iPhone Unlocked By Fingerprint Because Of A Warrant From The LAPD

While we were so focused on the Apple Vs FBI court battle that was going on, it would seem that the FBI were up to their usual tricks. I refer to the first known case where a user was made to unlock their iPhone by fingerprint because of a warrant.

The court case was overseen by a Virginia Beach Circuit Court Judge who agreed that David Charles Baust could not be forced to hand over his iPhones passcode. The judge did say he could be compelled to supply his biometric information to unlock the device, though, a measure that seems very similar in its outcome.

The warrant issued allowed an LAPD agent to visit the premises of Baust and a Paytsar Bkchadzhyan and acquire a fingerprint for the purposes of unlocking the iPhone, a trick that can be mimicked with something as simple as Play-Doh. The warrant contains the line “Law enforcement personnel are authorized to depress the fingerprints and/or thumbprints of the person covered by this warrant onto the Touch ID sensor of the Apple iPhone seized… on 25 February”. The inventory of the property taken in the search doesn’t even help narrow down what they searched for, as they state “PAYTSAR BKCHADZHYAN – FINGERPRINT ON IPHONE DEVICE”, a rather ambiguous term when keeping track of something.

The fingerprint didn’t help as after 48 hours of not unlocking your iPhone with touch ID requires that you enter your passcode anyway, a piece of information that the Judge had already ruled out being forced from the suspect.

This could have repercussions, such as in the case where a person from England is being asked to unlock his device over a case that could see him tried in America, where you could be seen as providing evidence against yourself by providing something like your biometric information or passwords. These are all protected in America under the fifth amendment, the right to not incriminate yourself.

Facebook Is Sued (Again) This Time For Storing a Billion Face Prints

Facebook’s business model is a paradox for consumers who yearn for privacy yet share their selfies, intimate images and sometimes bizarre postings within its borders. How much privacy would you expect from a company built on making a substantial profit from your data? Facebook has decided to push the storage of your information even further and has subsequently been handed a class action complaint over consumer biometric retention.

So what and who, have Facebook violated this time? According to the filed complaint, Facebook “has created, collected and stored over a billion ‘face templates’ (or ‘face prints’)”, which, ostensibly, are as uniquely identifiable as fingerprints. These have been gathered “from over a billion individuals, millions of whom reside in the State of Illinois”. It is alleged that by harvesting this sensitive data, Mark Zuckerberg is in violation of the state of Illinois Biometric Information Privacy Act (BIPA), which was passed by the state legislature in 2008.

Now for the punchline, as noted in the complaint, under BIPA a private entity such as Facebook is prohibited from obtaining or possessing an individual’s biometrics unless it achieves suitable consent, which is constituted by the following:

  • Informing that person in writing that biometric identifiers or information will be collected or stored
  • Informing that person in writing of the specific purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used
  • Receiving a written release from the person for the collection of his or her biometric identifiers or information
  • Publishing publicly available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information

The group of plaintiffs state that they have not and never had a Facebook account, but their images were uploaded onto the site which resulted in the creation of a biometric template which was then stored by Facebook..

It’s difficult to imagine the social networking giant complying with the current legal and acceptable definitions enshrined in law. If Facebook loses this case then it would effectively open the door to millions of possible claimants who would seek damages for breaches of privacy. This stand-off is very much a .com terms and conditions VS real world laws and consequences, Facebook will no doubt argue that consumers shared this information voluntarily regardless of who actually shared it for the corporation to handle as they wish, one thing is certain; the outcome could pinpoint the paths which define consumer protection in the face of a growing will to collect more and more info by large corporations.

Who owns your image once it’s uploaded onto Facebook or any other site?

Thank you theregister for providing us with this information

Image courtesy of 1en

Windows 10’s Facial Recognition Can Distinguish Between Identical Twins

Windows Hello is Microsoft’s integrated biometric reading system exclusive to Windows 10 and it adds an enhanced layer of security. Instead of inserting a password or pin, Windows employs photographic analysis with heat and depth detection to accurately judge a person’s facial features. This is possible using devices which contain Intel’s RealSense camera.

The Australian decided to test Windows’ biometric scanning by selecting a number of identical twins. During the procedure, each twin’s photo was registered to a unique account and tried to login through facial recognition. Unbelievably, there wasn’t a single instance of a twin being logged into the wrong account and Windows managed to perfectly distinguish between twins. As a result, it’s extremely secure and virtually impossible to bypass this system. One could argue it’s a much safer way of encrypting data than traditional passwords.

Additionally, security experts often advise users to have a multitude of passwords for different services. This means it can be a chore remembering individual keys and some websites have their own rule-sets. For example, my phone carrier password requires a capital letter, at least 1 number and a symbol. However, privacy advocates may be concerned about the scanning data. Does Microsoft retain previous scans to ensure improved security?

