FBI forces suspect to unlock an Apple iPhone X with their face

“A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect’s iPhone,” Thomas Brewster reports for Forbes. “That’s by any police agency anywhere in the world, not just in America.”

“It happened on August 10, when the FBI searched the house of 28-year-old Grant Michalski, a Columbus, Ohio, resident who would later that month be charged with receiving and possessing child pornography,” Brewster reports. “With a search warrant in hand, a federal investigator [David Knight] told Michalski to put his face in front of the phone, which he duly did.”

“The case marks another significant moment in the ongoing battle between law enforcement and tech providers, with the former trying to break the myriad security protections put in place by the latter,” Brewster reports. “Whilst Knight may’ve found some evidence of criminal activity when he manually searched the device, in one respect the forced Face ID unlock of the iPhone X was a failure. It wasn’t possible to siphon off all the data within using forensic technologies. That was because the passcode was unknown… It appears Knight didn’t keep the device open long enough and so couldn’t start pulling out data with forensic kits. He admitted he wasn’t able to get all the information he wanted, including app use and deleted files. What Knight did get he documented by taking pictures.”

“Thus far, there’s been no challenge to the use of Face ID in this case or others. But Fred Jennings, a senior associate at Tor Ekeland Law, said they could come thanks to the Fifth Amendment, which promises to protect individuals from incriminating themselves in cases,” Brewster reports. “In previous rulings, suspects have been allowed to decline to hand over passcodes, because the forfeiture of such knowledge would amount to self-incrimination. But because the body hasn’t been deemed a piece of knowledge, the same rulings haven’t been applied to biometric information, like fingerprints or face scans. That’s despite the fact that the use of passcodes, fingerprints and faces on an iPhone has the same effect in each case: unlocking the device.”

Read more in the full article here.

MacDailyNews Take: We need actual laws here, or precedent set, to arrive at a uniform standard of justice.

Regardless, at the core of the issue is the U.S. Constitution:


No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Sometimes the law gets too cute. We shouldn’t leave common sense out of the equation. The process is the same thing. You’re getting access to someone’s most private information by forcing someone to give you the key. — Miami defense attorney David Oscar Markus, May 2016

Ultimately… the U.S. Supreme Court will likely have to weigh in on this issue.MacDailyNews, May 4, 2017

Apple’s ‘cop button’ won’t keep your iPhone safe from the police – August 18, 2017
Florida man sentenced to 180 days in jail for not divulging his iPhone passcode – May 31, 2017
Florida judge orders reality TV actress to unlock Apple iPhone in ‘sextortion’ case – May 4, 2017
Miami sextortion case asks if a suspect can be forced to hand over Apple iPhone password – April 28, 2017
Feckless FBI unable to unlock iPhone, even with a ‘fingerprint unlock warrant’ – May 12, 2016
The Touch ID lock on your iPhone isn’t cop-proof – May 11, 2016
U.S. government wants your fingerprints to unlock your phone – May 1, 2016
Should you disable Touch ID for your own security? – May 9, 2016
U.S. government wants your fingerprints to unlock your phone – May 1, 2016
Virginia police can now force you to unlock your smartphone with your fingerprint – October 31, 2014
Apple’s Touch ID may mean U.S. iPhone 5s users can’t ‘take the fifth’ – September 12, 2013
Apple’s iPhone 5S with biometric identification: Big Brother’s dream? – September 11, 2013


    1. Exactly! A warrant was issued and that allows a search under the parameters of that warrant or the area of the private domain given in the warrant.
      It’s a reasonable search and seizure under the warrant.

      1. But we do not know the exact letter of the warrant. Seizing the iPhone is a normal type of lawful search and seizure under a warrant. But telling the person that they have to allow law enforcement officials to open up that iPhone using FaceID…was that actually in the warrant?

        In my opinion, using FaceID and Touch ID are fundamentally the same as using a passcode. The information from FaceID and TouchID are used to generate a mathematical construct to lock and unlock the device.

        In the end, this action by law enforcement appeared to gain relatively little information, but may end up invalidating the warrant. Hopefully, this will force the courts to make a judgment on protections from biometrics, since Congress seems incapable of discussing and developing useful legislation.

  1. “It appears Knight didn’t keep the device open long enough and so couldn’t start pulling out data with forensic kits.” Poor guys…only an hour to work with.
    Apple disabling usb forensic access via restricted mode was always just a cat and mouse move against Cellebrite, Elcomsoft, Greyshift et al. Greyshift said in June they had defeated Apple’s usb moves and had “many other” means built into their boxes.
    I expect AI to be deeply integrated into security in future updates.

    1. I agree. The statement is grammatically incorrect and confusing. To which noun does the pronoun “their” in the sentence refer back? There is no preceding pleural noun in the statement unless one assumes “the FBI” is pleural. Did the FBI agents use their face(s) to open the suspect’s phone?

  2. We have to set aside that if this guy is guilty of what he is alleged to have done he is a scum bag . . . and I think look at what smartphones have become. They are physical extensions of our thoughts manifested in messages, images and search whims. They contain fluid evidence not just of potential wrongdoing but of who we are as people. I think an expectation of privacy there is important to the human condition moving forward. Nothing is transmitted without service providers in the middle. I don’t know what’s wrong with good old fashioned law enforcement that involves these third parties responding to specifically scoped subpoenas. Full and unfettered access to one’s smartphone — unless done voluntarily — is very likely overkill in most investigations of most things. Congressional bodies at the state and federal level ought to be offering some modern guidance on this, and if a politician of either party offered up some good common sense legislation they’d have my support and vote even if it wasn’t perfect. There ought not be any inference by law enforcement that they are entitled to the full contents of a computing device unless it’s very specifically stated in the warrant, and that ought to be very rare. Further, no one should really have to just hand it over. I’d say if they don’t cooperate and evidence is found via third parties, that lack of cooperation will be noted and there will be ramifications within sentencing frameworks. But that is a choice people can make, not have forced upon them.

    1. Going back well before the US existed, complying with a warrant has never been “a choice people can make.” If somebody is presented with a valid court order, they can be forced to comply. Otherwise there would be no point in having a warrant requirement in the Constitution.

      Every search warrant is limited in scope, but it must be broad enough to allow a reasonable and meaningful search. There is no way to search a closet for a particular item without checking everything in the closet (including any closed boxes or drawers big enough to contain the item). The same applies to searching digital devices; you must check every place that could contain the targeted data.

  3. This is precisely the problem I have with relying upon FaceID. It can be used for what is essentially self-incrimination.

    The other is should hackers figure out how to get the data from your faceprint, things could get ugly quick. You have 10 fingers , but only one face.

  4. Squeeze the same two buttons you use to turn off you phone for a second if you are stopped by police or are about to go through airport security and you want to keep them from using Face ID. Once you do that your passcode will be required to reactivate Face ID.

  5. It amazes me how so many of you can not see that tech evolving is not alway doing so in the best way. The law of constitution is not going to change any time soon. If tech decided to make something new and call it a security key but that can be self incriminating (YOUR FACE)
    The issue is whether that tech is secure or the law needs improving.

    I would say the problem is the tech as your face is always going to be used as self incrimination even in a line up !

    Time to get some clarity on the real problem (Face ID)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.