“In my very first column in this Private I series, back in October 2014, I raised the spectre of Touch ID being used against you,” Glenn Fleishman writes for Macworld. “Approaching two years later, it’s clear that my and other people’s concerns weren’t idle speculations. A court recently required a convicted felon, immediately following her sentencing, to unlock a phone with her fingerprint.”
“The government’s interest in obtaining information related to the commission of a crime or the intent to commit one would seem to have clear, compelling public interest without the unpleasant side effect of worsening privacy for a billion or more people,” Fleishman writes. “Not all governments are just, however, and not everyone who wants you to unlock your phone is a legitimate, legal agent.”
“If you currently use Touch ID and you live in or plan to travel to a country in which the rule of law regarding human rights and personal liberty is on the low end of the scale — or you’re concerned that you could be physically forced to unlock your phone, but you’d never give up your passcode in any case — you can change how your iOS device is locked,” Fleishman writes. “Touch ID can be active and yet disabled for unlocking in a variety of ways.”
Read more in the full article here.
MacDailyNews Take: At least power down your iPhone at night. That would force a passcode if the phone is taken before you use it next.
To set a stronger alphanumeric passcode on your iOS device that cannot be easily brute-forced:
1. Settings > Touch ID & Passcode. On devices without Touch ID, go to Settings > Passcode
2. Tap Change Passcode
3. Tap Passcode Options to switch to a custom alphanumeric code
4. Enter your new, stronger passcode again to confirm it and activate it
BS, if you are force to unlock your iPhone by law enforcement, how can you resist it. Claim you forgot your passcode? Then you will be thrown to jail.
If this was after sentencing, then she was already headed to jail right?
It could just have easily been part of her sentencing; open the iPhone and we’ll take 1 year off of your sentence. Once convicted why would someone give it up. BS story.
Aw, so what! This is how it should be. This is a compromise that I can live with. Bad guys have to give up their fingerprints to unlock their phones, good guys are susceptible to forced fingerprints (but unlikely to be troubled as they aren’t doing anything wrong.) I can live with this. I can’t live with government having back doors. Back doors have the potential to be activated remotely by any bad actor. Fingerprints require your physical presence, thus much, much safer. (at least not on the iPhone, I hear Android fingerprint readers can be compromised remotely.)
Apple should leave things this way, it will keep the government off of their backs.
It makes no sense, but it has been presented many times that using your finger print to unlock is something they can force; using your passcode can not be forced. Thus the immediate forced shutdown if you ever find yourself in the presence of any situation where such might happen.
A solution would be if the iPhone had the option where you could define some fingerprints as “unlock” and others to “wipe”.
Same with passcodes.
So if anyone wanted you to unlock you could simply wipe.
And wiping could just mean that the decryption key in the secure enclave is written over.
The whole phone would not need to be wiped, just the lock so future applications of the key (fingerprint, passcode) would no longer accomplish anything.
If you understand how encryption works, deleting the key is effectively wiping the device as the only thing that remains is gibberish. There are no million dollar FBI hacks that can retrieve the data at that point.
This was mentioned in the article.
There are many other parts of a person’s body, that can be used if someone concerned about access to a phone.
NOT BS. All US citizens have the right to use the Fifth Amendment to the US Constitution. If a person believes their circumstances justify the situation, use that right. I bolded below the relevant section:
Fifth Amendment to the US Constitution
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
As has been pointed out in this thread, the Fifth Amendment only applies inside the USA and its territories. There may be nothing similar outside the USA. You’re on your own, or head over to a US consulate, where your rights are maintained.
…nor be deprived of life, liberty, or property, without due process of law;…
But remotely murdering people, including innocent children, using drones is perfectly ethical if they are non-US citizens and thus their lives are somehow less worth…
Imagine if the US ever killed innocents in Texas while going after targets. After about a week the new national capital would open for business in Dallas.
*DING* You’ve hit upon the prime abomination of the current US era. I call drones “cowardly remote murder machines”. It greatly disturbs me that these technological horrors are being used, that decent young soldiers are being ethically corrupted as remote pilots and bombers of these things. I also fear the repercussions of the future when victims of these remote murder machines pull the usual human behavior of retribution right back on we the guilty. IOW: I don’t like military attack drones.
