This is yet another reason why I avoid biometrics for authentication, and I'm glad that the court backed up my assumption that it is more secure. In this particular case, I hope this perpetrator is convicted regardless (assuming he's guilty, that is), but I'm glad the courts agree that nobody should be compelled to give up information. This is a big win for privacy.
How will he be convicted if the primary evidence is on his computer?
My geek half that believes in strong 4th and 5th Amendment tights and crypto thinks this is a fine decision. My forensics half bets this guy has gigabytes of atrocious child pornography on his system and that CP cases are the motivating factor for the police wanting to decrypt your hard drive in 99 out of 100 cases with a search warrant.
These cases are not abstractions; every pic is of a child who was abused and the perpetrators organize themselves into networks that include distributors and abusers/“content producers.” How is justice served if these networks can’t be rolled up due to full disk encryption?
I like encryption. I don’t want to be compelled to give up my password to a tyrannical government. But I think the tech community is quick to take an absolutist view of the right to strong crypto, and quick to discount that harm can happen as a result. I also don’t think that view is shared by most people... so it seems like a problem worth solving.
I’ve worked with a lot of LEOs who handle these cases. I’m not sure I’d characterize them as wanting things to be as easy as possible even at the expense of civil liberty.
How do you prove possession of CP if all the data is on encrypted drives? What sort of additional effort do you think is necessary?
Biometrics are not usernames or passwords. They are a separate thing that has some similarly to both. A unique key is likewise neither a username nor a password but could act as both in the right circumstance.
The discussion of biometrics is not advanced by parroting this hollow statement again and again. Please stop. There are compelling arguments why biometrics can be problematic. “It’s username not a password” is neither compelling nor truthful.
It seems a bit harsh to me as well but since you read the "fingerprints are just user names" mantra way too often on Hacker News, maybe the author of the comment thought it was time to become a bit louder.
Here's my take on it:
If you enter a passcode anyone close to you can see you enter it. It's much easier to figure out what you're typing on a smartphone than on a keyboard, and the oily residue on the touchscreen makes it even easier.
A fingerprint on the other hand cannot be observed. Someone has to follow you or already know where you live and take fingerprints off doorknobs or something like it. Takes a lot of time and failure rate is still high. Then they have to use it on your device, so they have to have access to the device as well.
Fingerprint scenarios make sense for _targeted_ attacks_ when you are way more likely to be hit by a scalable attack.
It is much easier to brute force your password on a non-proof website or to find it in leaked password database. It scales very well and needs no physical access where no 2FA is enabled.
One could argue that most users still will use weak passwords in combination with biometrics.
Still, it pushes them to at least have a password.
And if you're a more professional user the combination of a strong and random password in a password manager plus fingerprint for convenience seems like an okay trade-off, especially since you will know how to deactivate it temporarily (reboot device or press power button 10 times on iPhone for example).
> A fingerprint on the other hand cannot be observed.
This is not correct [1].
It won't be that long before someone gets around to training some sort of ML system to scour photographs to extract fingerprints and start building a database of everyone's fingerprints. These databases will only expand in coverage/accuracy and the quantity leaked will only increase. Fingerprints for authentication will not survive the next decade.
Interesting, though the thing in the article is still a targeted attack. You will not remember the fingerprint of the guy unlocking his phone next to you.
But I agree that ML scale attacks can definitely change what I wrote in the future. They could also be used for CCTV evaluations of people entering passcodes.
Some “finger print” tech doesn’t use actual prints, but the deeper layout of the capillaries that can’t be easily observed. I believe Apple uses this on their devices that support “fingerprint” auth.
It is an inaccurate explanation and therefore low value if truth is the measure of value.
I also believe my comment was entirely warranted. This same misleading talking point comes up nonstop. It is unreasonable that dissent is expected to be buried under a pile of politeness. There was nothing particularly aggressive about the comment except that is was a clear statement of disagreement.
I have an iPhone with Face ID and an 8 digit passcode. If I were to be arrested or whatever, all I need to do is press the power button 5 times in quick succession and Face ID is disabled and my passcode is required.
So I can choose:
- Unlock my phone with ease for 10’s of years and then quickly lock it once
- Struggle to unlock it for 10’s of years to avoid having to quickly lock it once
If you enable voice control in accessibility you can reboot the device using a voice command “reboot this device”.
After which you will need your passcode/word to unlock the device. Handy if you foresee a time you won’t be able to reach your device and tap the unlock button 5 times.
Physically typing in a passcode is less secure that you think given the wide range of cameras everywhere. All I have to do is observe you entering it once with a camera (likely from any angle where your movements are visible) and your security now belongs to me. FaceID cannot be recorded in any way. Of course you have to occasionally enter the PIN so it's still not perfect.
Not really both. If anything, they are a temporary quick-unlock key. After a restart, before an extra-sensitive operation, and also after a certain amount of time/unlocks you can’t use your fingerprint to unlock things anymore and need to use your normal passcode/pattern.
Another good point is that biometrics aren’t secure. They invest millions and billions in fingerprint and eye scanner systems that get fooled by scotch tape. Just not effective security.
Exactly. I have accidentally witnessed so many 4-digit PINs typed into phones by friends and casual acquaintances. It’s kind of unavoidable if you spend any reasonable amount of time in person with them. Very few people in my experience go the extra mile to set a long fulltext passphrase on their phone.
To me the possession of child porn is victim-less, just as the possession of media of murders is victim-less, or the possession of media of any other crime is victim-less. The purchasing of media of a crime is dubious, as it may serve to reward people who commit that crime, and the committing of these crimes almost always has a victim (excluding cases for example someone wanting to be murdered or something).
The prosecution of these cases seems to look a lot like crimes of morality than crimes that directly impact someone else's life and happiness. Sometimes I've heard people say that the mere fact of media existing of a crime that they were in hurts them, and hurts them more when people watch it. But to me, prosecution of these cases, if anything makes one more aware of people watching media of these things, not less.
The thing that bugs me the most about these sorts of prosecutions of "thought crimes" is that the trail from the "thought criminal" to the actual crime is always hazy, and definitely not 1-1.
E.g Imagine someone who was really into collecting child porn as some kind of bizarre stamp collecting type of thing. They were never into it per-se, it was just some kind of messed up hobby. They'd trawl forums on the dark web and download every image they see, maybe write a script to do it. It would be very hard to trace a direct line to a victim there. More likely than not, particularly if no money ever changed hands, there probably wasn't a direct victim. Someone may have paid for it at some time in the past, but not the stamp-collector. It seems like these are crimes that convict people who hurt others, but also those who do not hurt others.
This is yet another reason why I avoid biometrics for authentication, and I'm glad that the court backed up my assumption that it is more secure. In this particular case, I hope this perpetrator is convicted regardless (assuming he's guilty, that is), but I'm glad the courts agree that nobody should be compelled to give up information. This is a big win for privacy.