“There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint,” Marcia Hoffman writes for Wired. “Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).”
MacDailyNews Take: It is.
“While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints,” Hoffman writes. “Because the constitutional protection of the Fifth Amendment, which guarantees that ‘no person shall be compelled in any criminal case to be a witness against himself,’ may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).”
Hoffman writes, “If Apple’s move leads us to abandon knowledge-based authentication altogether, we risk inadvertently undermining the legal rights we currently enjoy under the Fifth Amendment. Here’s an easy fix: give users the option to unlock their phones with a fingerprint plus something the user knows.”
Read more in the full article here.
Related articles:
Apple changes the world again, propels biometrics into the mainstream with iPhone 5s’ Touch ID – September 12, 2013
Security researcher: Thieves may chop off iPhone 5s owners’ fingertips to gain access – September 11, 2013
Apple’s iPhone 5S with biometric identification: Big Brother’s dream? – September 11, 2013
iPhone 5s: Once again Apple leaps ahead with Touch ID fingerprint recognition; a big enterprise win for Apple – September 10, 2013
Apple reveals flagship iPhone 5s with Touch ID, the world’s first and only 64-bit smartphone – September 10, 2013
Easy fix: Don’t commit crimes or surround yourself with untrustworthy individuals.
YES Matt – very clean and simple!
Git rid of your curtains! What have you got to hide? 😎
I’ve got nothing to hide … the curtains are to protect you from seeing me!
So what kind of smartphone is a politician supposed to carry, then?
Someone elses!
Politician/smartphone?
Use a pre-paid dumb phone like the criminals do.
My brother downed a 5th of scotch the other night. He hasn’t felt right all week. Hangovers totally suck.
Also: Don’t live under a government that abuses privacy rights to detain the innocent.
“give users the option to unlock their phones with a fingerprint plus something the user knows.”
Um, I thought that is what they have done. Up to five finger prints plus one pin or passcode.
“give users the option to unlock their phones with a fingerprint plus something the user knows.”
This is the dumbest idea yet. The whole purpose of Touch ID is a more secure and faster authentication without having to remember pins, passwords, etc. So now Hoffman wants to ADD pins and passwords to fingerprint IDs?
Stupid.
Its just 2 factor authentication.
Something you have (your print) and something you know (your pin)
Actually, a fingerprint (being biometric) counts as “something you are.” Something you have would be a token of some sort, like a key or a passcard. Same idea, though.
That would constitute a two-factor authentication and would presumably meet with Derek Currie’s approval 🙂
Two-factor authentication is required by many organizations. It is possible that Apple’s Touch ID might displace RSA SecurID tokens in some situations.
Yeah, they’re watching me too!
dig some more – but I bet your going to go nowhere with this Marcia!
You’re. Grammar. Go forward with it.
There is no obligation to use Touch ID. Skip it if you are worried about the fingerprints. Keep punching in those codes.
The sensor is built into the home button of the phone. There are absolutely no guarantees that opting out isn’t still activating the scanner.
Too much time on his hands clearly.
I don’t understand how this would change Fifth Amendment cases. If a law official asks a defendant to unlock their phone, they can refuse citing their Fifth Amendment right against self-incrimination. Why would the phone’s unlocking mechanism being fingerprint or password make a legal difference here?
I was thinking the same thing. You just asked the very question I had in mind. Why would it make a difference?
It wouldn’t. The police can forcibly take your fingerprints at your arrest for identification purposes, but they can’t force you to unlock a safe, for example. They can get a warrant and break into the safe (or iPhone), but that’s another matter entirely.
Since the government ignores the rest of the constitution why would you expect Fifth Amendment protection? If anyone in the government wants your information they’ll just take it as they do from every other source.
I was looking at from a strictly legal standpoint, like the article.
If we do assume laws would be broken to obtain private information, I think the finger scan is actually more secure than just a password, and the two combined in two-factor authentication would be even more secure. A password can be stolen in many ways including simple surveillance of the password being entered. Stealing a finger reading is a bit more involved because the person would have to be forced or tricked into physically unlocking the device in person.
You will be able to unlock the phone without fingerprint technology as a secondary way.
What planet do these idiots come from? Surely they can dream up something real instead of this crap.
But I’m not bitter.
Can I give Hoffman the middle finger?
I actually like a two step authentication.
Fingerprint plus passcode/PIN
I would think this WOULD be an option.
“Here’s an easy fix: give users the option to unlock their phones with a fingerprint plus something the user knows.”
Not a good suggestion. What we don’t need is an iPhone unlocking protocol that is even more complicated than it is now.
“Here’s an easy fix”
Wow, I’m glad Hoffman and Wired are around to fix that problem, that was a close one!
Paranoid wackos should not use technology
Idiots who can’t see the security implications of this invasion of privacy shouldn’t be able to vote.
…and dipshits who imagine implications where there are none should seek treatment.
The phone isn’t even out yet, dumbfuck, of course there aren’t issues yet. But it doesn’t take a brain scientist to realize how exploitable this data will be. Those who are ignorant of the past are doomed to repeat it.
Sadder, those who knew and understood failed policies persist in thinking they shall be the first to succeed with them.
Having to give the authorities your finger prints is different than having to use your finger to unlock your phone.
If push comes to shove, I say give them your prints but refuse to unlock the phone. They’ll have a piece of paper with your inky prints, or an image on a computer, let them figure it out… IANAL but it seems like actions are like speech, so I doubt you can be compelled to perform some action that might incriminate you.
Perfect! Give every employee in the IRS an iPhone 5S.
How about placing your finger on the home button wakes it up and unlocks the phone.. Reducing the amount of touches to actually use the phone instead of press a button, then scan