|
KyungjinKimFirstPaper 6 - 07 Jun 2022 - Main.KyungjinKim
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption | | |
Technology Exploits | |
<
< | Apple claims that biometric passcodes are secure because the probability of a random person having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker uses their own face or their own fingerprints, hoping that the device might unlock. However, a dedicated attacker will be working under two scenarios: one in which the attacker knows the identity of the user, and one in which they do not. | >
> | Apple claims that biometric passcodes are secure because the probability of a random person having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker attempts decryption using only their own face or their own fingerprints. However, a dedicated attacker will be working under two scenarios: when the attacker knows the identity of the user, and when they do not. | | | | |
<
< | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement following an arrest, but civilian attackers can also replicate the scans by utilizing photographs of the users' hands in which fingerprints are visible. Facial recognition technology have also been known to be vulnerable under the first scenario in the past, for instance by attackers utilizing 3D models constructed to look like the user’s face. The second scenario, while without the aforementioned vulnerabilities, also present serious risks For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches; thus, a “master key” designed to emulate common partial fingerprints to be used. Attackers can also utilize several existing bugs. Most importantly, because almost all biometric data remains unique for life, biometric passcodes cannot be changed, and attackers will be able to access all biometrically encrypted devices owned by a certain user after compromising the passcode just once. | >
> | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement following an arrest, but civilian attackers can also replicate the scans by utilizing photographs of users' hands with visible fingerprints. Facial recognition technology have also been historically vulnerable under the first scenario, for instance by attackers utilizing 3D models constructed to look like the user’s face. The second scenario also present serious risks. For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches; thus, a “master key” designed to emulate common partial fingerprints can be used to unlock devices. Attackers can also utilize several existing bugs. Most importantly, because almost all biometric data remains unique for life, biometric passcodes cannot be changed, and attackers will be able to access all devices encrypted with biometric passcodes owned by the user after compromising the passcode just once. | | | Constitutional Protections to Forced Decryption
Biometric passcodes are also susceptible to forced encryption, and existing caselaw casts doubts on whether the Fourth or the Fifth Amendment can offer sufficient protection.
Fourth Amendment Protections | |
<
< | Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?" | >
> | Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is "[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?" | | | | |
<
< | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, Fourth Amendment requirements are satisfied for forced decryption of devices protected by biometric passcodes. However, while most courts seem to agree that (3) is necessary, they have reached vastly different conclusions when (1) and (4) were not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near an area that is being searched. | >
> | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, Fourth Amendment requirements are satisfied for forced decryption using biometric passcodes. However, while most courts seem to agree that (3) is necessary, courts have reached markedly different conclusions when (1) and (4) were not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable suspicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally subject to forced decryption simply by being near a searched area. | | | Fifth Amendment Protections | |
<
< | Users may believe that the Fifth Amendment offers protection, if forced decryption is found to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled. Barrera, at 835 (N.D. Ill. 2019). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). | >
> | Alternatively, users may believe that the Fifth Amendment can offer protection, if forced decryption is found to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled. Barrera, at 835 (N.D. Ill. 2019). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts holding that the provision is a communicative act generally agree that the provision is also incriminating and compelled. However, they are heavily split on whether it is testimonial. Some courts have held that, because the biometric key is provision of a physical characteristic and not communicative testimony, the act of provision is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera;. Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). | | | Conclusion
Biometric passcodes present both technological and legal risks. However, uses who choose to exclusively use alphanumerical passcodes as an alternative should know that there are unique legal issues with such passcodes. For instance, courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. |
|
|
KyungjinKimFirstPaper 5 - 06 Jun 2022 - Main.KyungjinKim
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption | | |
Introduction | |
<
< | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - have exploded in popularity. Today, more than 71% mobile phones have biometric passcodes enabled. However, while devices with alphanumerical passcodes cannot be easily decrypted without the users' voluntary cooperation, biometric passcodes are vulnerable to attacks based on technical exploits, as well as “forced decryption” by law enforcement – defendants being legally obligated to unlock their devices under a court order. | >
> | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - have exploded in popularity. Today, more than 71% mobile phones have biometric passcodes enabled. However, while devices with alphanumerical passcodes cannot be easily decrypted without the users' voluntary cooperation, biometric passcodes are vulnerable to attacks based on technical exploits, as well as “forced decryption” by law enforcement – users being legally obligated to unlock their devices under a court order. | | |
Technology Exploits | |
<
< | Apple claims that biometric passcodes are secure because the probability of having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker uses their own face, their fingerprints, or random passcodes, while hoping for a match. However, a dedicated attacker will be working under two scenarios: one in which the attacker knows the identity of the user, and one in which they do not. | >
> | Apple claims that biometric passcodes are secure because the probability of a random person having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker uses their own face or their own fingerprints, hoping that the device might unlock. However, a dedicated attacker will be working under two scenarios: one in which the attacker knows the identity of the user, and one in which they do not. | | | | |
<
< | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement following an arrest, but civilian attackers can also replicate the scans by utilizing photographs of the users' hands in which fingerprints are visible. Facial recognition technology have also been vulnerable under the first scenario, for instance by attackers utilizing 3D models constructed to look like the user’s face. The second scenario, while without the aforementioned vulnerabilities, also present serious risks For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches; thus, a “master key” designed to emulate common partial fingerprints to be used. Attackers can also utilize several existing bugs. Most importantly, because almost all biometric data remains unique for life, attackers would be able to gain access to any biometrically encrypted devices with a compromised passcode, after the device is compromised at least once. | >
> | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement following an arrest, but civilian attackers can also replicate the scans by utilizing photographs of the users' hands in which fingerprints are visible. Facial recognition technology have also been known to be vulnerable under the first scenario in the past, for instance by attackers utilizing 3D models constructed to look like the user’s face. The second scenario, while without the aforementioned vulnerabilities, also present serious risks For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches; thus, a “master key” designed to emulate common partial fingerprints to be used. Attackers can also utilize several existing bugs. Most importantly, because almost all biometric data remains unique for life, biometric passcodes cannot be changed, and attackers will be able to access all biometrically encrypted devices owned by a certain user after compromising the passcode just once. | | | Constitutional Protections to Forced Decryption
Biometric passcodes are also susceptible to forced encryption, and existing caselaw casts doubts on whether the Fourth or the Fifth Amendment can offer sufficient protection. | | | Fourth Amendment Protections
Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?" | |
<
< | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, Fourth Amendment requirements are satisfied for biometric forced decryption. However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near an area that is being searched. | >
> | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, Fourth Amendment requirements are satisfied for forced decryption of devices protected by biometric passcodes. However, while most courts seem to agree that (3) is necessary, they have reached vastly different conclusions when (1) and (4) were not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near an area that is being searched. | | | Fifth Amendment Protections | |
<
< | However, users may find refuge under the Fifth Amendment, if forced decryption is fond to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled. Barrera , at 835 (N.D. Ill. 2019). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera ; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). | >
> | Users may believe that the Fifth Amendment offers protection, if forced decryption is found to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled. Barrera, at 835 (N.D. Ill. 2019). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). | | | Conclusion
Biometric passcodes present both technological and legal risks. However, uses who choose to exclusively use alphanumerical passcodes as an alternative should know that there are unique legal issues with such passcodes. For instance, courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. |
|
|
KyungjinKimFirstPaper 4 - 06 Jun 2022 - Main.KyungjinKim
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption | | |
Introduction | |
<
< | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - have exploded in popularity. Today, more than 71% mobile phones have biometric passcodes enabled. However, while devices with alphanumerical passcodes cannot be easily decrypted without the users' voluntary cooperation, biometric passcodes are vulnerable to attacks based on technical exploits, and “forced decryption” by law enforcement – defendants being legally obligated to unlock their devices under a court order. | >
> | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - have exploded in popularity. Today, more than 71% mobile phones have biometric passcodes enabled. However, while devices with alphanumerical passcodes cannot be easily decrypted without the users' voluntary cooperation, biometric passcodes are vulnerable to attacks based on technical exploits, as well as “forced decryption” by law enforcement – defendants being legally obligated to unlock their devices under a court order. | | |
Technology Exploits | |
<
< | Apple claims that biometric passcodes are secure because the probability of having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker randomly tries their own face or passcode, hoping that it will unlock. However, a dedicated attacker will be working under two scenarios, one in which the attacker knows the identity of the user of the device, and one in which they do not. | >
> | Apple claims that biometric passcodes are secure because the probability of having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker uses their own face, their fingerprints, or random passcodes, while hoping for a match. However, a dedicated attacker will be working under two scenarios: one in which the attacker knows the identity of the user, and one in which they do not. | | | | |
<
< | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement, but civilian attackers can also replicate the scans by utilizing photographs of the users hands in which fingerprints are visible. Facial recognition technology are also known to have been vulnerable to attacks utilizing 3D models constructed to look like the user’s face. However, biometric passcodes are vulnerable even under the second scenario. For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches for fingerprints, allowing a “master key” utilizing common parts of fingerprints to be used. Attackers can also utilize several possible bugs. Most importantly, biometric passcodes suffer from the flaw that it cannot be changed, after it is compromised. Because almost all biometric data remains unique for life, attackers would be able to gain access to any biometrically encrypted devices with the compromised passcode. | >
> | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement following an arrest, but civilian attackers can also replicate the scans by utilizing photographs of the users' hands in which fingerprints are visible. Facial recognition technology have also been vulnerable under the first scenario, for instance by attackers utilizing 3D models constructed to look like the user’s face. The second scenario, while without the aforementioned vulnerabilities, also present serious risks For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches; thus, a “master key” designed to emulate common partial fingerprints to be used. Attackers can also utilize several existing bugs. Most importantly, because almost all biometric data remains unique for life, attackers would be able to gain access to any biometrically encrypted devices with a compromised passcode, after the device is compromised at least once. | | | Constitutional Protections to Forced Decryption | |
<
< | Biometric passcodes are also susceptible to forced encryption. However, users may believe that there are Constitutional limits against forced decryption, either because people have the right right "to be secure in their persons," or because people cannot be "compelled in any criminal case to be a witness against himself." However, existing caselaw casts serious doubts as to whether either Amendment can offer sufficient protection. | >
> | Biometric passcodes are also susceptible to forced encryption, and existing caselaw casts doubts on whether the Fourth or the Fifth Amendment can offer sufficient protection. | | | Fourth Amendment Protections
Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?" | |
<
< | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, the Fourth Amendment requirements are satisfied for biometric forced decryption purposes. However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause for Fourth Amendment purposes. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near the premises of a searched area. | >
> | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, Fourth Amendment requirements are satisfied for biometric forced decryption. However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near an area that is being searched. | | | Fifth Amendment Protections | |
<
< | However, users may find refuge under the Fifth Amendment, if forced decryption is fond to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled." Barrera , at 835 (N.D. Ill. 2019) (citing Fisher v. United States, 425 U.S. 391, 408 (1976)). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera ; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). Thus, a user can only depend on their jurisdiction's interpretation, and not the Fifth Amendment itself, for Constitutional protections against forced decryption. | >
> | However, users may find refuge under the Fifth Amendment, if forced decryption is fond to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled. Barrera , at 835 (N.D. Ill. 2019). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera ; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). | | | Conclusion | |
<
< | At this point, a user may wonder whether the exclusive use of alphanumerical passcodes is a preferable option over biometric passcodes. While users cannot be forced to testify about their alphanumerical passcodes, due to Fifth Amendment protections, the protection does not extend to warrants or court orders authorizing the users to present a decrypted version of the files on the device. Courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. Some academics have even argued that the government only needs to demonstrate independent knowledge that the person has the passcode. In any case, given the low amount of Constitutional protections some courts have held for biometric protection, an average user may be better off only using alphanumerical passcodes.
This draft accurately summarizes the uncertain state of Fourth Amendment law in the absence of some overarching Supreme Court opinion that would set lower court direction for decades. All of this could have been put in one paragraph, however. Biometric identification is always a bad idea. Any credentials that can never be changed and that are necessarily reused in multiple contexts are poorly designed, to say the least. So it makes not the slightest difference what the legal rules are in deciding whether to use utterly flawed and ultimately self-harming technology. Explaining that clearly would be worth far more to the reader than a rehash of the "don't know, probably doesn't matter" reflection on this one facet of the general 4th amendment failure I spent weeks describing.
| >
> | Biometric passcodes present both technological and legal risks. However, uses who choose to exclusively use alphanumerical passcodes as an alternative should know that there are unique legal issues with such passcodes. For instance, courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. | | |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|
|
KyungjinKimFirstPaper 3 - 23 May 2022 - Main.KyungjinKim
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption | | |
Introduction | |
<
< | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes have exploded in popularity. Biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - are now enabled on more than 71% of all mobile phones. Even while ignoring the numerous security risks in the software, the 85% of Americans who own a smartphone should be worried about the ease with which law enforcement can unlock their smartphones. While law enforcement can only enter alphanumerical passcodes with the users' voluntary cooperation, law enforcement can enter in biometric passcodes through "forced decryption" - pressing the user's fingers on the home button or holding the phone to the user's face. Faced with this possibility, users may believe that there are Constitutional limits against forced decryption, either because people have the right right "to be secure in their persons," or because people cannot be "compelled in any criminal case to be a witness against himself." However, existing caselaw casts serious doubts as to whether either Amendment can offer sufficient protection. | >
> | Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - have exploded in popularity. Today, more than 71% mobile phones have biometric passcodes enabled. However, while devices with alphanumerical passcodes cannot be easily decrypted without the users' voluntary cooperation, biometric passcodes are vulnerable to attacks based on technical exploits, and “forced decryption” by law enforcement – defendants being legally obligated to unlock their devices under a court order. | | | | |
<
< | Fourth Amendment Protections | >
> | Technology Exploits
Apple claims that biometric passcodes are secure because the probability of having adequately identical fingerprints to match fingerprint passcodes is 1 in 50,000, and adequately identical faces is 1 in 1,000,000. However, this statistic is misleading because it only assumes one attack scenario, under which an attacker randomly tries their own face or passcode, hoping that it will unlock. However, a dedicated attacker will be working under two scenarios, one in which the attacker knows the identity of the user of the device, and one in which they do not. | | | | |
<
< | In Riley, the Supreme Court held that the Fourth Amendment does not provide absolute protection from all searches of smartphone data; rather, the Court only held that a warrant is generally required before such a search. Riley v. California, 573 U.S. 373, 401 (2014). Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?" | | | | |
<
< | The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, the Fourth Amendment requirements are satisfied for biometric forced decryption purposes. See, e.g., United States v. Barrera, 415 F. Supp. 3d 832 (N.D. Ill. 2019). However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause for Fourth Amendment purposes. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near the premises of a searched area. | >
> | Fingerprint passcodes are especially vulnerable under the first scenario. Attackers who have two-dimensional scans of fingerprints can print three-dimensional models to fool fingerprint scanners. Two-dimensional scans can easily be obtained by law enforcement, but civilian attackers can also replicate the scans by utilizing photographs of the users hands in which fingerprints are visible. Facial recognition technology are also known to have been vulnerable to attacks utilizing 3D models constructed to look like the user’s face. However, biometric passcodes are vulnerable even under the second scenario. For instance, Apple’s fingerprint id can be fooled because it only checks for partial matches for fingerprints, allowing a “master key” utilizing common parts of fingerprints to be used. Attackers can also utilize several possible bugs. Most importantly, biometric passcodes suffer from the flaw that it cannot be changed, after it is compromised. Because almost all biometric data remains unique for life, attackers would be able to gain access to any biometrically encrypted devices with the compromised passcode. | | | | |
<
< | Fifth Amendment Protections | >
> | Constitutional Protections to Forced Decryption
Biometric passcodes are also susceptible to forced encryption. However, users may believe that there are Constitutional limits against forced decryption, either because people have the right right "to be secure in their persons," or because people cannot be "compelled in any criminal case to be a witness against himself." However, existing caselaw casts serious doubts as to whether either Amendment can offer sufficient protection.
