[HN Gopher] French court: refusing to disclose mobile passcode t...
___________________________________________________________________
French court: refusing to disclose mobile passcode to law
enforcement is a crime
Author : miles
Score : 189 points
Date : 2022-11-10 18:21 UTC (4 hours ago)
(HTM) web link (www.fairtrials.org)
(TXT) w3m dump (www.fairtrials.org)
| Barrin92 wrote:
| I'm a little bit skeptical about the claim that refusing access
| to a phone falls under the right of not self incriminating. There
| is such a thing as a lawful search of property, and when someone
| comes to you with a warrant to search your car in particular if
| it involves an ongoing crime you certainly cannot refuse, and
| pretending you forgot the keys isn't going to do you much good
| either.
|
| I don't think phones are particularly special in that regard. The
| bigger issue seems to be that phone searches are often attempted
| in unlawful manner.
| adrian_b wrote:
| I do not believe that it is acceptable to consider as
| equivalent actions the search through a house or other
| property, or a body search, with reading the memory of a
| computer or of a smartphone or even with the reading of a
| (possibly encrypted) notebook.
|
| Any external memory, regardless whether it is a flash memory, a
| magnetic disk, an optical disc, or just a piece of paper, is
| just an extension of the memory from your brain.
|
| Admitting that there is a reason for anyone else but the owner
| to read a memory device is the same with admitting that they
| have the right to obtain any information that is stored inside
| your brain.
|
| Even if for now the only technical means for obtaining the
| information stored in the brain is torture, that may change any
| time, if someone will ever discover how the biological memories
| are stored.
|
| When that will happen, it will be too late to claim that
| physical search is not the same thing with reading memories, if
| this is not already established now.
|
| Even this French court decision is just a method of using
| torture for obtaining the information stored in the brain
| memory of a person.
|
| Because they can no longer use a good beating with "nerf de
| boeuf" for obtaining the information from the suspect, the
| beating is replaced as a torture method with the threat of
| imprisonment and of a huge fine, this being supposedly a more
| civilized technique.
| simonh wrote:
| The logical conclusion from that would be that destroying a
| persons notebook would be equivalent to violence causing
| brain damage, and so assault on a person. I'm aware of the
| theory of extended mind this notion is based on, and that's
| not going to fly in any real world legal system any time
| soon. Even Clark and Chalmers that came up with the concept
| of extended mind don't think that actually makes practical
| sense.
| crooked-v wrote:
| Your analogy actually supports not giving up a password: if you
| pretend to lose your keys, it's not illegal to avoid helping
| the cops find them.
| Barrin92 wrote:
| I'm not convinced that's true because I feel like I'm getting
| hit with obstruction next, also depending on the country in
| question of course.
|
| But the important point is this isn't about self-
| incrimination. If you accept that a search of property can be
| ordered then that implies that authority can compel you to
| actually see the search through. In the physical world the
| police would just break your lock. Can't do that with
| encryption, but that's not a legal argument. If someone was
| screaming in a trunk and cars had unbreakable locks, that
| wouldn't be a justification to not compel the driver to open
| it.
| crooked-v wrote:
| > If you accept that a search of property can be ordered
| then that implies that authority can compel you to actually
| see the search through.
|
| Except, it doesn't. If police present a warrant at your
| door they can't force you to help them open the bank vault
| in your basement.
|
| > If someone was screaming in a trunk and cars had
| unbreakable locks, that wouldn't be a justification to not
| compel the driver to open it.
|
| Now you've moved the goalposts from "search and seizure" to
| "crime actively in progress". These things are not the
| same, ethically or legally.
| notch656a wrote:
| Oh yes they can force you to see a search through. I had
| a federal search warrant executed where a judge
| explicitly gave permission for medical personnel to
| "internally search" my body. They're unable to do that
| without your cooperation.
| PeterisP wrote:
| "if you pretend to lose your keys, it's not illegal to avoid
| helping the cops find them."
|
| I would be careful with that assertion - that likely depends
| on the jurisdiction, but I'm quite convinced that this would
| be obstruction of justice. It may be hard to prove that
| you're doing that, but if they manage to do that, it would
| actually be a crime - once you're aware that there's a
| criminal proceeding, actually disposing of these keys so that
| cops wouldn't access the evidence would be obstruction of
| justice, and so would be intentionally asserting to the cops
| that you don't have the physical keys if you actually do have
| them (the right to remain silent does not protect making
| false statements). For example, there's quite a lot of
| precedent for obstruction of justice by hiding a gun that was
| being sought by an investigation; I seem to recall reading
| about a case where the actual murder could not be proven in
| court but the likely culprit was convicted for obstruction of
| justice by throwing the murder weapon into the river which
| was captured by cameras.
|
| However, I would say that you are quite likely to get away
| with this - just not because it's legal but rather because
| the circumstances making the difference between fair play and
| felony may be very hard to prove and prosecution might not
| bother unless they want to make a point by doing that.
| neaden wrote:
| Safes with codes have existed for quite awhile, I would expect
| that there is precedent there if the police can make you open
| them/provide the code.
| kybernetyk wrote:
| >you certainly cannot refuse
|
| this is true but you don't have to actively help/participate in
| the search. giving out a password is - to me - actively helping
| vs just standing by and watching what the cops are doing.
| user5994461 wrote:
| It seems to me this English article does not reflect the actual
| decision of the court in French.
|
| See judgment here and attached PDF (in French)
| https://www.courdecassation.fr/toutes-les-actualites/2022/11...
