When it comes to smartphone encryption, it seems that Apple’s fingerprint-based TouchID unlocking feature is not so great (although most people seem to readily agree that the same, when it comes to mobile payments, is nothing short of miraculous). A Circuit Court judge has ruled that a defendant can be compelled to give up his fingerprint when it comes to unlocking his cellphone, something that would be illegal (or at least questionable) when it comes to entering a 4-character PIN or a longer password.
This is in keeping with decisions over the years that required a judgment whether a person can be compelled to reveal encrypted data.
Video Stored on Cellphone
The question on fingerprints and passwords was prompted by a case where prosecutors believed that evidence, in the form of digital video, may be stored on the defendant’s cellphone. They went to a judge to have the defendant to unlock his cell phone, but the judge nixed that idea:
Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci’s written opinion. [macrumors.com]
As mentioned before, the latter is in keeping with previous rulings; the former, on the question of fingerprints – which I assume extends to any and all biometric data – is new, although not surprising.
What will be surprising, though, will be the unintended consequences of this ruling. For example, will it stop journalists from buying an iPhone, or not turning on TouchID if they do get an Apple device? Will Android or some other mobile OS (or – gasp – 2g flip phones) be the beneficiaries of this ruling? What will criminals do? Will the lack of fingerprint-based entry systems act as a proxy for “someone who has something to hide”? Because that’s the way encryption is described in certain circles. Will companies that use disk encryption on their laptops do away with any physical tokens, electing to only use passwords?
Related Articles and Sites: