Your face can and will be used against you.
During an FBI investigation of six Ohio men charged with sexually abusing children and creating child pornography, agents forced one of the suspects to unlock his iPhone X by showing his face to the phone.
On Aug. 10, federal investigators searched Grant Michalski’s home in Columbus, Ohio, and found an iPhone X. Agents required him to put his face in front of the phone to unlock it, according to court documents.
“The phone was unlocked pursuant to the facial recognition feature on the iPhone X, and your affiant was able to briefly review the contents of the phone,” the document said.
After unlocking the device at Michalski’s home through Face ID, investigators found chat logs detailing interests in child pornography.
But FBI agents haven’t been able to unlock the iPhone X since moving the seized device to the agency’s Columbus office. While they were able to unlock it on the spot with Michalski’s cooperation through Face ID, he hasn’t given investigators the password to his iPhone X.
Passwords are much harder for law enforcement to get than physical characteristics used for biometric locks such as Face ID and fingerprint readers. That’s because biometrics aren’t covered by the Fifth Amendment, which protects people from self-incrimination, like giving up their passwords.
That reason for the difference is that police can obtain biometrics, like your face and your fingerprints, through procedural measures such as mugshots, legal experts say. But passwords are something only the person who set them would know.
Several court cases involving Touch ID led to this legal precedence. The Ohio case is the first involving Face ID.
In the past, the Department of Justice has criticized Apple for making it difficult to obtain evidence on locked devices. The two tangled in a heated legal battle over unlocking a iPhone used.
Neither the FBI nor the DoJ responded to a request for comment. Michalski’s attorney didn’t immediately respond to a request for comment. Apple didn’t respond to a request for comment.
The legal difference between passwords and biometrics allowed FBI agents to request that Michalski unlock his iPhone X on the spot through Face ID. But they didn’t ask him for the password, and still don’t have it. In the FBI’s warrant, the agency asked to use extraction devices to pull data out of the iPhone X without requiring a password — which would include information like deleted photos and text messages.
It’s unclear what specific extraction device investigators are requesting from Columbus Police Department to extract that data without a password, but companies like Grayshift and Cellebrite have been known to provide that service to US agencies.
The Columbus Police Department didn’t respond to a request for comment.
In a May article from the Columbus Dispatch detailing the department’s digital forensics team, a photo showed a detective running digital forensics software from Cellebrite.