-Submitted by David Drumm (Nal), Guest Blogger
The iPhone 5s allows the user to unlock their device using biometric data, namely their fingerprint. It is more convenient that typing in a simple four digit passcode. Fingerprint readers vary in vulnerability. Some only check ridges and can be fooled by a good photocopy. The iPhone reader uses radio frequency scanning to detect sub-epidermal layers of your skin requiring the owner to be alive and the finger attached. The new fingerprint reader may protect your iPhone from thieves, but what about protecting your personal data from government snooping?
The Fifth Amendment provides that no person “shall be compelled in any criminal case to be a witness against himself.” In Miranda v. Arizona, the Supreme Court extended Fifth Amendment protections to encompass situations outside the courtroom that involve curtailment of personal freedom. In Fisher v. United States (1976), the Supreme Court held:
The Fifth Amendment does not independently proscribe the compelled production of every sort of incriminating evidence but applies only when the accused is compelled to make a Testimonial communication that is incriminating.
The Court realized the communicative aspects of producing evidence in response to a subpoena and hence, testimony is more broadly understood as an act that explicitly or implicitly conveys a statement of fact.
In the case of United States v. John Doe (2012), Judge Tjoflat, writing for the United States Court of Appeals for the Eleventh Circuit, noted that the “touchstone of whether an act of production is testimonial is whether the government compels the individual to use “the contents of his own mind” to explicitly or implicitly communicate some statement of fact.”
The classic example, from United States v. Hubbell (2000), is the government forcing someone to turn over a key to a lockbox versus demanding the combination to a wall safe. The combination would be “testimonial” because the person would be revealing contents of their mind. Turning over the key would not be “testimonial.” In Fisher, the 11th Circuit Court explained:
the decryption and production of the hard drives would require the use of the contents of Doe’s mind and could not be fairly characterized as a physical act that would be nontestimonial in nature. We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.
The compelled production of biometric data, such as a fingerprint, to unlock an iPhone would appear nontestimonial in nature.
In a Wisconsin case, federal prosecutors dropped their demands for decryption key when the FBI revealed it had cracked two of the suspect’s drives, both Western Digital My Book Essentials. Western Digital declined comment. The FBI is working on decrypting the other seven drives. An astute defense attorney might suspect that encryption keys were provided to the FBI by manufactures without a warrant.
While using a voiceprint as authentication would be prima facia “testimonial,” the key phrase would often be used in public and easily recorded.
The new iPhone’s fingerprint authentication feature is convenient and an excellent deterrence to theft. It is unlikely to provide any Fifth Amendment protection of your personal data. It is also a boon for our kitteh overlords: