back to article FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge

A US judge gave the cops permission to force people's fingers onto seized iPhones to see who could unlock them, a newly unsealed search warrant has revealed. Specifically, Judge Judith Dein, of the federal district court of Massachusetts, gave agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) the right …

  1. Shadow Systems
    Stop

    You can pry my password from my cold, dead lips.

    This is why I don't use fingerprints, voice print, facial recognition, or any *physical only* means of securing things.

    It needs to be a combo of something physical (like a UbiKey) & something I know (a password) to gain access.

    Cops want to search my stuff? Let my lawyer read your warrant & maybe then I'll *think* of giving up the password, otherwise have fun trying to brute force something expressly set to wipe itself if you flub the password too many times in too short a time.

    An even more delightful trick is to set a specific passphrase that causes the auto wipe if entered. Cops want access? Give them the "wrong" password & laugh when they realize they're now holding an expensive paperweight.

    "What part of the 4th & 5th Amendments did you fail to understand? Have fun with that empty shiny!"

    Yes I loathe my government. It keeps giving me reason after reason to wish it to get repeatedly violated by Satan in a bad mood.

    1. jake Silver badge

      Re: You can pry my password from my cold, dead lips.

      Easier answer: I simply don't use a so-called smart phone or any other thingie that requires an Internet connection to be useful. The cops can't access what I don't carry, not even "accidentally". Neither can anybody else. Problem solved.

      And no, you do NOT "need" your so-called smart phone and access to all that stuff 24/7. You are not important enough in the great scheme of things. Neither am I. Very, very few of us are ... if anybody truly is.

      Turn off, tune out, drop the electronic leash. You'll be a lot happier over all.

      1. Anonymous Coward
        Anonymous Coward

        Easier answer

        I see people not just walking along my street with their head stuck in their slab, but even riding horses whilst doing it.

        So absolutely damn right Jake.

        1. JeffyPoooh
          Pint

          "...their head stuck in their slab..."

          It's a huge mistake to think in terms of people being absorbed in the hardware ("slab"). In most cases, people are using the hardware (and network connection) to be in contact with other people.

          One way to help distinguish is to (in your imagination) cut their network connection. If it were just the local hardware ("slab") that they're absorbed in, then they wouldn't complain when the network connection is cut. But if they do complain when the network connection is cut, then 99% of the time it's because their contact with the other people has been cut.

          So, you yell at them, "Hey you, get your face out of smartphone!"

          They reply, "Sorry. My grandmother is dying; she has about 20 minutes to live. I'm just saying goodbye to her over a live video chat. Now, what was your complaint ?"

          In summary: It's an error on your part to fail to see past the hardware (e.g. "slab").

          1. Anonymous Coward
            Anonymous Coward

            Re: "...their head stuck in their slab..."

            On the other hand, there are those rude self-absorbed morons I see everywhere reading books.

            1. crayon

              Re: "...their head stuck in their slab..."

              The majority of the time I spend on my phone is in reading books. So I guess that makes me doubly self-absorbed and moronic :(

            2. jake Silver badge

              Re: "...their head stuck in their slab..."

              "On the other hand, there are those rude self-absorbed morons I see everywhere reading books."

              Twenty or more years ago, I almost never saw somebody walking down the street reading a paperback, running into lightposts, telephone poles, letter boxes, other pedestrians, stepping into traffic without looking, and otherwise attempting to hurt themselves (or worse). These days, not a day goes by where I don't see somebody doing the above with their nose buried in their phone.

              So there is a difference, like it or not. I say let Darwin sort 'em out.

              1. macjules

                Re: "...their head stuck in their slab..."

                I subscribe to helping old Charles Darwin out a bit by introducing random tripwires across sidewalks, designed to catch the more unwary slabozombies.

                1. jake Silver badge

                  Re: "...their head stuck in their slab..."

                  No trip wires. Too many false positives.

          2. Anonymous Coward
            Anonymous Coward

            Re: "...their head stuck in their slab..."

            All those people doing something I don't.

            They must be wrong, let's criticise them, after all, I'm always right...

            1. jake Silver badge

              Re: "...their head stuck in their slab..."

              I'm not always right, but I know better than to put myself into harm's way because of narcissistically insisting that I'm so important that I must remain connected 24/7.

        2. Robert Carnegie Silver badge

          Re: Easier answer

          I forget where, but I recently saw a plausible recent report of a horse that takes a daily walk by itself around its neighbourhood since its owner died, who used to follow the same route. This continues a tradition that also includes the horse and cart that regularly took their owner home from the pub already asleep. So... we have intelligent self-driving vehicles already. (But they do need looking after at bedtime.)

      2. doublelayer Silver badge

        Re: You can pry my password from my cold, dead lips.

        You use some type of data storage, right? This generally applies to any form. They can take it, and if they need biometrics to access it, they can now take those, too. The warrant in this case allowed them to access phones, but a different warrant could allow accessing computers, drives, or other devices.

      3. Shadow Systems
        Joke

        At Jake, re: unplug.

        <Sarcasm> I tried unplugging once... It was the worst thirty seconds of my life!</Sarcasm> =-)P

        I do unplug from my computer every now & then, mostly to listen to audio books or music on my mp3 player.

        Everything else I might get up to (mostly trouble) requires that I have a thing called a "L.iiii.ife". I've heard of them but never had one. Do they sell them at the store? Can I get them in bulk? On sale? Do I need a coupon? Are there different kinds? Social, private, sex, etc? As you can tell I am unfamiliar with them & would appreciate some advice on acquiring some. Thanks!

        *Cough*

        Officially the only uses to which I put my FlipPhone is making & taking calls or SMS text messages. That's because it's a feature phone that *can't* run apps.

        Unofficially I've added a targeting laser & an industrial strength taser dart system so I can have fun with random passers by.

        "Hey! Look over there!" *Points & waits* *Pulls the trigger* *Buzzy crackling noises & screams of surprise* "That makes six!"

        *Cough*

        Why yes, I have far too much time on my hands, why do you ask? =-D

      4. JohnFen

        Re: You can pry my password from my cold, dead lips.

        "I simply don't use a so-called smart phone or any other thingie that requires an Internet connection to be useful."

        A smartphone doesn't require an internet connection to useful.

      5. a_yank_lurker

        Re: You can pry my password from my cold, dead lips.

        The problem is most miscreants are using their main phone as the point of contact not a burner phone. Using your main phone leaves one vulnerable when a search is eventually done. In this case, it appears there substantial evidence from others that point to his main account. Thus, showing this evidence is actually from his account means he is toast. If he had used a series of burner phones and had ditched them periodically, it makes linking the messages to his account much more problematic, e.g. the flatfeet need to still prove it was his account during the relevant period.

      6. Symon
        Coat

        Re: You can pry my password from my cold, dead lips.

        "I simply don't use a so-called smart phone"

        Indeed, the technology has existed from the mid-sixties to prevent Plod et al using your messages against you in court.

        https://youtu.be/4y9NtHlJvbY

        p.s. Do you like movies about gladiators?

      7. This post has been deleted by its author

      8. EarthCitizen

        Re: You can pry my password from my cold, dead lips.

        "or any other thingie that requires an Internet connection to be useful" (sic)

        mmm... so how exactly did you write that comment without using a "thingie to access the internet"? please do tell!

        1. Michael Wojcik Silver badge

          Re: You can pry my password from my cold, dead lips.

          so how exactly did you write that comment without using a "thingie to access the internet"?

          jake said he didn't use anything "that requires an Internet connection to be useful" (emphasis added). He didn't claim to not use anything which could use an Internet connection, just that such devices he might use also had utility when not connected.

          1. jake Silver badge

            Re: You can pry my password from my cold, dead lips.

            Lest anybody think that you have to be connected to get anything done, my one lonely Windows machine is a near 20 year old Win2K box that runs AutoCAD2K. She has been airgapped for about a decade and a half, but she has been doing useful work that entire time.

        2. jake Silver badge

          Re: You can pry my password from my cold, dead lips.

          My post was clearly talking about everyday carry electronics. What I do in the privacy of my home is slightly different than what I do when out and about.

      9. Michael Wojcik Silver badge

        Re: You can pry my password from my cold, dead lips.

        I simply don't use a so-called smart phone or any other thingie that requires an Internet connection to be useful

        I'd go back to a "feature phone" myself if I could find one with a QWERTY keyboard. My problem is that my family members prefer SMS over voice, and I loathe texting with a 12-key keypad.

        That said, I do use the GPS functionality on my phone occasionally, I do take pictures with it once in a while, and I have been using it in lieu of carrying a physical paperback when I know I'll have a wait somewhere. I could live without it, just as I did for several decades, but it does come in handy.

        But then my phone doesn't contain "a treasure trove of personal information", either. Nearly everything that's on it could be found from some other discoverable source, except maybe my shopping lists and which novels I've downloaded from Project Gutenberg.

        1. jake Silver badge

          Re: You can pry my password from my cold, dead lips.

          I have found it simpler to not text. My friends, family and associates seem to communicate with me just fine without SMS. There are a few folks who refuse to communicate in any way other than SMS, but quite frankly they don't usually have anything important to say anyway, so no real loss.

      10. Anonymous Coward
        Anonymous Coward

        Re: You can pry my password from my cold, dead lips.

        @jake that really won't help when they can read your mind.

        OK that's not possible today but the principle is the same - if they can, they will.

      11. LucreLout

        Re: You can pry my password from my cold, dead lips.

        I simply don't use a so-called smart phone or any other thingie that requires an Internet connection to be useful.

        Fair enough - I can't see any fault with this, though personally I'd find it inconvenient.

        And no, you do NOT "need" your so-called smart phone and access to all that stuff 24/7.

        True. I also don't need a one night stand with Nicole Kidman, but I can't say as I'd pass up the opportunity. It's not about need for me, it's about my own personal convenience. My smartphone lets me do emails, browse the news, and watch training videos/TED talks/other shit from the train, which is otherwise dead time.

        You are not important enough in the great scheme of things.

        Oh I agree. There's no confusion about that. 99.99 percent of the world would continue on just peachy if I simply ceased to exist.

        Turn off, tune out, drop the electronic leash. You'll be a lot happier over all.

        I'm not sure I would. See, I don't see it as a leash. I don't do social media, so I'm not wasting time tethered to farcebook or instagran or some other meaningless to me gubbins. But I do use my phone for things that make my life easier - like when the hire car hasn't come with a satnav and I'm in a foreign city for the first time.

    2. veti Silver badge

      Re: You can pry my password from my cold, dead lips.

      If the cops have a warrant, then by definition there is no fourth amendment issue. The judicial branch has already ruled that the search is "reasonable".

      1. Claptrap314 Silver badge

        Re: You can pry my password from my cold, dead lips.

        Well, SOME PART of the judicial branch has. But errors occur at all levels.

        1. Jaybus

          Re: You can pry my password from my cold, dead lips.

          "Well, SOME PART of the judicial branch has. But errors occur at all levels."

          and so there is also an Appellate Court, and if an error occurs at that level, then there is a Supreme Court, and if an error occurs at that level, then one is to get on Facebook and blame Trump.

    3. ratfox
      Alert

      Re: You can pry my password from my cold, dead lips.

      I hope you never cross the border... Homeland Security agents reportedly don't have to respect the Fifth Amendment.

      1. sanmigueelbeer

        Re: You can pry my password from my cold, dead lips.

        Homeland Security agents reportedly don't have to respect the Fifth Amendment

        FTFY

      2. Anonymous Coward
        Anonymous Coward

        Re: You can pry my password from my cold, dead lips.

        Can't search what I don't have. I wouldn't cross a border with anything electronic, even if I had such, which I don't. If, for some strange reason I needed such, I'd buy a phone I can toss on the other side while in that country. Gods know, they're cheap enough. Even better, give it to a local who might have a use for it, or can sell it.

        Besides, I'm quite happy talking with others while out of the country, or in for that matter. Downtime? I do that in my head. Myriads of things to think about.

        1. JohnFen

          Re: You can pry my password from my cold, dead lips.

          "I wouldn't cross a border with anything electronic"

          I don't even fly domestically with anything electronic (outside of a burner phone for emergency use).

      3. Smody

        Re: You can pry my password from my cold, dead lips.

        Don't cross the border. Or get within 100 miles of the border (including the ocean). Or get within 100 miles of an airport. Those are all, apparently, Constitution-free zones.

      4. Symon
        Big Brother

        Re: You can pry my password from my cold, dead lips.

        "don't have to respect the Fifth Amendment."

        Try the sixth. "I want a lawyer"

      5. Anonymous Coward
        Anonymous Coward

        Re: You can pry my password from my cold, dead lips.

        I brought this up to my employer as our company phones contain sensitive data in our emails we are not legally allowed to disclose. This includes Border control folks of the USA and other places.

        The reply was to not unlock the phone and let them keep it. My employer seems to trust our phone encryption + the encryption of the email. I hope I can trust them to get us out if we are held.

        Privileged conversations (lawyer/doctor/priest...) should be free from such slurping as well.

