Suspect Required To Unlock iPhone Using Touch ID in Second Federal Case (9to5mac.com) 233
An anonymous reader shares a report on 9to5Mac: A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014. The legal position of forcing suspects to use their fingerprints to unlock devices won't be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes. Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination -- though even this isn't certain. Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission.Ars Technica has more details.
what about copying them and makeing there own (Score:2)
what about copying them and making there own 3d printer finger? They have the finger prints from booking right?
Re: (Score:2)
That would depend on the sensor, but I can think of several ways to try, especially with recent tech. Heck, the Mythbusters hacked a biometric lock with a photocopy a decade ago. . .
Re: (Score:2)
TFA is not terribly clear... (Score:5, Insightful)
In either case, the moral of the story is, don't use your biometrics to lock your phone.
Re: TFA is not terribly clear... (Score:5, Insightful)
I don't think it makes a difference. It's well known that in IT security, the authentication factors are who you are, what you have, and what you know. The Constitution only protects the what you know factor. The who you are factor, which is almost entirely biometric, has almost zero protection. Why? Because all three branches of the government can compel you to identify who you are, and there is nothing in either the Constitution or any written laws saying otherwise.
Re: (Score:3)
Re: (Score:3)
I hope device manufacturers include functionality to allow one time fingerprint access before falling back to needing password or PIN access. That
Re: TFA is not terribly clear... (Score:5, Interesting)
I would like to see a "duress fingerprint". Force me to use my fingerprint? Fine, I'll use my middle finger which disables all biometrics until further notice.
Re: (Score:2)
And if they compel me to provide fingerprints, not only should I not have to tell them which fingerprint may unlock the device, it should be up to them to convert my fingerprint into a useful tool to actually unlock the phone.
Hopefully device manufacturers will include a configurable time window for the time to PIN/password fallback. It would be useful to adjust it based on usage from anywhere 0 to days, depending on what you think your exposure is.
Re: (Score:2)
And if they compel me to provide fingerprints ... it should be up to them to convert my fingerprint into a useful tool to actually unlock the phone.
Sorry, but that's simply not a reasonable restriction. If they can compel you to provide fingerprints, they can compel you to provide them by placing your finger(s) on the scanner of the iPhone they already seized as evidence. There is no rational cause to limit fingerprint collection to ink transfers on paper, or their own imaging equipment.
At most you could argue that the fingerprint scanner in the iPhone cannot be trusted to uniquely identify its user. That would be a difficult argument to win at the bes
Re: (Score:2)
I don't think it makes a difference either. The court probably waited too long before getting his fingerprint. If the phone had to restart for any reason, then the fingerprint won't work anymore. It will need his passcode. Both iPhones and Samsung phones require passcodes on restart.
Back to square one. The police will probably need a court order to get his passcode now.
Re: (Score:2)
iOS also only permits five Touch ID unlock attempts before the passcode is required, so smart criminals would either register their little finger and use up those attempts with other fingers.
So in this case, where a judge compels a suspect to unlock his phone using his fingerprint, and he blocks the phone with 5 bogus attempts, can he be held in contempt of court? Or he could claim that the phone didn't recognize his fingers because of sweaty hands.
Re: (Score:3)
"...smart criminals would either register their little finger and use up those attempts with other fingers."
That would be just as clear to me if it were written in German. What does that mean?
Re: (Score:3)
Re: (Score:2)
Which finger you use is akin to a password and you shouldn't be required to reveal it. Of course the police could be observant and notice which finger you use so it wouldn't be a very good technique.
Re:TFA is not terribly clear... (Score:4, Informative)
Or, more specifically, obstruction of justice.
If you refuse to give a legible fingerprint when your fingerprints are being taken at the jail, for example by trying to move your fingers back and forth so the ink smudges, the bailiff or other police official will just hold you down until they can get a valid read. You have no right to prevent that from being done.
