It seems the latest iphone gadget from Apple is a fingerprint reader that you use to turn the phone on and authenticate yourself to it. This is both good and bad for security; the good is obvious, in that people who didn't use passwords before may be inclined to start using the fingerprint security feature instead.
One of the bad aspects is discussed in the story linked above. The theory is that the government may be able to force you to unlock your phone, which according to the article was blocked by the 5th Amendment protection against self-incrimination previously. The problem with that premise is that phones weren't protected by that doctrine at all. Yes, it would be legally difficult to force someone to give up a password to a protected device, but not impossible; there are already precedents.
Worse, police don't need to get you to put your finger on your phone in order to retrieve the data. Phones don't habitually encrypt their data storage and most are set up such that a developer with the right software can retrieve the data without any difficulty. Trusting that anything you store or communicate on your phone can remain private from the police if they are willing to get warrant is foolish.
The more serious threat is from non-governmental actors, or government actors abusing their authority. Imagine a police officer who forces your finger on your phone in order to delete the video you had recorded of his illegal actions? Or a criminal who does the same, or even a date who just wants to snoop through your emails and contacts while you're asleep?
Using biometric authentication as the only element in a security scheme disconnects the act of permission from the act of identifying a user. That's a bad thing not because it short circuits existing legal protections, but because it makes things easier for those who don't care about legal protections.
This entry was published Mon Sep 16 12:41:22 CDT 2013 by TriggerFinger
and last updated 2013-09-16 12:41:22.0.