> “The undersigned finds that a biometric feature is analogous to the 20 nonverbal, physiological responses elicited during a polygraph test, which are used to determine guilt or innocence, and are considered testimonial.”
So it's analogous to a passcode because you're divulging something stored by your body, as opposed to e.g. a metal key which is artificial.
Tangentially related, it's astounding to me that polygraphs are still considered valid evidence given how widely they've been discredited.
Also, just curious, have they been discredited as in that double-blind trials show no more than a 50/50 chance of being correct (i.e., flipping a coin)? Or is it that a high enough percentage of people will fail them even if innocent, or pass them even if guilty?
The thing I don't like about them is the method of reading them, where it is up to the subjective judgment of the examiner. That is, there isn't an algorithm that can be written down so that, for example, an untrained person or computer program can read it (and therefore be subjected to large enough random tests).
Yes. The reading of polygraphs is very subjective and it's been found that they reflect only whether the person administering the test thinks the subject is guilty.
Of course whether a polygraph can frighten an innocent person enough to falsely confess is another matter, but if the subject is guilty and understands how polygraphs (don't) work, they can deceive the person administering the test very easily. There is no shortage of spies that have passed polygraphs regularly and reliably with flying colors.
Are "clearers" from Scientology any 'better' at reading a polygraph than non-"clearers"
>The rates of correct detection in guilty and innocent subjects were 86%, which was better than other previously used methods.
Eh, that sounds close enough to 'beyond a reasonable doubt', right?
Only if you "pass". Fail one and admissible or not, it'll be brought up.
That's not how it works, and even a public defender working 20 hour days who doesn't know their defendant's name would be able to get a mistrial.
"Look, I know your guy went for a polygraph, but you've not brought it up, so I assume he didn't do well. Here's what I can offer..."
This one's my favourite:
The jurors who used a Ouija board to find a murderer guilty - https://www.abc.net.au/news/2018-05-08/ouija-board-juror-mis...
I agree with all the skepticism of particular types of evidence in this thread including witness testimony and forensic evidence (I'd also add even confessions to this list). But this rather extreme conclusion doesn't follow. Evidence can be uncertain and hard to interpret, but still lead us to truth. You just need more than one data point.
In a typical criminal trial (assuming the defendant is guilty) the prosecution generally will not hang on a single dubious piece of evidence. They will often assemble a veritable mountain, if they can, because they know that a competent defense attorney will make sure that the jury knows better than anyone the various ways in which evidence can mislead.
This is not to say that everything is rosy in the criminal justice system, and that juries always get it right. There are lots of big problems: Juries are often mysterious and unreliable. Defense attorneys often do a bad job (meaning, among other things, that the prosecution can get sometimes get away with presenting a weak case based on shoddy evidence). And, lest we forget, huge numbers of criminal prosecutions end in a guilty plea, and never go to trial in the first place (sometimes for good reasons, sometimes for bad).
But I want to push back on the extreme notion that the outcome of every trial is all about rhetoric. Sure, it plays a role and some cases are better than others. But I've never seen one that was "entirely rhetoric and fudge-factor." (I'm sure it happens, but not often enough that I've ever seen it.)
>In one case, West claimed to have matched the bite marks in a half-eaten bologna sandwich to the defendant. The jury convicted. (The conviction was overturned on appeal when defense lawyers discovered that the autopsy report recorded a partial bologna sandwich in the stomach of the victim.)
Pretty much everything in forensic science turns out to be junk science over a long enough timeline. Hair, bite marks, fire progression, all junk. There's even a few cracks in the fingerprint wall. Don't get me started on all the field test kits of various types that LEOs use.
The only things that seem to be reliable are things that don't have their roots in forensic science (e.g. using DNA to identify people) and even then you still have to depend on a crime lab (run by the people doing the prosecuting) to not be sloppy.
Oh yeah. Not just incompetence, but actual malice. Recently in Massachusetts there were two high profile state forensic drug lab scandals: One where a chemist was functionally incapacitated by taking all the drugs she should have been testing , and one where the chemist was falsifying positive tests (!!!!!!) . More recently, the state police are known to be falsifying overtime records . I can't even begin to imagine what it's like in "stereotyped as corrupt" states.
Which CSI has done a wonderful job of turning into super-cops in the eyes of jurys.
For decades a rate of about 5% for hung juries was typical. In more recent years some jurisdictions have seen more than 20% of cases end in hung juries.  Some have seen this as evidence of a rise in jury nullification, but others have argued that it's due to the 'CSI Effect'  with these individuals believing that, because of shows like CSI, the standard of proof required for a conviction seems to be rising - along with a reduced weighting given to things like circumstantial evidence.
