
Feds Can't Force You to Unlock Your iPhone with Finger or Face, Judge Rules - koolba
https://www.forbes.com/sites/thomasbrewster/2019/01/14/feds-cant-force-you-to-unlock-your-iphone-with-finger-or-face-judge-rules/#12fbd51842b7
======
jakelazaroff
Relevant excerpt:

 _> “The undersigned finds that a biometric feature is analogous to the 20
nonverbal, physiological responses elicited during a polygraph test, which are
used to determine guilt or innocence, and are considered testimonial.”_

So it's analogous to a passcode because you're divulging something stored by
your body, as opposed to e.g. a metal key which is artificial.

Tangentially related, it's astounding to me that polygraphs are still
considered valid evidence given how widely they've been discredited.

~~~
derekp7
I thought that polygraphs were not accepted as evidence in court, but are
still used by some government and private agencies.

Also, just curious, have they been discredited as in that double-blind trials
show no more than a 50/50 chance of being correct (i.e., flipping a coin)? Or
is it that a high enough percentage of people will fail them even if innocent,
or pass them even if guilty?

The thing I don't like about them is the method of reading them, where it is
up to the subjective judgment of the examiner. That is, there isn't an
algorithm that can be written down so that, for example, an untrained person
or computer program can read it (and therefore be subjected to large enough
random tests).

~~~
zik
> have they been discredited as in that double-blind trials show no more than
> a 50/50 chance of being correct?

Yes. The reading of polygraphs is very subjective and it's been found that
they reflect only whether the person administering the test thinks the subject
is guilty.

~~~
darkpuma
They also reflect whether or not the subject of the test believes the test
works. In practice polygraphs are used as a form of psychological torture,
used to frighten people into giving confessions.

Of course whether a polygraph can frighten an innocent person enough to
falsely confess is another matter, but if the subject is guilty _and_
understands how polygraphs (don't) work, they can deceive the person
administering the test very easily. There is no shortage of spies that have
passed polygraphs regularly and reliably with flying colors.

~~~
wahern
Obligatory scene from The Wire:
[https://youtu.be/AJ5aIvjNgao?t=115](https://youtu.be/AJ5aIvjNgao?t=115)

------
supernova87a
I doubt this will hold up.

You can be compelled by a court to have your blood withdrawn if a warrant is
issued while you're under suspicion of DUI. Why would it not be similarly
allowable to have your finger placed on the unlock button?

Testimonial privilege (against being forced to testify) is about not being
made to say / speak statements against your own prosecution. Speech.
Testimony.

Having evidence taken is not forcing you to speak, testify, or make a
statement, at least in the current interpretation of evidence.

This ruling is not for sure at all.

~~~
arcturus17
In the eyes of the law, how is this different to being compelled to give your
passcode though? Of course it’s easier and they could maybe even unlock a
phone with your corpse but in jurisdictions where the law protects the
individual’s privacy above all else this shouldn’t make a difference.

~~~
supernova87a
It is fundamentally, very importantly, different.

Being compelled to say / give your password is forcing you to admit or testify
that you know the code and can unlock your phone. You can choose not to give
testimony (statements) that could be used against you.

On the other hand, if you are in possession of a physical key or code written
on a piece of paper... or fingerprint... you can be compelled to turn that
piece of evidence over to the government.

~~~
pc86
And this ruling is simply stating that your fingerprint is more akin to
testimony than it is to an object. I personally don't think it will stand up
(unfortunately) but for the moment, in this jurisdiction, it will.

------
kevin_b_er
I won't believe this ruling is safe until it goes thru higher levels. The
Executive Branch has over the past 2 decades has shown a large propensity for
attempts to disregard the 4th and 5th amendments, and I see no change in this
posture or the attempts to subvert them with the current political climate.

~~~
burtonator
Bio identification is for usernames... not passwords.

NEVER use a fingerprint or an iris scan for a password. That's insane!

Just don't do it.

~~~
chrischen
Well out of convenience you kind of have to. But if you really wanted to you
can just disable it at ports of entry.

