Slashdot Mirror
The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com)
schwit1 quotes this report from the Daily Gazette: "As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
New option: set a finger to use which will cause the device to wipe. (I can think of an appropriate digit to use).
See this Slashdot article from October 2014: Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone. And that's not the first.
(IANAL.) The idea is that forcing you to reveal something you know (passcode, etc) is testifying and thus could be self-incrimination and not constitutional, but that forcing you to provide something about yourself is totally kosher. The analogy is being compelled to give up a key or DNA vs a safe combination - the former is searchable, the latter is not. Fingerprints are routinely taken upon arrest, even if the person is released without charges. Physical descriptions or stuff on/about you is not testifying. The argument to make here is a fourth amendment one about being "secure in ones papers" - but they have a warrant so that doesn't do any good anyway.
What it comes down to is the fifth amendment is a very important, but very circumscribed, right - not a get out of jail free card. Which shouldn't have been a surprise, really, otherwise the police would never be able to prosecute much of anything.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
I think you have a bit of a misinterpretation of the fifth amendment.
The explicit text related to self-incrimination is:
"...nor shall be compelled in any criminal case to be a witness against himself; ..."
which is generally interpreted as:
"The Fifth Amendment protects criminal defendants from having to testify if they may incriminate themselves through the testimony. A witness may 'plead the Fifth' and not answer if the witness believes answering the question may be self-incriminatory."
So, the fifth amendment specifically applies to testimony.
So while you can't be compelled to provide authorities with your decryption key for instance, we have recently seen here that you can be ordered to perform the decryption itself and be held in contempt of court for not doing so.
I've always wondered why people would think that fingerprints are a highly secured method of authentication. You leave the things around everywhere you go and you can't change them if they are compromised. Imagine if you dropped little strips of paper with your password (that could never be changed) written on it everywhere you went. How long would your "highly secured" password last if someone decided they wanted into your account? Especially if that person was the government?
Heck, if the government has your phone, chances are they have your fingerprint on your phone (or have access to somewhere you've been that you've left your fingerprints). Even if they don't have you in custody (and thus didn't fingerprint you), they can use those fingerprints to gain access to your phone.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
That approach won't work. The device won't take fingerprints after 48 hours. In fact, if the person simply refuses to submit to use of their fingers to unlock the device, they might get held in contempt, but after 48 hours, they can submit to the use of their fingers, and they're no longer in contempt, but it won't be of any value to the government.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Fingerprints are not passwords. If you use them that way, you're an idiot.
At best, fingerprints are shortcuts for your USERNAME. You can use them in systems like that - school library and dining hall systems are perfect, you're not interested in "security", you're just interested in determining the correct child to a certain degree of accuracy quickly.
Your password should still be something that only you know.
People using fingerprints for passwords are deliberately making their machines less secure.
Any finger wipes it, middle toe of right foot unlocks it.
People are always criticising passwords, but passwords can be kept safely in one's mind. And there is no way for the government to extract that password from you.
One of the US presidential candidates this year disagrees, and believes in "advanced extraction techniques" or whatever the latest euphemism for torture is.
That said, the biggest problem with biometric authentication is that once the cat is out of the box, it won't get back in. You can change your password, but you cannot change your biometrics. Once they've been copied, they're compromised for the rest of your life.
For a fingerprint, that can be very easy to lift. A photo, or a glass, or a door handle. You don't even have to know that it's been taken.
Another big problem is that they're not as unique as we like to think. There have been cases where people have been found in a fingerprint database that were nowhere near where "their" fingerprint was found. With several billion people, there are going to be overlaps. And because of the implicit trust in biometrics, the onus is on the suspects to prove his or her innocence against something that is treated as infallible evidence.
I always wondered if a dick-print could be used to unlock an iPhone.
Never got around to it as it turns out, if you tell everybody that's what you do, nobody touches your phone anyway.