The iPhone belonged to Paytsar Bkhchadzhyan, the 29-year-old girlfriend of a man accused of being a member of an Armenian gang, according to Matt Hamilton and Richard Winton of the LA Times. She was sentenced in February for one count of identity theft, and just 45 minutes later, a federal judge signed a warrant authorizing law-enforcement officers to place her finger or thumb on the Touch ID sensor of her iPhone. It’s not clear what prosecutors are searching for on her phone.
The warrant was first discovered by Thomas Fox-Brewster of Forbes in March. Fox-Brewster examined “hundreds of court documents” but wasn’t able to find any previous example of a federal warrant for device-unlocking fingerprints.
The federal judge in Los Angeles may have moved quickly to sign and execute the warrant because there’s only a 48-hour window during which an iPhone will accept its user’s fingerprints. After that window—or after a restart—the phone will require a PIN or passcode to unlock.
The Fifth Amendment, which protects people from incriminating themselves during legal proceedings, prevents the government from compelling someone to turn over a memorized PIN or passcode. But fingerprints, like other biometric indicators—DNA, handwriting samples, your likeness—have long been considered fair game, because they don’t reveal anything in your mind. (Marcia Hofmann, a digital-rights lawyer, wrote a comprehensive rundown of the question in late 2013, when it was still hypothetical.)
Now that it’s clear that police are willing to ask for warrants for phone-unlocking fingerprints—and that judges are willing to sign them—security-conscious smartphone users are faced with a menu of mostly unsavory options.
A fingerprint and a long passcode provides a good balance between convenience and security—or it did, until courts began compelling fingerprint unlocks, said Chris Soghoian, the chief technologist at the American Civil Liberties Union. The alternatives are worse: A short PIN “lets you use your phone like a human,” Soghoian said, but can be guessed by a computer algorithm in certain cases. And a long passcode, while secure, is a pain to type in every time you want to check Tinder.
The only way to turn off an iPhone’s fingerprint-reader on the fly—without waiting for the 48-hour window to expire—is to turn it off. When it’s powered back on, it will ask for the device’s PIN or passcode, and won’t accept fingerprints. (If Bkhchadzhyan’s phone was off when police found it in her boyfriend’s home, her fingerprints won’t unlock it.)
Since Apple began encrypting its iPhones in 2014 and rolled out further security improvements alongside Touch ID, law enforcement has had to get increasingly creative to access the contents of the computers, tablets, and phones that they seize. The court fight over an iPhone used by one of the San Bernardino shooters, for example, only ended when the FBI paid for a technique to bypass the phone’s security. Similar hacking techniques—and more warrants for fingerprints—may become commonplace as the government confronts increasingly secure devices.