What exactly is your issue with drones and how exactly would things be different if these drones were instead piloted with humans? The result is the same. Is your issue that we now have weapons that don’t put American soldiers in direct harms way? This is different from the WWII V2 rockets how?
Humans can DIE when they pilot real vehicles. They put their life on the line. There’s nothing convenient about it. There’s no mind fsck trickery to pretend it’s all going on at some ‘over there’ place while the trigger finger rests ‘over here’. There’s more intimacy with the people you’re killing. Your higher investment in the event causes higher concern about exactly who is about to die: Civilians? Babies? Some visitors at a wedding? Is the real target actually there?
Vs
‘Let’s get this bombing over with. I’m late for my lunch break.’ <-Sick shite attitude where human beings are reduced to mere wooden ducks at the shooting gallery.
If you don't get it, you're not going to get it. This is mankind not just shoving its head up its ass. This is mankind spewing rectal excrement on the world while it's head is up its ass. It's self-destruction. It's self-corruption. It's asking for severe and inevitable retribution from the victims of careless, cowardly murder.
How's that?
Oh, V2 rockets? Same thing from a different corrupt and sick regime using clunky old, inaccurate technology of its time. It was a whole new level of war abomination, with the emphasis on bombs.
What is wrong with us, fellow Homo 'sapiens sapiens'? Are we really doubly 'wise' when we're still creatures that HATE & MURDER OURSELVES, especially from a safe distance? I posit 'No'. We are not. We have massive evolving still do do before we're REALLY 'wise'.
https://en.wikipedia.org/wiki/Homo_sapiens
https://en.wikipedia.org/wiki/Self-deception
Right, because human pilots in planes are so very intimate with their targets… :rolls eyes:
As usual, I never expect to awaken the brains of those with no foresight. I expect you have your own insights beyond my personal blind spots. Just know that coward remote murder machines of all sorts are abominations of unethical military behavior and the repercussions will be just as deadly at our end as what we perpetrate now at the other end. Attempt to think about how you’d feel about an enemy who sent in a robotic device to kill a US military officer that ended up blowing up your family attending a wedding. Attempt to ‘walk in the other person’s shoes’. You’d find US drone strikes to be an abomination too. There is no valid excuse for them. Eventually, their use will be considers a war crime, as it should be.
Also, go in search of testimonials from soldiers of conscience (as opposed to psychopaths) who have had to be at the controls of the coward remote murder machines and the mental repercussions it has had on them to perpetrate drone abominations.
It’s sick and twisted to ask any normal human being to fly a drone and use it to kill. The military is going to have to seek out psychopaths to fly the nightmares until such time as they rachet up the abomination another level and let ‘AI’ (artificial insanity) devices do the dirty work for us.
The eventual last step is to create self-repairing and self-replicating coward murder AI robots. Turn them on and let them loose on an enemy.
We humans remain profoundly primitive when it comes to dealing with our own species. Why that’s the case is a matter of study and debate. That predilection and our inability to know everything about anything, mixed with our ability to believe almost anything to be absolutely true despite evidence to the contrary, will end our species, if not our entire miracle planet Earth, our only home.
It doesn’t get more profound. That’s where we’re going. So why not stop now? Hmm? Is war worth destroying the sanity and existence of our own species as a whole? Of course not.
Possibly add the option to use both a code and TouchID together.
Details below…
How about not having data on your phone that will catastrophically affect your life if someone gains access to it? Yes, yes, I know. That’s not possible for some people. But for most of the “average public”?
http://www.thisbusylife.com/2016/02/16/tech-tuesday-superfast-iphone-restart/
The funny thing is that my devices seem to say that they need the passcode to unlock them if I do not use the fingerprint reader for two days. (It has happened a couple of times.) So, if they do not get to you for that for two days, it does not matter. Then we are back to the passcode thing anyhow.
SOLUTION:
Multi-factor authentication
Turn it on and use it:
1) Touch ID
+
2) A nasty, unguessable, complex passcode with a variety of characters and numbers that only you know inside your head.
Reading:
About Touch ID security on iPhone and iPad
Learn about Touch ID advanced technology and security benefits.
