FBI Shows Fingerprints and Touch ID Aren’t Warrant-proof

| Analysis

Touch ID is more of a convenience than a security feature, and the FBI made that perfectly clear by obtaining a court order forcing a suspect to put their finger on the touch sensor and unlock their iPhone. The order shows courts still view our finger prints as physical evidence even when they serve as biometric keys to unlock devices and decrypt data.

Warrant let FBI use suspect's finger to unlock iPhoneWarrant let FBI use suspect's finger to unlock iPhone

Paytsar Bkhchadzhyan was arrested in late February, and only 45 minutes later FBI agents had a warrant in hand compelling her to place her finger on her iPhone's Touch ID sensor to unlock the device. Considering how quickly the warrant was obtained, the FBI probably assumed before the arrest and seizing the iPhone that Ms. Bkhchadzhyan's fingerprint would be the best way to gain access to her encrypted data.

U.S. courts have long held that our fingerprints are evidence and can be collected without a warrant. Compelling someone to provide their fingerprint as a means to unlock something, however, is more controversial, although in this case FBI agents didn't have any issues obtaining the order.

The argument supporting fingerprint unlock orders says they're akin to physical keys, which suspects can be compelled to provide through a warrant. Handing over a key isn't self incriminating, according to the courts, and as such providing a fingerprint to unlock a smartphone would fall under the same umbrella.

The other side of the argument is that when our fingerprints are used as biometric tools to unlock something they should be treated as if they're passcodes we've memorized but haven't written down. Courts can't compel someone to give up their device passcode because that would qualify as self incrimination. In the case of Touch ID, the implication is that any device your fingerprint unlocks is under your control, and a court forcing you to do so would go against the Fifth Amendment's delf incrimination protections.

University of Dayton law professor Susan Brenner told the Los Angeles Times, "By showing you opened the phone, you showed that you have control over it. It's the same as if she went home and pulled out paper documents — she's produced it."

Stanford Law School Center for Internet and Society director of privacy Albert Gidari disagrees and sees biometric unlock tools differently. He said, "Unlike disclosing passcodes, you are not compelled to speak or say what's 'in your mind' to law enforcement. 'Put your finger here' is not testimonial or self-incriminating."

Next up: The FBI doesn't like being in the dark

Popular TMO Stories



People forget they leave a copy of their fingerprint on every single thing they touch. That’s, to me anyway, why it’s not self incrimination: it is public already. For the same reason when someone brags about a crime they committed on FaceBook it’s not self incrimination. They made it public.


Remember that TouchID requires the actual password for activation:
- after starting up
- after 48 hours asleep
- after seven days

If you shut down your phone, rather than putting it to sleep, then a fingerprint will not unlock it.


Maybe a future release/update of the iOS will allow a user to designate a “booby trapped” finger print ?

Use your right thumb, and the iOS device unlocks as per usual, but your left thumb forces the iOS device to require the passcode ?


That’s brilliant.


Thanks geoduck.

They don’t happen often, but I do get the odd flash of genius.

(No wait, that’s gas…)

Lee Dronick

  They don’t happen often, but I do get the odd flash of genius.

And who was the genius who thought of Flash


“And who was the genius who thought of Flash”

Not sure WHO, but it wasn’t someone at Adobe. Flash was a Macromedia product, then acquired by Adobe. I wish it had dies right then, as did other pits and pieces that Adobe bought.



I hope Apple is listening. BRILLIANT!!!!!!

I liked TouchID until it became clear it was not actually a security measure, so I deactivated it and deleted all set finger prints (including starting fresh with new backups so as not to have it stored at all).



“... and deleted all set finger prints (including starting fresh with new backups so as not to have it stored at all).”

If you think about it, fingerprint info is NEVER backed up. It’s stored in the Secure Enclave. That doesn’t get backed up - it can’t be. Data goes in, data does NOT come out (except for the signatures and similar stuff).


TouchID is more a convenience feature than a security one, improving security only by encouraging longer passwords that don’t have to be typed as often.

Anyway, forcing me to touch a phone seems like a violation of my person, but they can already do that legally. Think of it like a cavity search. Very invasive and nobody likes it but legally available.

So what would happen if someone tries to arrest me and the first thing I do is try to shut down my phone? Will they tackle me and wrestle it from my hands? Can I sue them for police brutality then?


The more the courts treat our constitutional protections as an inconvenience to bypass, the more we need better protection on our data devices. Since the convenience of using a finger print lock has been usurped by the state, then the technology needs to change so the fingerprint is no longer the only lock.

I would like to see a voice command that would place a device in lockdown mode so it requires a two or even three phase unlock procedure.  While the officer is examining your iPhone, you say “Siri, lock” (or some code that a person would never accidentally say) and boom. Nobody gets in but the user who knows all three access phases.


Actually, it’s more of a problem with the police and FBI, rather than the courts.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account