I feel like the author of this article is missing the whole point of Fingerprint ID.
The feature is meant to make using an iPhone more secure for those of us who tend to leave our phones unlocked and PIN-free.
If you're storing anything of value on your phone, the existing password-based and PIN-based lock mechanisms aren't going away any time soon. If nothing else, it'd break too many organizations' Active Directory configurations.
You're in court. You refuse to admit/verify the accusation that you were in the vicinity of the deceased's home. Cell phone records, dutifully recorded and reported under warrant from NSA...er...ATT, show your phone - which you are known to carry pretty much everywhere - was in that vicinity at the crime's time. You contend that does not constitute evidence. The phone is acquired, bailiff places your finger on your Fingerprint-ID-secured phone, phone unlocks, evidence thereon shows activity during that period. So much for your 5th Amendment right against self-incrimination.
Most users don't care that their phone could be used against them in a court case. Maybe they should, but they don't, and pretending Fingerprint ID should be a form of two-factor authentication for your phones is silly. If users cared, they could use a passcode and the fifth amendment to protect them. It is far more likely for the average user to lose their phone by dropping it somewhere outside.
At this time, we can't even get most users to use one-factor authentication. Hell, the mass media perpetuates feel-good stories where kids use an unlocked lost phone to return it to their owners[0], so even with this technology you'll have a hell of a time convincing people to lock their phone with even a 4-digit PIN.
Stallman et al. have been telling us "your closed-source phone is spying on you" for years now, and it's clear that the education hurdle is far bigger than "fingerprints are self-incriminating". Just look the first half of the byline for [1] -- "The boy addicted to porn; the girl who let herself be sexually assaulted to get her BlackBerry back".
If the phone wasn't password-protected (or fingerprint-protected) at all, the story would be the same except you could skip the "bailiff places your finger..." step.
I have been a juror on a criminal case that relied heavily on phone records. There was no fingerprint system involved, and yet it was clear beyond reasonable doubt that the phone belonged to the defendant.
The phone company can testify that the phone corresponds to a given cell number. Other people can testify that they spoke to the defendant on that number. No one piece of evidence exists in a vacuum; all the pieces of evidence combine to paint a picture.
Sure you could try to lie by making up stories about how the phone wasn't really yours, but it's hard to get all the other evidence to line up with a lie. This is a GOOD thing; the protection against self-incrimination isn't intended to help people get away with murder, it's intended to protect the accused from being compelled to help the government prosecute them.
I'm not contending the "wasn't really yours" point. Phones get stolen, misplaced, left behind, etc. with enough frequency that "it's your phone and it registered/triangulated with this position" may be strong circumstantial evidence but still isn't proof. That it was used in a manner requiring your finger (still attached to your body) does.
Don't get me wrong, I'm with you on protecting the accused from compulsion to self-incrimination. Just observing that the fingerprint sensor, coupled with the enormous data being collected on/about the device, isn't helping 5th Amendment rights.
Since it's trivial to show whether or not that is true, I would not advise making such a thing. It is highly inadvisable to lie to the police or courts.
The evidence used to prove when you bought the phone would also likely be used to demonstrate that you own the phone. I don't think the fact that your fingerprint unlocks the phone found in your pocket at the time of arrest is likely to be the jury's determining factor in deciding whether that phone belongs to you.
So don't use fingerprint ID. It's pretty simple really. Or don't carry your phone when you commit crimes. Everybody knows that. Use a burner phone and leave your iPhone in your lair. The paranoia in this tread is bordering on pathological. If you did commit a crime then a lack of fingerprint scanner isn't going to help you much. If you didn't commit the crime but happened to be there, then perhaps cooperating with the police to catch the real perpetrator would preclude being forced to scan your finger to prove something that you've already claimed when cooperating with the police to solve such a heinous crime, whatever that crime might be.
For the average non-criminal, the likelihood of ever being both falsely accused and falsely convicted based on evidence from an iPhone is almost infinitesimally small. Considering that if you didn't do the crime, if anything the phone should exonerate you.
The fairly rare cases of something 'bad' happening and getting falsely accused shouldn't be the basis of making tech decisions. A similar logic would compel us to never ride in a car, since the threat profile of an auto fatality is much higher than that of being forced to incriminate yourself with an iPhone. Decisions should be based on a risk management profile. If you tend to hang out with criminals, then your risk management profile would be different than someone who works at home and only goes to the gym once in awhile. And if you are a criminal, you'd be foolish to use any identifiable electronics devices at all. Your retired aunt Sarah who hangs out at the hair salon and church food pantry would hardly need to be as paranoid as a guy who's good friend is an ecstasy dealer. There's no reason worry about that exceptionally rare situation where you suddenly find yourself in the middle of a real-life Law and Order episode. There are plenty if other, more realistic things to worry about in terms of digital security than being forced to fingerprint in a courtroom.
I think cbhl's point is perfectly valid, in the presentation of the feature, Apple states that about half of people leave their phones w/o a PIN. Touch ID is for these people and in general will make unauthorized access to iPhones more difficult.
Touch ID is optional, if a user feels particularly concerned, about legal implications of this, it is perfectly valid to revert to a passcode. I am glad that this article/discussion exists though, it is good to know what risks may exists using new security systems.
[Edited to add: just read somewhere else that after 48 hours of inactivity or a reboot, user must re-enter passcode before fingerprint will unlock the device. This would seem to protect from the case stated in the article.]
You can still contend that the fact your finger unlocks the phone today doesn't prove you were the one using the phone in the deceased's home. Maybe the phone was unlocked via passcode at the time of the murder.
Just a small point of order, but if a judge issued a warrant for your cell phone records, then the NSA had nothing at all to do with it, and it went through due process.
The feature is meant to make using an iPhone more secure for those of us who tend to leave our phones unlocked and PIN-free.
If you're storing anything of value on your phone, the existing password-based and PIN-based lock mechanisms aren't going away any time soon. If nothing else, it'd break too many organizations' Active Directory configurations.