    4. Anonymous Coward
      Devil

      Maybe you just need the right password

      "I'mguiltyofthecrimesI'mbeingarrestedfor" would be a forced confession, right?

      1. Curtis

        Re: Maybe you just need the right password

        My preference is "&3tF00k3d"

    5. imanidiot Silver badge

      Re: You can pry my password from my cold, dead lips.

      "An even more delightful trick is to set a specific passphrase that causes the auto wipe if entered. Cops want access? Give them the "wrong" password & laugh when they realize they're now holding an expensive paperweight."

      Congratulations, you've just added "tampering with evidence" and possibly "Obstruction of justice" to the charges against you. This is a REALLY stupid idea as it provides an easy crime for them to hang you with and then they'll have plenty of time to figure out how else to kick you while you're down. You're not the first to think of this and though a killcode case hasn't gone to court yet so far as I can find, it's very likely to be illegal. (Remote wiping certainly HAS gotten people in jail)

    6. DontFeedTheTrolls
      Big Brother

      Re: You can pry my password from my cold, dead lips.

      "An even more delightful trick is to set a specific passphrase that causes the auto wipe if entered. Cops want access? Give them the "wrong" password & laugh when they realize they're now holding an expensive paperweight."

      Don't be surprised if something that wasn't on the device before it was wiped is magically found once they conduct the search. Have you not noticed how almost all criminals seem to posses child images these days as part of their prosecution. Might be they're all guilty of being paedophiles, being bad n'all...

    7. GnuTzu
      Thumb Up

      Re: You can pry my password from my cold, dead lips. -- Feature Request

      Feature Request: allow for a secondary code that, instead of unlocking the device, wipes it. And when they make that illegal, adjust the feature to only wipe sensitive data, leaving trivial data intact, and then wipe it's configuration along with this feature itself for plausible deniability.

      Patent Note: I regard this as a trivial concept, in that it took me just a few seconds to think of it. If a patent for this does exist, it should be revoked. If a patent for this does not exist, then let this stand a evidence of prior art such that no patent can be issued for it--not even by me.

      1. Michael Wojcik Silver badge

        Re: You can pry my password from my cold, dead lips. -- Feature Request

        The more-sophisticated variant of this, deniable encryption, has been around for decades (most famously with the Rubberhose filesystem from 1996).

        1. Charles 9

          Re: You can pry my password from my cold, dead lips. -- Feature Request

          Which as analysts have noted won't work because once they know of a deniable encryption system, they'll just KEEP rubber-hosing you until you disclose the part they really want. The ol' "Now the other password" problem.

    8. gnasher729 Silver badge

      Re: You can pry my password from my cold, dead lips.

      I think it's quite established in the USA that your password is protected only if the fact that you know the password is in itself incriminating. Not the data on the phone, just the fact that you know the password. If unlocking the phone in front of the judge, then immediately locking it without anyone seeing anything on the phone, was enough to incriminate you, then you don't need to unlock it.

      Otherwise, you have the right to unlock the phone without anyone watching you, so you can unlock it without revealing your password.

    9. Pirate Dave Silver badge
      Pirate

      Re: You can pry my password from my cold, dead lips.

      "An even more delightful trick is to set a specific passphrase that causes the auto wipe if entered. Cops want access? Give them the "wrong" password & laugh when they realize they're now holding an expensive paperweight."

      Yeah, because us plebes can trust the masters at Apple and Google to do that in a way that's actually secure and would stop The Gub'mint cold in its tracks during a search. That's not just securing personal property like the iPhone unlock court thing a few years ago, that's actively interfering with a possible investigation. Which I'm normally all for, but I doubt the bigwigs at A & G are quite as keen on the idea.

      1. Anonymous Coward
        Anonymous Coward

        Here's a better way

        Allow setting a timeout where if your phone hasn't been unlocked for a given number of hours it automatically wipes itself. Most of us could set that to 24 hours and run no risk of losing data. If you are engaged in criminal behavior, a shorter timeout might be appropriate. It all depends on what the longest time you could ever imagine sleeping is, I usually sleep 5-6 hours but approach 9 hours maybe once a year if I didn't sleep the night before...so 10 hours would work for me though I'd have to remember to unlock right before bed just in case!

        You'd run some risk of data loss, since obviously you aren't using cloud storage (both Apple and Google will give up that data in response to a lawful subpeona) so backup frequently I guess.

        Hard to see how you could be prosecuted for "destruction of evidence" for something automated like that.

        1. Pirate Dave Silver badge
          Pirate

          Re: Here's a better way

          Yeah, I'd think if you put a dead-man's brake like this on your computer, you might be OK. Maybe. Probably depends on the Prosecutor and the crime. The better alternative is, um, reformation and a turning away from the old habits beforehand?

      2. gnasher729 Silver badge

        Re: You can pry my password from my cold, dead lips.

        You can set up your iPhone to erase its contents after 10 failed attempts. However, that is intended to protect you from data thieves, not to protect you from the police.

        And to protect you from idiot mates erasing your phone for fun, there are time delays so erasing takes over two hours.

        But then Settings, General, Reset does the job if your phone is unlocked.

  2. Purple-Stater

    Not an item for debate

    If they're given specific permission in the warrant, which has already required a reasonable amount of evidence to obtain, then it's not a privacy issue. This is permission in a specific setting, not for general policework.

    1. DontFeedTheTrolls
      Headmaster

      Re: Not an item for debate

      "already required a reasonable amount of evidence to obtain"

      Define reasonable. Friendly Judges and Sheriffs have been known to play this lose and fast.

      1. Yet Another Anonymous coward Silver badge

        Re: Not an item for debate

        >This is permission in a specific setting, not for general policework.

        Then it becomes standard wording in all warrants, then becomes standard at all arrests - then it is "a standard police procedure" at every stop and search.

        Remember ow DNA samples were only being taken for murder+rape and destroyed immediately? Or all those laws that were only against terrorists

      2. JohnFen

        Re: Not an item for debate

        "Friendly Judges and Sheriffs have been known to play this lose and fast."

        And if they play it too fast and loose, then a higher court will rule that the evidence obtained is inadmissible on appeal.

        1. Charles 9

          Re: Not an item for debate

          Which in turn get appealed to the highest court which can overturn the overturn AND set nationwide precedent. AND it's a lot easier to put friendly faces in a single Court of Last Resort.

          1. Curtis

            Re: Not an item for debate

            All of which takes money. Money the government has (from civil asset forfeiture) and the defendant (whose accounts have bee frozen as "possibly related to the "crime") doesn't.

            1. Charles 9

              Re: Not an item for debate

              Or a good friend up top. There's something to be said about connections...

          2. CRConrad

            Re: friendly faces in a single Court of Last Resort

            "I like beer."

