The way everyone's talking, you'd think Apple was taking away the four-digit PIN! But they're not...
The fingerprint ID is just another option, which you don't have to use.
So titles like this are just incorrect. Fingerprint ID isn't taking away any of your rights, because you can still use the PIN just like you always have.
I mean seriously, what the heck is going on here? Why on earth are people getting worked up about this? Sure, the fingerprint ID might be less secure, and it's important to realize that, but nobody's forcing you to use it. According to everything reported so far, the new iPhone is not removing your PIN.
> The fingerprint ID is just another option, which you don't have to use.
It's still important to let people know the potential pitfalls of such a method, even if it's one option amongst many, so they can make an informed choice between the options.
> Why on earth are people getting worked up about this?
Because it has serious implications on your security, both from other people, and from the government (or its actors), implications which are not immediately obvious.
The reason this is a "big deal" is because the finger print ID is one of the 3 (or so) main reasons anyone would/should upgrade to the new iPhone, and if one of the 3 reasons to upgrade isn't a reason anymore due to it's issues, then it's important to make a major mental note of that.
Also, keep in mind that there are a lot of features on the iPhone (such as the key-pad ASCII password option) which even tech-savvy folk don't know about, let alone the layman. This option of using a PIN could be just as hidden unless a big deal is made out of this (educated speculation, I know).
Flashnews from a whisteblower 2016: in joint cooperation with DEA, NSA and FBI, Apple had updated their software to capture users fingerprints while they touch the screen and send those to The National Anti-Terrorism and Happiness Database, guarded by the NSA.
For years Apple has been denying direct access to finger-print reader, built-in behind your device's screen, but recent revelation shows that the backdoor is being widely used by the US government.
- "I didn't know they can do that, but hey if it keeps us safe then why not?" - says Jennifer Stone, Apple products fan. - "You know after we put the boots on Syrian grounds there has been so much terror retaliation on our soil that probably at some point they would require to finger-print every American, but this way thanks to my Apple device, the government has actually saved me a trip to the local police department for a full finger-print read. Its all good, you know. yolo!".
EDIT: breaking news September 11, 2020. A North Korean terrorist organization successfully hacked into NSA mainframe and downloaded over 25 terrabytes of data related to american's social security records and credit card information. they also obtained driver's license database as well as DNA and fingerprinting records for over 300 million americans. The US government is going into full shut down; starting tomorrow everyone will start receiving new credit cards, new social security numbers as well as new drivers license. Since DNA and fingerprinting information can be reproduced and faked quite cheaply, starting tomorrow no criminal case in the US legal system will be tried based on the evidence introduced from said sources.
- When 911 happened, we had terrorist using our infrastructure, our planes, our airports and our buildings to cause terror. Who would have known that 20 years later storing detailed information on 300 million Americans under one roof in one building would be so hazardous to the National Security. - said independent security contractor.
Honestly, I think it's because attacking Apple seems to be in vogue nowadays. Thus, if you have an article attacking Apple, you can guarantee higher click-thru rates.
It really makes no sense. Fingerprint sensors have been built into Android phones (Atrix 4G comes to mind) since 2011 and in Windows laptops for many, many years. The sheer amount of articles discussing the Touch ID is actually astounding when you remember that Google's Face Unlock was cracked originally by a _photo_ of the user and then cracked with _two_ photos of the person. There are real, actually implemented cracks for Android's lock screen but that's been grossly overshadowed by the conceptual idea of possibly cracking Apple's Touch ID.
Ugh, no. This isn't an Apple vs Google or Apple against the world issue.
Wired is simply reporting the news and making people aware of potential pitfalls with using fingerprint ID on a device like this. Smartphones and tables are very popular now so what is in vogue is reporting on them.
Thanks to revelations of NSA surveillance of the last few months, these privacy-related topics are coming up more frequently now.
No, not referring to NSA at all, and nothing specific just my overall impression. I was just trying to say that for many years I dismissed the critics of Microsoft as being biased for various reasons and was somewhat a MS defender. I now think they suck, not in the way an Apple fanboy thinks they suck, just an intangible impression.
The endless criticism of Microsoft over the last 20 years was generally that they're not open source and had anti-competitive practices (ex, the browser wars.) How exactly has Microsoft's comeuppance had anything to do with these aspects? Their fall has been due to their shitty design sense and their inability to see the PC era ending.
The criticism has also been that they were acquiring/copying and bullying their way to dominance, which finally seems to be their downfall in an era where innovation and leading the market is a winning strategy. My comment related to the parent's observation that attacking Apple is in vogue not specifically to the fingerprint tech.