|
| The case was a person who was arrested for drug possession and
| trafficking, they were requested to give their passcode to unlock
| 2 phones allegedly used for trafficking, they refused then were
| further charged for not giving their password.
|
| 1) 15th May 2018 - First court ruled on drug trafficking but
| rejected the charges for not giving the passcode to unlock the
| phone, considering that a screen passcode is not a cryptographic
| mean to make the data on the phone unreadable or inaccessible.
|
| 2) 11th July 2019 - Escalated to the court of Appeal, same
| result.
|
| 3) 13th October 2020 - Escalated to the cour de cassation, who
| ruled that the law was incorrectly applied and sent back the case
| to the court. The cour de cassation doesn't rule cases, it only
| rules on whether a specific law was correctly applied by the
| court. (A decision of the court de cassation, like this one,
| explains how a law is meant to be interpreted and applied by the
| courts).
|
| 4) 20th April 2021 - The court of Appeal, repeated the initial
| result (home screen passcode is not a cryptographic mean to
| protect data) and dismissed the charges AGAIN.
|
| 5) Yesterday - Escalated to the cour de cassation AGAIN, who
| ruled that the law was incorrectly applied AGAIN, and sent back
| the case to the court AGAIN.
|
| 6) Future - This is pending another trial, from the court of
| appeal.
|
| My understanding of the cour de cassation explanations, the home
| screen may or may not constitute a cryptographic mean to make the
| data unreadable or inaccessible, that depends on the phone. The
| court needs to rule on whether it is for that specific phone in
| that specific case.
|
| For the HN audience who is technical and some of you actually
| make the phones. Most modern phones including all Apple and most
| Android have cryptographic means to protect all the data on the
| phone, it's effectively not possible to access contacts,
| messages, photos, storage, etc without having the home screen
| password. (Please consider that historically, it was often
| possible to take out the sim card or the storage SD card or use
| other tools to read the content of the phone, but not anymore)
|
| My understanding is that the next ruling will have to consider
| whether these technical protections render the data inaccessible
| to the police. If yes and the data is deemed required for a
| criminal investigation, the suspect is required by law to
| disclose their passcode, or risk up to 3 year of prison and 270
| 000 euros.
| mananaysiempre wrote:
| Wait, is refusing to give up your encryption keys actually a
| crime in France (not only the UK)? I thought (though it's been
| several years since I've looked that up) it was only an
| aggravating circumstance if the encrypted material in question
| has been used to commit a different crime and you have been
| convicted of that.
| folays wrote:
| I'm from France, I read the Cassation ruling, and I'm law-savy.
|
| First, we wouldn't care of what the 1st court ruled. Nobody
| would consider a 1st court ruling as a new statu-quo.
|
| Content of the 7h November 2022 ruling :
| https://www.courdecassation.fr/decision/6368dc51f1ea8a7f744f...
| > It says that's an iPhone 4...
|
| > the lower court (Cour d'Appel) ruled that the passcode is not
| a "cryptographic convention" (which both the Algorithm and
| Private Key would classify as), and consequently that the
| person is not guilty.
|
| > The general prosecutor, not happy with this verdict, appealed
| to the higher court (Cour de Cassation), arguing that the lower
| court violated the law by insufficiently researching IF on the
| concerned iPhone 4, does the passcode is a "cryptographic
| convention"
|
| Because when a Cour d'Appel applies a law, in this case,
| without not even research if this specific law is applicable to
| this specific element, it can be broken by the high court.
|
| The Cour d'Appel did not even have to be "right" or
| sufficiently technically competent. The Cour d'Appel only had
| to declare that it researched IF on this phone, the passcode
| was a "cryptographic convention".
|
| If the Cour d'Appel declared such a thing, EVEN IF IT WERE
| BLATANTLY FALSE (I'm not arguing myself for the correctness
| here of this statement), then the Cour d'Appel would be deemed
| to have stated its sovereign judgment on this matter.
|
| On such a task, The Cour d'Appel could not be overridden by the
| higher Cour de Cassation.
|
| (the Cour de Cassation cannot re-evaluate the sobering judgment
| of the Cour d'Appel).
|
| BUT, the Cour d'Appel intended to apply the "refusing to yield
| the cryptographic convention == bad" law, without even
| researching IF beforehand this was REALLY a "cryptographic
| convention".
|
| The general prosecutor leveraged this oversight by asking the
| Cour de Cassation to break the lower court jugement.
|
| He won. The Cour de Cassation break the lower court ruling, and
| sent them back to court again. The break ruling is :
|
| > By affirming that the passcode is not a "cryptographic
| convention", WITHOUT analysing the technical characteristics of
| the concerned iPhone4, yet essential to figure out a decision,
| the lower court insufficiently justified its decision
|
| ==== What I have to say on this matter
|
| It's an old iPhone. I'm a bit lazy to Google what's the
| passcode is doing on the range of iOS versions supported on
| such an old phone.
|
| A 4-8 digits passcode is not enough not be secure. That's weak
| as hell. That's only 10^8 possibilities, and the Private Key
| can be brute-forced in 1 second.
|
| Still, IF on this old iPhone the weak-as-hell passcode was the
| Private Key of encrypted data, then it could be deemed a
| "cryptographic convention", and the person could be deemeded
| guilty.
|
| On a _RECENT_ iPhone, I think that this person could escape
| being guilty for not giving its homescreeen password or code.
|
| On RECENT iPhone, those weak (4-8 digits) are NOT part of a
| "convention de dechiffrement" The passcode is neither the
| crypto algorithm, nor the Private Key to the data.
