
Google and Apple Won’t Unlock Your Phone, but a Court Can Make You - ademarre
http://www.wired.com/2014/09/google-apple-wont-unlock-phone-court-can-make
======
ctdonath
I'll offer my "rag doll testimony" IANAL axiom: re the 5th Amendment (right
against compelled self-incrimination) the court can only "compel" your
"testimony" insofar as they can manipulate your limp uncooperative body for
fingerprints, hair samples, and other non-invasive observations. Anything
inside your body, including blood & ideas, is yours to retain as you see fit.

Not perfect, but seems generally sensible. Have at it.

~~~
baddox
Depends on your definition of "compel." If the government offers you a choice
between you giving testimony or them making your life a living hell, I would
consider that compulsion.

~~~
ctdonath
Hence my putting 'compel' in quotes, and proceeding to define it.

The whole "testify or we'll make your life a living hell" thing should be
prosecuted via "violation of rights under color of law", which can carry some
pretty severe penalties.

------
a_c_s
Drawing a legal distinction between a password to unlock and a fingerprint to
unlock is absurd.

Legally, the method of restricting access (physical key, combination safe,
fingerprint, password) should have no bearing on whether somebody can be
compelled to provide access. A smartphone filled with documents should be
legally equivalent to a locked filing cabinet. Either both should be
compellable or neither.

~~~
rayiner
> Drawing a legal distinction between a password to unlock and a fingerprint
> to unlock is absurd.

Yes, but the distinction is drawn because privacy advocates don't have much
else to hang their hat on here. A court can compel you to open a locked filing
cabinet. That's open and shut. Saying that giving up a password is testimonial
leaves open an angle to distinguish cell phones from locked filing cabinets.

The purpose of the 5th amendment was to keep people from having to testify as
a witness against themselves, which has a very prejudicial effect on juries.
It was not intended to be a blanket protection against investigation of your
personal assets by court order.

~~~
DannyBee
I agree that privacy advocated don't have a lot to hang their hat on here.

However, just a few notes:

" Saying that giving up a password is testimonial leaves open an angle to
distinguish cell phones from locked filing cabinets."

Well, it is testimonial in some cases, as i'm sure you know. If the government
can essentially prove that they don't need your password to prove your
access/control to that device, they can often get your password. But there are
cases where it is testimonial. A laptop in a shared house for example, that
has encrypted child pornography. Part of their case will be proving it is your
laptop. If you dispute that fact, they aren't going to be able to prove it by
requesting you enter the password, even if they can prove you have the
password.

IE you are only generally protected from revealing it if revealing it would
establish something about access/control to the device the government can't
prove otherwise. With the caveat that if they offer immunity for using your
production in the prosecution, they can often get access.

Additionally, the government will almost never request the password itself,
because that is often considered specific testimony concerning a fact. They
will request you produce a document that is on the encrypted device, because
they are allowed to ask for that.

They will then offer immunity for the act of production.

See, for example, this order:
[http://federalevidence.com/pdf/Comput/Fricosu.Ord.1-23-12.pd...](http://federalevidence.com/pdf/Comput/Fricosu.Ord.1-23-12.pdf)
which says

"That the government SHALL BE precluded from using Ms. Fricosu’s act of
production of the unencrypted contents of the computer’s hard drive against
her in any prosecution".

~~~
dllthomas
I've seen discussion of this, but is it really different than producing (or
failing to) a physical key for a lockbox?

------
evo_9
Hey Apple/Google - add a new feature that allows me to set a second 'wipe
phone code'.

~~~
wyager
A better alternative is to have a second decryption code that allows you to
unlock the phone, but to a completely unrelated set of files. This would be
along the lines of a Truecrypt hidden volume. That way, the court can't get
pissed at you for deleting evidence.

~~~
DannyBee
So you think that hiding evidence is okay, but deleting evidence is not?

Can i start with a simple question, actually?

What is wrong with the authorities asking you to unlock your phone with a
court order?

~~~
wyager
>What is wrong with the authorities asking you to unlock your phone with a
court order?