Fourth Amendment Protections
Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?"
The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, the Fourth Amendment requirements are satisfied for biometric forced decryption purposes. However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause for Fourth Amendment purposes. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near the premises of a searched area.
Fifth Amendment Protections | | | However, users may find refuge under the Fifth Amendment, if forced decryption is fond to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled." Barrera , at 835 (N.D. Ill. 2019) (citing Fisher v. United States, 425 U.S. 391, 408 (1976)). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera ; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). Thus, a user can only depend on their jurisdiction's interpretation, and not the Fifth Amendment itself, for Constitutional protections against forced decryption.
Conclusion |
|
|
KyungjinKimFirstPaper 2 - 04 Apr 2022 - Main.EbenMoglen
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption | | | Conclusion
At this point, a user may wonder whether the exclusive use of alphanumerical passcodes is a preferable option over biometric passcodes. While users cannot be forced to testify about their alphanumerical passcodes, due to Fifth Amendment protections, the protection does not extend to warrants or court orders authorizing the users to present a decrypted version of the files on the device. Courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. Some academics have even argued that the government only needs to demonstrate independent knowledge that the person has the passcode. In any case, given the low amount of Constitutional protections some courts have held for biometric protection, an average user may be better off only using alphanumerical passcodes. | |
>
> |
This draft accurately summarizes the uncertain state of Fourth Amendment law in the absence of some overarching Supreme Court opinion that would set lower court direction for decades. All of this could have been put in one paragraph, however. Biometric identification is always a bad idea. Any credentials that can never be changed and that are necessarily reused in multiple contexts are poorly designed, to say the least. So it makes not the slightest difference what the legal rules are in deciding whether to use utterly flawed and ultimately self-harming technology. Explaining that clearly would be worth far more to the reader than a rehash of the "don't know, probably doesn't matter" reflection on this one facet of the general 4th amendment failure I spent weeks describing.
| | |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|
|
KyungjinKimFirstPaper 1 - 11 Mar 2022 - Main.KyungjinKim
|
|
>
> |
| META TOPICPARENT | name="FirstPaper" |
|---|
Biometric Passcodes and the Ease of Forced Decryption
-- By KyungjinKim - 11 Mar 2022
Introduction
Since 2013, when Apple introduced "the first major smartphone to feature a fingerprint scanner," biometric passcodes have exploded in popularity. Biometric passcodes - passcodes utilizing fingerprint or facial recognition technology to unlock devices - are now enabled on more than 71% of all mobile phones. Even while ignoring the numerous security risks in the software, the 85% of Americans who own a smartphone should be worried about the ease with which law enforcement can unlock their smartphones. While law enforcement can only enter alphanumerical passcodes with the users' voluntary cooperation, law enforcement can enter in biometric passcodes through "forced decryption" - pressing the user's fingers on the home button or holding the phone to the user's face. Faced with this possibility, users may believe that there are Constitutional limits against forced decryption, either because people have the right right "to be secure in their persons," or because people cannot be "compelled in any criminal case to be a witness against himself." However, existing caselaw casts serious doubts as to whether either Amendment can offer sufficient protection.
