Judge Rules Suspect Can Be Required To Unlock Phone With Fingerprint

[mrjarrell]

So, you don't have to divulge your pass code but you do have to give up your fingerprint. Sadly, the person involved in this is not taking the case higher. I'd really like to see this overturned. On the upside, all you have to do is reboot your iPhone before you hand it over and a pass code will be required. Or, as is likely the case with this guy, his phone will require a pass code anyway, since they've had it more than 48 hours and a pass code will be required. Heh. Screw them.

Judge Rules Suspect Can Be Required To Unlock Phone With Fingerprint - Digits - WSJ

The solution:
Reboot Your iPhone Before Being Detained by Police to Disable Touch ID

 

[DanSwanky]

This is another reason why I still rock the flip phone. It lacks any features that are "smart" or incriminating.

 

[9mmfan]

I just changed my phones lock setting after seeing this story on CBS News this morning. Guy should definitely appeal.

 

[daddymikey1975]

So if the cops sieze your phone, so they turn it off immediately before taking it to a secure lab?

 

[cobber]

I'm not sure how this is more extreme than being forced to open your home, or turn over bodily fluids, pursuant to a warrant.

I would view those as higher-order intrusions.

 

[Draco]

Actually, despite the seeming similarity between passcodes and biometric authentication, I can respect the Court’s logic here. The passcode means divulging information against your will, this is something protected; the fingerprint, rightly or wrongly, is legally something that is taken as a matter of course. The privacy argument against fingerprinting has been settled; it is the very definition of routine now.

With that said, I have to wonder what happens if we rely on “Facial Unlock” or even something akin to an Iris Scan. Technically, they are not as routine as fingerprinting, but I think that the police would still be able to use these methods to unlock a device; they are not secrets, they are public-facing attributes. A warrant may be required, but it wouldn't be protected under the 5th Amendment.

With all that said, I suppose the best way to be protected would be a two-step authentication method that would rely on something biometric and another leg relying on a passcode. However, it seems so far as the law is concerned, it would be little better than just using a decent passcode from the start.

 

[CathyInBlue]

There are three ways for a computer system to authenticate a user:

1. Something you know.
2. Something you have.
3. Something you are.

Something you know is a password, phrase, swipe pattern for a touchscreen.

Something you have is a smart token, USB key with a cryptographic key onboard, or a challenge-authenticate token.

Something you are is a biometric signature, fingerprint, facial recognition, iris scan. There's even work on typing cadence such that just typing in your correct password is not enough, but the rate and relative timing between keystrokes becomes a part of the authentication.

As you go down the list, the relative strength of the authentication scheme increases. Passwords can be stolen without even realizing it's happened. A little black book with your passwords written in it can be stolen, but it would be obvious it had been. Your fingers can't be stolen without major evidence.

But you're telling me that with increased security comes increased susceptibility to court ordered divulgence? I can't be ordered to recite my password, but if I write it down, it can be subpoenaed? And now, if only my fingerprint will unlock my digital system, I'm not only required to provide my fingerprint, which they already have on a card, but I have to act to swipe it in the correct direction, at the correct speed, on the correct device to unlock it for the police? I call BS.

Let the police use the fingerprint they already have to try to break into my device, but if they fail, their only recourse should be to obtain a newer, fresher, higher resolution copy of my fingerprint. Obtaining the skeleton key is one thing, coercing me to put it in the lock and turn it is something else entirely.