Police: Apple’s new Face ID technology will make it harder for authorities to bypass enhanced security

“Apple’s new security features will make it harder for local police to retrieve digital evidence they need to solve crimes,” Megan Cloherty reports for WTOP. “While great for consumers, without the ability to bypass enhanced security such as facial recognition, investigators said it will delay justice.”

” Apple fans delighted in the new suite of products including the debut of the iPhone X, law enforcement let out a collective sigh,” Cloherty reports. “‘It’s very frustrating for law enforcement because it makes our job much more difficult to support the community,’ said Detective Jason Friedman, who works in the Fairfax County Police computer forensics department. The biggest issue, he said, is the latest operating system, IOS 11. ‘Most of the forensics community in law enforcement has known for a while, through the Apple IOS 11 betas, that security was going to be even more difficult and hamper law enforcement’s ability to extract data,’ he said.”

“‘Within the last couple weeks we’ve had an iPhone 6S and an iPhone 7 in here where it was pass code protected. There was no way to bypass that security and we could not obtain data from the cellphone,’ he said in another example,” Cloherty reports. “It’s unclear how the new facial recognition technology will increase the current backlog at a majority of departments in the D.C. region, but forensic analysts said as of now, there is no silver bullet to access the encrypted operating system that will be prevalent on consumer devices within a matter of months.”

Read more in the full article here.

MacDailyNews Take: Good.

What did you do before iPhone appeared in 2007? Stop being lazy, wanting a skeleton key that gives you access to everything, and go back to doing that.

50 Comments

    1. While I support Apple on maintaining tight security, I’m afraid you are missing the point. The officers quoted in the article HAD warrants, but that didn’t help them gain access to the information that a judge had found probable cause to believe was evidence of a crime.

      The problem for law enforcement is that a valid warrant that complies completely with the Constitution and laws no longer helps them get access to critical evidence. To convict someone of possessing child pornography, for example, you have to reach the porn stored behind encryption on his device. To convict someone of criminal conspiracy, you have to reach the text messages between the co-conspirators that are undoubtedly right there on all their phones. Embezzlers and fraudsters have learned to keep their real financial records behind encryption. And so on… Having a warrant doesn’t help in any of those situations.

      It is a real problem that unfortunately doesn’t have any good solutions. Either we must learn to accept more danger in our everyday lives, or we must accept ever-deeper intrusions into our privacy. The politicians are betting that the Joe Sixpacks and Soccer Moms will prefer safety to liberty, almost every time.

      They might be right, but we shouldn’t make it easy for them. We have to keep fighting the notion that there is some feasible way to guarantee access to private information by a law enforcement officer with a valid warrant, while guaranteeing security against everybody else.

      1. Hear your thoughts but respectfully disagree. Self incrimination is protected by the constitution. Given the nature of our phones that what this would amount to. This situation does not create more danger in our lives. Safety is a false notion when it is granted by the government that can take it away when it deems it so.

        1. Please explain how this doesn’t create more danger in our lives. Immunity from self-incrimination is constitutionally protected, but immunity from a lawful search or seizure is not. There is nothing in our phones that the Founding Fathers did not keep on paper, yet they provided a procedure for searching those papers via a warrant. Today, law enforcement’s ability to obtain a warrant can be effectively countered by putting all the evidence behind easily applied and practically uncrackable encryption.

          Safety is also a false notion when criminals can operate freely without fear of prosecution. The fact that terrorists and other criminals are able to assemble incriminating information and communicate freely without having to worry about disclosure does significantly alter the balance in their favor. Because they can get away with their past crimes, they remain free to commit future crimes. That does make us less safe.

          1. Justifying increasing invasions of privacy excuses the consequences of gross neglect and corruption by government officials. For example, unfettered immigration allows in tens of millions of unvetted individuals into the U.S., couple this with ten million more every decade through legal immigration. Out of this toxic mix of competing cultures with conflicting values (expecially with such a weak culture and society as the U.S.) emerges criminality and discord. It has been called anarcho-tyranny, among other things. The government (federal, state and local) subjects the legal, law-abiding populace to tyrannical intrusions, while allowing what is essentially the invasion and colonization of the U.S. by hostile, foreign cultures.

            While I sympathize with the honest cops who want to jail criminals, they should focus their anger at their political overlords dumping criminality on top of them (fat chance) instead of just dealing with the symptoms.

          2. There is far more on our phones than what was kept on paper. Phones are like searching your brain, and need to stay protected under 4th Amendment.

            Next up they will have brain scans, the surveillance and intrusion has to stop somewhere.