If you do the same thing, but in a way that surreptitiously destroys the evidence on the phone in the process (knowledge of the switch, and your awareness that you're using the wrong finger to do it), you're destroying evidence. That's not just contempt, that's obstruction of justice .. and a nice federal jail sentence.
Re: (Score:3)
Was he compelled to actually put his finger on the phone, or was he just compelled to surrender his fingerprints? TFA is not precisely clear about that. If it's the former then that's incontrovertibly a violation of the Fifth Amendment.
Not a Fifth Amendment violation. He's not being required to testify as to anything he knows, it's just a physical characteristic. Other example would be voice exemplars - it's Constitutional to require a defendant to say "hands up, give me the money," as part of a "voice lineup," since saying that doesn't require the defendant to testify to any content or knowledge. United States v. Dionisio
Re: (Score:2)
Not a Fifth Amendment violation. He's not being required to testify as to anything he knows, it's just a physical characteristic. Other example would be voice exemplars - it's Constitutional to require a defendant to say "hands up, give me the money," as part of a "voice lineup," since saying that doesn't require the defendant to testify to any content or knowledge. United States v. Dionisio
That's a clear 1st amendment violation.
Re: (Score:2)
Actually, it's not, since there's no way any reasonable person could believe that, by repeating the words you're being instructed to say, you're endorsing those words. While it may be "spoken," it's not "speech."
Re: (Score:2)
Re: (Score:2)
After all, it's not the existence of the voice/fingerprint/password/key, it's the being forced to provide it for unlocking purposes that's F'd up.
Re: (Score:2)
Of course, if you are using a voice lock on something that opens with you saying, "Alibaba was a fool", and they try to force you to say that to the lock to open it, I doubt anyone would consider that anything other than being forced to give up your password and open your locked items.
After all, it's not the existence of the voice/fingerprint/password/key, it's the being forced to provide it for unlocking purposes that's F'd up.
Depends on the circumstances. If the gov't knows the password, and there's no question that the device is yours, then you could be required to state the voice passphrase. Again, the Fifth Amendment protects you from having to testify (i.e state something you know) against yourself. It doesn't protect you from having to provide charactistics of yourself (appearance, fingerprints, DNA, voice, etc.).
Re: (Score:3)
While I can't speak to every phone and every OS, apple devices on iOS9 already have a "fix" for this: Power off your phone.
When an iPhone is powered on, it requires that you type in the pin code or pass phrase. No biometrics here.
Re: (Score:2)
Ideally the print on one finger would unlock the phone, and the print on the other 9 would wipe it.
Would also be useful to have a specific passcode that wipes the phone immediately as well.
Re:TFA is not terribly clear... (Score:5, Interesting)
If [he was compelled to put his finger on the phone], then that's incontrovertibly a violation of the Fifth Amendment.
As someone who used to stand by that view, nowadays it strikes me as the stance of someone who values their privacy (as we all should!), but who hasn't thought through the ramifications of their stance yet.
For instance, I'd wager you have no problem when the police swab a suspect for their DNA, nor when a passed-out drunkard is compelled to provide a blood sample in the hospital after a DUI, yet in both cases the suspect is being compelled, potentially against their will, to provide something incriminating of themselves to a machine in the police's custody that will tell the police whether the evidence from the suspect is incriminating or not. That's no different than compelling a suspect to provide their fingerprint to a phone in the police's custody that may have the ability to incriminate the suspect.
In fact, both DNA evidence and the BAC measurement situation I described have made it through and been affirmed by the Supreme Court already (in some cases, multiple times), for the simple reason that the right against self-incrimination only extends to "testimonial" evidence (a.k.a. "communicative" evidence), not to "real" evidence...nor should it.
