The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com) 224
schwit1 quotes this report from the Daily Gazette: "As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"
Backlash (Score:2)
Re: (Score:2)
And how's that working out for you?
I mean technically Apple didn't lose in Court, but the government actually got more then it wanted in terms of access to your damn phone because the hack it's using today is not tied to a single iPhone 5c.
Re: (Score:2)
actually "harder to crack" is not same as "impossible to crack".
maybe op should amend his statement to -
harder a government tries, the faster a market for 'hackers' able to crack ever harder-to-crack devices will grow.
legal millions for police sanctioned cracks . you bet!
Re: (Score:2)
And how many years ago was the 5 considered the gold standard in phones?
Technology changes. All security tech from this year will be worked around eventually.
And the government will still be around when they hack your supposedly government-safe phone.
Re: (Score:3)
Re: (Score:2)
Mythbusters did an excellent episode where they defeated many home security devices, including a finger print reader. As I understand it, later models of iPhones actually read a capillary signature, so theoretically a severed fingertip wouldn't do it. But I wonder if some of the Mythbuster techniques would work.
I'd like to see a survey of those using
Re: (Score:3)
Re:Backlash (Score:5, Interesting)
People are always criticising passwords, but passwords can be kept safely in one's mind. And there is no way for the government to extract that password from you.
One of the US presidential candidates this year disagrees, and believes in "advanced extraction techniques" or whatever the latest euphemism for torture is.
That said, the biggest problem with biometric authentication is that once the cat is out of the box, it won't get back in. You can change your password, but you cannot change your biometrics. Once they've been copied, they're compromised for the rest of your life.
For a fingerprint, that can be very easy to lift. A photo, or a glass, or a door handle. You don't even have to know that it's been taken.
Another big problem is that they're not as unique as we like to think. There have been cases where people have been found in a fingerprint database that were nowhere near where "their" fingerprint was found. With several billion people, there are going to be overlaps. And because of the implicit trust in biometrics, the onus is on the suspects to prove his or her innocence against something that is treated as infallible evidence.
Re: (Score:3)
Fingerprints are unique, but the FBI method of mapping them is NOT. You are equating two separate things. The FBI fingerprint systems don't look at the exact fingerprint, they create a dot pattern based on the whorls in the fingerprint and then use the dot pattern for matching. Those dot patterns are not going to be truly unique because fingerprints can generate the same dot pattern and be different.
This is a problem with the FBI computers that do the matching, NOT because fingerprints aren't unique.
Duress print (Score:5, Interesting)
New option: set a finger to use which will cause the device to wipe. (I can think of an appropriate digit to use).
Re: Duress print (Score:3)
That won't help you. Unless the "wipe" included fake usage and history, that's tampering with evidence and a crime all its own. And if your fake data doesn't match call record metadata, that will still be easy to prove as tampering.
Re: (Score:2, Interesting)
Re: (Score:2)
9 to 1 odds of wiping the phone? (Score:3)
1 finger unlocks the phone, other 9 wipe it.
Also... Back in my teenage days I once got SOOOO drunk my pals thought it would be fun to test if I had any sensation left - by putting a lighter under my left index finger.
Permanently altered that fingerprint due to scar tissue.
I'm pretty sure there are various other ways one could alter one's fingerprints rather easily and quickly.
Causing those 1 to 9 odds to suddenly look a lot more like 100%.
Look like being the operative word.
Re:9 to 1 odds of wiping the phone? (Score:5, Funny)
Any finger wipes it, middle toe of right foot unlocks it.
Re:9 to 1 odds of wiping the phone? (Score:5, Funny)
I always wondered if a dick-print could be used to unlock an iPhone.
Never got around to it as it turns out, if you tell everybody that's what you do, nobody touches your phone anyway.
Re: (Score:2)
Not using the silly fingerprint scanner in the first place. They don't need your help to press your finger to a fingerprint reader.
They don't have mindreading yet, so a good password still works wonders.
Go extreme and get your phone set up to wipe if the passcode doesn't get entered at least once every X days....
Go ahead and do that (Score:2)
Welcome to contempt of court. Enjoy your indefinite stay in jail until the judge lets you out.
Re: (Score:2)
That won't help you. Unless the "wipe" included fake usage and history, that's tampering with evidence and a crime all its own.
I think you have a good point that wiping a locked device might be construed as tampering with evidence. But what if it just reencrypted it a second time, maybe even with a random password but one you just don't know ?
