Hacker News new | past | comments | ask | show | jobs | submit login

FYI the feds can legally compel you to use biometric scanning to open your device, but cannot compel you to give up passcodes.

Last I heard




Feds is not an attack vector that concerns me. My coworkers or kids changing my wallpaper or getting access to my kit is.


I guess you don't travel alot...


If you're traveling a lot and not using a burner laptop, well...


I do. Only for leisure. And I take a Pixel 6A running LineageOS when I do which has nothing sensitive on it.

That's really mostly so that I don't lose my iPhone which I actually care about.


OK, but most people don't use burner laptops /phones and are often subjected to unreasonable searches at the border by federal agents during entry at international airports, etc.


Can’t they just touch the sensor like 3 times and then make you tell the password?


I think you got this backwards. The 5th amendment means that the state can not force you to share information you have in your head, e.g. you can not be forced to give a password. But the state can force you to give a physical key, harware token, or a biometric read.


Oh yeah, for some reason my brain reversed the logic, thanks! :D

Though certain EU courts can “make you give up” your password, as far as I know. Nonetheless, security is only good when it is used — widely-used biometrics with a potentially stronger password (due to not having to enter it all the times) is statistically safer for the population over everyone having “password1” as a secret. Especially with a good fallback like emergency mode on iphone/apple watch. Afterwards only the password can unlock the device, and it is a single long press of two hardware buttons.


They can’t …prove… you know a key to decrypt data, but in the UK you can be charged under the Regulation of Investigatory Powers Act.

“RIPA regulates the manner in which certain public bodies may conduct surveillance and access a person's electronic communications. The Act:

enables certain public bodies to demand that an ISP provide access to a customer's communications in secret;

enables mass surveillance of communications in transit;

enables certain public bodies to demand ISPs fit equipment to facilitate surveillance;

enables certain public bodies to demand that someone hand over keys to protected information;

allows certain public bodies to monitor people's Internet activities;

prevents the existence of interception warrants and any data collected with them from being revealed in court.”

https://en.m.wikipedia.org/wiki/Regulation_of_Investigatory_...


You are right about the EU. There are many free democracies that do not consider passwords to be protected under their "no self-incrimination" version of the US 5th amendment.


Can they force you to give up the post-it on which you wrote down your password? If yes, are there any real limits to how much pressure they can apply before they give up? If no, what's stopping them from giving you a pencil and a stack of post-its, and letting you know they'll keep applying pressure until you produce a post-it with the password on it, which they "know" you have "somewhere"?

Point being, I feel this is getting into xkcd://538 territory.


Depends. If you have the resources to hire a lawyer, then what you describe is governmental overreach borderline on torture that will lead to the government paying out to you when you sue them and plenty of government employees being reprimanded or fired. If you do not have these resources and end up before unscrupulous law enforcement, you might very well have your rights abused until a journalist or the ACLU or some other equivalent decides to fight for you.


Because law enforcement always follows the rules and they don’t employ rubber hose decryption.


Ya but you can take that one to court. Nothing to do about it if they just put your pinky on the pad


You don’t have to. You use the evidence gathered on the phone to find other evidence that is admissible.

But “going to court” rarely happens. 95% of cases are plea-bargained.

https://www.law.cornell.edu/wex/plea_bargain

Given overwhelmingly evidence and an overworked public defenders office, you’re not going to take a chance on going to court where you will probably lose.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: