- cross-posted to:
- privacy@lemmy.ml
- technology@lemmy.world
- cross-posted to:
- privacy@lemmy.ml
- technology@lemmy.world
Suspects can refuse to provide phone passcodes to police, court rules::Phone-unlocking case law is “total mess,” may be ripe for Supreme Court review.
Thought this was already established precedent.
Nope, each state is doing its own thing and the 5th ammendment is being trampled in a few of them. Biometrics and passwords are being forced and this is an amazing ruling for 5A advocates like myself.
SC needs to rule on it, but preferably not THIS supreme court
But biometrics have never been covered by the 5th amendment. Police collect facial photos and fingerprints and have done so for years. On top of that any DNA you unknowing leave at a police station can be used as evidence (strand of hair, spit on the rim of a water glass). I would never recommend commiting a crime but if you do and have evidence of it on your phone don’t use biometrics.
Forcing someone to press on their phone to unlock it via fingerprunt is a lot different than just collecting data.
IMO, forced/coerced biometrics to unlock a device SHOULD be covered by 5A
Exactly. If the hair I leave behind or my spit on the rim of a glass can unlock my phone, that sucks but those are public things I’ve left behind. Unless I leave my fingers behind on the officers desk, forcing me to unlock my phone with them should be should be a violation of my rights.
deleted by creator
You’re right. I know your response may seem implausible, but prosecutors have fought against the release of known innocent people.
It’s not even that they’ll try to get a win. It’s that they can refuse to simply honor justice in its most fundamental forms.
Central park 5 comes to mind
Not in a post Trump supreme court era it isnt
I’ll keep saying it; The Supreme Court is conservative, not partisan. They owe Trump nothing and have had a few surprising decisions lately.
I don’t trust them a bit, but neither do I trust they’ll always make the wrong call.
I don’t think that’s right. A group that very strongly believes in the Republican Party and its agenda and values would still be definitively partisan. Partisan has always been used in the context of following party lines, not necessarily one person.
But you can trust they will make the wrong call after geting a very expensive vacation and a few dufflebags of money.
Hey, thanks, that’s a useful (and probably fairly accurate) distinction and I’m happy to find that a positive shift in my viewpoint, if minor. The corruption might be a really big problem or it might be one guy who’s an aberration for being wildly outside the court’s norms, really unclear on that part. But I needed a solid reminder that it’s not quite yet another ruined and hypocritical institution we once held dear.
I mean, whether you say it’s legal or not, I wouldn’t give out my pass code to a police officer. You can get fucked on that one.
In France it’s illegal not to allow them to unlock your phone once they take you to the station. That’s why most of the time we clean our phones or use burners during civil desobedience actions.
Won’t they just keep you locked up perpetually for refusing then?
They might also just shoot you.
Yeah, and I’ll appeal the case all the way up to the Supreme Court. I have a constitutional right to not say a goddamn thing. The founding fathers knew what passwords and cyphers were. If they wanted to allow the state to compel you to give them access to information that they could use against you in court, they would have written that into the fifth amendment.
Dunno, bit that’s a risk I’m willing to take to maintain my 4th ammendment right.
Shut down your phones so they can’t uze biometrics on you
Android also has a Lockdown mode that will disable biometrics until you unlock with the pin.
How many digits is the pin? Can you try all codes?
Pins are pretty damn secure because after too many wrong guesses the phone will start making you wait a long time between attempts.
OTOH, as a point of reference, Microsoft requires an 8-digit pin on phones that can access comment resources. It was 6 until very recently, though, so that’s probably fine if you’re not a target of corporate espionage.
What makes it secure is the master key in a TPM which is considerably longer than four digits and can only be accessed by for digits in under twenty attempts.
Hypothetically.
Some TPMs are allegedly backdoored by their manufacturers (e.g. Microsoft), and regardless of the original intent of these backdoors they’re now accessible through cracking software to which some law enforcement departments have access.
Then, if a government department really, really wants to get into a phone, the TPM can be cracked with a tunneling electron microscope, but this process is still slow, expensive and requires an expert.
I don’t know about the key length of a TPM. If I had to guess I’d say something like 256 or 512 bits, or even 1024. But I was just addressing the PIN the user might type in to unlock their phone. That’s something the user can control, and it provides plenty of security against naive brute force attacks by people not sophisticated enough to disassemble the phone. I assume that group includes the majority of police departments and any cop whose main work is outside of a lab.
Usually 128 or 256 bit root keys for symmetric keys, almost always 256 bits for ECC for asymmetric keys these days (used to be RSA between 1024 and 2048 bit)
Here in the states, in municipal precincts, we can expect they’ll have some phone cracking software on hand, so if your TPM is backdoored, your PIN isn’t going to matter much. If yours is an early phone (notoriously the iPhone 5, I think) that doesn’t have a TPM, then it might be susceptible to exploits that lift the limits of tries, in which case a four digit PIN can be cracked by a machine using brute force.
