No announcement yet.

All your biometrics are belong to the State

  • Filter
  • Time
  • Show
Clear All
new posts

  • All your biometrics are belong to the State


    Originally posted by URL1
    There has been a lot of press coverage recently about a search warrant obtained in Los Angeles allowing the government to force people present when the warrant is executed to press their fingers and thumbs on the fingerprint sensors of any phones or computers found there to unlock them. A lot of people have wondered: Is that legal? I don’t think there’s an easy answer to that. Here’s an overview of some of the legal issues.
    Thoughtful article on this topic.

    Originally posted by URL1
    if the officers find a phone and tell a suspected owner to unlock the phone with his finger, responding to the order may imply testimony. By responding to the order by picking the finger that was selected to unlock the phone, the person is admitting that it is his phone.
    This is an unlikely defense. Blood evidence found at a scene can be included in compelling a suspect to provide a blood (or other) sample to perform a DNA test. If blood (or other samples) can be taken from a suspect, and taking fingerprints is a normal part of arrest/booking. If fingerprints can be taken and well-known methods to duplicate them are employed then the law can bypass a person physically using their own finger, or justify their demanding use of a finger by showing another legal process to get the same would be equivalent.

    Whatever the route used, the fingerprint evidence would then become evidence to argue who owns which phones.

    Ignoring validation, storage of secrets, and short or easily guessed passphrases, a passphrase, or a PIN which unlocks a smartcard (but when failed too many times requires a PUK to try a PIN again, which will then break the key when the PUK is failed 3 times) is much safer from a security view than just a piece of data that can be duplicated without consent or cooperation. Even better authentication includes multi-factor authentication.

    Using just biometric authentication (with no other factors) has often been viewed as bad security.

    For legal protection? Biometric-only protection will eventually be found to be ZERO legal protection. "All your biometrics are belong to the state."

    If they can take DNA evidence from a suspect to test existing DNA samples...