Passwords and PINs require ever more complexity and become difficult to recall. As a result, many people take actions that could give rise to a data security concern: they write them down on a paper near their computer. Thus, there has been a call from many to switch to biometric data, e.g., fingerprints. Apple iPhones, for example, have the capacity to let one log in without entering a PIN, by using a fingerprint, and then that fingerprint can also authenticate apps. [There is a caveat that the PIN must be entered the first time after the phone is restarted.]
Earlier this month, the White House Cybersecurity Czar, Michael Daniel, indicated that the Administration is looking to facilitate the switch to biometrics. Mr. Daniel expressed, though, a concern that Apple encryption by default posed a barrier for law enforcement. His concern, however, might not be well founded.
A Virginia Circuit Court judge has ruled that a warrant could issue to compel a suspect to provide his/her fingerprint to law enforcement to unlock a device. This is distinct from asking for a PIN or Password, which would constitute testimony and run afoul of the 5th Amendment. Biometrics are non-testimonial, the judge ruled.
Thus, rather than securing data, biometrics could, to those entities concerned with governmental intrusion at least, result in exposing data. Companies with BYOD policies and those utilizing such technologies should consider the legal implications of changing to biometrics.