Tag Archives: biometric

Feds Force Suspect To Unlock An Apple iPhone X With Their Face

Posted on by

Cops tell a child abuse suspect to unlock their iPhone with their face. It’s the first time since the iPhone X launched that any cop has used Face ID to force an iOS device open.

Source: Feds Force Suspect To Unlock An Apple iPhone X With Their Face

First came multiple cases in which suspects were told to unlock iPhones with their fingerprints, via Apple’s Touch ID biometric login. The same technique was then used on dead subjects. Earlier this year, this publication uncloaked GrayKey, a $15,000-$30,000 tool that could break through the passcodes of the latest iOS models, including the iPhone X. Another contractor, Israel’s Cellebrite, announced similar services.

American cops now have boiler plate language for using Apple’s Touch ID and Face ID to unlock iPhones.

…it may be more difficult for defendants to argue their face is a piece of knowledge protected by the Fifth, than it is for fingers. “Arguably if law enforcement says use your finger to unlock, the knowledge of which finger [will unlock an iPhone] is still an item of knowledge being produced by the individual,” Jennings explained. “Whereas with Face ID, by design it will only unlock with a very specific and obvious and body part.”

In modern iPhones, to hook the cellphone up to a computer and transfer files or data between the two, the passcode is required if the device has been locked for an hour or more. And forensic technologies, which can draw out far more information at speed than can be done manually, need the iPhone to connect to a computer.

Beyond the passcode, thanks to a feature called SOS mode, it’s possible to shut down Face ID and Touch ID with five quick clicks of the power button in older iPhones. In the iPhone 8 and X, the same is achieved by holding the side button and one of the volume buttons. And if the device hasn’t been opened within 48 hours, a passcode is required to open it again.

“Additionally, a long and unique alphanumeric passcode will prevent any forensic imaging attempts from decrypting your phone’s data,” said Ryan Stortz, a security researcher at Trail of Bits. “However, SOS won’t save you if the feds distract you and seize your phone out of your hand.”

(Emphasis mine.)

Aspects of Aadhaar, India’s biometric ID, struck down as unconstitutional.

Posted on by
Reply

aadhaar-1537929142.jpeghttps://www.livelaw.in/breaking-sections-33247-national-security-exception-gone-private-entities-cannot-demand-aadhaar-data/ (Includes full text of the decision.)

Sections 33(2),47 & 57 Of Aadhaar Act Struck Down; National Security Exception Gone; Private Entities Cannot Demand Aadhaar Data [Read Judgment] | Live Law

Among the aspects that were ruled unconstitutional:

  • Disclosure of information “in the interest of national security” without authorization from a Joint Secretary or higher ranking officer and a Judicial Officer.
  • Permitting private entities to use Aadhaar for authenticating their users/customers.
  • Disclosure of an individual’s information without providing the individual an opportunity to challenge the order.

The court further held that Section 139AA of the Income Tax Act, 1961 is not violative of right to privacy as it satisfies the triple test (I) existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’,

However, the bench held that the move of mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality. It has been also held that Mandatory linking of mobile number with Aadhaar is held to be illegal and unconstitutional as it is not backed by any law.

Justice D.Y. Chandrachud wrote a strong dissent (includes the full text of the dissent) to the ruling’s upholding of the Aadhaar Act’s constitutionality. The bill was passed by classifying it as one that could bypass Rajya Sabha, the Upper House of the Parliament.

“The passing Aadhaar Act as money bill is a fraud on the constitution”, Justice Chandrachud observed. The decision of Speaker to classify a bill as money bill is amenable to judicial review. The judgment also highlighted the importance of Rajya Sabha in passing laws.

“If a constitution has to survive political aggrandizement, notions of power and authority must give compliance to rule of law.”, he observed in his dissenting judgment.

Justice Chandrachud deemed the entire Aadhaar project to be unconstitutional.

“Constitutional guarantees cannot be compromised by vicissitudes of technology”, he observed.

Section 57 of the Act was held to be violating Articles 14 and 21 of the Constitution. Allowing private enterprise to use Aadhaar numbers will lead to exploitation of data.

Holding that Aadhaar had potential for surveillance, it was stated that the architecture posed risk on potential violation of leakage of database. Source code is of foreign corporation. “The data must all the time vest with the individual”, said the judgment. It was held that many provisions of Aadhaar Act provide for invasive collection of biometric data.