{"id":2121,"date":"2016-10-18T17:23:02","date_gmt":"2016-10-18T15:23:02","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2121"},"modified":"2016-10-18T17:23:02","modified_gmt":"2016-10-18T15:23:02","slug":"iphone-touchid-doesnt-protect-you-from-the-government","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2121","title":{"rendered":"iPhone TouchID doesn\u2019t protect you from the government"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright  wp-image-2122\" src=\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/10\/fingerprint-213x300.png\" alt=\"Fingerprint\" width=\"108\" height=\"152\" srcset=\"https:\/\/ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/10\/fingerprint-213x300.png 213w, https:\/\/ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/10\/fingerprint.png 542w\" sizes=\"auto, (max-width: 108px) 85vw, 108px\" \/>It\u2019s a common belief that <a href=\"http:\/\/www.apple.com\">Apple<\/a> has gone to extraordinary lengths to protect individuals\u2019 privacy through mechanisms such as Touch ID, but what are its limits?\u00a0 Today <a href=\"http:\/\/www.forbes.com\/sites\/thomasbrewster\/2016\/10\/16\/doj-demands-mass-fingerprint-seizure-to-open-iphones\/#159cfc5b8d9d\">Forbes reported<\/a> that a <a href=\"https:\/\/www.justice.gov\/usao\/district\/cdca\">U.S. attorney<\/a> was able to get a warrant for the fingerprints of everyone at a particular residence for the express purpose of unlocking iPhones.<\/p>\n<p>Putting aside the shocking breadth of the warrant, suppose you want to resist granting access to an iPhone.\u00a0 It is not that hard for someone to force your finger onto a phone.\u00a0 It is quite a different matter for someone to force a password out of your head.\u00a0 Apple has gone to some lengths to limit certain forms of attack.\u00a0 For instance, the Touch ID generally will <a href=\"https:\/\/www.engadget.com\/2013\/09\/16\/why-a-disembodied-finger-cant-be-used-to-unlock-the-touch-id-se\/\">not authenticate<\/a> a severed finger, nor will it authenticate a fingerprint copy.\u00a0 Also, Apple doesn\u2019t actually store fingerprint images, but rather <a href=\"http:\/\/www.cnn.com\/2013\/09\/13\/opinion\/apple-iphone-fingerprint-privacy-opinion\/\">hashes<\/a> of the information used to collect fingerprints.\u00a0 Note that if the hashing method is known, then the hash itself is sensitive.<\/p>\n<p>For those who care, the question is what length someone is likely to go to gain access to a phone.\u00a0 Were someone holding a gun to my head and demanding access to my phone, unless it meant harming my family, I&#8217;d probably give them the information they wanted.\u00a0 Short of that, however, I might resist, at least long enough to get to have my day in court.\u00a0 If that would be your approach, then you might want to skip Touch ID, lest someone simply gets rough with you to get your fingerprint.\u00a0 The problem is that Touch ID cannot currently be required\u00a0 in combination with a pass code on iPhones and iPads.\u00a0 Either suffices.\u00a0 And this goes against the a basic concept of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\">two-factor authentication<\/a>.\u00a0 Combine something you have, like a fingerprint, with something you know, like a pass code.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s a common belief that Apple has gone to extraordinary lengths to protect individuals\u2019 privacy through mechanisms such as Touch ID, but what are its limits?\u00a0 Today Forbes reported that a U.S. attorney was able to get a warrant for the fingerprints of everyone at a particular residence for the express purpose of unlocking iPhones. &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=2121\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;iPhone TouchID doesn\u2019t protect you from the government&#8221;<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,9],"tags":[76,496,548,549,550],"class_list":["post-2121","post","type-post","status-publish","format-standard","hentry","category-internet-consumer-identity","category-security","tag-iphone","tag-security","tag-touch-id","tag-two-factor-authentication","tag-warrant"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2121"}],"version-history":[{"count":1,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2121\/revisions"}],"predecessor-version":[{"id":2123,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2121\/revisions\/2123"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}