While Touch ID makes sense for most of us as a secure and convenient way to protect our phones, there is one group of people who may want to stick to good old-fashioned passcodes: criminals.
A Virginia District Court has ruled that while phone passcodes are protected by the 5th Amendment, which says that those accused of crimes cannot be compelled to incriminate themselves, there is no such protection against using a suspect’s fingerprint to unlock a phone …Â
The ruling was reported by The Virginian-Pilot in the case of David Baust, an EMS captain accused of trying to strangle his girlfriend.
Prosecutors had said video equipment in Baust’s bedroom may have recorded the couple’s fight and, if so, the video could be on his cellphone. They wanted a judge to force Baust to unlock his phone, but Baust’s attorney, James Broccoletti, argued pass codes are protected by the Fifth Amendment, which prohibits forced self-incrimination.
Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci’s written opinion.
As a ruling in a District Court, there is plenty of scope for either aspect of the ruling–that passcodes are protected and that fingerprints aren’t–to be over-turned on appeal, but it’s an interesting argument.
Sophisticated lab techniques make it possible to fool Touch IDÂ using only a high-resolution photo of a fingerprint. The approach was first demonstrated on an iPhone 5s and later shown to work also with the more sophisticated sensor on the iPhone 6.
FTC: We use income earning auto affiliate links. More.
So if your about to be arrested turn off touch id and make sure passcode is enabled.
Yeah, but criminals don’t think about the getting caught consequence.
The good news is all you have to do is restart the phone and the Touch ID will require a passcode before it is activated again.
Ok, turn off your phone. When you turn it on, the phone will force you to input a passcode, not use your fingerprint.
Visions of criminals hastily trying to do a restart while police break down their door …
Right, because only criminals are forced by law enforcement to unlock their phones. No way a lawful citizen could be subject to a search, at say a traffic stop or just walking down the street.
I thought criminals are hastily flushing their ill-gotten booty down the toilet as police are breaking down the door?!?
Or your average person who doesn’t want police grabbing their private photos no matter what the arrest or search is for. https://www.techdirt.com/articles/20141027/09222128951/california-cops-passed-around-explicit-photos-harvested-arrestees-phones.shtml
Wow. Hope they get kicked off the force for that.
What would be awesome is setting one fingerprint to completely wipe your phone…just in case of something like this.
Wrong fingerprint 3 times forces you to put in a passcode.
Require passcode after 5 minutes. Solved.
Don’t let the FBI know this! ;)
Yikes, how many criminals are posting here on 9to5mac anyway?? LOL
“While Touch ID makes sense for most of us as a secure and convenient way to protect our phones, there is one group of people who may want to stick to good old-fashioned passcodes: criminals.”
Oh come on. So now we’re doing the “go ahead I don’t have anything to hide” thing? Maybe I’m not a criminal and I still don’t want the man’s nose where it doesn’t belong.
You should learn to trust people a little more. It is OK to hand businesses and governments the keys to your life, as they are trustworthy enough to only look inside when absolutely necessary and only due to an investigation of the most egregious kind, like terrorism, child rape, or political slander.
Their employees and their policies are extremely trustworthy and are bound to a strongly worded privacy principle. These ideas are so strong that they almost give you an ironclad guarantee that your privacy will be protected. Of course, if your data is EVER compromised, abused, or released, the terms of service gives you the FULL right to pursue them though an arbitration process of their choosing. It’s a powerful tool that removes the courts from the process in order to save YOU money and to STOP activist judges from over-reach in terms of penalties that may slow down America’s economy and job growth.
So unless you’re a criminal that is looking to commit murder, or someone that otherwise wants to use the court system, you’re in trustworthy hands. They won’t use their thumbs to crush you. Why else would they put their privacy policy and fluid legal text in such big print and friendly language?
Sarcasm out.
Yeah, this is a strange ruling… “cannot be compelled to incriminate themselves” not sure how it makes any bit of difference HOW that incrimination is accessed, why does it matter if it’s a fingerprint or pass code or retina scan etc? The spirit of the ideal shouldn’t have any link to any method. Very strange ruling.
But of course, it doesn’t matter. If the law makes you unlock your phone, just use the wrong finger a few times in a row and iPhone will permanently ask for a passcode. Done, case closed.
Is it possible to configure Settings to require both a passcode and your fingerprint to unlock your iPhone?
It’s obviously more inconvenient but doubles down on security.
Can’t require fingerprint after reboot.
gosh this is just stupid. since theres only a limited 5 tries for unlocking via touch id, just try unlocking it with a unenrolled finger, and theyll just get try again. if the cops or anything gets mad and asks for which finger is the right finger, isn’t it considered as divulging knowledge too?
I’d guess most people will have one of their thumbs enrolled.
Well yea but don’t you think that this rule is pointless and anyone can just easily figure out its loopholes and get away with it?
That’s why I use my pinky to unlock my phone, they’d least expect it, I can always say that’s not my phone
Welcome to the USA. Land of the “free”.
I’m not ignorant of the irony of this statement being from the UK, but our government doesn’t seem to actively engage in publicly pissing all over our liberties and freedoms… as much lol.
Yea, but you have to deal with the EU, so its a fair trade.
Trust me us Americans are not blind that irony anymore either.
Smile and wave to the CCTV camera in your WC.
Sorry – well off target if you are saying UK is less invasive on this.
In UK you can be required to hand over a password/PIN, failure to do so can result in a prison sentence.
(Regulation of Investigatory Powers Act 2000, s53. Max penalty 2yrs, 5yrs if password relates to child porn case)
The above ruling in US is a lot less severe than UK law.
But even with touch ID enabled, you still have a passcode on the phone.
This would still require a warrant, as you dont have to hand over DNA or Keys without warrants. By the time a judge signed off on a warrant most people will have had a chance to erase their prints from the phone. Either way still a crock and hopefully an appeal can overturn this.