I would suggest that Apple is heading the same way but not literally. They are certainly closed source, about as bad as it gets, they are using their financial and political muscle to bully competitors and suppliers, they are coming back to the field in terms of innovation....
The article is misleading. It is not a choice between a fingerprint or a PIN.
Touch ID requires both a fingerprint and a PIN. If the phone hasn't been unlocked in 48 hours or has been rebooted, you have to enter the PIN. This would probably protect your 5th amendment rights in the case of going to court (since it would probably take >48 hours).
Touch ID is there to make PINs more widely adopted, by minimizing the inconvenience of entering a PIN every single time. That's a great boost for security.
Excellent point, though once police departments realize this fact, they may force arrested people to immediately unlock their phones, or use their fingerprints, which they already collect, to do it.
It would be nice if you could adjust the 48 hour timeout.
>The way everyone's talking, you'd think Apple was taking away the four-digit PIN! But they're not...
The fingerprint ID is just another option, which you don't have to use.
That's never how it works. Today it's "just another option", a few years down the line it's mandatory.
And "not having to use" does not equal "people will not use it unless they are fully aware of possible consequences" anyway.
That's just FUD. And saying baseless things like "that's never how it works", that's just fearmongering, not contributing to the conversation. It doesn't even make sense.
There are millions (hundreds of thousands? you get my point) of fingerprint readers out there. Suddenly Apple builds one in, an additional feature, and people start inventing conspiracy theories. People are completely confusing real issues (recent NSA disclosures) with totally imaginary ones. It's getting tiring.
They take a lot of fingerprints, but don't seem to catch many people.
> The U.S. government has been collecting digital fingerprints and photographs of nearly all non-citizens aged 14 and up entering the country since 2004, officials said, in a Homeland Security program called US-VISIT, at a cost of $1.7 billion.
> [...] On an average day, almost 14,400 international visitors undergo the fingerprinting process at Kennedy, officials said.
> More than 2,000 criminal and visa fraud cases have been detected by the screening process, introduced in response to security concerns following the attacks of September 11, 2001, U.S. officials said.
Roughly they've scanned fingerprints for 36,792,000 visitors (who may be repeat visitors), and caught more than 2,000 people. (Between 2001/9/11 and 2008/9/11.)
The reason they don't catch many people is because they're fingerprinting tourists and most likely first time visitors to the US. I'm surprised they caught anyone at all.
Yes I know, I've been fingerprinted a dozen or so times. I don't know statistics but I would guess the majority are first-time or just connecting which still classes as entering the US.
>That's just FUD. And saying baseless things like "that's never how it works", that's just fearmongering, not contributing to the conversation. It doesn't even make sense.
It makes perfect sense -- you just need to follow the historical precedents, instead of looking for some inevitable logical reason why that would happen.
Technologies introduced with the potential to control and restrict people (or users) have always expanded their scope and reach.
CCTV was something banks used. Now it's all around modern cities. GPS tracking was once something exotic. Then millions could be tracked through their mobile phone. Then you even get people voluntarily participating in "location aware" services, transmitting their location 24/7. Walled garden software was few and far between all through 1980-2010. Now it's the sole standard on iOS, de facto on Android, and has crept in desktop OS too. There are tons of similar examples.
>There are millions (hundreds of thousands? you get my point) of fingerprint readers out there.
There were also "tens of thousands" of tablets before the iPad. Still noone cared about them. Mass sales are an enabler. It's another thing for "hundrends of thousands" (far fewer, I'd say) fingerprint readers to be out there in places and devices noone sees excepts when he travels or if he works in some special places that use them for security, and another thing to have fingerprint readers on 1 out of 3 or 4 americans (the iPhone market share IIRC).
>Suddenly Apple builds one in, an additional feature, and people start inventing conspiracy theories.
I don't care much about conspiracy theories (and I dislike the use of the term to ridicule legitimate concerns, as if we were talking about fake moon landings or UFOs). This comment thread was about some not far-fetched potential implications.
>Yes, that's why you can't get on the internet except through AOL any more.
I don't see any justification for your sarcasm.
It might not be called AOL today, but between FB and Google you have a even more widespread and far reaching modern equivalent. Add Youtube, Android, Google Fiber and Glass to the mix and the control and information gathered is even more than what was there to AOL's wildest dreams.
And between Google Search and Gmail, it's even less easy to switch to than from AOL. AOL was all disanvatages, whereas Google Search is best of class, as is Gmail. People are even afraid to leave FB (you see it all the time, even on HN threads) because of peer pressure and the effect on their social life. Leaving AOL never had that.
