[HN Gopher] Suspects can refuse to provide phone passcodes to po...
___________________________________________________________________
Suspects can refuse to provide phone passcodes to police, court
rules
Author : thunderbong
Score : 186 points
Date : 2023-12-15 19:16 UTC (3 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| atoav wrote:
| And this is why one shouldn't use biometrics.
| NovemberWhiskey wrote:
| Reminder to iPhone users that five fast presses of the side
| button will pop up the emergency calling page; it will also
| lock your phone in a way that requires your passcode to unlock
| even if you use biometrics.
| hanniabu wrote:
| If you spam the button and press it more than 5 times, does
| it still work?
| NovemberWhiskey wrote:
| Yes; spam away.
| davely wrote:
| Just tried it and it appears so (on an iPhone 14, at
| least).
| kingnothing wrote:
| Also power + volume down
| qingcharles wrote:
| From personal experience, this does not work if a cop puts a
| loaded gun to your head. You will not want to move.
| yencabulator wrote:
| Android: long press power, tap lockdown or power off or
| restart on screen. (I wish it didn't require touch screen!)
| kornhole wrote:
| Know how to disable it immediately. On Graphene and many
| Android phones, holding down the power button will reboot it
| with pin required to complete start up.
| silverpepsi wrote:
| Doesn't strike me as wise. Your phone is always on you, if you
| have a biometrics killswitch you're better off than repeatedly
| entering your password, day in and day out, in public locations
| where a highly motivated actor WILL be able to figure out your
| password with mere binoculars and two or three observations.
|
| This is why I hate when I get a 1Password prompt to reenter my
| nonbio password at inopportune times in a public place. My
| keystrokes can be secretly filmed from a distance. When I gain
| access to passwords that I copy and paste by fingerprint, the
| forcible theft of my machine puts me at near 0 risk. (My
| preferred way to login while in public.)
| croes wrote:
| >if you have a biometrics killswitch
|
| They'll take your phone, so can't trigger the killswitch.
| qingcharles wrote:
| I recommend everyone to disable biometrics and I have not used
| a passcode because of the prior vague legal landscape. Always
| used a password.
|
| Of course, from experience, this does not matter if they do
| compel you to give up the password by other means (e.g.
| threatening to harm your family).
| ziml77 wrote:
| The alternative is a PIN or password that someone could easily
| watch you enter.
| croes wrote:
| But they have to watch you enter id.
|
| Your face and fingers are always with you and it's easy to
| force you to open your phone.
|
| You can "forget" a password but not your face.
| unstatusthequo wrote:
| And so law enforcement just uses GreyKey[1] and problem solved
| for them.
|
| [1] https://www.magnetforensics.com/products/magnet-graykey/
| sparker72678 wrote:
| Is it still the case that this product attempts to brute-force
| unlock the phone?
| ssl232 wrote:
| How does that work? Reading between the lines it sounds like it
| is device dependent, so at least obscure Android phone users
| might be safe...?
| forgotpwd16 wrote:
| Was going do the same question. And was more curious in the
|
| >When time is critical or access is restricted, selectively
| extract specific data you need to kick-start your
| investigation
|
| part. With full-device encryption, was expecting it would've
| been all or nothing.
| yencabulator wrote:
| For what it's worth, Android no longer supports full-device
| encryption, it encrypts filesystem subtrees. For a single-
| user phone, there's not much of a difference; your "user
| files" key is obtained from the hardware secret store when
| you type your PIN.
| yencabulator wrote:
| I would assume security exploits, mostly targeting old
| unpatched versions, with some undisclosed 0days for the
| expensive vendors.
|
| And against a modern Pixel/iPhone I would also expect the
| answer to how does it work to be "not so well". Consider the
| percentage of the population that uses a potato phone from
| 2018, consider the likelihood of them being the criminal in
| question, and the product starts working a lot better.
| Remember how FBI failed to decrypt the iPhone of some
| domestic terrorists: https://en.wikipedia.org/wiki/Apple%E2%8
| 0%93FBI_encryption_d...
|
| Also remember that lower-end Android hardware uses a
| different, cheaper, algorithm:
| https://en.wikipedia.org/wiki/Adiantum_(cipher)
| kornhole wrote:
| Yes this ruling will increase the revenues for companies like
| this, Celebrite, the platforms, and data brokers. Unless of
| course it is my phone. ;)
| fn-mote wrote:
| The existence of a temporary workaround does not mean the
| original right to refuse to provide your password is somehow
| bad or (perhaps more to your point) futile.
