What a terrible decision. That’s like saying if you have a house key they can search your house.
There’s a reason they keep you focused on the first two amendments. Don’t want you realizing how comfortable they are with unregulated search and seizure.
Honestly idk how the civil forfeiture can possibly be considered constitutional
They can’t be, at least not without a trial.
That won’t stop the Court.
Sneaky fuckers thought I forgot about the third amendment.
Soldiers keep trying to sleep with your spouse?
they did in fact use the data seized from his phone to find his house, then took his key and searched it
There are finger print locks for doors available commercially too
His attorney probably should have raised that objection in the first place. He should have objected based on the phone not being material to the search of the car. But if he didn’t raise the objection correctly during the initial trial, then he can’t raise the objection on the appeal either.
That’s why passwords are safer in this situation. Cops can’t compel you to reveal it.
Oblig:
I miss when crypto nerd meant cryptography nerd
It still does. People who like cryptocurrency are crypto bros (regardless of gender).
?
They mean literal cryptography.
https://en.m.wikipedia.org/wiki/Cryptography
Now, a lot of old crypto bros were the origins of crypto currency, but that’s a different breed of nerd than the modern crypto bro. The difference is how much you like math and how many posters of Alan Turing you have.
I don’t really know how you misunderstood his post in order to correct you, but I’ll try.
He’s saying crypto nerds like cryptography and crypto bros are cryptocurrency shills.
Ah, I see. The confusion happened because crypto nerd absolutely does not mean that to the casual public anymore, as bemoaned in the parent comment, and I didn’t realize he was insisting there is still a distinction.
I really don’t have a leg to stand on with that topic because I always put “libertarian” in scare quotes.
The thing is, however, that a lot of the crypto nerds are also crypto bros. Or at least, they’re who the crypto bros were trying to be, the guys who were mining Bitcoin when it was worth $0.13, but those two people sound exactly alike on the Internet on their shared interest because they’re both trying to sell you the coins.
cryptocurrency is applied cryptography, no reason you can’t like both.
Yeah, unfortunately, this isn’t a new thing, just upholding the old standard. I explicitly avoid fingerprint and face recognition features because of this. Your fingerprint and your face are legally considered what you are, so things like 5th amendment right to avoid self incrimination don’t apply, but passwords and PINs are legally considered what you know, so you can’t be forced to divulge.
The wrinkle in this case is that the thumb print giver was in parole. The conditions of parole stated that failure to divulge phone pass codes on phones could result in arrest and phone seizure “pending further investigation”. The parole conditions didn’t say anything about forcible thumb print taking.
So the logic here seems to be:
- If he had agreed to unlock the phone then the result would be the same.
- If he refused to unlock the phone, that is a legitimate grounds for arrest. Fingerprinting is a routine part of being arrested, so there’s really no harm if it’s done on a phone in a patrol car. Either way, the result would end up about the same.
Yeah that’s even less than what the standard is. That’s just saying “you have to do what’s in the conditions of your parole, and we won’t accept sneaky technicalities.”
But I suppose “appeals court rules that you have to obey the terms of your parole” is far less ragebaity.
The real story here is how terms of parole are often ridiculous and contribute heavily to our high recidivism rate. Not to mention stripping away rights.
Not arguing in favor of them, with how awful the police and oftentimes court systems are, I’m not surprised to hear parole ones are bad too. But what about them contribute to reoffending?
(I’m too lazy to check myself right now, and maybe the answer will help others too? Plus it might vary in jurisdictions)
I wasn’t referring to the parole officers per se, just the parole stipulations. For example, a common one is that you must be employed. But then you also must make your regularly scheduled meetings with your parole officer, which are scheduled during working hours. The parole board will determine your address (usually as a stipulation of release, usually with family) but the parole office will be on the other side of the city. Public transit is unreliable, if you miss your bus you go to prison.
I had a friend of a friend who was getting released to a halfway house. Never saw the light of day. When they released his clothes to him, that he got arrested in seven years previously, they found Marijuana seeds in the pockets. Not bud, seeds. That’s a parole violation, instant back to prison for 3 more years, minimum. The parole officer who was there told me about it (was also the officer of my friend, who I was giving a ride to).
Any time a cop has the legal authority to access the contents of your phone, you can be compelled to provide your fingerprint or face to unlock it if that will work. If your phone doesn’t have those features enabled and relies on a PIN, they can’t force you to tell them that outside of some unusual circumstances like parole obligations because you agree to those. They can still access your phone, but only to the extent that they can without the PIN. In this case, cops had the required authority because of his parole obligations, but they’d be equally able to force you to unlock by fingerprint or face if they got your phone as part of a search warrant and I think if you’re arrested but only if your phone is relevant evidence. Maybe even if it’s not, but I’m less sure about that.
I just have lockdown mode enabled from the power menu so that it forces pass code login instead of allow fingerprint login.
Never been pulled over or talked to a cop (other than family members) in my life.
You can use the lockdown mode on Android, but you have to remember to turn it on.
Android: Search settings for “Lockdown” and enable “Show lockdown option”
When needed hold the power button and the lockdown option will appear alongside the standard power menu options.
IOS: Hold the Lock button and either volume button to show the power off screen. Cancel out and FaceID will be disabled until you use your pin to unlock the phone.
You can also spam the power button on IOS. It should pop up the same menu as holding the power button. You can cancel, but it requires a password to get back into the phone.
Not sure about Android but IOS you can actually use FaceID for all the things you want like password managers, log into PayPal, and other biometric features but have it disabled to unlock the phone. It’s what I do, you don’t need to spam anything. Just use a pin to unlock.
I didn’t know that!
Cool!
I’ve never understood people who are happy to give their biometrics to fucking PayPal and every other random company. Just use a password for everything.
You don’t “give” your *biometrics to any of them. Your biometric data is used to encrypt and store each services password hash or auth token on your device.
*At least when it comes to login authentication. Nothing stopping them from acquiring your biometric data from a hundred data brokers.
Nothing stopping them
Stop using biometrics for everything, that’ll help
That’s a fair point, I don’t want my info given to every private company out there. However the idea of the biometrics (if you take it at face value [no pun intended]) is that the biometrics are stored on the chip in your device. Then the password or authorization is then granted based on approval from that.
It’s not like you can grab another phone and try to log into said service with your biometrics.
I 100000% guarantee there is a backdoor that allows someone (at least the nsa, probably various companies) to get that data.
I did not know about this feature. Thank you!
Thank you!
iPhone users:
-
DO NOT USE FINGERPRINT unless you absolutely have to for, say, disability reasons.
-
if you use facial recognition, don’t. Same as above.
-
If you find yourselves in a situation with the police, tap the lock button 5 times. This forces a passcode to open the phone and they cannot (yet) force you to enter a passcode.
Anytime I am filming a protest or anywhere near police, I just tap the lock button a bunch of times in my pocket and I can rest easy.
You can also just hold power + volume up while it’s locked, once you feel the buzz it won’t accept biometrics until you put in the password.
On Motorola it’s press power + volume up button and then the lockdown button.
on android you can get Private Lock which locks your phone and disables biometric unlock, when the phone is shaken hard enough
Holy crap this is a great tip I did not know! I haven’t had a run in with the police in like a decade, but better safe than sorry. Hopefully I never need to use it, but I just tried it on my iphone and works like a charm, so thanks mate!
Another dude pointed out you can hold lock + volume up as well
Anytime I am filming a protest or anywhere near police, I just tap the lock button a bunch of times in my pocket and I can rest easy.
How does that help if the police are the ones that alert you to their presence? I highly recommend against quickly shoving your hand in your pocket to tap a button 5 times.
I do it in anticipation. It’s not like they sneak up on you like a ninja. They are very clearly around.
Plus it takes like 2 seconds. Unless they got you at gunpoint you’re probably going to have an opportunity to accomplish this. Most people interact with police in the US being pulled over - you’re telling me you can’t lock your phone before they come to your window?
I learned something from my (quite activists) daughters recently: they delete the Signal app each time they cross a border.
It’s the main coordination and information tool in their circles, and the recommended behavior is just to not have the app when at risk.
Good luck finding incriminating evidence stifling through zillions of Pouting Selfies and Gossip-Sharing Screenshots of Idiot Boyfriend’ text messages.
