Judge rules that no form of biometric security can be used to force a smartphone unlock

Greg S

TS Evangelist

American police forces may now face greater difficulty in unlocking mobile devices related to crimes. At the US District Court for the Northern District of California, a judge has denied issuing a search warrant that would have allowed a mobile device to be unlocked via a fingerprint, iris scan, or facial recognition.

Since there is a very fine line that prevents suspected individuals from providing evidence against themselves under the fifth amendment, the California judge has ruled that all forms of login information is to be treated as testimony. Regardless of whether a phone is secured by a pin, lengthy password, or biometric sensor data, individuals may not be forced to unlock their device so as to testify against themselves.

"If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device," wrote the judge.

"Technology is outpacing the law."

Despite the fact that mobile devices may no longer be forcibly unlocked, device security can still be broken on a seized device. Private contractors are able to provide services to law enforcement by granting access to data contained on most mobile devices for modest fees. Nearly all Android and iOS devices are able to be compromised if enough cash is offered up.

Rulings at the district level are still able to be overturned by higher courts. Should there be something incriminating on your mobile device, utilizing a very strong password and avoiding the use of biometric options will still provide the greatest protection against the law. Better yet, just don't do anything that results in your phone being seized.

Permalink to story.

 

VitalyT

Russ-Puss
Private contractors are able to provide services to law enforcement by granting access to data contained on most mobile devices for modest fees.
If you use Iris to log into a cloud storage from your phone, then presumably no private contractors will help, and your data will be secure.
 
  • Like
Reactions: Reehahs
J

Jamlad

As it SHOULD be...if the "state" thinks there is something on a phone or other secure device,
GET A WARRANT!
To play Devil's advocate here, how is this any different than finding the key to a safe on a suspect? And what if that suspect is carrying around the safe with them?
 
  • Like
Reactions: senketsu
S

senketsu

As it SHOULD be...if the "state" thinks there is something on a phone or other secure device,
GET A WARRANT!
They applied for a warrant, the warrant was refused not because of the merits or lack of them in the case, but upon the method of unlocking the phone. They can still seize it and unlock it, they can't just save time and money by asking the suspect to simply unlock it. Don't see this as a win
 

Ravey

TS Addict
As it SHOULD be...if the "state" thinks there is something on a phone or other secure device,
GET A WARRANT!
To play Devil's advocate here, how is this any different than finding the key to a safe on a suspect? And what if that suspect is carrying around the safe with them?
The police generally need permission I.e. the suspect has to agree to allow the safe to be opened.

If they have no warrant then it's illegal and and anything they find can no longer be used as evidence. all the it's possible that any information is found it could be used to support evidence that wasn't obtained illegally?

The law can be a stupid messy grey area.
 
  • Like
Reactions: wiyosaya

wiyosaya

TS Evangelist
As it SHOULD be...if the "state" thinks there is something on a phone or other secure device,
GET A WARRANT!
To play Devil's advocate here, how is this any different than finding the key to a safe on a suspect? And what if that suspect is carrying around the safe with them?
As I see it, this is different in that when you find the key and/or the safe since anyone can take the key and open the safe. In the case of biometric security, you must force the defendant to open the device by looking at it or by placing their finger/thumb/whatever on the device. The key is not a part of the person's body whereas something of a biometric nature is.

To me, this would be the same as on finding the key on the defendant, forcibly placing the key in the defendants hands, forcing their hand to the lock so that the key goes in the lock, then forcing the defendant's hand to turn so that the key opens the lock - which is - as I see it - ridiculous not to mention possibly the equivalent of assault - or forcing the defendant to self-incriminate.
 

jobeard

TS Ambassador
Should there be something incriminating on your mobile device, utilizing a very strong password and avoiding the use of biometric options will still provide the greatest protection against the law. Better yet, just don't do anything that results in your phone being seized.
Play well with others and you'll never stand before the Judge.
 

brucek

TS Maniac
Play well with others and you'll never stand before the Judge.
You're confusing "less likely" with "never" and that's a big difference. All those constitutional protections exist not because our founders liked criminals or wanted to give them a sporting chance, but because they recognized that there are police techniques that can make an innocent person look guilty. If you're ever unlucky enough to be that convenient but innocent suspect, you'll appreciate the system makes at least some effort to keep you from being railroaded.
 

jobeard

TS Ambassador
You're confusing "less likely" with "never" and that's a big difference. All those constitutional protections exist not because our founders liked criminals or wanted to give them a sporting chance, but because they recognized that there are police techniques that can make an innocent person look guilty. If you're ever unlucky enough to be that convenient but innocent suspect, you'll appreciate the system makes at least some effort to keep you from being railroaded.
Good point.
 

netman

TS Evangelist
"Nearly all Android and iOS devices are able to be compromised if enough cash is offered up."

These iOS and Android devices can be compromised because manufacturers have created backdoor for them for their own break-in purposes. Now private contractors and/or 3rd party firms especially from Israel simply steal this backdoor code by corporate spying and then sell it to law enforcement agencies, as simple as that!
 

Darth Shiv

TS Evangelist
Should there be something incriminating on your mobile device, utilizing a very strong password and avoiding the use of biometric options will still provide the greatest protection against the law. Better yet, just don't do anything that results in your phone being seized.
Play well with others and you'll never stand before the Judge.
Whistleblowers? You know... powerful people being dodgy and making rules to protect themselves. Making laws to protect their bought and paid for mates. Extremely prevalent in the US. Rich people hate accountability.
 
  • Like
Reactions: jobeard