Apple beefs up Touch ID rules in face of legal rulings

“Apple has quietly changed a policy that has resulted in iPhone and iPad owners having to more frequently enter passwords to unlock their devices,” Don Reisinger reports for Fortune.

“Users must now enter a passcode anytime the device’s Touch ID fingerprint sensor hasn’t been used in the past eight hours or when the device hasn’t been unlocked with a passcode in the last six days,” Reisinger reports. “In such cases, Touch ID is turned off until users enter passcodes.”

“The limitations on Touch ID were actually implemented when Apple introduced its latest operating system, iOS 9, last year,” Reisinger reports. “The new Touch ID policy highlights the two ways of unlock Apple devices. Both potentially make it more difficult for law-enforcement to access data on devices as part of their investigations.”

Read more in the full article here.

MacDailyNews Take: Better yet, since some of these judges seem to be unable to read and understand the Fifth Amendment, Apple should let us assign a specific timeout for Touch ID in iOS 10.

Sometimes the law gets too cute. We shouldn’t leave common sense out of the equation. The process is the same thing. You’re getting access to someone’s most private information by forcing someone to give you the key. — David Oscar Markus, Miami defense attorney

You carry forever the fingerprint that comes from being under someone’s thumb. — Nancy Banks-Smith

To set a stronger alphanumeric passcode on your iOS device that cannot be easily brute-forced:
1. Settings > Touch ID & Passcode. On devices without Touch ID, go to Settings > Passcode
2. Tap Change Passcode
3. Tap Passcode Options to switch to a custom alphanumeric code
4. Enter your new, stronger passcode again to confirm it and activate it

SEE ALSO:
Panic button: iPhone users need a way to protect their data when the law fails to do so – May 17, 2016
Feckless FBI unable to unlock iPhone, even with a ‘fingerprint unlock warrant’ – May 12, 2016
The Touch ID lock on your iPhone isn’t cop-proof – May 11, 2016
U.S. government wants your fingerprints to unlock your phone – May 1, 2016
Should you disable Touch ID for your own security? – May 9, 2016
Apple supplier LG Innotek embeds fingerprint sensor into display – May 4, 2016
U.S. government wants your fingerprints to unlock your phone – May 1, 2016
Android fingerprint scanners fooled by inkjet printer – March 8, 2016
Android fingerprint sensors aren’t as secure as iPhone’s Touch ID – August 10, 2015
Apple files for patent to move Touch ID fingerprint scanner from home button to display – February 9, 2015

[Thanks to MacDailyNews Reader “TJ” for the heads up.]

15 Comments

  1. It’s a good and warranted move for Apple but once again the way it’s expressed makes it sound that law-enforcement is the sole and unique target:

    The statement, “both potentially make it more difficult for law-enforcement to access data on devices as part of their investigations” only shows part of the truth. Both potentially make if more difficult for anyone except the user to access data on devices. Yes that includes law-enforcement but it also includes criminals who would steal your data for nefarious purposes and for terrorists who would ship you to say a Guantanamo on the Bay resort and leave you there to rot and be tortured.

    It provides security and privacy for everyone.

    1. I for one hope that Apple doesn’t take this fight much further.

      Government should be able to access your phone with a court order and in your presence. This is a compromise that I can live with. Bad guys have to give up their fingerprints to unlock their phones, good guys are susceptible to forced fingerprint submission, which is unlikely as good guys aren’t doing anything wrong. I can live with this. I can’t live with government having back doors that can be used without my knowledge. Back doors have the potential to be activated remotely by any bad actor, government or otherwise. Fingerprints require your physical presence, thus much, much safer. (At least not on the iPhone, I hear Android fingerprint readers can be compromised remotely. Fragmadroid is so wonderful! /s)

      Apple should leave things this way, it will keep the government off of their backs. If they lock things down further, they will continue to have governments attacking them. One day a government may even ban Apple devices if they continue further down this cat/mouse road. Right now devices are protected from remote exploits, good enough for me.

      1. Then you deserve neither liberty nor security because you would give up one for the perception that you have the other. No one and no entity will ever make you more secure than you yourself can armed with knowledge and a good weapon. Don’t threaten anybody and don’t allow any government or other person to EVER see your private papers (data on your phone). You DID build that. Nobody owns that but YOU!

        1. Somebody needs to tell the guys who wrote the Fourth Amendment that nobody should be able to see your private papers, even if they have a perfectly proper warrant issued in full compliance with that Amendment. This is not a black and white issue with no middle ground between (1) allowing the Government to search anything without any reason and (2) never allowing the Government to search for evidence of criminal activity under any circumstances. The Fourth Amendment has served as a pretty good middle ground for a couple of centuries now.