-
OP can you put the country in the title? Like [US] for example
Done!
Wasn’t there a court ruling that forcing someone to unlock their phone was unconstitutional? The fourth amendment seems to indicate a warrent at least is required to search someone’s papers, in the modern era that should apply to phones, obviously the constitution is meaningless if they want to do whatever but still.
Edit: in Riley v. California (2014) the Supreme Court unanimously decided that warrentless search of a cellphone during an arrest was unconstitutional.
The laws vary from state to state, and I am not a lawyer. But in general, I think it works like this. Things like your fingerprints, face, retina, etc, identify you. In many states, if the cops ask for your identification you are required to give it to them, and they are allowed to force the issue. Things like passwords, access to the interior of your home or vehicle, access to your business files, and things like that are not your identity and normally require a judge to sign a warrant (unless there are “extenuating circumstances”).
Personally, I think the forcing you to unlock your phone without a warrant is bullshit, especially since they have the upper hand anyway. And the phone isn’t going anywhere and neither are you. In most cases they have plenty of time to get a warrant.
This is why everyone should go into their phone settings and enable the lockdown mode option if it’s avaialbe. When I get pulled over I hold the power button and choose lockdown mode and then the only thing that will unlock the phone is my password. But my camera still works.
If your phone doesn’t have the option, just restart your phone. There’s a reason phones require the password and not biometrics on startup.
Things like passwords, access to the interior of your home or vehicle, access to your business files, and things like that are not your identity and normally require a judge to sign a warrant
This is exactly it. If I get arrested and they confiscate my house keys as part of entering jail, they don’t have automatic implicit permission to search my house.
And I don’t understand how this is not a better analogy for phones. Why doesn’t the contents of my phone have the same legal protection as the contents of my house? You may confiscate my key but I do not permit. If you have good reason and sufficient reason, do the damn paperwork and get a judge to sign off
My house key identifies me almost as well as my license. Seems like if they can use my thumb to unlock and enter my phone they could use my house key to unlock and enter my house.
I guess the distinction might be: your fingerprints are physical attributes of your physical person. Your house & house key are objects / property owned by you.
So if you have a fingerprint smart lock cops don’t need a warent to enter your house?
A phone is also property owned by you. Or by the company you work for, so it’s not even yours.
There are two related but distinct issues, and I hope to keep them separate otherwise the conversation goes in circles:
1 - Can police under the circumstances look at the contents of the phone at all? This is to say, if the phone is completely unlocked, can they look through it?
2 - If the police are allowed to look at the contents, but the phone is locked, in what ways can the police unlock it?
Subject 1: This is by far the more important question, and the one that seems to get ignored in discussions of phone searches like this. I would argue that under most circumstances there is no probable cause to search a phone- the phone can not contain drugs or weapons or other contraband, so to me this is the larger hurdle for police. Police should have to justify what illegal thing they think is on the phone that gives them probable cause, and I don’t think that pictures of illegal things are the same as the illegal things themselves. Lawyers would have to hash this out, because I do notice the suspect here was on parole so perhaps there is a clause of parole for this or something. But this is the bigger, much bigger issue- can police even look at the contents? There is an argument from the pro-search side that constants of an unlocked phone are in plain view, and so that right there is a big nexus for the issue.
Subject 2: If we assume yes, only then does subject 2 become an issue. How much can police compel? Well, they can’t compel speech. A passcode would count as protected speech, so they can’t compel that. Biometrics however, from what I have seen of court reasoning, tend to be viewed as something a person has rather than something they know. This would be analogue to a locked container with a combination lock compared to a key. The police can not compel the combo, but if they find they key in your pocket they can take it and use it.
If you are up in arms about privacy, my view is not to fall into the trap of focusing on 2 and the finer mechanics of where the line for what kinds of ways to lock a phone are, and focus on subject 1. Reduce the circumstances in which searching a phone is acceptable, even if the phone is unlocked to begin with.
This is really about how to ensure they can’t unlock your phone even if they have a warrant. They can’t physically force you to give them the right code. SO they have to buy expensive software to clone the phone and try various passwords on the clones.
