Apple's Fingerprint ID And How It May Take Away Your 5th Amendment Right To Protect Your Data
from the these-things-have-consequences dept
There was plenty of discussion about how Apple's new fingerprint ID biometric system on the new iPhones might help the NSA build a giant database of fingerprints, but others quickly pointed out how unlikely that was. Some have even argued that it could lead to greater privacy protection (though, others are reasonably concerned since you can't "change" your fingerprint if someone figures out a way to hack it -- and fingerprint readers have been hacked many times in the past).However, there are additional concerns, such as how relying on fingerprint scans over passwords might remove your ability to use the 5th Amendment to protect your private data. As we've discussed a few times, while not all courts agree, some have ruled that you can't be forced to give up your passwords to unencrypt your data, because it could be seen as a 5th Amendment violation of self-incrimination. However, with a fingerprint, the issue is slightly different than with a password. As the EFF's Marcia Hoffman explains:
It does seem odd that a simple switch from a password to a fingerprint could have constitutional implications, but welcome to the world where the law and the technology don't always match up perfectly together.The privilege against self-incrimination is an important check on the government’s ability to collect evidence directly from a witness. The Supreme Court has made it clear that the Fifth Amendment broadly applies not only during a criminal prosecution, but also to any other proceeding “civil or criminal, formal or informal,” where answers might tend to incriminate us. It’s a constitutional guarantee deeply rooted in English law dating back to the 1600s, when it was used to protect people from being tortured by inquisitors to force them to divulge information that could be used against them.
For the privilege to apply, however, the government must try to compel a person to make a “testimonial” statement that would tend to incriminate him or her. When a person has a valid privilege against self-incrimination, nobody — not even a judge — can force the witness to give that information to the government.
But a communication is “testimonial” only when it reveals the contents of your mind. We can’t invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. Why? Because the courts have decided that this evidence doesn’t reveal anything you know. It’s not testimonial.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 5th amendment, fingerprint, fingerprint reader, iphone, passwords, privacy, security
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Confused
Is it like a Mission Impossible scene where feds/police could lift your prints off your phone and 'hack' in? Or can they force you to unlock your phone using Fingerprint ID since the law makes fingerprint swiping different from password entering?
[ link to this | view in chronology ]
Re: Confused
[ link to this | view in chronology ]
Re: Confused
[ link to this | view in chronology ]
Re: Confused
[ link to this | view in chronology ]
Re: Confused
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
FTFYYW
[ link to this | view in chronology ]
Re: Re:
You don't wanna buy iPhone with GeoLocation and Finga prints scannerz? No Problem, we will charge you a TAX and use that TAX monies to get you the iPhone plus someone else one too.
I gotz this!
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Fingerprint scanning (and this isn't really fingerprint scanning as LEO's et.al use it) isn't really a good biometric anyway since unless Apple are reading more than 1 fingerprint of one finger it's even less secure than a 4 digit password (9999 combinations).
But hey if you want to use fingerprint's, that aren't considered by most courts to be reliable anymore (especially with only 1 finger), to secure your phone.. go right ahead
[ link to this | view in chronology ]
Re: Re:
What's more likely is that someone will find a way to fool the fingerprint scanner-- with an object (mold/photo/gel/etc), by hacking how the scanner communicates with the device, or by breaking the software on the device itself.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Am I missing something? Assuming you use only numbers, a four-digit passcode can be any number from 0000 to 9999, which makes 10,000 possible combinations. If you also include letters, the number of possible combinations rises to over 400,000.
[ link to this | view in chronology ]
Re: Re: Re:
... teh Internets. Day ahr so much funnies sum todays.
[ link to this | view in chronology ]
6561 Combinations
Why he thinks that, I dunno. No zeroes in his world?
[ link to this | view in chronology ]
What could possibly go wrong?
[ link to this | view in chronology ]
Re: What could possibly go wrong?
[ link to this | view in chronology ]
Although, I'm the type of person who doesn't like to give my biometric data to corporations and governments. So I wouldn't use fingerprint passwords myself.
Plus, no doubt Apple's fingerprint password system is closed source and proprietary. Which makes me trust it's security even less.
Also, once Apple's massive fingerprint database is broken into. Your fingerprint password probably won't even function very well as a two-factor authentication protocol at that point.
[ link to this | view in chronology ]
Re:
Hopefully the fingerprint is stored on the device, otherwise a network based attack to unlock is possible, and requires giving the correct response to a fingerprint check, and not knowing the fingerprint.
A slight problem if faking a finger to fool a reader becomes easy to do, guess where a set of fingerprints is probaly available? You got it, on the protected device.
[ link to this | view in chronology ]
Re: Re:
The NSA could probably use their backdoors to get at it, but then again, they can get your passcode, too...
[ link to this | view in chronology ]
Re: Re: Re:
Give me a reason to believe this statement.
Because Apple's nice? Because they're cool? Because they're trendy? Because the friendly ghost of Steve Jobs said so?
Why, EXACTLY, should anyone believe that Apple is telling the truth here? Where is the hard, cold, independently-verifiable evidence, including all the source code, the schematics, everything?
