Even if touch id, it would be of no use. TouchID requires a password after 48 hours. or after the device resets.
Which is interesting. If you happen to use TouchID, is your best bet to hope a court will not be able to compel you to unlock it within 48 hours of arrest? That sounds very probable.
After five failed fingerprint attempts, your password is required to unlock the phone. That seems pretty safe to me. If you're ever ordered to unlock the phone, just touch an unregistered finger to it. Fingerprint sensors aren't foolproof. It'd be hard to prove you deliberately sabotaged the effort.
Though, one feature I'd like would be to register a distress fingerprint. Then I could touch say... my left index finger to require a password unlock.
If you do this on purpose after asked to unlock your phone you will probably be charged with destruction of evidence or something like that.
However, while a court is (afaik) able to ask you to put your finger on the fingerprint reader, you do not need to tell them which of the fingers the correct one is. So instead of purposely using a wrong finger, I'd ask the court to explicitly tell me which of my fingers I should use to unlock the phone.
I think the court would similarly consider that obstruction and contempt. If they tell you to unlock your phone and you try to play some "first you have to guess which finger's the right one!" game, the judge will slap you with either contempt of court or refusal to comply with a subpoena.
IANAL, but I don't think there's much of a difference between asking someone to reveal the correct password and asking someone to reveal the correct finger. In both cases you would be asked to incriminate yourself.
If it would be lawful for a court to ask you to "unlock the phone with the correct finger" then they might as well also ask you to "unlock this harddisk with the correct keyboard keys pushed in the correct order (as a password)".
Courts care about precise distinctions of law (that's their purpose!). Seems clear that fingerprints aren't protected, basically the same thing as your face in terms of privacy given a good enough camera.
But they would effectively be asking you the question "which finger did you use to lock this phone" to which you may plead the 5th.
It'll be contempt and possibly more if you don't unlock the device with your fingerprint.
It's not hard, the "precise distinction of law," is "unlock this with your finger, whichever one does it." I don't know what complicated back and forth you're imagining, but it's never occurred in any case that I've heard of.
they would effectively be asking you the question "which finger did you use to lock this phone" to which you may plead the 5th.
We already covered this in the link above: the 5th Amendment covers passcodes, not fingerprints.
But, as Schrodinger says, this is not about your fingerprint; it is about a bit of information you have that the government does not have: which of your finger(s) this device knows about.
"A bit of information you have that the government does not have" is a password.
I really don't understand this line of thinking. What is the scenario you imagine where the question of "which finger?" is relevant? I'll lay out the beginning:
- Police want to get into your phone for some reason
- You refuse to help them based on 5th Amendment or admiralty law or whatever
- They go to court for a order compelling you to operate the touch lock to open the phone
- You receive the order
- ?
Please lay out the "?" part, if you don't mind. I'm highly curious.
> We already covered this in the link above: the 5th Amendment covers passcodes, not fingerprints.
No, it is you who is not understanding schrodinger's assertion. The secret knowledge of which finger unlocks it is in itself a passcode and subject to 5th Amendment protection.
Imagine you were to take the example further, unlocking the device required a sequence of fingerprint reads, with a precise ordering. i.e. left-ring finger, right index finger, right little finger, etc... That sequence would be a passcode, just as a precise sequence of keypresses would be. The government can insist on all your fingerprints, but not (in this argument) the correct sequence of uses of those fingerprints to unlock it. If it's only a single finger this same argument could apply.
I wonder if we can then reduce this example to a 1-finger sequence. Could a court require you to turn over all of your fingerprints, but not identify the (1 character) sequence?
As other have noted, the distinction is between fingerprints (all of them) and the correct fingerprint (one of them).
If you would like to claim that there's no difference between the two, then you (and your hypothetical court) should have no problem with a user supplying copies of all their fingerprints when asked to unlock their phone.
That's obviously not what's being asked for, hence other people's distinctions.
As I said, the court doesn't care about the, "which finger?" question. If they tell you to unlock your phone with the fingerprint that unlocks it, you replying with "which finger?" isn't going to help you.
Of course "the finger," and "which finger," are different things, but that's irrelevant.
Yes, and when they do force you to give your fingerprints they don't ask you what finger you want them to print they tell you which finger and when to print.
Use your middle finger to actually unlock and use your index finger to fail. Unless the phone retains the biometric data after erasing itself, it's deniable.
This might work in the short term, but if enough folks actually did it, there would soon be a law that you may only use your thumb to unlock your phone.
