Fingerprints and Red Herrings


On February 16, 2017, a US judge denied an application for a search warrant which included the power for police to compel anybody in the house being searched to provide their fingerprint in order to unlock their iPhone. You can read the whole decision if you like.

Before we begin, and on a serious note, it's important to point out the allegations made by police in this case are very serious; they include receiving and trafficking in child pornography. Police suspect multiple victims are/were being sexually abused and that the images of this abuse is being distributed by someone at the subject address.

That is the fire we're playing with here.

I've said it before, and I'll say it again, from the perspective of those inclined to more order than law, and from the perspective of those seeking to curtail liberties, child pornography cases are the ideal time to make new law. Ideal in the sense that the facts of the case, although important to the determination of whether or not a search warrant will be issued, are a red herring.

People know how they feel about those who create and deal in child pornography.


Therefore, the end (of stopping these clearly bad people) justifies the means (of compelling someone at the subject address to put their finger on their phone to unlock it).

What's the big deal?

Won't somebody think of the children... etc.

Note: These are not herrings; real fish are gross and I didn't want to put them up here. Focus, people.

Compel someone at the subject address. That was a big part of why this application was denied. The judge took the prosecutor to task for using dated language and a simplistic view of personal electronic devises and, I kid you not, how wireless internet works.

For example, the prosecutor referred to a Blackberry as a "Personal Digital Assistant". What is this, 1995?

The application contained no discussion of wireless internet and the potential for nefarious persons to co-op the wireless connections of innocent people for the purpose of concealing their nefarious activities. Here's what the judge said:

"[A]n unsophisticated internet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously. Such practices leave open the possibility that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises."

Translation: Wireless internet is a thing. Some people give out their wifi passwords or don't have wifi passwords at all. It's possible person B could be using person A's internet without person A's knowledge. It's also possible person A and person B live in the same house and that person A doesn't know what person B is doing.

To drive this point home, the judge wrote his decision while downloading torrents on a laptop sitting outside his neighbour's house using his neighbour's wifi connection.

Just kidding. That didn't happen, but I kind of wish it did.

The application requested the usual search of a premises and the extra-ordinary authority to compel individuals to provide their fingerprints. Based on other information the prosecutor presented, they had enough information to get the regular warrant, but not enough to compel anyone at that address to provide their fingerprints to unlock their device.

The judge found the application didn't have enough information regarding the individuals at the address, including any previous criminal activities or possible links to child exploitation. The judge also found the application to be light on the technology front. The judge found there wasn't enough information on devices themselves or files that may be found on them.

"For the reasons stated, the Court does not find, under the circumstances presented here, that the government has established a proper basis to force any individual at the subject premises to provide a fingerprint or thumb print in an attempt to unlock any Apple device that may be found."

So, if the police have no information about who is in a house, what devices are in the house, who is using the internet connection, or what potential connections the people in the house have to child exploitation (if any), a judge will not allow the police to compel everyone in the house to unlock their phones with their finger prints.


The judge went on to discuss the difference between finger prints and the act of collecting finger prints. In the US, there are no privacy rights in a finger print; however, there are Fourth Amendment protections (the right against unreasonable search/seizure) connected with how the fingerprints are obtained. Collection of fingerprints (in the context of executing a search warrant) engages Fourth Amendment protections. Forcing someone to provide their fingerprint to unlock a device is more like to collecting the fingerprint, thus engaging the Fourth Amendment. The judge found there simply was not enough information to infringe on this right.

Fifth Amendment rights (right against self incrimination) are engaged where someone is compelled to produce information that may incriminate them. For example, the state cannot compel you to decrypt a hard-drive containing information that might incriminate you (so long as the content of the hard-drive isn't a foregone conclusion - that's another post).

The judge in this case found that fingerprints in the 1960s are different than fingerprints today.

Let me explain. In 1967 the court ruled there was no Fifth Amendment protection preventing fingerprinting.  That decision was decided around the same time the IBM 2314 direct access storage facility was introduced. It was larger than most Vancouver apartments. The only thing that was portable about this elephant was the removable 29 MB disk packs.

29 MB.

I have a 128 GB iPhone. That's 128,000 MB.

I also have 50 GB of iCloud storage. That's 50,000 MB.

My Touch ID accesses all of that information as well as all my social media accounts and email account....s.

You get my point.

According to futurists in the 1960s, the future was full of silver-clad sex-bots and laser beams. There is no way they, let alone the courts, could have anticipated a seemingly unlimited amount of information pertaining to our most personal and private selves being protected only by our fingerprints.

Cell phones are not cell phones. They're minicomputers. Courts in both the US and Canada have recognized this. Our fingerprints allow access to these minicomputers. Therefore, our fingerprints, in this context, benefit from Fourth and Fifth Amendment protection.

Although this application was reviewed and denied in the US, the legal developments of our, somewhat unruly, neighbours inform our interpretations of our own equivalent laws - s.7 (Life, Liberty, and Security) and s.8 (Search and Seizure) of the Charter of Rights and Freedoms.

I would like to say the trend, in both Canada and the US, will be toward protection of privacy and non-compulsion; however, that's unlikely. Recent treatment of Canadians (and US citizens?) at the US border suggest the trend is toward compulsion. The border and our homes are two different things, but trends are trends.

The government knows you have stuff on your phone. They know they can access more stuff about you if they have access to your phone.

Do they want to know the stuff? Maybe. I'm pretty boring.

It's more likely they want you to get used to giving them the stuff without protest because you're required to do so by law...

because... child pornography.

because... Terroism.

You Might Also Like


Popular Posts