AuthorParikh, Pratik

  2. INTRODUCTION 59 II. THE MECHANICS OF PASSCODES 61 III. THE MECHANICS OF TOUCH ID 64 IV. THE MECHANICS OF FACE ID 65 V. THE FOURTH AMENDMENT 67 VI. THE FIFTH AMENDMENT 70 A. COMPULSION: 70 B. INCRIMINATION: 71 C. TESTIMONIAL COMMUNICATION: 73 D. FORGONE CONCLUSION DOCTRINE: 75 VII. PASSCODES AND THE FIFTH AMENDMENT 76 VM. TOUCH ID AND THE FIFTH AMENDMENT 79 IX. FACE ID AND THE FIFTH AMENDMENT 82 X. CONCLUSION: THE CHOICE 86 Nearly all Americans own a cellphone (1), of those, seventy-seven percent (77%) own a smartphone. (2) Of the Americans who own a smartphone approximately forty-five percent (45%) are using the iPhone, an Apple device. (3) Since the introduction of the iPhone in 2007, the iPhone has stored: "[t]he music you buy, the [applications] you download, the photos you take, and all of the other content ..." (4) "As smartphones have become increasingly prevalent - and as users engage in a wide range of sensitive behaviors on their phones - these devices have become the latest front in the battle over digital security." (5)

    For years, users have been provided digital security by setting up a device passcode. (6) "In addition to unlocking the device, a passcode provides entropy for certain encryption keys. This means an attacker in possession of a device [cannot] get access to data in specific protection classes without the passcode." (7) Today, Apple provides digital security to its users in various forms: (1) four-digit numeric code; (2) six-digit code; (3) a custom numeric code; (4) a custom alphanumeric code; (5) Touch ID (8) ; or (6) Face ID. (9)

    With the releases of the new iPhone X and Face ID, constitutional issues may soon resurface. (10) Face ID is the "natural progression in the evolution of smartphone devices, implementing the latest technology to better protect the increasingly personal information that [users] store within."" Face ID modernizes authentication as "Face ID provides intuitive and secure authentication enabled by the state-of-the-art... camera system with advanced technologies to ... securely unlock[] [the] iPhone X." (12) The constitutional issues arise in law enforcement's ability to compel an individual to unlock their iPhone despite a user having a passcode, Touch ID or Face ID enabled. (13) These issues have already made its way to the courts and the media. (14) For example, in a recent sextortion case (15) where the defendant "threatened to release sexually explicit videos and photos of [a] social media star," (16) the judge ordered the defendants to provide law enforcement with the passcodes to their cell phones. (17) Similarly, in shows like Wisdom of the Crowd, an alleged defendant, who locked his cell phone before law enforcement could apprehend him, was compelled to produce his fingerprint. (18) However, the scenario that arises with the introduction of Face ID is as follows: "[yjou're stopped by the police and your phone is taken. Can [law enforcement] just turn your phone around, point it at your face, and gain access to everything on the device?" (19)

    This note will attempt to address the above scenario and provide a possible conclusion on the best method to protect one's iPhone from the prying eyes of law enforcement. Parts 1-3 provide a technical background on passcodes, Touch ID and Face ID, and the secondary security Apple has implemented. Part 4 establishes the requirements to search or seize an iPhone pursuant to the Fourth Amendment. Part 5 details the requirements for an act to be protected under the self-incrimination clause of the Fifth Amendment. This Part also explains what must be established for the foregone conclusion doctrine to apply. Part 6 summarizes how courts have discussed passcodes in relation to the self-incrimination clause. Part 7 explores how courts treat biometrics, specifically fingerprints, in relation to the self-incrimination clause. Part 8 attempts to take the courts' reasoning from passcodes and Touch ID and apply that reasoning to Face ID. The goal of this Note is to predict how courts may rule on challenges to a defendant being asked to "produce" his or her face to unlock the iPhone X. The Note will conclude by explaining which method of encryption provides iPhone users the most constitutional protection.


