If you read the Bill of Rights; which really is a bill of temporary privileges, all of which appear to have expired; you might get the impression that you have some kind of right against self-incrimination. At least that’s what a plain reading of the Fifth Amendment would lead one to believe. But self-incrimination means whatever the man in the muumuu says it means. In Minnesota one of those muumuu clad men decided that being compelled to provide the cryptographic key that unlocks your phone isn’t protected under the Fifth Amendment:
The Minnesota Court of Appeals ruled Tuesday that a judge’s order requiring a man to provide a fingerprint to unlock his cellphone was constitutional, a finding that is in line with similar rulings across the U.S.
What does this mean for us Minnesotans? It means that the first thing you should do in a police encounter is deauthorize your fingerprint reader. How do you do that? I’m not familiar enough with the various Android devices to know how they handle fingerprint readers. On the iPhone rebooting the phone will deauthorize the fingerprint reader until the password is entered. So iPhone users should hold down their home and lock buttons (or volume down and lock buttons if you’re using an iPhone 7) for a few seconds. That will cause the phone to reboot. If the phone is confiscated the fingerprint reader won’t unlock the phone so even if you’re compelled to press your finger against the sensor it won’t be an act of self-incrimination.
Why do I say deauthorize your fingerprint reader during a police encounter instead of disabled it entirely? Because disabling the fingerprint reader encourages most people to reduce their security by using a simple password or PIN to unlock their phone. And I understand that mentality. Phones are devices that get unlocked numerous times per day. Having to enter a complex password on a crappy touchscreen keyboard dozens of times per day isn’t appealing. Fingerprint readers offer a compromise. You can have a complex password but you only have to enter it after rebooting the phone or after not unlocking the phone for 48 hours. Otherwise you just press your finger to the reader to unlock your phone. So enabling the fingerprint reader is a feasible way to encourage people to use a strong password, which offers far better overall security (PINs can be brute forced with relative ease and Android’s unlock patterns aren’t all that much better).