>What nonsense.
iTunes Store, Mac App Store, Windows Phone Store, Google Play Store, console software, etc etc. So called "post-PC" devices like the iPad have adopted the walled garden approach, that's not something to be argued, it's a fact.
Do you have any counter-examples, or just wanted to insult my response with the content-less reply of "nonsense"?
You're really equating apples with oranges with 'it might not be called AOL today...' All of your arguments are conclusory instead of evidence based, eg 'people are afraid to leave FB' - really? Afraid? Bullshit. Facebook has utility for them; if something of similar convenience and greater utility comes along, they'll use it.
iTunes Store, Mac App Store, Windows Phone Store, Google Play Store, console software, etc etc. So called "post-PC" devices like the iPad have adopted the walled garden approach, that's not something to be argued, it's a fact.
Do you have any counter-examples, or just wanted to insult my response with the content-less reply of "nonsense"?
Yeas, but your claim was that this is a new thing. Go back and look at home computers in the 1980s or networking hardware in the 90s. Walled gardens have been around for ages: it was the basis of the AT&T monopoly that existed until the 70s (see http://en.wikipedia.org/wiki/Walled_garden_(technology)) and used to be the norm in the motion picture industry at one time before antitrust actions forced the studios to divest their theater holdings.
Really, it's up to you to back up your own claims, not up to me to falsify them. You have a bad habit of drawing your conclusion first and then looking for evidence to support it. I personally find it helpful to begin by assuming I'm wrong and trying to falsify my hypothesis.
>And what better way to prove it than to cherry-pick examples.
Examples are always cherry picked. The other option is called "exhaustive enumeration", and I don't think it's possible.
Let's just say that 50 years ago,
1) nobody could track your exact position 24/7,
2) there was not fingerprint matching,
3) you could still dissapear in a remote place with much fewer chances of people finding you
4) your friends didn't post pictures of you for all the world to see
5) people were not required to carry some sort of ID cards
6) your purchases could not be tracked in real time (cach or cachiers check's, no credit cards)
7) all your (snail then) correspondence was not automatically and efficiently read
8) CCTV wasn't prevalent
9) radio couln't track what you were listening to (as Pandora etc)
10) nobody kept track of what movies you watched (like Netflix, Youtube, etc)
11) They could track cars by reading their plates of some camera.
etc etc. And tons of other stuff besides.
It's nice living in a dream bubble, but all these do exist, and are a real tendency in a higher technological society. After all bureacracy and control with expand given the chance (and with the lack of any counter tendency), and technology is a huge enabler for it to expand.
Good grief. Then unplug your damned devices and go live in a cabin somewhere. Many of us speak as if our lives were so profound that governments everywhere are just dying to violate us. Even with everyone's data shared everywhere it becomes meaningless after awhile due to the sheer volume.
Respectfully, I think you're missing the point. It's not about any one person being interesting enough. The fifth amendment gives the (American) people a right not to incriminate themselves. The point is that a sizable chunk of the population can now unlock a lot of information about themselves without the fifth being an issue. I don't think the writer of the article claims that this is an effect that was actively saught after by Apple or the govt - it's simply here and people need to know and think.
It's as if someone invented a key you could turn to remember whatever you forgot. Great invention, but the article is saying: be aware, turning the key is not self-incrimination, and so now you have no 5th amendment.
>Good grief. Then unplug your damned devices and go live in a cabin somewhere. Many of us speak as if our lives were so profound that governments everywhere are just dying to violate us.
It's not about boring people living boring lives. They can go on doing whatever and not care. This is about people whose rights get violated, people that do things, from investigative journalism, to politics, to corporate whistleblowers, etc.
And it's not just about some boring, cozy little suburbian part of the world (as if Nowheresville, Iowa and Sunville, California is all there exists), it's also about people living in oppressive regimes, fucked up governments etc.
Those people push society forward. If it were only for people whose "lives are not profound", then we would still have slavery, no women's vote, no gay rights, and 15 hour workdays (including for children).
I'm from India. And we are 450 million people into (by next year that will be 600 million, and a few years later, 1.2 billion) a mammoth ID project that makes it mandatory to submit your biometric data (all fingers plus iris) to get the 'Aadhar' card. Of course, technically the card itself isn't mandatory, but because it's linked with various govt services ranging from subsidies (educational scholarships, cooking gas), pensions, property sales/rentals and even marriage registrations, it is as good as mandatory for most people. Various countries and multilateral aid agencies/donors are studying the Indian model to see if it can be replicated in other countries.
I agree it is not directly connected to Apple, or the US, but there is a progressive and gradual creep into the acceptance and use of biometric data.
Save your vitriol for when it finally happens then (my guess: highly unlikely).
