Sunday, May 01, 2016

Touch Wipe: a question for you lawyers

Whether the police can force you to unlock your iPhone depends upon technicalities. They can't ask you for your passcode, because that would violate the 5th Amendment right against "self incrimination". On the other hand, they can force you to press your finger on the TouchID button, or (as it has been demonstrated) unlock the phone themselves using only your fingerprint.

So I propose adding a new technicality into the mix: "Touch Wipe". In addition to recording fingerprints to unlock the phone, Apple/Android should add the feature where users record fingerprints to wipe (erase) the phone. For example, I may choose my thumb to unlock, and my forefinger to wipe.

Indeed, I may record only one digit to unlock, and all nine remaining digits to wipe. Or even, I may decide to record all 10 digits on both hands to wipe, and not use Touch ID at all to unlock (relying solely on the passcode).

This now presents the problem for the police. They can't force me to unlock the phone. They can't get around that by using my fingerprints, because they might inadvertently destroy evidence.

The legal system is resilient against legal trickery such as this. If think you've figured out a way to beat the system, then it's usually because you just don't understand the system well enough. But I think I've figured out how to beat this system, so I write this up so that lawyers can explain why I'm wrong.


3 comments:

Ji said...

Inadvertently? If your fingerprint causes destruction of evidence, what is your reasonable explanation for such a feature, other than to intentionally destroy evidence when law enforcement is seeking it? And you just provided fingerprint proof that *you* enabled it and activated it. I'd wager a large sum in a jury agreeing with the prosecution on that charge.

If you really want to "hack" the system, when compelled just offer up your thumbs 5 times so it disables itself, since that's what everyone registers. And hope they don't specifically compel the finger you actually registered (or find evidence that you unlock a phone with a non-thumb...)

Gridlock said...

TouchID is disabled after reboot or following 5 (IIRC) failed fingerprint attempts. So;

1) ALWAYS attempt to power down your device if you believe you may be coerced into unlocking it, for instance at border checkpoints or when arrested for a crime.
2) Failing that, try and burn through those 5 attempts when asked.

IANAL, of course.

Brad said...

What about a finger print that would disable the touch unlock. That way if you accidentally used the wrong finger you would just have to enter your password. Also, you wouldn't be destroying evidence that way.