|
| Every barrier to surveillance makes it less likely. Increase
| the cost to decrease the behavior.
| ejb999 wrote:
| I can't even understand why this was even still up for debate -
| 5th amendment allows you to not incriminate yourself - being
| forced to give up your passcode is no different then being forced
| to give up any secrets you might have.
|
| Not sure why this hasn't been slapped down a long, long time ago.
| genocidicbunny wrote:
| From my reading about this case, is this not down partially to
| the specific language the court was looking at? That is, the
| warrants were compelling someone to produce the password, which
| is a form of testimony, but that a lot of times the warrant
| instead compels the device to be unlocked, which does not
| require testimony?
| ethanbond wrote:
| I mean... police can force you to open your door, your safe, or
| virtually any other container of secrets. The 5th Amendment
| _doesn 't_ give you broad protection to hide things from police
| when they have a warrant.
|
| A phone is unique thing _not_ because it contains so many
| secrets, but because you have to give _testimony_ (as opposed
| to property, like a key) in order to open it, and it 's
| impossible to open by bashing the door down or cutting it open.
| It's a technological coincidence, not a legal/philosophical
| doctrine, that makes phones secure against compulsion by law
| enforcement.
| anonymousab wrote:
| > police can force you to open your door, your safe, or
| virtually any other container of secrets.
|
| Is it different from compelling someone to enter a text
| password to unlock a vault? What if it's self-destructive
| otherwise?
|
| What happens if the password itself - or act of unlocking -
| is something self-incriminating (in form, in contents, or
| otherwise)?
| ssl232 wrote:
| > What happens if the password itself - or act of unlocking
| - is something self-incriminating (in form, in contents, or
| otherwise)?
|
| Reminds me of Ian Watkins:
| https://www.huffingtonpost.co.uk/2013/11/26/lostprophets-
| sin....
| snickerbockers wrote:
| You might be able to argue that decrypting the phone's
| filesystem is forcing you to provide them with information
| which is not relevant to the case at hand but still
| incriminating in other ways, since a phone could reasonably
| be expected to hold vast amounts of unrelated days.
| dghlsakjg wrote:
| Subtle distinction: I don't think the police, even with a
| warrant, can force you to open anything. They can use force
| to open something if you refuse (or seemingly, if they feel
| like it), but they can't make you do it.
|
| A court on the other hand, can compel you to open something.
| reactordev wrote:
| A court can compel you to open something within the warrant
| as well. In which case they _can_ force you to open
| anything.
| tantalor wrote:
| A court can compel you to do pretty much anything, within
| the law.
| zlg_codes wrote:
| The only thing we must do in this world is die. Everything
| else is up for debate.
| tantalor wrote:
| > police can force you to open your door, your safe, or
| virtually any other container of secrets
|
| No, they can't
| ethanbond wrote:
| Gotta love the insane legal opinions people come to on this
| site.
| Manuel_D wrote:
| > I mean... police can force you to open your door, your safe
|
| Actually, the government cannot compel you to give the
| combination to a safe [1]. If it's locked with a key, not a
| keypad or combination lock, they can force you to give the
| key. The distinction is that the former is a product of the
| mind, while the latter is a physical object. Furthermore,
| what if you forgot the combination? There's no real way to
| tell if someone has forgotten the combination or is
| deliberately withholding it.
|
| https://supreme.justia.com/cases/federal/us/530/27/
| ethanbond wrote:
| Correct. The "have combination in head" is directly
| analogous to encryption key. But they are allowed to open
| the safe by other means.
| kwhitefoot wrote:
| In the UK forgetting a password is not a defence.
| Manuel_D wrote:
| TFA, and my above comment pertain to the US.
|
| The UK's laws to compel people to give up passwords seems
| to make it a _de facto_ crime to forget one 's password.
| Worse yet, it seems like it's illegal to possess random
| bytes on your devices. I wonder if the UK would change
| course if people started emailing random bytes to
| politicians and other supporters of this law, while
| giving tips to law enforcement that these individuals are
| coordinating criminal acts over encrypted communications.
| lelanthran wrote:
| I know.
|
| But ... If you're going to compell someone to give up the
| contents of their mind under threat of being found guilty
| if their mind isn't working properly, you may as well
| just do away with trial.