 - https://en.wikipedia.org/wiki/Jury_nullification
 - https://www.washingtonpost.com/wp-srv/national/jury080299.ht...
 - https://en.wikipedia.org/wiki/CSI_effect
* Taking the samples and using several solutions to snip them at given patterns.
* Taking another solution and promoting replication of the fragments.
* Using some dye and a weight sorting channel to bin the fragments by weight.
It's pretty useful for determining things like IF it is LIKELY that individuals are related.
It's also pretty good at confirming negatives (We're sure someone is NOT related to X).
It's not that great at confirming positives. That is, the results are both subjective and ambiguous given the hashing. A "positive" result here is really more of an "OK, it's likely we should run the real and expensive check, evaluate if someone might be a suspect by other merits, etc."
I would, offhand, consider a "positive" above to be enough evidence to produce /suspicion/ and /warrants/ to locate other specific evidence to ascertain an actual guilt or innocence based on harder evidence. If an actual "sequence the whole set of samples" option enters the realm of feasible tests then it would also warrant actually doing that.
Come to think of it, I'm not sure how the Ancestry/etc novelty DNA tests work. I'd assume they've isolated a few specific markers they're looking for and the processes are optimized towards identifying those and comparing combinations for those specific traits.
Not so, it’s a fairly excellent hash, one with few collisions. Better than a fingerprint. If it looks like your DNA, it most likely is.
Source: was an electrophoresis tech (not forensic) in a previous life.
And yes, the usual genetics sites do SNP tests, which are cheaper than full sequencing but mean that they only find what they’re already looking for.
The price of full sequencing is dropping rapidly, I look forward to it being a standard part of medical practice, it will save a lot of lives and improve quality of care.
Unfortunately all too often the DNA test result is used as proof of a hypothesis, not of the mere presence of surprisingly similar DNA in a swab sample.
I didn't outright say that, though; the idea was that I would prepare you for a story of a serial killer so well concealed that her existence could only be inferred from trace DNA, but THEN there's the surprise twist - there is no serial killer, it's a trick of human incompetency. BOOM!
The twist has a much greater effect because I didn't give it away at the start, but the twist also ties back in to my original statement about human incompetency - but NOT where you may have been expecting, and subverted expectations are a key part of surprise twists - and the story is also about DNA forensics. That's the previous subject again, the reader having been led around in an interesting and surprising circle.
During the suspect identification process I failed completely; the suspect was bald and had a spider tattoo on their face. I realised that I couldn’t even remember how they looked, it shocked me quite a lot. I assume it was the adrenaline.
They're considered a valid tool for coercion.
Stupid criminals who watch too much TV think they work and some cop comes in and says he failed a lie detector test and they confess.
In that way they actually do work.
Assuming all you want is a confession but if the person actually provides evidence of their own guilt they so be it.
They generally are not considered valid evidence.
The courts can differentiate it by saying that the legislature has written implied consent laws that cover what you are deemed to have consented to when operating a motor vehicle, and that the legislature has not written implied consent laws for cell phones/etc.
Right now it's a pretty easy case for the courts, though higher courts have justified much worse with much less.
It's possible a legislature could write implied consent laws for cell phones, but I don't think they have yet. Not sure if they'd withstand court review, but I am afraid they might.
Indeed - warrantless blood tests have been found unconstitutional by SCOTUS three years ago (Birchfield v. North Dakota).
Sometimes people are _so_ drunk they refuse to provide a sample without really comprehending that this will itself directly lead to getting arrested and prosecuted but minus any opportunity to get the results thrown out for any reason since it'll just come down to "Officer, did the suspect refuse consent to the required sample?".
You couldn't do that exact workaround in the US because of the Constitution, but I'm sure a creative work around can be invented.
The "workaround" in the United States is similar. When you apply for a driver's license, you agree to submit blood/breath/urine upon demand or lose said license automatically.
"the judge wrote that fingerprints and face scans were not the same as “physical evidence” when considered in a context where those body features would be used to unlock a phone."
It's the context of using those body features to unlock a phone, that makes them testimonial rather than physical evidence. Outside that context, they can still be physical evidence.
But does that mean the police can't use physical evidence to unlock your phone? I don't know if it's possible to get a fingerprint from a glass and use that to unlock a phone, but if it was, would that still be legal? What about if someone wrote their password on a note?
In the case of telephones, biometric data is being used to get access to something else.
And worse, these will provide opportunities for the state to build probable cause for a stop that otherwise might not exist.
I'm going to go with strongly disagree here.
I've be interviewed by police twice after being charged with crimes that carry potential prison sentences. The interviews are voluntary in the sense you're not required to answer any of the questions, and I could have chosen to wait in a cell for my lawyer to turn up days later ... but I volunteered to respond to each question by making a mockery of their questions and processes.
These people in authority, they are not there to help you, with their badges and their guns and their attitude problems, and I don't believe it's possible for someone to "volunteer" when such a power imbalance exists.
It's an absurd use of the word. You can't "volunteer" when the other person is carrying a gun.
"voluntary" - done, given, or acting of one's own free will. You said yourself that you could have waited, but decided not to.
Alternatively you could have just done a "no comment" interview, which - let's be honest - is what the lawyer would have advised you to do, no matter if you're guilty or not.
Also, shouldn't the act of entering someone's phone be analogous to entering someone's house? I.e., wouldn't a search warrant/court order be required?
You can be compelled by a court to have your blood withdrawn if a warrant is issued while you're under suspicion of DUI. Why would it not be similarly allowable to have your finger placed on the unlock button?
Testimonial privilege (against being forced to testify) is about not being made to say / speak statements against your own prosecution. Speech. Testimony.
Having evidence taken is not forcing you to speak, testify, or make a statement, at least in the current interpretation of evidence.
This ruling is not for sure at all.
But we can be be 'used' to build evidence. For example, being detained and forced to stand in a line-up so that a witness may recognise you. Or having your speech recorded, so it may be compared to a criminal telephone recording. Or having your fingerprint taken to be compare to fingerprints found at a crimescene. Having your key be taken to unlock a vault which is suspected to contain stolen items. Or indeed, having your finger or face scanned to unlock the same thing.
These seem like fundamentally different things, one which may lead to improper judgements, another which leads to generally reasonable judgements.
Being compelled to say / give your password is forcing you to admit or testify that you know the code and can unlock your phone. You can choose not to give testimony (statements) that could be used against you.
On the other hand, if you are in possession of a physical key or code written on a piece of paper... or fingerprint... you can be compelled to turn that piece of evidence over to the government.
In some sense, the issue here is that we use fingerprints as authorization whilst they should be authentication.
As the article states, polygraph results are (were) legally considered testimony. That's the results, not what you actually said. So "testimony === speech" is incorrect at both the practical and the legal level. This court is simply saying that your fingerprint is much closer to testimony than it is to objective chemical proof of a crime, as in your blood draw DUI/DWI example.
It's by no mean secret, although somewhat unique to the individual.
Even the 9th circuit appeals court upholding this ruling wouldnt be something to trust
This part of the country simply doesnt have consensus with the rest and doesnt have power over the constitution, whether I like the ruling or not.
Also you should occasionally read things that you disagree with, if only to test your own assumptions and prejudices about yourself and the world around you. It makes you an objectively better person.
What does your second paragraph have to do with anything mentioned in this thread
Yes - right now, there are people being held indefinitely for not decrypting hard drives the US . The law used is: "All Writs Act (28 U.S.C. § 1651)". As one judge said, "We don't want your password - we just want the hard drives in unencrypted state."
However, the story you linked is about a _police officer_ who was suspected of child pornography. His sister reported him to the police and 'content stored on the encrypted hard drive matched file hashes for known child pornography content'.
How can you look in the mirror and think he should go free without the evidence being examined? I couldn't live in a world where a suspect could say "Well, I forgot the password" and walk away Scott-free on such an ugly crime.
This is the price we pay for an imperfect world, I'd rather a few murderers walk than many innocent men be imprisoned. Your balanced, nuanced idealism simply doesn't work at scale, you cannot assume that every judge, jury, and LEO will be good, so you've got to give the criminals rights even if you're pretty sure they're criminals.
As a judge or LEO I'd have a much harder time looking in the mirror knowing I stole an innocent man's life than knowing that I might not have stopped every criminal.
While circumstantial evidence would suggest the cop who is being asked to decrypt his computer is in fact guilty of at the very least looking at child porn, we don't know concretely, yet he is being jailed until the judge decides that he really won't release the password. Imagine a less scrupulous judge and a more innocent man, maybe he's trying to protect the identity of source, suddenly it doesn't seem fair that the man should be jailed, yet in a world where we can compel you to release the password both cases are the same.
If that's evidence enough to hold him in jail indefinitely then it's evidence enough to convict him. So convict him using it. There's no need to force him to self-incriminate.
If it's not evidence enough then the alternative to this is do good police work that doesn't require holding suspects in jail indefinitely until they incriminate themselves.
>I couldn't live in a world where a suspect could say "Well, I forgot the password" and walk away Scott-free on such an ugly crime.
What if it was a slightly different scenario. What if instead of encrypting the child porn he deleted it right before the police came in. Would it be ok if he was held in jail indefinitely until he confessed? What if we just hold all suspects in jail indefinitely until they confess?
> However, the story you linked...
Freedom only works when it also protects things you don't like. Because of that, the specifics of any one case are totally, completely irrelevant.
> I am a privacy advocate and understand the the law can...abuse a forced decryption law.
There is no sentence after that that justifies having a forced decryption law unless "I am a privacy advocate" is a lie, I'm sorry. You don't have to be a privacy advocate, that's fine, but don't wear that mantle if you're not willing to actually advocate for privacy. The entire point is that it doesn't matter what is being kept private.
Upvoted because while I disagree with your thought process it seems like a good-faith question.
Sounds like BS to me, how can they match hash of encrypted content without the key?
I can only surmise that this means that they scanned the content of the hard drives and found data sequences that matched some file hashes of known child pornography.
If they matched the hashes to data on the drive, the files are already on there unencrypted. Could be some space left by a now-deleted unencrypted partition, or maybe some leftover data in a temporary location where the data is saved before being encrypted.
Together with the witness testimony, that seems pretty compelling.
Right!? This sounds like, "We know you have it and we can see it, we just want the password to prove it was _you_ who did it."
Also, whilst I'm here, it does strike me as very odd that the justice system in the United States has such a raging evangelicalism about getting to the truth, that it will impose against a person's rights, just to get at that truth.
To refer to the old Eddie Izzard joke:
"If you commit perjury, I don't care. Don't give a shit. I don't think you should because you grade murder. You have Murder One and Murder Two. You realize that there can be a difference in the level of murder.
So there must be a difference in the level of perjury. Perjury One is when you're saying there's no Holocaust when, you know, 10 million people have died in it, and Perjury Nine, is when you said you shagged someone and you didn't."
The whole precept of the truth being this infallible end-gaol, which must be attained - no matter what, is just as abusively dehumanising as the phrase, "Well, if they weren't doing anything wrong..."
Sorry, wrong meeting... I'll see myself out.
Also, "content stored on the encrypted hard drive matched file hashes for known child pornography content" - this sounds like BS (but do feel free to correct me please), I am not aware of any full-disk-encryption software that stores the unencrypted hash of whole unencrypted files.
This is not novel. It’s always been the rule that the police can force you to turn over evidence in your possession, even though they can’t force you to serve as a “witness” against yourself. The idea that turning over a password is like forcing someone to testify against himself because it involves a mental recollection is already a very stretchy interpretation of the 5th amendment. Extending that even further to situations that aren’t testimonial in any way (Face ID or Touch ID) is hard to defend as a matter of Constitutional interpretation (even if you think it is good policy).
The background principle of the law is that courts are entitled to all the evidence so they can find the truth. The amendments are exceptions to those rules created for specific purposes. But they are exceptions; they are not the rule. To the extent that anyone is trying to “bypass” something, folks reading those amendments unreasonably broadly are trying to bypass the general rule in favor of discovering evidence.
the concept of privacy, outside of say, what a married couple do in the bedroom, didn’t really exist when the constitution was created.
devices that are essentially extensions to ones “self” in the digital world couldn’t even have been imagined, let alone the rights required to make that one as as free as the america that was being created.
And the 4th amendment did protect those things. But those protections also had limits. The police couldn’t get your diary from your desk without a warrant. But they were entitled to it with a proper warrant. The fact that you recorded your deepest thoughts and intimate affairs on a phone rather than a dairy or private correspondence shouldn’t change that.
additionally, one would have to prove an entry in a diary was written by the person that allegedly wrote it. or even that it was owned by that person.
i feel you’re being disingenuous with regard to how much of our lives get recorded, either directly or implicitly, on our devices. concerns on this level simply didn’t exist. giving law enforcement access to your phone is allowing for some level of intrusion into your mind.
i doubt the founding fathers were thinking about how your strava runs could be used to “testify” against yourself, if you happened to be in the wrong place at the wrong time.
It's a bit of a stretch, but I don't think it's _wholly_ without merit.
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Moreover, the 4th amendment is usually applied against state police. But the bill of rights originally didn’t apply to the states (until some clever interpretation of the 15th amendment). The state governments are not ones of explicitly enumerated powers. It makes no sense to interpret the 10th amendment to keep states from doing something because it’s not explicitly enumerated in the Constitution, when the whole point is that powers not enumerated are reserved to the States by default.
Unlocking a phone is just another fruit of the forbidden tree.
If you look at the last 20 years, giving law enforcement additional competency didn't improve anything.
If you have evidence of a crime on your phone, it must be part of the process.
There's nothing remotely unlawful about search of property so long as there is merit, oversight, warrant etc..
Ultimately, this will be no different than searching your car.
Now, the cops doing it without a warrant, shenanigans at the border, searchings stuff they should not be - this is all another matter entirely.
There will be some weird scenarios around people 'forgetting' passwords etc. but otherwise, it's just a new angle on the same old thing.
Those who would like to see better judicial reform I think should look elsewhere, into such issues as why/how warrants are issued, the transparency around them, etc..
With fingerprints or face scanning, neither of these is an issue. You put your fingerprint on the device, or you scan your face.
So, I think that forcing someone to reveal a secret that is purely in their head is fundamentally different than compelling other forms of access (physical keys, fingerprint scans, face scans, etc.). The physical access methods can be verified to either work or not. That's not true for mental secrets.
If that is the case then there should be no problem convicting him.
In a filesharing seneario it is common for feds to see what you got before the raid that grabs the physical drive.
The law is actually that physical features/etc can be compelled because they are not testimonial.
“[i]t is compulsion of the accused to exhibit his physical characteristics, not compulsion to disclose any knowledge he might have.”
United States v. Wade
"“the task that Diamond was compelled to perform—to provide his fingerprint—is no more testimonial than furnishing a blood sample, providing handwriting or voice exemplars, standing in a lineup, or wearing particular clothing.”"
State v. Diamond (This is a state case but applying the federal constitution).
Note also that fingerprints are almost always taken at booking, etc. They just aren't transferable in a way that lets the police use them to unlock the phone.
Passcodes, on the other hand are often testimonial. Entering the combination to a safe proves you probably had ownership/control of the safe, for example.
In those situations, generally the government has to be able to prove that you own it.
If they can, you will be forced to open the safe.
In the case of phones, the only interesting intermediate cases are phones where ownership can't be proven easily by other evidence.
(Note:I don't necessarily agree with these doctrines, but that is the current law)
Is this not also true for face/fingerprint ID? Proving the face/fingerprint ID proves you probably had ownership control of the device.
We treat biometrics like a secret (i.e. password), but really it's not much better than public information (i.e. username).
Forcing a suspect to divulge information that is directly incriminating will not stand constitutional review, regardless of the nature of the information.
You have the right to remain silent.
Or what if a suspects fingerprint was taken without his consent by the police, and compared against a fingerprint taken from the murder weapon? Is that self incrimination?
I'm not seeing the "self incrimination" angle for face or fingerprint scans here. For classical passwords yes, but not for biometrics.
It is admittedly a weaker argument from a pure physical standpoint but the law doesn't operate based upon that anyway. Any judge would throw out a request in discovery for the defendant to produce a recording confessing their guilt even for legitimate comparative purposes and many other requests or demands that would be unduly prejudicial for 5th amendment reasons.
If they have a warrant to check the phone, and if taking fingerprints of the arrested without consent has already been found constitutional, I just don't see a problem.
Consider the password case, you can't be compelled to give your password, but the government is allowed to throw all of their hacking prowess against your device to crack that password. They can even ask you about the name of your first pet to get through security questions. Though they can't compel you to answer truly regarding the name of your first pet.
Even if your encrypted laptop contains evidence, you cannot plead the fifth if the prosecutors know it’s there. As long as they can get a warrant and when they get the data say “see your honor? Here is the evidence we knew was there!”, it doesn’t fall under the fifth.
Self incrimination would be if you are charged with tax fraud and proof is on your encrypted drive and the prosecution knows this, but also on that drive is records of money laundering, a separate crime they do not know about. This is when pleading the fifth would apply. By decrypting the laptop, you would incriminate yourself in a second crime, that you were not being charged with. Presumably if you were coerced into decrypting the laptop in this case, you could use the argument that the money laundering evidence can not be admitted into court because it was obtained inappropriately.
IANAL and this ain’t legal advice. Stay in school kids.
It depends on what you are charged with.
In a case of say, possession of stolen information, the laws of possession applied to contraband such as drugs would likely apply.
Since the information wouldn't be in your actual possession(literally in your hands or on your person), then they would fall under constructive possession laws.
In most states, constructive possession has 3 parts --
1) You must have knowledge of the presence of the contraband
2) You must know of the contraband's illicit nature
3) You must have the ability to exercise dominion and control over the contraband.
If I slip an encrypted thumb drive full of stolen trade secrets into your suitcase at the airport, you're not automatically in possession of those things because, absent any other information, none of the rules above could be satisfied.
But, if you knew the encryption key to the thumb drive, then that is evidence against you and that knowledge would be protected under the 5th amendment.
If police find a random iPhone in your house that you share with a roommate, they would have to prove constructive possession to tie anything found on that device to you. Knowledge of the password, regardless of what the password is, would be protected under the 5th amendment.
In both cases, the authorities could not compel you to incriminate yourself by forcing you to disclose your knowledge of the password to the device.
IANAL either. If you are ever in such a situation, be prepared to sit in prison for 10 years while you work your way through the appellate courts, because you're in for a long battle.
That sounds like the 'foregone conclusion' doctrine.
When it is a 'foregone conclusion' that the data is present on a device, you can be compelled to produce that data by decryption. However, if you are so compelled, the fact that you were able to decrypt that data can't be used against you. So they will need another way to tie you to the data.
An example is if police saw you had classified documents on your computer (by e.g. a video camera) and later confiscate the computer and find it to be encrypted.
Usually, though, they are going to be after what the password is protecting. If you try to invoke the 5th claiming that admitting knowledge of the password itself would be incriminating, prosecutors can grant you immunity over that and that greatly reduces your 5th Amendment protections with regard to that particular subject.
Police: "We have a warrant for your apartment, let us in"
Suspect: "Sorry, I lost the key when I went hiking in the Rocky Mountains, there's no way in. Oh, and be aware that if you try to force your way in more than 5 times, the apartment will catch fire and destroy everything inside"
What would happen in this case? Can the suspect be held in contempt?
Nominally, the reason they check your bag at the airport is for security. But in the process they can find all sorts of other stuff that isn't dangerous to fly with but is illegal, e.g. marijuana. So the whole thing becomes an avenue to warrantless search.
You can't make the same argument about a computer or phone -- you can't bring down a plane or hurt anyone by having certain pictures on your hard drive. Anything you could do with a phone (e.g. trigger a bomb) would require some other physical infiltration, which hopefully would be caught by all the scanning and searching of people and baggage that we do already.
So I would hope that a sensible explicitly disallows this "airport loophole" in the process of bringing phone search into the normal legal process of warranted search... but I am doubtful. There are powerful people in the USA, UK, Australia, etc. would love the unfettered ability to search the phone of every air traveler.
I agree, the physical phone itself should be part of discovery. Authorities should be allowed to physically disassemble the phone and inspect its insides or run forensic tests on it.
The content on the phone is a matter of interpretation, subject to proper decryption. It is just an idea, no different from decoding ideas in somebody's journal. It makes no sense to talk about discovery of this.
A phone isn't a car. It's an extension of my brain. I use it to store memories that I offload from my brain. As an example I used to have 50 to 100 phone numbers memorized. Now I have zero because they are on the external part of my brain.
I see this as no different than having to decode the secret code in the ledger. You can see the encrypted data. I'm not required to decrypt it. (or am I? I don't know the law on coded ledgers)
Then access it. If you can't access, do good police work and (legally) acquire access to it. If the entire success of your case hinges on convincing someone to incriminate themselves by giving you the password, build a better case before arresting them or tipping them off to the investigation.
> Ultimately, this will be no different than searching your car.
This can be done 100% with the accused's intervention. A LEO can see something that gives them probable cause for a warrant. A locksmith can open the car or the LEO can simply break the window and unlock it.
Just because the police don't have the technical ability to get into a phone without the user's intervention doesn't mean that person should be forced to divulge information that could incriminate them.
But, unlocking a phone should come with a lot of paper work and checks and balances to ensure that it's done only when really required?
I imagine the situation with electronics will be similar. If a key to, say, an encrypted volume is stored on a flash drive then they may compel someone to produce it (analogous to a safe key). But if the drive is protected by a password, then the government cannot compel someone to provide the secret.
Another circuit will disagree with the 9th circuit and the supreme is forced to take the case, they wont uphold a novel 9th circuit ruling
There isnt an interpretation of the constitution possible for them to, and a the composition of the court makes this even more unlikely to pluck from thin air
NEVER use a fingerprint or an iris scan for a password. That's insane!
Just don't do it.
This idea that digital security is going to solve for physical violence is absurd unless you’re willing to die to protect your digital assets.
I feel like that's getting the threat model wrong. The mugger wants to spend as little time with you as possible. If a fingerprint is needed to make purchases, then it can actually be significantly better than a PIN, and even a PIN is a lot better than nothing because they have to memorize it.
But my response is to the belief that a security factor that cannot be directly taken by force is somehow more secure. If you’re guarding The Football, sure. You might actually be willing to die for that. If you’re willing to die rather than reveal your PIN to a mugger, though, your advice is not applicable to the vast majority of the population who value their lives more than their bank accounts.
I have noted that spiteful to lethal anti coercion measures seem surprisingly rare given the premium paid for security and even when a lesser value to human life is assigned. They would use ink bombs for robbers and not time delayed or remote triggered fragmentation bombs with the loot. I assume relative rarity and baseline risks (even military bases in hostile regions tend to restrict arms to the armory except for MPs, on duty soldiers, and maybe personal side arms for ranking officers who keep it holstered most of the time as opposed to readied) and margins are why even in places where security is tenuous enough that foreign businesses travel arrangements include at least one mercenary with an AK47 or its descendant as a guide, driver and bodyguard due to their guest being a relative king's ransom.
Theoretically ATMs could be fortress panopticons watched 24-7 and with a SWAT team readied to deal with compelled withdrawals but that just plain wouldn't be a sensible use of resources - cameras, willingness to write off or insure losses and policing makes far more sense.
edit: - sorry if it's annoying but for me it was a very graphical way to always remember this issue.
(Edit: OK, I'm confused. There doesn't seem to be an option to disable the emergency trigger entirely, but there's an "Auto Call" slider whose relationship to the feature is unclear. This slider is turned off, yet the phone still went into emergency mode when I clicked the button a few times. What a half-assed feature, sadly typical of Apple's work lately.)
What a sentence.
Replace every instance of "New Biometric Tech" with "Social Security Number".
Since people don’t seem to believe that police are actually legally allowed to lie during an interrogation:
An interrogation like this is not an example of outright lying, which is legal and commonly practiced, but it is much more sinister. It is an example of an interrogator assuming another identity and drawing the suspect into a false sense of warmth and security in order to make the suspect incriminate himself. To me, it is the same as having a conversation with your mother after a traumatic event, only to see her rip her own face off, a mask, to reveal the grotesque face of a police interrogator, and then going to jail for what you disclosed. Absolutely terrifying and dystopian. You absolutely must be proactive and protect yourself in this world. Even in “free” countries like the USA. https://youtu.be/rBpDHJIwcUk?t=1495
TLDR: the police are allowed to lie to you https://youtu.be/_WnhP91NJeU?t=1600
There are many, many, much worse examples.
The first one that comes to mind to me is when they interviewed that simple guy on the Netflix show, Making a Murderer. They basically told him everything would be ok if he just admitted to murdering someone, and prompted every detail by just badgering him. He had no idea how serious the charges were that he was admitting to, and clearly had no idea of the details of the murder until they prompted him. I'm sure he should have had a lawyer or guardian helping him, as you would with a child.
He's still in jail AFAIK.
Then maybe it would make a better example for discussions like this. As it stands, that anecdote is little more than "the police are good at their jobs and they caught a murderer which is unambiguously good for everybody, but what if they were instead using their skills for something bad?"
> "Furthermore, considering testimony given while under the influence is ridiculous."
I'm sorry but expecting cops to never talk to drunk people is just absurd. There are plenty of valid objections to modern policing, but this isn't one of them.
> "Cops lying"
You already admitted the cops in your example didn't lie. They're guilty only of having a calm demeanor when interrogating a murder suspect, which for some reason you consider morally abhorrent.
It isn’t meant to directly compare this to witch hunting. It’s a case of people overlooking brutality because witches are bad anyway right? There are zillions of examples of this. It’s the concept that’s important. Saying that the technique of lying is ok because it gets rid or murderers is wrong especially in light of the fact that there are other ways to do it.
And yes, there is a grey area where interrogators don’t outright lie but are still highly deceptive. I don’t care about the grey area, I just care that police are allowed to outright lie. That is not grey. The example that I illustrated reveals how sinister the police can be. It is more emotionally stirring than mechanical lying. But the interrogator did reveal her title and so whatever. Seriously twisted still. But making outright lying routine is wrong. I don’t want to live in a world where police tell flat out lies to people. That is why we have Miranda rights. Under your logic there should be no reading of Miranda rights, allowing the police to tell the suspect literally anything like “if you don’t confess we will do x” or “you have to tell us something or you’ll be locked up forever” or whatever. Miranda rights exist for an extremely good reason. And stopping outright lying is a continuation of the spirit of Miranda rights.
They just dont like what you say
> In iOS 11, Apple has added an "Emergency SOS" feature that's designed to give users a quick and easy way to summon emergency services should the need arise. As it turns out, there's a secondary benefit to Emergency SOS - it's also a way to quickly and discreetly disable Touch ID. ... This is a handy hidden feature because it allows Touch ID to be disabled discreetly in situations where someone might be able to force a phone to be unlocked with a fingerprint, such as a robbery or an arrest. With Touch ID disabled in this way, there is no way to physically unlock an iPhone with a finger without the device's passcode.
What does that mean? It calls 911 or the local equivalent? That doesn't seem like desired behavior if you're triggering it in anticipation of crossing a border.
