Serving Johnson County, Kansas
Call for an Evaluation 913.764.9700
Experienced Attorneys in Olathe, Kansas We Take Pride in Establishing Solid Working Relationships with Our Clients

iPhone's new Fingerprint Scanner raises Legal Concerns

Apple recently announced that it is moving toward biometric security measures on its devices, for example, the fingerprint scanner (unlock) on new iPhone, and away from knowledge-based authentication, like passwords. Based on the current state of the law, there are serious legal implications to this move.

The Fifth Amendment to the United States Constitution guarantees that "no person shall be compelled in any criminal case to be a witness against himself." The Supreme Court has held that this extends to any civil proceeding where statements may be made by a person which give rise to exposure to criminal prosecution. This is why Lois G. Lerner, the woman at the center of the IRS scandal involving special scrutiny of Tea Party/"Patriot" non-profits, "took the Fifth" before a Congressional hearing.

The Fifth Amendment only applies to "testimonial" statements or information. It applies, in a word, only to "knowledge," things you remember and the like. That is why the government can compel you to give a breath sample in a DUI prosecution, or a DNA sample in a criminal proceeding. The Supreme Court gave this example: if an accused has a safe deposit box, the government can compel the accused to give up the key to the box (with a search warrant). The key is a physical instrument and is not knowledge. Therefore, the Fifth Amendment provides no protection in that example.

How does this apply to biometric authentications in your electronic devices? The government can compel you (again, upon a proper search warrant) to provide your fingerprint to unlock your iPhone, iPad, computer, etc. Your fingerprint is not knowledge; it is not something you have to remember. This is vastly different from supplying knowledge-based authentication. Last year the 11th Circuit Federal Court of Appeals ruled that a man cannot be forced by the government to give passwords to "decrypt" data on his computer hard drives, even if a search warrant was properly derived. To force the accused to give a password is the same as being forced to be a "witness against himself," and would violate the Fifth Amendment to the Constitution.

Our standard advice to our clients is to stay away from biometric authentication UNLESS it is used in conjunction with knowledge-based authentication, such as passwords.