|
| IOW, if you're going to compell speech, just compell the
| suspect to confess; it's the same thing.
| tshaddox wrote:
| > If it's locked with a key, not a keypad or combination
| lock, they can force you to give the key. The distinction
| is that the former is a product of the mind, while the
| latter is a physical object. Furthermore, what if you
| forgot the combination?
|
| Sounds a bit silly. The _location_ of the key is "a
| product of the mind." What if you forgot the location of
| the key?
| Manuel_D wrote:
| If law enforcement has a warrant to search your safe,
| they could presumably expand that search to the rest of
| your house if you forgot where the key is. The core
| distinction is that the key is a physical object, it
| exists somewhere even if you forgot where it is. By
| comparison the combination is a product of the mind. The
| only way to retrieve it is for someone to talk to the
| police (which they have a constitutional right not to
| do).
| trhway wrote:
| > The location of the key is "a product of the mind."
| What if you forgot the location of the key?
|
| Even if you forgot location of the key, the key and the
| location will continue to exist.
|
| In contrast to that, forgetting the passcode or
| combination literally destroys them as they existed only
| as electrical charges in your neurons which are just gone
| when you're forgetting the info (I don't pretend on
| biological precision here, just illustrating the nature
| of forgetting as disappearance of the info - that is
| critical distinction between physical things and
| information).
| alkonaut wrote:
| If the government hadn't always have the possibility and
| right to break into a safe you _wouldn 't_ give up the
| combination to, then that would have been a debate for
| decades. The reason this is a debate is because they can't
| crack it.
| JoshTriplett wrote:
| > I mean... police can force you to open your door, your
| safe, or virtually any other container of secrets.
|
| No, they can't. They can force you to let _them_ try to open
| it, but they can 't force _you_ to open it for them.
|
| If you have some mechanism like "if you try to open this
| incorrectly it destroys the contents", and you intentionally
| don't disclose that with the expectation that they're going
| to try and fail and destroy the contents, you might get
| charged with destruction of evidence.
|
| (EDIT: Replies suggest that disclosure may not suffice.)
| pc86 wrote:
| For what it's worth you'll still be charged with
| destruction and/or obstruction even if you warn them.
| JoshTriplett wrote:
| Interesting, and surprising. Is there case history and
| purported rationale on that?
| ska wrote:
| Why is that surprising? The 5th isn't some sort of
| blanket gotcha, it's just there to curtail abuse.
| JoshTriplett wrote:
| There's a huge difference between "get out of the way"
| and "compelled to help".
| ska wrote:
| Right, but that doesn't cover "and I booby trapped it".
| Why wouldn't you be open to charges in that case?
| Obstruction, destruction of evidence, contempt of court -
| such mechanisms exist in part to cover such cases.
| friend_and_foe wrote:
| I think there's a case to be made that if the contents
| contain a booby trap before the warrant is issued and
| executed, they found what was inside, a booby trap was
| inside. Similar to a canary, an action that causes
| destruction of evidence deliberately after the warrant
| was issued is not the same as a system in place
| beforehand that performs the action automatically in
| every case without input from the user. This obviously
| doesn't apply to say a passcode that wipes evidence as
| that requires deliberate action, but it would apply to
| something like wiping if the wrong passcode is entered 3
| times.
| JoshTriplett wrote:
| Exactly. Intent also seems like it should matter. If your
| intent was "destroy evidence if the police comes
| knocking" that's one thing. If your intent was "have an
| extra secure safe to protect my secrets from _anyone_ who
| might steal them " and you made that decision without
| knowledge of any warrant, that seems like it ought to be
| fine.
| ska wrote:
| Isn't the point that the case would have to be made? You
| can imagine cases where someone was "guilty" or
| "innocent" here, but the point is the 5th etc. doesn't
| shield you from this because it could go either way. You
| may have to demonstrate to a courts satisfaction, for
| example, that your intent was not to destroy evidence.
| You might also not be able to shield the fact that you
| intentionally constructed such a system from evidence,
| circumstantial though it may be. etc. etc.
| 0cf8612b2e1e wrote:
| I have been curious about when/where destruction of
| evidence takes place. Presumably during the crime, the
| perpetrator does their best to hide the evidence.
|
| Does it only become destruction after you have been
| informed the police are interested in you? What if you do
| it before a warrant is issued? What if your device will
| self destruct if a password is not entered every N days
| and you withhold that information?