      2. Thanks for your post SixnaHalfFeet, you make some good points, though I happen to disagree with some of them.

        “Government should be able to access your phone with a court order and in your presence.”

        That was good back in the day when an amendment was written where pretty well everything (place, person and things) was searchable. The exception from my understanding would be any information that was held within the persons mind (the ability to avoid self incrimination) and anything written in code, i.e. you do not have to provide the key to deciphering a coded message.

        Now we are getting to the point where technology allows the public at large the ability to encrypt and code data so that they are the only ones who can access the data. This is as new and as revolutionary as the printing press so obviously governments are going to lag behind, trying to use ancient concepts that will be challenging to the new line being drawn in the sand. Here is a device that a government can physically seize but they cannot search the data within. It’s as secure as what is in a person’s mind. They will have to deal with it.

        “Bad guys have to give up their fingerprints to unlock their phones, good guys are susceptible to forced fingerprint submission, which is unlikely as good guys aren’t doing anything wrong. I can live with this.”

        This is a grey area, for insofar as I know fingerprints are used to determine the presence of an individual at a crime scene or if an individual used a certain item. Using them as a tool to unlock an iphone, well that’s a new usage of a fingerprint. Can a key found at a crime scene be used as a tool to unlock a safe at a crime scene? Probably. Can a car at a crime scene be used by a government representative to drive around in? Probably not. It’s a grey area but I’d tend to lean that fingerprints will be used to unlock iPhones.

        There is no way that I would want any government having a back door to an iphone. Seriously, you’d want China, Russia and/or Apple’s home government to have access to your iphone’s data? Pure lunacy if you ask me, it’s just asking for trouble.

        Fingerprints do not require your physical presence. Anyone who has someone else’s iPhone can access it if they have a copy of the required fingerprint.

        It doesn’t matter what Apple does, their home government will attack and attack that’s what they do. They have been at war for roughly 80% of their history, it’s in their DNA (Destructive Nuclear Arsenal). It’s a moot point.

        A government banning Apple devices doesn’t faze me, as most won’t because privacy and security is what Apple is aiming for, and that’s an empowering concept in this day and age.

        1. I am still astonished at your insistence that the United States Government is uniquely evil… to its own citizens as well as everyone else. You keep claiming a real possibility that Americans might be packed off to Guantanamo. Hasn’t happened and isn’t likely to. The only reason anybody is still locked up down there is that no country on earth will accept the dangerous prisoners that the Obama Administration has been trying to release since Executive Order #1 on January 20, 2009. There is no evidence of “enhanced interrogation” since well before that.

          Your main evidence for Wicked America is that the U.S. ranks #94 on the Global Peace Index of 162 countries, which is based on a set of utterly subjective factors that are inherently biased against large industrialized countries. On the Index, the U.S. is essentially tied with the well-known bastion of democracy Saudi Arabia and ranks behind such paragons of peacefulness as Cuba, Bangladesh, and all seven of the countries that emerged from the ethnic cleansing in Yugoslavia. Until this year, we usually ranked behind the peace-loving People’s Republic of China. I call BS.

          1. You clearly don’t know what you’re talking about when it comes to Gitmo. The U.S. government has admitted it has quite a few people still held there that it no longer believes did anything wrong, but is afraid to release because NOW they might hate the U.S. (after being tortured by the U.S.) and do something in the future. Also, no one else will take them, for many reasons, perhaps including not wanting to enable this kind of criminal behavior by the U.S.

      3. You’re welcome to give full access to your iOS device(s) to anyone you want.

        As for me, I’ll decline.

        Even my wife can’t access my iPhone. It’s not that I have anything to hide, it’s just that THAT device is MINE and mine alone.

  2. >Users must now enter a passcode anytime the device’s Touch ID fingerprint sensor hasn’t been used in the past eight hours

    I don’t think that’s true, unless it’s something Apple just turned on in the last couple days. I routinely sleep longer than 8 hours on weekends and I don’t have to enter a passcode to unlock my phone when I wake up. (iOS 9.2.1)

  3. Excellent. It should also be easy for users to turn on BOTH Touch ID and a long pass code being required to unlock iOS devices. Yeah, it’s annoying. It’s also FAR safer.

    “There just isn’t a way around the tradeoff between security and convenience.”
    – Steve Gibson, GRC.com, Security Now podcast

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.