There is no slippery slope here. You think Android manufacturers blindly follow where Apple leads? At the very worst Apple will sign iOS's death warrant at that point.
Well, check up in this thread for a list of a lot of examples.
I don't believe people, and much more, hackers, would deny that PC and technology gets more restrictive, and companies like to push that as much as they can.
Here's a few examples:
1) You could change the memory of a Mac laptop (but not with current versions where it's purposefully glud to the board).
2) You could expand a Mac Pro, change GPU, even CPU, etc (but not with the new version).
3) You could change the battery of older iPods, not with newer models, iPhones or iPads.
In general, todays more prevalent forms, from laptops to tablets are not user servicable like desktops (and even laptops) used to be.
4) You used to run anything on OS X without any restrictions. Now OS X added code signing and a mode that only let's you run signed-apps (and another mode that only let's you run only App Store apps).
5) Older (windows) tablets run everything. Then the iPad come that only runs iTunes Store iOS apps (without a jailbreak). Every company started adding stores (Play store, Windows store) to their offerings.
6) You could change GUI themes in Mac OS (Kaleidoscope, etc). Not with OS X.
7) Windows just needed a serial code from the box you bought. Then internet activation became mandatory. In general, software using the internet for purchase validation was few and optional. Now most software has some form of mandatory "activation" step.
8) You could buy Creative Suite in a box and use it forever. Now subscription is mandatory.
You can find tons more examples. Either stuff gets incrementally locked down or something cames along and replaces the previous form with a more restricted newer one.
You might want to reduce your sarcasm and read on this:
I've commented on how it's less safe - blah blah blah. But I think you're right. This is no bigger deal than the face unlock option in Android, which is coincidentally also very insecure. The difference is, in the case of Android, nobody inflated the security implications, it was simply a neat trick to open your phone, that smart people won't use.
I think the problem might be that you are secretly 'forced' to use it. What if NSA / govt tells apple to start harvesting all fingerprints of all users
> Why on earth are people getting worked up about this?
It's an Apple release. The tech press is _required_ to act like any Apple release contains at least one thing that is the second coming of Mecha-Hitler; it's the law.
It will be interesting to see how difficult or how easy it is to fool Apple's fingerprint scanner. I suspect the security will not be high given the constraints of putting it in a button on a mobile phone and the preference for letting marginal scans authenticate the user so as not to frustrate or inconvenience them.
Personally, I'd trust a 4-digit pin with a lockout timer to stand up better than fingerprint authentication. It looks cool in the movies, but it's never been a very bright idea.
Of course, most won't care if it's insecure, and being able to set different functions to automatically execute based on scanning different fingers (an ability laptop scanners have had for years) is certainly a selling point.
Have we seen this fingerprint reader yet? IBM/Lenovo ThinkPads use a reader that's just a tiny strip, so you actually have to swipe your finger instead of just planting it on the reader. This at the very least defends against simple attacks.
But I mean, a fingerprint is a physical thing which can be cloned, just like a key. And you also leave prints everywhere you go. It's not a silver bullet in authentication. All else being equal, passwords are safer against a determined attack, if we can assume correct usage.
The data doesn't erase itself. The phone, in its original state, erases its copy of the data, but that doesn't help if you're operating with (a) a copy of the data, or (b) a modified phone, which is likely given an adversary that doesn't find cracking 10,000 PIN combinations to be a significant hurdle.
Actually, the data is encrypted firstly with a per-device key that is unique to the phone and unable to be accessed directly (unless you want to go decapping chips), then additionally with a hash of your pin or password. A copy of the data is useless unless you can get to it in an already unlocked state. An erase firstly deletes the encryption key entirely then begins a secure erase in the background.
In practice, it might have the opposite effect. Currently, 4-digit PINs are (presumably) brute-forceable and the alternative of entering a longer, cryptographically-secure password every time you want to use your phone is impractical, so it doesn't really matter whether you can be legally compelled to divulge your PIN or not.
However, with a fingerprint ID, you can now use a cryptographically strong password to encrypt your phone (which you have to enter on device boot or after 48 hours of the device being idle [1]), while still having the convenience of actually being able to use your phone once it's on via the fingerprint scanner. So I see that as a security win.
Of course, Wired's premise isn't even valid in some countries, e.g. the UK, which have powers to legally compel you to hand over your passwords regardless. For all I know this is true in the US too.
IANAL but as far as I know the issue of divulging a passphrase has not been completely settled by the US courts. It seems that the courts are converging on something like this:
1. If the prosecutor can prove that incriminating evidence is encrypted, you can be compelled.
2. If you ever divulged your passphrase to the government or provided the plaintext, you can be compelled.
3. If you have not divulged the passphrase and the government has no proof that incriminating evidence is encrypted, you cannot be compelled.
