In Riley v. California, the Supreme Court unanimously held that police need a warrant to search through cell phones, even during otherwise lawful arrests. But if you hand over your unlocked phone to a police officer and offer to show them something, “it becomes this complicated factual question about what consent you’ve granted for a search and what the limits of that are,” Brett Max Kaufman, a senior staff attorney in the ACLU’s Center for Democracy, told The Verge. “There have been cases where people give consent to do one thing, the cops then take the whole phone, copy the whole phone, find other evidence on the phone, and the legal question that comes up in court is: did that violate the scope of consent?”
If police do have a warrant to search your phone, numerous courts have said they can require you to provide biometric login access via your face or finger. (It’s still an unsettled legal question since other courts have ruled they can’t.) The Fifth Amendment typically protects giving up passcodes as a form of self-incrimination, but logging in with biometrics often isn’t considered protected “testimonial” evidence. In the words of one federal appeals court decision, it requires “no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”
it’s unbelievable that there is a distinction in US caselaw between giving up your biometrics and giving up your password, and your essentially unchangeable biometrics are somehow the one you’re probably obliged to give to the cops if they ask. just an incredibly goofy system
Law enforcement has been collecting fingerprints for over 100 years now, and the history of using fingerprints for other reasons goes even further back.
The error here is that we decided to start using an easily obtainable piece of data as a “lock” on our phones and computers. For many reasons, it’s better to use a password or PIN.
i don’t believe stored fingerprints can actually be used on modern devices
The MyColorado FAQ explicitly states that an officer cannot take your phone, even if they think your digital ID is fraudulent. This whole article is a ton of fear mongering. Digital IDs do not require you to give your phone to anyone, they do not require you to unlock (unless it’s a state specific app), and even if its a state specific app the cops aren’t allowed to take it anyway.
The MyColorado FAQ explicitly states that an officer cannot take your phone, even if they think your digital ID is fraudulent. This whole article is a ton of fear mongering.
no offense but: even if you were to grant the notion that this is an exaggerated problem–cops are not well known for their rigorous adherence to the law or proper legal procedure. they routinely fuck up and violate civil liberties, up to and including murdering people for arbitrary reasons. and unless police are held accountable (which they almost never are for a variety of systemic reasons), what a state says they cannot do is effectively meaningless. it’s just words on a screen, really.
It doesn’t really matter if they do take your phone in the end anyway. If it’s that clear cut illegal then anything they manufacture as evidence wouldn’t be admissible in court…no matter what.
Never use biometrics. It’s just not worth the tradeoffs.
Something you have, something you are, something you know. Are you willing to give up proper security for your cause?
When it’s being employed properly, it’s absolutely an important tool, but the way they’re presented to most users, such as on-device biometric data stores (e.g. Apple’s secure enclave, or a TPM verification), aren’t the proper implementations. Nor is using biometrics as your primary auth method.
It’s supposed to be “something you have and something you know and something you are”, not “have or know or are”.
NIST standards for biometrics require the biometric data be stored on a secure remote server, and that the scanner device check against that during auth. Putting the biometric data on the device means that you’re losing a big part of your non-repudiation.
And it’s even worse when you’re using a secondary factor (biometric) as your primary or only factor (e.g. a phone unlock), that grants access to your other factors like password store and OTP tokens.
Biometrics are never supposed to be a single-factor auth method when used properly, but that’s how most people use them now, and it degrades their security.
If your phone requires a passcode, a TOTP grant, and a biometric scan, by all means, please do employ biometrics, but if it’s going to be your only factor, DO NOT.
Or, for simplicity to the average forum reader:
Never use biometrics. It’s just not worth the tradeoffs.
If you have an iPhone, you tap the power button 5 times to make an emergency call, after that cancel it and the PIN is required to open the phone.
Or hold the power button and any volume button for 3 seconds. Same result.
I was under the impression that Digital IDs are not a picture you bring up and hand to LE - it’s a RFID token transfer that you tap to authenticate on a reader. That doesn’t mean that there won’t be LE officers who will bully people, or that people won’t be smart enough to recognize that the picture on their phone isn’t their ID, but that not how digital IDs (are supposed to) work.