I recall reading portions of the majority opinions for some of the seminal cases in this area a year or two back when researching the topic, and one of them basically stated that if we took the notion that we can't collect incriminating "real" evidence to its logical conclusion, we wouldn't even be able to compel someone to reveal enough of their physical appearance for them to be recognizable to an eyewitness, which they asserted was utterly absurd and was clearly beyond the bounds of the protections afforded by the 5th Amendment. More or less, so long as the police have a warrant and aren't trying to compel any form of demonstration of knowledge (i.e. testimony), they're within their rights.
You've already said that you're fine with the police collecting fingerprints, which is good, since fingerprints are not testimonial/communicative in nature. But how the police collect and use them is left up to them to decide. Whether they collect them on a piece of paper, via an electronic scanner that stores them to local database, or by way of a sensor that writes them into a transient piece of memory on a mobile device makes no difference. In all three, they're simply compelling the suspect to provide a piece of evidence in their custody to a device or system in the police's custody. It's a simple transfer of physical evidence from the suspect to the police. The means may be different, but the thing being compelled is the same in all three cases.
That the evidence can be used to incriminate the suspect does not mean their rights have been violated. And the best course of action if you don't like that fact is to stop using real evidence (e.g. keys, fingerprints, etc.) as a locking mechanism.
Re: (Score:2)
the best course of action if you don't like that fact is to stop using real evidence
That's the trick though. Why is my phone not protected because I used a fingerprint while your phone is because you used a passcode?
In both cases, the access to evidence is exactly the same. Neither of us are providing testimonial information -- a passcode by itself says nothing about who you are or what you've done any more than my fingerprint does (and perhaps less since my fingerprint could potentially be matched against the crime scene.. but lets assume they've already got other copies of my print by
Re:TFA is not terribly clear... (Score:4, Informative)
Why is my phone not protected because I used a fingerprint while your phone is because you used a passcode?
The phone is not legally protected in either case. If they can find a way in, they can use the data. What is protected in the latter case is the fact that you know the passcode. If there is anything incriminating on the device then knowing the passcode which unlocks it would be tantamount to an admission of guilt. (Note that the passcode is generally not protected if they can separately prove that you have the ability to unlock the device, since at that point you would not be revealing anything incriminating.)
The principle behind the prohibition on self-incrimination is that no one who has not already proven guilty should be placed in a catch-22 where their only options are to confess their guilt or be punished for failing to do so. Allowing records to be taken of your physical characteristics does not even amount to providing testimony, much less testifying against yourself.
Re: (Score:2)
Why is my phone not protected because I used a fingerprint while your phone is because you used a passcode?
That's the thing: neither is protected against being searched. Your statement conflates the question of whether the police are allowed to access your phone with the question of whether the police are capable of accessing your phone. You appear to be well aware of the distinction, so your statement seemed a bit out of place in the rest of your comment, but as you suggested, in many situations, the police have the legal authority to access a device without necessarily having the means to do so.
And while the "
Re: (Score:2)
Was he compelled to actually put his finger on the phone, or was he just compelled to surrender his fingerprints?
The 5th only applies to testimony. Your finger print is not testimony.
They can already compel you to put your finger onto a finger print scanner or inkpad to collect your fingerprint.
It seems to me, that if we allow the government the authority to compel you to stick your finger onto anything (e.g. an inkpad) to collect your fingerprint; its not unreasonable that they have the authority to make you touch your phone too. With a warrant of course.
The upshot really should be, a fingerprint is a good way to kee
Nothing to hide != nothing to fear (Score:5, Insightful)
Moral of the story is Don't leave evidence on your phone. Or anywhere else for that matter.
Idiotic statement. Sometimes what isn't actually evidence of anything can be used against you. Just because you have nothing to hide does NOT mean you have nothing to fear.
If you need an explanation why watch this video [youtube.com].
Re:TFA is not terribly clear... (Score:4, Informative)
No, the moral of the story is don't use your fingerprint as a password.
Re: (Score:2)
Whenever this gets brought up on the "social" media, it gets downvoted or otherwise silenced. The convenience of the fingerprint seems to blind people to the fact that it is fundamentally terrible at security. A password or passphrase is the way to go.