If I remember correctly, the prosecutor cannot both compel you to give up a passphrase and use your knowledge of the passphrase as evidence against you (e.g. to prove that you controlled the computer in question).
That does you no good if you get nabbed with your phone in the decrypted but locked by fingerprint state. (which would be the common state since the password is a pain in the ass to enter if it's strong, so you do it on boot or something). So provided whoever has your phone can force you to put your thumb on your phone, forge your print, or cut off your thumb, they get your data.
Or fingerprint you at the detention center after you're arrested filming some cops beating a protester. Probably can just print it out to film and press it into the reader and open it. The CCC lifted the fingerprint of German Secretary of the Interior Wolfgang Schäuble from a glass he used at a panel discussion to prove how worthless fingerprints are for authentication.
A PIN is perfectly fine for locking as long as it has a strict-enough backoff. For encryption, then, you need tamper-proofing rather than any particular level of password complexity.
I think you missed the fairly huge disclaimer hidden away at the bottom of the page:
> iPhone 4S, iPhone 5, iPad 2+, iPad Mini and iPod Touch 5th gen support is limited to jailbroken devices only (iOS 5 and 6).
The chances of a target device being jailbroken are not particularly large. This should, of course, serve as a reminder that if you are running a jailbroken device you should probably have a passcode a little more complex than four digits!
There are many other forensic acquisition products for iOS[1] as well as a number available to law enforcement only; I think it's safe to say that relying on your iPhone's PIN code for protection is probably not a good idea.
"Using UFED Physical Analyzer, physical and file system extractions, decoding and analysis can be performed on locked iOS devices with a simple or complex passcode.
Simple passcodes will be recovered during the physical extraction process and enable access to emails and keychain passwords. If a complex password is set on the device, physical extraction can be performed without access to emails and keychain. However, if the complex password is known, emails and keychain passwords will be available."
I believe the idea is that if the encryption key is protected with only 4-digits, you could brute-force it offline (if you cracked open the phone and de-soldered stuff). If the encryption key is protected with a secure passphrase (as, for example, PGP private keys typically are) then that attack becomes a lot less feasible.
Yeah, the online attack defence like a short password is sufficient to defeat most attacks so long as root is not enabled, and Google/Apple don't comply to remotely unlock the device or reset the password (or you have all google framework apk's ripped out, or not built). The phone should reboot or wipe itself, or timeout or do something besides allowing unlimited attempts.
The offline attack you need a password suitable for protecting against police GPU cloud running john the ripper. Android you can set this up (2 different passwords), but should then make a script that deletes adb and su, add it to rc.local and reboot. Also helps to sabotage the recovery partition so it deletes user data should anybody try to flash something to system image
There's also mobiflauge, which is experimental deniable encryption and has 2 passwords, one to open a decoy install and one for your secret files full of stolen government intel you took pictures of to fool casual searches, and not ripped apart JTAG forensics.
True, but iOS does have an option to wipe the phone after 10 unsuccessful PIN attempts. Given that iCloud backup is pretty simple to setup, there's no reason not to configure this option, IMO.
Yeah, but the court can still get a warrant for the iCloud data, which I am almost certain isn't store in encrypted form or at least in an encrypted form for which Apple does not have the keys.
You really need to use iTunes and an app like PhoneView for backing up all your data locally and storing that data in encrypted form outside the jurisdiction of your country.
I worry that they could physically force people to put their fingers on the phone, though, which would be much easier than forcing them (physically) to input the passcode.
I'm quite sure they could get prints off the phone or something else you've touched and make an artificial gelatin "finger" with the print. Depending on the scanner,this can work and is a well known way to fool some consumer-grade fingerprint scanners.
A fingerprint is an identification, not a passphrase. On top of that a fingerprint is very easy to obtain (especially on an iPhone where it might even by ready available on the button that reads it). A PIN on the other hand is a passphrase. The fact that a fingerprint is very unique doesn't mean that it isn't easy to discover and replicate or that it's difficult to use a copy of it.
This article actually gets the law right, as it stands today. I'm not sure if it's super relevant information, but it's correct. The 5th amendment says: "No person... shall be compelled in any criminal case to be a witness against himself..." Witness is a legal term of art, which refers to someone who gives oral testimony recounting their own experiences. Handing over a key or touching a button is not testamentary and therefore not protected.
> When a person has a valid privilege against self-incrimination, nobody — not even a judge — can force the witness to give that information to the government.
