Although the FBI was finally able to decrypt the iPhone belonging to San Bernardino terrorist Syed Rizwan Farook by paying for a third party private hack, the issues around accessing content on a personal smartphone are not resolved. The FBI is figuring out how and if it can re-use the hack, but it’s not simply interested in what’s called “data at rest,” says FBI director James Comey. The FBI is also interested in “data in motion,” the emails, texts and other information in transit over the Internet as “hugely significant” for national security.
Bloomberg reports that Comey hasn’t ruled out litigation against companies such as Facebook’s WhatsApp, with more than 1 billion global subscribers. WhatsApp is already fighting the legal system in Brazil where judges have twice in the last six months temporarily blocked the service for not supplying court-ordered data. Comey says he currently has no plans to take WhatsApp to court, but that could change “down the road.”
State and local law enforcement would like to get access to the decryption hack that the FBI used to retrieve information from Farook’s phone. New York City police have 67 Apple devices pertaining to 44 violent crimes, says NYC Police Department’s head of intelligence Thomas Galati. But, notes Comey, it isn’t a simple case of just letting law enforcement use the same hack, because, unless there is a procedure to prevent it, the tool “would have to be revealed in a court proceeding.” In that case, says Comey, “its utility may be significantly decreased.”
But the police have another tool at hand; fingerprint-authenticated phones. There are an estimated 250 million phones globally that use fingerprint authentication, and all it takes is a judge’s “blessing on a warrant” to “compel a suspect” to press his finger to the phone and unlock it. “As the number of fingerprint scanners in hip pockets grows,” says Bloomberg, “district attorneys across the country say the technology is poised to become a major engine of evidence gathering.”
Los Angeles and Oakland have already activated warrants to unlock phones this way, but a lawsuit is required to delineate when a judge’s warrant for the fingerprint is and isn’t appropriate.
When a suspect argued that using his fingerprint to open his phone would violate his Fifth Amendment right against incriminating himself, a judge in Virginia Beach ruled against him, noting that typing in a passcode was a “mental process” but that asking for a fingerprint was more like drawing a blood sample. Orange County, California senior deputy district attorney Rahul Gupta says it’s just a matter of time before a higher court rules on the issue.
Although IDC estimates that fingerprint-scanning phones will be the majority in two years, they’re not a perfect solution for law enforcement. They have 48 hours after a person enables Apple’s Touch ID (or similar Samsung and LG features) to unlock the phone before it requires a PIN. When the phone is switched off and restarted, it does require the passcode. And as law enforcement increasingly takes this tack, criminals are sure to catch on.