Our Fingerprints Are Portals Into Our Digital Lives — But the Laws Haven't Caught Up


Your fingerprint can do more than unlock your phone. In just a few years, the tips of your phalanges may be the most powerful, speedy and safe tool to protect and access a trove of personal data. 

It's the master key to the safe of your private life. And there's nothing stopping police from taking it.

Constitutional law hasn't yet caught up with the state of modern technology, experts say, and police are taking increasingly extreme measures to access our fingerprints — going as far as asking a 3-D printing lab in Michigan to print a finger capable of unlocking a dead victim's phone. 

In each case, law enforcement attempted to obtain a fingerprint to unlock a phone without a uniform, legal approach to procuring it. There's no guidebook, no set protocol.

It's simple: The law needs to catch up. The protection of our photos, emails, banking info, texts and sexts depends on it. 


Our current laws are an outdated mess.

Let's say you were accused of petty theft, stealing a $300 coat from a store in your neighborhood. The police need to prove that you conspired with your roommate to lift it, so they try to gain access to your texts. They also believe you took selfies in the coat, so they need access to your camera roll. Your iPhone is locked with a passcode and your fingerprint. What laws protect your private information and prevent the legal system from using your fingers against you?

First of all, there's the Fourth Amendment, which protects against unlawful search and seizure. The problem is, according to Yana Welinder, a nonresidential fellow at Stanford Center for Internet and Society and affiliate at Harvard's Berkman Klein Center for Internet and Society, courts don't know how to handle fingerprints. "Fourth Amendment protection is currently seriously out of touch with [the] latest technology," Welinder said. 

Then there's the Fifth Amendment, which makes sure you can't testify against yourself in a criminal case. Here, though, judges struggle to apply the amendment to "non-testimonial situations," Welinder said.

"Law enforcement often has legitimate reasons for needing this kind of data, but the scale and fidelity of this kind of data goes well beyond anything else we've ever had," Jason Hong, associate professor of computer science and CyLab at Carnegie Mellon University said in an email. 

Originally, lawmakers "were envisioning the needs of the FBI, law enforcement and government entities who need your fingerprints," explained Emma Garrison-Alexander, vice dean of cybersecurity and information assurance at University of Maryland University College. "The context for which those laws were created were very different than how our passcode and fingerprints are being used today." 

What we need instead: "A legal framework for dealing with these issues are important and that would govern exactly how a process of that nature would actually work," said Garrison-Alexander. "It's not an answer around right or wrong, it's about having a legal framework — what is the legal standing for taking an action like that? It shouldn't be left nebulous or unaddressed. It should be deliberately addressed."


How biometrics could revolutionize criminal law

Biometric authentication is the practice of using a human characteristic like fingerprints or the iris of the eye to verify your identity and secure your device. The technology is becoming more and more popular.

To help lawmakers stay in touch with tech, Electronic Frontier Foundation staff attorney Andrew Crocker thinks the Fifth Amendment needs to not only protect against forced decryption using a passcode, but also our fingerprints, which both have the potential to provide one with the same personal information. 

"The law as whole should not freeze in time and ignore the realities of how people protect their private information in today's world, including using fingerprints and other biometrics to protect their devices," Crocker said in an email. "These methods provide significant benefits, both for individual users and society. As a result, the law should adapt and protect these methods as the equivalent to using a traditional password to protect data." 

To accomplish laws that aren't antiquated and take into consideration the sweeping infiltration of our fingerprints in our digital lives, Garrison-Alexander believes there needs to be a partnership among the government and leading tech manufacturers.

"How do we solve this dilemma?" Garrison-Alexander said. "The prominent leaders in the marketplace as well as those in government should be a part of the solution. I don't think we get there without that partnership."


Apple claims privacy is a core value — so let's see it take a stand on this issue. 

Remember Apple's public feud with the FBI this year? The FBI wanted Apple to build a backdoor for them to get into the San Bernardino gunman's iPhone. Apple said hell no, citing a major breach in privacy. 

"We did not expect to be in this position — at odds with our own government," Cook said in March. "But we believe strongly that we have a responsibility to help you protect your data and protect your privacy. We owe it to our customers and we owe it to our country."

But Garrison-Alexander and cybersecurity experts believe that in order to successfully drive laws forward without stifling progress and innovation, tech leaders — such as those at Apple, Samsung and Google — need to work alongside lawmakers, proving to us what making privacy a core value to them really means. And soon. 

By 2019, there may be more than 500 million biometric scanners in use around the world. Hopefully the laws can catch up.