A Virginia Circuit Court judge ruled on Thursday that a person does not need to provide a passcode to unlock their phone for the police. The court also ruled that demanding a suspect to provide a fingerprint to unlock a phone would be constitutional.[/sigh] It's always something, and seldom something good. The assertion of courts is that knowledge from testimony (e.g., telling police a passcode) reveals the suspect's mind and thus cannot be compelled under the 5th Amendment... but a fingerprint is just a biometric, traditionally collected in police investigations. Once again, the law uses a quirk of technological change to enforce a distinction without a difference. Self‑incrimination, here we come.
The ruling calls into question the privacy of some iPhone 5S, 6, and 6 Plus users who have models equipped with TouchID, the fingerprint sensor that allows the user—and ideally only the user—to unlock the phone. It is possible for users to turn TouchID unlocking off and simply use a passcode, and Apple has provided certain extra protections to prevent TouchID privacy issues—requiring the entry of a passcode if the phone hasn't been used in 48 hours, for example. But if a suspect simply uses TouchID to open their phone, police could have a window to take advantage of that when apprehending them.
More than just the phone can be bent
(H/T Charles Kuffner.)
Good catch! Will not be getting a biometric phone without a buried ID password. Ain't no such animal, yet!
ReplyDeleteShirt
Nor will I, Shirt. It's hardly an issue for me at this time: my peripheral neuropathy prevents me from working a smartphone with my messed-up fingers; I simply can't coordinate those gestures. When my old Samsung Propel quit on me recently, I replaced it with... another Samsung Propel, bought used through Amazon. Moved the SIM card over from the old phone and it was (almost) as good as new. It has a password feature, but I take another approach: I don't keep my politically motivated phone numbers in it. And if I engage in any criminal activity, I sure as hell don't know what it is!
DeleteAm I the only person who remembers that Kevin Mitnick spent four years in jail on charges of contempt of court for refusing to provide his PGP key?
ReplyDeleteCourts have been all over on this subject. But one thing is true about passcodes as vs fingerprints -- armed goons with a court order can physically force your finger against a phone's sensor, but cannot physically remove a passcode from the depths of your mind.
In actuality, depending on your mobile phone to be secure is a loser's game anyhow. These things are bugging devices that we voluntarily carry with us everywhere. The day that your freedom relies on the contents of your phone is the day you've already lost.
"armed goons with a court order can physically force your finger against a phone's sensor, but cannot physically remove a passcode from the depths of your mind."
DeleteThe author made this point very clear. I don't think either one is much protection if the fibbers really want the contents of your phone, but we try as a point of principle to protect them, if for nothing else.