Personally, it’s not something I would use but I’m astounded by the accuracy of Windows Hello which could easily replace the need for passwords in the future.

Thank you The Australian for providing us with this information.

FIDO United! More Backers Emerge for Removing Passwords

Everything you do online, and sometimes offline relies on you remember a string of characters, numbers and even symbols sometimes. These can be anything from your pet name, to something randomly generated by a program you’ve downloaded or even made yourself. These come with two down sides; first you have to create something which other people can’t easily guess, find or generate. The second, however, is remembering them, with a long combination spanning from the left-hand side to your right-hand side of your keyboard the problem quickly becomes “shoot did I put that as a capital or not?”. FIDO hopes to do away with that.

FIDO stands for Fast IDentity Online. They were formed in 2012 as a non-profit focused on addressing the issue of online authentication, how someone gives permission and proves they should be allowed to, for any action you do online. With technology ranging from fingerprints to turning keys and phones into ‘keys’ for your computer, FIDO hopes to bring together the different technologies and companies to provide easy access to everyone for online authentication. One of these methods is the USB key lock, designed to replace the two-factor authentication (when after the initial request to do something, you receive a text with a code to state that it was you that requested the action) used by Google.

It would seem that not only large companies are interested in the idea though, with the likes of Google, Microsoft and Apple being joined now by the UK’s Office of the Cabinet and the US’s National Institute of Standards and Technology. With the government bodies now taking part in FIDO, they will have an impact on how steps are taken to allow fast, password-less authentication online.

Everyone is annoyed by passwords on the odd occasion, and the concept behind easy to use authentication would save a lot of people a lot of hassle, especially when you find out your account’s have been hacked (something biometric security measures are looking to reduce) and you’ve lost access to your level 80 Warlock Sharman.

Thank you Engadget for the information.

Image courtesy of Shutterstock.

MWC: Qualcomm Unviels Ultrasonic Fingerprint Scanner

At Mobile World Congress, Qualcomm is showing off Sense ID, a new technology that brings ultrasonic fingerprint scanning to mobile devices. The main advantage of ultrasonic fingerprint scanning is that because it uses sound waves, it doesn’t require direct contact with your finger. This means the ultrasonic sensor can be underneath the device’s front cover glass or potentially underneath the display itself. Now fingerprint scanners aren’t breaking news in the mobile market. Previous iterations include the iPhone 5S with Touch ID. This system, along with all current scanners, require physical interaction with the scanner; pretty annoying if it’s cold and you have gloves on. Golves are a pretty extreme example, the scanner could be made unusable by even water, lotion or dirt; so dry clean hands all round.

This new ultrasonic scanner uses high-frequency sound waves to scan your finger, penetrating relatively large obstacles, like the aforementioned gloves scenario. This scanner uses similar technology to that in the medical sector, just not as powerful, yet. This means that the scanner could potentially scan deeper than just the top layer of skin and retrieve even more biometric data.

“At Mobile World Congress, Qualcomm is showing off a prototype smartphone with Sense ID beneath the front cover glass. When I asked whether Sense ID could be placed beneath the display—so that you could scan your finger by simply placing it on the screen, just like in all the movies—I got a noncommittal response that is best transcribed as “I don’t see why not.””

Now Qualcomm can’t take all the credit here, back in 2013 the company acquired Ultra-Scan; who already had a similar technology developed for use by the US government. Now that may sound a little alarming, the US government seem to want to harvest as much data as possible, but Qualcomm has made clear that your biometric data is secured to the device via its hardware-level SecureMSM tech; no cloud data snatching here.

Sense ID is compatible with all recent Snapdragon SoCs, including the upcoming Snapdragon 820, but there aren’t any immediate products being released with this technology, the earliest indication is Q3 2015.

Thanks to ArsTechnica for supplying this information.

Quixter Shows How Your Palm Can One Day Replace A Credit Card

Quixter, created by engineering student Fredrik Leifland at Lund University, aims to replace the standard method of  paying at your local retailer by removing the need for a card or device completely. Instead it uses your palm and a phone number. NFC was aimed to speed things up by allowing you to just wave a device over a machine. But there’s still a lack of NFC-enabled devices on the market and it still requires a device be present.

The technology works by integrating a biometric scanner into the payment device. Then, once signed up, the user can pay simply by allowing their palm to be scanned for a couple of seconds and then entering the last four digits of their phone number. It’s secure because every vein pattern in a hand is unique. It’s also very convenient as you aren’t fumbling in your pocket for the thing that allows you to pay.

Quixter is only working as a system at Lund University right now with 1,600 users. It’s possible that it may expand into the consumer space, but for now NFC looks like the safer bet.

[youtube]https://www.youtube.com/watch?v=s1fJLZAtD2Q[/youtube]

Thank you to Tech Crunch for providing us with this information.