The legal situation is more complex and nuanced than the headline implies, so the article is worth reading. This adds another ruling to the confusing case history regarding forced biometric unlocking.
This may be the first time a federal ruling has been made but I don’t know if it applies to state crimes. Many counties across the nation have ruled one way or another.
SCOTUS once ruled law enforcemeny cannot compel you to unlock a device at all and cannot access your phone without a warrant, but I don’t know if that is current. Police can legally lie to you (and beat you with a $5 wrench and pronably get away with it in court).
They also have strong phone cracking packages despite FBI’s lament about evidence locked away in seized devices.
Generally, do not consent to searches or cooperate without a lawyer present. Expect everything an officer tells you is intended to mislead. They will even lie in court to the judge.
If you were dumb enough to put your thumbprint into the phone in the first place then they already have it and they can access it through the modem. The courts are playing a kabuki theater or cabaret skit.
???
This has been a theory for a while, just not sure it was a specifically ruled precedent. The notion being similar to how they can force fingerprinting but not testimony. Access to a physical lock or location you can’t simply say ‘stay out’ but they can’t force you to divulge a password since it’s a thought in your mind.
Also, relying on biometrics is terrible, quick but immutable keys are a big no-no.
This isn’t new. I’ve been on the passcode to unlock train for a long time because of this. It’s only news in that it’s been codified by the court. You can’t be compelled to reveal info.
On iPhone: press and hold the lock button and either volume button for 1-2sec. It’ll force a passcode despite biometrics.
Or use wrong finger for multiple times untill its locked out with pin password
You can also turn your phone off. Phones require a passcode after booting up.
I hate Siri, but you can do a “Hey Siri, whose phone is this?” and it will force PIN unlock. Great if you aren’t able to physically touch the phone.
Careful locking your device before the cops get there. It could be considered tampering with evidence.
Evidence is not a thing until you are at least accused of a crime or detained.
That’s not completely true. In most states if they are knocking down your door with a search warrant and you flush a kilo of heroin down the toilet, you’re getting an evidence tampering charge that will hold up in court.
They would have to prove beyond a reasonable doubt that you only flushed it after hearing them knock on the door.
Eh, I never stopped using a password for this exact reason.
I think this solution is way too impractical for most people, who tend to unlock their phone many times a day.
I mean, it is annoying. But it’s security. Don’t want people having access to your device, remove all possibility someone CAN.
But it is annoying, we shouldn’t HAVE to do this. Privacy should be baked right into our daily lives and not clawed out with tired hands every chance we get.
Yeah, that’s the cost of good security practices. You always sacrifice convenience.
I wish I could have a fingerprint and a pin with a limited number of attempts. Plus a password after like three failed pin attempts. I think that would be a pretty good balance between security and convenience.
This is the best summary I could come up with:
The US Constitution’s Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday.
The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.
Judges rejected his claim, holding “that the compelled use of Payne’s thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”
Payne conceded that “the use of biometrics to open an electronic device is akin to providing a physical key to a safe” but argued it is still a testimonial act because it “simultaneously confirm[s] ownership and authentication of its contents,” the court said.
The Supreme Court “held that this was not a testimonial production, reasoning that the signing of the forms related no information about existence, control, or authenticity of the records that the bank could ultimately be forced to produce,” the 9th Circuit said.
The Court held that this act of production was of a fundamentally different kind than that at issue in Doe because it was “unquestionably necessary for respondent to make extensive use of ‘the contents of his own mind’ in identifying the hundreds of documents responsive to the requests in the subpoena.”
The original article contains 662 words, the summary contains 241 words. Saved 64%. I’m a bot and I’m open source!
People who demand constant internet connect when thy go out have a higher probability of having too much personal information on their phone. It’s a difference in mindset or mentality.
Cell service is overrated. Given the amount of people in public that are either scrolling or on some form of a social media shows having data service is not as important as people think it is. I have a GrapheneOS phone for listening to music and if I want to check for public wi-fi for a specific task but most days I never connect online when I am out and I’ve never signed up for a cell data plan before.
Life can be happier when someone is out in public and can’t check messages, that usually can wait anyways for a few hours, and they can enjoy the world around, not what’s on a screen.
