Court rules that Touch ID is not protected by the 5th Amendment


#1

[Permalink]


#2

This is why I disabled touch ID for “phone unlock”, but use it for most other things.

No court in the world can compel me to remember a lock-code I’ve forgotten. But they could theoretically compel me to put my fingertip in a given place.


#3

And that’s only referencing lawful court order scenarios. Cops can beat you unconscious and then just apply your fingerprint to the screen while you’re passed out if they decide they want in your phone…to, you know, search for “evidence,” like…naked pictures of your wife or girlfriend that they can share with their buddies.


#4

It’s a sticky issue. Hopefully an appellate court will recognize the difference between the longstanding practice of using fingerprints for identification and using the same fingerprint to unclock a phone or encrypted files; its not the collection of the print, but its usage that determines its constitutionality.


#5

Yeah, this ruling seems… Strangely coherent.

I can see how there may be some parallels to passwords, and, there should be some guard against the possibility, if any, that perhaps a device had your biometrics copied to it without your knowledge. That’s the second 5th amendment objection to compelled unlocking/decryption of digital devices, that your capability to do so demonstrates you had knowing access to it. In the case of biometrics, as long as they arn’t able to use the fact that a given fingerprint’s capability to unlock a particular container isn’t proof that the owner of said finger didn’t necessarily create that protection, (along with your comment about no risk of the obvious danger of the catch 22 of being forced to divulge a password you can’t remember/never knew) then I think this passes muster.


#6

Well, no matter how they access the phone or encrypted files, they presumably have a warrant. Whatever doubt there was on that requirement was extinguished rather recently by the supreme court. Once they have a warrant, I’m not sure what the issue is using fingerprints collected for identification purposes to effect the requirement of the warrant. After all, you can be compelled to produce physical access to a container when it’s a key or similar, via a warrant (of course, if you refuse to comply, they can simply cut their way in but, the example still stands, you’d be in contempt if you had it and refused to hand it over), and if they happened to have the key in their possession due to an earlier seizure, there’d be no issue using it to carry out the legal search.

As I mentioned in my other post, the issue that is different with passwords isn’t the digital or encrypted nature of the storage, it’s the fact that it’s in your mind, a place where things cannot be planted, and simply knowing and divulging that you know is evidence, and testimonial evidence, in and of itself. And that’s where you hit a major 5th amendment defect.

Yeah, that’d be just straight up corruption, regardless of the method or legality of the search itself.


#7


#8

Well, I know it seems naive, but I’m presuming that, because, if they don’t, they’re in a whole different category.

There might be a few cases for the next few years where police try to claim there wasn’t clear guidance on the state of the law at the time, but any searches occurring after mid summer of this year have no such excuse, as is made clear by Riley v. California.

If they’re searching without a warrant, they’re fucking dumb, because they can probably get one easier than any of the actual work of doing the search, and, if they turn up anything, it’d going to get smacked down by any competent defense lawyer. Personally I think the penalties for willful violation of the 4th should be much higher than “you don’t get to use the shit you stole if you get caught”, but, at a minimum, it would do them no good, and, it’d be just as easy to do it in a way where it WOULD.


#9

I’m guessing you’ve been traveling somewhere remote for the last couple of years.

Also, as I understand it, iOS 8 and the next release of android will encrypt the contents of the phone using the unlock code - so there is no equivalent of “cutting it open” if the user refuses to unlock. All that brute force will reveal is gibberish encrypted using that unlock code.


#10

Not at all, I was speaking only of the minor defect in the metaphor with the physical keys to fingerprint unlocks, in that physical devices you can cut open, digital ones, for the most part, you can’t. iOS’s change is only a small blip on that equation, that’s generally been the assumed balance for most serious encryption, they were an oddball outlier.


#11

The (perhaps unfair) crack about traveling was aimed at your assumption that police and spies have warrants where countless examples from recent news tell anyone who has been paying attention that that is rarely the case.


#12

I’m not sure I’d go with “Rarely”, but, that’s kind of beside the point. As I was saying in another post, if they’re doing it without court approval, then their conduct is entirely outside what this is talking about.

For instance, spies. They don’t give a crap about the 5th because, as a rule, they’re not really trying to incriminate anyone. They’re gathering intelligence for national security purposes. You’ll get no argument that it’s creepy as hell, and, if they do it to US citizens, they’re likely unconstitutional, and should be subject to punishment, but, that’s not got anything to do with making someone incriminate themselves, per se.


#13

I think I’m okay with this. Forcing someone to apply their thumbprint doesn’t seem like more of a violation than forcing them to give police their housekey. Information inside your head is still rightly protected.


#14

That’s interesting. Too bad Apple doesn’t let you choose a finger to be the one that instead of unlocking the device wipes it instead.


#15

Don’t use your forefinger or thumb for touchid. Enough failed attempts to unlock will force the pin.


#16

I fInd that unlocking with thumb and forefinger offers a lot of convenience.

But! I just tested this out and it totally works:

Register the print under the ball of your thumb’s first joint. It keeps your prints safe, yet still keeps your biometrics in a convenient place!


#17

It’s worth bearing in mind that TouchID won’t unlock an iPhone that’s been turned off. You need the PIN. You also need the PIN the first time you use after 48 hours.


#18

What, they can’t beat passwords out of people?

I would be shocked if any appellate court (even the 9th Circuit) reversed this kind of decision. The Fifth Amendment protects against testimonial self-incrimination. Fingerprints are not testimonial. Nor are blood tests or DNA evidence. Nor are keys. Nor are other forms of incriminating evidence that you have committed to documents, such as might be inside your phone, inside your desk drawer, or inside your safety deposit box.

This is not a Fourth Amendment or warrant issue, and shouldn’t be confused as such.


#19

I have a good idea which finger I’d choose for that.


#20

The main reason people have a problem with this is that, mentally, there’s a large difference between a fingerprint as evidence, and using your physical finger as a key. Fingerprints as plain evidence aren’t testimonial, but you’ve got to admit that being forced to unlock something with something that is (more or less) unique to you could easily be viewed as testimonial.