~~~
Scoundreller
Which is easy enough to do on iOS: Hit the sleep/wake button 5 times quickly.

~~~
jonahhorowitz
Careful - after iOS 12 that defaults to calling 911 for you (while also
locking your device). You can change that in the settings though.

~~~
CamperBob2
Correct, I just did this yesterday while idly fidgeting around with my phone.
Fortunately I cancelled it in time to avoid creating a false alarm. Glad to
hear it can be turned off, doing that now. WTF were they thinking, making it
so easy to trigger by accident?

(Edit: OK, I'm confused. There doesn't seem to be an option to disable the
emergency trigger entirely, but there's an "Auto Call" slider whose
relationship to the feature is unclear. This slider is turned off, yet the
phone still went into emergency mode when I clicked the button a few times.
What a half-assed feature, sadly typical of Apple's work lately.)

~~~
URSpider94
They made it easy to trigger so that people can use it as a panic button. That
was a customer request.

~~~
CamperBob2
Apple gets a lot of customer requests, 99.9% of which they ignore, and 95% of
which they _should_ ignore. This was a funny one for them to select for
implementation.

------
scarface74
This nice and all in theory but looking through the lens of reality where
police are legally allowed to lie to get a confession - claiming they have
evidence that they don’t have to coerce a confession and seeing that “rubber
hose decryption” is real, it really doesn’t mean much in practice.

Edit:

Since people don’t seem to believe that police are actually legally allowed to
lie during an interrogation:

[https://www.njmoorelaw.com/10-ways-police-can-lie-to-
you](https://www.njmoorelaw.com/10-ways-police-can-lie-to-you)

~~~
oskkejdjdkjd
Police are absolutely allowed to lie during an interrogation. I’ve seen it
done multiple times. The most disturbing interrogation I’ve ever seen was
actually the one where a teenager murdered his own father while under the
influence of magic mushrooms. He was taken into the interrogation room shortly
after the murder but enough time had elapsed that he was sober and just
starting to understand the gravity of what he had done. The police sent in a
soft-voiced female who spoke in a very caring and patient way. 99/100 people
who watch that interrogation video would say that the woman was a therapist or
councilor of some kind. Everything she asked and stated appeared to concern
the wellbeing of this kid and the resolution of the terrible even that had
taken place. In reality, everything she did was a cunning ploy with some kind
of hidden goal. The entire interaction was calculated to extract information
from him, very specific information, to be used against him in court. Every
tangent of questioning she went on, seemingly random to the untrained eye, was
highly specific in its value in a legal context.

An interrogation like this is not an example of outright lying, which is legal
and commonly practiced, but it is much more sinister. It is an example of an
interrogator assuming another identity and drawing the suspect into a false
sense of warmth and security in order to make the suspect incriminate himself.
To me, it is the same as having a conversation with your mother after a
traumatic event, only to see her rip her own face off, a mask, to reveal the
grotesque face of a police interrogator, and then going to jail for what you
disclosed. Absolutely terrifying and dystopian. You absolutely must be
proactive and protect yourself in this world. Even in “free” countries like
the USA.
[https://youtu.be/rBpDHJIwcUk?t=1495](https://youtu.be/rBpDHJIwcUk?t=1495)

TLDR: the police are allowed to lie to you
[https://youtu.be/_WnhP91NJeU?t=1600](https://youtu.be/_WnhP91NJeU?t=1600)

~~~
baroffoos
Did you expect the guy to get off free for murder?

~~~
mLuby
Guilt is orthogonal to due process. What if the kid hadn't committed the
murder but was duped into making incriminating statements anyway? Furthermore,
considering testimony given while under the influence is ridiculous.