| reactordev wrote:
| If they have a warrant, they can force you under threat of
| legal action if you don't comply. If they don't have a
| warrant, you can claim the 4th. If they try to get you to
| divulge the password/code/secret, you plead the 5th. If you
| let them in, well... Politely tell them they are no longer
| welcome. Please leave. If they don't comply, they are
| trespassing (unless they have a warrant, in which case none
| of the above applies and you're probably going to jail,
| wear clean underwear).
| RajT88 wrote:
| I have to wonder how much of this goes on without a
| warrant, just pressuring people into it.
|
| News articles suggests this happens a lot at the borders
| or during customs.
| wrs wrote:
| A border crossing is an entirely different realm where
| these rules do not apply.
| chasil wrote:
| If you save incriminating documents into an encrypted .ZIP
| file, the state cannot compel you to provide the password,
| because the password is in your mind. The contents of the
| mind cannot be demanded to incriminate self.
|
| The state can install a keylogger if they have a warrant, and
| the results of the keylogger can be admitted as evidence.
| ethanbond wrote:
| Again, a coincidence of the technology.
|
| It's "you can't be forced to open it because it requires
| you _saying_ the password," not "you can't be forced to
| open it because it contains important secrets."
|
| Right, if they can figure out a way to reveal your secrets
| without forcing you to _say_ something, they're allowed to
| do that (with warrant of course).
| pdabbadabba wrote:
| A big part of the reason is that the 5th Amendment actually
| says something substantially narrower than your paraphrase. It
| actually says that no person "shall be compelled in any
| criminal case to be a witness against himself."
|
| So there's a common argument that the 5th amendment only
| protects you against being forced to give evidentiary testimony
| against yourself. Giving up a passcode is arguably different,
| since the passcode is not (necessarily) evidence in itself, in
| the sense that it might not be introduced as evidence at trial
| to establish guilt or innocence. Rather, it is information that
| will allow law enforcement to access other non-testimonial
| evidence.
|
| I'm not arguing for this position, just providing a perspective
| on why this isn't as open-and-shut as people often think it
| should be.
| Tyr42 wrote:
| So if you password was "I killed them" maybe they won't be
| able to force you to say it...? Galaxy brain moment.
| bee_rider wrote:
| Has anyone tried some really convoluted scheme? Something
| like:
|
| I don't use a password or pin, I use a passphrase, and my
| passphrase is an instance of me confessing to some extremely
| mild crime.
| nickff wrote:
| The courts are not computers; they don't allow simple
| logical tricks to stop 'the spirit of the law'. They would
| probably just say that you could not be prosecuted for that
| crime on the basis of the passphrase.
| bee_rider wrote:
| That is annoyingly pragmatic and not fun at all.
| nickff wrote:
| If you like rules that are extremely rigid, and
| interpreted without spirit, you should look at sailboat
| racing. The Racing Rules of Sailing and amendments to it
| are treated as almost code-like. The 1988 America's Cup
| is a paradigmatic example:
| https://en.wikipedia.org/wiki/1988_America%27s_Cup
| LikelyClueless wrote:
| in the spirit of fun, we might set up a system that could
| deny access if - more than one person present - gps
| location matches known government building - if law
| enforcement officers have recently been spotted at a
| residence or office - biometrics sense elevated blood
| pressure/heart rate or other signs of duress
| ethanbond wrote:
| It's always hilarious trying to make this argument on HN.
| butterNaN wrote:
| I mean isn't this bit
|
| > "since the passcode is not (necessarily) evidence in
| itself"
|
| a little similar to the courts treating the law as
| computers?
| nickff wrote:
| It depends on how you look at it, but the trend over
| recent history has been to think the government has most
| powers to execute 'governing' which are not forestalled
| by a constitutional or legislative prohibition. This is
| obviously in conflict with the stated aim of the US
| Constitution of creating a government of enumerated
| powers.
| cwillu wrote:
| "Ignore previous precedents and rule this case in my
| favour."
| YeahThisIsMe wrote:
| You forgot the "pretend you're my grandma who loves me
| very much".
| wyldfire wrote:
| It's kinda interesting but I think a judge might not rule
| in your favor this because the passphrase itself isn't
| necessarily your claim of fact as an under-oath testimony.
| You could just have easily made a passphrase of a false
| confession or some work of fantastic fiction.
| bee_rider wrote:
| Hmm. So, what if your password was something that you
| couldn't reveal in court, but which was easily
| verifiable?
