So here's an interesting twist ...
Generally, the government can't force you to provide information you know, and then use it against you. Apparently, forcing folks to incriminate themselves is a slippery slope to state sponsored torture - go figure.
As a result, the state can't compel you to give up passwords or encryption keys. Although it's recently been challenged, and seems to be subject to subtle interpretations of the law, this protection appears to be holding up in court (http://en.wikipedia.org/wiki/Key_disclosure_law#United_States.)
But, if your authentication or encryption key is a biometric (e.g. a fingerprint), all bets are off and the state has every right to force you to give them access. This is despite the fact that the biometric might be more secure from a pure security perspective.
This article talks about that little irony, in the context of Apples new iPhone - which can use one's fingerprints to protect the information on the phone.
http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/
So, being "more secure" from a technical perspective (assuming you buy into single-factor biometric authentication) does not necessarily translate into better protection from legal intrusion. :-)
No comments:
Post a Comment