The same thing that is wrong with the authorities asking me to incriminate
myself.

~~~
DannyBee
They literally are not the same. The police are not courts. The judiciary owns
interpretation of the constitution and enforcement of the laws.

The police asking you is literally not the same as a court asking you to.

~~~
wyager
>They literally are not the same. The police are not courts.

Right. If it's wrong for a court to force you to incriminate yourself, it's
definitely wrong for the police to do it.

The 5th amendment prohibits the courts from doing it, and even if it didn't I
would still think it was wrong.

~~~
DannyBee
"The 5th amendment prohibits the courts from doing it, and even if it didn't I
would still think it was wrong."

No, it does not. The fifth amendment does not allow you to hide or destroy
evidence. You can be ordered to produce things in your possession that you are
hiding. It's not a game where the fifth amendment says "well, if you hide a
murder weapon well enough, ..."

The founders believed the same, and that's how the fifth was written.

If the police can prove you are in possession of something, and that you are
the single owner/controller, you can be ordered to produce it, because the
goal is not to enable evidence hiding, but to avoid things like "torture".

The fifth amendment literally says a person cannot be compelled to give
"witness against himself".

It is referring to testimonial situations, like being put on the stand in your
own trial.

You are welcome to thing "this is wrong". You are welcome to try to convince
society of this. So far, not enough of society has bought it that it has been
changed.

You are always welcome to think things are immoral, but that does not change
what they actually say or mean.

------
joshfraser
Keep in mind a 4 digit passcode can by cracked in a matter of minutes by a
normal powered laptop.

~~~
r00fus
Apple's implementation makes this incredibly difficult given the 10-attempt
failsafe (wipes device) and increasing timeouts for failed login ("try again
in 1 hr" \- after 7th failed attempt).

Also even given a trivial passcode, if you use "complex passcode" and the same
4-character passcode, you've vastly increase the key search space with a minor
change to usability (esp. if you have touchID).

~~~
alasdair_
Isn't it standard to do all decryption attempts on a clone of the phone rather
than the phone itself? After ten attempts, just reset the copy and try again.

~~~
r00fus
This might have changed with iOS8 - apparently some of the vulnerabilities
have been closed: [http://9to5mac.com/2014/09/10/security-researcher-says-
many-...](http://9to5mac.com/2014/09/10/security-researcher-says-many-of-his-
ios-backdoor-vulnerabilities-are-fixed-in-ios-8-gm-but-not-all/)

The researcher does recommend never surrendering your phone unlocked however -
that guarantees someone can just hook it up to a USB connection, and tap
"trust", and then proceed to pull all your personal info and credentials out.

------
snake_plissken
Not related to smart phones, but with some something like GDBE where you can
set it up so that two keys are needed (one of which is stored locally, the
other provided by the user) to encrypt/decrypt, and the local key was deleted,
what could the court do? The evidence isn't necessarily destroyed, it just
cannot be decrypted.

~~~
dllthomas
_" The evidence isn't necessarily destroyed, it just cannot be decrypted."_

I don't think there is a meaningful distinction between "manipulated such that
it cannot be recovered" and "destroyed".

------
anthonye
Wow, having a hard time realizing that the fifth amendment doesn't apply as
much as I think it should...

------
grecy
> _Politely asking that you unlock it yourself, and letting you rot in a cell
> until you do._

Does anyone know the details of the second part of that sentence? Surely you
wouldn't be in jail indefinitely until you give the password...

~~~
slinkyavenger
You'll continually be found in contempt of court until you comply, until they
break through some other way, or until they get tired of dealing with you.

~~~
llamataboot
Interestingly and strangely enough, jail can only be used for contempt of
court when they believe that keeping you there has a chance of making you
comply. If you make a principled enough stand that you are never going to
comply, they legally have to let you out. In practice, this usually takes a
long time.

~~~
ChuckMcM
An excellent example of that was Greg Anderson [1], Barry Bonds alleged source
for Steroids.

[1]
[http://en.wikipedia.org/wiki/Greg_Anderson_%28trainer%29](http://en.wikipedia.org/wiki/Greg_Anderson_%28trainer%29)