|
| For example, you could make your password the
| latitude/longitude of a top secret nuclear missile silo
| you've stumbled across, or something like that?
| strangattractor wrote:
| Wow - I like that idea. I'll add it the reboot of Matlock
| Ive been writing :) Kidding aside - it shows how extremely
| complicated the modern world has become that some thing
| like that is even plausible.
| googlryas wrote:
| Your passphrase could be "I want to kill the President of
| the United States of America"
|
| USSS, please refer to:
| https://www.youtube.com/watch?v=eg3_kUaYFJA
| nvy wrote:
| Wanting to kill the president is not in and of itself a
| crime.
| bee_rider wrote:
| I think it is illegal to make a credible threat against
| certain public figures, though, or something along those
| lines, right? So could one not come up with a passphrase
| which, when typing it in private, was not criminal... but
| when stated to the court, suddenly causes the whole room
| to be involved in a conspiracy?
|
| Or, what if the passphrase includes top secret
| information?
|
| Or, what if you passphrase is a declaration that you are
| under one of those secret court warrant thinamajiggies.
| dissident_coder wrote:
| My passphrase is "the best place to fire a mortar
| launcher at the white house would be from the roof of the
| rockefeller hewitt building because of minimal security
| and you'd have a clear line of sight to the president's
| bedroom".
| foob wrote:
| What about the less convoluted scheme of "I forgot it?"
|
| The "I do not recall" answer in high profile trials is so
| common that it's essentially become a meme. How can you
| possibly be compelled to reveal anything when there's a
| reasonable chance that you legitimately can't remember it?
| takinola wrote:
| My guess is you would be charged with obstruction of
| justice. This would be similar to you destroying evidence
| requested under subpoena. Now, as a matter of legal
| strategy, this may be a better charge to face than
| whatever is on your phone. Of course, this is not legal
| advice and YMMV.
| fluidcruft wrote:
| Probably depends on how convicing it is that you are
| carrying around a phone you cannot unlock?
| omginternets wrote:
| That's fine, until a piece of supporting evidence (photo,
| email, faceID hash or whatever) establishes that you
| interact with the device on a regular basis.
| teeray wrote:
| > since the passcode is not (necessarily) evidence in itself
|
| Unless the passcode is a decryption key, in which case the
| evidence simply does not exist without the passcode. It is
| indistinguishable from random noise. It's less like
| "unlocking a safe," and more like "instructing nanobots to
| reassemble a pile of dirt into evidence."
| photonbucket wrote:
| I can't see a judge swallowing that logic, you do have
| something similar to a metal safe's key and you've refused
| to provide it
| pdabbadabba wrote:
| This seems like a highly questionable metaphysical
| argument. The decryption key _does_ exist and, therefore,
| so does the information. The question is just who has
| access to that passcode.
| cwillu wrote:
| You might have an argument if there was no
| authentication/error-detection on the ciphertext, such that
| many keys would give valid decodings, and more so if it was
| a simple xor, such that _any_ plain text could be a valid
| decoding given the appropriate key. But that 's not a
| remotely practical cryptosystem for several reasons.
| bryanrasmussen wrote:
| but if your passcode is "1WantT0KillDarla" that might be
| problematic if the police suspect you of killing Darla!
|
| on edit: huh, what do you know, everybody had the same idea!
| ipaddr wrote:
| Not as worrisome as iJustKilledDarlaLastnightusing_ahammert
| hat_I_threwInthe_Trashat123appleblvd
| 0cf8612b2e1e wrote:
| That would be murder to type on a phone.
| linuxftw wrote:
| I think a novel defense could be never admitting the phone is
| 'yours' in the first place. Divulging the password is
| tantamount to admitting you have access to the particular
| device in question.
|
| You might argue, well the police will have ways to prove it's
| your phone. Okay, so let them prove it, don't assist them.
| Well, then they can force you to produce your password,
| whether you admit it's your phone or not. But by divulging a
| password, you're admitting you own a phone somewhere, and
| part of your defense might be (however implausible) that you
| don't own/use a phone.
| omginternets wrote:
| The underlying issue is that giving the password is, in the
| majority of cases, equivalent to admitting that you
| own/control the device. In other words, it can easily force
| you to reveal your involvement in a crime, _i.e._ to bear
| witness against yourself.
