The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.
It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.
Natanson has not been charged with a crime. Investigators searched her home in connection with alleged communication between her and government contractor Aurelio Luis Perez-Lugones, who was initially charged with unlawfully retaining national defense information. Prosecutors recently added new charges including multiple counts of transmission of defense information to an unauthorized person. Attorneys for Perez-Lugones did not comment.
The warrant included a few stipulations limiting law enforcement personnel. Investigators were not authorized to ask Natanson details about what kind of biometric authentication she may have used on her devices. For instance, the warrant explicitly stated they could not ask Natanson which specific finger she uses for biometrics, if any. Although if Natanson were to voluntarily provide any such information, that would be allowed, according to the warrant.
Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, told The Intercept that while the EFF has “seen warrants that authorize police to compel individuals to unlock their devices using biometrics in the past,” the caveat mandating that the subject of the search cannot be asked for specifics about their biometric setup is likely influenced by recent case law. “Last year the D.C. Circuit held that biometric unlocking can be a form of ‘testimony’ that is protected by the 5th Amendment,” Crocker said. This is especially the case when a person is “forced to demonstrate which finger unlocks the device.”
Crocker said that he “would like to see courts treat biometric locks as equivalent to password protection from a constitutional standpoint. Your constitutional right against self-incrimination should not be dependent on technical convenience or lack thereof.”
Activists and journalists have long been cautioned to disable biometrics in specific situations where they might face heightened risk of losing control of their phones, say when attending a protest or crossing a border. Martin Shelton, deputy director of digital security at Freedom of the Press Foundation, advised “journalists to disable biometrics when they expect to be in a situation where they expect a possible search.”
Instead of using biometrics, it’s safest to unlock your devices using an alphanumeric passphrase (a device protected solely by a passcode consisting of numbers is generally easier to access). There are numerous other safeguards to take if there’s a possibility your home may be raided, such as turning off your phone before going to bed, which puts it into an encrypted state until the next time it’s unlocked.
That said, there are a few specific circumstances when biometric-based authentication methods might make sense from a privacy perspective — such as in a public place where someone might spy on your passphrase over your shoulder.