Need another reason not to secure your smartphone with a fingerprint? A Circuit Court judge has ruled that police can require suspects to unlock a device with their fingerprint, but may not with a passcode. When it comes to keeping information away from the police, at least, it may be better to rely on four numerical digits than just one physical one.
The judge’s decision was based on the idea that “giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits,” the Virginian-Pilot says in its report on the decision. This doesn’t mean that a suspect’s phone can be accessed with just a fingerprint — some software requires an additional passcode to be opened — but it does mean that an iPhone could be laid bare to law enforcement if its owner relies on its TouchID feature alone.
Fingerprint scanners are awfully convenient, at least when they work. (It seems like TouchID works about 25 percent of the time whenever I try to use it, and that’s being charitable.) They are making it easier to purchase digital goods, secure information with a unique identifier, and pay for items without having to reach into a wallet. But they also carry their own security risks.
Passwords can be changed. It’s frustrating, and research has shown that most people wouldn’t be able to remember a unique password for every website they visit even if they tried. But they aren’t set in stone. I just went through and changed the passwords I use for Twitter, Facebook, and other services myself — it took a while, but tools like 1Password or Dashlane make it easy. I suspect that it will be a while before similar tools make it just as easy to change a fingerprint.
It’s only a matter of time before someone figures out how to spoof biometric information. What are people supposed to do when that happens? Burn their fingerprints off and revoke their old ones’ access to their credit cards, email accounts, and other services? Nothing is secure in the modern Internet age — that should be clear, given all the data breaches that have been reported in the last year — and it’s foolish to expect anything different because fingerprints are involved.
And now police can compel someone to unlock a smartphone with their fingerprint because it doesn’t require them to divulge information, like providing a passcode does — it’s just a part of their body, and police are already allowed to gather plenty of information about that. So if you want to keep your information secure, use a passcode; if you prioritize convenience, go ahead and use your fingerprint.
[Image courtesy CPOA]