          3. TxUser, you seem to have a huge gaping hole in your logic about what keep’s people “safe.”
            There is an entity that has claimed for itself the right to end people’s freedom or lives, based on often very weak evidence (or none at all) or forced confessions. It’s called the government.
            The most dangerous entity in most people’s live, whether they know it or not, is their own government.
            It may be a necessary evil, but it needs to be watched closely, operate with transparency, and be limited into how far it can push into people’s private lives. If that means sometimes criminals get away with harming someone, that’s better than everyone being criminals who are either in prison or have to live as if “on parole” for their entire lives.

          4. TxUser, you usually offer cogent and logical arguments. But this time, not so much…

            “There is nothing in our phones that the Founding Fathers did not keep on paper…”

            I beg to differ. The “Founding Fathers” spoke to one another, privately and in public, and they sent letters. They routinely sealed letters with wax, sometimes imprinted with a deal, but they knew that the security of their letters was only as good as the integrity of the people who delivered them. That is likely why our ancestors placed a great deal of emphasis on the sanctity of mail.

            They did not keep thousands of photos on paper or records of thousands of daily interactions via text, email, and other means. They did not keep track of their GPS location/time data that could recreate every daily journey. They did not record or transmit voice conversations – those were subject only to the memories of the participants. They did not collect or maintain detailed electronic health records. I could go on, but I believe that I have made my point. Furthermore, in modern electronic form, all of this information stored on smarthones can be searched and analyzed in excruciating detail to reconstruct a person’s life with amazing accuracy.

            I believe in the inherent value of privacy. Opening up a smartphone to examination is not like searching a home or a person’s mail via a warrant. It is much closer to opening up a person’s brain, and that leads to the Fifth Amendment.

            I have respect for (good) law enforcement and I sympathize with the difficulties that they face in upholding the law. But search and seizure has to have limits. As stated in an earlier post, we need to discuss this at length in order to come to a well-reasoned conclusion regarding the proper balance between security and personal privacy.

        2. We seem to have several people here who didn’t read my opening sentence, “While I support Apple on maintaining tight security.” I am not an apologist for the security state or justifying increased invasions of privacy. I fully agree that the social benefits of digital security outweigh the social costs. I hope that Apple and the other tech companies don’t surrender to the pressure on this issue, which can only get worse as the issue becomes more recognized.

          There is no such thing as encryption that can block absolutely everyone except somebody who has a valid judicial warrant issued in compliance with the US Constitution and laws (or foreign authority that provides at least the same safeguards). Systems open to a proper warrant are also be open to attack by multiple state and private bad guys. All the politicians demanding that Apple come up with a way to accomplish an impossible task are pandering, or they just don’t understand the issues.

          However, those who argue that there simply are no social costs to unbreakable encryption equally fail to understand the issues. There is no way to deny that it makes committing some crimes easier and prosecuting those crimes far harder.

          People in the 18th Century didn’t have cellphones, but they did have private journals in which they set down their inmost thoughts in incredible detail. Those were clearly subject to the Fourth Amendment, not the Fifth. Certainly most people now keep more information on their phones than most people did on paper, but that is a quantitative difference, not a qualitative difference that requires applying different constitutional principles.

          The reason people keep more information on their phones now is that encryption makes it safe to do so. Beyond that, there is simply more information around, thanks to using keyboards rather than quill pens and electronic messages rather than the Pony Express. Until the Blackberry, nobody had a handheld device with truly reliable security. We didn’t face significant dangers from unbreakable encryption before it was available on the iPhone in everyman’s pocket. We didn’t need laws against traveling down a public highway at faster than a horse’s gallop until we had the technical means to do so, either.

          There is going to be a continuing public debate on this issue. It will not help the cause of those who defend strong encryption for us to deny the reality that it has significant costs for society. We need to focus on the reality that it has even more significant benefits.

          1. TxUser posted:

            “Certainly most people now keep more information on their phones than most people did on paper, but that is a quantitative difference, not a qualitative difference that requires applying different constitutional principles.”

            Please read my post above, which occurred a few hours after your response. There is a qualitative difference in the content of a smartphone versus what people used to record on paper. It is not just quantitative.

            Shutting off access to smartphone (and computer and tablet and smartwatch and…) content via strong encryption does create some significant problems. For example, in times past a person might be caught and convicted as a pedophile by being caught in the act or by being in possession of photographs obtained via a search authorized by a warrant. If all of that media is now collected in electronic form on an encrypted device and that device is not accessible via a warrant, then the person has to be caught in the act of breaking the law. That is just one example but, clearly, device encryption involves impacts to law enforcement.

            I do not claim to have the answer. But the first step towards finding a solution is to clearly understand the problem. The extremes are not helpful – a smartphone is not like mail in the 1790s. But it does not necessarily follow that a smartphone’s contents should be sacrosanct against all inquiry. The question remains, “Is there a solution that reasonably balances the conflict between lawful search and personal privacy?” To date, I have not heard of a solution that makes any sense to me.