The Fifth Amendment explicitly outlines that you cannot successfully "plead the fifth" in response to a grand jury compelling you to testify.
Actually they got the law exactly wrong. "If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence" you don't have to turn the key over without a warrant. The police have to have good knowledge that the incriminating evidence in the lockbox. And passwords are just a key. This has already gone through the courts, the courts can impel you to turn over your password, if they have evidence to suggest your computer has incriminating evidence. This won't be any different, they can't take your fingerprint or dna without probable cause. I don't see how it is any different.
When the 5th amendment applies, it protects you even when the police have a warrant. Courts have not reached agreement about whether turning over a password is like turning over a key or scanning your thumbprint. See: http://www.techdirt.com/articles/20130425/08171522834/judge-...
Probably cause isn't hard to manufacture, though. I believe there was a court decision recently that said that a state's drug sniffing dogs still provided valid probably cause even though they would bark whenever their owner wanted them to bark.
Interesting feature of the fingerprint lock... if you havent unlocked your phone in 48 hours, the fingerprint lock won't work anymore and you will need to use the PIN you had to set up.
Basically this issue is totally sidelined by this feature.
A little off-topic, but can someone tell me why fingerprint-access is even a needed feature? With PIN access, you get good enough security when you also enable the lock-after-10-mistypes. And 4-digits is only about a few seconds slower than fingerprint access...and since you already have instant access to incoming calls and to the camera, in what situations do we need insta-touch access to our phones?
Phones are getting stolen and compromised because people are too lazy to do the PIN thing, I suppose...but it never seemed like it was in Apple's best interest to make phones brickable.
If I were to take a massive guess on this (and this is a massive guess). I would say that for the lifetime of the phone being unlocked with your fingerprint you could do things like pay for items etc.
They may be lining up for banks or other authorities to start allowing finger print recognition in their systems and apps to make bank transfers or pay for items in general and that your finger print would be the authorisation.
It may be one level more secure when they implement NFC.
I don't know though, I doubt they have done it simply because people want to unlock their phones 1 second faster.
It improves the security of my phone in the real world cases that I'm likely to encounter. Like friends, coworkers, family members, and significant others. It's trivial for them to observe my pin, but lifting a print and creating a fake finger ala Mythbusters or compelling me by force is beyond their resources.
So it's a trade off, giving up security against a determined threat for a gain in security against casual threats.
I don't use a pin because I don't want to have to enter one every single time I want to quickly check something on my phone. Those extra few seconds would be a many-times-a-day annoyance, and I try to keep my day annoyance-free.
Since a fingerprint scan is faster, it is security I would probably use. (And the hyperventilation about hypothetical 5th amendment issues doesn't bother me one iota.)
Er, iphones and other fancy smartphones are being stolen because they fetch hundreds of dollars from black-market wholesalers and unwitting craigslist buyers. Not because people don't use a PIN. Of course, using a PIN is a good idea in the event that the person who eventually gets possession is an identity thief.
It's a 'needed feature' to avoid the hassle of passwords in general. Unfortunately Apple has, as usual, snatched lame from the jaws of awesome by rendering the fingerprint reader inaccessible to apps.
I feel like the author of this article is missing the whole point of Fingerprint ID.
The feature is meant to make using an iPhone more secure for those of us who tend to leave our phones unlocked and PIN-free.
If you're storing anything of value on your phone, the existing password-based and PIN-based lock mechanisms aren't going away any time soon. If nothing else, it'd break too many organizations' Active Directory configurations.
You're in court. You refuse to admit/verify the accusation that you were in the vicinity of the deceased's home. Cell phone records, dutifully recorded and reported under warrant from NSA...er...ATT, show your phone - which you are known to carry pretty much everywhere - was in that vicinity at the crime's time. You contend that does not constitute evidence. The phone is acquired, bailiff places your finger on your Fingerprint-ID-secured phone, phone unlocks, evidence thereon shows activity during that period. So much for your 5th Amendment right against self-incrimination.
Most users don't care that their phone could be used against them in a court case. Maybe they should, but they don't, and pretending Fingerprint ID should be a form of two-factor authentication for your phones is silly. If users cared, they could use a passcode and the fifth amendment to protect them. It is far more likely for the average user to lose their phone by dropping it somewhere outside.
At this time, we can't even get most users to use one-factor authentication. Hell, the mass media perpetuates feel-good stories where kids use an unlocked lost phone to return it to their owners[0], so even with this technology you'll have a hell of a time convincing people to lock their phone with even a 4-digit PIN.
Stallman et al. have been telling us "your closed-source phone is spying on you" for years now, and it's clear that the education hurdle is far bigger than "fingerprints are self-incriminating". Just look the first half of the byline for [1] -- "The boy addicted to porn; the girl who let herself be sexually assaulted to get her BlackBerry back".
If the phone wasn't password-protected (or fingerprint-protected) at all, the story would be the same except you could skip the "bailiff places your finger..." step.
I have been a juror on a criminal case that relied heavily on phone records. There was no fingerprint system involved, and yet it was clear beyond reasonable doubt that the phone belonged to the defendant.
The phone company can testify that the phone corresponds to a given cell number. Other people can testify that they spoke to the defendant on that number. No one piece of evidence exists in a vacuum; all the pieces of evidence combine to paint a picture.
Sure you could try to lie by making up stories about how the phone wasn't really yours, but it's hard to get all the other evidence to line up with a lie. This is a GOOD thing; the protection against self-incrimination isn't intended to help people get away with murder, it's intended to protect the accused from being compelled to help the government prosecute them.
I'm not contending the "wasn't really yours" point. Phones get stolen, misplaced, left behind, etc. with enough frequency that "it's your phone and it registered/triangulated with this position" may be strong circumstantial evidence but still isn't proof. That it was used in a manner requiring your finger (still attached to your body) does.
Don't get me wrong, I'm with you on protecting the accused from compulsion to self-incrimination. Just observing that the fingerprint sensor, coupled with the enormous data being collected on/about the device, isn't helping 5th Amendment rights.
Since it's trivial to show whether or not that is true, I would not advise making such a thing. It is highly inadvisable to lie to the police or courts.
The evidence used to prove when you bought the phone would also likely be used to demonstrate that you own the phone. I don't think the fact that your fingerprint unlocks the phone found in your pocket at the time of arrest is likely to be the jury's determining factor in deciding whether that phone belongs to you.
So don't use fingerprint ID. It's pretty simple really. Or don't carry your phone when you commit crimes. Everybody knows that. Use a burner phone and leave your iPhone in your lair. The paranoia in this tread is bordering on pathological. If you did commit a crime then a lack of fingerprint scanner isn't going to help you much. If you didn't commit the crime but happened to be there, then perhaps cooperating with the police to catch the real perpetrator would preclude being forced to scan your finger to prove something that you've already claimed when cooperating with the police to solve such a heinous crime, whatever that crime might be.
For the average non-criminal, the likelihood of ever being both falsely accused and falsely convicted based on evidence from an iPhone is almost infinitesimally small. Considering that if you didn't do the crime, if anything the phone should exonerate you.
The fairly rare cases of something 'bad' happening and getting falsely accused shouldn't be the basis of making tech decisions. A similar logic would compel us to never ride in a car, since the threat profile of an auto fatality is much higher than that of being forced to incriminate yourself with an iPhone. Decisions should be based on a risk management profile. If you tend to hang out with criminals, then your risk management profile would be different than someone who works at home and only goes to the gym once in awhile. And if you are a criminal, you'd be foolish to use any identifiable electronics devices at all. Your retired aunt Sarah who hangs out at the hair salon and church food pantry would hardly need to be as paranoid as a guy who's good friend is an ecstasy dealer. There's no reason worry about that exceptionally rare situation where you suddenly find yourself in the middle of a real-life Law and Order episode. There are plenty if other, more realistic things to worry about in terms of digital security than being forced to fingerprint in a courtroom.
I think cbhl's point is perfectly valid, in the presentation of the feature, Apple states that about half of people leave their phones w/o a PIN. Touch ID is for these people and in general will make unauthorized access to iPhones more difficult.
Touch ID is optional, if a user feels particularly concerned, about legal implications of this, it is perfectly valid to revert to a passcode. I am glad that this article/discussion exists though, it is good to know what risks may exists using new security systems.
[Edited to add: just read somewhere else that after 48 hours of inactivity or a reboot, user must re-enter passcode before fingerprint will unlock the device. This would seem to protect from the case stated in the article.]
You can still contend that the fact your finger unlocks the phone today doesn't prove you were the one using the phone in the deceased's home. Maybe the phone was unlocked via passcode at the time of the murder.
Just a small point of order, but if a judge issued a warrant for your cell phone records, then the NSA had nothing at all to do with it, and it went through due process.
>Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know. However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)
BS interpretations like these make the legal system a big bad joke.
The original intention clearly had nothing to do with whether it was something out of your mind or not, and all to do with not being forced to implicate yourself.
They should have written that, then. Instead they wrote "to be a witness against himself".
Considering that the legal entire legal system practically runs on fine definitions such as these (witness against oneself != implicate oneself), and also considering that it's a judge's job to attempt to successfully translate a centuries old document based on jurisprudence, case law, etc, your opinion on intention is worth precisely jack and squat.
