Date: Thu, 15 Dec 2016 22:15:36 +0100 From: Per Thorsheim <per@...rsheim.net> To: passwords@...ts.openwall.com Subject: Forced biometric device unlock Story in Norwegian: http://www.vg.no/nyheter/innenriks/solberg-regjeringen/naa-kan-det-bli-lov-aa-aapne-mobilen-din-med-tvang/a/23874034/ Norwegian supreme court made a decision earlier this year that our police cannot force anyone to unlock any device using their biometric features (fingerprint, palm vein pattern, iris scans, behavioral biometrics etc). A new suggested law will make this legal. While I haven't seen any text yet that defines use of physical force in this case, I'm sort of waiting to see what happens there. For most democratic countries (?) I assume that there's a law protecting citizens from having to give up any knowledge they've got in their head, like passwords, pins etc., because doing so could be self-incrimination. I fully agree with the statements from our privacy commissioner & a lawyer in this story. The police can do extensive bodily inspections of a suspect, so collecting fingerprints for the purpose of unlocking or using force to unlock a device makes sense. Although I am very curious about where the definition of "force" will be set in order to unlock using fingerprints, palm vein patterns, iris scans, voice and similar. On the other hand they still can't force you to surrender your password in Norway, as that could be self-incrimination. ** PASSWORDS WIN ** (In the UK, as one example, refusing to give up your password, pin or similar is punishable with up to 2 years in prison.) -- Best regards, Per Thorsheim CISA, CISM, CISSP, ISSAP Founder of PasswordsCon.org Phone: +47 90 99 92 59 (Use Signal!) Twitter: @thorsheim
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.