Suspects can refuse to provide phone passcodes to police, court rules::Phone-unlocking case law is “total mess,” may be ripe for Supreme Court review.

    • CaptainSpaceman@lemmy.world
      link
      fedilink
      English
      arrow-up
      69
      ·
      11 months ago

      Nope, each state is doing its own thing and the 5th ammendment is being trampled in a few of them. Biometrics and passwords are being forced and this is an amazing ruling for 5A advocates like myself.

      SC needs to rule on it, but preferably not THIS supreme court

      • AdamEatsAss@lemmy.world
        link
        fedilink
        English
        arrow-up
        24
        arrow-down
        2
        ·
        11 months ago

        But biometrics have never been covered by the 5th amendment. Police collect facial photos and fingerprints and have done so for years. On top of that any DNA you unknowing leave at a police station can be used as evidence (strand of hair, spit on the rim of a water glass). I would never recommend commiting a crime but if you do and have evidence of it on your phone don’t use biometrics.

        • CaptainSpaceman@lemmy.world
          link
          fedilink
          English
          arrow-up
          28
          ·
          11 months ago

          Forcing someone to press on their phone to unlock it via fingerprunt is a lot different than just collecting data.

          IMO, forced/coerced biometrics to unlock a device SHOULD be covered by 5A

          • AA5B@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            ·
            11 months ago

            Exactly. If the hair I leave behind or my spit on the rim of a glass can unlock my phone, that sucks but those are public things I’ve left behind. Unless I leave my fingers behind on the officers desk, forcing me to unlock my phone with them should be should be a violation of my rights.

          • APassenger@lemmy.world
            link
            fedilink
            English
            arrow-up
            17
            ·
            11 months ago

            You’re right. I know your response may seem implausible, but prosecutors have fought against the release of known innocent people.

            It’s not even that they’ll try to get a win. It’s that they can refuse to simply honor justice in its most fundamental forms.

      • shalafi@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        5
        ·
        11 months ago

        I’ll keep saying it; The Supreme Court is conservative, not partisan. They owe Trump nothing and have had a few surprising decisions lately.

        I don’t trust them a bit, but neither do I trust they’ll always make the wrong call.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          11 months ago

          I don’t think that’s right. A group that very strongly believes in the Republican Party and its agenda and values would still be definitively partisan. Partisan has always been used in the context of following party lines, not necessarily one person.

        • boreengreen@lemm.ee
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          2
          ·
          11 months ago

          But you can trust they will make the wrong call after geting a very expensive vacation and a few dufflebags of money.

        • Benjaben@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Hey, thanks, that’s a useful (and probably fairly accurate) distinction and I’m happy to find that a positive shift in my viewpoint, if minor. The corruption might be a really big problem or it might be one guy who’s an aberration for being wildly outside the court’s norms, really unclear on that part. But I needed a solid reminder that it’s not quite yet another ruined and hypocritical institution we once held dear.

  • NocturnalMorning@lemmy.world
    link
    fedilink
    English
    arrow-up
    54
    ·
    11 months ago

    I mean, whether you say it’s legal or not, I wouldn’t give out my pass code to a police officer. You can get fucked on that one.

    • gaael@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      ·
      11 months ago

      In France it’s illegal not to allow them to unlock your phone once they take you to the station. That’s why most of the time we clean our phones or use burners during civil desobedience actions.

      • starman2112@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        11 months ago

        Yeah, and I’ll appeal the case all the way up to the Supreme Court. I have a constitutional right to not say a goddamn thing. The founding fathers knew what passwords and cyphers were. If they wanted to allow the state to compel you to give them access to information that they could use against you in court, they would have written that into the fifth amendment.

    • 🗑️😸@lemm.ee
      link
      fedilink
      English
      arrow-up
      21
      ·
      11 months ago

      Android also has a Lockdown mode that will disable biometrics until you unlock with the pin.

        • lolcatnip@reddthat.com
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          11 months ago

          Pins are pretty damn secure because after too many wrong guesses the phone will start making you wait a long time between attempts.

          OTOH, as a point of reference, Microsoft requires an 8-digit pin on phones that can access comment resources. It was 6 until very recently, though, so that’s probably fine if you’re not a target of corporate espionage.

          • Uriel238 [all pronouns]@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            3
            ·
            11 months ago

            What makes it secure is the master key in a TPM which is considerably longer than four digits and can only be accessed by for digits in under twenty attempts.

            Hypothetically.

            Some TPMs are allegedly backdoored by their manufacturers (e.g. Microsoft), and regardless of the original intent of these backdoors they’re now accessible through cracking software to which some law enforcement departments have access.

            Then, if a government department really, really wants to get into a phone, the TPM can be cracked with a tunneling electron microscope, but this process is still slow, expensive and requires an expert.

            • lolcatnip@reddthat.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              I don’t know about the key length of a TPM. If I had to guess I’d say something like 256 or 512 bits, or even 1024. But I was just addressing the PIN the user might type in to unlock their phone. That’s something the user can control, and it provides plenty of security against naive brute force attacks by people not sophisticated enough to disassemble the phone. I assume that group includes the majority of police departments and any cop whose main work is outside of a lab.

              • Natanael@slrpnk.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                Usually 128 or 256 bit root keys for symmetric keys, almost always 256 bits for ECC for asymmetric keys these days (used to be RSA between 1024 and 2048 bit)

              • Uriel238 [all pronouns]@lemmy.blahaj.zone
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                Here in the states, in municipal precincts, we can expect they’ll have some phone cracking software on hand, so if your TPM is backdoored, your PIN isn’t going to matter much. If yours is an early phone (notoriously the iPhone 5, I think) that doesn’t have a TPM, then it might be susceptible to exploits that lift the limits of tries, in which case a four digit PIN can be cracked by a machine using brute force.

        • Bruno Finger@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          11 months ago

          It depends, you can pick it. It can range from a simple 4 digit numeric PIN to a full blown alphanumeric with symbols password text field. But I guess the most common is that grid gesture thing, which in some phones you can also customise the size of the grid itself. All these options work as the default fallback to biometrics.

          As far as I know as well, you are required to input your pin/password/gesture after a long period of inactivity, after X days, and after a reboot, before being able to use biometrics again.

            • guacupado@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              11 months ago

              On Reddit, people say “Redd say Apple bad.” Maybe it’s not Reddit or Lemmy. Maybe it’s just people in general. I have an iPhone, I just hate that stupid response “On X platform, people hate Y” and they say it on every platform.

              • Rai@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                11 months ago

                I don’t care about Reddit, though? I’m just making a statement that there’s a heavily anti-Apple sentiment on this platform.

  • logicbomb@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    edit-2
    11 months ago

    This is a complicated situation, but in my opinion, probably the correct decision.

    Given this is the ruling, if you do believe your phone is about to be confiscated, and you don’t want its contents to be used as evidence, it might be a good idea to turn off your phone. Although the police cannot compel a password, a biometric unlock is not a password. If you turn off your phone, it will generally require a password to enable biometric unlock.

    • sorghum@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      1
      ·
      11 months ago

      It’s not complicated at all. The constitution guarantees the right that no one be compelled to testify against themselves.

      • thesmokingman@programming.dev
        link
        fedilink
        English
        arrow-up
        27
        ·
        11 months ago

        It is complicated in the US because of biometrics and the wide use of contempt citations. If you “forget” your password, you can be held in contempt and jailed for up to 18 months (I missed that; last I knew it was indefinite). Biometrics and other “something you are” items can be forcibly taken (eg your fingerprints or retinal scans) with full legal backing. Your perspective, while laudable, only exists in the potential future orgs like the EFF and ACLU are fighting to create. It is very wrong today.

