There was plenty of discussion about how Apple’s new fingerprint ID biometric system on the new iPhones might help the NSA build a giant database of fingerprints, but others quickly pointed out how unlikely that was. Some have even argued that it could lead to greater privacy protection (though, others are reasonably concerned since you can’t "change" your fingerprint if someone figures out a way to hack it — and fingerprint readers have been hacked many times in the past).
However, there are additional concerns, such as how relying on fingerprint scans over passwords might remove your ability to use the 5th Amendment to protect your private data. As we’ve discussed a few times, while not all courts agree, some have ruled that you can’t be forced to give up your passwords to unencrypt your data, because it could be seen as a 5th Amendment violation of self-incrimination. However, with a fingerprint, the issue is slightly different than with a password. As the EFF’s Marcia Hoffman explains:
The privilege against self-incrimination is an important check on the government’s ability to collect evidence directly from a witness. The Supreme Court has made it clear that the Fifth Amendment broadly applies not only during a criminal prosecution, but also to any other proceeding “civil or criminal, formal or informal,” where answers might tend to incriminate us. It’s a constitutional guarantee deeply rooted in English law dating back to the 1600s, when it was used to protect people from being tortured by inquisitors to force them to divulge information that could be used against them.
For the privilege to apply, however, the government must try to compel a person to make a “testimonial” statement that would tend to incriminate him or her. When a person has a valid privilege against self-incrimination, nobody — not even a judge — can force the witness to give that information to the government.
But a communication is “testimonial” only when it reveals the contents of your mind. We can’t invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. Why? Because the courts have decided that this evidence doesn’t reveal anything you know. It’s not testimonial.
It does seem odd that a simple switch from a password to a fingerprint could have constitutional implications, but welcome to the world where the law and the technology don’t always match up perfectly together.