It depends, you can pick it. It can range from a simple 4 digit numeric PIN to a full blown alphanumeric with symbols password text field. But I guess the most common is that grid gesture thing, which in some phones you can also customise the size of the grid itself. All these options work as the default fallback to biometrics.
As far as I know as well, you are required to input your pin/password/gesture after a long period of inactivity, after X days, and after a reboot, before being able to use biometrics again.
I personally use 10 digits.
Default is between 4-8 (your choice) and you can set a password too
As does iOS for over a decade now.
Why are you being downvoted?
He sounds like android just got this feature.
On lemmy, Apple Bad™
On Reddit, people say “Redd say Apple bad.” Maybe it’s not Reddit or Lemmy. Maybe it’s just people in general. I have an iPhone, I just hate that stupid response “On X platform, people hate Y” and they say it on every platform.
I don’t care about Reddit, though? I’m just making a statement that there’s a heavily anti-Apple sentiment on this platform.
First you’d need to activate it.
This is a complicated situation, but in my opinion, probably the correct decision.
Given this is the ruling, if you do believe your phone is about to be confiscated, and you don’t want its contents to be used as evidence, it might be a good idea to turn off your phone. Although the police cannot compel a password, a biometric unlock is not a password. If you turn off your phone, it will generally require a password to enable biometric unlock.
It’s not complicated at all. The constitution guarantees the right that no one be compelled to testify against themselves.
It is complicated in the US because of biometrics and the wide use of contempt citations. If you “forget” your password, you can be held in contempt and jailed for up to 18 months (I missed that; last I knew it was indefinite). Biometrics and other “something you are” items can be forcibly taken (eg your fingerprints or retinal scans) with full legal backing. Your perspective, while laudable, only exists in the potential future orgs like the EFF and ACLU are fighting to create. It is very wrong today.
I don’t understand the USA law that well, probably not a good thing because I’ve lived here my whole life, but don’t the Miranda rights say “you have the right to remain silent” and the 5th amendment says you have the right to not answer any questions that would self incriminate yourself? The police can’t legally compell a private citizen to tell them a phone passcode or anything and I think any defense lawyer would immediately call out a judge who posed the threat of contemp over this.
IANAL. I recommend you start with the link I shared and the OP article which has a massive number of links to related cases (included the one I shared). The basics, as I understand them, is that being compelled to share a password and being compelled to give details of a crime you committed are viewed differently by the law.
Last I looked at it, it was like having a safe. They can take the safe and break in.
If the safe is locked by a key. They can subpoena a key since it’s a physical object. It’s something you have, not something you know. If you’re phone is locked by biometrics, it’s something you have. They can force you to give them something you have.
If the safe is locked with a combination, they cannot force you to talk. You have the right to remain silent and the right not to incriminate yourself. If your phone is locked with a pin or passcode, it’s a similar concept.
However, things get murky, because if we stay with the safe analogy, and they know you have a specific document or item in that safe. They can subpoena that specific document and you may be compelled to provide the document, although maybe not the combination.
Anyway, long story short. Shit is weird and not cut and dry.
deleted by creator
Not all phones have it I believe. For example, OnePlus just removed one day with an update when they switched to using a ColorOS skin.
Most phones have a way to use a button sequence force the next lock to require a PIN code. iPhone is just hitting the side button 5x for instance.
On iPhone, tap the power button five times quickly
Or squeeze volume up button and power button. Encrypts your data and requires passcode unlock. Also, set a long passcode like 10 digits. 4 can be cracked in minutes. 6 can be cracked in a few hours.
So, there’s a bunch of factors going on regarding crap like this. The general argument is that the passwords are protected by the Fifth Amendment to the Constitution of the United States, the protection against testifying against yourself. While biometrics are not.
Then there’s the Constitution Free Zone established by the DHS and ICE and upheld by some judges depending on how related to immigrant control your detention by law enforcement is. The Federalist Society doesn’t like non-nationals, and if you can’t prove you’re an American in the zone (100 inland from any US border) then you get zero Constitutional protections.
Then there’s the matter that law enforcement can lie to you to convince you to authorize searches. So they may insist you are required by law to open your device for them when you are not. This is why you don’t cooperate without a lawyer. For now police are not allowed to give you a fake lawyer and lawyers, even public defenders, are required to adhere to a code of ethics to serve in the client’s interests. But this may change in the next few years as rights in the US deteriorate.
