Paul sends links to two stories about a judge in Virginia who rules that fingerprint locks on phones aren’t protected by the Fifth Amendment but password locks are. He adds, "This is why NOT to use a fingerprint lock on your phone."
From The Wall Street Journal’s Digits blog:
A Virginia Circuit Court judge ruled Tuesday that police officers cannot force criminal suspects to divulge cellphone passwords, but they can force them to unlock the phone with a fingerprint scanner.
If applied by other courts, the ruling could become important as more device makers incorporate fingerprint readers that can be used as alternatives to passwords. Apple introduced the technology last year in its iPhone 5S and Samsung included it in its Galaxy S5.
When those phones arrived, lawyers said users might be required to unlock the phones with their fingerprints. More recently, Apple and Google said they had changed the encryption scheme on the newest phones using their operating systems so that law enforcement can’t retrieve the data. FBI Director James Comey criticized the companies, saying were allowing users to “place themselves above the law.”
The Fifth Amendment to the U.S. Constitution gives people the right to avoid self-incrimination. That includes divulging secret passwords, Judge Steven C. Frucci ruled. But providing fingerprints and other biometric information is considered outside the protection of the Fifth Amendment, the judge said.
And from MacRumors:
A Circuit Court judge in Virginia has ruled that fingerprints are not protected by the Fifth Amendment, a decision that has clear privacy implications for fingerprint-protected devices like newer iPhones and iPads.
According to Judge Steven C. Fucci, while a criminal defendant can’t be compelled to hand over a passcode to police officers for the purpose of unlocking a cellular device, law enforcement officials can compel a defendant to give up a fingerprint.
The Fifth Amendment states that “no person shall be compelled in any criminal case to be a witness against himself,” which protects memorized information like passwords and passcodes, but it does not extend to fingerprints in the eyes of the law, as speculated by Wired last year.
Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci’s written opinion. […]
If Baust’s phone is an iPhone that’s equipped with Touch ID, it’s very likely that it will be passcode locked at this point and thus protected by law. Touch ID requires a passcode after 48 hours of disuse, a restart, or three failed fingerprint entry attempts, and the device has probably been in police custody for quite some time. It is unclear if the judge’s ruling will have an impact on future cases involving cellular devices protected with fingerprint sensors, as it could be overturned by an appeal or a higher court.
If you’re worried about your phone being searched, you should encrypt it.
Some recent legal rulings have suggested that encryption can protect against warantless searches. The California Supreme Court has ruled that police officers can lawfully search your cell phone without a warrant if it’s taken from you during arrest – but they would require a warrant if it was encrypted. A Canadian court has also ruled that phones can be searched without a warrant as long as they’re unencrypted.