Slashdot Mirror
The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com)
schwit1 quotes this report from the Daily Gazette: "As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
New option: set a finger to use which will cause the device to wipe. (I can think of an appropriate digit to use).
See this Slashdot article from October 2014: Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone. And that's not the first.
(IANAL.) The idea is that forcing you to reveal something you know (passcode, etc) is testifying and thus could be self-incrimination and not constitutional, but that forcing you to provide something about yourself is totally kosher. The analogy is being compelled to give up a key or DNA vs a safe combination - the former is searchable, the latter is not. Fingerprints are routinely taken upon arrest, even if the person is released without charges. Physical descriptions or stuff on/about you is not testifying. The argument to make here is a fourth amendment one about being "secure in ones papers" - but they have a warrant so that doesn't do any good anyway.
What it comes down to is the fifth amendment is a very important, but very circumscribed, right - not a get out of jail free card. Which shouldn't have been a surprise, really, otherwise the police would never be able to prosecute much of anything.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Fingerprinting is not new--not only is it required of criminal defendants as a matter of course, but many states take fingerprints for other reasons such as admission to the bar.
The Fifth Amendment right against self-incrimination does not apply because certain information is not considered "testimonial" in nature. You are not testifying when providing a fingerprint. While this is a slightly different case because the fingerprint is being used to unlock a phone, ultimately they are still not using testimony to unlock the phone--they are using a physical characteristic of an individual. So it will still be considered non-testimonial, and the appeals court that reviews the matter will agree.
The Fourth Amendment still protects you from a random search of your phone, but there was a warrant in this case.
Real lawyers write in C++
That approach won't work. The device won't take fingerprints after 48 hours. In fact, if the person simply refuses to submit to use of their fingers to unlock the device, they might get held in contempt, but after 48 hours, they can submit to the use of their fingers, and they're no longer in contempt, but it won't be of any value to the government.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Or just using a long password held only in the brain. A lot less complicated than multiple layers of security, works right now and is "safe enough" for most people.
For example, a police officer that doesn't respect your rights and asks to see the device contents without a warrant, because you were filming or were using your device in a manner they didn't like.
One drawback is the time it takes entering a long password when you need your device quickly or need to check it often.Although, Android does have a feature so you can set 'safe areas' where your password will not be needed once the device is unlocked once.
I have work and home set as places where I only have to enter the password about once or twice per day, no matter how many times I check the device.
If somebody stole my phone it will automatically lock once they leave WiFi range of home or work.
A good trade off between security and ease of use imo.
People are always criticising passwords, but passwords can be kept safely in one's mind. And there is no way for the government to extract that password from you.
One of the US presidential candidates this year disagrees, and believes in "advanced extraction techniques" or whatever the latest euphemism for torture is.
That said, the biggest problem with biometric authentication is that once the cat is out of the box, it won't get back in. You can change your password, but you cannot change your biometrics. Once they've been copied, they're compromised for the rest of your life.
For a fingerprint, that can be very easy to lift. A photo, or a glass, or a door handle. You don't even have to know that it's been taken.
Another big problem is that they're not as unique as we like to think. There have been cases where people have been found in a fingerprint database that were nowhere near where "their" fingerprint was found. With several billion people, there are going to be overlaps. And because of the implicit trust in biometrics, the onus is on the suspects to prove his or her innocence against something that is treated as infallible evidence.