In security and privacy circles today, no good deed goes unpunished. Consider Apple’s recent privacy initiative. Under its new encryption policy, Apple can’t divulge confidential information about its customers’ data, because only the consumer’s credentials can unlock the data — and those credentials are completely under the control of the customer. For added security, Apple layered biometric authentication (fingerprint) on top, so that people wouldn’t have to type their passwords/PINs in public, exposing themselves to the dangers of shoulder-surfing.

A funny thing happened, though, as that policy ran into law enforcement and the courts. You’ve got the director of the FBI railing against smartphone encryption, claiming that it puts us all at greater risk from terrorists. And a circuit court judge in Virginia has ruled that although police cannot force suspects to reveal their passwords/PINs, they can be forced to apply their fingers to their iPhones and open them, against their will. There is a lot of legal history — a.k.a. precedent — for this, but an absolute absence of logic or rationale. When a fingerprint becomes a password/PIN, it must be treated as such.

To read this article in full or to leave a comment, please click here