I mean, if a bad guy has access to you and your phone, he doesn't need your permission or even your life to unlock a phone with the fingerprint. The fact that it is also more secure against governments should not be surprising, because it is more secure to
Re: (Score:2)
No, the moral of the story is don't use your fingerprint as a password.
My voice is my password.
Re: (Score:2)
Moral of the story is not to have a password.
If you have a phone cops cannot unlock, a reasonable jurist can assume that no one could have put any incriminating evidence on it to frame you, even if they could have.
If you have a phone anyone can use (no password) and you are separated from it at any time, you can bring up a very good reasonable doubt in court.
So just hang on to your phone and have no password. Don't put it on the table at restaurants, don't let it leave your person except at home, then you
Re: (Score:2)
Re:TFA is not terribly clear... (Score:5, Insightful)
There's (not a lot of...) case law that suggests a truly deadman switch that erases a device isn't considered destroying evidence. If you *do* something actively that triggers it, that's destruction and you can be charged. If by doing nothing, the device is erased, that's okay. You're also not under any obligation to mention such a thing exists.
So for example if you set something up to wipe the device if you sent a magic text message, that would be a problem. Something that wipes if you don't touch it for a week is generally considered legal. It generally goes with the idea that you can be held to consequences for your *actions*, but there's a higher bar to hold you accountable for your *inactions*.
Re: (Score:2)
Do you happen to have any case law on that? I'd love to see the precedence on that idea because somehow it looks like a distinction without a difference to me. If you routinely destroy evidence to avoid implicating yourself in a crime, I think the intent is pretty clear. That you automated the process, might not be a good thing when heading to trial because that's going to be used against you to show intent to cover up what you where doing, which may actually be worse than the "evidence" you got rid of.
Re:TFA is not terribly clear... (Score:5, Interesting)
Routinely destroying evidence to avoid implicating yourself could be a crime. However, having an automatic data retention policy likely would not be a crime. If you routinely back up your data to encrypted storage, a good practice, and then automatically delete old data you are being prudent, not a criminal. Just don't sit around with your partners in crime discussing how to thwart law enforcement by using data retention policies.
Intent matters. And intent is difficult to prove if there isn't any hard evidence and your actions have a legitimate purpose.
Re:TFA is not terribly clear... (Score:4, Insightful)
If you routinely destroy evidence to avoid implicating yourself in a crime, I think the intent is pretty clear.
But that's perfectly legal. That is, you're destroying documents or files (something routinely done everywhere, all the time), which is not currently "evidence". If you think you're under investigation, or have some reason to believe you might be investigated, then you are not allowed to destroy or tamper with any evidence. But, if you're in the habit of routinely wiping your devices and files, it would be difficult or impossible to prove that in some specific incident you knowingly did it to tamper with evidence.
So routinely wiping your data is a good strategy.
Re: (Score:2)
(I wouldn't put it past them to try, after all, they have before, but that's an uphill battle even for them.)
Re: (Score:2)
Given the choice between destruction of evidence or facing much more serious prison time on trumped up charges (even if you plead out). Picking the lesser charge is the way to go. I don't see any point on philosophizing on the matter when simple math will do.
Re:TFA is not terribly clear... (Score:4, Informative)
They aren't stupid, they bit copy (dd) the device when it's seized. Now a local police agency might not do this but anything involving the fed's is going to be copied the second they get their hands on the data, even if it's encrypted. This is directly to prevent challenges on data integrity and to prevent dead man switches.
Re: (Score:2)
Making an image of a random phone is not always possible nowadays. There is no hard drive to remove and make a forensic copy. That was the very issue with the iPhone case a few months back. If you have a way, I'm sure you could make millions at the next RSA event.
Re: (Score:2)
They aren't stupid, they bit copy (dd) the device when it's seized. Now a local police agency might not do this but anything involving the fed's is going to be copied the second they get their hands on the data, even if it's encrypted. This is directly to prevent challenges on data integrity and to prevent dead man switches.
