XKCD, Passwords

Consider this in the context of convenient biometric authentication like TouchID and FaceID.

Imagine you travelled to the US with a locked briefcase that contained every text message, email, and private message you’d ever sent to a loved one. It also included every web search you’d ever conducted, and — through your bank account and PayPal records — every purchase you’d ever made and every organization you’d ever donated money to.

The customs agent not only wants to open your locked briefcase —he also wants to copy all of its contents and store them forever in a database, which will be shared with all manner of law enforcement agencies and tax agencies, and will eventually be available to anyone working in any capacity in the government without the need for a warrant.

All your data will be stored in a database built by the lowest bidder — the same kinds of government contractors who brought you Healthcare.gov and the aborted $208 million California DMV database. It will be so valuable that all manner of malicious hackers will materialize from out of the woodwork to try and steal it.
That is what makes your locked phone different from a briefcase with a few personal details locked inside it.

Ephemeral messaging apps such as Snapchat, Wickr and Frankly, all of which advertise that your photo, message or update will only be accessible for a short period, are on the rise….

The companies offering these apps might very well analyze their content and make that information available to advertisers. We don’t know how much metadata is saved. In SnapChat, users can see the metadata even though they can’t see the content and what it’s used for. And if the government demanded copies of those conversations — either through a secret NSA demand or a more normal legal process involving an employer or school — the companies would have no choice but to hand them over.Bruce Schneier