Providing a fingerprint (identification) is different from imprinting your finger to unlock a device. It's been upheld in the past that passwords/passphrases used to unlock encrypted content are considered to be testimony (because it leads to the acquisition and collection of possibly protected "testimony"), and thus protected by the fifth amendment.
In my opinion, there is no reason to see imprinting your finger on a sensor used to unlock your phone as anything other than an equivalent form of "testimony", and it should enjoy fifth amendment protection. I don't think it will be long before this exact definition finds its way to the U.S. Supreme Court.
Passwords have been interpreted to be testimonial because they require someone to tell authorities information in their mind. That is already a huge stretch of the 5th amendment. The purpose of the 5th amendment is not to prevent the collection of evidence. It is to mitigate the dangers of coerced confessions, which allow people to be easily convicted without evidence. It was never intended to be a general-purpose limitation on being compelled to cooperate in you own prosecution.
> Passwords have been interpreted to be testimonial because they require someone to tell authorities information in their mind.
That's not true. They've been interpreted to be testimonial because they are a part of a chain of events that results in the production of incriminating evidence that the prosecution isn't otherwise independently aware of. If the prosecution can't say "he has plans for the bomb on his laptop, I saw a photo of a detonator before he closed the lid", they can't force you to disclose the password to go looking for it.
On what basis? spdustin cites United States v. Hubbell elsewhere in this thread, but I don't think that case establishes that a defendant cannot be compelled to do anything that would be "part of a chain of events that results in the production of incriminating evidence that the prosecution isn't otherwise independently aware of."
Hubbell suggests that "being forced to surrender the key to a strongbox" does not violate the Fifth Amendment. Under spdustin's generalization, the strongbox hypothetical would violate the Fifth Amendment.
Hubbell is based on the idea that providing documents responsive to a subpoena is itself a testimonial act, because it is "necessary for [the Defendant] to make extensive use of 'the contents of his own mind' in identifying the hundreds of documents responsive to the requests on the subpoena." I don't see how the purely physical act of unlocking the phone is similar.
Honestly, given the circuit splits that exist here i think neither of us is going to convince the other. So i'll simply retract my "right", and move on :)
My understanding is that the "testimony" would be in the text of the password: compelling someone to reveal the password could be self-incriminating if _the password itself_ led them to additional evidence (e.g. a password of "I hid the revolver in the Conservatory"). [1]
I can't think of a case involving a fingerprint where there's a similar risk since the fingerprint is arbitrary data.
The case law thus far has stated that compelling the decryption of a data storage device really hinges on this: What evidence is known by the prosecution to exist? In several cases, when the defendant makes known that incriminating evidence exists, or when the prosecution is independently aware of the existence of incriminating evidence (they saw the screen before you locked it, and testified that what they saw was evidence of a crime), the defendant was rightfully forced to decrypt the storage device.
However, when the prosecution has no specific knowledge that the evidence they seek exists, US courts have ruled that the defendant cannot be compelled to decrypt the storage device, since doing so would be forcing the defendant to reveal that incriminating evidence actually exists.
Applying your fingerprint to an iPhone is an act that, without argument, decrypts data on an encrypted storage media, as the act of applying your finger to the sensor instructs the device to retrieve the actual cryptographic information necessary (your passcode/passphrase, plus other hardware-specific data) to access the cleartext of the data.
The more and more I think about this, the more confidant I am that a fingerprint, while "something you have", forces you to disclose, by proxy, "something you know" to your phone.
I guess the question then is twofold: If you have a combination safe that may contain incriminatory evidence, and a safety deposit box that contains only the combination to your safe, can the courts compel you to give them the key to the safety deposit box? And if so, should they be able to?
In my opinion, there is no reason to see imprinting your finger on a sensor used to unlock your phone as anything other than an equivalent form of "testimony", and it should enjoy fifth amendment protection. I don't think it will be long before this exact definition finds its way to the U.S. Supreme Court.