Ideally, whenever the phone wipes itself and destroys its copy of the master encryption key to the phone's storage, then the only way to get the data is to use brute force the 128 bit random key. Even if you have a perfect copy of the data, without the key that's locked up in the phone's security processor, your copy is useless.
Re: (Score:2)
What you need is software in the phone that detects how you swipe your finger over the sensor. So, if you down-swipe, it unlocks the phone and works fine. But if you up-swipe, then it erases the phone and then unlocks it.
To avoid you getting prosecuted for destruction of evidence, the software needs to "wipe" the device back to an innocuous-looking state: delete all the photos, contacts, texts, etc., except for a few pre-selected harmless cat photos, and the only contacts and calls and texts left are ones
Re: (Score:3)
Works better if you put a false flag photo in there. Something that you can legitimately claim is the reason why you had the security in the first place.
A picture of a naked woman that is not your wife works well. Just bad enough to hide, not bad enough to get you in real legal trouble.
Destruction of evidence (Score:2)
Can you say destruction of evidence is a crime?
There are many circumstances [wikipedia.org] where it is a crime to destroy evidence.
Re: (Score:2)
Re: (Score:3)
"Exactly. I am very disappointed that people think it's okay to compel anyone to assist in any way one's own prosecution,"
I knew the wording of this would toss up responses like yours.
This is no different than an order to produce blood/cheek swab or even passwords. The accused have the right to remain silent -- they do not have the right to ignore lawful search warrants. If you really want to keep information that the law cannot touch then either memorize it or have a trusted spouse memorize it.
Re: (Score:2)
Exactly. I am very disappointed that people think it's okay to compel anyone to assist in any way one's own prosecution,
So... you would hold that opening the door when the police inform you that they have a warrant to search your premises for evidence of a crime is somehow different from unlocking your phone in the face of the same kind of legal request. Fine. Please tell us. In what way is it different?
Re: (Score:2)
Its different in one major way: If you fail to open the door, they can (and will) just break it down.
If you fail to unlock your phone on the other hand, the police are kind of screwed.
Sure they can beg Apple or Google for unlock abilities, but that's literally not possible for those companies to provide -- they intentionally do not retain the encryption keys in order to reduce their liability in cases like this.
The whole Apple fiasco a while ago wasn't them giving up the encryption key. What they did was
Re: (Score:2)
So all you have to do is lead the police to believe they can use your finger print, try all ten fingers, then boom no more data?
Re: (Score:2)
Don't break the law. If you don't like the law, work to get it changed.
Unpossible. There are so many laws that can be interpreted in so many ways, if an agent wants to pin something on you, they WILL find something. It has been widely reported that the average American commits 3 felonies a day, without even knowing it.
Fingerprint unlock stop working after that long (Score:2)
I got an OTA pushed to my Note from TMobile and now the fingerprint unlock stops being the unlock after reboot or so much time goes by. It wants a password after that. So, OK judge, here's my finger. Sorry, forgot the password.
Re: (Score:3)
I guess you'll be held in contempt of court until you remember the password. Duration: indefinite.
confusion about self-incrimination (Score:5, Insightful)
The key thing is that it is a right to not testify, or be a witness, which is the act of saying or stating something. If a person can be compelled to produce his/her fingerprints (something which in itself is not a testimonial act), then just because that unlocks something that incriminates the person does not mean they have been self-incriminated.
Re:DNS sample (Score:2)
Re: (Score:2)
And courts have held that these things can be compelled to be produced by (or from) a person without their consent if certain circumstances are met. But it requires a warrant
Re: (Score:2)
The key thing is that it is a right to not testify, or be a witness...
The clear intent of the 5th Amendment can be distilled to a single, unambiguous sentence: You cannot be compelled to assist in your own prosecution.
