Fingerprint scanners. We saw them first on notebooks, its hard to believe, commercial notebooks 10 years ago. I remember mine, and how great it was that my notebook was totally secure, because no one had my fingerprint.
All I had to do was swipe, and of course, that long ago, they never worked consistently. Today fingerprint scanners have become common on cell phones, both Apple and Android. There’s an irony though in the assumption that your fingerprint makes your information more secure.
The truth is, if you have a passcode, law enforcement cannot compel you to reveal your passcode under your rights as laid out in the 5th Amendment. Your fingerprint does not enjoy the same rights.
“The Fifth Amendment protects individuals against saying anything, testimony or statements, that could incriminate themselves,” says Paul Bond, who is also a partner at Reed Smith. “While it protects information, it does not shield physical things in the world available for production. Making the key to your information a physical key or biometric identifier is putting it in the realm of police power to produce.”
A recent trial in Los Angeles had a woman forced to put her finger to her iphone screen to unlock it. Her boyfriend was allegedly a gangbanger, and there was allegedly information on the phone that would incriminate him. We can’t speak to the merits of the case, but it is the first time ever that a suspect has been forced to unlock their iphone with their fingerprint. Had she used a passcode, she would have been protected under the first amendment.
This has significant ramifications for tech companies that use fingerprints for access to corporate data to keep their data more secure. Once an employee uses a fingerprint, or retinal scan to access company resources, it would appear that those resources are no longer protected under the fifth amendment, and are fair game for law enforcement.
While this has not been put thoroughly to the test, and so far, there has only been the first case in Los Angeles, we would urge some of our clients and friends to think twice about how private they want their data, corporate or personal. If that data is proprietary, and its privacy critical to your competitiveness, perhaps its not yet time to jump on the biometrics bandwagon. Perhaps, old fashioned passwords are good to hang on to for a while, until these issues work their way through the court systems.