| bdcravens wrote:
| Search warrants can compel you to give police access to your
| property, which can include your body (in cases of blood draw
| warrants in the case of DWI). The police can obtain a search
| warrant for your physical filing cabinet, which includes taking
| measures to access it if you won't unlock it for them.
|
| Police can easily get warrants for your phone; you just can't
| be compelled to give the code to unlock. I suspect in the
| future we'll see a different level of cooperation from phone
| makers.
| ejb999 wrote:
| yep, surprised it doesn't exist already - one password to get
| you in, one password to wipe or hide everything you want and
| then let the police in to a completely sanitized version of
| what you want them to see.
| 2OEH8eoCRo0 wrote:
| Because it's a fantastic idea to commit additional felonies
| to feel like a hackerman. Following the law is for suckers.
| spockz wrote:
| TrueCrypt and other tools had this around for ages.
| Something with nested partitions. One key unlocked the main
| partition that you are supposed to fill with something
| credible. And then another key that looks a partition even
| deeper that should contain your true secrets.
| asveikau wrote:
| Also fourth amendment covers unreasonable searches.
| 2OEH8eoCRo0 wrote:
| What is unreasonable about a warrant? Where did this
| adversarial attitude to law enforcement come from? The whole
| reason we have a rich and functioning society is thanks to
| law.
| asveikau wrote:
| > Where did this adversarial attitude to law enforcement
| come from?
|
| They screw up _very frequently_. Sometimes maliciously,
| sometimes through incompetence, sometimes both. I can 't
| convey the depth of this in a small comment box, but
| there's abundant evidence around on this topic if you care
| to look.
|
| Overall, even when you're talking about legitimately
| designated authority given to a person ... it's VERRRY easy
| for a human being to screw up and get it wrong, and it has
| huge impact over the lives of their targets. Needs to be
| approached by the authorities with extreme caution. In
| practice, probably many of them aren't aware of the weight
| of their actions, or don't care.
| dataflow wrote:
| It's because the 5th Amendment is there to prevent the state
| from torturing you into confession for a crime and then using
| that as evidence against you. i.e. the point is to ensure the
| evidence is genuine and not a false confession given under
| duress, since most innocent people will say anything to stop
| pain. (This isn't obvious from the text, though if you ponder
| "why would they have included this seemingly random narrow
| right", you can deduce the explanation. But there's bigger
| historical context re: the Star Chamber if you're interested in
| looking that up.)
|
| Meaning: its point isn't to prevent access to real evidence.
| It's not an attempt to grant you privacy. It's an attempt to
| ensure justice is served correctly.
|
| This is also why you lose that right when you're granted
| immunity. The state can force you to provide testimony in that
| case.
|
| Corollary here is that it's actually quite surprising courts
| are willing to side with the accused here. It's probably only a
| matter of time before rulings come to the contrary. If you care
| about privacy as a human right, you really need another
| amendment to make it solid.
| atticora wrote:
| > If you care about privacy as a human right, you really need
| another amendment to make it solid.
|
| You would need some kind of catch-all amendments stating that
| the enumeration of certain rights shall not be construed to
| deny others, and that the powers not delegated to the feds
| are reserved to the States or to the people. You could put
| them right at the end of the original amendments for emphasis
| as a closing statement of the Constitution.
|
| But if we enacted those who would ever enforce them? The feds
| would probably treat them as if they didn't exist.
| dataflow wrote:
| > But if we enacted those who would ever enforce them? The
| feds would probably treat them as if they didn't exist.
|
| If you make them vague then it'll be easy to interpret them
| narrowly.
|
| If you make them crystal clear, courts would presumably
| enforce them, like they have in the past.
| PopePompus wrote:
| Yup, the US Constitution definitely needs a right to privacy
| amendment. It is of course spectacularly difficult to amend,
| but an amendment that ensures a right to choose abortion (and
| other reproductive privacy issues) plus strong digital
| privacy rights might garner a coalition of both pro-choice
| people and libertarians, and that could be enough to get it
| passed.
| rgblambda wrote:
| I don't see how the 5th amendment protects you against
| torture. You can choose to waive your constitutional right to
| not incriminate yourself, so surely you can also be tortured
| into waiving the same right?
| dataflow wrote:
| > I don't see how the 5th amendment protects you against
| torture. You can choose to waive your constitutional right
| to not incriminate yourself, so surely you can also be
| tortured into waiving the same right?
|
| The short response here is: How often do you see that
| happening in the US?