On the brightside criminals should offer a pretty penny for a nice 4S these days….no touch id :)
Don’t even need to take the time to erase the prints, just reboot the phone.
Well, its the exact same thing, and just another way to circumvent people’s rights. How typical of the U.S. in 2014.
Meh, there’s literally a 0% chance any of us here will probably ever be affected by this. Unless you are in fact a serious criminal, this is just another story that doesn’t affect our lives. But I get the theoretical issue of course. Thing to keep in mind is, if the FBI and NSA have some very good evidence of another 911 attack or Boston bombing style attack, and there’s information on the terrorists phone about it, do you really want to tell them they can’t get at it? Really?
Things are all big brotherish these days because of the potential threats to our lives, and there needs to be a balance between freedom and security. You can’t have any security if you have 100% freedom, and vise versa.
And the saddest part is…there are people like you that watch too much television, and actually believe what you just said:
-that average non-criminals won’t be affected by it (they will).
-that there are real threats to safety (hardly).
-that any threats to safety small or large demand loss of freedom as the answer (nope).
The argument of the state attorney is stupid. How were these “cases” solved before mobile phones?
The fears and paranoidity of US citizens after 9/11 have brought the world Big Brother (in Orwells sense) as G.W.Bush totally enabled the NSA! Oh yeah I forgot Americans are not scanned by the NSA. Rofl.
And what are all the abilities of the agencies worth, when your officials let them do with full knowledge? (This is true please check http://www.wanttoknow.info/911/9-11-timeline)
By the way I think it’s only show, because I beliefe the NSA can hack everything they want. It might be a little harder with encrypted things, but not impossible.
So therefore
go on Apple!
If i was so concerned, i would simply switch the phone off…! It is so easy to do then there is no issue… And if i couldn’t then it would be a case of using the wrong finger…! They would still have no use for my fingerprint to unlock the phone anyway…
Regardless of whether a fingerprint is testimonial or not, the Supreme Court already last term in Riley that police cannot search the digital contents of cell phones absent a warrant.
already ruled*
A BS technicality that really doesn’t change anything. The Justice Dept is getting desperate.
I am apparently old fashioned. I believe that I am protected by the Constitution against unreasonable search and seizure. I believe that my property belongs to me and not to a law enforcement agency or any other arm of the government. This foolishly hairsplitting ruling attempts to invade the rights of individual citizens in the name of law enforcement. In the process, they permit invasion of privacy and violation of the very most private of our possessions. I think that, in this case and others, we will increasingly face the question of whether the constitution exists to protect the rights of individuals or to serve the state apparatus. Searching an iPhone may seem innocuous at first but it can lead to far worse things.
And please remember, this is not an issue which divides along 20th Century Liberal/Conservative lines. It is instead an issue which will help define these labels in the 21st Century.
I don’t give a crap what the court says. They’re wrong. It is a violation of the 5th Amendment, and the 4th as well. My guess is that these idiot judges didn’t actually read the Constitution, and its amendments, or they’ve decided to toss it aside and legislate from the bench. I’ve read the whole thing several times. I may not have a law degree, but I know how to interpret what I read. The Framers never intended for us to be subjected to gross violations of our privacy. The cops will have to chop my fingers off before they will be able to get in my iPhone.
Too effing much Government!
As several have observed, this has led to a great discussion spoiled only by a handful of trolling comments/insults, which have been deleted.
In the case of the fingerprint scanner on the iPhone, one would think you could argue that the fingerprint scanner serves only as an instrument to generate the passcode, so I would think the argument could be won in this particular regard.
As I mentioned in another post on 9to5mac, our company specializes in Device Seizure Analytics – making copies of the entire contents of a Smart Phone, for use in civil and criminal cases. Bottom line, you don’t need the password to access and copy the contents of a Smart Phone. The software that is used, bypasses the password gate, and we can copy everything on that phone, and download to a very simple to use outboard hard-drive.
One can make a “physical copy” of the phone in just a few minutes, and then review its contents on that OB hard drive that you connect to your computer and review at your leisure.
Now here is something else many people don’t know… Law enforcement and the courts have the ability to literally force you to give up many things, and these things are not viewed by the courts as a violation of your rights.
For example, if you are suspected of forgery, even without having been arrested, the court can issue a Civil Arrest Warrant (I know some of you are saying Whaaaat?!) and you will be picked up by a law enforcement agency, and detained (called Investigative Detention) for a period of time, usually 4 hours, and compelled (forced) to provide samples of your handwriting.
The same is true for DNA samples. The court can have you picked up by the Authorities and they will take a swab of the saliva from the inside of your cheek, cut off some of your hair, or cut off your fingernails.
Or if they want your fingerprints, LE doesn’t have to follow you around until you drop a cigarette, or drink from a glass at a bar, and secretly take the samples to their crime lab. They can and will make you come in and give it up. All to facilitate the expeditious handling of an investigation.
When you are done giving your samples of any of these “suspect” exemplars as ordered by the court, unless you are under arrest, you are then sent on your merry way.
It is similar to what happens to a DWI/DUI suspect. If they refuse to give a Breathalyzer sample, the arresting agency can strap the suspect down and have a qualified medical professional like a nurse or phlebotomist, take their blood.
Call it what you want, but you WILL give them what they demand of you. As long as it is signed off on by a Judge with proper jurisdiction, you HAVE To do it.
So what happens if you refuse – you will be held in custody (aka jail) and charged with Contempt of Court on top of it. You will not be released until you give them what they want.
What’s the answer? I maintain that the best security for our devices is 2 part authentication; fingerprint and a password, for example. But Apple is not offering that at this time. Encryption of your phone contents with a PGP program would go a long way too.