
Feds Walk into a Building and Demand Everyone's Fingerprints to Open Phones - triplesec
http://www.forbes.com/sites/thomasbrewster/2016/10/16/doj-demands-mass-fingerprint-seizure-to-open-iphones
======
M_Grey
Just another reason to forgo the convenience of biometrics in favor of a
password/phrase that exists only in your mind. At least for now, that's
something you can't be compelled to produce.

Really though, this descent into a police state is such a pathetic outcome for
this country. Dangerous, scary, and tragic, but also... pathetic. This is what
happens when a sizeable majority don't even participate in the electoral
process, and those who do are overwhelmingly mindless.

~~~
eternalban
Reading this from the Forbes article:
[https://assets.documentcloud.org/documents/3143273/Mass-
Fing...](https://assets.documentcloud.org/documents/3143273/Mass-Fingerprint-
Case-Redacted-Copy-1.pdf)

Relevant bits start at page 5 (III - LEGAL DISCUSSION).

    
    
        Compelling a person to provide his or her fingerprint does not
        implicate, let alone violate, the Fifth Amendment. "[B]oth
        federal and state courts have usually held that [the Fifth
        Amendment] offers no protection against compulsion to submit
        to fingerprinting."
    
        Schmerber v. California, 384 U.S. 757, 764 (1966). 
    
        That is so because the Fifth Amenmendment privilege against self-
        incrimination only prevents the use against an accused of
        testimonial or communicative evidence obtained from him.
    

and yet here they are as a matter of fact seeking "communicative evidence".

~~~
teekert
But my phone is mine, it contains deeply personal things that I put on there
without the intention of sharing them. How is forcing me to unlock my phone
anything other than forcing me to testifying against myself?

If they could, they would read your mind too.

~~~
ChoHag
How about we stop expecting "justice" to work in our favour and start
_forcing_ it to work in our favour?

If you don't want anybody to be able to take your stuff, don't make it
possible for somebody to take your stuff. A piece of paper saying something
isn't permitted is not going to stop it happening.

~~~
teekert
If the piece of paper says I can be forced to tell them my password, they will
try to force me... and I will give my password. You can simply put people in
jail for not disclosing their password, when the law provides these means.

------
jlgaddis
In the legal filing, the government says (in a footnote) that there is no
Fifth Amendment issue because the Fifth protects against self-incrimination
but that, here, _no one has been charged with a crime_.

The government is on a "fishing expedition" \-- obtaining a warrant to search
the phones so that they can (hopefully) find evidence. As mentioned in the
article, it doesn't work that way (they're going about it backwards).

------
stryk
This is one reason I've always wanted to have two separate authentication
credentials for one user. Unfortunately, I've yet to find an acceptable or
easy way to implement that on any device that would need it (your phone, your
laptop, any device which you want to keep stuff private). For example: have
one authentication method that unlocks the device to the typical desktop
environment, command line, or whatever -- just a typical GUI that people would
expect to see upon logging in. And then have another (hidden) authentication
method to unlock the device into the REAL meat & potatoes. Useful for
situations like this when law enforcement demands it, or when TSA/Customs in a
foreign country demand you open and boot your laptop at a foreign airport. Is
there any way to implement this on Android, iOS, GNU/Linux, or Windows?

~~~
viral_krieger
I think Qubes OS
([https://en.wikipedia.org/wiki/Qubes_OS](https://en.wikipedia.org/wiki/Qubes_OS))
does something similar to what you're looking for. You can set it up so when
you login your "qube" (The virtual machine you're currently using) is a normal
looking operating system that doesn't have access to any of your protected
files. You can then load up your protected files and programs by starting
another password protected "qube", which is similar to starting another VM.

~~~
stryk
This looks very, very interesting. I'll have a deeper look into Qubes this
weekend for sure. I wonder how good their repos are in terms of up-to-date
packages and software

------
yardie
This is why my unlock is not tied to biometrics. Once I realized the
government can compel you to unlock your phone without a warrant using your
fingerprint it became a much less compelling feature. The same for facial
recognition.

~~~
candiodari
Do you travel ? In much if not all of Europe not giving your password, even to
a random search when passing through (not entering the country), is a crime.
Therefore legal advice is to provide custom agents and other police with
access to any device upon request and then.

~~~
mirimir
Right. So just don't keep anything sensitive on the phone. Whenever crossing
borders or otherwise subject to search and seizure, carry blank devices.
Access sensitive stuff from secure online repositories.

~~~
nickpsecurity
Exactly. I'd even do locally-sourced hardware if the device ever leaves my
site or they plug anything into it. Download the data via a VPN to be stored
in an encrypted container. Upload and wipe it when you're done for your next
round back. Not as much trouble as one would think if you use easy disk
encryption, VPN, and syncing. I don't have an up-to-date recommendation on
what combo to use, though.

