Touch ID and Face ID area great. We like them, and we use them. But they’re convenience features, not security features, and you have fewer legal protections when using them in the US. When necessary, you can temporarily disable them.
This also applies to Android phones with fingerprint sensors, iris scans, or other biometric features.
With Face ID, merely looking at your phone (and making eye contact) from three or four feet away will unlock it. Someone can hold up your phone from across a table and, when you look at it, you’ve now unlocked your phone for that person.
As Ars Technica points out, this would provide a way for pushy border guards to unlock your phone and go through its contents. Border guards could already try to compel you to unlock your phone, but this makes it quick and trivial. The US border is considered a special place where many typical protections you’d have against search and seizure don’t apply.
While Ars highlights the risk at the US border, this technique could also be used at many, many other countries’ borders. Anyone traveling internationally should take the risk seriously. You don’t necessarily want to make it easy for border guards to dig through the wealth of personal information available via your phone.
In the USA, the situation with Touch ID and Face ID is even weirder than you might expect. US courts have ruled that law enforcement can compel you to provide a fingerprint or look at your phone to unlock it. However, law enforcement cannot legally compel you to unlock your phone if you use a passcode, PIN, or password.
In other words, US courts have said the Fifth Amendment of the constitution protects you from being forced to unlock your phone when you use a PIN, but not when you use a fingerprint, your face, or other biometric data. The Fifth Amendment protects you from being forced to incriminate yourself, but a PIN is considered information you know while your biometrics are considered physical evidence you can be compelled to provide. More specifically, a fingerprint is not considered “testimonial communication,” whereas a PIN or password is.
While we’re referring to Touch ID and Face ID here, the same applies to fingerprint and face unlock on Android. You can’t be compelled to disclose information you know (like a passcode), but you can be compelled to take an action (like providing your fingerprint, face, or other biometrics.)
The problem isn’t just limited to legal issues with the government. It’s easy to picture situations where a fingerprint or face unlock is worse:
Then again, even a strong passcode isn’t necessarily super secure if you use it all the time. One study found that the average American checks their phone 80 times a day. Now, if you’re unlocking your phone that many times per day with a PIN, you’re often doing it in public. Are you sure no one ever sees you type your PIN?
Someone who wants your PIN could probably “shoulder surf” you—literally, peek over your shoulder to watch you tapping it—and they’d know your PIN.
You don’t necessarily have to disable Touch ID or Face ID entirely. They’re convenience features, and that’s fine. They’re useful, and we use them. But be aware that you’re giving something up—in the US, that’s your Fifth Amendment protections against unlocking your phone.
However, there are ways to temporarily disable Touch ID, Face ID, or the Android equivalents. For example, you might want to temporarily disable Touch ID or Face ID when going through an international border or when dealing with law enforcement. There are a few ways to do this:
If you’re concerned about this, you can also just disable Touch ID, Face ID, or Android fingerprint unlock and always unlock your phone with a PIN or password.
However, let’s be honest: You’ll have to type your PIN every time you unlock your phone, so someone will probably be able to spot your PIN by glancing over your shoulder.
We think most people should use Face ID or Touch ID. However, you should know the risks. If you’re about to be in a situation where Face ID or Touch ID seems a little risky, it’s a good time to disable it and rely on a PIN temporarily.