|
| on recent iPhone, the password is ONLY a key to a safe : the
| Secure Enclave (T2 chip).
|
| The Secure Enclave, even in rescue mode, has an API, and only
| accepts ~10 passcode attempts. When you succeed, you are giving
| a mean to decipher data. I don't even know if :
|
| - the Secure Enclave yields back the Private Key
|
| - or just provides an hardware API to further decrypt data.
|
| What I mean is that on recent iPhone, the passcode is NOT part
| of the "cryptographic convention". It only unlocks a safe : the
| Secure Enclave.
|
| That would be the same thing as storing the Private Key in a
| safe.
|
| On iPhone4, probably the passcode IS used as a seed to
| regenerate the Private Key, and as such refusing to give it to
| police is breaching the law.
|
| On iPhone with Secure Enclave + T2, probably the passcode is
| not used as a seed, because that would be weak as hell.
| refusing to give it to police is possibly not a breach of law.
| [deleted]
| breton wrote:
| I am reading a bit more about this. In a similar case, where Fair
| Trials intervened, they made this submission:
| https://www.fairtrials.org/app/uploads/2022/03/FT-interventi... .
| In the submission there are these sentences:
|
| > Law enforcement authorities may compel suspects to provide the
| passcode to their mobile device under threat of a legal sanction
| pursuant to Article 434-15-2 paragraph 1 of the French Criminal
| Code, [...]. The request must be sanctioned by a judicial
| authority.
|
| What is this sanction by judicial authority? A court order? Can
| it be appealed against? Can i get a lawyer participate in the
| hearing for the sanction?
| simonh wrote:
| France has investigating judges, maybe one of them would have
| the authority?
| webmobdev wrote:
| Interesting. Doesn't France have a legal system that leans more
| towards Civil Law than Common Law? So how much legal validity
| does this judgement have?
| formerly_proven wrote:
| This comes from their equivalent of the Supreme Court
| ohbtvz wrote:
| No, the cour de cassation is not the equivalent of the
| supreme court in many ways.
|
| * It doesn't judge the constitutionality of laws. That's the
| constitutional court.
|
| * It doesn't judge cases related to complaints against the
| administration. That's for the council of state.
|
| * Its precedents don't bind lower courts, who are free to
| rule differently.
|
| * In France, judges are explicitly forbidden to write a
| judgement that seems to hold in a general manner (article 5
| of the penal procedure code) - we have a much stricter
| separation between the legislative and judiciary. They always
| judge specific cases. This applies to the cour de cassation
| as well.
|
| It's just not useful to try and compare the US and French
| legal systems. They're too different.
| occamrazor wrote:
| Article 5 C.p.p. is about jurisdiction ov criminal and
| civil courts. Did you mean a different article?
| palsecam wrote:
| Article 5 of the civil code, I guess:
|
| _<< Il est defendu aux juges de prononcer par voie de
| disposition generale et reglementaire sur les causes qui
| leur sont soumises. >>_
|
| https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI0
| 000...
| mytailorisrich wrote:
| This decision is _de facto_ the Law.
|
| Indeed, this is a decision of the " _Cour de Cassation_ ",
| which is the highest court and which does not judge guilt in
| specific cases (edited to clarify), but whether the law was
| correctly applied. So by judging that this is a criminal
| offence (actually they have only confirmed previous legal
| decisions so it was expected) they have ruled that French Law
| states that this is a criminal offence, including based on
| jurisprudence (previous decisions). So that rather settles it.
| ohbtvz wrote:
| The cour de cassation does judge specific cases. They don't
| make the law and lower courts are not bound to their
| precedent. I wrote a more complete explanation in a sibling
| comment.
| mytailorisrich wrote:
| " _En effet, son role n'est pas de rejuger les affaires.
| Elle juge le droit exclusivement. De ce fait, la Cour de
| cassation ne s'attache pas aux faits d'un arret ou d'un
| jugement, mais elle verifie la bonne application de la loi
| a la decision attaquee. Autrement dit, elle ne se prononce
| pas sur les litiges, mais seulement sur les decisions qui
| concernent les litiges._ " [1]
|
| It only checks that the law was correctly applied, it is
| not an appeal where the guilt is re-assessed (that's what I
| meant, obviously not very clearly).
|
| [1] https://juripredis.com/la-jurisprudence-
| dossier/comment-defi....
| ohbtvz wrote:
| It doesn't "lean more" towards civil law, it _is_ a civil law
| legal system. Nevertheless, precedent ( "jurisprudence") is
| still part of the legal framework.
|
| The cour de cassation, the highest court of appeals, has
| rendered a judgement about something which is ambiguous in the
| law. This is a judgment about a particular case in a particular
| situation, and judges are explicitly forbidden from writing
| anything in their judgment that would look like a general
| statement. Lower courts are independent and can render
| different judgments in similar cases if they interpret the law
| and the situation presented to them differently. So why does it
| matter that the cour de cassation created this precedent? Well,
| it's the highest court of appeal. Any lower court who judges
| differently sees clearly the "risk" that their judgment is
| appealed, passed on to the cour de cassation, overturned, and
| needed to be judged again. We have professional judges in
| France, and they recognize there is little point in wasting the
| State's resources on such things without good reason.
|
| But because we are in a civil law country, it is quite likely
| that the existing law will be clarified and supplant the
| precedent. In a civil law country, precedent is always
| subordinate to codified law.
| [deleted]
| guerby wrote:
| There is an appeal being made to ECHR (1) according to:
|
| https://www.nextinpact.com/lebrief/70314/refuser-deverouille...
|
| (Also other cases are mentionned in the fairtrials article)
|
| (1) https://en.wikipedia.org/wiki/European_Court_of_Human_Rights
| adrian_b wrote:
| In my opinion, one of the most fundamental human rights, maybe
| even the most important human right, is the right to refuse to
| answer to a question.
|
| Any law that says that there are circumstances when humans must
| answer to a question otherwise they will be punished is wrong and
| abusive.
|
| Obviously, when people are suspected to have done something
| illegal, but they refuse to give answers that might dis-
| incriminate them, then that can be used in conjunction with
| evidence that makes probable that they are guilty to conclude
| that they are indeed guilty and sentence them accordingly.
|
| However, in such cases any punishment should be for the crime
| whose authors they are believed to be and not for refusing to
| answer any question.
|
| I do not care if a bunch of mean or stupid people claim to
| "represent the will of the people" and they make Draconian laws
| that punish those who do not answer questions. I will never
| recognize that they have any right to make such laws and I pity
| the people that are so naive that they accept the existence of
| such laws.
|
| I have been born and I have grown up in a country which was
| governed by a criminal organization which had received the
| political power from a foreign invading army, even if they also
| claimed that they have been elected democratically and they
| "represent the will of the people".
|
| To maintain their power, the government imprisoned and killed any
| opponents, which were identified through mass surveillance.
|
| Any honest citizen did not have any greater wish than to get rid
| of the government, but it was impossible to organize any kind of
| opposition, due to the mass surveillance and due to the
| confidential informers who infiltrated any institution or
| company.
|
| In such a country, answering the truth to any question of a law
| enforcement officer could lead to grave consequences for other
| innocent people, from destroying their professional careers, up
| to even death.
|
| A similar history was shared by all the countries in the Eastern
| Europe, but there are also many other such countries.
|
| It worries me that after a decade when it seemed that the
| political conditions have greatly improved in many countries,
| after 2000 the actions of the governments from North America,
| Western Europe and Australia have become each year more and more
| similar to the actions of the former communist governments that
| they previously loved to criticize for their disregard of human
| rights, and the legal rights of the citizens of these countries
| have become more and more restricted, under various pretexts,
| such as "war on terror" or "save the children".
| FpUser wrote:
| >"In my opinion, one of the most fundamental human rights,
| maybe even the most important human right, is the right to
| refuse to answer to a question"
|
| I agree 100%. Not respecting / recognizing the right of being
| silent and jailing people for that in my opinion is a crime
| itself.
| nimbius wrote:
| friendly reminder for those in the USA, or visiting it:
|
| face, blood, fingerprint, and other biometrics on your mobile
| device are not protected by the 5th amendment and can be secured
| from your person _by force_ if necessary and compelled by a
| warrant. If you fail to submit to a DUI test for example, your
| blood can be forcibly drawn against your consent in the presence
| of a warrant.
|
| strong passphrases (not passwords) however are vital to your
| security and protected under the united states 5th amendment. you
| can be compelled to surrender your device, but not its password.
|
| failure to disclose a password cannot be used as reasonable
| suspicion to detain you for a crime.
| trafnar wrote:
| Related for iPhone users: if you press and hold the lock and
| volume up buttons until the "slide to power off" screen
| appears, FaceID will be disabled until the next successful
| passcode entry.
|
| You can press "cancel" after the "power off" screen appears, or
| you can power it off, faceID will be disabled regardless.
|
| Further discussion:
| https://daringfireball.net/2022/06/require_a_passcode_to_unl...
| derrasterpunkt wrote:
| One can also press the lock button five times which has the
| same outcome.
| 14 wrote:
| iPhone 8 on iOS 13 here. That does not work but holding
| lock and volume does.
| Symbiote wrote:
| Are there any Android phones with a similar feature?
| [deleted]
| notch656a wrote:
| Seems passcode should be obtainable too then, as it is
| represented in the physical configuration of your brain's
| biological system and thusly could technically be considered
| biometrics.
|
| The fed's didn't have much trouble getting a warrant to have my
| internals x-rayed last time I crossed the border, even though
| that was all internal configuration of the body.
| zoklet-enjoyer wrote:
| Nah, we have the right to not self incriminate ourselves. I
| think blood drawing is over the line, but face and finger
| scans are non-invasive.
| notch656a wrote:
| I would argue forcing someone to put their finger on a
| phone or otherwise provide their physical self in a
| compulsory manner is self-incrimination. Your body is part
| of your 'self.'
| pessimizer wrote:
| Physically forcing someone to do something isn't self-
| anything. If it were, the electric chair would be
| assisted suicide. You don't even need to be alive to put
| your finger on a phone.
| notch656a wrote:
| physically forcing someone to incriminate themselves is
| self incrimination. Why would it not be self-
| incrimination once they are forced? Your statement makes
| zero sense.
|
| The whole point of laws regarding self incrimination is
| not to stop people from being electively able to
| incriminate themselves, but to stop the government from
| being able to force them to incriminate themselves.
|
| Almost everyone but you is familiar with self-
| incrimination as the word(s) used in modern English as a
| concept that includes things like testifying against
| yourself whether you were physically forced to to or not.
|
| ------------
|
| RE to below: (due to timeout)
|
| >Again, the government cannot force people to incriminate
| themselves.
|
| force : coercion or compulsion, especially with the use
| or threat of violence.
|
| >It can threaten people in order to convince them to
| incriminate themselves,
|
| You literally used an example of force.
