Last year while investigating a child porn group on Amazon’s Wickr messaging app, the FBI used a previously unreported search warrant that forced one group member to unlock the encrypted messaging app using face recognition.
The Wickr group was known to share child sexual abuse material on the encrypted app. Encryption makes it nearly impossible for law enforcement to intercept Wickr messages.
And while the FBI has used search warrants to force users to unlock an iPhone with Face ID, the search warrant used in the Wickr investigation is believed to be the first known instance of the FBI obtaining a warrant to unlock encrypted messaging with a user’s biometrics.
According to the warrant, the suspect was first tracked down by the FBI via an unidentified foreign law enforcement partner who sent a request for information to the cloud storage provider hosting the illicit images. This gave them a Gmail address belonging to a 53-year-old Knoxville resident, Christopher Terry. Terry had prior convictions for possession of child pornography.
Law enforcement also received IP addresses used to create the links to the child pornography materials. Using administrative subpoenas, investigators asked Google and Comcast for additional information that enabled them to track Terry down and raid his home.
Once Terry was apprehended, the FBI obtained his unlocked phone. However, his Wickr account was locked using Apple’s Face ID facial recognition security. By then, Terry had asked for a lawyer so the FBI then asked a judge for an additional search warrant compelling Terry’s biometric facial recognition.
With the warrant approved, the FBI forced Terry to unlock his Wickr account through Face ID. He was then charged with the distribution and possession of child sexual abuse material.
As you can imagine, there is some pushback to warrants such as this.
Critics argue that it violates a defendant’s Fifth Amendment right against self-incrimination to compel the suspect to use his face to open a locked device or app.
Others argue that forcing a suspect to unlock a device using biometrics doesn’t violate the Fifth Amendment because it is not compelling a suspect to speak or incriminate himself. In short, biometrics is no different from fingerprints or DNA.However, some judges have pushed back against warrants for biometric unlocks. In two separate cases in 2019, judges in California and Idaho argued that biometric data was testimonial therefore law enforcement couldn’t compel the owners of the devices to use their faces to unlock them.