The appeals courts are always willing to test SCOTUS decisions. Now it’s up to SCOTUS to defend it or not. It was a unanimous decision, specifically based on data privacy rights. So there’s actually hope for it.
Luckily GrapheneOS has a duress passowrd feature. Very useful for these situatuons!
I didn’t know that. Is that in settings somewhere?
Edit: yep, see it now. Damn this must be new or I never looked into it.
It’s new as of about 1-2 months ago.
It was released with the 2024053100 build, so not even a month ago.
How does it work? Can someone use a specified finger to trigger the password requirement?
Nore information at: https://grapheneos.org/features#duress
Passcode. Not fingerprint.
Ah. Then I guess I don’t see how this is related to the post.
It’s not, technically, but if I have sensitive documents on my phone and a law officer is trying to get me to unlock my phone, I will be entering and/or putting the duress code into my phone. GrapheneOS has ‘lockdown’ button by ‘restart’ and ‘shutdown’ all of which will require a passphrase to unlock, even if you normally have fingerprint enabled for X hours each time of use.
So it’s semi-related in that GrapheneOS protects against this type of attack.
This has been the law for a while, it’s just that more Circuits are aligning. Don’t use biometrics if you don’t want LEO to be able to access your phone. A password is covered by 5A in some circuits and in others it’s likely sufficient to just refuse or claim faulty memory due to the stress of the situation. Regardless of the location, the contents of the device are covered by 4A and you may succeed in getting a lot of whatever is found thrown out – classic you can beat the rap, but you can’t beat the ride.
Worth noting, with the caveat that how criminals are treated could eventually become how everyone is treated on the right slippery slope:
provisions of his parole required him to surrender any electronic devices and passcodes
Unfortunately the judge also ruled that it’s no different than forcing someone to give their fingerprints when you book them. If this sets a precedent, it could apply to anyone getting arrested, not just parolees / prior convicts.
Not everyone, just proles.
Ole Donnie T is technically in parole right now. Would love to see this provision applied in that case.
Wow, that is supremely fucked up. Parole shouldn’t require breaching the privacy of anyone who has conversation history stored on the parolee’s devices.
I’ve said it before that I’ll say it again: Biometrics are a convenience to allow you or anyone else to unlock your phone quickly. Biometrics are NOT security.
DO NOT use biometrics to secure your phone unless you want anyone who has you and your phone to be able to unlock your phone without your permission.
And this is why you never, ever, EVER enable biometrics. EVER. Make a damn password or at least a very long PIN and enter that shit every time.
For people who don’t want to do that: turn off your phone if there’s the likelihood that your phone will be confiscated soon (crossing a state border or getting a perquisition). This will
- Disable biometrics
- Encrypt everything
On Android, entering lockdown mode does the same thing. You can do it by pressing volume-up and power at the same time, then tapping Lockdown.
Not all phones work that way. Just tried it on mine btw
deleted by creator
And this only makes it more expensive and time consuming to unlock. So if you’re small fry, they won’t waste the resources. But if you are a “person of interest” don’t be dumb, bring a burner phone.
Completely agree. There are a surprising number of folks who should know better who will swear up and down how safe they are. If they like the convenience and the “cool factor” of using them…that’s fine, whatever, none of my business. Just don’t try to gaslight me that they are safe.
Or power it off when they ask for it to disable biometric unlock.
Not always an option. Sometimes reaching for your phone to turn it off will get you killed. Just don’t use biometrics.
The 9th circuit court judges really have no fucking clue about technology do they
PSA FOR IPHONE:
if you press volume up, then volume down, then hold the power button until the power slider comes on, then it will disable biometrics until next unlock
For GrapheneOS (custom android), there is Lockdown button next to power off and restart which does the same thing. I think it may be on other Android phones as well but not sure.
Yeah, it’s a feature on stock android. Should be in most android flavors
Graphene even has an option to enter a fake pin and wipe the phone iirc.
Yes, known as Duress password.
Yes, and it may be a good idea to have it just in case. But the courts in the US so far mostly ruled that police forcing you to give biometrics to unlock is fine, as it is the same as fingerprinting you when you are arrested. But forcing you to give pin/password is the same as testifying against yourself, which is against the 5th amendment. So they usually can’t make you to give them a pin/password. At least in theory. Still better to have it in practice.