      3. Symon
        Paris Hilton

        Re: Not an item for debate

        "Define reasonable. "

        Knock yourself out!

        https://en.wikipedia.org/wiki/Reasonable_person

  3. James Ashton

    Forced password entry not possible

    the state's higher court unanimously decided that there wasn't a difference and the cops could force a suspected pimp to unlock his phone by typing in the passcode

    I can see how cops could physically force someone to swipe their fingerprints, though a determined suspect could make this quite difficult, with a serious risk of damaging the device. But there’s no way to force someone to enter a password, whatever a court may rule. You can coerce them with threats of fines and imprisonment, but you can’t actually compel compliance. That’s an advantage passwords have over biometrics.

    1. Yet Another Anonymous coward Silver badge

      Re: Forced password entry not possible

      I would like to introduce to my friends; mr tazer, mr being handcuffed to a burning radiator and mr being locked up in a cell with bubba for a romantic evening

      1. Anonymous Coward
        Anonymous Coward

        Re: Forced password entry not possible

        I have been tortured at the hands of the police for an awfully long time.* Probably due to having to deal with level 10 pain for a couple of decades now that it didn't work out for them.

        * Been tasered too. Didn't work out for them there, either. I pulled the hooks out and told them: "Don't do that." They got real polite even, putting away their guns. I think they were rather shocked and that pun was fully intended. Having been nailed by -20,000VDC might have helped, a bit.

        1. Anonymous Coward
          Anonymous Coward

          Re: Forced password entry not possible

          Surprised they didn't switch to the mental torture instead, which works through exasperation (think the Hell of Eric) rather than pain.

    2. Black Betty

      Re: Forced password entry not possible

      Obligatory xkcd

      https://xkcd.com/538/

      1. Charles 9

        Re: Forced password entry not possible

        And if it turns out the guy is a masochist (gets off on pain) or a wimp (faints before you get started)?

    3. James 51
      Big Brother

      Re: Forced password entry not possible

      Except in the UK were it will get you five years in jail.

    4. JohnFen

      Re: Forced password entry not possible

      "But there’s no way to force someone to enter a password, whatever a court may rule. You can coerce them with threats of fines and imprisonment, but you can’t actually compel compliance."

      Not true. Courts can, and have, jailed people until they decide to provide the password. Legally, you can be jailed indefinitely or until you comply, whichever comes first.

      1. James Ashton

        Re: Forced password entry not possible

        Yes, they can jail you indefinitely, but they still can't force you to enter your password. That was my point. Jail doesn't force you to comply; it's merely coercion.

      2. This post has been deleted by its author

  4. Marty McFly Silver badge
    Holmes

    Authentication factors

    1) Something you know (password)

    2) Something you have (key)

    3) Something you are (biometrics)

    What this is looking like is only 'something you know' is legally protected. A 'something you have' can be forcibly taken and used to authenticate (a key & a lock). Biometrics are new in mainstream usage.

    What it looks like is courts are determining the 'something you are' can be forcibly taken and used as authentication.

    1. JoMe

      Re: Authentication factors

      The only reason is that they cannot get the "something you know" through any other means than you giving it to them. If you're hard headed enough, nobody is getting that password.

      This law will change when they figure out how to extract it by force from your head, but until then as long as you have a hard head, it's safe.

      1. druck Silver badge
        Boffin

        Re: Authentication factors

        They have already managed to decode peoples speech patterns by planting electrodes in the brain https://www.theregister.co.uk/2019/01/30/ai_brain_reader/ How long before they develop sensitive enough external sensors that they could put a non tin foil helmet on you, and say "don't think of your password", and then read it out when you inevitably do think of it.

        1. My-Handle

          Re: Authentication factors

          Trust me, the day that someone manages to read out what I'm actively thinking of is the day that an awful lot of people are going to be confused. My thoughts are barely coherent when I speak them, let alone while they're still in my head.

        2. paulll

          Re: Authentication factors

          "How long before they develop sensitive enough external sensors that they could put a non tin foil helmet on you, and say "don't think of your password", and then read it out when you inevitably do think of it."

          My passphrase is,"parmindernagranakedeggsbenedictwhooooooareyouwhooohoohoohohhdavidcarusohahahaiwantasmokeeggsbenedictiwonderifmohwowwhitesockswithasuitthatstupidthingisaidin1996boobssmokekenlivingstoneffs," and so on...

  5. heyrick Silver badge

    can be compelled to disclose information that the government already knows

    That sounds like a pretty broad definition. If a device containing already known information is accessed, who determines what is in fact already known and what is "oh juicy!"?

    1. Down not across

      Re: can be compelled to disclose information that the government already knows

      "Well, if you claim you already know it, then surely you don't need access to it. Sod off!"

      Getting access on what is claimed to be known sounds like a very dangerous and very slippery slope.

      1. Swarthy

        Re: can be compelled to disclose information that the government already knows

        "If you already know it, YOU enter the passcode!"

  6. Anonymous Coward
    Stop

    Another nail in the coffin for my regard for biometrics...

    As if it wasn't bad enough that biometrics might fail because you are sweaty/greasy, have some swelling or skin damage on your finger for some reason, If that finger happens to be broken and splinted, you have an eye infection/allergy, someone else spoofs your fingerprint (Which takes effort, but if they think your biometrics might lead to getting something valuable.), if someone else's biometrics are just close enough to your own to fall within the allowed margin of error of the relevant biometric sensors, if your biometrics get stolen in digital form, etc.

    1. Dave 126 Silver badge

      Re: Another nail in the coffin for my regard for biometrics...

      Biometrics are for stopping your mates faffing around with your phone for a prank, not deterring a motivated criminal or agency. Which is why iPhones have require a passcode if the power button is tapped 5 times, if it's been turned off or if a certain period of of time has elapsed since last last unlock. Similarly, Android phones require a passcode at power on.

      1. DropBear

        Re: Another nail in the coffin for my regard for biometrics...

        If your problem you want solved is the faffing of your mates, what you need is not biometrics, it's better mates. Considering biometrics is clearly inadequate for anything else, I don't see its point.

      2. JohnFen

        Re: Another nail in the coffin for my regard for biometrics...

        This. They aren't really a security measure -- or at least they're in the same ballpark as a lock on a screen door.

  7. T. F. M. Reader

    Doesn't compute

    ... defendants can be compelled to disclose information that the government already knows ...

    I can't understand that in the context. What "the government already knows" in the context is that the defendant in question knows the password. The government does not know what that password is (let alone what it protects). So it seems to me that the defendant can be compelled to admit that he/she knows the password, that's all.