Collecting DNA evidence via compelled swabs, forcing a device to be unlocked, forced fingerprinting, etc. are all clear violations of the 5th Amendment. That our Judiciary has neutered our Constitutional protections over time is not a compelling counter-argument. If the framers of the Constitution could have predicted how, "paper and effects" have mutated over
Re: (Score:2)
but can the government compel you say a password aloud that will open a device, especially in that having that password proves you had access to incriminating documents
No, and it's a good point. Currently I don't believe that in any US jurisdiction a person can be forced to reveal a password (knowledge that would implicate him/her) in some action. That is different (or has been treated as different) from objective physical evidence that generally does not have a bias for or against a person (until it is linked to some other evidence that does incriminate the person in an criminal matter).
Re: (Score:2)
In the particular case here, it's a thumbprint for access - but can the government compel you say a password aloud that will open a device, especially in that having that password proves you had access to incriminating documents.
The distinction here would be that a password not only demonstrates that you had access, which is a simple matter of fact that can be established using physical evidence, but also that you had knowledge, which is testimonial in nature and can be used to incriminate you, meaning that they cannot request it. In contrast, a fingerprint merely demonstrates that you had access. The fact that that your access may help establish other incriminating evidence against you is secondary.
Re: (Score:2)
Re: (Score:2)
On the other hand, if the police has evidence that the computer or phone is yours, and that you have repeatedly used the password to unlock it, then giving the password is not self incriminating
Re: (Score:2)
What exactly is the problem? (Score:2)
The original problem — one with actual passwords — came from the painfully perverted reading of the Fifth Amendment (I wish, ACLU et al were as liberal reading the Second!). If you have to tell police your password that could be used against you, then the password became testimony (written or verbal) and so the police could not compel you to do that under the Fifth Amendment.
Well, fingerprints are neither said nor written, so the Fifth Amendment [wikipedia.org] does not apply. End of story — whether poli
Re: (Score:2)
I doubt, that's the case, but IANAL. All of the "layman" guides out there emphasize, that you don't have to open your house unless police have a warrant, which would seem to imply, that, when they do have it, you must open.
Or they can go back to the judge, who issued the warrant, and complain, And the judge may then find you in contempt — which is e
Power off, reboot, or stall (Score:2)
Starting with iOS 9, there's an 8 hour timeout on TouchID. Longer than that, and you need to re-enter your passcode. TouchID won't work. (Source: http://www.macworld.com/articl... [macworld.com])
And of course as others have mentioned, on power up, passcode is required once. So if there's any possibility of a police interaction, crashboot your phone (hold power & home for five seconds), or shut it down normally if you have the time. Failing that, have your attorney appeal EVERYTHING to blow the 8 hour timeout away
Backwards (Score:2)
Quick! (Score:3)
Bite off your fingertips and eat 'em!
Firth amendment doesn't apply to biometrics (Score:2)
This is consistent with previous interpretations of the law, and the reasoning is the fifth amendment only applies to the information that is stored in your brain. The fifth amendment is the only protection you have that prevents the government from being able to compel you to divulge your passwords. The important thing to take away from this is that all authentication systems that rely on biometric information can be lawfully circumvented with a court order. The only authentication system that is protected
Evidence vs searching (Score:2)
...Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission....
Historically, fingerprints have had value only as evidence. That is quite different than the biometric security usage that fingerprints also enjoy nowadays. Biometric security has morphed fingerprints from being only evidence to also being security passcodes.
.
imo, fingerprints, when used purely as evidence (i.e, as they have been used historically), should not require a search warrant.
However, when fingerprints are used for a security purpose (i.e.are not evidence, but a security key), then they sho
evil (Score:2)
It is unconscionable to force a criminal defendant to assist his or her own prosecution in any way whatsoever.
Yet another reason (Score:2)
Not to use your fingerprint to unlock/decrypt anything.
Thieves will love having to chop off fingers rather than trusting a victims claim of what their password/PIN is....