Legit.
Do you have to slide the power slider and turn off your phone for it to work? Or does it disable biometric as the slider show up?
as soon as it shows up, i have also learned in this thread that clicking the power button 5 times does the same
Lol that’s emergency 911 on my phone
Just learned something new. Thanks!
I just tested it… it’s the same combination for a fast shutdown. Up > Down > Hold Power (1 second hold), then you’re introduced to the option of sliding to power off. If you exit from that prompt or just leave the screen idle for about 10-15 seconds (I didn’t count it) you’ll be forced to enter passcode.
Why tf to use biometrics then?
99% of the time im not in a situation where i am being confronted by cops, but crossing a border or a traffic stop it is nice to know
You won’t have the time or ability to do this when the police are involved. DON’T USE IT. It’s not secure.
Biometrics are not secret and should not be used in place of passwords. They are identity like a user name. It’s the same problem with orgs trying to use ssn as a security challenge, with all the beaches pretty much everyone’s is already public knowledge.
For some reason the typo on beaches got me to laugh. Beaches are a very revealing place I suppose, I felt exposed already when I went to them.
i disagree, while not secret, i think a warrant should be required to use them, since it effectively bypasses password auth.
face based and fingerprint based unlocking schemes is a bad idea.
if you dead someone can still unlock your phone with your corpse
You are unable to care at that point though.
Stealing from an dead person is still stealing.
From their heirs, maybe.
I consider the real question to be how they ended up dead but you do you.
I wish there was a way to require both biometrics and PIN. They’re both insecure on their own, but together they’re better. Like instant MFA for your unlock. I would enable that immediately, if it was available.
Edit: then a password / passphrase in case one of the other two stops working (as an emergency unlock).
It’s sort of there, but maybe more to protect from criminals than abuses of authorities. All of my bank apps require a second authentication to launch or even to switch back to them.
Granted I could turn it that off or set it to biometrics, but I leave it on PINs. A criminal wanting to steal from my bank account will need both my biometrics to unlock my phone and a different PIN per bank.
This even provides some protection from the $5 wrench they’d use. Sure, I’ll unlock my phone at the threat of real violence. But you won’t know ahead of time what banking app I have or even how many, so you may not get them all. Pay by phone may use the same biometric but I can likely dispute those charges after the fact
In the abuse of authority scenario, that may keep them out of my bank records but there are established paths to get that from the bank so they’re less likely to be interested. I’m sure they’re more interested in violating the privacy of my friends and family
linux fun fact, im pretty sure you can just do this out of the box using PAM auth.
Gotta love android and IOS being utter dogshit.
Wow, a generic “Linux good, anything else dogshit” comment.
This is in no way relevant to the topic.
This is like if someone posted that they couldn’t get their car with the color they wanted and you saying “fuck you and your car, I can paint my living room in any color I want, right now it is striped burgundy and mint, aren’t living rooms way better than cars?”
and the original comment is entirely irrelevant to the original thread? You can’t be serious.
Am i not allowed to enjoy the flexibility of linux, ever? I agree with the original poster, i think android and IOS should objectively support these features, they have no reason not to. I’ve never said otherwise, i just think they’re dogshit OS’s because they don’t support basic security features you would otherwise expect to any level of consistency.
No, it’s more like ford only producing cars in black, and people complaining about the fact that they don’t come in any other color, and then me mentioning that actually, you can just paint your own car a different color, it’s not really that hard. But regardless of that ford only selling cars in black is a rather shitty business practice to do especially when customers want cars in other colors, because black is, rather boring.
So this is your alt, how cute!
i have an alt? Since when?
I don’t have any other accounts on lemmy lmao, you could doxx me and you would find nothing.
It is rather “you have proprietary car where you can’t even change volume on radio, while I have car that can be repaired with standard parts”.
With PAM you can do literal math captcha.
Show me a mobile phone running Linux with that config working. It doesn’t exist.
i wasn’t talking about phones, but the pinephone, and the pinephone64, and a handful of other phones that are supposedly running linux, that are either not out yet, or really expensive.
Is this your alt?
lol.
nope, unfortunately this is my main, and by main i mean the one sole singular lemmy account that i have.
