URL1=https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/10/19/can-warrants-for-digital-evidence-also-require-fingerprints-to-unlock-phones/
Thoughtful article on this topic.
This is an unlikely defense. Blood evidence found at a scene can be included in compelling a suspect to provide a blood (or other) sample to perform a DNA test. If blood (or other samples) can be taken from a suspect, and taking fingerprints is a normal part of arrest/booking. If fingerprints can be taken and well-known methods to duplicate them are employed http://www.networkworld.com/article/...iometrics.html then the law can bypass a person physically using their own finger, or justify their demanding use of a finger by showing another legal process to get the same would be equivalent.
Whatever the route used, the fingerprint evidence would then become evidence to argue who owns which phones.
Ignoring validation, storage of secrets, and short or easily guessed passphrases, a passphrase, or a PIN which unlocks a smartcard (but when failed too many times requires a PUK to try a PIN again, which will then break the key when the PUK is failed 3 times) is much safer from a security view than just a piece of data that can be duplicated without consent or cooperation. Even better authentication includes multi-factor authentication.
Using just biometric authentication (with no other factors) has often been viewed as bad security.
For legal protection? Biometric-only protection will eventually be found to be ZERO legal protection. "All your biometrics are belong to the state."
If they can take DNA evidence from a suspect to test existing DNA samples...
Originally posted by URL1
Originally posted by URL1
Whatever the route used, the fingerprint evidence would then become evidence to argue who owns which phones.
Ignoring validation, storage of secrets, and short or easily guessed passphrases, a passphrase, or a PIN which unlocks a smartcard (but when failed too many times requires a PUK to try a PIN again, which will then break the key when the PUK is failed 3 times) is much safer from a security view than just a piece of data that can be duplicated without consent or cooperation. Even better authentication includes multi-factor authentication.
Using just biometric authentication (with no other factors) has often been viewed as bad security.
For legal protection? Biometric-only protection will eventually be found to be ZERO legal protection. "All your biometrics are belong to the state."
If they can take DNA evidence from a suspect to test existing DNA samples...