Proof That the State Can Compel You To Unlock Your Phone with Your Fingerprint

touchid-2At the Dark Android Project I often bring up that I really don’t recommend devices that have fingerprint sensors on them. Why? Because there has been a long held theory now that while you cannot be forced to give up your password to your device in the United States, you can be compelled/forced to “give up” your fingerprint to unlock your device. And if your device has a fingerprint sensor, and if you use it to lock your mobile device, it can then be used “legally” to unlock your device. Bottom line.

Up until now, this has largely been considered a conspiracy theory as no case has actually been shown where the police or other government goon agency has compelled an individual to unlock their device with their fingerprint.

Well, as Forbes has recently uncovered, this is no longer conspiracy theory. This is a fact. On February 25, 2016, a warrant was issued to the LAPD that included the order to compel an individual to unlock their iPhone with their fingerprint. To be exact, a warrant was signed off on by a judge in the District Court in the Central District of California, with the warrant’s particular line on the final page of the short document, reading:

Law enforcement personnel are authorized to depress the fingerprints and/or thumbprints of the person covered by this warrant onto the Touch ID sensor of the Apple iPhone seized… on 25 February.

That’s pretty cut and dry. Regardless of any of the other particulars in the case, there it is, a judge saying that the police have the okay to force an individual to use their fingerprint to unlock your device. That means this kind of warrant could be issued against you.

Fingerprint sensors–and biometrics in general–are becoming incredibly commonplace on not just iOS devices, but also on Android devices, and even Windows 10 Mobile devices (including with their Windows Hello features). It’s important to bring up biometrics in the abstract, as I can’t see why a warrant couldn’t be used to also compel you to use your face–if you’re using facial recognition lock–to unlock your device, and not just with fingerprints.

Granted, you’re not required to use biometrics/fingerprint sensors as the system to secure your mobile device. So thankfully it’s a feature that you can just turn off. A PIN code longer than 6 digits is the preferred system to lock your device, and on many devices this is possible to do (and if you can only use 4 digits, that’s still better than  using any biometrics/fingerprints). Using 6 or more digits makes brute force attacks on your pin code infinitely harder, and also in the United States–“thanks” to your 5th Amendment rights–you cannot be compelled by court order to divulge your PIN code or password. Your fingerprints or other biometrics are not protected the 5th Amendment, and that’s now an unquestionable fact with this recent LAPD warrant.

But no matter how many times I’ve brought this up over the years on my tech podcast Sovryn Tech, no one has cared to listen, and they just go right on using Apple’s TouchID or even facial recognition login on their various devices. Maybe now, with a “case in the bag” that proved that the government will use biometrics against you, things will change. It’s not like the government even needs to compel you to use your fingerprints to access your device, they can just “collect” your fingerprints without you knowing, and print out a copy of it to unlock your device.

I get it, using biometrics is convenient, even “cool” in your mind, perhaps. But let’s keep that in perspective: While many of these advances seem like something out of science fiction and thus seem “futuristic and cool”, we don’t live in some futuristic time where we can run away to some other planet if the presiding government doesn’t like us (or more accurately, we peacefully don’t like the government). Many of these “cool” technological developments get used in the government’s favor (or in the favor of other bad actors).

SIDE NOTE: Let me guess, you don’t have anything to hide right? Cute. Well as is worth considering due to other recent cases, encryption and keeping your device locked isn’t just about whether or not you have something to hide, but also about you perhaps not wanting to get something *planted* onto your device. Passwords/encryption doesn’t just keep people from seeing what’s stored on your device, it also keeps people from adding things you don’t want onto your storage that could turn you into an “insta-criminal”. Encrypt all the things.

So I’m suggesting you use a PIN number instead of a fingerprint. Too much trouble to punch in some numbers instead of put your thumb down? Aww…poor baby. Well, don’t come crying to me when you say you want to give a shit about privacy. This is one step that isn’t that hard to implement to instantly have more security and privacy on your mobile device (and really this can apply to many modern computers, as well). Biometrics have been proven to be a failure over and over again over the years that they’ve been tried to be implemented. As long as biometric security is still optional…just stay away from it.

Oh…and who’s crazy now?

Carpe lucem!