Joke's on them... (Score:2)
Biometrics are just stupid (Score:3)
I was against them as "passwords" due to - you can't change them if you're hacked.
I guess Apple isn't magic fairy dust after all...oh, wait.
Pretty easy to circumvent court order (Score:2)
Use your pinky (Score:2)
By the time they get to that finger, it will require a passcode to be unlocked.
Re:More Federal Stupidity (Score:5, Informative)
If you're not doing illegal stuff on your phone, you don't have to worry.
That works, until the government decides that your particular activity is a threat to government and makes it illegal. So no, you're incorrect, you should worry about what your government can do to you.
My particular solution would be to have a deadman's switch that erases the phone when using any finger but the one correct one. Or better yet, disable the Finger Prints from your phone, and use a proper PIN, which they cannot force you to divulge.
Re: (Score:2)
What if only one out of your nine fingers actually unlocked the phone, and the other nine deleted everything as a kill switch?
Re: (Score:2)
Re: (Score:2)
Nope. Refuse to tell which finger unlocks the phone. They cannot COMPEL testimony, and that is what that would be. They have one in ten shot of getting it right.
Re: (Score:2)
Personally, I'd configure it such that none of my fingers unlocks the phone, they should all delete data. But only after.. I don't know, lets say 3... successful reads of my fingerprint. That way I don't accidentally erase my data myself.
Re: (Score:2)
Re: (Score:3)
Destruction of evidence is a crime (current political figures aside) which will get you sent to jail.
May I suggest that it's a stupid idea to knowingly destroy evidence if you are the subject of a criminal investigation (or a civil lawsuit for that matter)? Now I guess if you know you are guilty, it might be worth the risk to you, but in general it's going to be a bad idea..
Re:Fingerprint might not work (Score:4, Insightful)
Destruction of evidence is a crime (current political figures aside) which will get you sent to jail.
May I suggest that it's a stupid idea to knowingly destroy evidence if you are the subject of a criminal investigation (or a civil lawsuit for that matter)? Now I guess if you know you are guilty, it might be worth the risk to you, but in general it's going to be a bad idea..
But you are under no obligation to indicate which finger correctly unlocks the phone. As long as you comply with the court order "place index finger on fingerprint sensor", you don't have to tell them that doing so will erase the phone.
Re: (Score:2)
BINGO!
Refuse to testify against yourself, comply with orders to place "finger" (you didn't say which one) on the reader. Place finger on reader and ... ooops.
Re: (Score:2)
I have the same question, I know that if I don't unlock my phone with my finger for several days (usually over the weekend) or if it powers down due to exhausted battery. it will require my entering my passcode. Unless they have a way to trick the phone into thinking no time has passed, I don't see what good a fingerpint will do them? The secure enclave will have dumped the fingerprint-tied key by that point and will require the regular passcode.
Forcing you to aid in a search (Score:4, Insightful)
your fingerprints aren't a testimony against yourself. Read the damn thing. "nor shall be compelled in any criminal case to be a witness against himself."
Your fingerprints absolutely can be evidence against you. That's not even a question. The police have a long established right to take your fingerprints when you are arrested and to compare them with gathered evidence.
That said I have a hard time reconciling this with the right against self incrimination in the Constitution. In principle I feel a biometric pass code should be legally no different than a memorized one. Either way you are being forced to potentially incriminate yourself. But I suspect that the legal system will rule that they are different and so if you want your phone to be secure against search and seizure you must avoid biometric pass codes unfortunately. The problem here is that they are not comparing your fingerprints against evidence they have found. They are in effect forcing you to open a lock on their behalf. I don't have a problem with them having the right to search but I don't see why the target of the investigation should be forced to aid in that search. If they can break down a door to do a search (with a warrant) then have that right but I don't see why I should have to hand over the key to the house so to speak.
Re:Forcing you to aid in a search (Score:5, Informative)
your fingerprints aren't a testimony against yourself. Read the damn thing. "nor shall be compelled in any criminal case to be a witness against himself."
Your fingerprints absolutely can be evidence against you. That's not even a question. The police have a long established right to take your fingerprints when you are arrested and to compare them with gathered evidence.
That said I have a hard time reconciling this with the right against self incrimination in the Constitution. In principle I feel a biometric pass code should be legally no different than a memorized one. Either way you are being forced to potentially incriminate yourself. But I suspect that the legal system will rule that they are different and so if you want your phone to be secure against search and seizure you must avoid biometric pass codes unfortunately. The problem here is that they are not comparing your fingerprints against evidence they have found. They are in effect forcing you to open a lock on their behalf. I don't have a problem with them having the right to search but I don't see why the target of the investigation should be forced to aid in that search. If they can break down a door to do a search (with a warrant) then have that right but I don't see why I should have to hand over the key to the house so to speak.
Courts have long held that you are required (once a proper warrant has been issued) to provide keys to any lock (such as a safe) that is the subject of search or evidence. However, you cannot be compelled to provide the combination of a safe that is secured that way. So they're using the same principle. Your fingerprint is something that you HAVE, so you can be required to provide it. A combination or password is something that you KNOW, and you're allowed to keep your mental secrets secret.
Re: (Score:2)
Can't you just say one or a combination of the following:
a) You don't remember what finger you used b) You used someone else's finger c) Let them "have" your hand but use the wrong fingers or make them guess what finger is correct d) Use the correct finger but do it incorrectly such that the device won't unlock e) say you never properly set a fingerprint id f) Or, and this is actually true for me, I pick my fingers and the fingerprint id doesn't work because my prints are not exactly the same for very long (and they were in a not-natural state when the passcode was set so it would be impossible to compel me to not pick at my fingers to gain access)
Or in other words - how can a court compel this when the court doesn't even know what they are compelling. Seems to me the easiest thing to do is say you never properly authenticated any of your fingers and thus are unable to comply. If they force you to try all your fingers - just do it wrong. We all know how finicky these devices are and it would seem easy to purposely incorrectly authenticate or damage your print enough to cause a failure.
There's a youtube video of a girl trying to get into her boyfriends phone while he's asleep. She tries one hand, then the other, then other fingers, and finally gives up and leaves. Th
Re: (Score:2)
Re: (Score:2)
(IANAL, ...) The fingerprint is usually used as a means to identify the person - the fingerprint itself is the evidence. Here it is used as means to gain access to the evidence - i.e. it is not itself used in the role of the evidence.
Re: (Score:2)
Would a key to the safe in which you keep your secret accounting be self-incrimination?
Re: (Score:2)
Re: (Score:2)
Yup, because that's something (the location) that you know, not something that you are.
Re: (Score:2)
That may be true, but in this case the issue is about unlawful searches of your personal papers...
However, with a judge's consent, authorities CAN search for evidence within your personal effects (papers, phones, computers what ever) and all it usually takes to get a Search Warrant is probable cause, and they had that. So in this case, I see no constitutional problem. If they have a search warrant, unlock the stupid phone and save yourself all the trouble. It's like opening the safe in your house.... I
Re: (Score:2)
Why? Given investigators apparently have a Search Warrant blessed by a judge, the whole affair has been subject to judicial review and meets the constitutional standards set forth in our bill of rights. It's not like jack booted thugs just physically forced somebody to unlock a phone, they have a court order. At this point, it's a stupid idea to resist, just unlock the phone.
Unless, of course, you know you are guilty and the prenatally for non-compliance is less than the crimes you know the phone will i
Re: (Score:2)
In Europe, we understand that, in this context, a fingerprint is equivalent to a password and deserves to be protected as such. You dumb fat Americans really should extend the same protections to fingerprints in this context.
Europeans don't know the difference between something you have and something you know. No wonder Great Britain wants out.
Re: (Score:2)
Re: (Score:2)