~~~
glasz
yeah. while the two of you deal with stupid workarounds that work for only
you, i'll rather try and fix the issue.

~~~
mirimir
Do you think that corporations allow staff to carry sensitive information
across borders?

~~~
nickpsecurity
Have you seen the "information security" at most companies? It's anywhere from
bad to horrible. Yeah, that's a possibility except at those with teams that
would think about border searches.

------
Kudos
If my device has been powered off, it can't be unlocked with a fingerprint.
For me that's enough of a trade-off to take the risk.

~~~
boulos
I was going to say the same thing, but then the article says:

> For that reason, the warrant authorizes the seizure of ‘passwords,
> encryption keys, and other access devices that may be necessary to access
> the device,’” the document read.

So the "power off the device, now it's a password" seems to be something they
were prepared for. The article is unclear as to whether or not this was
granted, but if so it'd be seemingly unprecedented.

~~~
superchink
Would that hold up? Isn't sharing of a password protected?

------
crooked-v
I have to wonder what sort of technical measures could be implemented to make
biometric systems as legally secure as passwords while still retaining
something like the same convenience.

The first thing that comes to mind for me is the Apple patent on recognizing a
fingerprint anywhere on the phone's surface, and using that in combination
with Android-style lock screen patterns. A lock screen pattern isn't nearly as
secure as a full password, but it could serve a similar legal role.

~~~
nbadg
While I'm all for the idea that sometimes you have to make do with what tools
you have available, why are we looking for technical solutions to a legal (or
perhaps even philosophical) problem?

Philosophically and legally I am firmly convinced that we should treat
information, and therefore data, as an extension of consciousness. Information
is only meaningful because we have the conscious capacity to interpret it;
digital data is a "memory aid", a tool we use to expand our everyday capacity
to interact with information. Data is not analogous to a physical object; any
discussion about ownership, or transfer rights (and so forth) is inherently
based on a flawed premise.

Directly descendant from that argument is that privacy is irrelevant, that
instead, individual agency is what matters. Privacy is a decision not to share
information, but that means privacy is only possible given the agency to make
that decision. Any serviceable definition of information agency implies, at
the very least, having control over the creation, retention, and sharing of
data, which is so much more than privacy. And when you start looking at it
that way, it becomes clear that our conversations around incidents like OP's
link should happen around the _fifth_ amendment, and not the fourth.

When I talk to tech people about this, they (typically) emphatically agree.
When I talk to lawyers about it, their response is much less enthusiastic:
"That's an interesting perspective, but it's not really supported by existing
case law." If all we're doing is piling technical circumventions on top of bad
policy, we're stuck in an arms race. What we need is a shift in legal
attitudes towards information; that's the only sustainable outcome here. We
need a cogent legal and philosophical argument, one rooted in existing,
accepted principles, that makes a solid case for a new paradigm surrounding
data.

~~~
M_Grey
Hi, my name is Grey. My voice is my password, verify me. Seriously though,
would it really be a challenge to simulate someone's speech in that way? If
the key element which makes a system secure is the biometric side, then that's
still the point to attack legally and otherwise.

------
angry_octet
A good reason to have a timer on the fingerprint authentication mode, so after
eg half an hour you have to type your pin too.

This would also help them remember their pin which people can forget amazingly
easily... It can be weeks between using it on iOS.

------
kyled
Not a fan of solely using fingerprints for authentication. Good systems allow
you to rotate keys. I only got 10 fingerprints.

~~~
helthanatos
Good passkeys also should only exist to be checked on the device. Fingerprints
can be in databases and on the device itself. Not sure how fingerprint
scanners react to replicated fingerprints, but the right people can probably
replicate them pretty well. I would only consider a fingerprint a more secure
authentication measure because it can't be recorded by cameras.

~~~
c22
Finger prints can be (and have been) recorded by cameras.

~~~
helthanatos
I meant it's a lot harder to record fingerprints... It's relatively easy for a
camera from almost any angle to record touches on the phone (especially with
many phone's animations that show the number touched)

------
pmorici
Maybe I missed it but I skimmed the legal document and didn't see anywhere
where it indicates the police actually have any kind of probable cause. Was
this literally just some fishing expedition against a household's phones?

------
kabdib
Duress fingerprints. 'nuff said.

Or a configurable timeout, rather than the apparently hard-coded 48 hours.

Or ask for a PIN if the phone's radio detects many more other radios in the
vicinity than a few minutes ago ("Because you might be under duress, please
enter a PIN now.")

Or if a phone has been sitting on a flat surface for a while, require a PIN.

Or require a PIN if the phone is tapped with a duress code ("Shave-and-a-hair-
cut"). Could be pretty subtle.

Countermeasures like this are useful both against thieves (who might want to
unlock your phone and get access to your accounts) as well as against state
actors (ditto).