    Passcodes act like gatekeepers to the iPhone and the data stored on them. (20) The iPhone's operating system, iOS, only supports sixdigit alphanumeric passcodes, four-digit numeric codes, and arbitrary-length alphanumeric passcodes. (21) By having a passcode, "the user automatically enables Data Protection." (22) Data Protection causes "a new encryption key to be generated [which is] used to encode certain files that have been marked as critically important by iOS." (23) Therefore, someone other than the actual user should not gain access to the iPhone or the data "in specific protection classes without the passcode." (24)

    In order to further assure that someone other than the actual user cannot gain access to iPhone, Apple has developed various "fail switches" (25) to battle attempts of brute-force passcode entry. (26)

    To discourage brute-force passcode entry "there are escalating time delays after the entry of an invalid passcode at the Lock screen," as detailed in the chart below. (27)

    Delays between passcode attempts 28 Attempts Delay Enforced 1-4 None 5 1 minute 6 5 minutes 7-8 15 minutes 9 1 hour According to Apple's report, it could "take more than [5 and a half] years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers." (29) However, as the chart below indicates, utilizing a six-character alphanumerical passcode that is case sensitive would make the brute force entry nearly impossible or not worth the time and effort even by a computer. (30) Therefore, a user with a more complex passcode may automatically deter anyone attempting a brute-force passcode entry into the iPhone (see figure below). (31)

    Passcode Hacked by Hacked by Hand Computer Four characters 7 minutes 208 days (numbers) Four characters: 19 hours 29 days alphanumeric (letters + num- bers) Four characters 7 days 8 months (alphanumeric + case-sensitive Six characters 11 hours 17 days Six characters 103 years 33 months (alphanumeric) Six characters (alphanumeric + 72 years 2,700 years case-sensitive) A secondary fail switch that Apple has instituted is the automatic wipe of the device. (32) If after ten (10) consecutive incorrect attempts and with Erase Data turned on, the device will automatically wipe. (33) "This means the device will not only get disabled at a certain point but it will also delete your private data to ensure it [does not] get into the wrong hands." (34)

    Therefore, with a passcode in place and the combination of a delay between passcode entry attempts and an automatic wipe, a user's iPhone and personal information should be fairly protected. (35)


    Touch ID allows for a device to be unlocked, when a user scans and iOS recognizes an enrolled (36) fingerprint. (37) However, the fingerprint sensor is only active upon the touch of a finger to the steel ring, which surrounds the Home button. (38) The sensor "take[s] a high-resolution image from small sections of your fingerprint from the sub[-]epidermal layers of your skin." (39) Once the images are captured, Touch ID analyzes the images with a "remarkable degree of detail and precision." (40) At which point, Touch ID "creates a mathematical representation of your fingerprint and compares this to [the] enrolled fingerprint data to identify a match and unlock [the] device." (41) Apple suggests that the odds of "a small section of two separate fingerprints [being] alike enough to register as match for Touch ID" is so rare, (42) that the probability of two alike fingerprints is 1 in 50,000 with a single, enrolled finger. (43) Therefore, "there is no such thing as an easily guessable fingerprint pattern." (44)

    Nevertheless, Apple has implemented additional precautions to protect an iPhone user who uses Touch ID to unlock their iPhone. (45) Touch ID allows for only five unsuccessful matches before requiring the entry of a passcode. (46) Additionally, iOS 11 users can temporarily disable Touch ID by "squeeze[ing] the side button and either volume up or volume down," forcing a passcode to unlock the iPhone. (47) Upon triggering a passcode, the odds of successfully completing a brute-force passcode entry, as discussed above, would become difficult and potentially risk a complete wipe of the device. (48)

    Therefore, with Touch ID as the primary form of protection (49) and a secondary passcode protection (50), the iPhone should be fairly secure.


    The iPhone X and iOS 11 are allowing users to unlock the iPhone X "[w]ith a simple glance." (51) Apple has branded this feature as Face ID. (52) "Face ID requires a facial match--or optionally the passcode--at every wake." (53) Setting up Face ID, requires the user to "follow the on-screen instructions, which involve[s] moving your head in a circle so a camera can take multiple shots of your face for a [three-dimensional] map." (54) For every subsequent attempt to unlock the iPhone X, the TrueDepth camera system (55) will

    "produce more than 30,000 dots of invisible [infrared] light to create a three-dimensional map (for area and depth) of [the users] facial landscape." (56) Those images are then sent to iPhone X's "computer processor to build a [three-dimensional] mathematical model (map) of [the users] face," which "is presented to the computer's algorithms and compared against" the enrollment images. (57) At which point the processor will determine whether the verification and enrollment images have a "comparison score [] higher than a certain threshold value," if so the iPhone X will unlock. (58)

    Apple claims that "the probability that a random person in the population could look, at your iPhone X and...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT