Saturday, November 1, 2014

Police Can Require Cellphone Fingerprint

Chuong H Nguyen (via Daniel Jalkut):

A Virginia Beach Circuit Court judge ruled that law enforcement officials can compel you to unlock your smartphone with a fingerprint, but that they can't force you to enter in your passcode or password to unlock your device. Judge Steven Frucci says that obtaining a fingerprint is like obtaining a DNA sample or a physical key, things that would have to be surrendered in an investigation anyways. Passcodes would be considered knowledge, and not a physical object, so they deserve more protection under the law.

Nick Heer:

A workaround for this, if you’re interested, is to simply shut off your iOS device before the police seize it; it will require the passcode when it wakes.

5 Comments RSS · Twitter

Average human being has 10 fingers; TouchID requires a password after five (5) failed attempts. Go wild!

“Sorry officer, must have eaten something wrong”

And i can already hear the director of the FBI and other similarly unsavoury characters (and their counterkicks worldwide) screaming for a law making it mandatory that everybody uses the same finger for TouchID.

The actual court ruling wasn't released until yesterday. The WaPo has analysis and a link to the ruling.

tl:dr summary:

- Contrary to initial speculation, the court did not rule on whether or not a suspect could be compelled to enter or reveal their passcode. They came to the fingerprint decision without deciding on passcode compulsion.

- The court made an interesting aside on the difference between compelling a suspect to reveal their password, and compelling a suspect to enter their password, seeming to side with the idea that compelling a suspect to enter their password was less offensive to the 5th amendment than compelling a suspect to reveal their password. But again, they made no ruling on any part of the passcode aspect.

- The decision is that of an ordinary state trial court, not an appellate court, let alone a federal appellate court. So the decision is nowhere near final even in Virginia, let alone nationwide.

"Average human being has 10 fingers; TouchID requires a password after five (5) failed attempts. Go wild! “Sorry officer, must have eaten something wrong”

Were you to try that in real life, assuming a court judge thought it was your device, you would surely be indefinitely imprisoned under Contempt of Court, without a trial, which would last until you unlocked the device, or had the very uncertain outcome of an appellate court stepping in on your side to void the local court's Contempt order, which would only occur after a very long wait in prison.

(The above does not apply only in certain parts of Alabama, Florida, and Georgia, which are the only jurisdictions where a Federal appellate court has ruled that compelling a suspect to enter a passcode/password violates the 5th amendment. You would face Contempt imprisonment even in Virginia, despite the recent ruling.)

Finally, as long as we're on the topic, worth noting that estimates are that somewhere between a third and a half of US citizens have fingerprints on file in a national database.

And, apparently, defeating TouchID from a fingerprint on file is trivial.

Just worth noting.

[…] Previously: Police Can Require Cellphone Fingerprint. […]

Leave a Comment