Fourth Amendment Protections
In Riley, the Supreme Court held that the Fourth Amendment does not provide absolute protection from all searches of smartphone data; rather, the Court only held that a warrant is generally required before such a search. Riley v. California, 573 U.S. 373, 401 (2014). Because the Fourth Amendment allows a warrant to be issued upon "probable cause," the subsequent question is ""[w]hat level of cause... the government might need to seize the suspect to enable the biometric access?"
The Fourth Amendment and caselaw agrees that, in a scenario in which 1) the particular devices are specified, 2) the user is specified, 3) there is probable cause for searching the device, and 4) there is probable cause for believing the device belongs to the defendant, the Fourth Amendment requirements are satisfied for biometric forced decryption purposes. See, e.g., United States v. Barrera, 415 F. Supp. 3d 832 (N.D. Ill. 2019). However, while most courts seem to agree that (3) is necessary, they remain heavily split for cases when (1) and (4) are not satisfied. On one hand, some courts have held that a warrant that was not limited to a particular person or a particular device did not demonstrate probable cause for Fourth Amendment purposes. In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019); In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017). On the other hand, some district courts have held that Fourth Amendment requirements were met as long as the procedure was carried out with dispatch in the immediate vicinity of the premises to be searched, the government has reasonable suspicion that the suspect has committed a criminal act that is the subject matter of the warrant, and the government has reasonable supicion that the individual's biometric features will unlock the device. In re Search of, 317 F. Supp. 3d 523, 532-33 (D.D.C. 2018); In re Search Warrant No. 5165, 470 F. Supp. 3d 715, 724 (E.D. Ky. 2020). Consequently, the worst case scenario is that a user will be legally compelled to unlock their devices simply for being near the premises of a searched area.
Fifth Amendment Protections
However, users may find refuge under the Fifth Amendment, if forced decryption is fond to be an act which compel the user to be a witness against himself. Generally, the question is whether providing the biometric passcode is 1) a communication or a communicative act that is 2) testimonial, 3) incriminating and 4) compelled." Barrera , at 835 (N.D. Ill. 2019) (citing Fisher v. United States, 425 U.S. 391, 408 (1976)). For there to be Fifth Amendment protection, all four criterion must be satisfied. However, courts remain divided concerning all the factors. To begin with, some courts hold that providing a biometric passcode is not a communicative act at all, and merely a physical act. In re Search Warrant Application, 279 F. Supp. 3d 800 (N.D. Ill. 2017); In re Search of, 317 F. Supp. 3d 523 (D.D.C. 2018). Courts that hold the provision is a communicative act agree that the provision is incriminating and compelled. However, they are heavily split on whether it is testimonial. Some of the courts have held that, because the biometric key is provision of a physical characteristic and not a communicative testimony, the act is not testimonial. State v. Diamond, 905 N.W.2d 870 (Minn. 2018); Barrera ; In re search of A White Google Pixel 3 Xl Cellphone in a Black Incipio Case, 398 F. Supp. 3d 785 (D. Idaho 2019). Finally, some courts have held that because provision of the key is implicit of the fact that the user owns or controls the content of the phone, the act is testimonial. In re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); In re Search of a Residence in Oakland, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). Thus, a user can only depend on their jurisdiction's interpretation, and not the Fifth Amendment itself, for Constitutional protections against forced decryption.
Conclusion
At this point, a user may wonder whether the exclusive use of alphanumerical passcodes is a preferable option over biometric passcodes. While users cannot be forced to testify about their alphanumerical passcodes, due to Fifth Amendment protections, the protection does not extend to warrants or court orders authorizing the users to present a decrypted version of the files on the device. Courts and academics agree that when the government can provide independent evidence that certain files exist on the encrypted portion of the devices and the defendant can access them, there is no Fifth Amendment protection against a decryption order. Some academics have even argued that the government only needs to demonstrate independent knowledge that the person has the passcode. In any case, given the low amount of Constitutional protections some courts have held for biometric protection, an average user may be better off only using alphanumerical passcodes.
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|
|
|
|
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|