Apple claims it’s putting user security first. Under this ruling, it might not be able to.
Apple’s Touch ID fingerprint system has suffered a major legal blow. A Virginia judge has ruled that while you can’t be forced to surrender a passcode, police can use your fingerprint to unlock a device without your consent.
After prosecutors argued that evidence in a case might be found on a locked device, Virginia Circuit Court judge Steven C. Frucci ruled that giving the police a fingerprint that could be used to unlock it “is akin to providing a DNA or handwriting sample” and thus could be taken involuntarily, PilotOnline reports.
Defendants still cannot be forced to surrender passwords to the police, because they are considered “knowledge,” placing them under the Fifth Amendment’s protection against self-incrimination. Previous court rulings have also held that forced decryption violates defendants’ constitutional rights. Other countries, like the United Kingdom, have no such protections in place, and defendants can be (and have been) imprisoned for failing to surrender passcodes.
Photo via Karlis Dambrans / Flickr (CC BY 2.0)
It’s bad news for Apple, which touted its Touch ID fingerprint scanner as the perfect password that “no one can ever guess.” In the wake of the Celebgate leak of dozens of female celebrities’ intimate photos, CEO Tim Cook doubled down on security with iOS 8. Its new measures mean that Apple is totally unable to decrypt user data, even if ordered to do so—something that’s caused no shortage of controversy.
The Virginia judge’s ruling means that police may no longer need to ask Apple for decryption. Instead, Apple customers with Touch ID enabled may see their data involuntarily decrypted and used against them, even though the exact same data would be protected under the Fifth Amendment if it were protected with a passcode.
The ruling isn’t unexpected, however. A spokesperson for the Electonic Frontier Foundation told Mashable that “it’s exactly what we thought would happen when Apple announced its fingerprint ID.”