        • AdamEatsAss@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          11 months ago

          I don’t understand the USA law that well, probably not a good thing because I’ve lived here my whole life, but don’t the Miranda rights say “you have the right to remain silent” and the 5th amendment says you have the right to not answer any questions that would self incriminate yourself? The police can’t legally compell a private citizen to tell them a phone passcode or anything and I think any defense lawyer would immediately call out a judge who posed the threat of contemp over this.

          • thesmokingman@programming.dev
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            11 months ago

            IANAL. I recommend you start with the link I shared and the OP article which has a massive number of links to related cases (included the one I shared). The basics, as I understand them, is that being compelled to share a password and being compelled to give details of a crime you committed are viewed differently by the law.

            • brygphilomena@lemmy.world
              link
              fedilink
              English
              arrow-up
              10
              ·
              11 months ago

              Last I looked at it, it was like having a safe. They can take the safe and break in.

              If the safe is locked by a key. They can subpoena a key since it’s a physical object. It’s something you have, not something you know. If you’re phone is locked by biometrics, it’s something you have. They can force you to give them something you have.

              If the safe is locked with a combination, they cannot force you to talk. You have the right to remain silent and the right not to incriminate yourself. If your phone is locked with a pin or passcode, it’s a similar concept.

              However, things get murky, because if we stay with the safe analogy, and they know you have a specific document or item in that safe. They can subpoena that specific document and you may be compelled to provide the document, although maybe not the combination.

              Anyway, long story short. Shit is weird and not cut and dry.

      • StorageAware@lemmings.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Not all phones have it I believe. For example, OnePlus just removed one day with an update when they switched to using a ColorOS skin.

    • Brkdncr@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Most phones have a way to use a button sequence force the next lock to require a PIN code. iPhone is just hitting the side button 5x for instance.

      • phoneymouse@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Or squeeze volume up button and power button. Encrypts your data and requires passcode unlock. Also, set a long passcode like 10 digits. 4 can be cracked in minutes. 6 can be cracked in a few hours.

  • Uriel238 [all pronouns]@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    25
    ·
    edit-2
    11 months ago

    So, there’s a bunch of factors going on regarding crap like this. The general argument is that the passwords are protected by the Fifth Amendment to the Constitution of the United States, the protection against testifying against yourself. While biometrics are not.

    Then there’s the Constitution Free Zone established by the DHS and ICE and upheld by some judges depending on how related to immigrant control your detention by law enforcement is. The Federalist Society doesn’t like non-nationals, and if you can’t prove you’re an American in the zone (100 inland from any US border) then you get zero Constitutional protections.

    Then there’s the matter that law enforcement can lie to you to convince you to authorize searches. So they may insist you are required by law to open your device for them when you are not. This is why you don’t cooperate without a lawyer. For now police are not allowed to give you a fake lawyer and lawyers, even public defenders, are required to adhere to a code of ethics to serve in the client’s interests. But this may change in the next few years as rights in the US deteriorate.

    Then police departments in Cook County (Chicago), New York City and Los Angeles have all used the $5 wrench method to force detainees to open their devices. While there are allegedly laws against this sort of thing, it doesn’t slow down the precincts, and judges sometimes uphold found evidence in court the way they’ll uphold coerced confessions.

    So it’s really better not to interact with law enforcement ever if you can avoid it, and to have a high powered defense lawyer if you can afford to establish a legal relationship with one. If you’re doing something the state wouldn’t like (say, operating a mutual aid program) then look into having multiple accounts on your phone, one of which is pristine and can call your grandma. Then you have the option to unlock to that account rather than the one that has your life’s history (and all your CFAA violations).

    • GiddyGap@lemm.ee
      link
      fedilink
      English
      arrow-up
      11
      ·
      11 months ago

      This is the most American thing I’ve read in a long time. I lived for decades in several European countries, and this description just seems like a different planet.