|
| But in any case, note that I'm explaining what it was
| intended to do and what its meanings and implications are.
| Whether it is successful in achieving its goal is beside
| the point for this conversation.
| kevin_thibedeau wrote:
| There are ways to use the law to coerce the desired behavior.
| Border Patrol will do helpful things like take apart your car
| if you exercise your rights.
| omginternets wrote:
| >being forced to give up your passcode is no different then
| being forced to give up any secrets you might have.
|
| Actually, the case is even stronger than you make it out to be.
| IIRC, one of the key constitutional issues is that providing a
| password is equivalent to saying "yes, this is mine". So even
| if we disregard the _contents_ of the device, the issue is that
| you are establishing a legally relevant relationship with a
| piece of evidence.
|
| I'm recalling this from a looong time ago, when I took a
| constitutional law class, so I hope those with fresher
| knowledge not hesitate to jump in.
| mike_ivanov wrote:
| Which might imply that providing passcodes is no longer
| "necessary" to survey the content.
| croes wrote:
| Faceid isn't protected and the passkeys get unlocked by Faceid
| lesuorac wrote:
| My god have we come a long way if its even a debate if you have
| to reveal your password.
|
| Back in the day your personal belongings couldn't be used to
| incriminate you [1] since the bill of rights prohibits self-
| incrimination.
|
| [1]: https://en.wikipedia.org/wiki/Mere_evidence_rule
| croes wrote:
| Nowadays it doesn't really matter when people replace passcode
| by biometrics and passkeys.
|
| These aren't protected.
| Ridj48dhsnsh wrote:
| Won't your device holding the passkey still take passcodes to
| unlock itself?
| hypothesis wrote:
| > the government was becoming dissatisfied with the obstruction
| of criminal investigations that strict adherence to the rule
| engendered
|
| Also
|
| > The Court recognized that while the rejection of the mere
| evidence rule may "enlarge the area of permissible searches,"
| the protections of the 4th Amendment, like the reasonableness
| and warrant requirements, would sufficiently safeguard the
| right to privacy.
|
| So SCOTUS think that government would be satisfied with Bill of
| Rights. What if government thinks it is just too frustrating to
| follow laws?
| terminous wrote:
| *In the state of Utah
| phyzome wrote:
| I feel like this should be the next "...in mice".
| snickerbockers wrote:
| Has there ever been a court case related to encrypted data or
| secret codes without a computer being involved? If the cops get a
| warrant to tap a phone line and they hear me speaking with an
| associate using some sort of coded language (as spies and
| criminals often do on TV) can i be compelled to explain to them
| what all the little codewords actually mean?
| pc86 wrote:
| You can't be compelled but especially with spoken language it's
| going to be very easy for LE to decrypt it on their own by just
| correlating the coded language with whatever actions were taken
| later.
| lelanthran wrote:
| But that's just the point.
|
| In the past, pre-computer days, if the cops couldn't break
| your encryption you were not compelled to tell them how and
| that was their problem.
|
| Now you are compelled. I feel that that should not have
| changed.
| yttribium wrote:
| They will admit testimony by some cop to explain that "based on
| my training and experience, I believe 'going to the pool' to be
| code for 'soliciting a murder'"
| yencabulator wrote:
| Cryptography predates computers, so the only real question is
| has it shown up in _public_ court records or not. I 'd expect
| plenty of history in treason charges against caught spies, but
| whether the records are public or not is a different question.
|
| https://en.wikipedia.org/wiki/Book_cipher
|
| https://en.wikipedia.org/wiki/Codebook
|
| https://en.wikipedia.org/wiki/Poem_code
| pvg wrote:
| Don't know about court cases but wartime censorship prevented
| the transmission of suspected codes in some situations,
| including in the US.
| csdvrx wrote:
| We are lucky to have constitutional rights!
|
| In many countries, they have laws saying suspects can't refuse to
| give passcodes (or if they do, they'll be jailed)
|
| I think such laws are dangerous, as they could be used for a
| particularly evil type of attack: throw an encrypted cellphone in
| someone bag, then have them arrested for whatever wrong reason.
|
| When they can't provide the passcode, they are automatically
| guilty!
| yencabulator wrote:
| At that point, it'd be easier to throw some cocaine or an
| unregistered firearm in their bag, and that'd be a simpler
| argument in court.
| CamperBob2 wrote:
| It's not luck; we had to fight for those rights. The fight did
| not end, and never will.