|
| In classic HN autistic pedantry, if someone puts a gun to
| my head and demands my wallet and I hand it over -- well
| your honor they were never forced to do it! You see they
| were just threatened to be convinced to hand the wallet
| over!
| pessimizer wrote:
| > physically forcing someone to incriminate themselves is
| self incrimination.
|
| You can't physically force someone to testify. It's not a
| thing that is possible, unless you kill them and attach
| electrodes to the muscles of their mouth, throat, and
| diaphragm. The testimony that results from that method
| will not be convincing.
|
| > The whole point of laws regarding self incrimination is
| not to stop people from being electively able to
| incriminate themselves, but to stop the government from
| being able to force them to incriminate themselves.
|
| Again, the government cannot force people to incriminate
| themselves. It can threaten people in order to convince
| them to incriminate themselves, it can punish people if
| they refuse to incriminate themselves, but it can't force
| people to incriminate themselves. It _can_ put their
| finger on a phone. _You_ can put their finger on a phone,
| if you 're bigger than them, or they are asleep.
|
| The point of laws about self-incrimination is to declare
| that refusal to self-incriminate cannot be punished.
| devwastaken wrote:
| If it's a federal crime they'll charge you with conspiracy to
| commit a crime and you're a felon by default. That's what they
| did to crypto drug sellers.
| mrkeen wrote:
| Do any of these protections count at the airport/border?
| bvanderveen wrote:
| Super, le pays des droits de l'homme !
| [deleted]
| ur-whale wrote:
| > Super, le pays des droits de l'homme !
|
| Only folks who never left France still believe in that worn out
| trope.
| mgamache wrote:
| The EU is so protective of consumer rights, but not of personal
| rights with respect to governments. Seems odd, but is a result of
| socialist influence. In the US we have more protection against
| government abuse and less corporate. But it ends up being the
| worst of all worlds because the government just uses the
| corporations to provide the data they could/would never have
| access to.
| guerby wrote:
| This is France, not EU.
|
| Like it has done many times the EU court ECHR will say this
| French law is not compatible with human rights and send things
| back to french courts.
|
| Same thing it has done to laws forcing keeping logs for
| everyone forever:
|
| https://www.nextinpact.com/article/44019/conservation-donnee...
|
| But then the french highest state court judged that it doesn't
| have to follow what the EU court said:
|
| https://www.nextinpact.com/article/45613/comment-conseil-det...
|
| Then it will be appealled again with same results...
| kwhitefoot wrote:
| The ECHR is not an EU institution, perhaps you have the ECJ
| in mind?
| rnhmjoj wrote:
| https://en.wikipedia.org/wiki/European_Court_of_Human_Right
| s
| mytailorisrich wrote:
| There always has to be a balance.
|
| Some countries have enacted laws to create an obligation to
| disclose encryption keys, etc. during criminal investigations
| in response to new technologies because now everyone has access
| to encryption methods that are essentially unbreakable without
| knowing the key. So while people have and should have the right
| not to incriminate themselves it is also reasonable to ensure
| that criminal investigations can still be (fairly) carried
| out... It was much easier when people could only hide their
| secrets in a safe.
|
| I believe even in the US one may be obligated to disclose keys.
|
| One big question is whether this should require a court order,
| which implies that the police must convince a judge that this
| is necessary and useful, or whether (as seems the case here?)
| the police themselves have that power, which is indeed more
| contentious.
| [deleted]
| [deleted]
| formerly_proven wrote:
| The US has uniquely good protections against abuse by
| government officials. Things like the fruit of the poisonous
| tree doctrine, explicitly designed to keep prosecutors from
| overstepping their boundaries, simply don't exist in most of
| the world. Admissibility is complex and important in the US and
| basically not a concern outside the US at all, virtually
| everything is admissible in court. For example, it has been
| established at the highest level of jurisprudence in the EU
| that you _can_ torture suspects and you _can_ prosecute them
| with evidence acquired through their forced confession. That 's
| because at a fundamental level, the prosecutors/court
| determining the truth far outweighs the right to a fair trial
| in most of the world. The idea outside the US being that you'll
| just prosecute investigators and prosecutors who overstep legal
| boundaries.
| watwut wrote:
| Does it really, in practice? Looking at the two systems, I
| would genuinely trust the US system less.
|
| Also, you are wrong about admissibility. It is not true that
| everything is allowed, it depends on context. Also, what
| happens even when the thing is admitted is that police can be
| punished for breaking rules. Not by changing result of the
| court, but by punishing the police. And that is super big
| one.
|
| Plus, most case in US are not even going through court. 96%
| or so are done by guilty plea. Going through court is super
| expensive and you risk much higher punishment.
|
| US courts are notoriously deferential to cops and
| prodecutors. It just does not strikes me a system to trust
| all that much.
| ClumsyPilot wrote:
| > has been established at the highest level of jurisprudence
| in the EU that you can torture suspects and you can prosecute
| them with evidence acquired through their forced confession.
|
| This sounds like complete tosh - what is the highest level
| of. EU, ECHR? I dont believe they ever made such a ruling
|
| Additionally, there was no EU equivalent to Guantanamo Bay
| level of toture and extrajudicial kidnapping.
| mellavora wrote:
| > The US has uniquely good protections against abuse by
| government officials.
|
| I hear even civil forfeiture is in decline.
|
| Though too many cases still end by plea bargain. Which has
| interesting parallels to torture https://chicagounbound.uchic
| ago.edu/cgi/viewcontent.cgi?arti... from 1978. With others
| arguing that plea bargain is coerced confession, and some
| legal scholars even thinking thoughtful torture would be
| better https://www.econlib.org/how-thoughtful-torture-beats-
| plea-ba...