IANAL but you didn't erase anything, it was locked before and now it is still locked. Maybe even do it so they could brute force in 10-20 years time?
Conveniently after the statute of limitations has run out.
Re: Duress print (Score:5, Informative)
Re: Duress print (Score:5, Interesting)
Converting the data to an unusable form ....
You said it yourself: "Converting". But it was unusable before (ie., encrypted) and is still encrypted. Hence, no meaningful conversion took place.
How about this: You could set up the system to unpack itself but with an algorithm that takes 20 years. It was locked before and now it is decrypting itself. You were asked to open it and you did.
All good things take time...
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Wrong.
You need to prove someone is guilty of an actual crime. You can just assume they're guilty then assume something they did was related to that crime.
Fucking PROVE it.
Re: (Score:3)
Re: Duress print (Score:4, Informative)
> if you do so after you know the material shredded was needed for an investigation or lawsuit.
This. As a budding young sysadmin this was always one of the first things that came up as why we really need a data retention policy. The last position you want to be in when a lawsuit arrives is having just erased data with no clear policy as to why you did it.
Its not even entirely about whats true or what can be discovered but what can be proven to the satisfaction of men, and that is always going to be a larger set. Best to have a policy and stick to it.
Re: (Score:2)
So changing all the data on the phone (even if it could be decrypted to the same) is not tampering? Might as well just have it delete the private key instead (which is how remote wipe / too many guesses wipe works).
Re: (Score:3)
Dude,
Stop watching movies.
You've just committed multiple felonies relating to obstructing an investigation. Moreover the reaction of Courts to "you can't prove that, the evidence is gone," is typically to assume the evidence was the most damning evidence possible.
Re: (Score:3)
While you may be held in contempt or face other charges if you deliberately take an action to destroy evidence, I've never heard of "beyond a reasonable doubt" being interpreted as "or, you know, if they destroyed evidence". Much of this also depends on the specifics of the case as well.
The overall topic- that you can be compelled to use your finger to unlock a phone- isn't even new. This has already been found in older cases. It's a very solid reason to use good crypto- you can be compelled to unlock wi
Re: (Score:2)
Print + Password every time.
Re: (Score:3)
Thye standard doesn't change.
But if you destroy evidence, the cops can tell that to a Jury. Generally they have to, because it would be quite unusual to have separate trials for the destruction of evidence charge and the charge that started the investigation.
So the Jury goes into that room, where the course of your life will be determined, and yes they are technically using the same standard as always (Reasonable Doubt). But your side has a huge credibility problem because you destroyed evidence.
Yeah, you c
Re: (Score:2)
But if all they have against you is locked-away in an encrypted phone, that means that unless they get you to decrypt it, they can't even charge you with anything, since "he wouldn't decrypt his phone" isn't an indictable offense.
Number one, if all they had on you was a locked-up, encrypted phone then it would be mighty hard for them to get a warrant, now wouldn't it?
Number two, the OP isn't talking about not decrypting the phone, he's talking about wiping the phone. Not decrypting the phone is really smart as long as you can avoid doing so without violating a valid court order. But regardless of the evidence they use to get the order, they can fairly easily prove your newly wiped phone does not match up to the data your provider ga
Re: (Score:3)
I'm pretty sure destroying evidence has a less harsh penalty than murder or copyright infringement these days.
Re: (Score:3)
Re: (Score:2)
This is a great example of why all phones should allow multiple user accounts. If you configure different accounts with different fingerprints, your private stuff could be in your left-handed account, and you could have a generic account with some minimal history and no access t
Re: (Score:2)
If providing the wrong finger leads to tampering with evidence (an act of my own doing), then providing the correct finger and thus the evidence is incriminating myself, which *should* be covered under the Fifth Amendment. I say should, because I don't have faith in our legal system to give a crap about the Fifth, or any other Right, these days...
Re: (Score:2)
So if caught with the finger on a paper shredder power button, pressing ON is not tampering? Certainly being forced to press the OFF button is not a violation of Fifth Amendment.
The only clause of the Fifth that applies is this:
nor shall be compelled in any criminal case to be a witness against himself
The term "self-incrimination" is shorthand, but it's not really accurate for every interpretation. Putting your finger on the phone to unlock is not an act of testimony.
Re: Duress print (Score:2)
Not really sure that's necessary. As this is an iPhone, TouchID is disabled if the device is rebooted, 48 hours pass, or their are five incorrect attempts at fingerprint scanning.