I only recently got a touchID iPhone so I'm still having fun with it. But I did my right thumb, index, and middle finger, and left thumb and index.
If under police duress I keep trying to unlock a phone with my pinkie finger I think that would be suspicious.
If I have that much access to the device I should just force-reboot it by holding the lock and home buttons for about 2 seconds. Or maybe have done that before being arrested.
Upon a reboot the iPhone will always require its passcode.
They would fingerprint the reader, and you, to get a rough idea of which finger is a likely candidate. Even an extremely partial print should be enough to narrow it down to 4 or 5. The reality is that all right-handed people hold phones in their left and so use fingers on their right hand. Lefties do the reverse. So it is already down to five candidates ... which might have something to do with why apple picked that number in the first place.
It depends on the size of the phone. My too open/unlock my phone with the same hand that holds it (pattern unlock). But my phone is tiny. As a phone gets larger so does the likelihood that it is manipulated with two hands. Having the scanner below the screen also requires some dexterity when used single-handed, increasing the likelihood that the thumb is the print finger.
If one is really paranoid, register only a toe print. I've currently got my right big toe registered to my phone as an experiment and it works as often as finger scanning
Going through a few thought experiments, one might think they could adapt by dusting it for prints and requiring you to use the one they found there.
On the other hand, one might habitually touch, but not register, random fingers to it, while registering some fairly unusual finger as the real one, while using the dominant hand's index finger to "unlock" it.
Finally, someone might decide that if you fail the unlock, they'll just inspect the fingerprint module in isolation and if it works, they'll assume you did that deliberately.
having made the request for both an erase password as well as an erase finger print I would not mind going one further, a setting which wipes the phone if neither are entered in a set amount of time. The would protect you when the phone is stolen or confiscated.
I don't know about that but I'd be fairly certain a court would just order you to unlock the phone regardless of whether it's your finger locking it or a password.
In the USA the courts treat passwords as testimony, and in most cases you can invoke your 5th amendment right and refuse to provide passwords or encryption keys, given the state does not already know the contents of the device. This same protection does not extend to physical keys, which I think fingerprints would fall under.
That seems to be representative of the only actual ruling on this topic that I can find
>The Fifth Amendment to the U.S. Constitution gives people the right to avoid self-incrimination. That includes divulging secret passwords, Judge Steven C. Frucci ruled. But providing fingerprints and other biometric information is considered outside the protection of the Fifth Amendment, the judge said.
It would seem to me that the "fingerprint = key" analogy is flawed. Physical keys can be trivially copied, and even reverse engineered from the locking mechanism. A key is a physical object that is required to disengage a lock.
A fingerprint, when used on an electronic lock of this kind, is not a key. It's attributable to one person only, not trivially duplicated, and not able to be reverse engineered from a locking mechanism. It requires an action by a single person who cannot be forcibly relieved of their possession of their fingerprint.
Additionally, a key is specified during the manufacturing or assembly of a lock, and comes with the lock, since they are "paired" when the lock is made. However, a fingerprint or password are specified by the user at will after they've assumed ownership of the device. They "testified" their identity to their phone with a fingerprint, just like they did with their password.
If compelled to imprint a finger, it is the same sort of personal interaction that a password entails: the credential holder utters/presents their personal information - not a physical object, but a repeated testimony of the same content they previously and uniquely presented to their device. It should be protected as other self-incriminating testimony under the fifth amendment.
I think the courts have this one right. Your finger is a characteristic of you, not compelled speech.
If you can compel a suspect to stand up on a lineup, or produce id, there's no reason why the court shouldn't be able to compel you to produce a finger.
In technical terms, the finger is really a "something you have" second authentication factor. If you think of it on those terms, it's more like looking at someone's Hardware token than compelling a password disclosure.
>Your finger is a characteristic of you, not compelled speech.
So is all your knowledge. The technology to extract it doesn't yet exist, but once it does, should it be deployed by the courts without a challenge from the 5th Amendment?
> If compelled to imprint a finger, it is the same sort of personal interaction that a password entails:
Not quite sure it is though. If they already arrested them, they already have the fingerprint don't they? That is different than key and is different than password.
Interesting being Australian I don't have a 5th amendment to protect me. Also my understanding is that at least in Australia you'd likely be charged with obstruction of some sort, does that not fly in the US?
Which is interesting. If you happen to use TouchID, is your best bet to hope a court will not be able to compel you to unlock it within 48 hours of arrest? That sounds very probable.