  • Alien Nathan Edward@lemm.ee
    link
    fedilink
    English
    arrow-up
    19
    ·
    11 months ago

    this is still up in the air, but it seems to be generally breaking such that police can force you to use fingerprints or faceID to unlock your phone because fingerprints and face scans are evidence, but you can refuse to give them a passcode because a passcode is testimony. so use passcodes, not biometrics.

      • chiliedogg@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        11 months ago

        I think all Android phones have this feature, but it has to be turned on.

        You can also turn your phone off if they ask for it. Phones need the password to unlock if they’ve been turned off.

        But I like lockdown more, since it can still record audio.

        • dorron@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          Wow thanks had no idea this was an option on my Samsung. . it was just hiding disabled in my settings as “lockdown mode”

      • hubobes@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        11 months ago

        Also nice to know, on an iPhone you can press power and volume up for a few second and then cancel the upcoming dialog. It will only be then require your pin to enable any other authentication method.

        • Natanael@slrpnk.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          11 months ago

          On recent almost all Androids from the last decade+ you can reboot them to force a PIN requirement, and lockdown mode is available on most recent Android phones, not just Pixel

  • Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    11 months ago

    * in the USA.

    Would be handy to have that key piece of information on the title, so I know I don’t need to read the article, as it’s about law in a different country.

  • AA5B@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    11 months ago

    While it’s tough to have any sympathy for an offender like this, even the worst monsters are entitled to due process and their rights as human beings. Most of the article is about disobeying the court, so that really shouldn’t be news.

    It’s the twisted logic that got them there that’s really suspect. If I can paraphrase, “we don’t have enough evidence to incriminate you so you must provide that evidence. The ruling stand because the police already know you’re guilty so incriminating yourself is not self-incrimination”. Yeah, I took some liberties with it, but not as much as the court

    At least the ruling limiting jail time makes sense, you can’t imprison someone for contempt longer than the court proceedings, or impanelment, or 18 months, whichever comes first. I didn’t see any implications in the article, but hopefully it either applies generally to contempt, or any contempt charge has a similar limitation. You can’t just imprison someone indefinitely for refusing to speak

    • starman2112@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      11 months ago

      Totalitarians try to use cases like this to take your rights away. Never forget how this impacts the innocent. If they can force this man to unlock his phone, they can force any innocent person to do the same. If the police think you’ve committed a crime, accessing your phone will never make them think you’re innocent. The absolute best case scenario is that they don’t find anything useful to their case. The worst case scenario is that they find your social media account where you called arson based last year, and they will use that against you.

    • Mamertine@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      11 months ago

      Last I heard biometrics were not protected. As in you have to unlock your phone upon request. A code, pattern or other thing you know was treated differently from using your body to unlock your phone.

      • Ashe@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        In my state, police aren’t allowed to use your fingerprint against you, but they can use facial recognition. It’s backwards and doesn’t make a ton of sense, but that’s the state of affairs.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    This is the best summary I could come up with:


    Criminal suspects can refuse to provide phone passcodes to police under the US Constitution’s Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued today by Utah’s state Supreme Court.

    Police officers obtained a search warrant for the contents of Valdez’s phone but couldn’t crack his passcode.

    At his trial, the state “elicited testimony from the detective about Valdez’s refusal to provide his passcode when asked,” today’s ruling said.

    "And during closing arguments, the State argued in rebuttal that Valdez’s refusal and the resulting lack of evidence from his cell phone undermined the veracity of one of his defenses.

    “While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles.”

    “One of the major issues in the law of digital evidence investigations is how the Fifth Amendment privilege against self-incrimination applies to unlocking phones,” Kerr wrote.


    The original article contains 499 words, the summary contains 161 words. Saved 68%. I’m a bot and I’m open source!

  • DBT@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I’m sorry, but this headline is weird to me because “I forgot my passcode” if a cop ever asks me for it.