~~~
politekc
Touch ID is set to require a passcode after five failed attempts, One could
use an unregistered finger or knuckle to intentionally fail the five attempts
and force a passcode requirement.

~~~
splicer
Or just force a shutdown by holding the power button. A passcode is needed on
boot.

------
dimino
Just turn off your phones, can't unlock Android, at least, without the code,
after startup.

~~~
P4u1
I was going to say the same thing. Likewise for iOS. Not that I have anything
to hide, but if I didn't want to comply in such a situation, I would turn my
phone off, game over.

------
pm24601
And this is why I don't use my fingerprint, passcode only for me.

~~~
carterehsmith
I am curious.

So... how often are you actually in a situation like that? You know, police
with a search warrant.

Or, do you feel that there is a reasonable possibility that will happen to
you?

~~~
abgawrv
It does happen by mistake. My apartment was raided by police and I know four
others who have been raided too. In two of those cases, the people who were
raided had nothing to do with any kind of illegal activity. The other three
were drug related, of course.

~~~
carterehsmith
That sucks, sure. Did they actually ask you to unlock your phone?

~~~
abgawrv
I've never owned a smart phone. At the time I would've had some prepaid flip
phone, and fortunately I was pretty consistent about keeping those out of the
house.

------
prophesi
The title sounds like the start of a good joke.

------
sliverstorm
I don't know that withholding your fingerprint to keep your phone locked would
work, anyway. They already have my fingerprint on file, and likely most of
everyone else's, in the DMV records.

I'm not sure if fingerprint scanners have been defeated using ink prints yet,
but it's just a matter of time, I suspect.

Fingerprints are established as identification, which makes them necessarily
not private/secret.

------
jamesfisher
Your fingerprint is your username, not your password.

------
disposablezero
Our new startup is an emergency fingerprint-dissolving appliance: nose-plugs
and novcaine are premium features, but you can DIY burn the skin of your
fingerprint pads off for free with lasers. Next year, we'll also have a
slicing add-on product in this category which complements the lasering for
extra tinfoil security. We also plan to heavily encourage apps and
accessories.

;)

------
boulos
A bunch of people mentioned turning off the device, to require a pin or
password. The article though explicitly seems to claim the warrant included
anything imaginable to unlock a device:

> For that reason, the warrant authorizes the seizure of ‘passwords,
> encryption keys, and other access devices that may be necessary to access
> the device,’” the document read.

------
tomohawk
This seems more like a 4th amendment issue. It's great that they got a
warrant, but the warrant is unbelievably broad. I can't imagine a similar one
enabling law enforcement officers to conduct strip / body cavity searches of
everyone in the building. Or, allowing the officers to search all of the
vehicles in the parking lot.

------
jwatte
Fingerprints are user names, not passwords.

------
delegate
One solution is to configure a finger which, when scanned, erases the phone.
Or maybe the finger triggers a 'enter unlock pin' dialog - with a secret code
that erases all data.. Not sure if you can do that from an app - probably no -
so Apple should step in here...

------
kordless
How about an app that locks down your phone when it scans one particular
fingerprint?

------
sjs382
Just a quick hack around this... Android phones (at least those with the
latest OS) will require you to enter a PIN the first unlock after a reboot. If
you get a chance to restart your phone, do so.

------
paulsutter
Phones need a feature to require the passcode after n minutes of non-use. No
that wouldn't solve all the problems with fingerprints to unlock, but it would
reduce the scope considerably.

------
appleflaxen
at this point, hardware vendors should just stop making these. It's always
been a gimmick; it's just run it's course.

~~~
cooper12
You got downvoted but it's true. People unlocked their phones just fine before
with pins or patterns. The time saved is marginal. Fingerprints need to go the
way of facial recognition to unlock. Unfortunately as these get more popular
even more people will find ways to doctor fingerprints.

------
Houshalter
Stupid question, is there an easy way in chrome to block javascript on
specific sites? I just get redirected to a blank page.

------
hippich
fingerprint (or face) is not a password, it is login.

------
natch
Working link:

[http://www.forbes.com/sites/thomasbrewster/2016/10/16/doj-
de...](http://www.forbes.com/sites/thomasbrewster/2016/10/16/doj-demands-mass-
fingerprint-seizure-to-open-iphones/)