That is, they're far more likely to burn through the 5 attempts than they are to hit the duress finger.
Re: Duress print (Score:2)
On iOS, the TouchID bad guess counter is global. So even bad guesses in apps that ask for the fingerprint via TouchID count against the limit of 5.
Re: (Score:2)
Re: (Score:2)
If keys and other important data are stored in memory on the CPU chip (which is how Apple does it on the latest iPhones I believe) its not possible to "back up the encrypted data" in that way.
Smell it! (Score:2)
Smell my finger! Now pull it. Wouldn't matter anyway. My phone demands a password every XX hours no matter what.
How far can the (US) government go? (Score:2)
I would assume not so far as to deny someone's 5th-amendment privilege to decline to self-incriminate. But IANAL.
Re:How far can the (US) government go? (Score:5, Informative)
I think you have a bit of a misinterpretation of the fifth amendment.
The explicit text related to self-incrimination is:
"...nor shall be compelled in any criminal case to be a witness against himself; ..."
which is generally interpreted as:
"The Fifth Amendment protects criminal defendants from having to testify if they may incriminate themselves through the testimony. A witness may 'plead the Fifth' and not answer if the witness believes answering the question may be self-incriminatory."
So, the fifth amendment specifically applies to testimony.
So while you can't be compelled to provide authorities with your decryption key for instance, we have recently seen here [slashdot.org] that you can be ordered to perform the decryption itself and be held in contempt of court for not doing so.
Re: (Score:3)
What if you made the passphrase answer a statement that you were guilty of doing something? Then, since you can't be forced to testify against yourself, you can't divulge the passphrase since it is itself self-incriminatory.
I should have gone to law school.
Re: (Score:2)
So while you can't be compelled to provide authorities with your decryption key for instance, we have recently seen here [slashdot.org] that you can be ordered to perform the decryption itself and be held in contempt of court for not doing so.
Re: (Score:3)
The slashdot summary didn't do it justice, either. The court is holding someone who claims to have forgotten his password indefinitely until such a time that he produces his password.
If the police search your house, and deep in your basement find a computer hard drive from 6 years ago that you've completely forgotten about, and have no recollection of the passphrase to unlock, do you deserve indefinite det
Re: (Score:2)
Thanks to both ACs for the clarifications. Obviously I confused evidence with testimony.
Re: (Score:3)
Claim that you used OTP encryption, ask for a copy of the encrypted data, generate a key that will decrypt the encrypted data, verifiably and reproducibly, to any plaintext you chose.
Re: (Score:2)
Nope. The Fifth Amendment applies to shit you say, not shit you are:
nor shall be compelled in any criminal case to be a witness against himself
You can refuse to turn over passwords all you want, and they can't make you. But your finger? They need to get the proper papers filed with the Courts, but they can borrow that for five minutes.
You could argue that the finger is something testimony like, but the rules lawyers that actually run the legal system have centuries of tradition defining "witness" as being "testimonial" in nature, which means that if the info you're divulging is an
Multi Layered Logins (Score:3)
Re: (Score:3, Interesting)
Or just using a long password held only in the brain. A lot less complicated than multiple layers of security, works right now and is "safe enough" for most people.
For example, a police officer that doesn't respect your rights and asks to see the device contents without a warrant, because you were filming or were using your device in a manner they didn't like.
One drawback is the time it takes entering a long password when you need your device quickly or need to check it often.Although, Android does have a f
Re: (Score:3)
Current phones have already solved this problem. Can you set both Android and iOS to require a password/PIN after a certain amount of time, rather than just a fingerprint. You should set it to something short so that the police don't have time to get a warrant.
Android also has a number of Dead Man's Switch apps, which will automatically wipe the phone after a certain period of inactivity. How this affects you legally depends on the jurisdiction I guess. Is failure to act to prevent the destruction of eviden
Public Service Announcement (Score:2)
You can painlessley sand off your fingerprints in about 3 minutes. What are they going to do if you literally do not have fingerprints? Okay so you can't unlock your phone normally either then anyway but I think Slashdot people are smart enough to not use pathetic attempts at biometrics.
Re: (Score:2)
The government can just wait for your prints to regrow (while you are held in custody)
If the pattern is still there, just sanded, they could take high resolution photos of your fingers and extract the pattern using software. Or use prints they took from you previously.
They can then make a finger simulator from your print information, enough to trick the sensor on the iphone.
Also, if your prints are sanded, how are you unlocking the phone normally...
Sanding your prints in response to a warrant is obviously
Re:Public Service Announcement (Score:5, Interesting)
That approach won't work. The device won't take fingerprints after 48 hours. In fact, if the person simply refuses to submit to use of their fingers to unlock the device, they might get held in contempt, but after 48 hours, they can submit to the use of their fingers, and they're no longer in contempt, but it won't be of any value to the government.
Re: (Score:2)
All that is needed is 48 hours following the last login before the OS requires a passkey.
That's actually a good solution.
What's the big deal? (Score:2)
OPM already released mine. (Score:2)
So I guess I am screwed. But there is hope for everyone else.
Ugh.
You've been warned: biometrics might not be secure (Score:5, Interesting)
See this Slashdot article from October 2014: Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone [slashdot.org]. And that's not the first.
(IANAL.) The idea is that forcing you to reveal something you know (passcode, etc) is testifying and thus could be self-incrimination and not constitutional, but that forcing you to provide something about yourself is totally kosher. The analogy is being compelled to give up a key or DNA vs a safe combination - the former is searchable, the latter is not. Fingerprints are routinely taken upon arrest, even if the person is released without charges. Physical descriptions or stuff on/about you is not testifying. The argument to make here is a fourth amendment one about being "secure in ones papers" - but they have a warrant so that doesn't do any good anyway.
What it comes down to is the fifth amendment is a very important, but very circumscribed, right - not a get out of jail free card. Which shouldn't have been a surprise, really, otherwise the police would never be able to prosecute much of anything.
Re:You've been warned: biometrics might not be sec (Score:5, Insightful)
I've always wondered why people would think that fingerprints are a highly secured method of authentication. You leave the things around everywhere you go and you can't change them if they are compromised. Imagine if you dropped little strips of paper with your password (that could never be changed) written on it everywhere you went. How long would your "highly secured" password last if someone decided they wanted into your account? Especially if that person was the government?
Heck, if the government has your phone, chances are they have your fingerprint on your phone (or have access to somewhere you've been that you've left your fingerprints). Even if they don't have you in custody (and thus didn't fingerprint you), they can use those fingerprints to gain access to your phone.
Re: (Score:3)
And that's why Apple disables
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
For the iPhone power up or 48 hours of lock screen requires a 6 digit passcode not a finger print.
Or strong alphanumeric password with possibly many many bits of entropy - like mine. Does their TouchID precedent allow for forcing you to produce your password? I thought at least that was protected under the 5th amendment?
No problem here... (Score:3)
They got a warrant. None of my other "persons, houses, papers, and effects" are secure against a warrant, so why should my phone be?
You may not think that there are other situations where the State could require my cooperation to investigate my alleged crimes, and yet those situations exist commonly. Fingerprints or DNA, for example, are coerced confessions from my body to be used by the state against me - and there's a long history (sometimes sordid) of their acceptance and use. They are coerced cooperation - try not giving fingerprints or DNA and see how far you get.
The only significant issue I see is that the coerced cooperation required to open my phone, opens a huge window into my private business that doesn't have much of a parallel pre-cellphone. But that isn't much different than a search warrant for my house - the warrant must be specific, but that doesn't mean that the police who search my house won't investigate every document, container, and closet that may (or may not) be covered by the warrant.
Re: (Score:2)
People say that they've got more info on their cell then they would have in their House, but I really don't see that.
There's some areas that's true, but much of that is stuff they can get from Cell towers anyway. The rest tends to be app data -- Tinder/Grindr/type-apps could be quite revealing, but Candy Crush ain't. And there's stuff in your house that nobody could figure out from your mobile.
For example, do you share a bed with your wife? Are there tampon cartridges in the trash, and how fresh are they? W
Good old BB's (Score:2)
don't remember password, type wrong 3 times (adjustable) - oh, sorry, device wipes... have to be quick though with typing...
No finger print sensing BS.
How far according to history. (Score:3)
How far can the government go to obtain biometric markers such as fingerprints and hair?
They can go as far as just taking you around the back of the courthouse and shooting you. Of course those governments don't tend to be popular, but it happens. It all depends how much power the people give the government, until a critical mass is reached where the government no longer needs the people and can just give itself power. Guess which phase the US is in today.
What you HAVE is not as protected as what you KNOW (Score:2)
The government can compel you to give over certain things that you posses, and the use of fingerprints is so old that there is no question that they can do with that pretty much what they want.
