There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint. Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).
While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints.
Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).
Biometric authentication may make it easier for normal, everyday users to protect the data on their phones. But as wonderful as technological innovation is, it sometimes creates unintended consequences — including legal ones. If Apple’s move leads us to abandon knowledge-based authentication altogether, we risk inadvertently undermining the legal rights we currently enjoy under the Fifth Amendment.
Here’s an easy fix: give users the option to unlock their phones with a fingerprint plus something the user knows.