~~~
darkpuma
> _" What if the kid hadn't committed the murder but was duped into making
> incriminating statements anyway?"_

Then maybe it would make a better example for discussions like this. As it
stands, that anecdote is little more than _" the police are good at their jobs
and they caught a murderer which is unambiguously good for everybody, but what
if they were instead using their skills for something bad?"_

> _" Furthermore, considering testimony given while under the influence is
> ridiculous."_

I'm sorry but expecting cops to never talk to drunk people is just absurd.
There are plenty of valid objections to modern policing, but this isn't one of
them.

~~~
oskkejdjdkjd
As long as a witch is burned who cares how they did it? Cops lying and
deceiving is fundamentally wrong. Don’t pretend that it’s required for police
to get convictions. There are other ways.

~~~
darkpuma
Comparing the arrest of a murder to witch hunting is absurd. You know that's
absurd, you don't need me to explain it to you.

> _" Cops lying"_

You already admitted the cops in your example didn't lie. They're guilty only
of having a calm demeanor when interrogating a murder suspect, which for some
reason you consider morally abhorrent.

~~~
oskkejdjdkjd
I went through ur comment history and I have to say that I respect you.

It isn’t meant to directly compare this to witch hunting. It’s a case of
people overlooking brutality because witches are bad anyway right? There are
zillions of examples of this. It’s the concept that’s important. Saying that
the technique of lying is ok because it gets rid or murderers is wrong
especially in light of the fact that there are other ways to do it.

And yes, there is a grey area where interrogators don’t outright lie but are
still highly deceptive. I don’t care about the grey area, I just care that
police are allowed to outright lie. That is not grey. The example that I
illustrated reveals how sinister the police can be. It is more emotionally
stirring than mechanical lying. But the interrogator did reveal her title and
so whatever. Seriously twisted still. But making outright lying routine is
wrong. I don’t want to live in a world where police tell flat out lies to
people. That is why we have Miranda rights. Under your logic there should be
no reading of Miranda rights, allowing the police to tell the suspect
literally anything like “if you don’t confess we will do x” or “you have to
tell us something or you’ll be locked up forever” or whatever. Miranda rights
exist for an extremely good reason. And stopping outright lying is a
continuation of the spirit of Miranda rights.

------
nerflad
This might be a good time to let others know: Android (at least my OnePlus)
has a "Lockdown" mode in the shutdown menu that locks the screen and prevents
the usage of the biometric methods. You have to use the password. This is good
because passwords have already been hashed out in court and are unequivocally
protected by the fifth amendment; you don't have to tell an officer your
password (and entering it for them constitutes telling them).

~~~
miles
In iOS 11 and higher, you can disable Touch ID by pressing the power button 5
times in quick succession:

[https://www.macrumors.com/2017/08/17/ios-11-emergency-sos-
di...](https://www.macrumors.com/2017/08/17/ios-11-emergency-sos-disables-
touch-id/)

> _In iOS 11, Apple has added an "Emergency SOS" feature that's designed to
> give users a quick and easy way to summon emergency services should the need
> arise. As it turns out, there's a secondary benefit to Emergency SOS - it's
> also a way to quickly and discreetly disable Touch ID. ... This is a handy
> hidden feature because it allows Touch ID to be disabled discreetly in
> situations where someone might be able to force a phone to be unlocked with
> a fingerprint, such as a robbery or an arrest. With Touch ID disabled in
> this way, there is no way to physically unlock an iPhone with a finger
> without the device's passcode._

~~~
gph1234
"Pressing power button 5 times in quick succession" doesn't work on my iPhone
8 Plus running iOS 12. To achieve the same effect, I need to hold the power
button _and_ one of the volume buttons for a couple of seconds.

