not, but right now it is under US law. If you have a problem with that, that's something to bring up to your Congresscritter's office, not a reason for the FBI to suddenly not have a right to investigate this dude's actions.
I'm guessing that if you sat on his jury in any trial that arose from this, you'd nullify, am I right?
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by MichaelDavidCrawford on Monday October 01 2018, @04:07PM
The suspect need not actually possess or provide any CP, it's the simple communication that is a felony
It's in the Wikipedia first amendment article
Yes I Have No Bananas. [gofundme.com]
(Score: 2, Insightful) by Anonymous Coward on Monday October 01 2018, @04:15PM (2 children)
If the fact of possession were the only fact established by the prosecution, I would nullify if I were in the jury box. Call me a pedophile then. I'm already apparently an incel because I've only had sex with men. Homosexuality in men is already linked, according to the homophobic authoritarians, with pedophilia.
So plant some CP on me.... after all, that's all you have to do to prove that yet another homosexual incel is also a pedophile. Right? Because police would never do such a thing as planting evidence? (Do I really need to link you to article after article documenting police getting caught planting "evidence?")
The reason is that the idea of contraband is itself flimsy and dangerous, precisely because of the ease of planting evidence. We should go after those who can be proven to be willful (that mens rea thing) distributors. Mere possession of anything only provides an easy way for power to be abused.
(Score: 2) by Runaway1956 on Monday October 01 2018, @08:01PM (1 child)
I'm not a real believer in this argument, but it should be mentioned.
Theory is, if there weren't people out there seeking, and oftentimes willing to pay for, CP, the producers wouldn't be producing it. Thus - possessions contributes to actual child sexual abuse.
In my limited research, monetary profit is at best a tertiary concern for most producers of CP. One CP ring was discovered in which CP was traded like-for-like. The only way to "buy" the stuff, was to produce and trade your own stuff. And . . . I suppose that particular CP ring supports the theory I've already mentioned.
Whatever theory you might work with, I'm certain that a lot of child porn is not porn at all. If a naked child runs through the room when a photo is snapped, that child's bare buttocks constitute child porn in the eyes of some law enforcement. It doesn't matter how, or why, that bare-assed child managed to run into the room at the wrong(?) moment - the bare ass is enough to arrest and investigate.
https://blogs.findlaw.com/blotter/2009/09/bath-photos-wal-mart-what-is-child-pornography.html [findlaw.com]
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0) by Anonymous Coward on Tuesday October 02 2018, @02:09AM
The counterargument is that most of the CP is freely available, so you could just ban paying for it (through any means) and producing it.
Another counterargument is that it's still the fault of the producers, and that they don't have to produce CP to meet the demand. It's still entirely on them.
What's funny is that many organizations like the FBI argue that CP harms victims each time it is looked at, so it's harmful even if it was not paid for at all. Then, the FBI hosts CP itself on honeypot websites. The hypocrisy is both hilarious and sad.
(Score: 2) by splodus on Wednesday October 03 2018, @11:35AM
I skim-read the Search Warrant (can't be arsed to read it properly)
Seems they already had pictures of him having sexual relations (to be polite) with his 12yo daughter, and his daughter engaging sexually with their dog!
They'd got this from Google, and got conversations of him and an undercover discussing it before getting the warrant.
I really, really struggle with the privacy / surveillance / incrimination issue.
But then something like this comes along - and I have to give myself a reality-check...
(Score: 2) by Runaway1956 on Monday October 01 2018, @03:35PM
Facial recognistion can be beaten with a photo. Let me find that . . . https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos-facebook-thanks-zuck/ [wired.com]
The iPhone(s) aren't mentioned in the article, but facial recognition software has been tricked with photos. So - WTF does Apple or anyone else suggest that facial recognition can be "secure"? It's likely that Apple's software is tricked just as easily.
This article from Wired, dated November of 2017, suggests that Apple's facial recognition had not been cracked yet - https://www.wired.com/story/tried-to-beat-face-id-and-failed-so-far/ [wired.com]
It's anybody's guess whether NSA and associates have cracked it.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by Hyperturtle on Monday October 01 2018, @04:26PM (2 children)
Phone based bioauthentication methods are for convenience only on consumer products; I guess that lesson is most easily learned the hard way.
They don't even have to ask if they want to accidentally unlock it and claim they found it that way. Same goes with fingerprints and so on. they can hold it up to your face; if you are dead, they can still use your finger prints and on the older face recognition, those too. Newer face recognition looks for that eye glaze that doesn't form on living subjects; if the glaze is there, the subject is probably dead and the device won't permit the unlock even if it is otherwise a match. (That's based on my understanding of Apple's application of the technology; other vendors might not incorporate such safeguards right now.)
A faceprint, fingerprint, noseprint whatever--it's all external and if a camera can collect it and use it for data, so can the same data readers when not in your possession or control. Or even something else--it's not like people haven't gotten away with using photos, 3d prints and masks. It gets successively more challenging per new hardware generation to defeat, but your face and fingers... are easily defeated if you are in the possession of the people that want control of the phone of yours in their possession.
One's best hope is to get hit with that $5 wrench to such an extent that the resulting biometrics are no longer matching due to physical deformity. If that can be called a hope; it depends greatly on the circumstances around the detention of the phone and person. If there is any chance to hack the convenience, it is better to select and remember a complex password.
There are many methods to help one remember something that is complex and not easily guessable or brute forceable without considerable efforts. If it is that important to you, you will remember how to unlock your phone or anything else you set your mind to securing. Try not to reuse it and try not to use any info one might find in a 'security question'...
Convenience doesn't usually equal security. If convenience is more important to you, then make sure your operational security is mindful that you should only be securing with that convenience what you can afford to lose.
Anyway, the iPhoneX wasn't included in the warrant; they obtained it during the execution of the search warrant (the reason why they were there). That means they were not specifically seeking to open it as of yet, and he oblidged to their request to open it (or however his face was applied). They had no previously authorized means to provide compulsion or incentive to seek his cooperation in opening it; they didn't know he had one.
Willingly unlocking the phone is another matter; if he hadn't used biometrics, he may have just typed in the password if they asked him to unlock it.
(My rant is more about consumer perceptions than it is about why the gentleman was accused in the first place--everyone has locks, but some are weaker than others. Don't use a convenience lock for anything really important.)
(Score: 2) by Freeman on Monday October 01 2018, @05:14PM (1 child)
The $5 wrench method need not even apply for something that just needs a face scan. Can he even do anything, if he was held down for the face unlock? How about, if he was unconscious / dead? I'm guessing unconscious or dead would work just as well as alive for current face detection software. So long as the dead was fresh and not seriously deteriorated. All you need to do is slip him something that knocked him unconscious, use his unconscious face to unlock the phone, and Profit! Or something like that. Probably couldn't be slipping a drug to someone, if you're a government agency.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Monday October 01 2018, @11:15PM
Hopefully face recognition would involve some monitoring of the pupils to ensure that the person is still alive in the same way that a fingerprint scanner hopefully checks for a pulse or similar so that you can't used a severed digit or a fake finger.
Biometrics is a really stupid thing to use for things of this nature where you care about security as there's a ton of corner cases and if it gets compromised, you can't reset the password.
(Score: 0) by Anonymous Coward on Monday October 01 2018, @11:05PM (1 child)
Suspect cooperates with police. Film at 11.
Now LET'S ALL HYPERVENTILATE!
You all probably don't realize the extent that you are caricatures. FIGHT THE MAN!
(Score: 0) by Anonymous Coward on Tuesday October 02 2018, @02:13AM
You assume that he cooperated. We don't know.