Suspect forced to unlock iPhone with his face

An investigation into a chain of paedophiles has revealed the first known case of law enforcement forcing a (living) suspect to unlock his iPhone by using his face with Apple Face ID facial recognition technology.

Forbes dug the case out of an affidavit for a search warrant issued on 19 September that mentioned using Face ID to unlock an Ohio man’s iPhone X.

Forbes staffer Thomas Brewster notes that this isn’t just a first for US law; this is a first for any law enforcement outfit in the world.

The iPhone X belongs to Grant Michalski, 28 – one of six Ohio men who, according to the Department of Justice (DOJ), met on Craigslist to talk about the sexual abuse of at least two 10-year-old girls. In August, the six were charged with crimes related to producing sexual abuse images and repeated sexual abuse of at least those two girls.

Larry McCoy, a task force officer with the FBI, had begun the investigation in January 2018 by posting a Craigslist ad titled “Taboo Dad chat.” Posing as a recently divorced father, McCoy’s ad said he was looking to chat with others regarding “taboo stuff.”

He got a response from somebody later identified as William G. Weekley, 34, of Newark, NJ – one of the men mentioned in the DOJ’s announcement from August. Weekley allegedly proceeded to send McCoy child abuse images via the Wickr messaging app. He was arrested in January and admitted to communicating with others on Craigslist. According to the affidavit, the suspects also used the chat app Kik Messenger to discuss abuse of minors.

Craigslist and Gmail provided investigators with enough information to find Michalski, allegedly one of Weekley’s correspondents.

With search warrant in hand, investigators searched Michalski’s house on 10 August, demanding that Michalski use Face ID to unlock the iPhone X that they found. He complied, which gave the FBI access to photos, videos, correspondence, emails, instant messages, chat logs, web cache information and more on the iPhone.

Or, at least, that’s what the search warrant authorized investigators to seize. However, they couldn’t get everything that they were after before the phone locked. A device can be unlocked by using Face ID, but unless you know the passcode, you can’t do a forensic extraction. The clock starts ticking down, and after an hour, the phone will require a passcode.

During that window of time, investigators could manually look through files and folders and take photos of what they found, but it was slow going. Hooking up a phone to a computer and using a passcode would have enabled faster, more complete forensic data download, including of the data within apps and even deleted data.

That doesn’t mean the data is now entirely out of investigators’ reach. As the FBI noted in the affidavit, there are “technological devices that are capable of obtaining forensic extractions from locked iPhones without the passcode,” and Ohio law enforcement agencies have access to them – specifically, the Columbus Police Department and the Ohio Bureau of Investigation.

In Apple’s 11.4.1 update, which it delivered in July, users could turn on USB restricted mode in response to those techniques, which are believed to be used by GrayShift and Cellebrite to bypass the iOS lock screen. That option is turned on by default in iOS 12, but users who enabled automatic updating could have had it two months prior to that.

Michalski’s lawyer, Steven Nolder, told Forbes that the FBI wanted to use Cellebrite tools to get more data from his client’s phone, but in spite of using Face ID unlock, they haven’t been successful. Hence, the bureau hasn’t found contraband, his client didn’t suffer as a result of being forced to unlock his phone using this particular biometric feature and as such, there’s no need to challenge the warrant’s inclusion of it.

However, Nolder told Forbes that the cops were now using boiler plate language in warrants to allow them to access iPhones via Face ID:

Law seems to be developing to permit this tactic.

If precedence is any guide, Fifth Amendment challenges to compelled face unlocking would likely have little luck. As it is, biometrics tend to be interpreted as constituting “what you are,” versus passcodes, which constitute “what you know,” and that’s a crucial distinction when it comes to Fifth Amendment protections.

Courts have tended to lean toward granting Fifth Amendment protection against self-incrimination when it to the contents of our minds – as in, our passcodes. When it comes to our biometrics, courts have tended to consider biometrics to be outside of the scope of the Fifth Amendment.

Weekley and Michalski are still awaiting dates for the start of their trials.