I don’t believe doing things over public WiFi is that secure as traffic can be logged etc.
Most traffic these days goes over secure channels. Any time the website you’re accessing is HTTPS, they can see that you’re accessing that website, but they can’t see which pages you’re on our read what they say, or what you submit.
The exception is if they get you to install their own certificate to allow them to man-in-the-middle you. Laws in some authoritarian countries already require devices have root certificates that allow the government to spy on everything. And the EU is currently considering the same. Which should be a major concern for any European residents.
Removed by mod
I just wish you could setup logic for this. Pulling out your phone to hold the power button for 3 seconds and then tapping the lockdown button is slow, very obvious, and likely to be prevented by an attacker.
Would be great if I could set it up to lockdown on a specific finger, or a specific number of presses on an analog button. Or even like if I leave a WiFi network or some other arbitrary condition.
This article and similar threads keeps popping up in my feed, so I’m going to keep spreading this tip around. (I’m using Android.)
I use tasker to automatically lockdown my phone based on accelerometer and Bluetooth. A sharp tap to my phone or being disconnected from Bluetooth is enough to lockdown my phone and disable all biometric access. I dialed in the sensitivity so that it doesn’t take much, just a tap on my pocket, being set down a little too aggressively, pulled from my car and thrown to the ground is all it takes. I set it to notify me with a quick vibrate when it does this for a little added confidence that it is behaving as expected.
For a little added effort I can have tasker snap a photo that gets backed up to the cloud any time there is a failed unlock attempt, just be prepared for some unflattering photos of yourself looking like an aging male boomer posting selfies to the facebook.
Do you mind share it?
I encourage you to figure it out yourself because it’s not that difficult to figure out how to implement and I’m lazy. I’ll give you one more hint though. Because these tasks interact with the system at a deeper level, you may need an app like “Secure Settings” to make this work. Tasker used to be able to do a lot of stuff like this on its own, but with every release of Android it seems like Google cuts off access to another one of Taster’s features.
WTF is with the downvotes? Because I don’t feel like holding your entitled script kiddy hands while crossing the street?
Makes perfect sense to me (not a lawyer, not a US person)… what doesn’t make sense is how many people still think biometric is high security (maybe because of how cool they make it look in the movies?)
Idk… you being forced to use your body against your will to reveal secret and private things sounds pretty awful to me
Nobody cares. It’s easy. Folks aren’t out getting arrested in mass, even in the United States. Unless youre out selling drugs or protesting while breaking shit it has no functional effect on your life in any way.
Enter pin
“I don’t know what happened, it’s the right code, might be broken.”
That pin was device self sanitiziation trigger for preventing information from falling in the hands of the enemy.
Then buy enough claymores to make sure there will not be a second encounter with enemy forces.
I really wish the GrapheneOS devs would add duress passwords…
A duress password to remove selected profiles would be amazing. So it still unlocks but quietly removes the profiles you are worried about.
Not even remove them, honestly. Just unlock the phone into a sanitized, honeypot account that has no access to the secured accounts contents!
Reminder that on an iPhone, if you hold the Volume Up and Power buttons simultaneously for several seconds, the phone will vibrate and will require the PIN or password next time you unlock it, not Face/TouchID. This happens whether the screen is on or off, so you can discretely do it in your pocket.
Basically every Android also has a variation of this
So you know what it is? I just tried both volume keys and all I got was TalkBack (Google’s screen reader).
it’s called lockdown mode. on my phone you press and hold the power button and select the option. you might have to enable this in settings.
Holy connoli, you are right! I just enabled it.
I find it a little useless since you can also shut it down or force restart (continuously hold power button until it restarts)
Nope.
Samsung A50 doesn’t have this option.
Will keep an eye out for it though.
Depends on the rom. It’s in Android since 9. Samsung definitely has it, but you have to enable it
I didn’t realize how many people didn’t know this so someone should probably post a PSA and quick guide in c/Privacy.
Or just use pin all the time, no face or fingerprint.
And then some random dude takes a peek at you entering said password, and steals the phone :/
GrapheneOS has an option to scramble the numbers on the unlock screen. I don’t know if that’s a base android thing or available on IOS