            1. We are using different terminology, but saying basically the same thing: this is a complex question with costs and benefits to balance on both sides, but each of us would resolve any doubt in favor of privacy.

      2. If the police have a warrant and a judge orders the owner of the phone to “open” it for law enforcement and the owner refuses I believe they would be in contempt of court and could be held, perhaps indefinately, until they comply. So, even if the evidence of the crime they are accused of could not be collected the end result is they same as they cool their heels in jail. Any lawyers out there correct me if I’m wrong about this.

        1. This thread is probably dead, and I was hoping somebody else would answer RichPMD so I wouldn’t, but…

          The Fifth Amendment absolutely prohibits the Federal Government (and the Fourteenth Amendment prohibits state and local governments) from compelling someone to testify against himself. Ordering someone to self-incriminate is unconstitutional for both the police and the judges. With a warrant, they can compel someone to provide biometric data (fingerprint, facial image, blood sample, etc), since that is not regarded as testimonial.

          If someone refuses, they are generally just physically forced to comply, not cited for contempt. As others have noted, within eight hours of arrest—if not sooner—an iPhone with TouchID or FaceID set up will default to a passcode, making the issue of collecting biometric data moot.

          A passcode is not biometric evidence. The courts are divided on whether it is “testimony” for purposes of the Fifth Amendment. There are Supreme Court dicta (incidental remarks not required to reach a holding) that a safe combination or passcode that exists only in the defendant’s mind should be treated like anything else in his memory that he might testify to in court.

          If it is testimony (and possibly even if it is not), a suspect cannot lawfully be ordered to divulge it because that would be forcing him to testify against himself. He cannot be held in contempt or imprisoned for asserting his constitutional rights, so he can safely ignore the order to provide his passcode. If there is not sufficient independent evidence to charge him without the phone data, he can waltz straight out of the police station.

          In cases involving a broader conspiracy, the courts can offer immunity to a suspect so he cannot be punished on the basis of his testimony or anything discovered as a result of his testimony. In that case, he could be ordered to hand over the passcode and the information on the phone could be used against his co-conspirators, but not him. Since his testimony cannot incriminate him, he could be held in contempt if he refused to provide the passcode or prosecuted for perjury if he provided a false one, even if it were clear that he will get whacked as a stoolie if he squeals (the Supreme Court calls this the “cruel trilemma”).

          CAVEAT: Refusing to hand over a passcode without a grant of immunity may not be safe in your jurisdiction. Other courts have stated that a combination or passcode is not a meaningful utterance, so it should not be treated as testimony for purposes of the Fifth Amendment. I have no doubt that the Supreme Court will be forced to rule on this in the next few years, but at the moment the outlook is cloudy.

        1. Look at the event yesterday. Remember when Federighi got the message, “Your passcode is required to enable Face ID.”

          This happens after a device has been restarted — or simply after 8 hours has passed without authenticating via biometric ID. It also happens if a device hasn’t been unlocked with its passcode in the previous six days. Also, in iOS 11, to ensure a passcode is required, users who are concerned about Face ID being used forcibly to gain access to their device can simply tap on the side button five times.

          The iOS device wil then display: “The passcode has not been used to unlock the device in the last six days and Touch ID has not unlocked the device in the last eight hours.”

          This is a security precaution introduced with Touch ID that continues with Face ID.

          Apple has added an additional login layer in iOS 11 so that when connecting an iPhone to an unknown external PC, an extra passcode is required. Forensics require connection to an external PC.

          In addition, users can simply choose not to use Face ID and require a passcode to unlock their devices.

          1. Suspect in custody….. DURING arrest….. odds are suspect unlocked it within past 8 hours.

            So you describe the same system that’s in place now for Touch ID.

            And it failed in test on stage yesterday from what I heard.

            And no, do not have time to watch a 2+ hour presentation. I have work to do, and 5 minutes to post this.

            1. It did not “fail” on stage. It worked exactly as intended and as I described.

              What really happened with Apple’s onstage Face ID glitch: Face ID worked perfectly, as intended

              If you don’t have thirty seconds to ready my post above which explains, among other things, that users can simply choose not to use Face ID and always require a passcode to unlock their devices, why are you bothering to comment?

              Your name says it all. You are close-minded and likely painfully stupid. No offense, but you sound like you deserve a fscking Android phone.

            2. As long as you have a couple seconds to tap the side button five times (I think it’s five, can’t remember exactly) you can lock down your iPhone, doesn’t matter if you use Face ID, Touch ID, whatever. Apple added this security feature for exactly this kind of situation. Maybe learn about things before you make stupid comments.

