Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 15 Dec 2016 22:15:36 +0100
From: Per Thorsheim <per@...rsheim.net>
To: passwords@...ts.openwall.com
Subject: Forced biometric device unlock

Story in Norwegian:
http://www.vg.no/nyheter/innenriks/solberg-regjeringen/naa-kan-det-bli-lov-aa-aapne-mobilen-din-med-tvang/a/23874034/

Norwegian supreme court made a decision earlier this year that our
police cannot force anyone to unlock any device using their biometric
features (fingerprint, palm vein pattern, iris scans, behavioral
biometrics etc). A new suggested law will make this legal. While I
haven't seen any text yet that defines use of physical force in this
case, I'm sort of waiting to see what happens there.

For most democratic countries (?) I assume that there's a law protecting
citizens from having to give up any knowledge they've got in their head,
like passwords, pins etc., because doing so could be self-incrimination.

I fully agree with the statements from our privacy commissioner & a
lawyer in this story. The police can do extensive bodily inspections of
a suspect, so collecting fingerprints for the purpose of unlocking or
using force to unlock a device makes sense. Although I am very curious
about where the definition of "force" will be set in order to unlock
using fingerprints, palm vein patterns, iris scans, voice and similar.

On the other hand they still can't force you to surrender your password
in Norway, as that could be self-incrimination. ** PASSWORDS WIN **

(In the UK, as one example, refusing to give up your password, pin or
similar is punishable with up to 2 years in prison.)
-- 
Best regards,
Per Thorsheim
CISA, CISM, CISSP, ISSAP
Founder of PasswordsCon.org
Phone: +47 90 99 92 59 (Use Signal!)
Twitter: @thorsheim

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