Good day. Two civil-liberties groups are asking the U.S. Supreme Court to rule on whether Americans have a constitutional right to keep their passwords and passcodes secret. The initiative is the latest twist in a tug of war between technology companies, which have radically increased the security of their products over the past decade, and law-enforcement authorities, who have increasingly relied on digital evidence to make their cases, The Wall Street Journal reports. 

Other news: Clearview facial recognition helps ID Capitol riot suspects; Google Chrome privacy plan faces U.K. probe; Dassault Falcon Jet reveals data breach; Biden expected to name Anne Neuberger to new White House cyber role; SolarWinds hires Krebs Stamos Group and promises better security in product development. 

Is your iPhone passcode off limits to the law? Supreme Court ruling sought. It’s a thorny legal issue, and one that is unsettled in the U.S., according to lawyers at the American Civil Liberties Union and the Electronic Frontier Foundation, who on Thursday filed a petition with the Supreme Court asking it to decide the matter once and for all.

Five years ago, the Justice Department tried to compel Apple to develop a way for law enforcement to access locked iPhones, but it later abandoned the quest. Investigators currently rely on private companies that essentially hack into the phones as a way to uncover the data inside.

Most states haven’t decided the password matter, said Jennifer Granick, a lawyer with the ACLU. So while U.S. law is clear that the police can’t force suspects to divulge the combination to a safe, for example, that’s not the case when it comes to an iPhone passcode. “It’s ambiguous almost everywhere,” she said.

And the state rulings are contradictory, Ms. Granick said. In Pennsylvania, the State Supreme Court has decided that law enforcement can't force you to divulge a passcode. But the New Jersey State Supreme Court ruled in the opposite direction in August in a case involving a Newark Sheriff’s officer named Robert Andrews.

In 2016, Mr. Andrews was charged with tipping off members of a narcotics ring with information about an investigation. Police wanted access to two of Mr. Andrews’s iPhones, but he refused to hand over his passcodes, according to his lawyer Robert Tarver, who joined the petition filed Thursday.

Read the full story. 

Local police force uses facial recognition to identify Capitol Riot suspects. Sgt. Jason Webb, a police officer for Oxford, Ala., helps lead a crime center that uses facial recognition software from Clearview AI Inc. As of Friday afternoon, he said he had generated several suspect leads by running images from Wednesday’s riot through the software, finding photo matches and sending information to the Federal Bureau of Investigation. Unlike some facial recognition systems that only try to match an image from a crime scene against an internal database of government photos, Clearview has compiled a database of more than 3 billion photos by scraping social media and other websites, WSJ Pro Artificial Intelligence reports. Sgt. Webb decided to use the technology to generate leads after seeing a public request for suspect information from the FBI.

No comment: An FBI spokeswoman said, “We cannot comment about tools and techniques used in our investigations.”

Privacy questions: Civil libertarians have raised concerns broadly about the use of facial-recognition by law enforcement, and specifically about Clearview. The American Civil Liberties Union has accused the company of violating privacy laws by collecting images online without people’s knowledge or consent, and providing those pictures to law enforcement.

Clearview says: The company recently launched compliance features aimed at preventing abuse of the technology. Chief Executive Hoan Ton-That said at the time that the information Clearview collects is public and that its actions are similar to those of other search companies that crawl the web. 

Google Chrome privacy plan faces U.K. competition probe. U.K. antitrust officials are investigating whether Google’s plan to remove some user-tracking tools from its Chrome browser could hurt competition in the online-advertising industry, WSJ reports. The investigation will examine whether Google’s plan—which hasn’t yet been finalized—could cause advertisers to shift spending to Google’s set of online-ad tools at the expense of its competitors, the watchdog said. “We welcome the CMA’s involvement as we work to develop new proposals to underpin a healthy, ad-supported web without third-party cookies,” a Google spokeswoman said Friday.

Dassault Falcon Jet reveals data breach. The unit of French aerospace firm Dassault Aviation discovered an intrusion of its corporate network Dec. 6 that compromised personal data about current and former employees. Information at risk includes name, passport, driver’s license number, financial account number, compensation and other items. Information about spouses and dependents could also have been exposed. The company took affected systems offline and, in some cases, is rebuilding them.

SolarWinds hires high-profile cyber consultants. Chris Krebs, who was fired in November by President Trump as the Department of Homeland Security’s top cybersecurity official, and Alex Stamos, former chief security officer at Facebook, are advising the tech firm as it moves to improve its product security. Krebs Stamos Group, which launched last week, recommends security measures and combats disinformation, Mr. Krebs told Reuters.

New promises: Sudhakar Ramakrishna, who last week joined SolarWinds as its new chief executive, said in a blog post Thursday that the company plans to improve security in its product development process by deploying stricter access controls and adding more manual and automated integrity checks for its code, among other changes. 

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.