~~~
miles
Sorry - looks like the power button x5 trick only works on iPhone 7 and
earlier (had tested successfully on a 6S before posting):
[https://support.apple.com/en-us/HT208076](https://support.apple.com/en-
us/HT208076)

~~~
basil-rash
On later phones its power and volume simultaneously.

------
crazyc51
As a Root Android user, any time I have reason to believe that a situation
with the police is going to end even slightly bad on my end, I power off my
phone. And as a Root user I have several layers of security on all my devices.
I also take a mental note of what my battery percentage is at, that way I know
if my phone has been turned on at all.

As for a little back story on myself; I am wrongly labeled as a drug felon. My
wife (separated for over a year) decided to try meth shortly after our wedding
and got hooked in a bad way. I have a history with said drug and didn't want
her to try but she insisted saying that it would help her understand why I am
the way I am. I didn't know about her use of the drug and was in jail for 2
weeks because she had them in the car and I got pulled over and searched.
After my release the cops in the area basically harassed me by pulling me over
every other day at minimum. I was in and out of jail several times within 2
months. I had come into possession of the phone she had when I was in jail
because she got a new one and I always saved the old phones to test my rooting
and hacking skills with. Even though the phone was wiped, by her deleting all
of her account info and messages, I was able to do a text recovery on the
phone. I found in a few chats that she had with some of her friends and family
while I was in jail for the 2 weeks, her telling them that I was in jail for
her drugs. Of course everyone thinks that it's weed first, but we were in
Colorado, so she clarified that it was for meth.

Now because of specific laws I can't even use those messages to clear my name
and she won't take the stand to the law and accept her punishment for the use
of the drugs.

------
mirimir
As others have noted, this decision comes from a low-level court. And from
what I've seen recently, it won't stand.

Indeed, the basis of the opinion is iffy:

> “If a person cannot be compelled to provide a passcode because it is a
> testimonial communication, a person cannot be compelled to provide one’s
> finger, thumb, iris, face, or other biometric feature to unlock that same
> device,” the judge wrote.

Because defendants' right under the 5th to withhold passcodes is not at all
settled. And even if they can't be compelled, they can be jailed
_indefinitely_ for contempt of court. Even if, as that ex cop in Philadelphia
claims, they've forgotten it.

So anyway, this is iffy advice:

> The best advice for anyone concerned about government overreach into their
> smartphones: Stick to a strong alphanumeric passcode that you won’t be
> compelled to disclose.

~~~
brianpgordon
I didn't read the opinion but even the quotes that Forbes pulled are eyebrow-
raising. Like:

“The undersigned finds that a biometric feature is analogous to the 20
nonverbal, physiological responses elicited during a polygraph test, which are
used to determine guilt or innocence, and are considered testimonial.”

This is the kind of wacky magistrate judge ruling that I'm sure the US
Attorney rolls their eyes at.

------
pseingatl
It'll be just a short time before this is overturned. Fingerprints are non-
testimonial. So is a photograph of your face. So is a sample of your
handwriting. You can be forced to give a handwriting sample. As to polygraphs,
at the federal criminal level, they have been approved in only one federal
circuit, and then only under limited circumstances. See, U.S. v. Picinonna.
Despite this federal non-acceptance, they are widely used at the federal
administrative level for security clearances and the like. In the private
sector, there are little restrictions on their use. You could also use
divining rods, tarot cards, crystal balls and similar implements to discover
the truth of a statement if you wanted to. However you can't weight a person
down and throw him in the lake to see if he floats.

------
abalone
Tip 1, which most people know: To quickly disable Face/TouchID you can squeeze
left and right side buttons together (any combo) for two seconds to bring up
the power off display.

Tip 2, which probably most people don't know: If you aren't holding the phone
-- if someone shoves it in your face -- you can close your eyes to prevent
FaceID from working and say "Hey Siri, who's phone is this?"

Not that it's wise to do this to frustrate a violent attacker, but it might
work for some situations.

~~~
renholder
>...you can close your eyes to prevent FaceID from working and say "Hey Siri,
who's phone is this?"

That's specific to Apple and I wouldn't be surprised if that got you an
obstruction charge in the states. Plus, if you don't produce the password,
afterwards, you're now sitting in jail for contempt - even if you may have
_actually_ forgotten it.

It's a much safer avenue, legally, to just use a password to unlock the
device.

------
laurentl
Any idea if and how this ruling (if upheld) can be used to refuse phone
seizures / password requests by CBP when entering the country? The ruling
relies on the 5th amendment so its scope is limited to American citizens I
guess. And whatever the rule of law it’s probably not a good idea to piss off
a CBP agent... but still, it’d be nice to be able to travel to the US without
having to wipe one’s phone and social media accounts.

