By making the distinction between a physical artifact and knowledge, Frucci seems to have let slip away the really simple question at issue: Does law enforcement have the right to see the contents of that phone? The judge must weigh the information sought, the crime involved and the privacy issues at stake. If the judge thinks law enforcement does have that right, the form of the password used should make no difference.
Somehow, he let that fingerprint mean something it doesn't. No one at this point is questioning the right of the police to force the people they book at the station to provide their fingerprints. But that situation has nothing in common with being forced to use your fingerprint to unlock your phone for the police. In the latter case, you're not really providing your fingerprint; you're providing your PIN, that "knowledge" that, were it a string of numbers, would be kept in your head instead of at the tip of your finger. Most privacy advocates would find appalling the idea of injecting a suspect with sodium pentothal -- the so-called truth serum -- to get a confession or, in this case, a password. It's forcing a person to do something that he would never willingly consent to doing. How is that different from three police officers holding a suspect down and forcing his finger to be scanned by his iPhone?
As a journalist, I am especially bothered by this decision. Journalists have a duty to keep the identity of confidential sources a secret and not to reveal confidential information. I have been subpoenaed twice in state courts and once in a federal court to testify about what sources told me for various stories. I legally beat all of those subpoenas and never had to reveal anything. But the notes I was protecting were printouts that I kept locked away in a safe and undisclosed place. This all happened years ago, before the age of the smartphone. What if it happened today and my notes were on my iPhone? There wouldn't even be a need for a subpoena if the police could force me to open my phone with my finger and then testify to what they saw.
I recognize, too, that such fears aren't the exclusive domain of journalists. A criminal defense attorney could have confidential client emails and documents on her phone. If she is stopped for some minor infraction, and her phone can be unlocked with her fingerprint, a lot of very sensitive material that's irrelevant to her infraction could become visible to eyes that shouldn't see that stuff.
By the way, I do think there are times when law enforcement should get access to a suspect's phone. Terrorism and child kidnapping come to mind -- cases where lives are at stake. But you can allow for that without a blanket ruling saying that a fingerprint lock-out is worthless.
What I'd like to see is for the law to catch up with the 21st century. Meanwhile, if you are locking your phone with your fingerprint, you might want to add a PIN to that as well.
Sign up for Computerworld eNewsletters.