    Also, I am compelled (sic!) to assume that the above-quoted sentence is not a faithful reproduction of the USSC argument or ruling. A person under investigation can hardly be called a "defendant" by a learned judge.

    The legal argument was that the contents on the phone already exist and so someone isn't incriminating themselves because they aren't providing any new information.

    This interpretation sounds genuinely weird in a horrifically twisted way. All that is known is that the phone has some contents. Whether or not those contents include anything beyond the system software and the hash of the password (NB: not the password itself!) is very emphatically not known. If there is more information then it is not known if it is incriminating. Etc.

    Re-reading the two passages in the article and taking them at face value I get the impression that the Supreme Judicial Court of the Commonwealth of Massachusetts seriously misinterpreted the USSC arguments, and I hope that the lawyers will be able to argue and prove that. Not that I care about a bunch of arms dealers, but the issue is relevant to anyone on the US soil.

    IANAL.

    1. Anonymous Coward
      Anonymous Coward

      Re: Doesn't compute

      > All that is known is that the phone has some contents.

      Maybe they'll use the metadata BS again.

      "The password is not data so we should be able to access it at will".

      It worked for spying on people's communications.

      Sigh, even ElReg journos seem to buy into calling data about who you called and when "metadata").

      1. DavCrav

        Re: Doesn't compute

        "Sigh, even ElReg journos seem to buy into calling data about who you called and when "metadata" "

        It's a pretty good word for it. Meta(-) is, broadly speaking, (-) about another (-). Metadata is still data, its specifically data that describes another piece of data.

        1. gratou

          Re: Doesn't compute

          >its specifically data that describes another piece of data.

          Except it's not in this case.

          Metadata is: The duration is expressed in seconds.

          Not: The call lasted for 57 seconds.

          Metadata is: The IP addresses are in the IP V4 format.

          Not: The visited website was 121.131.141.151.

          Metadata is: The time is using a 24-hour clock.

          Not: The call was made at 20:53.

          Liars!

          1. doublelayer Silver badge

            Re: Doesn't compute

            I'm not downvoting, but I think this is not correct. Metadata describes some other piece of data, meaning that if you have a piece of data, any data that describes it would instead be metadata. If my data is a file, then the file size would count as metadata. If all my data is is the expression of a file's size, then its unit would be metadata. I think the definition of metadata specifically depends on the data involved.

            On the point of surveillance, I don't think the argument should be "The stuff being collected isn't metadata; it's data", but instead "The stuff being collected is sensitive metadata about calls that should not be collected".

            1. Anonymous Coward
              Anonymous Coward

              Re: Doesn't compute

              > If my data is a file, then the file size would count as metadata.

              True. Creation date too. And owwner. That's an IT perspective though.

              The non-technical, general-public view of what information is would vary markedly.

              Because while a file size is not very informative,

              IT perspective (the technical view)

              ------------------------------------

              *Header*

              Time:20.53 IP_FROM:12.13.14.15 IP_TO:12.13.14.16 Size:1234 bytes URL:www.killem.com/how

              ------------------------------------

              *Contents*

              bits of visited page

              -------------------------------------

              ------------------------------------

              Header*

              Type: Email Time: 20.53 From:abc@c.com To:abc@d.com Size:1234 bytes

              ------------------------------------

              *Contents

              bits of email

              -------------------------------------

              -----------------------------------

              *Header*

              Type:Phonecall Time: 20.53 From:1234567890 To:1234567899 Format:MP3 Duration:55s Size:1234 bytes

              ------------------------------------

              *Contents*

              bits

              -------------------------------------

              Information perspective (the common-sense, general-public view)

              -----------------------------------

              Time :20.53

              IP_FROM :12.13.14.15

              IP_TO :12.13.14.16

              Size :1234 bytes

              URL :www.killem.com/how

              Contents:bits of visited page

              -----------------------------------

              ------------------------------------

              Type :Email

              Time :20.53

              From :abc@c.com

              To :abc@d.com

              Size :1234 bytes

              Contents:bits

              -------------------------------------

              -----------------------------------

              Type :Phonecall

              Time :20.53

              From :1234567890

              To :1234567899

              Format :MP3

              Duration:55s

              Size :1234 bytes

              Contents:bits

              -------------------------------------

              Not only that, I bet that the second view is even used by the spooks to store all that data.

              Even of the field "Contents" is not *always* there.

            2. gratou

              Re: Doesn't compute

              Here the data is the call's contents. The conversation. That's what (they claim) they don't have. Not the call itself.

              Other data about the call, on top of contents, is date time duration etc.

              Data about the call itself:

              Date

              Time

              Duration

              Byte-stream contents

              Towers

              Nb bytes

              Etc

              Data about the concersation:

              Name of caller

              Name of recipient

              Languages spoken

              Speed of speech

              Nb of pauses

              Transcript

              Translation

              Etc

              Now they didn't get the second set of data but they sure get the first one. But one.

              Anyways. Potahto potayto. One thing is for sure. The so called metadata is at least as useful to them (and unwelcome to us) as the conversation itself. So saying "it's just metadata" is pure deception. It's very much data. And private data too.

        2. JohnFen

          Re: Doesn't compute

          I agree, "metadata" is almost never used correctly.

          Usually what they mean is "envelope data", as opposed to "payload data".

    2. Brangdon

      Re: Doesn't compute

      They don't have to say what their password is. They just have to unlock their phone with it. Hence no self-incrimination with respect to the password; it's not revealed.

      Once the phone is unlocked, it can be searched, and that's not self-incrimination either.

      1. Charles 9

        Re: Doesn't compute

        You're linking it to the "booby-trapped safe" argument. I don't know if there's been a precedent set where someone can be compelled by court order to open a physical safe only they can safely open (say it's booby-trapped to explode if cracked), but I hear there are pertinent rulings.

  8. Nick Kew
  9. UberMunchkin

    Anybody who is up to anything shady and who relies on fingerprint security on the cellular phone deserves to be caught. Remember, fingerprint ID isn't a password, it's a username.

    1. dajames

      Remember, fingerprint ID isn't a password, it's a username.

      Absolutely. Have a kiloton of upvotes.

    2. JoMe

      The problem though, is that cops over here have the opinion that everyone is guilty of something until proven otherwise, and if they feel you're guilty enough will find evidence of that fact regardless of whether said evidence really existed in the first place.

      Now, sjure, not all cops are that way. You get the rare gem that actually takes their job seriously and doesn't overstep the mark. But those are extreme minority and not in any way representative of the group as a whole.

    3. druck Silver badge

      And face ID is even worse, they can just hold the phone in front of you, no need to force you to use a finger.