PinePhone64.
That is just a Phone model, you have yet to show me that phone being configured as you specified
It’s literally linux phone. It runs regular linux. Regular linux uses PAM modules. There is no difference between configuring it on desktop and on phone. If comprehending ability to use same OS on desktop and phone is beyond your intellectual ability, I will guide you with this logical chain: linux on desktop -> linux on ARM computer like raspberry pi -> linux on ARM computer based on Allwinner A64 -> PinePhone is based on Allwinner A64.
If you still don’t grasp it, I’ll try once more. This can be installed on regular linux. Single Board Computers can run regular linux. This includes Pine64, which uses A64 chip. A64 devices can run it from sd card. And if you can’t imagine how Pine64 that works on A64 and PinePhone that works on A64 are connected, here’s neat trick: insert bootable sd card into Pine64, load linux, configure math captcha module, shut it down, insert same sd card into powered off PinePhone, power it on, it will load exact same OS your Pine64 have been using and where math captcha is configured.
go show me that it’s impossible then, once you show me that it’s impossible i will go and do it myself just to spite you.
With PAM you can do literal math captcha.
Linux on it’s way to support things because “haha funny, why not”
Maybe. I don’t biometrics on my computers. Only phone. I don’t unlock my computer a thousand times a day using a crappy touch kb. Actually, if the phone had a physical kb, maybe it wouldn’t have been so bad. Not sure.
i wouldnt really want to use biometrics on my computer either, i’d rather use a physical security key, but then i’d probably also want to use it with my phone also. So there’s that i guess.
The only issues I have with a yubi on a phone, is the general fragility of USB-C ports (and that there is only one). On a PC or laptop, you’ve generally got several, so if one breaks and the yubi can’t be used in that port, you’re not locked out.
yeah, i would be doing something more like NFC smart card type shit tbh. Perhaps an embedded chip in your hand or something. There are options.
You claim so and yet have no example article, video, blog post, or any form of proof of it ever being done. Everything is possible in theory, even on iOS (with a jailbreak).
bro i use linux, i have literally configured a fingerprint scanner to work before, do you think i’m just making up PAM?
There is quite literally a section on the arch wiki about this being a thing.
https://wiki.archlinux.org/title/Fingerprint_GUI#Password there are probably a handful of other methods of doing this notably any additional form of 2FA. (like this one is)
although realistically, there are better ways of doing this than using biometrics, physical security keys for example.
Also you say this like the OP actually verified that this was a thing that was impossible and couldn’t be done. You’re also acting like i claimed that this was explicitly the case, which i did not.
bro i use linux, i have literally configured a fingerprint scanner to work before
So did I, can confirm it’s easy, and it doesn’t matter because we are not talking about configuring a fingerprint scanner to work, we are talking about having a phone lock screen that asks for both a fingerprint and a password, something that would require, at the very least, UI that I don’t think exists in any Linux phone project. That there is underlying functionality in PAM to make it happen is irrelevant, because that’s only part of such a solution.
do you think i’m just making up PAM?
No, why? I’m saying that there is no Linux phone where “you can just do this out of the box” like you say.
i wasn’t talking about phones, you are retconning my own thoughts lmao.
No, why? I’m saying that there is no Linux phone where “you can just do this out of the box” like you say.
i did not say that, not once, please show me where on the doll it says “linux phone”
The topic is about phones, and you said:
Gotta love android and IOS being utter dogshit.
If you are saying you started an offtopic conversation about Linux that had nothing to do with phones, and then, unrelated to your own comment, complained about Android and iOS even though your comment had nothing to do with phones, then… that sure is interesting.
no, we were talking about basic cybersecurity, or i suppose physical device security, which just happens to be relevant to phones because it turns out phones are dogshit at physical security. So i left a comment about how this is basically a solved problem on linux, because it’s not actually that hard to just implement proper security.
I was complaining about android, because both me and the commenter i was responding to were talking about how awful security is on these devices, for no reason other than utter incompetence or forced inaction.
This isn’t interesting, it’s a basic conversational pattern, if you haven’t spoken with enough people to realize that conversations just, shift sometimes, i feel bad for you.
