U.S. Court Rules That Police Can Force a Suspect to Unlock Phone With Thumbprint

Jon Brodkin, reporting for Ars Technica:

The US Constitution’s Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law. [...]

Payne’s Fifth Amendment claim “rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination,” the ruling said. Judges rejected his claim, holding “that the compelled use of Payne’s thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”

“When Officer Coddington used Payne’s thumb to unlock his phone — which he could have accomplished even if Payne had been unconscious — he did not intrude on the contents of Payne’s mind,” the court also said.

Via Jamie Zawinski, who advises never using Touch ID or Face ID. I strongly disagree with that advice. Almost everyone is far more secure using Face ID rather than relying on a passcode/passphrase alone. People who don’t use Face/Touch ID are surely tempted to use a short easily-entered passcode for convenience, and anyone who disables Face/Touch ID while using a nontrivial passphrase is encountering a huge inconvenience every single time they unlock their phone. There’s no good reason to put yourself through that.

My advice is to internalize the shortcut to hard-lock an iPhone, which temporarily disables Face/Touch ID and requires the passcode to unlock: squeeze the side button and either of the volume buttons for a second or so. I wrote an entire article about this two years ago. Don’t just learn this shortcut, internalize it, so that you don’t have to think about it under duress. Just squeeze the side buttons until you feel the phone vibrate. Then it’s hard-locked. Do this whenever you go through security — be it at the airport, the ballpark, or anywhere. If you see a magnetometer, hard-lock your iPhone. If you get pulled over by a cop while driving, hard-lock your phone before you do anything else. (You can still launch the Camera app from the lock screen to record the encounter, if you wish, while the phone remains hard-locked.) Tell everyone you know how to hard-lock their iPhones.

(Also, this ruling is specific to the details of this particular case, and thus only addresses fingerprint authentication, not facial recognition. Those concerned with civil liberties should presume, though, that the same court would rule similarly regarding cops unlocking a device by waving it in front of the suspect’s face. But with “Require Attention for Face ID” — which is on by default — Face ID won’t work if you keep your eyes closed, and I don’t think a court would allow police to force your eyes open. The trick to worry about is the police handing you back your phone, under the pretense that you can use it to make a call or something, and then yanking it from your hands after you unlock it.)

Thursday, 18 April 2024