Court rules that Touch ID is not protected by the 5th Amendment

I dunno, it doesn’t seem much different from e.g. making a defendant take his shirt off because the victim said the perp had a distinctive scar there. The police are allowed to look at your unique body features and communicate those differences to others; in this case they’re eliminating the middleman and getting you to communicate your features to your phone. I’m comfortable with “testimonial” being what’s inside your head, for the most part.

1 Like

Only if the result of the defendant having a distinctive scar there is that all of their documents were exposed. :-/

1 Like

so, your phone can testify against you?
I feel like this is an argument based on transitive analogies, rather like indicting the town drunk as a class A war criminal, on the grounds that he was disturbing the peace.

This is out of touch with reality

while they can get warrants easily in most cases, they very often do not have to, it is not like it used to be, times have changed.

There are several laws on the books in the US that add quite a large number of scenarios where warrantless searches are legal and permissible, many of them are practically blank check vague. If you are within X miles of the border or an international airport, if you are suspected of terrorism, if it is in the interest of national security, if the action is deemed necessary to prevent physical harm, if it was on your person during a legitimate arrest, if it was on the premise during a drug/weapon/explosives raid, if it was ditched/abandoned during a pursuit, if they directly witness criminal activity occurring on/with the device, and I’m sure a bunch of others I’m either forgetting or don’t know about. Not to mention third party permission from devices that are leased or part of service contracts. What they cannot do is force you to divulge your password and/or assist them in a warrantless search.

So um yeah, knowing your actual rights, where they end, and what you can do to protect them is kinda important.

They may be personal, but they aren’t testimonial in the sense that the Court has used the word: as an expression of internal mental processes.

Just like the document stored on your phone could testify against you if they were stored in a locked filing cabinet, inside your locked house, or anywhere else the authorities could search without violating the Fifth Amendment.

What’s the distinction? Presumably you would want the documents protected under the fifth because they tend to incriminate you… just like the scar does. Documentary evidence doesn’t belong to some special category that physical evidence does not. And executing a search warrant on a house has historically exposed just as many documents as searching a phone today does, yet such warrants have never been thought to violate the Fifth.

1 Like

You don’t carry your house in your pocket everywhere.

So what? Police don’t carry warrant-issuing judges in their pockets everywhere. And if police have a warrant, they can execute it against your house just as easily as they can against your phone.

Maybe they won’t realize I’m left-handed.

Is there a link to the opinion-- a document which explains the boundaries of this metaphor in a self consistent way? I don’t want to chase off after the red herring.

What metaphor? The Fifth Amendment protects people from being forced to incriminate themselves, and the standard is whether the evidence is testimonial. This decision surprised no one—the EFF has long said the exact same thing as this court apparently did, as have others (including me).

Here’s the link I included in that post:

The other reason to not use touch ID is plausible deniability. If you use touch ID it can be verified that you, and no one else, unlocked the phone while a passcode can be obtained, known or otherwise determined.


Fingerprints-for-ID seem like sort of a red herring in this case.

If anything, a phone that can be unlocked by contact with a physical token(even one attached to your finger) is far more like the various locked containers and rooms that predate most law codes. It’s the ones that can only be unlocked by means of possession of a secret that are a historical novelty.

I certainly don’t imagine that most locksmiths of history imagined a day when a ‘lock’ of sufficient sensitivity would exist that the ridge structure of a finger could be made to serve as the key; but there have been a lot of weird quirks introduced in the battle between locksmiths and lockpicks (neither most locksmiths of history nor Insane Clown Posse would likely have imagined that magnets would become a fairly routine part of higher end locks, in addition to purely mechanical details), and finger ridges fit reasonably adequately into that tradition.

Now, just for giggles: let’s take the two trains of thought and smash them into each other at high speed! By this metaphorical heap of flame and twisted cognitive steel I, of course, mean bitting codes. A physical key is an analog artifact, subject to wear and variation, unique; but (barring very old or very unusual ones) it is an embodiment of its bitting code, which tells you everything you need to know to turn a key blank into a compatible key.

If all keys to a given lockbox were lost or destroyed; but the suspect had knowledge of the bitting code, would that knowledge be treated as 5th-amendment-protected, or as merely equivalent to possession of the key? What if the suspect only possessed the blind code (and had no knowledge of the manufacturer’s proprietary conversion tables) and the blind code was not in itself incriminating without simultaneous possession of a substantial additional set of facts? What if the password for a computer device were the bitting or blind code of a physical key; but the knowledge that that was the case was held only by the suspect?

Unfortunately, depending on circumstance, that can cut either way: for privacy, anonymity, cop-proofing, etc. deniability is generally good.

However, (see most recently ‘chip and pin’/EVM and attempts to shift liability for fraud onto the customer rather than the bank or merchant, also some periodic auto-theft insurance wrangling over how impregnable various vehicles are or aren’t), just as the cops are eager to assume that it was you when it merely might have been you, there are other users of verification systems who are equally eager to insist that it was you when you fervently deny that you had anything to do with it.

In the first case, you should definitely run away screaming from biometrics(can’t repeat it enough: Biometrics Are Identifiers, Not Secrets); but in the second case you really want to be sure that either the system is ironclad or the other party admits and agrees that the system is quite breakable and is willing to let it slide.

1 Like


What you mention about “chip and pin” is flabbergasting! Chip & PIN is now the standard here in Australia and our cards also typically have contactless payment and, as far as I’m aware, this has done nothing to change the customers’ liability for fraud. If someone takes your card and somehow knows your PIN the bank’s insurance pays for the fraud. Sometimes it takes a couple of weeks or months to get your cash back if they emptied a debit account but you’ll get it back eventually.

PS: gold star for the ICP work-in :wink:

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.