|
| I love the US, and part of that love is to help it see its
| weaknesses and injustices so we can fix them.
| yyyk2 wrote:
| > Seems odd, but is a result of socialist influence
|
| What compels americans to make these idiotic claims?
| kelseyfrog wrote:
| The Red scare left a lasting cultural imprint. Ask any
| socalist what they think socialism is and compare it to what
| an American[1] thinks socialism is. Note the differences.
|
| 1. obvsly a non-socialist American
| pessimizer wrote:
| Also, Glenn Beck had a lot to do with it. He gave a bizarre
| version of 20c history that stuck, to a lot of angry people
| who don't read. It used to be that right-wingers would
| target the New Deal as socialism, now they think the banks
| and _consumer rights_ are socialism.
|
| If you can convince people the banks are socialist, you've
| created a Schrodinger's Premise where the banks primarily
| exist to destroy the banks; any premise that is both true
| and not true at the same time can be used to prove
| anything.
| rr888 wrote:
| This is a classic result of socialism. See Hayek: "centralized
| planning, which inevitably leads to totalitarianism"
| https://en.wikipedia.org/wiki/The_Road_to_Serfdom
| ClumsyPilot wrote:
| Isn't it ironic that serfs were private property but
| socialism stands accused.
| pessimizer wrote:
| Whenever capitalism does anything wrong, it's socialism's
| fault.
| skrause wrote:
| France is not a socialist country.
| chetanbhasin wrote:
| Good thing that I keep forgetting my passcode then.
| commandlinefan wrote:
| Forgetting it is a crime, too.
| mirekrusin wrote:
| Is it?
|
| Btw. with new iPhone they just need to hold it close to his
| face while handcuffed.
| smoldesu wrote:
| Not even. If you live in a large enough district, they just
| plug it into their Greykey and dump a disk image of
| whatever is on your iPhone's flash.
| pmontra wrote:
| Is that the only and mandatory way to unlock an iPhone? No
| passcode?
|
| I'm defending against thieves so I'm using fingerprints on
| my Android (and passcode) but if I was defending against
| the law I'd go passcode only.
| toomuchtodo wrote:
| Does pressing the power button five times still disable
| biometrics?
|
| Edit from sibling comment link with alternate easier method
| to hard lock: "Just press and hold the buttons on both
| sides. Remember that. Try it now. Don't just memorize it,
| internalize it, so that you'll be able to do it without
| much thought while under duress, like if you're confronted
| by a police officer. Remember to do this every time you're
| separated from your phone, like when going through the
| magnetometer at any security checkpoint, especially
| airports. As soon as you see a metal detector ahead of you,
| you should think, "Hard-lock my iPhone"."
| vladvasiliu wrote:
| > Just press and hold the buttons on both sides.
|
| This doesn't seem to work on my iphone 7 with ios 15.7.1.
| If the screen is off, nothing happens. Or if I happen to
| push the power button slightly before or after the volume
| key, the screen will turn on and touch id works as usual.
| If the screen is on, but the phone is locked, nothing
| happens either. The screen will just turn off at some
| point. The phone can still be unlocked normally.
|
| What does work is pushing _only_ the power button _when
| the screen is on_ for a few seconds. This is a dual press
| (1. turn on screen; 2. start shut down procedure). Or
| pressing the power button five times, whatever the screen
| state. But that also activates the emergency call
| countdown.
| ljlolel wrote:
| yes
| bombcar wrote:
| Yep, just tested here, 5 clicks and you get the
| emergency/poweroff screen which then will require
| passcode afterwards, even if you don't power off.
| formerly_proven wrote:
| With the eyes open
|
| Pentuple clicking of the side button disables biometric ID.
| Going to the power menu by holding volume and side button
| does the same.
| xenophonf wrote:
| Or--and hear me out, I realize this sounds crazy--one
| could just not enable biometrics.
| hef19898 wrote:
| But they are so convenient! And phone makers keep telling
| us they are so secure!
|
| Disclaimer: I don't use biometrics anywhere
| bhaney wrote:
| > With the eyes open
|
| I don't have an iPhone with FaceID to test this, but
| supposedly you need to be looking at the phone as well,
| so it should be fairly easy to avoid unlocking the phone
| under duress (consequences notwithstanding).
| ldrndll wrote:
| It's worth mentioning here that as long as long as you have
| a few seconds notice you can force your Face ID enabled
| iPhone to require a passcode the next time it's unlocked.
|
| Just press and hold the power button and either volume
| button for a few seconds. See https://daringfireball.net/20
| 22/06/require_a_passcode_to_unl... for a lengthier
| exposition
| e_i_pi_2 wrote:
| (not a lawyer or french) but generally yes - it's your
| responsibility to give the password to the police,
| forgetting it would be equivalent to forgetting to pay at a
| store or forgetting to put on a seatbelt while driving - it
| may be accidental but still illegal. I don't know of any
| laws where you can legitimately claim ignorance
| f1shy wrote:
| That is a looong shot! The responsibility for my
| passwords is mine and sole mine! Other thing is being
| negligent with password security, and a breach leading to
| damage of property of life... but forgetting a password
| is not a crime! never.
| pc86 wrote:
| Is this your belief of the law as it stands or how you
| feel the law should be?
|
| "forgetting a password is not a crime" is a statement of
| fact, and the only thing required to make it a crime is a
| law saying it is a crime. "Crime" is not some universal
| absolute, what is and is not can obviously change
| drastically over time.
