Monday, November 10, 2014

Cell Phone Owners Should Prefer Passcode To Fingerprint Protection

In America, you can't legally be forced to testify against yourself, or forced to reveal a cell phone passcode. But according to a judge in Virginia, a cop can commandeer your finger to accomplish the same thing. Here's Megan Geuss at Ars Technica:
A Virginia Circuit Court judge ruled on Thursday that a person does not need to provide a passcode to unlock their phone for the police. The court also ruled that demanding a suspect to provide a fingerprint to unlock a phone would be constitutional.

More than just the phone can be bent
The ruling calls into question the privacy of some iPhone 5S, 6, and 6 Plus users who have models equipped with TouchID, the fingerprint sensor that allows the user—and ideally only the user—to unlock the phone. It is possible for users to turn TouchID unlocking off and simply use a passcode, and Apple has provided certain extra protections to prevent TouchID privacy issues—requiring the entry of a passcode if the phone hasn't been used in 48 hours, for example. But if a suspect simply uses TouchID to open their phone, police could have a window to take advantage of that when apprehending them.
[/sigh] It's always something, and seldom something good. The assertion of courts is that knowledge from testimony (e.g., telling police a passcode) reveals the suspect's mind and thus cannot be compelled under the 5th Amendment... but a fingerprint is just a biometric, traditionally collected in police investigations. Once again, the law uses a quirk of technological change to enforce a distinction without a difference. Self‑incrimination, here we come.

(H/T Charles Kuffner.)


  1. Good catch! Will not be getting a biometric phone without a buried ID password. Ain't no such animal, yet!


    1. Nor will I, Shirt. It's hardly an issue for me at this time: my peripheral neuropathy prevents me from working a smartphone with my messed-up fingers; I simply can't coordinate those gestures. When my old Samsung Propel quit on me recently, I replaced it with... another Samsung Propel, bought used through Amazon. Moved the SIM card over from the old phone and it was (almost) as good as new. It has a password feature, but I take another approach: I don't keep my politically motivated phone numbers in it. And if I engage in any criminal activity, I sure as hell don't know what it is!

  2. Am I the only person who remembers that Kevin Mitnick spent four years in jail on charges of contempt of court for refusing to provide his PGP key?

    Courts have been all over on this subject. But one thing is true about passcodes as vs fingerprints -- armed goons with a court order can physically force your finger against a phone's sensor, but cannot physically remove a passcode from the depths of your mind.

    In actuality, depending on your mobile phone to be secure is a loser's game anyhow. These things are bugging devices that we voluntarily carry with us everywhere. The day that your freedom relies on the contents of your phone is the day you've already lost.

    1. "armed goons with a court order can physically force your finger against a phone's sensor, but cannot physically remove a passcode from the depths of your mind."

      The author made this point very clear. I don't think either one is much protection if the fibbers really want the contents of your phone, but we try as a point of principle to protect them, if for nothing else.



• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes