
Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution - DiabloD3
https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution
======
kevincox
To me the most important reason that you can't be forced to disclose a
password is that it is impossible to prove that you know it at all. So you can
always say "I don't know it" or "I forgot it" so these constitutional rights
are basically ensuing you won't get tortured/harassed for something you
couldn't reveal.

However with fingerprints you can "prove" that you can't unlock the phone by
touching all the fingers to it so the problem doesn't apply.

Basicly there is nothing special about encrypted data, only the "data" inside
your head.

~~~
r00fus
On Apple's implementation, this wouldn't work; you're allowed five guesses
before it reverts to password only, and you have 10 fingers.

Theoretically, you could encode using a rare finger (left ring) and exhaust
the retries with the other ones.

So I'd argue also unconstitutional to force unlocking.

~~~
kevincox
Yes, I thought about this by it seems slightly removed from my core point.
They could force you to put whatever fingers they wanted on the sensor. Of
course if you can touch the wrong finger enough times before they get the
phone they are still out of luck.

My argument is that they can make you touch the sensor because that isn't
something you can prentend to not be able to do. It is somewhat immerterial if
it actually unlocks the phone or not.

------
oliwarner
I can still barely believe that ransacking people's devices and online
profiles without probable cause is considered —by CBP and currently, the law—
as a reasonable search.

And it's alright for Americans. You can just clam up and your right to return
will kick in (after some inconvenient hours). But if a Jonny Foreigner like me
tries that, I'm stuffed back on a plane after a thorough fisting because I was
resisting a search in a suspicious manner.

9/11 was horrible but if you think checking my Facebook profile and Whatsapp
messages _after_ the planes have landed is going to stop the next one, you're
almost as big an idiot at the guy running the show there.

I used to love travelling to America but it's not a holiday when you treat
your visitors like terrorists in front of their families.

------
otoburb
_" The Fifth Amendment privilege against compelled self-incrimination protects
“testimonial” communications. Testimonial communications are those that
require a person to use “the contents of his own mind” to communicate some
fact. Testimonial communications don’t have to be verbal; the key is that the
information conveyed must come from the suspect’s own mind. As we explain in
our brief, compelled passcode-based decryption is inherently testimonial—and
thus always prohibited by the Fifth Amendment [...]"_

The argument rests on testimonial communications, which doesn't seem to
include a fingerprint or other biometric-based unlocking mechanism since the
biometric markers do not from the suspect's own mind.

I'd imagine people would then point to the second "independent reason" the EFF
proceeds to articulate in their amicus brief whereby "the process of
decryption itself is testimonial because it involves translating
unintelligible, encrypted evidence into a form that can be used and understood
by investigators—again relying on the contents of the suspect’s mind". I hope
the second reason is sufficiently strong enough to qualify as testimonial
without the passcode/password-based phrase.

I hope I'm wrong here, but given the careful EFF wording, it seems that if
you're worried about this sort of thing it's simply best to disable biometric
capabilities for your device so you have both testimonial factors in your
favour.

~~~
edblarney
I don't think that the biometric issue has anything to do with it.

It's the content.

If you have something 'in a safe' \- can the police arbitrary require you to
unlock that safe to produce whatever is inside?

It's unlikely, without a warrant, no?

Passwords, biometrics - secondary issues.

Or perhaps a good analogy would be the 'locked in the glovebox' \- I don't
think police can require you to open it if it's locked, unless they have a
warrant.

Same for trunk, no?

~~~
otoburb
I'm not a lawyer. However, the amicus brief[1] is pretty good reading and
addresses your scenario above with a locked box, vault or safe. In those
instances, the "content" doesn't change (hence the decryption argument doesn't
apply here), but the method by which the lockbox is secured greatly matters
(page 13 of the brief):

 _" As the Supreme Court noted in Hubbell, the compelled entry of a safe’s
combination is testimonial because it requires the compelled use of the
“contents of [an individual’s] own mind” and is thus within the Fifth
Amendment’s privilege. [...] Meanwhile, the compelled production of a
lockbox’s key is not testimonial, because it involves “a mere physical act”."_

Thus, biometric data (i.e. the act of placing your face or finger near/on the
device to unlock) could be construed as a "mere physical act" as referenced in
the _U.S. vs. Hubbell_ Supreme Court case[2].

[1] [https://www.eff.org/document/us-v-mitchell-eff-and-aclu-
amic...](https://www.eff.org/document/us-v-mitchell-eff-and-aclu-amicus-brief)

[2]
[https://en.wikipedia.org/wiki/United_States_v._Hubbell](https://en.wikipedia.org/wiki/United_States_v._Hubbell)

~~~
edblarney
If that's true, it's ridiculous.

The issue at hand is that it's a 'locking mechanism' \- something that only
specific people can do, by virtue of the fact that they have a key, or
knowledge, or whatever.

Whether it's biometric, a password, or a padlock - is basically irrelevant to
the nature of the situation, I would hope that it's recognized as such
legally, although I admit I have no idea.

~~~
subway
As with all things legal, it's all up to the Judge(es), and how they decide to
interpret the law and your actions.

------
nafizh
Has any organization yet gone to the court regarding the same situation but at
borders and airports? This is also something that deserves urgent attention.
At the least, we need a clear ruling whether you can force people to open
their phone or laptop at the border(which you can at the moment).

------
codycraven
Regarding biometrics my Android supports unlocking with my fingerprint but
requires a password to decrypt at startup.

My planned solution is to power down my device whenever coming in contact with
authorities.

