[rietta]

There is an argument against using the fingerprint access and that is that a user gives up the right of consent while in custody. If law enforcement gets a judicial order to forcibly press the prisoner's finger to the sensor to unlock the device, then he or she has little recourse as the right to remain silent is not implicated. One cannot be similarly physically compelled to disclose a code only held in his or her memory.

[LeoPanthera]

> One cannot be similarly physically compelled to disclose a code only held in his or her memory.

You can in the UK.

https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...

[rietta]

It's amazing how hard it can be to remember a password that one has not typed in a long time, and has been subjected to solitary confinement.

"Grassian and Haney show that a cluster of different symptoms, which they refer to as SHU syndrome, occurred in something like 90 percent of the prisoners they studied. Included symptoms can be affective, like paranoia and depression; cognitive, like confusion, memory loss, perceptual distortions, hallucinations; or even physical, like headaches and insomnia. So there is documented, psychiatric evidence that even a comparatively short term in solitary confinement can have negative consequences" (source http://www.vice.com/en_au/read/solitary-confinement-is-a-leg...)

[girvo]

> One cannot be similarly physically compelled to disclose a code only held in his or her memory.

Are you sure? In the UK and I'm pretty sure in my native Australia, they definitely can, under pain of "contempt of court".

[rietta]

That gets into key disclosure law and it does vary by jurisdiction. Though I am not a lawyer, it is my understanding that this is an area of dispute in the United States with respect to the 5th amendment, which forbids the government the power to compel one to ever testify against him or herself.

Even under a mandatory key disclosure regime, it's still a choice to remain silent even if that means one remains jailed. That situation sure seems like a form of torture to extract information from the incarcerated individual.

This 2012 Forbes article is a good read on the matter: http://www.forbes.com/sites/jonmatonis/2012/09/12/key-disclo...

[rhino369]

In the US it depends. If they know you had child porn on your phone they can force it. If they just suspect you have child porn, they can't.

[SoftwareMaven]

If you have the ability to lawyer it enough, I think you'd have a few layers of court required to sort out whether this is allowed (assuming they don't have proof you have something on the phone). You are basically forcing self-incrimination, a violation of the Fifth Amendment.

I totally agree that, if you are really concerned about this, fingerprint is a bad idea, but the legal ramifications are interesting.

Not quite relatedly, does anybody know if there is a heat sensor? Or can I just cut somebody's finger off to use it? (We are obviously well outside of judicial channels here! :)

[snowwrestler]

The Fifth Amendment protects people from being forced to witness against themselves, i.e. give testimony.

Evidence is not covered by the Fifth Amendment. If you have papers that would incriminate you, and a warrant is issued for those papers, you cannot refuse to surrender them. If you destroy them having received the warrant, you'll be prosecuted for obstructing justice.

Orin Kerr's interpretation[1] is that a phone is evidence, and contains evidence in the form of digital data. The only need for testimony is to establish that the phone is actually yours. You can't be forced to admit "yes that is my phone." But if the fact that it is your phone can be established in other ways (say, with the testimony of your wireless provider), then you can be forced to unlock it.

You can't be beaten or tortured until you type it in, of course, at least within the U.S. But you can be jailed for contempt of court for your refusal. And the limits of contempt imprisonment seem to be pretty murky.

[1] http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014...

Edit: to clarify the source of my argument

[moe]

Or can I just cut somebody's finger off to use it?

You don't need a finger to circumvent touchid. You can just obtain your victim's fingerprint from anywhere (e.g. a glass that they used) and create a fake "finger" using household items:

http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

[ghshephard]

As long as you can lawyer up for 48 hours, the iPhone will time out and require a passcode, and ignore your fingerprint.

[newscracker]

The obligatory xkcd reference had to be posted here. :)

http://xkcd.com/538/

"Drug him and hit him with this $5 wrench until he tells us the password."