(As is mine and pretty much everyone else's here...)
My understanding was that the right against self-incrimination was largely meant as a patch, to prevent suspects being tortured into confessing by devaluing their confessions. If that's the point, I don't see any reason for a court not to compel a harmless, painless fingerprint swipe.
Seems like simply combining the fingerprint with some sort of quick gesture could get around this. They couldn't force you to try all possible gestures any more than they could force you to try all possible combinations of a lock (example taken from the article).
At least with fingerprints, you can effectively destroy the "password" irreversibly before being compelled, since you can always cut off the tip of your finger and destroy it.
Sounds messed up, but it's certainly a possibility. Since the finger is not the evidence itself, I don't think this would constitute destruction of evidence, and so long as it is done before the court asks you to unlock the device, it should not result in contempt of court. However, this is all uncharted territory and IANAL.
only until it is an attached part of your body :) I can see how destroying the tip of your finger and cutting after that is ok, while in reverse would be a destruction of evidence.
A finger can easily be forcefully used or even removed for use later. A password however is still harder to get out of a brain and can be just as strong if it is long/complex enogh.
I don't think getting a password out of a living brain is harder than removing a finger. Most brains would give you their password if you threaten to remove a finger, even more if you give a demo first and threaten to remove a second one.
In the case where the brain is dead, removing the finger is way easier.
I am not sure how that balances out, but I am sure two-factor authentication (fingerprint plus password) beats either.
I've never regarded fingerprint-only as an option, because of the reasons the author mentioned in the article. It's more like having a badge or a keyfob...it could be difficult to get, but by no means impossible.
Something you have: fingerprint
Something you know: PIN
Combine the two and you can be fairly sure only the owner has access to whatever's being protected.
Phone locks are not designed to keep a well resourced attackers out, they are to keep nosy people from casually accessing your data.
Competent authorities will not access your phone through the phone interface, they will just image the data on it. Unless you encrypt data on your device with a strong key, they will get all your data anyway.
Is it a known fact that the fingerprint authentication can't be combined with the standard PIN or complex password feature? It seems like a fingerprint scan that is followed by a password request to unlock the phone would be an easy win.
"But if we move toward authentication systems based solely on physical tokens or biometrics — things we have or things we are, rather than things we remember"
If the argument is valid it seems that it could also be applied to public key encryption.
Are we going to see an influx of pointer fingers getting mysteriously burnt when their owners have been arrested?
I see it's certainly easier to force someone's finger onto their home button than beat the pin code out of them.
Well, the usual smear across the screen gesture can be "cracked" by looking at the screen at an angle. Secondly, there aren't many patterns you can conveniently enter with the thumb of your dominant hand.
Wouldn't it make the most sense then from a security and privacy perspective to require a fingerprint AND a "pin" or password from one's personal memory [stored in their head]?
I certainly expect to be able to choose which option I want to use, specially if Apple wants to keep my business. I have no problem remembering long complex passwords and have adapted to the phone authentication method as well. For our own sake, it would be best if we continue to use things ONLY we remember, to authenticate ourselves, otherwise we may be in trouble.
For instance, I recently heard of an older couple who allowed the husband's brother to visit them to talk about a new business he was in. Essentially he wanted to visit the couple with his "mentor" because he needed to "practice". At the end of their visit the couple had been persuaded to: join the "business" as members, for a monthly fee, which was going to be charged to their credit card. THIS WAS OBVIOUSLY A PYRAMID SCHEME! Anyways, after the visit, the terrified the woman immediately called the bank and had them cancel the card, so everything ended up being okay. Imagine if they had handed over their fingerprints! You won't be able to call the bank to tell them to send you a new fingerprint.
I'm looking forward to CHOOSING to locking the whole device, so that I can actually have a lock "code" (whatever form) that isn't subject to a 3-year-old poking at it so much the device locks itself up for an hour or more thinking it's under attack.
In the UK that is true, but it's more complex in the US. My understanding of a recent decision is that the government can compel delivery of a password only if they've already proven from other means some specific evidence that should be available which is protected by that password (since in that case there is already "incrimination" from means other than self-incrimination).
The fingerprint ID is just another option, which you don't have to use.
So titles like this are just incorrect. Fingerprint ID isn't taking away any of your rights, because you can still use the PIN just like you always have.
I mean seriously, what the heck is going on here? Why on earth are people getting worked up about this? Sure, the fingerprint ID might be less secure, and it's important to realize that, but nobody's forcing you to use it. According to everything reported so far, the new iPhone is not removing your PIN.