~~~
justadudeama
I highly doubt it, even for American citizens at the border. The "Border
search exception" pretty much says that anywhere within 100 miles of a
boarder, the fourth amendment doesn't apply[1]. I imagine they would make a
similar rule for the fifth amendment.

[1]
[https://en.wikipedia.org/wiki/Border_search_exception](https://en.wikipedia.org/wiki/Border_search_exception)

~~~
mikeash
Citizens can’t be denied entry. Worst case if you refuse to turn over your
phone password is a short (hours, maybe days) detention, and confiscation of
your phone.

Non-citizen admittance is at the discretion of the immigration officer and
they can turn you away for just about any reason.

Either way, yes, this ruling wouldn’t change anything there.

~~~
dylan604
they can detain you for a limited amount of time, but they can confiscate your
devices for an indefinite period.

~~~
mirimir
Well, you couldn't trust the device after they returned it. So losing it isn't
a problem.

The best option is not carrying devices across borders. Have whatever you need
online somewhere. Securely encrypted, of course. Buy a device at destination.
And discard it before return. That's accepted best practice for security-
conscious firms. They'll provide devices and online storage.

If you must carry a device in transit, it ought to be plain-vanilla, with
nothing sensitive on it. Again, security-conscious firms supply such devices
for staff. And private individuals can just say that they're too concerned
about theft to carry their primary devices.

~~~
baroffoos
Exactly. If the government takes your phone and gives it back its time to wipe
the phone and sell it. Restore a backup on to a new phone.

------
tptacek
My bet is that this doesn't stand, because (from the haphazard reading I've
done) it doesn't comport with the reasoning used to allow people to refuse
passwords, which is that the act of disclosing a password is a form of self-
testimony --- _not_ that rifling through a phone is intrinsically self-
testimony. If I understand correctly (and there are lawyers on HN who can
shoot this down) people have tried and failed to make this same claim about
breathalyzer and blood tests and failed.

Just having an opinion about the case isn't all that interesting, and other
people have said roughly the same thing on this thread, so what I'd like to
contribute is the offer to go in on a long bet _against_ the precedential
value of this particular case. If it's eventually overturned, $100 to the
charity of my choice; if it's exhausted procedurally and allowed to stand,
$100 to yours. Any takers?

~~~
tedunangst
But this ruling has to do with a sort of bulk unlock. Isn't there case law
that the police can't go around collecting blood from a whole group looking
for a match?

------
throw2016
There is something extremely disturbing about the state wanting to go through
your private papers.

The only way this should be possible in a democracy is rarely and only by due
process with a judge's order and ample safeguards, explicit conditions built
into the law with no room for abuse by 'friendly judges' or 'overzealous'
state machinery.

Anything else is a police state in the making. This is fundamental to the
definition of a democracy and you can't dilute this without diluting the
meaning of democracy at which point you should use some other word to describe
your system.

~~~
brokenmachine
This is 100% true.

I really wish the lobotomized "I have nothing to hide" sheep would understand
this.

For every one of these laws, you need to think about what a world in which
searches like this happened routinely to everyone - even the "good guys™" \-
would be like.

------
tjpnz
As someone not from the US how could you be compelled to unlock your device
using biometrics? Does this actually involve violence?

~~~
nubbins
Aren’t all laws ultimately backed by threat of force whether to take your
property or imprison you (not sure I’d call this violence)? You can be held in
contempt if you ignore a court order but I doubt they would like smash your
thumb down on the screen.

------
porpoisely
But can they seize your phone and crack it and look through your stuff without
your permission or getting a warrant/judicial oversight?

Otherwise, the only thing this does is add one extra step ( and additional
cost which doesn't matter since taxpayers are footing the bill ) for the Feds
to break into your phone.

~~~
spaceheeder
They do need a warrant now, although they did not used to, and obviously don't
need one if you hand an unlocked phone over upon request (same as if you go
along with 'let me see your backpack').

