- cross-posted to:
- technology
- technology@lemmy.zip
- legalnews@lemmy.zip
The legal situation is more complex and nuanced than the headline implies, so the article is worth reading. This adds another ruling to the confusing case history regarding forced biometric unlocking.
You must log in or register to comment.
Makes perfect sense to me (not a lawyer, not a US person)… what doesn’t make sense is how many people still think biometric is high security (maybe because of how cool they make it look in the movies?)
Also not a lawyer or a US person, but from listening to American tech media, this has been an issue of some debate for a decade or more now.
The trick lies in their 5th amendment right against self-incrimination. Police cannot require you to give your PIN because that would violate 5th amendment rights. It has been ruled in some parts of America (but the ruling in other parts has been the opposite, IIRC) that you can be forced to give biometric unlocks. In my opinion this is kinda silly and inconsistent. It might be in line with the letter of the law, but it’s certainly not in keeping with its spirit.
The bigger problem IMO is that the Constitution does not universally apply at or within 100 miles of a border, which is where apparently 72% of the population lives.
Yeah, it’s like if you kept a bunch of illegal things in a safe the authorities have the authority to force you to unlock the safe.
Authorities with a warrant can drill into a safe to get to its contents. That’s legally distinct from forcing someone to unlock the safe by entering the combination. It takes some mental effort to enter a combination, so it counts as “testimony”, and in the USA people can’t be forced to testify against themselves.
The parallel in US law is that people can be forced to unlock a phone using biometrics, but they can’t be forced to unlock a phone by entering a passcode. The absurd part here is that the actions have the same effect, but one of them can be compelled and the other cannot.
It’ll be interesting to see if it applies to facial recognition. In iOS, at least, you need to look at the phone to unlock it. That’s an intentional action. If you look to the side or close your eyes, it won’t work.
So if you’re conscious, you can’t easily be forced to unlock the phone with your face and eyes if you’re able to resist. But if you’re unconscious, then maybe they could use your face (assuming your eyes aren’t rolled back into your head because the cops gave you brain damage.)
But you can be easily tricked. Even easier than with the fingerprint.
“Hey, can you look at those pictures?”, shows some printed out pictures with the phone hiding behind and then quickly just dropping the pictures.
then quickly just dropping the pictures
Could even poke a camera-sized hole in the picture. And disguise it by putting that hole over something similarly-coloured.
But anyway, but of it is really that you can be held in contempt for refusing to unlock with biometrics, if they’ve got an appropriate warrant.
Probably a “have a look at this” and the 2 seconds before you realize that you are currently unlocking your phone, would be enough.
Depends on the country you life in. And even in the USA it is to my knowledge not correct. They can try to crack it themself but you have not to comply.
This isn’t new. I’ve been on the passcode to unlock train for a long time because of this. It’s only news in that it’s been codified by the court. You can’t be compelled to reveal info.
On iPhone: press and hold the lock button and either volume button for 1-2sec. It’ll force a passcode despite biometrics.
Careful locking your device before the cops get there. It could be considered tampering with evidence.
In the States police can bust you on false charges and it will typically (but not always) fly in court.
They also have strong phone cracking software, despite what FBI says about piles of evidence locked away in phones.
Evidence is not a thing until you are at least accused of a crime or detained.
That’s not completely true. In most states if they are knocking down your door with a search warrant and you flush a kilo of heroin down the toilet, you’re getting an evidence tampering charge that will hold up in court.
They would have to prove beyond a reasonable doubt that you only flushed it after hearing them knock on the door.
There’s a whole lot of caselaw surrounding this, and they will get someone to destroy the pipes to find out when they were flushed (their word goes, good luck finding someone impartial to say that wasn’t what happened). I wish court cases were built on 1’s and 0’s like computer code but that’s just not the way the world works.
Even if this is true, and I’m not arguing that it isn’t, if you’ve committed a different crime with a worse punishment, you’ll have to take that into consideration.
Or use wrong finger for multiple times untill its locked out with pin password
For iphone brothers and sisters (courtsey of rpcameron)
You must be using an Android device. On the iPhone, 5 quick presses of the side/power button (or long-pressing power+volume) will bring up the Power Off/SOS menu; any future attempt to unlock will require the passcode. (Either action can be down without any screen interaction, meaning that you can enable this feature silently as soon as you feel it necessary.)
(Also to note for iPhones: if you choose a 7 digit or longer passcode, the entry field does not indicate how long the passcode is; the same is true if you choose an alphanumeric passcode.)
(Extra safety for those in the US if you are in a car, after doing the above stash your phone in the console/glove box; if it is within a sealed compartment not on your person additional cause/warrant is required to gain access to the device.)