| ransom1538 wrote:
| "Btw. with new iPhone they just need to hold it close to
| his face while handcuffed."
|
| Honest question. Do people on HN actually travel with this
| enabled on their iphone? Like, the ability to just hold you
| to a wall with your phone and open it?
| f1shy wrote:
| If the matters can go to that violence, you have bigger
| problems that somebody playing candy crash with your
| phone...
| lazide wrote:
| It can always go to that, due to nothing you've done.
|
| Mistaken identity, planted evidence (from someone else,
| like drugs put in your bag by a handler for picking up by
| a compatriot in the destination, but caught before then,
| or by bored police!), political targeting (like you're
| the 'wrong' nationality, and the country you're traveling
| to wants some leverage), etc.
|
| Muggers or bandits also don't exactly ask if today is a
| good day either.
| mytailorisrich wrote:
| If the worst violence to fear in police custody is being
| held straight so that your phone can be pointed at your
| face I'd say you're quite safe...
| sfe22 wrote:
| I mean you have got a point. Forces serving governments
| are known to kill innocents in cold blood, and commit
| plenty of genocides, so yeah...
| Marsymars wrote:
| > Do people on HN actually travel with this enabled on
| their iphone?
|
| I have nothing to hide, but I travel with a secondary
| phone that I wipe before crossing international borders,
| to which I'll happily give law enforcement access.
| cryptonector wrote:
| In the U.S. _generally_ [0] a court can force [1] disclosure
| of a password or location of a physical key or whatever
| unlocks access to documents whose existence and contents is a
| "foregone conclusion".
|
| The idea is that "we know you have contraband <details>" so
| your being made to produce that contraband is not a violation
| of the 5th amendment right to not self-incriminate.
|
| This idea seems rather twisted to me, but this is what the
| courts have gone with. There might be some protection against
| other incriminating documents being found this way than those
| that were being sought, but I'm not sure.
|
| Looping back to your comment, if it is a foregone conclusion
| that you do know the password, then "I forgot it" won't be a
| defense. But if it can be shown that you haven't used that
| password in a long time, then it might be a defense (but idk
| really).
|
| IANAL. Do not rely on any of this.
|
| [0] This may vary by state, but I believe in Federal court it
| works this way.
|
| [1] Via the threat of contempt of court incarceration until
| the defendant or witness complies.
| f1shy wrote:
| Exactly... and they will have to prove the opposite... :P
| bpodgursky wrote:
| They will have to show "beyond reasonable doubt" that you
| remember the phone PIN you type in 15 times a day.
|
| Let's be honest, that's not a high bar in a courtroom.
| [deleted]
| greatgib wrote:
| To be noted, there is a subtile nuance with the meaning of this
| ruling.
|
| It does not really says that "it is a crime" but that "it might
| be a crime under certain Circumstances".
|
| In the current case it is like there is a password, it is known,
| it is needed to unlock a phone, not encrypted data itself. And
| the guy is plainly refusing to give it. This is the case that was
| judged.
|
| But hundreds of variations of this still might or might not be a
| crime in a future case.
| rnhmjoj wrote:
| In Saunders v United Kingdom the ECHR said that the right to
| not self-incriminate "does not extend to the use in criminal
| proceedings of material which may be obtained from the accused
| through the use of compulsory powers but which has an existence
| independent of the will of the suspect".
|
| Even if the evidence is not properly encrypted, in which case
| you could argue the data is indistinguishable from randomness
| and does not exist unless it's decrypted, a password would
| likely fall under a similar category.
| gruez wrote:
| >In the current case it is like there is a password, it is
| known, it is needed to unlock a phone, not encrypted data
| itself.
|
| I'm not seeing the distinction here. Don't all modern phones
| have encryption enabled by default, and the encryption keys are
| partly derived from the passcode?
| courgette wrote:
| They do mention that explicitly. But that further confuse me
| then.
|
| The circumstances seems to be "we Know you conducted illegal
| trade on that phone" ?
| jrvarela56 wrote:
| Would be awesome to have another password that on input shows a
| fresh profile and wipes the 'real' profile in the background.
| [deleted]
| mherdeg wrote:
| A neat question is whether it would be illegal for Apple to
| refuse to write software to unlock the iPhone of someone who
| illegally refuses to disclose their passcode.
| lotsofpulp wrote:
| It would be legal for Apple to refuse, but France can make it a
| requirement to sell phones in France.
|
| And then Apple would have to decide to comply or cease French
| operations.
| nilespotter wrote:
| Well they bent right over on USB-C, so ...
| courgette wrote:
| It's not over, the higher court just send it back to the lower
| one. But still, I find it concerning.
|
| If you happen to read French the appeal court publish a good
| technical summary.
|
| https://www.courdecassation.fr/toutes-les-actualites/2022/11...
|
| Par consequent, en l'espece, la decision de la cour d'appel est
| cassee et une autre cour d'appel est designee pour rejuger
| l'affaire.
| gobip wrote:
| As always, the country known for its human rights (or so they
| advertise themselves as), is gonna get reprimanded by the
| european court for not respecting the human rights.
|
| Good job France.
| wobbly_bush wrote:
| > As always, the country known for its human rights (or so
| they advertise themselves as)
|
| As someone who wasn't aware of this association, I'm curious
| where do they advertise themselves for human rights?
| ramesh31 wrote:
| https://en.wikipedia.org/wiki/Liberte,_egalite,_fraternite
| ASalazarMX wrote:
| "Tell me what you boast of, and I'll tell you what you
| lack." - Old Hispanic proverb
| Kuinox wrote:
| Always first on the start, and always arriving late.
