::.law + strategy.::.law + governance.::.law + politics.::. ::.you get the jist.::
In the wake of the newest iPhone announcemement–namely, that it will contain a biometric fingerprint scan that has been integrated into the “home” button in an admittedly slick design–Wired recently published this interesting speculation about the potential legal implications in the US of fingerprint scanning on phones. The crux of the issue is that the nature of the fifth amendment in the US, which protects against self-incrimination, has to do with knowledge, rather than being. Whereas passwords are part of what you know, fingerprints are part of who you are.
And so the argument goes that just like other biometrics (like the collection of footprints and fingerprints in compiling forensic data and evidence), the fingerprint scan could be usable, in order to unlock a phone that has been seized as evidence, whereas under the same circumstances, a detainee would not be compelled (under the 5th) to reveal a password that would perform the same function of unlocking the device. Of course, it would also depend on the jurisdiction’s law around what kind of warrants are required in order to search an individual’s phone.
Still, it’s an interesting point that could have potential implications in Canada as well. I’m not sure of the specifics of the current law around accessing smartphones and personal devices, as I don’t practice criminal law. I believe I recently read an article reporting that police are allowed to read through unlocked phones and devices or ones that are not password protected, and can do so on fairly light grounds–either reasonable suspicion or probable cause or somesuch. If that is indeed the case, and if in Canada we make a similar distinction between knowledge (stuff you know and can choose not to disclose) and being (biometrics, essentially), then it seems likely that we’ll have a similar set of consequences here.
The other issues with biometrics, of course, are that once they are cracked or copied (and it certainly isn’t difficult to collect fingerprint data, if someone really wants to do so) there’s no way to order a replacement or get a reset. Essentially with biometrics, you get hacked, rather than just your password or code.
And of course, knowing what we know, courtesy of Mr. Snowden, about the NSA, we can be sure that with the innovation of the “higher security” fingerprint id scanning on the iphone, all that data is getting stored somewhere, in the hard drive equivalent of the warehouse at the end of Raiders of the Lost Ark, available to search and compile as necessary.