In a police encounter, could your iPhone thumbprint be used against you? Maybe

[Permalink]

I’m not an American, but hasn’t it already been established that they can force you to hand over a physical key, but not a PIN?

It’s also worth noting that as of June of this year, you have no Fifth Amendment protection unless you verbally demand it.

I think that depends where you live. They can certainly demand passwords from Brits. I think the issue is not completely decided yet in USA.

Link discusses 5th Amendment, so America is germane to the conversation. Also, yeah, trivial problem to solve in the UK.

If my fingerprint gets entered into my iphone, then that phone is compromised by some sort of app that steals that info, it’s not like I can pick a new fingerprint. At least with a password/pin number, I can change it if it’s compromised.

2 Likes

Ripped from the headlines. Watch for this to show up on “Law and Order: WTF?” Dick Wolf’s new show for the Fall season that follows the daily activities of a couple of private contractors for the DHS and the head scratching that follows at the Justice Department as they try to make cover for our heroes.

That is true, and also why good auth schemes use two different types of auth in combination, not just one based on a physical trait.

1 Like

Oh it’d never get compromised! Apple is secure like that.

As has has been pointed out on numerous occasions already, the iPhone 5S does not store the actual fingerprint, but rather it stores what is effectively a hash of the fingerprint, making it rather useless outside of the iPhone. Further, the hash is stored in the processor, not the file system, making it safe from extraction by current tools.

I’m not sure why this is even a question. The thumbprint is a convenience measure, allowing the user to say, “you know this is me, I don’t have to give you my password.” Access to the phone is still essentially restricted by an actual password that can be used if the fingerprint sensor is not an option (you just blew your thumbs off with fireworks, etc.). If law enforcement wants access to your phone, they can still just ask for the password.

The difference here is that people now have no excuse not to secure their phones with a long password rather than a simple 4-digit PIN, because they will only need to use that password on rare occasions (rebooting the phone, etc.).

Does anybody know what the law is concerning “accidentally” providing a wrong password to law enforcement enough times to trigger a device’s “auto-wipe on too many incorrect password attempts” feature?

This topic was automatically closed after 5 days. New replies are no longer allowed.