Another benefit to this is that the USB port goes into a restricted mode that only allows for charging, and you can still use your cameras to record while it’s in this mode.
Memorize and practice this! You can do it in 2 seconds.
A number of Android phones support most of this functionality. Unfortunately, you have to actually click on a “Lockdown mode” button after long pressing power+volume-up. Hopefully Google catches up here.
Enter pin
“I don’t know what happened, it’s the right code, might be broken.”
That pin was device self sanitiziation trigger for preventing information from falling in the hands of the enemy.
Then buy enough claymores to make sure there will not be a second encounter with enemy forces.
I really wish the GrapheneOS devs would add duress passwords…
Not as part of core GrapheneOS, but an app called “Private Lock” can detect sudden force via accelerometer and disable the fingerprint based unlocking for next unlock.
But yeah, an erase passcode feature with opening a decoy profile would be a great feature to have.
E: grammar
That’s exactly right, I and it works like a charm.
A duress password to remove selected profiles would be amazing. So it still unlocks but quietly removes the profiles you are worried about.
This may be the first time a federal ruling has been made but I don’t know if it applies to state crimes. Many counties across the nation have ruled one way or another.
SCOTUS once ruled law enforcemeny cannot compel you to unlock a device at all and cannot access your phone without a warrant, but I don’t know if that is current. Police can legally lie to you (and beat you with a $5 wrench and pronably get away with it in court).
They also have strong phone cracking packages despite FBI’s lament about evidence locked away in seized devices.
Generally, do not consent to searches or cooperate without a lawyer present. Expect everything an officer tells you is intended to mislead. They will even lie in court to the judge.
First order of business: never enable the thumbprint lock on your phone.
Second order of business: never conduct any sensitive business or communication with a mobile phone.
Third order of business: use a very strong passphrase to lock your phone.
Fourth order of business: understand that all your phone calls and text messages are hoovered up into spook databases.
This is the best summary I could come up with:
The US Constitution’s Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday.
The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.
Judges rejected his claim, holding “that the compelled use of Payne’s thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”
Payne conceded that “the use of biometrics to open an electronic device is akin to providing a physical key to a safe” but argued it is still a testimonial act because it “simultaneously confirm[s] ownership and authentication of its contents,” the court said.
The Supreme Court “held that this was not a testimonial production, reasoning that the signing of the forms related no information about existence, control, or authenticity of the records that the bank could ultimately be forced to produce,” the 9th Circuit said.
The Court held that this act of production was of a fundamentally different kind than that at issue in Doe because it was “unquestionably necessary for respondent to make extensive use of ‘the contents of his own mind’ in identifying the hundreds of documents responsive to the requests in the subpoena.”
The original article contains 662 words, the summary contains 241 words. Saved 64%. I’m a bot and I’m open source!
People who demand constant internet connect when thy go out have a higher probability of having too much personal information on their phone. It’s a difference in mindset or mentality.
Cell service is overrated. Given the amount of people in public that are either scrolling or on some form of a social media shows having data service is not as important as people think it is. I have a GrapheneOS phone for listening to music and if I want to check for public wi-fi for a specific task but most days I never connect online when I am out and I’ve never signed up for a cell data plan before.
Life can be happier when someone is out in public and can’t check messages, that usually can wait anyways for a few hours, and they can enjoy the world around, not what’s on a screen.
I don’t believe doing things over public WiFi is that secure as traffic can be logged etc.
Most traffic these days goes over secure channels. Any time the website you’re accessing is HTTPS, they can see that you’re accessing that website, but they can’t see which pages you’re on our read what they say, or what you submit.
The exception is if they get you to install their own certificate to allow them to man-in-the-middle you. Laws in some authoritarian countries already require devices have root certificates that allow the government to spy on everything. And the EU is currently considering the same. Which should be a major concern for any European residents.
With a new randon MAC address created each time it connects online, logging means nothing for trying to identity or remembering a device.
This has been a theory for a while, just not sure it was a specifically ruled precedent. The notion being similar to how they can force fingerprinting but not testimony. Access to a physical lock or location you can’t simply say ‘stay out’ but they can’t force you to divulge a password since it’s a thought in your mind.
Also, relying on biometrics is terrible, quick but immutable keys are a big no-no.
???
Eh, I never stopped using a password for this exact reason.
I think this solution is way too impractical for most people, who tend to unlock their phone many times a day.
Yeah, that’s the cost of good security practices. You always sacrifice convenience.
If you were dumb enough to put your thumbprint into the phone in the first place then they already have it and they can access it through the modem. The courts are playing a kabuki theater or cabaret skit.
they can access most phones through modem exploits regardless of whether you have fingerprint.
Not if I cut off my thumbs first.
j/k I use a password.