Then police departments in Cook County (Chicago), New York City and Los Angeles have all used the $5 wrench method to force detainees to open their devices. While there are allegedly laws against this sort of thing, it doesn’t slow down the precincts, and judges sometimes uphold found evidence in court the way they’ll uphold coerced confessions.
So it’s really better not to interact with law enforcement ever if you can avoid it, and to have a high powered defense lawyer if you can afford to establish a legal relationship with one. If you’re doing something the state wouldn’t like (say, operating a mutual aid program) then look into having multiple accounts on your phone, one of which is pristine and can call your grandma. Then you have the option to unlock to that account rather than the one that has your life’s history (and all your CFAA violations).
This is the most American thing I’ve read in a long time. I lived for decades in several European countries, and this description just seems like a different planet.
deleted by creator
this is still up in the air, but it seems to be generally breaking such that police can force you to use fingerprints or faceID to unlock your phone because fingerprints and face scans are evidence, but you can refuse to give them a passcode because a passcode is testimony. so use passcodes, not biometrics.
That’s what the ‘Lockdown’ feature on Pixel phones does.
https://9to5google.com/2022/03/08/how-to-enable-lockdown-mode-on-pixel/
Impossible to force a fingerprint or face scan because it asks the phone to only accept passcodes.
I think all Android phones have this feature, but it has to be turned on.
You can also turn your phone off if they ask for it. Phones need the password to unlock if they’ve been turned off.
But I like lockdown more, since it can still record audio.
Wow thanks had no idea this was an option on my Samsung. . it was just hiding disabled in my settings as “lockdown mode”
Also nice to know, on an iPhone you can press power and volume up for a few second and then cancel the upcoming dialog. It will only be then require your pin to enable any other authentication method.
On recent almost all Androids from the last decade+ you can reboot them to force a PIN requirement, and lockdown mode is available on most recent Android phones, not just Pixel
* in the USA.
Would be handy to have that key piece of information on the title, so I know I don’t need to read the article, as it’s about law in a different country.
While it’s tough to have any sympathy for an offender like this, even the worst monsters are entitled to due process and their rights as human beings. Most of the article is about disobeying the court, so that really shouldn’t be news.
It’s the twisted logic that got them there that’s really suspect. If I can paraphrase, “we don’t have enough evidence to incriminate you so you must provide that evidence. The ruling stand because the police already know you’re guilty so incriminating yourself is not self-incrimination”. Yeah, I took some liberties with it, but not as much as the court
At least the ruling limiting jail time makes sense, you can’t imprison someone for contempt longer than the court proceedings, or impanelment, or 18 months, whichever comes first. I didn’t see any implications in the article, but hopefully it either applies generally to contempt, or any contempt charge has a similar limitation. You can’t just imprison someone indefinitely for refusing to speak
Totalitarians try to use cases like this to take your rights away. Never forget how this impacts the innocent. If they can force this man to unlock his phone, they can force any innocent person to do the same. If the police think you’ve committed a crime, accessing your phone will never make them think you’re innocent. The absolute best case scenario is that they don’t find anything useful to their case. The worst case scenario is that they find your social media account where you called arson based last year, and they will use that against you.
Isn’t this a human right?
Bold of you to assume human rights are respected.
deleted by creator
I think we’re sort of deciding that right now? Lots of new technologies are getting out ahead of any substantial laws that would protect human rights in these situations.
What if you have face unlock?
Last I heard biometrics were not protected. As in you have to unlock your phone upon request. A code, pattern or other thing you know was treated differently from using your body to unlock your phone.
In my state, police aren’t allowed to use your fingerprint against you, but they can use facial recognition. It’s backwards and doesn’t make a ton of sense, but that’s the state of affairs.
This is the best summary I could come up with:
Criminal suspects can refuse to provide phone passcodes to police under the US Constitution’s Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued today by Utah’s state Supreme Court.
Police officers obtained a search warrant for the contents of Valdez’s phone but couldn’t crack his passcode.
At his trial, the state “elicited testimony from the detective about Valdez’s refusal to provide his passcode when asked,” today’s ruling said.
"And during closing arguments, the State argued in rebuttal that Valdez’s refusal and the resulting lack of evidence from his cell phone undermined the veracity of one of his defenses.
“While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles.”
“One of the major issues in the law of digital evidence investigations is how the Fifth Amendment privilege against self-incrimination applies to unlocking phones,” Kerr wrote.
The original article contains 499 words, the summary contains 161 words. Saved 68%. I’m a bot and I’m open source!
What about biometrics?
I’m sorry, but this headline is weird to me because “I forgot my passcode” if a cop ever asks me for it.
That’s for including jurisdiction in the headline like we’ve all been asking for. V helpful.