Your Fingerprint is Now the FBI’s Key to Your Phone

Remember the big fight about whether the FBI could force Apple to unlock a terrorist’s iPhone? Old news.

Biometric identification on new iPhones and Androids – fingerprint sensors, iris scans, etc. – provide a new means by which law enforcement can force you to unlock your phone. As reported by Law360, this week a federal district court judge in Massachusetts gave ATF agents permission as part of a search warrant to press a suspect’s fingertip to his phone’s fingerprint sensor, thereby unlocking the phone so the agents could search it. This follows other, similar court rulings from state courts, which have found that while compelling a suspect to provide his passcode implicates the Fifth Amendment, a fingerprint is a non-testimonial physical characteristic. As one judge said, “The fingerprint, like a key . . . does not require the witness to divulge anything through his mental processes.” (A federal magistrate judge did deny such a request from law enforcement, but appears to be the only magistrate in the country to have done so.)

So your fingers, your eyes, and any other physical characteristics you might use to unlock an otherwise secure device (heartbeat unlocking is coming soon and voice unlocking is already here) are now an easy gateway into your phone for law enforcement.

With the proliferation of biometric identification on computers, apps, and other technology, these new rules – which are not a surprise in light of prior case law regarding collection of fingerprints, blood samples, and other physical specimens – law enforcement has yet another tool to search what some people still think of as private spaces. For instance, once they get into your phone, if you are using fingerprint ID on your banking app, they are suddenly in your bank account as well. And your email, and your Snapchat, and whatever else you use.

Best option if you have concerns? You can hope that there is still uncertainty around this rule – as some pundits suggest – or you can just make things just a bit more inconvenient and stick to the old passcode method.