            3. You don’t have time to learn or validate something, so you assume what you heard was correct!?!?! Sorry, you just made your entire argument invalid by choosing to remain ignorant of the facts.

      1. Even you don’t know the primary reason it won’t be so easily defeated. So, learn how it works. The user must look directly at the camera. The “attention sensing” feature is the killer app of FaceID

        Superior my ass.

  1. It won’t work that way because you need to have your eyes open and glance at the camera on the front of the iPhone X. Authorities can’t compel you to keep your eyes open. And, if they try to hold your eyelids open, face detection won’t work.

    1. Exactly! Also, a number of other things….
      1. click side button a number (5?) of times and it requires your code
      2. If its been a while since you had your phone unlocked it will ask for code

  2. I agree with the comments that at first glance (See what I did there?) iPhone X makes it far easier to get into your phone. I am a law and order person and most often support law enforcement, but also recognize that the surveillance state is a threat. What stops a law enforcement officer from just holding the phone in front of your face for as long as it takes to unlock your phone. Who is going to want to keep their eyes closed, while under stress, in custody, in a strange place, for a long period of time? Would someone please give me a calm, rational explanation why it wouldn’t work for a police rookie to be assigned to hold the phone in front of your for the 15-20 minutes it took to unlock your phone? Thank you.

    1. Always amusing when a troll doesn’t know what the hell they’re talking about. By time time you get your finger to the TouchID sensor, FaceID will have already activated in my phone. As to OLED, lay off the pipe. Apple doesn’t use bleeding edge technology.

      What, do they have to put a fcuking transporter in the thing? What, pray tell, would have been a satisfactory advancement for your clearly delusional lea-brain?

  3. That’s a bunch of crock. The courts have ruled that if the police have a warrant, the owner can be compelled to give their fingerprint (and I am assuming now, their face)
    The only thing they cannot be compelled to give up is their password, which is safely tucked in their heads.
    This has made legitimate law enforcement efforts much easier.

  4. I love how the police always want access. I remember when I was younger one highway patrolman decided to search my car just because he wanted to. I never gave consent. It will be the same thing with your phones if they could. Sorry, not sorry.

  5. But the police have become an integral part of the National Security Apparatus. It’s no longer the friendly neighborhood police. If policing were up to it, it would have unhindered access into every home, business, bank account, health insurance record, and electronic device, you know, to keep you safe which would amount to a police state regulated by martial law. While a police state is the most secure, the Founding Fathers Did not write the police state into the US Constitution.

    1. It’s not just the police. US border security staff are becoming increasingly aggressive towards visitors and demanding that visitors must unlock phones for them and in some cases , will then take that unlocked phone away for a while – possibly to allow it to be examined or copied.

      As one who has had a long time fascination with America and who has visited and worked in America on numerous occasions over nearly five decades, I’ve regrettably come to the conclusion that visiting America is currently no longer worth the hassle.

      I don’t have any dodgy files on my iPhone or iPad, or indeed anything which could be remotely of value to any police department or government, but I am not prepared to turn over access to all my financial and personal passwords to an obnoxious border official who decides act like a jerk.

      I feel confident that anything stored in my iPhone will not be not be made use of by Apple or disclosed by them to any other party or organisation, but have no such confidence in government agencies who might decide to clone the contents of my devices.

      1. Yes, border police and particularly deplore airport police who know that they can search people’s possessions any time they want because protesters who invoke the 4th Amendment will be taken into the back room to be investigated which takes longer than the plane’s departure time so everyone gives assent so as not to miss the plane. That’s an unwarranted amount of police power. That it’s given by the normal flier under duress should be against the law but it’s not under the US Patriot Act, now renamed the America Act (or is it the Freedom Act?) and the yearly NDAAs both of which, in my opinion, effectively replaced the US Constitution. While the USPA, signed by Bush, makes everyone into a suspected terrorist which is the very opposite of what the US Constitution says, the NDAAs specify that mere belligerents are terrorist suspects without defining who is a belligerent. It leaves the definition to itself and could make simple protesters “belligerents”, hence terrorists. This new post-Constitutional power is allows big gov. to kidnap (the US disingenuously uses the term “rendition”) people, without official charges filed, steal them into a secret prison perhaps in Kazakhstan, imprison them indefinitely, without access to a lawyer, and without telling loved ones of the location.

        That his has not been used very much on ordinary citizens does not mean that it has no potential to be used at some occasion in the future at the Gov.’s discretion. This is the rule of an absolutist monarch, which, even if benevolent is anti-Constitutional hence should be illegal but the American people comply with replacement law.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.