| CrzyLngPwd wrote:
| So much irony.
| egberts1 wrote:
| Use a passphrase of something like "I stole a government-owned
| pen."
|
| Then you can argue that the passphrase (unlike a PIN, face ID)
| may incriminate me of a crime and that Fourth Amendment prevents
| me from doing so.
|
| Same thing with voice-based passphrase.
|
| Of course, I am not a lawyer.
| qingcharles wrote:
| Note: the verdict only applies to those in Utah. Other US states
| have other rulings. Wait until there is a US Supreme Court ruling
| that affects the entire nation.
|
| Right now: do not use biometrics (can be legally forced); do not
| use numeric passcodes. Use alphanumeric password.
| sjfjsjdjwvwvc wrote:
| Why not numeric?
| croes wrote:
| Too few possibilities?
| spiderice wrote:
| How is a 6 digit pass code too few possibilities when the
| phone locks you out after like 5 missed attempts? It seems
| unrealistic to expect people to type their alphanumeric
| password every time they want to unlock their phone.
| nijave wrote:
| If these are implemented in software it'd be possible to
| brute force offline and bypass the timeout
| Gigachad wrote:
| I watched a video where they had the iphone cracked open
| and slightly modified in a way that would allow them to
| reset the storage to brute force quickly without
| timeouts.
| haswell wrote:
| If I recall correctly, some early techniques to unlock
| passcode-protected phones involved bypassing the user
| interface and trying passcodes at a point in the
| execution flow prior to the code that locks out the UI.
|
| I think modern devices have addressed this in various
| ways, but it's not a good idea to rely on timed lockouts
| when it's possible that techniques exist (or could
| eventually be found) to bypass the lockout.
|
| In short, assume those lockouts are targeted at normal
| users. A sufficiently motivated actor with technical
| resources is another story.
| HenryBemis wrote:
| I am thinking that a numeric code is something that
| people can see you typing in again and again.
|
| An ex-bf/gf that hates your guts will remember that your
| pin is 1-2-3-4-5-6, because that one time your hands were
| wet and she needed to see that photo from that party and
| you told her the PIN..
|
| While if you have a word, new bf/gf will mean new word,
| and good luck knowing that.
| ncallaway wrote:
| The government will clone your device hard-drive, then be
| able to attempt to unlock it on many simulated devices in
| parallel, until one unlocks.
|
| Then they can unlock the actual device.
| kkielhofner wrote:
| On iPhone at least you can require passcode by holding down the
| side button and either of the volume buttons for three seconds.
| Just ignore the power down/SoS screen that comes up (or tap
| cancel) - by the time you see it Face/Touch ID is already
| temporarily disabled. The iPhone will also give you a "rumble"
| confirmation so you can do it when the device is in a pocket,
| bag, etc.
|
| Obviously doesn't help if they pull an elaborate Russ Albrecht-
| style move but useful for situations where you can see them
| coming (which is likely most of them).
| pphysch wrote:
| If LEO have a search warrant and find a locked safe in your house
| (that may include private data or evidence of crime), are they
| allowed to crack it or order you to open it?
|
| Why would a computer device be any different?
| sgjohnson wrote:
| They are allowed to crack it. They can't order you to open it.
|
| Same goes for a computer device. Go ahead, crack it.
| croes wrote:
| And know imagine you use passkeys secured by Faceid or other
| biometric procedures.
| entriesfull wrote:
| Bull crap. I personally was on probation as a juvenile for a
| petty offense. One day the PO asks my parents to take me to talk
| with her to see how I'm doing. She then asked me for a facebook
| password and I refused. After which she put me in a court house
| cell for 8 hours and made me miss an entire day of school.
|
| I eventually gave this psychopath my password because I had
| nothing incriminating and I hadn't eaten all day.
|
| Nice to know USA is literally Nazi Germany but better at hiding
| their dirty secrets.
| walterbell wrote:
| Avoid phones which flash plaintext password characters onscreen
| during typing, visible to any nearby video camera for
| record/replay.
| LoganDark wrote:
| Could police ever compel me to provide the passcode or even an
| unlocked device if I have a dissociative disorder that can't even
| guarantee my own knowledge of the passcode? It's entirely
| possible for me to lose access to it without being able to help
| myself and it'd be a real shame if they thought I was lying then.
| Fun thought experiment, though.
___________________________________________________________________
(page generated 2023-12-15 23:00 UTC)