      1. Anonymous Coward
        Anonymous Coward

        Can common face ID systems on phones tell the difference between your face in 3D and a 2D representation of it such as a printed picture from your official ID, passport, photo of you (possibly acquired from social media or using a long lens without your knowledge) or the mug shot that was taken when you were arrested? If such an image will unlock a device, the system is worse than useless. It would provide misplaced confidence to naive users that the device is protected while allowing literally anyone to unlock it with material that can be obtained without serious burden.

        1. druck Silver badge

          Some face ID systems use depth sensing, so aren't fooled by a 2D printed picture, but it doesn't mean they can't be tricked by masks, or other techniques.

  10. Anonymous Coward
    Anonymous Coward

    Biometrics do not protect

    The problem with biometrics is that you cannot switch them off. You can't disable your fingers offering a print other than by painful damage, you can't stop an eye providing from giving a scan - you can always be forced to provide this, it even works when you've just been zapped by a taser (I'm just working ahead from the usual MO at a raid).

    Passwords, however, do not. You must provide that willingly. You may be forced by circumstances, but it is 100% your decision. As long as you choose a decent one or the device auto-wipes after a number of times it will be impossible to recover.

    I personally don't have much to hide or to protect - I know the data I care about can be accessed without my permission with any reasonable warrant. The problem is that I also have data from other people, and that data will be afforded the maximum protection I can give it. I don't care if that data has importance or not, what matters is that it is not MY data, and I thus do not have the right to share it. I know that that flies in the face of the WhatsApp and Facebook generation, but I'm old school.

    That's why I have passwords on my platforms (and 2FA). No biometrics.

    1. gnasher729 Silver badge

      Re: Biometrics do not protect

      "The problem with biometrics is that you cannot switch them off. You can't disable your fingers offering a print other than by painful damage, you can't stop an eye providing from giving a scan - you can always be forced to provide this, it even works when you've just been zapped by a taser (I'm just working ahead from the usual MO at a raid)."

      However, on an iPhone you can turn off biometrics very easily and quickly: Just press the "screen lock" button five times quickly. Now the passcode Is needed the next time to unlock the device (after that your fingerprint or face works again).

      1. Charles 9

        Re: Biometrics do not protect

        Then they just take you by surprise. If you don't have the time to press the panic code, they've got you dead to rights.

        And as for sticking to passwords, what if you have a bad memory? Was it "correcthorsebatterystaple" or "donkeyenginepaperclipwrong"?

    2. heyrick Silver badge

      Re: Biometrics do not protect

      "The problem with biometrics is that you cannot switch them off."

      Huh? Until I registered my finger and eyeballs, my phone didn't know my "biometrics", and it's just as easy to undo this setting.

      Yes, I use "biometrics" on my phone, because if somebody is paying attention they can watch a password being entered, so I'd consider using a stronger password system around co workers to be a security risk; while a finger or eyeball is sufficient to unlock the phone and hard enough to be faked by the people I wish to keep out of my phone on a day to day basis.

      Anything else arrives (it won't, I'm utterly uninteresting) then the simplest way to disable all of the "biometrics" is to simply switch the phone off (long hold power button, tap screen, it's literally five seconds) upon which point anybody wanting access will need both the SIM unlock code and then the password.

      I use "biometrics" in quotes because I feel there is a difference between unique biological identifier, and something good enough for domestic use that shouldn't screw up you with anybody else in the same room...

      1. jake Silver badge

        Re: Biometrics do not protect

        The poster wasn't talking about your phone, heyrick. He was talking about you (generic "you"). Your biometrics can't be turned off unless/until we turn you off. Somehow, I doubt you want that to happen quite yet.

        1. Charles 9

          Re: Biometrics do not protect

          IOW, how do you change your fingerprint if someone manages to copy it (and we KNOW it's possible to duplicate a fingerprint enough to create a gummi-print that can fool even the most sophisticated sensors (even the heat-sensitive ones by way of placing the copy on an actual finger)?

  11. Schultz
    Thumb Up

    They went out and got a warrant

    So the police actually respects the justice system of the land? They no longer try to get blanket powers to hack or otherwise access the phone of every suspect?

    1. Anonymous Coward
      Anonymous Coward

      Re: They went out and got a warrant

      Must have been a new recruit. They'll wear him down eventually.

      Cynicism aside, sometimes they have to play by the rules as some jurisdictions do not accept illegally obtained evidence. Not sure that's the case here, but it struck me as a fairly sane default.

  12. DropBear

    In other words, dead letters such as the ones in a constitution give you exactly zero rights. Your actual rights are what the current powers that be interpret and decide you should have, or putting it differently, you get the scraps of rights they are fairly confident you can harmlessly enough be permitted to have and feel magnanimous enough in a good mood to let you keep.

    1. JohnFen

      "In other words, dead letters such as the ones in a constitution give you exactly zero rights."

      This looks to me like they actually followed the constitution, and ensured that the suspect did maintain their rights. When accused and faced with police searches, our rights are that a court will review what the police intend to do to ensure that the legal and constitutional protections are being honored.

  13. Patched Out
    Facepalm

    Am I the only one that ...

    ... noticed that the execution of this warrant will be pointless, since it will be taking place past the prescribed period where the Track ID will by itself unlock the phone(s)? They are going to need the password/PIN anyway.

    1. DontFeedTheTrolls
      Headmaster

      Re: Am I the only one that ...

      From the article: "issued April 18, is due to be executed by May 2, though it's not clear if it has been carried out yet"

      The search warrant was issued April 18, and is open for 14 days for them to then search the property, find phones and press fingers. They may press fingers within minutes of finding the phones and the Track ID will still be active.

      1. Patched Out

        Re: Am I the only one that ...

        I got the impression the phones had already been confiscated as evidence and are sitting in an evidence locker somewhere. Therefore the lockout period has already elapsed.

        The article does say "seized phones" right in the first paragraph ...

        A double forehead-smack to you.

  14. Aodhhan

    Can't stop laughing

    Just read comments from this site, and you'll begin to understand why good InfoSec professionals are hard to find.

    - some are so self centered, they talk about themselves in a post.

    - some are inexperienced, so they guess or say something bizarre about a given situation.

    - many are unable to logically work through mildly complex tasks to come to a concrete conclusion (or handle algebra).

    - some can't think for themselves--so they bark out some unoriginal political statement they heard from someone else.

    - some have inferiority complexes, so they find the need to belittle or put someone or something down.

    - some are so ignorant, they believe they know more about the US Constitution and laws than judges and lawyers.

    - quite a few people --in the future-- will be tossed in jail for obstruction of justice, because they refuse to listen to judges/lawyers.

    - few bring up additional complex facts to discuss.

