It’s understandable. The NSA apparently can use the apps we put on our phones to hack into our phones or something. It’s a terrible invasion of privacy. Except the fingerprint as “Open Sesame!” is a bit flawed because Apple explicitly stated that the fingerprint was encrypted and stored only on the chip and not uploaded to the cloud or the internet or wherever. So the argument then becomes, if the government is going to hack into your phone to get your fingerprint, aren’t they in there already? What the hell do they want your fingerprint for?
Let us assume for some reason that they do get your fingerprint. What are they going to do with it? Put in an arrest warrant that your fingerprint matched one found at the scene of a crime? Aren’t they going to have to explain how they got your fingerprint? Either the government hacking into your phone is “legal” or not: the method by which they do it is irrelevant.
But there might be another problem associated with the fingerprint, writes Marcia Hoffman in Wired. While titled “Apple’s Fingerprint ID May Mean You Can’t Take The Fifth”2, the import of the article is clearly that this new fingerprint technology somehow reduces your privilege against self-incrimination if you choose to use it.
Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).
To cut to the chase, the argument is thusly:
The fingerprint is not an act or a statement made verbally, forcing someone to reveal “contents of one’s mind”, therefore pursuant to Doe v. United States (II), it is not a “testimonial” statement that is incriminating and the act of forcing you to use your finger to open your phone is not privileged and you’re screwed. Damn you Apple, government stooge!
But, as most lawyers will tell you, there’s a big fat “maybe” attached to this argument she makes3. The ‘maybe’ is that it all depends on the facts and circumstances of the case. As Hoffman herself admits:
@gideonstrumpet But when the act of decrypting data would tend to reveal existence/authenticity/possession/control, it can be privileged.
— Marcia Hofmann (@marciahofmann) September 12, 2013
There are the password cases where a federal judge has ruled that an individual cannot be forced to turn over the password to decrypt files on one’s computer. Up until now, most people use 4-digit pin codes that can easily be hacked into by the Government.
But your fingerprint is different, she argues, because it isn’t something in your mind. It’s more like a key than a wall safe combination, relying on the argument of the court in Doe II.
But you can readily imagine a scenario where forcing you to use your fingerprint incriminates you: it ties you to the phone in question and it may lead police to information they didn’t know existed. See Doe I.
And then there’s the essential difference, at least in my mind4: the fingerprint is an inseparable part of my physical being, like my mind. The closest analogy I see in current practices is DNA comparison, which has been held to be non-testimonial. But DNA is not widely accepted as a method to lock and unlock private materials, except perhaps in science fiction.
A fingerprint, on the other hand, despite its unreliability can become widely used for just that. And then the argument can be made that it’s more akin to another scenario that’s prohibited: forcing you to participate in a criminal prosecution. Because there’s Rochin v. California, in which the Supreme Court held that it was a violation of Due Process to forcibly extract the contents of Rochin’s stomach and then used the pills found therein to prosecute him for possession of drugs.
There’s also the notion that there’s a reasonable expectation of privacy in the contents of one’s cell phone and that the government needs probable cause to seize and search it, however they unlock it.
And if all it takes for them is to get your phone unlocked – and they can hack into a passcode – then look about you. Your fingerprints are everywhere and you have no expectation of privacy in them. Don’t want to comply with being forced to turn over your fingerprint? Fine. They’ll just follow you and seize everything you touch and lift your print off that.
The problem with Hoffman’s piece is that it misplaces the problem with the Fifth Amendment privilege. It isn’t in the key or the fingerprint, it’s in the law that doesn’t care to protect us.