Should Police Use Your Face to ID Smartphone Evidence?

The new iPhoneX is hot. So hot that in Hong Kong, where I’m currently located, they are selling them out of suitcases on the sidewalk for approximately CDN$2,000 and up (depending on the size).

One of the phone’s hottest features is that it allows for it to be unlocked, simply by looking at it. Here’s what Apple has to say about Face ID:

 

Much of our digital lives are stored on iPhone and it’s important to protect that information. In the same way that Touch ID revolutionized authentication using a fingerprint, Face ID revolutionizes authentication using facial recognition. Face ID provides intuitive and secure authentication enabled by the state-of-the-art TrueDepth camera system with advanced technologies to accurately map the geometry of your face.

The technology that enables Face ID is some of the most advanced hardware and software that we’ve ever created. The TrueDepth camera captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of your face and also captures an infrared image of your face. A portion of the A11 Bionic chip’s neural engine — protected within the Secure Enclave — transforms the depth map and infrared image into a mathematical representation and compares that representation to the enrolled facial data.

Face ID automatically adapts to changes in your appearance, such as wearing cosmetic makeup or growing facial hair. If there is a more significant change in your appearance, like shaving a full beard, Face ID confirms your identity by using your passcode before it updates your face data. Face ID is designed to work with hats, scarves, glasses, contact lenses, and many sunglasses. Furthermore, it’s designed to work indoors, outdoors, and even in total darkness.

Pretty neat, especially if you’re like most of us and don’t like to get slowed down with long pass codes. The TrueDepth feature is designed to ensure that 2D representations of your face, such as a photo, cannot be used to unlock your phone.

Although hackers claim to have broken Face ID within a week of the phone’s release, and a cybersecurity firm in Vietnam has demonstrated that a $150 mask can beat it too, neither of these may be the greatest concern for Canadians.

Back in 2014, when the Supreme Court of Canada released its decision in R. v. Fearon, I noted here that the Court’s analysis was flawed and did not reflect changing societal values or the proper privacy interests at stake. The greatest limitation with this decision was that it involved a “dumb phone,” and did not reflect any of the technological concerns of contemporary phones on the market.

Apple’s Touch ID, released more than half a year after the Court of Appeal’s decision in this case, should have changed or refined the analysis by the Court. Justice Karakatsanis’ dissent illustrated some of the shortcomings of their decision,

[160] First, unlike the Ontario Court of Appeal, I do not see how the considerable privacy interest in a cell phone could be overcome when it is not password-protected or otherwise locked. Leaving a cell phone without password protection cannot be said to constitute a waiver of the privacy interest in the vast web of digital information accessible through the phone, nor does it demonstrate a subjectively diminished expectation of privacy. Like the private sphere of the home, our digital devices remain intensely personal, even when we do not take every possible precaution to protect them. An individual who leaves her front door unlocked does not forfeit her privacy interest in her home to the state; the same is true of her phone.

[emphasis added]

If we assume that a Face ID lock without a passcode provides similar protections as a locked phone, then much of this may be a non-issue. But for a judicial opinion on this to be binding, and to properly guide law enforcement dealing with this technology, we may have to wait for many years.

For example, a Virginia circuit judge ruled in 2014 that a criminal defendant can be compelled to provide their fingerprint to allow access to a smartphone, even when they may not be allowed to compel that a passcode be provided under the more robust protections provided in their SCOTUS parallel case of Riley. The basis for this decision was as follows:

… the Fifth Amendment only protects against “compelled” self-incrimination, therefore the contents of Defendant’s phone, created voluntarily, are not protected against disclosure. However, compelling Defendant to provide access through is passcode is both compelled and testimonial and therefore protected… the password is not a foregone conclusion because it is not known outside of Defendant’s mind…

…The fingerprint, like a key, however, does not require the witness to divulge anything through is mental processes. On the contrary, like the characteristics that are non-testimonial, the fingerprint of Defendant if used to access his phone is likewise non-testimonial and does not require defendant to “communicate any knowledge” at all. Unlike the production of of physical characteristic evidence, such as a fingerprint, the production of a password forces the defendant to “disclose the contents of his own mind.”

Last year, a California judge signed a warrant to compel an accused gang member to provide his fingerprint to have his phone unlocked. The LA Times covered this case and said,

The U.S. Supreme Court has held that police can search phones with a valid warrant and compel a person in custody to provide physical evidence such as fingerprints without a judge’s permission.

But some legal experts say there should be a higher bar for biometric data because providing a fingerprint to open a digital device gives the state access to a vast trove of personal information and could be a form of self-incrimination.

“It isn’t about fingerprints and the biometric readers,” said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, “the contents of that phone, much of which will be about her, and a lot of that could be incriminating.”

Until then, a new iOS feature for emergency calls, ostensibly designed specifically to also prevent law enforcement from accessing unlocked phones, was identified via Twitter.

All you need to do is click your home button five times, and we’re not in Kansas any more.

 

 

Comments

  1. David Collier-Brown

    The computer-security community has a harsh critique of schemes such as fingerprint or face identification. “Fingerprints are Usernames, not Passwords” (for example, see
    http://people.canonical.com/~kirkland/Fingerprints%20are%20Usernames%2C%20Not%20Passwords.pdf)

    Apple is not providing security by asking you to provide a user-name, -face or -finger, but instead “security theatre” (see also https://www.schneier.com/essays/archives/2009/11/beyond_security_thea.html).

    It may make the user feel good, but it’s not a credible means of providing security, only a step in a procedure that also includes authentication. Having claimed that yo’re yourself, you next need to prove that you actually are who you say you are, look like, or have a rubber fingerprint cast of. You need to provide a password or passcode.

    The person depending on a face reader is in the same position as the person who has no password at all. They’re depending on the courts and the good will of the police/border-patrol to not compel them to identify themselves. In effect, they’re unwittingly depening on Justice Karakatsanis’ dissent, thinking it is the law of the land.