    - few ask additional follow up questions to stir talking points.

    - few bring up or point out 2nd and 3rd order effects from both sides.

    InfoSec professionals need to have a good understanding on these items. Not everything is protected by the 4th/5th amendments.

    Did you ever stop to think why law enforcement can take your fingerprints or DNA samples? Why wouldn't this be protected by the 5th?

    Do you understand when an action can be considered obstructing justice? This is an answer all InfoSec professionals better know.

    1. Rasslin ' in the mud

      Re: Can't stop laughing

      "- some are so self centered, they talk about themselves in a post."

      You mean like the headline for this post?

    2. Anonymous Coward
      Anonymous Coward

      Re: Can't stop laughing

      And you know better, which is why you didn't tell us about the stuff we all got wrong. You decided not to participate in the conversation, informing us of your knowledge that seems to be covered by others already to some extent. Instead, you'll just say that we're all idiots and leave it at that?

      I'm just going to leave this here: "- some have inferiority complexes, so they find the need to belittle or put someone or something down." You are truly a master at self-assessment.

    3. JohnFen

      Re: Can't stop laughing

      Ignoring that your amusing rant is just a bunch of insults without even providing examples, I think you went off the rails right at the start by assuming the entirety of El Reg's commentariat consists of infosec professionals.

  15. Anonymous Coward
    Anonymous Coward

    Bio not secure

    Whether its gum, fake fingers made from prints on a glass - or on police file, fingerprints are not a secure anything.

    Also, don't be an illegal gun dealer lol

  16. Paul Hovnanian Silver badge

    My Passphrase

    'IBuriedTheBodiesAt123MainStreet' is self incriminating by itself. But not of the crime for which I am charged with and for which a warrant has been issued. It's a crime that the police may not be aware of. So forcing me to reveal it would be self incrimination and beyond the scope of the current warrant or investigation. You are not getting my pass phrase.

    I think a defense along these lines was actually tried once. Can't unlock my phone. Because I might be guilty of other crimes, evidence of which might be on that phone. No, I'm not telling you what those crimes are.

    1. Gnosis_Carmot

      Re: My Passphrase

      Passphrases and codes are protected.

    2. gnasher729 Silver badge

      Re: My Passphrase

      If your password is in itself incriminating, then you don’t have to reveal the password. Put you and your lawyer in an unobserved room. You unlock the phone. The lawyer makes sure you don’t make any changes (he’s your lawyer, so he’s not going to reveal your password) and hands the unlocked phone over.

      The “proof of other crimes on the phone” defence is nonsense. If the police enters your home with a valid search warrant, _any_ evidence of any crime can be use against you, even if you were innocent in the original case.

      1. Charles 9

        Re: My Passphrase

        "If the police enters your home with a valid search warrant, _any_ evidence of any crime can be use against you, even if you were innocent in the original case."

        Not quite. One of the conditions of a search warrant is that the police must list specifically the item(s) that are to be sought. ONLY those items can legally be seized under the terms of that particular search warrant. Going beyond that can disqualify the evidence. It's been shown on more than a few police procedurals.

        HOWEVER, when police discover unrelated criminal evidence, that doesn't preclude them going out and getting ANOTHER search warrant stating the NEW evidence they wish to seize. A legal search can itself be legal grounds to get a search warrant for newly-discovered evidence.

  17. Gnosis_Carmot

    This is why it is best to use a passcode/passphrase

    The courts have already ruled you cannot be order to divulge a passcode/phrase since it would expose a state of mind and is protected under the 5th Amendment.

    1. JohnFen

      Re: This is why it is best to use a passcode/passphrase

      This is true in some circumstances. It is not true in every circumstance.

  18. Mystereed

    Fingerprints to gummies?

    I think police are already allowed to take finger prints forcibly?

    Are they then allowed to make gummy fingers from those images to attempt to unlock phones?

    Obviously there are time limits involved, but just curious if they did get evidence via that method if it would be admissible?

    1. This post has been deleted by its author

  19. JohnFen

    They did it right

    "In any case, the document makes it plain that the ATF went to some trouble to get the judge's specific authorization on the issue."

    I'm pleased to see that the ATF did this the right way, rather forcing the finger scan first and hoping for forgiveness later.

  20. ecofeco Silver badge

    What the hell is going on?!

    https://www.forbes.com/sites/thomasbrewster/2019/01/14/feds-cant-force-you-to-unlock-your-iphone-with-finger-or-face-judge-rules/

    1. Steve Todd

      Re: What the hell is going on?!

      It's not yet been decided by the supreme court whether or not this is allowed, so local judges are taking their own view? Much of law is about previous findings, and who set the precedent (local judges coming in lowest in the pecking order).

  21. Anonymous Coward
    Anonymous Coward

    Hmmm

    Another Judge, another ruling, another outright violation of the Constitution. The fourth Amendment to the Constitution was specifically written to among other things, STOP the government from conducting random searches, using a general warrant or no warrant at all. Remember, that in order for ANY government search to pass Constitutional muster, it must met ALL the requirements in the 4th Amendment. It continues to amaze me that hundreds of thousands of words are written by the media related to the 4th Amendment each year, and yet, they never, ever, include the actual 4th amendment itselfin the discussion. Such disclosure would of course invariably render moot any attempts support/justify 99% of the government actions in this regard for the simple reason that even the most disinterested lay person would comprehend that such actions are unconstitutional.... supporting/justifying illegal acts against the people by the government, along with illegal and unjust wars and economic policies are "Media's" primary job.

    The 4th Amendment contains NO exception, NO exemptions, and NO limitations of the rights of the citizens to its protect.....(accept in times of war or armed insurrection)

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    The moment this evil women handed down her ruling she should have been placed under arrest and charged with sedition. In fact, every time any Judge in America attempts to violate the Constitution and Bill of Rights in such a clear and unambiguous manner they should be , arrested and charged with sedition because that is precisely what they are doing.

    1. Charles 9

      "The 4th Amendment contains NO exception, NO exemptions, and NO limitations of the rights of the citizens to its protect.....(accept in times of war or armed insurrection)"

      Neither does the FIRST Amendment: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech..."

      Yet the Supreme Court managed to legally make one in the US v. Schenck decition: the "Fire in a Crowded Theater" justification. Simply put, they put other people's rights in the way, which creates a clash that automatically (by the construction of the original Constitution) places limits on those rights (the "Your Right to Throw a Punch Ends at My Nose" argument).

      1. Steve Todd

        You seem to have conflated the Supreme Court with Congress

        The job of the Supreme Court is to interpret the law (including the Constitution and Amendments). In doing so they have to balance the rights of one person against the rights of others. In this case the "free speech" right ends when doing so directly harms other people.