I'd say it's better security practice to only use a passcode and, if you must use any biometrics, use an obscure finger (like the side of your pinky finger or something) - whilst also enabling the the auto-wipe feature after 10 failed login attempts.
IANAL but from what I understand of the current goings on in the states, the police have to tell you which digit to try. Just as a password is protected, knowledge of which digit and how it should be placed is also - technically - protected. Think of it like two-factor authentication: The fingerprint is what you are, which was can be used to unlock the phone, but divulging the "which finger and how it should be placed" is what you know.
I can't seem to find it but people were "hacking" the biometrics of Androids with 3D printed heads. The trade-off of convenience for security isn't really worth it.
Again, IANAL, and IMHO, and - if you care about privacy - you shouldn't use biometrics whatsoever but I understand the trade-offs between convenience and security and why so many people fall into that trap.
Waiting for a case where the FBI bangs down Google's door to get access to a locked Android phone before I make any assumptions about the security implications of that though.
As for a little back story on myself; I am wrongly labeled as a drug felon. My wife (separated for over a year) decided to try meth shortly after our wedding and got hooked in a bad way. I have a history with said drug and didn't want her to try but she insisted saying that it would help her understand why I am the way I am. I didn't know about her use of the drug and was in jail for 2 weeks because she had them in the car and I got pulled over and searched. After my release the cops in the area basically harassed me by pulling me over every other day at minimum. I was in and out of jail several times within 2 months. I had come into possession of the phone she had when I was in jail because she got a new one and I always saved the old phones to test my rooting and hacking skills with. Even though the phone was wiped, by her deleting all of her account info and messages, I was able to do a text recovery on the phone. I found in a few chats that she had with some of her friends and family while I was in jail for the 2 weeks, her telling them that I was in jail for her drugs. Of course everyone thinks that it's weed first, but we were in Colorado, so she clarified that it was for meth.
Now because of specific laws I can't even use those messages to clear my name and she won't take the stand to the law and accept her punishment for the use of the drugs.
Indeed, the basis of the opinion is iffy:
> “If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device,” the judge wrote.
Because defendants' right under the 5th to withhold passcodes is not at all settled. And even if they can't be compelled, they can be jailed indefinitely for contempt of court. Even if, as that ex cop in Philadelphia claims, they've forgotten it.
So anyway, this is iffy advice:
> The best advice for anyone concerned about government overreach into their smartphones: Stick to a strong alphanumeric passcode that you won’t be compelled to disclose.
“The undersigned finds that a biometric feature is analogous to the 20 nonverbal, physiological responses elicited during a polygraph test, which are used to determine guilt or innocence, and are considered testimonial.”
This is the kind of wacky magistrate judge ruling that I'm sure the US Attorney rolls their eyes at.
Tip 2, which probably most people don't know: If you aren't holding the phone -- if someone shoves it in your face -- you can close your eyes to prevent FaceID from working and say "Hey Siri, who's phone is this?"
Not that it's wise to do this to frustrate a violent attacker, but it might work for some situations.
That's specific to Apple and I wouldn't be surprised if that got you an obstruction charge in the states. Plus, if you don't produce the password, afterwards, you're now sitting in jail for contempt - even if you may have actually forgotten it.
It's a much safer avenue, legally, to just use a password to unlock the device.
Non-citizen admittance is at the discretion of the immigration officer and they can turn you away for just about any reason.
Either way, yes, this ruling wouldn’t change anything there.
The best option is not carrying devices across borders. Have whatever you need online somewhere. Securely encrypted, of course. Buy a device at destination. And discard it before return. That's accepted best practice for security-conscious firms. They'll provide devices and online storage.
If you must carry a device in transit, it ought to be plain-vanilla, with nothing sensitive on it. Again, security-conscious firms supply such devices for staff. And private individuals can just say that they're too concerned about theft to carry their primary devices.
That's really irrelevant. The question should be, "what data does the government think I have, and what evidence do they have that I have it?"
Crossing the border feels like "guilty until proven innocent", which completely goes against everything this country was founded on. If I'm not traveling with my wife and kids, I'll put up a much bigger fight at security check points. Yes, it's annoying to the people who have to check me, but they're being paid for it (well, not while there's a shutdown) so I don't feel too bad.
If they do have evidence of wrong doing, it shouldn't be hard to get a warrant. We should be following due process at the border, especially for American citizens.
A. Contiguous states - 12 nautical miles towards sea, one full state inwards
B. Alaska and Puerto Rico - 12 nautical miles towards sea, 3 nautical miles inwards
C. Archipelagic territories (including Hawaii) - 100 nautical miles towards sea, 1 nautical mile inwards
D. Airports - airport administrative zone