Apple's Fingerprint ID And How It May Take Away Your 5th Amendment Right To Protect Your Data

from the these things have consequences dept

There was plenty of discussion about how Apple’s new fingerprint ID biometric system on the new iPhones might help the NSA build a giant database of fingerprints, but others quickly pointed out how unlikely that was. Some have even argued that it could lead to greater privacy protection (though, others are reasonably concerned since you can’t “change” your fingerprint if someone figures out a way to hack it — and fingerprint readers have been hacked many times in the past).

However, there are additional concerns, such as how relying on fingerprint scans over passwords might remove your ability to use the 5th Amendment to protect your private data. As we’ve discussed a few times, while not all courts agree, some have ruled that you can’t be forced to give up your passwords to unencrypt your data, because it could be seen as a 5th Amendment violation of self-incrimination. However, with a fingerprint, the issue is slightly different than with a password. As the EFF’s Marcia Hoffman explains:

The privilege against self-incrimination is an important check on the government’s ability to collect evidence directly from a witness. The Supreme Court has made it clear that the Fifth Amendment broadly applies not only during a criminal prosecution, but also to any other proceeding “civil or criminal, formal or informal,” where answers might tend to incriminate us. It’s a constitutional guarantee deeply rooted in English law dating back to the 1600s, when it was used to protect people from being tortured by inquisitors to force them to divulge information that could be used against them.

For the privilege to apply, however, the government must try to compel a person to make a “testimonial” statement that would tend to incriminate him or her. When a person has a valid privilege against self-incrimination, nobody — not even a judge — can force the witness to give that information to the government.

But a communication is “testimonial” only when it reveals the contents of your mind. We can’t invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. Why? Because the courts have decided that this evidence doesn’t reveal anything you know. It’s not testimonial.

It does seem odd that a simple switch from a password to a fingerprint could have constitutional implications, but welcome to the world where the law and the technology don’t always match up perfectly together.

Filed Under: , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Apple's Fingerprint ID And How It May Take Away Your 5th Amendment Right To Protect Your Data”

Subscribe: RSS Leave a comment
53 Comments
Anonymoussays:

Confused

Ok – maybe I’m being dense here, or maybe my knowledge of Constitutional Law is severely lacking, but could someone give me a practical example of how this comes in to play in regards to a Fingerprint ID on a iPhone?

Is it like a Mission Impossible scene where feds/police could lift your prints off your phone and ‘hack’ in? Or can they force you to unlock your phone using Fingerprint ID since the law makes fingerprint swiping different from password entering?

G Thompsonsays:

Re:

Is there many people outside the continent of North America that actually use iPhones anymore?

Fingerprint scanning (and this isn’t really fingerprint scanning as LEO’s et.al use it) isn’t really a good biometric anyway since unless Apple are reading more than 1 fingerprint of one finger it’s even less secure than a 4 digit password (9999 combinations).

But hey if you want to use fingerprint’s, that aren’t considered by most courts to be reliable anymore (especially with only 1 finger), to secure your phone.. go right ahead

t3rminussays:

Re: Re:

Actually a 4-digit password only has 6,561 possible combinations, whereas a fingerprint is close to infinite, since it’s really comparing sections of a large bitmap.

What’s more likely is that someone will find a way to fool the fingerprint scanner– with an object (mold/photo/gel/etc), by hacking how the scanner communicates with the device, or by breaking the software on the device itself.

Anonymoussays:

Re: Re: Re:

One has to remember the digits and their order, so there is a mental element to it that is being argued as testimonial and protected by the 5th Amendment. Of course, there is also a mental element to a finger print used in this manner. You have to form and mentally communicate which finger has the correct print. Of course, the more fingers you have the more testimonial the expression.

Anonymoussays:

Fingerprint passwords should at most, only be used as two-factor authentication. So not only would you need the person’s fingerprint, but also a separate alphanumeric password.

Although, I’m the type of person who doesn’t like to give my biometric data to corporations and governments. So I wouldn’t use fingerprint passwords myself.

Plus, no doubt Apple’s fingerprint password system is closed source and proprietary. Which makes me trust it’s security even less.