        1. Charles 9

          Re: You seem to have conflated the Supreme Court with Congress

          And similarly, the ability of one to transit freely must be balanced against the safety of the rest of the citizenry (as people getting killed strips them of their rights). Thus the qualification unreasonable search and seizure. Thing is, circumstances can change what constitutes what's reasonable or not, thus it cannot be set in stone.

    2. Carpet Deal 'em
      Facepalm

      Being forced to provide fingerprints. Once you add the warrant, this is little different than unlocking a safe in your house with a key they found on your person when you were booked. At best there's the question of them forcibly using your living finger, but that would be an issue for some other area of law.

  22. Gerlad Dreisewerd

    So somebody write an app that triggers bleachbit with a fingerprint scan.

  23. steward
    FAIL

    Grab your thumb, yes. Chalk your tires, no.

    And while a Federal District Judge in Massachusetts ruled this week that it is constitutional to grab random thumbs and force them on to phones, a 6th U.S. Circuit Court of Appeals panel ruled unanimously that it is a US 4th Amendment violation to chalk tires.

    Chalking tires is an old established practice of identifying cars that have been parked too long - if the chalk's still there in two hours, here comes a ticket.

    The 6th Circuit ruled that when the tire is chalked, the tire (and the car and driver) are not even under a suspicion of breaking any laws, and therefore it's unconstitutional to make the chalk mark in the first place. (Even though the car is on a public street, and no entry is made, it still constitutes an illegal search to make that chalk mark.)

    It should be interesting if the District Court judge's thumb ruling is appealed to the First Circuit Court of Appeals, which oversees Massachusetts. Will they follow the lead of the Sixth and say that thumbs are even more personal than ... no bodily contact at all?? Or will they give the Sixth a middle finger instead?

    Article on chalking tire ruling: https://www.usatoday.com/story/news/nation/2019/04/23/chalking-tires-parking-tickets-unconstitutional-court-rules/3549631002/

    1. gnasher729 Silver badge

      Re: Grab your thumb, yes. Chalk your tires, no.

      The tyre chalk ruling is different.

      When I park my car, in a place where I'm allowed to park my car for an hour, I'm totally innocent. I haven't done anything wrong. For the next 60 minutes, I still havent done anything wrong. Since I haven't done anything wrong, they are not allowed to put chalk marks on my tyres to see if I _will_ do anything wrong.

      Just like the police wouldn't get a search warrant to check your phone to find out if you have committed a crime. They must know of a crime, and have a reasonable belief that the phone contains evidence. In the parking case, there is no crime (yet).

  24. spold Silver badge

    Ongoing...

    Of course it also facilitates retention of fingers to allow for later access.

    You can get 'em back later based on stated retention policies.

  25. Anonymous Coward
    Anonymous Coward

    voice activation

    I wonder how they're going to proceed there. For some, light beating or a taser should be sufficient. For the more hardcore, I dunno... a hot rod up your arse does wonders in some systems, I heard... and given that "times change", why not? After all, years ago, you only had to give up your fingerprints where you were arrested and under the suspicion, and now we do it routinely going on holiday. You had your mugshot taken only when being arrested, and if you wanted to get a passport. Now you get a mugshot taken by default, if you leave a tube station in London. Yeah, definitely, hot rod up your arse is the next step in the neverending progress of homo sapiens.

  26. Anonymous Coward
    Anonymous Coward

    Obligatory xkcd

    https://xkcd.com/1934/

  27. herman
    Devil

    That is why I unlock my phone with the little toe of my left foot.

    1. Charles 9
      Unhappy

      How do you unlock your phone, then, when you're forced to wear closed-toe shoes and can't take them off because of "no shirt, no shoes" rules?

  28. LucreLout

    Confusing

    Also noteworthy is the fact that the agent draws a distinction between mobile phones and computers: the warrant explicitly notes that it does not apply to computers in the apartment and that they will not seize or search any computers they find.

    From a law enforcement point of view, this makes no sense to me. Why not try fingerprint unlock on the computers too. A modern mobile is substantially just a small form factor computer anyway.

    The Supreme Judicial Court rejected the argument that doing so would violate the Fifth Amendment against self-incrimination and said that the government only had to prove that someone knew their passcode. The legal argument was that the contents on the phone already exist and so someone isn't incriminating themselves because they aren't providing any new information.

    This also makes no sense to me. The information may not be originated when I'm compelled to unlock my phone, but your access to it is. Much the same as being able to "take the fifth" when questioned; the information already exists in my head, I'm just denying you access to it because it doesn't help my legal situation.

    she also warned "the court’s decision today sounds the death knell for a constitutional protection against compelled self incrimination in the digital age."

    Yes, yes it does.

    "After today’s decision, before the government may order an individual to provide it with unencrypted access to a trove of potential incriminating and highly personal data on an electronic device, all that the government must demonstrate is that the accused knows the device's passcode."

    Of course they know the passcode to their phone. Why would it be otherwise? In much the same way though, they know what they were doing, with whom and where a week ago Friday at 9pm, but that data seemingly cannot be compelled from them, and I'm far from clear the circumstances or outcome differ substantially.

    In Virginia, the current legal default is that someone cannot be forced to hand over their passcode precisely because to do so would break the Fifth Amendment. But the authorities can use fingerprints to unlock a phone because a fingerprint is a "non-testimonial physical characteristic."

    That seems weak to me. What is the purpose of the fifth amendment? If it is to grant you the right not to incriminate yourself, then why does that right stop where the electrons begin? Gaining access to my information I would not choose to divulge because it would incriminate me seems to me to be fundamentally the same whether you ask politely, use a rubber hose, or use my fingerprints against my clear expressed wishes.

    1. Charles 9

      Re: Confusing

      "Why not try fingerprint unlock on the computers too."

      Fingerprint sensors are not built into most computers. If the police notice a lack of fingerprint sensors on the computers, they can safely assume they're not unlocked with fingers.

      "This also makes no sense to me. The information may not be originated when I'm compelled to unlock my phone, but your access to it is."

      It's the booby-trapped safe argument. One can be compelled by a court to unlock a safe only they can safely unlock. Think of the phone like a booby-trapped safe.

      "Of course they know the passcode to their phone. Why would it be otherwise?"

      It's not actually their phone?

      "That seems weak to me. What is the purpose of the fifth amendment?"

      It's to protect against people being compelled to divulge what they know, even if it's harmful to them. Trouble is, precedent has set that fingerprints are what you are, which is considered public knowledge because it's out in the open. It wouldn't be much different from taking a known fingerprint profile (pretty much mandatory these days) and making a gummy fingerprint out of it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like