Consider carefully: they're producing a product that will likely sell in the millions. (The fanboys/girls are already all over it.) It includes a device that captures biometric data. That is the wet dream of every intelligence agency in the world. Do you really think that this is an accident? Or that they'll just sit in their monolithic quasi-anonymous buildings, watch Apple do this, and do NOTHING?
This (fingerprint) data has enormous value. Therefore there will be buyers, and there will be sellers. It's inevitable. It's only a question of what price will be paid and how the exchange will take place.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Because lying about something like this in such a public manner would be an extremely stupid commercial decision, and Apple make very few of those.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
More to the point: staying out of jail and/or being allowed to continue to do business in the U.S. isn't a "stupid commercial decision"; if the powers that be want this data, they will get it and Apple will not be able to stop them.
But you're missing a more important point: people who are stupid enough to buy Apple products (yes, I mean it, every single one of you) are also stupid and short sighted enough to forget about the hypothetical uproar over the discovery that Apple disclosed biometric data to the gov't . . . the second they sell a newer, shinier toy for you to play with.
[ link to this | view in chronology ]
Re:
You can't opt out from giving your fingerprints to the govt last time I checked ;)
[ link to this | view in chronology ]
Nothing to see here...
[ link to this | view in chronology ]
> an important check on the government's ability
> to collect evidence directly from a witness.
This is a fundamental misstatement of the law.
The 5th Amendment checks the government's ability to collect evidence from the *defendant*. Witnesses have no 5th Amendment protection or right to remain silent. They can and often are compelled to provide all manner of testimony against their will.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The 5th amendment actually states: nor shall be compelled in any criminal case to be a witness against himself"
[ link to this | view in chronology ]
Why does MH refer to a "privilege", when it's a fundamental right?
Anyhoo, so what's your position on either my question or Apple or implications here, Mystery Mike? We're ALL interested in you actually stating a position that you hold and will defend from now on.
[ link to this | view in chronology ]
Re: Why does MH refer to a "privilege", when it's a fundamental right?
..no we're not.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
For the Record....
I also got the impression from one article that you could set it up so the wrong fingerprint will wipe the phone; which sounds dangerous to your data.
[ link to this | view in chronology ]
Re: For the Record....
[ link to this | view in chronology ]
Re: Re: For the Record....
I would be borrowing my friends iPhones all the time if it did this. Mind you they may not want to be my friends for much longer, still probably worth the laugh.
[ link to this | view in chronology ]
Coming home drunk
Arrgh apart from the pain NO FINGERPRINTS ... locked out of all devices.
This is not fantasy .. it actually happened to someone at about 3 degrees separation from me.
[ link to this | view in chronology ]
Not a new issue
[ link to this | view in chronology ]
It's only a matter of time...
Why?
Because people who (VERY mistakenly) think it's a good idea to attempt to secure their phone with their fingerprint are quite likely the same people who will make the additional mistake of trying to secure other things with their fingerprint.
The phone and the data it contains may not be particularly valuable or of particular interest -- but the other things might be.
Whoever does this first and sets up an underground market for fingerprints is going to make a fortune. If they're really smart, they'll not only sell them to thieves and the like, but to every intelligence agency on this planet that's willing to pay -- and they will.
[ link to this | view in chronology ]
In return for allowing themselves to be scanned, they received some sort of food 'smartcard' for food.
All I remember is that, it seemed to be white people doing the biometric eye scans. There was this elderly African woman who looked confused, like she found the whole thing incredibly intrusive, degrading, and even frightening.
The excuse for all these eye scans was, "To cut down on food fraud".
There seems to be huge money in biometrics data, if a group of foreigners are flying all the way to Africa to exploit the native people there.
[ link to this | view in chronology ]
No.
As for the tinfoil hats, Apple is a hardware and services company, they have little incentive to steal your data or allow it to be stolen. As opposed to, say, a mobile operating system developer who is also the world's largest ad network.
[ link to this | view in chronology ]
Re: No.
Yes, no incentive to have stolen what they could instead sell.
[ link to this | view in chronology ]
Re: No.
Other than the fact the US government can compel them to give it to them. It's also more than a little insulting to call us tinfoil hats when all we are saying is that the government has the authority to get the information.
[ link to this | view in chronology ]
Re: Re: No.
[ link to this | view in chronology ]
Re: No.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Fingerprint
[ link to this | view in chronology ]
Re: Fingerprint
...
I might have that backwards too. Yes, I'm sure of it.
[ link to this | view in chronology ]
Apple's Fingerprint ID, And How It May Take Away Your 5th Amendment Right..
[ link to this | view in chronology ]
It's all falling into place
This world is headed towards total transparency. Some day, you WILL have everyone's total life at your fingertips.
And everyone will have yours.
Reality is open. Laws are beneath meaningless. If you CAN deploy enough sensors, you CAN know everything. No matter what fiction you believe in, no matter how many others believe in it with you : that is reality, and reality can be measured.
That is a GOOD thing. Trust-free society. Everyone's karma projected right on their faces by technology.
It will be the mirror of humanity. It will scream in its face "THIS IS WHAT YOU ARE".
I can't wait.
[ link to this | view in chronology ]