What is protected is your right not to give testimony against yourself. A password is covered. A fingerprint is not. Facial recognition would not be covered either. Remember that before using those whiz-bang new features.
Depends on if they can prove it's yours (Score:3, Informative)
In at least one well-known case, it was held that a subpoena for the contents of a phone (protected by a password) to be used or provided depends on one factual question. The same question that applies to documents locked in an old-fashioned safe that has a combination.
If there is a question about whether or not the phone belongs to the defendant, providing the password would be admitting ownership. That would be testimony, which is protected by the 5th.
On the other hand, if the defendant admits it's his p
This is clearly overreach ... (Score:2)
... because the "key," analogy fails.
When police knock on our door with a warrant, the warrant specifies what they are looking for.
Recall the example of overreach in the case where an individual is suspected of stealing a TV and LEO looks in desk drawers and cubbyholes.
Officers are not allowed to toss your house, looking for a TV.
A smart device contains information that is private to other, unknown, persons .
I may have photos of you. I may have emails from you. I may have text messages from you, and I may
Re: (Score:2)
Citizens should have a place to store shit without LEO getting its fucking hands on it.
If it's not a smart device, then where is it?
Besides your brain? Under US Law the only place you are allowed to protect information from ignore a valid warrant is your brain. That's the entire point of warrants.
That a country would try that is what I refer to as an Interesting Constitutional Theory.
"Interesting" as in it's impossible by definition. Some have lacked the clout to get info they wanted, or the technical skills; but if you set up a government that can't even verify the info it's citizens tell it is true then it's gonna be mighty tricky to
A photograph of the finger could be enough (Score:2)
Re: (Score:2)
From a law enforcement point of view a warrant is pretty much free.
The cop tells a Judge "I need that warrant," if the cop has probable cause to search the limited area he is asking for the Judge is duty-bound to grant the warrant. Since the Judicial branch is not part of the cop's budget you have to figure a half-hour of a low-0ranking FBI Agent's time.
The shit you're talking about would require a really good photographer, a stake-out, and a lot of time to get precisely the right angle.
just this (Score:2)
seems like a good reason to use some other form of unlock than fingerpirnts
Iris (Score:2)
Re: (Score:2)
Ever tried it?
If you watch the CCC video of breaking into the iPhone, you'll notice a pristine front cover glass, with a very carefully placed fingerprint. And they're experts at this.
Give it a try sometime. It's quite educational.
Been thinking about this... (Score:2)
...since the terrorist phone case and how easy it would be to force someone to unlock a bio-locked phone. What I'd like to see is Apple/whatever Android phones have that level of biometrics to either require a passcode or self-destruct if the wrong registered print is used to try and unlock it.
why keep the trail (Score:2)
What will happen when... (Score:2)
You're doing it wrong (Score:2)
If your fingerprint does anything more than let you answer a call or rear a text message, you're doing it wrong.
Fingerprints are not secure, unless you always wear gloves you're leaving the key to unlock your phone on the phone itself.
distress finger (Score:2)
So the next step will be to have distress fingers, i.e. if I use my left thumb, the phone will lock up and I need to enter my code, TouchID will not work by itself anymore.
Problem solved. Apple, you listening? Wait, you don't have to. Any expert in security knows about canaries and distress signals, so you're probably working on it already, right?
Biometrics are a bad idea (Score:3)
The problem with biometrics are they are fixed. So once they are stolen, you are screwed. Duplicating a fingerprint is easy. Iris scans are probably simple enough to defeat given the right equipment. Even some future DNA scan could be defeated, in theory. Keep in mind, no matter what form of security is used, it has to be digitized in some way. That is a crack in security.
Thank You Slashdot! (Score:4)
(Yes, this is a serious, non-sarcastic post.)
Yikes, that scenario had never occurred to me. I just turned TouchID off on all my devices. Entering my (>4 character) passcode isn't really that hard.
This sort of story is why I like Slashdot. This was interesting and useful. Thanks to the submitter and the editor.
Sigh (Score:5, Insightful)
Fingerprints are not passwords. If you use them that way, you're an idiot.
At best, fingerprints are shortcuts for your USERNAME. You can use them in systems like that - school library and dining hall systems are perfect, you're not interested in "security", you're just interested in determining the correct child to a certain degree of accuracy quickly.
Your password should still be something that only you know.