Security safeguards
Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like “1234”, may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern. Instead, the 1 in 50,000 probability means it requires trying up to 50,000 different fingerprints until potentially finding a random match. But Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you can’t proceed until doing so.
To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation:
• After restarting your device
• When more than 48 hours have elapsed from the last time you unlocked your device
• To enter the Touch ID & Passcode setting
Since security is only as secure as its weakest point, you can choose to increase the security of a 4 or 6-digit passcode by using a complex alphanumeric passcode. You can do this when creating a passcode by tapping ‘Passcode Options’ and selecting Custom Alphanumeric Code. . .
BTW: Despite odd debates regarding this issue, at this time, US law enforcement DOES have the right to take your finger and apply it to your iOS device in order to activate Touch ID. I don’t see that ever changing. Law enforcement can take your fingerprints. Debate over.
If you don’t like it, change the law.
Wrong. Fingerprints are taken only when arrested. Legal and compulsory name, address and fingerprints can only then be taken incidental to arrest.
Sorry. Poor semantics on my part. Yes, you have to be legally arrested first. I was thinking that was a given.
I don’t have a problem disabling Touch ID. I have a 6s+ and Touch ID never consistently worked for me anyway.
You must not have done a good job setting up your fingerprint then during the initial setup. The 6s iPhones have the best / fastest fingerprint reader so far. The 5s TouchID was sketchy for sure – but the 6s TouchID has been a HUGE improvement over previous TouchID experience.
If I were you – and you’re interested in keeping and using TouchID – I’d delete old fingerprint and add new fingerprints again. Being very careful to move your finger around the entire circular bezel when instructed to move your finger during the tapping / recognition process.
Glenn noted ““If you currently use Touch ID and you live in or plan to travel to a country in which the rule of law regarding human rights and personal liberty is on the low end of the scale …”
Forget your “rights” in those countries; as a non-citizen you probably don’t have any. Don’t leave data on your phone. Better yet, get a burner phone and hide it in your sock if you are dumb enough to take valuable digital info into those types of countries. Better yet, why are you going to such a country?
…”Better yet, why are you going to such a country?”
Many people I know do it to help people of such country. People who work for UNICEF, UNDP, UN, various NGOs and charities (Doctors Without Borders and such), journalists… The list is quite extensive. Most of these people are quite well aware of the risk they take when they go to such countries, yet they take that risk, because they want to do something good.
Note that, when abroad, US embassies and consulates are usually present and can help you maintain your US rights.
Good luck with that outside of the consulate/embassy.
Manufacturers might be able to get around this by offering a ‘duress fingerprint’ facility. When setting up your fingerprint system, you might choose to scan the right index finger, but you could also scan the left thumb and specify that it’s the ‘duress fingerprint’. If that fingerprint is detected, the phone goes into a chosen mode, which the user could specify to be anything between instant power off, calling for emergency assistance or anything right through to complete wiping of all data.
Or something really fun, like “upon presentation of the duress fingerprint, turn on both cameras, take a photo, then send a text message containing the Lat, Long, and time, along with the images to (a user selected contact). Then shut down completely until a unique, secondary passcode is entered”.
Don’t use the middle finger as the duress fingerprint. Too obvious.
People of the free and civilized world take note of what he said: “Not all governments are just” and by now you are certainly aware of the unjust countries who will censor or you out if you say something disagreeable, torture you because they say it’s a good way of extracting information but everybody knows it’s to justify their insecurity or worse yet detain you for years for apparent reason.
They will do anything to get your pass code if they want. Like the Nazis, they are so self centered on themselves that they have no regards for you as a human being.
I like the idea of allowing us to change the 48-hour timeout to something much less, and giving us more options to protect ourselves from those who want to coerce access to our private data.
Easy enough to get round this: if required to use TouchID to unlock, just use a digit that you haven’t programmed in, e.g. use your middle finger. After it hasn’t worked a few times, TouchID will automatically be disabled.
Or don’t programme your thumb as the TouchID digit. Use another of your digits. Then if required to unlock it you can use your thumb, and it won’t work, and will disable TouchID.
For increased security on the fingerprint sensor be aware that you could also use a knuckle or your nose as the finger print. Even heard of one guy using his nipple to open the iPhone.