Finger Prints Are Not Passwords
-
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
In Virginia I know any law enforcement legally is entitled to anything on your persons without a search warrant this includes your cell phone and any information they can access or accounts they can get from it. I believe it it's locked with a password they then need a warrant but, not for any biometerics.
-
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
That's fine and makes sense. Just be aware that with iPhones, that's not a concern.
-
@scottalanmiller said:
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
That's fine and makes sense. Just be aware that with iPhones, that's not a concern.
How is this not a concern? I get stopped by the police. They see I have an iPhone, they pull me out of my car which allows them to search anything visible, my phone, because of the previously mentioned court case they compel me to unlock the phone with my finger and now they have full access.
Now, if I really want to have a secure phone I could have separate additional passwords for those apps that allow it beyond just using the finger print reader for unlock, but if I'm doing that, what's the point of using the fingerprint reader in the first place?
-
@Dashrender said:
How is this not a concern? I get stopped by the police. They see I have an iPhone, they pull me out of my car which allows them to search anything visible, my phone, because of the previously mentioned court case they compel me to unlock the phone with my finger and now they have full access.
There are niche cases where it would be a concern, but few where you would not have other rights protecting you. If you are being pulled over, simply turn off your phone. Anytime you are concern, just turn it off. Problem solved.
-
Also, you can always just use another finger and say it doesn't have that feature enabled. Other than holding you down and testing each finger, not sure how the compelling works since they have no way to know if biometrics are enabled or not.
-
@scottalanmiller said:
Also, you can always just use another finger and say it doesn't have that feature enabled. Other than holding you down and testing each finger, not sure how the compelling works since they have no way to know if biometrics are enabled or not.
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
-
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
-
You power if off immediately, not after they have asked for it, of course. But even still.
-
Can't it still be unlocked with your finger if they power it on?
-
@thecreativeone91 said:
Can't it still be unlocked with your finger if they power it on?
No. It completely locks if it power cycles, gets turned off or the battery dies.
-
This is the iPhone I'm talking about, no idea if Android has similar protections.
-
@scottalanmiller said:
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.
Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.
-
And now more biometrics in the news: Yahoo considering ear biometrics.
-
@scottalanmiller said:
Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files, but you can be compelled through law to use your finger to unlock a device, this leads me back to you being surveilled and they KNOW which finger you use to unlock your device, so trying to use the wrong one and saying it doesn't work wouldn't be possible. While this isn't an actual issue today, in light of the Snowden revelations, it's only a matter of time before this type of information will be keyed in on during surveillance.
Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.
-
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
-
@Dashrender said:
Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.
That's the biggest problem, though. The number of things that "are possible" are insane. Once we go down that path, none of this matters because they already have access to everything, everywhere. What information is on your device that they can't already get or get in some other way? They can grab your transmissions in and out, they can shim the device, they can pull the chips and unencrypt, etc.
Knowing what is possible is only marginally useful. Knowing what is practical is what we need to know for security. Otherwise we spend our time worrying about what isn't reasonable instead of focusing on what is. The most important aspect of security is practicality. Once you leave practicality behind, either you end up losing security or you lose the reason for the security.
-
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
You sure?
-
According to the current legal information from the EFF:
Even if you're arrested, police can only search your phone under limited circumstances.
After a person has been arrested, the police generally may search the items on her person and in her pockets, as well as anything within her immediate control, automatically and without a warrant. But the Supreme Court has ruled that police cannot search the data on a cell phone under this warrant exception.8 Police can, however, search the physical aspects of the phone (like removing the phone from its case or removing the battery) and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.