Also, once Apple’s massive fingerprint database is broken into. Your fingerprint password probably won’t even function very well as a two-factor authentication protocol at that point.

Anonymoussays:

Re:

Also, once Apple’s massive fingerprint database is broken into. Your fingerprint password probably won’t even function very well as a two-factor authentication protocol at that point.

Hopefully the fingerprint is stored on the device, otherwise a network based attack to unlock is possible, and requires giving the correct response to a fingerprint check, and not knowing the fingerprint.
A slight problem if faking a finger to fool a reader becomes easy to do, guess where a set of fingerprints is probaly available? You got it, on the protected device.

t3rminussays:

Re: Re:

Apple has already stated the fingerprint is stored in the “secure cryptographic vault” section of the A7 chip, which is also used for passcodes and certificates, and that it never leaves the device.

The NSA could probably use their backdoors to get at it, but then again, they can get your passcode, too…

Anonymoussays:

Re: Re: Re:

Apple has already stated the fingerprint is stored in the “secure cryptographic vault” section of the A7 chip, which is also used for passcodes and certificates, and that it never leaves the device.

Give me a reason to believe this statement.

Because Apple’s nice? Because they’re cool? Because they’re trendy? Because the friendly ghost of Steve Jobs said so?

Why, EXACTLY, should anyone believe that Apple is telling the truth here? Where is the hard, cold, independently-verifiable evidence, including all the source code, the schematics, everything?

Consider carefully: they’re producing a product that will likely sell in the millions. (The fanboys/girls are already all over it.) It includes a device that captures biometric data. That is the wet dream of every intelligence agency in the world. Do you really think that this is an accident? Or that they’ll just sit in their monolithic quasi-anonymous buildings, watch Apple do this, and do NOTHING?

This (fingerprint) data has enormous value. Therefore there will be buyers, and there will be sellers. It’s inevitable. It’s only a question of what price will be paid and how the exchange will take place.

Никтоsays:

Re: Re: Re: Re: Re:

You are one of those brainless trogs who believes the invisible hand is a tangible entity, aren’t you?

More to the point: staying out of jail and/or being allowed to continue to do business in the U.S. isn’t a “stupid commercial decision”; if the powers that be want this data, they will get it and Apple will not be able to stop them.

But you’re missing a more important point: people who are stupid enough to buy Apple products (yes, I mean it, every single one of you) are also stupid and short sighted enough to forget about the hypothetical uproar over the discovery that Apple disclosed biometric data to the gov’t . . . the second they sell a newer, shinier toy for you to play with.

btr1701says:

The privilege against self-incrimination is
an important check on the government’s ability
to collect evidence directly from a witness.

This is a fundamental misstatement of the law.

The 5th Amendment checks the government’s ability to collect evidence from the defendant. Witnesses have no 5th Amendment protection or right to remain silent. They can and often are compelled to provide all manner of testimony against their will.

out_of_the_bluesays:

Why does MH refer to a "privilege", when it's a fundamental right?

Since repeated and so obviously against “lay” usage, has to be some sort of lawyer trick.

Anyhoo, so what’s your position on either my question or Apple or implications here, Mystery Mike? We’re ALL interested in you actually stating a position that you hold and will defend from now on.

Readersays:

I don’t see any reason why a repeatable finger decal, or fabric couldn’t be used as a substitute for those who wanted to safely use this feature. Granted it’s not as immediately accessible as a natural finger, but it could be somewhat conveniently stored somewhere, apart from the phone. It obviously defeats the convenience aspect of this, but with a passcode, it adds two stage authentication without compromising biometric details.

For the Record....

Just for the record; there have been some reports that the Apple system does not use Fingerprints instead of passwords; but in addition to them. You’ll need a password after the unit is restarted and if the unit has been inactive for a certain amount of time.

I also got the impression from one article that you could set it up so the wrong fingerprint will wipe the phone; which sounds dangerous to your data.

Anonymoussays:

It's only a matter of time...

…until malware — quite likely from Apple’s own app store — infests iPhones and starts quietly exfiltrating fingerprint data.

Why?

Because people who (VERY mistakenly) think it’s a good idea to attempt to secure their phone with their fingerprint are quite likely the same people who will make the additional mistake of trying to secure other things with their fingerprint.

The phone and the data it contains may not be particularly valuable or of particular interest — but the other things might be.

Whoever does this first and sets up an underground market for fingerprints is going to make a fortune. If they’re really smart, they’ll not only sell them to thieves and the like, but to every intelligence agency on this planet that’s willing to pay — and they will.

Anonymoussays:

In Africa, there was an organization going around and scanning the eyes of low income people. There were gathering huge amounts of biometrics data from them.

In return for allowing themselves to be scanned, they received some sort of food ‘smartcard’ for food.

All I remember is that, it seemed to be white people doing the biometric eye scans. There was this elderly African woman who looked confused, like she found the whole thing incredibly intrusive, degrading, and even frightening.

The excuse for all these eye scans was, “To cut down on food fraud”.

There seems to be huge money in biometrics data, if a group of foreigners are flying all the way to Africa to exploit the native people there.

Graham Jsays:

No.

The scanner on the iPhone uses optics and RF, it won’t be fooled by photos, gummi bears or cut off fingers. The stored scan data is more like a hash than an image; the NSA hacking your phone and grabbing that data doesn’t do them much good.

As for the tinfoil hats, Apple is a hardware and services company, they have little incentive to steal your data or allow it to be stolen. As opposed to, say, a mobile operating system developer who is also the world’s largest ad network.

Anonymoussays:

Re: No.

As for the tinfoil hats, Apple is a hardware and services company, they have little incentive to steal your data or allow it to be stolen. As opposed to, say, a mobile operating system developer who is also the world’s largest ad network

Other than the fact the US government can compel them to give it to them. It’s also more than a little insulting to call us tinfoil hats when all we are saying is that the government has the authority to get the information.

Readersays:

Re: No.

This is exactly the case. The authentication software generates a map of key points in the print, not a stored image of it, (where an exact image would be far more demanding to match). I don’t see any way for the stored coordinates from this map to be reassembled into an actual print. I’m not sure it can’t be fooled by other finger facsimiles however, unless you know of a reason why.

Anonymoussays:

i suppose the ones who didn’t think this was a big deal were the likes of Obama, Clapper, and General Alexander? this is the biggest invasion of privacy ever! yes, it’s good to have a way that no one other than the owner can use this piece of equipment, but is they cant already, it will probably be only minutes before all the various security agencies in the USA if not everywhere else as well, will know the ins and outs of a ducks ass on every single solitary person that owns the device. and i bet that it wouldn’t stop there, either. once the equipment was activated by the owner logging in or whatever, everyone that even handled the device would be logged as well!! there would soon be absolutely no privacy whatsoever! people would be arrested as soon as they logged on to a site without even doing anything! imagine that for a minute!!

hopponitsays:

Fingerprint

Two points. I’m a vet., the gov. has had my prints on file since the ’70s. They don’t need to do much snooping to find my prints. Second point. The recent revelation that the gov. told their people to cover-up where they got leads in drug cases and such. Would the gov.agencies look at our data and files without a warrant then fudge the truth about where they got their evidence?

Daemon_ZOGGsays:

Apple's Fingerprint ID, And How It May Take Away Your 5th Amendment Right..

If they have your finger print (and yes, they do). Then anything is possible. Apple can do with whatever they want with YOUR finger print. So can the blackhat Apple software hackers, who hack Apple’s systems. So can the NSA. Wink, wink, say no more. ­čśŤ (i.e your screwed for using Apple products. And not using OpenSource resources).

Corwinsays:

It's all falling into place

and you’re not realizing it.

This world is headed towards total transparency. Some day, you WILL have everyone’s total life at your fingertips.

And everyone will have yours.

Reality is open. Laws are beneath meaningless. If you CAN deploy enough sensors, you CAN know everything. No matter what fiction you believe in, no matter how many others believe in it with you : that is reality, and reality can be measured.

That is a GOOD thing. Trust-free society. Everyone’s karma projected right on their faces by technology.

It will be the mirror of humanity. It will scream in its face “THIS IS WHAT YOU ARE”.

I can’t wait.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it