People using fingerprints for passwords are deliberately making their machines less secure.
There's more than one country in the world, y'know (Score:2)
The US Government wants to force people of interest to use their fingerprints to unlock phones
FTFY. Fixed the stupid capitalisation too.
Re: (Score:3)
There is no difference in the task - but it used to be you got put in the police archive for easy identification, NOT that you gave up all your personal files to the police.
Re:Fingerprinting is new? (Score:4, Informative)
And the police fingerprints are still good enough to be used to defeat the best fingerprint scanners. There's been no noticeable improvement in the technology since the paper on defeating it was published in 2002.
https://cryptome.org/gummy.htm [cryptome.org]
The crack was confirmed by MythBusters in 2011.
https://www.youtube.com/watch?... [youtube.com]
There has been no basic change in the technology. Fingerprint scanners are still trivially beaten.
Re: (Score:2)
Really?
So, I issue a personal challenge. I will pay you $500, in cash, if you build me a fingerprint spoof made from a latent print that will break into a 2013-2015 HP Enterprise laptop. As part of the deal, I will require that you log the hours you spent, the money you spent, and all the attempts you made, to fulfill this requirement.
If your knowledge of this area is gained from Mythbusters, you are sadly behind the curve. I will admit, however, that the fact that I have to call out a specific class of
Re: (Score:3)
I don't know where you are, nor have hands-on access. MythBusters reprised the 2002 paper: Feel free to repeat the experiment, yourself, with a scanner, a printer, and a permanent marker to print the expanded scan, correct broken lines with a fine marker, then reduce the scan. And yes, I've done this about 3 years ago, at a data center with a laser printed paper fingerprint, moistened, on my own fingerprint. I'm not sure which model it was, but it was a useful proof of concept. The claims of "this is a 3D s
Re:Fingerprinting is new? (Score:4, Insightful)
Sounds like a mistake to use your fingerprint as a password in that case, then. Not law enforcement's fault.
Not Testimonial (Score:3, Interesting)
Fingerprinting is not new--not only is it required of criminal defendants as a matter of course, but many states take fingerprints for other reasons such as admission to the bar.
The Fifth Amendment right against self-incrimination does not apply because certain information is not considered "testimonial" in nature. You are not testifying when providing a fingerprint. While this is a slightly different case because the fingerprint is being used to unlock a phone, ultimately they are still not using testimo
Re: (Score:2)
The girlfriend wasn't accused of any crime, but they needed her fingerprint to access the data? That seems different from booking fingerprints.
Note: many professional licenses require fingerprints on file (Florida Real Estate agents, for one - and that covers about 15% of the population here at last census), will the police need a court order to release the fingerprints on file or can they just access them at will in the course of fishing expeditions?
Re: (Score:2)
Re: (Score:2)
That's OK. The girlfriend had her phone in a case, and the case has her fingerprints on it (and that's assuming the phone has an anti-fingerprint coating on all of it and not just the glass).
Re: (Score:2)
But Tina was never arrested or booked, so they do not have her fingerprints on file, so can not try to fool the phone with a copy of her fingerprints.
That's the difference here.
Has it been proven that your fingerprints on file are adequate for the police to break into your phone? The CCC hack required a very very detailed process and a really good print.
Re: (Score:2)
Who says they'll "try to convince" you to unlock your phone with your fingerprint? Why not instead obtain your fingerprint from the dozen places you've left it (including possibly on your phone itself)? Once they have your fingerprint, it should be relatively easy to use it to fool the fingerprint sensor into thinking you've pressed your finger on it to unlock the phone.
Re: (Score:2)
Better yet, use a password which gives more combinations than a PIN code. As for storing information, Android does include that functionality in the form of device encryption. You have to enable it, but it's certainly there. Communication... S/MIME encryption should already be supported by the email app and doesn't require any intermediate servers to know your key.
For real-time chat 3rd-party apps are the only solution. I'm still looking for one based around x.509/SSL certificates, though. I don't trust hom
Re: (Score:2)
Remember this [theguardian.com]?
Apple's got a security feature where the phone verifies all components of the fingerprint-security system installed on the thing today are the ones that were installed yesterday since iOS9, much to the chagrin of the poor fuckers who got some part of the system repaired by non-Apple shops prior to iOS9. They fixed that on 9.3 [apple.com], but I doubt hacking the system is actually non-trivial.
On the other hand, to get a warrant all you need is a) a limited area to search (such as a phone), b) a reason to