It's unlikely this ruling will be upheld since providing biometrics to unlock
a phone is difficult to construe as 'testimony' since it's performing an
action, like complying with a court order to unlock your front door in
response to a warrant should you not desire for the police to kick said door
in.

The biggest gray area currently is whether typing in a password is 'something
you do' or 'something you know', and you can find different precedent to
support both conclusions in US jurisprudence for the time being. Hopefully
SCOTUS will come down on the side of 'something you know' if/when such a case
ever makes it before them.

~~~
perpetualpatzer
> It's unlikely this ruling will be upheld since providing biometrics to
> unlock a phone is difficult to construe as 'testimony'

Agreed, feels like this rises and falls with the forced blood draws issue that
was decided in the 60s [0]. Maybe if you claim the phone isn't yours,
unlocking it with your face or password would be testimonial? Not sure if that
defense would survive them calling the number that was registered to you.

[0]
[https://en.wikipedia.org/wiki/Schmerber_v._California](https://en.wikipedia.org/wiki/Schmerber_v._California)

------
torstenvl
This is a magistrate's response to a warrant application. It doesn't have
_minimal_ jurisprudential value, it has _zero_ jurisprudential value.

The headline is wrong to even use the word "judge" \- at the federal level,
there is a meaningful distinction between a judge and a magistrate.

------
rocqua
If you fall asleep, can the police just hold your finger to your phone?

It seems very clear to me that this is not a testimonial act. Nor is their
'coercion' here in the communicative sense. I'm guessing there are other laws
that prevent police from handling your body to retrieve evidence, or at the
very least, laws that require a warrant for such actions.

------
Zak
> _Stick to a strong alphanumeric passcode that you won’t be compelled to
> disclose._

I can imagine this having value against criminals as well. The number of
people willing to beat a password out of a victim is smaller than the number
of people willing to hold a victim up against the wall for a second to press
their finger to a reader.

~~~
mamon
Except criminals that could beat you up on a street are not interested in your
data, they just want to sell the hardware and have money for drugs. It's
easier for them to just type wrong passcode 10 times and have the phone wipe
its whole content.

~~~
basil-rash
Does the wipe put it back into factory default mode? It was my understanding
that it would put it into a "locked to X user" mode, requiring an iCloud
password to reactivate.

------
adriancristi
As if a court order ever stopped a highly motivated group of people from using
technology however they wanted, with or without either your consent or the
consent of the company providing the technology platform ...

~~~
anigbrowl
Actually court orders do that all the time. Sure, it can't stop physical force
being used but it can invalidate the results for legal purposes.

------
__derek__
> U.S. District Court for the Northern District of California

Ah, OK, so this is as meaningful as the judge who decided that the ACA was
unconstitutional.

------
ChicagoBoy11
> The FAA would require that drones have “an anti-collision light illuminated
> and visible for at least three statute miles,” as well as testing and
> training.

I'm a private pilot, and I have the hardest time spotting airplane traffic
from 3sm miles away. Ready to sit back and have some popcorn reading articles
about how manufacturers are supposedly complying with this rule. Unless
there's some novel lighting technology I don't know about, this seems like a
nontrivial problem to me.

~~~
swarnie_
Wait.... What?

Did you get lost on your way here?
[https://news.ycombinator.com/item?id=18907490](https://news.ycombinator.com/item?id=18907490)

------
_Codemonkeyism
I guess they will just put your phone to your face and claim it was unlocked.

------
newnewpdro
So they just need to reproduce your likeness to unlock your poorly-secured
device? Sounds significant, when you're already in custody. /s

~~~
mikeash
And do so within 48 hours, and with enough fidelity not to trigger a lockout
with failed attempts.

~~~
newnewpdro
Sounds like a process that will be quickly automated and sold to law
enforcement for a pretty penny.

Immediately take retinal scan and face scan, fingerprint, and photograph. A
minute later a 3d-printed head and finger emerges back in the basement of the
station.

------
devilindetails
so, I get arrested and fall asleep and then the fingerprint reader works, so
is the face rockon, unlocking my phone... do not trust human mediocracy of law
enforcement or otherwise,