| ispo wrote:
| Sorry I cannot remember it.
| otikik wrote:
| Two words: "J'ai oublie"
| knodi123 wrote:
| If the judge believes you: "Okay! Sucks for the cops."
|
| If the judge does not believe you: "That's contempt. You can
| sit in jail until you decide to remember."
|
| A better two words would be "hidden volume".
|
| https://www.truecrypt71a.com/documentation/plausible-deniabi...
| userbinator wrote:
| ...or "duress password".
| jeroenhd wrote:
| It's trivial to find if a hidden volume is in use or not.
| It's a good defence against an abusive family member who
| isn't very tech-savvy, but it's useless against law
| enforcement.
| martinko wrote:
| How exactly?
| jeroenhd wrote:
| The hidden volume set up by Truecrypt has different
| offsets between the headers and the actual encrypted
| data.
|
| It's possible to move the encrypted volume 50GB from the
| header and fill the disk with random bytes, but it's not
| doable through the standard GUI.
|
| In an encrypted state, it's impossible to tell the
| difference between the hidden volume and random data.
| When you use your real passphrase, the primary header is
| decrypted and the hidden volume may just be random-data
| empty space. If the key you entered decrypts the random
| bytes between the first Truecrypt header and the first
| partition, it's clear that the key belongs to the secret
| header and not the normal partition.
|
| You can try to cover your tracks; you can use your hidden
| volume as the main volume and enter the main volume key
| when forced to come up with a password.
|
| However, you'll have to make sure the activity logs on
| the PC line up with the other logs available (i.e.
| increments in power on hours, external drive logs and
| timestamps, external access logs, etc.) that can prove
| that the partition you've unlocked doesn't contain the OS
| that caused all kinds of side effects. Hell, you can
| probably find something related to relocated sectors/wear
| levelling statistics to find the clusters that are in
| use.
|
| When the passphrase for the hidden volume has been
| entered, you can find the physical offsets of the
| encrypted data and find out that the first half the drive
| (or less, or more, depending on your setup) isn't mapped
| to your booted partition.
|
| A completely read-only OS with no logging outside RAM or
| connections to the outside might be used securely if you
| use the hidden volume as your main OS, but such a system
| would be too difficult to use properly.
|
| As always, opsec is crucial for security even if your
| software algorithms are absolutely perfect. If you follow
| the guidelines set forth by Veracrypt, it should be very
| difficult to prove the presence of a hidden partition.
| That does mean you should be using your secondary OS as
| often as your hidden OS and analysis from external
| devices (such as network traffic) should not be able to
| tell the difference between the two.
| CobrastanJorji wrote:
| You're totally right, but "we suspect there's a hidden
| volume" and "this machine is clearly locked, unlock it"
| are two very different situations. The prosecution and
| even the judge might be convinced that it's extremely
| likely that you have a hidden volume, but that's not the
| same as compelling you to unlock a phone. It's the
| difference between "you are ordered to open the secret
| safe we suspect exists."
| malfist wrote:
| Source: Trust him.
|
| In all fairness, there is a lot of documentation in
| veracrypt's manual about how to properly hide a hidden
| partition, and how it's circumvented.
|
| Most of them rely on knowledge of the encrypted container
| over time. A single point in time is unlikely to reveal a
| hidden partition, but if you are being monitored that is
| possible.
|
| Please note that backups or wear leveling on an SSD, or
| just the TRIM command not deleting stored data can
| provide those points in time. Hidden partitions work best
| on magnetic drives.
|
| Read them here: https://veracrypt.eu/en/Security%20Requir
| ements%20for%20Hidd...
| Manuel_D wrote:
| How, exactly, does this work? Forgetting your phone's
| password potentially becomes a life sentence.
|
| In the US, a defendant was held in contempt of court.
| Eventually the courts decided that 18 months is the maximum
| incarceration period to try and force someone to give up a
| password [1]. Which still does seem pretty chilling:
| forgetting your password can land you a year and a half in
| prison.
|
| 1. https://arstechnica.com/tech-policy/2020/02/man-who-
| refused-...
| Amezarak wrote:
| The law is not executed by computers. It is executed by
| people operating via tradition and common sense. These have
| their own problems, and sometimes the law is bad, but this
| is a case where it works the way we'd hope given the law.
|
| Nobody is going to believe that you "forgot" the password
| to your phone that you use multiple times a day or at least
| a week. Your lawyer is not even going to mention that as an
| argument and he's going to strongly advise you don't
| because it sounds prima facie absurd.
|
| Now, if the case was about an encrypted hard drive you kept
| in your bank's safety deposit box that you put there two
| years ago, it might work, because that sounds much more
| reasonable.
|
| Ed: and apply this to the very case you linked: the guy was
| held for the maximum contempt length possible because the
| evidence was so strong; they got his laptop, which
| indicated he downloaded illegal files to the external
| drives; they got his phone, which had illegal material;
| they have witnesses testifying that he showed them illegal
| material. If the encrypted drives had been their ONLY
| evidence, he almost certainly wouldn't have been in jail
| for contempt.
| derefr wrote:
| L'oubli vous vaut l'oubliette.
| k_ wrote:
| If only we could set a specific password that if used would
| wipe the entire device..
| mrkeen wrote:
| Depending on the circumstances, they may have taken a backup
| of the whole device beforehand.
___________________________________________________________________
(page generated 2022-11-10 23:01 UTC)