If you think you're about to enter a situation where this could be an outcome, for an iPhone, mash the side button, or hold the side button and volume up for a couple seconds to bring up the 'slide to turn off' screen. That will disable the biometric unlock and the passcode is needed to get back in.
Of course, it's sad it has to come to this, as this is effectively a warrantless search.
It’s kind of silly that the law draws a distinction between face, thumbprint, and passcode. The purpose of any of those authentication mechanisms is to prevent unauthorized parties from reading your phone. Yes, a passcode is compelled information, but from the perspective of the phone so is a thumbprint or a face scan. On the other hand, if accessing the phone is legal, then it also shouldn’t matter what the particular form of authentication is.
I’m not sure how much it matters that the suspect was on parole though.
They can't force you to volunteer information out of your brain, that's where it ends. They can do stuff with your body: restrain it, put it in cars and chairs and cells, take your fingerprint. Essentially, they can do anything that they could do if you were unconscious.
This guy's parole terms included his phone could be searched so no need for a new warrant to search it.
Just because they were allowed to take fingerprints when fingerprints were only useful for establishing identity, does not mean they should be allowed to use a fingerprint to work around other restrictions.
Maybe they shouldn't (I'm not quite sure myself), but the arguments for that seem to me completely separate from any "self incrimination" angle. I frankly can't find a difference between the passkey being your fingerprint and, for example, the passkey being written with a pen on your finger's skin or a postit on your pocket.
If your password is written down, then it is fair game for seizure.
If your password must be divulged from you with forced complicity, then the complicity is self-incriminating; the constitution forbids this.
As an actual sidestep, you could be legally obliged to provide your password to a third-party computer; the current legal hiccup (although not in issue in practice) is to make your password itself incriminating.
There are legal arguments that providing a passphrase to an unbiased, unconnected, unrelated and compartmentalized computer to facilitate decryption is not a violation of the accused's 5th amendment rights if the court is sure, beyond a reasonable doubt, that the encrypted partition contains evidence. The derived decryption key would be analogous to a lockbox key/written instructions to further evidence, and therefore be fair for seizure.
In that particular case, even the accused acknowledge the existence of the evidence; whether this is the nuance that allows compulsion via force is the crux of the matter.
The case you're referencing has nothing to do with how the password is provided and rather with the fact that the existence of the evidence was a foregone conclusion.
(Of course, if it was really a foregone conclusion then the question remains why they needed access to that evidence)
It doesn't negate, innately, that the action is literally compelling the defendant to incriminate himself with his own actions/words, not his bio-metrics.
If the crux is literally that his compulsion is moot to the establishment of the evidence, then it both begs the question you had mentioned - why is it needed - and raises the obvious comparison of a murderer who has confessed to his crimes being compelled to divulge the location of a body.
In that comparative example, the location could contain more incriminating evidence.
So I guess make your passwords incriminating or make sure you have multiple domains/spans of crimes all unrelated in the same virtual place.
The key difference to me is that they can't prove that you know your password. What if it isn't you phone? Or you just changed your password yesterday and in the stressful moment can't remember it. It would be fair to punish you for not knowing the password. Since they can't prove you know it they can't force you to enter it.
However they can know if you put your finger on the phone. So they can compel you to do it and either it works or it doesn't. Either way not your problem.
If it is a warrantless search or not is a problem, but seemingly orthogonal to password vs fingerprint. I agree that they shouldn't be able to look through your phone without a warrant even if it has no authentication.
On my phone it's hold power button down until the menu appears then hit lockdown, but I'm not sure if I had to do anything to enable that. Lockdown is the keyword, anyway.
This has been the case for a long time (predating cell phones).. and it applies to any biometrics. If the information they need isn't secured inside your brain, there's no 5th amendment question.
SCOTUS already ruled in Riley v California that you need a warrant to search a cell phone. So that answers the 4th amendment question. It doesn't apply in this case because he was on parole.
This was a felon on parole. He doesn't retain his full rights. The warrantless search of his home would be far more problematic if he wasn't already subject to supervision.
> Referring to people as “felons” is such a terrible and dehumanising practice.
I don't think there's anyone who could reasonably argue that reform isn't needed to American justice. However I think it's absolutely necessary, and not dehumanizing, to be able to identify someone as having incomplete incarceration status and the level of criminal conduct.
A felon is commonly used to refer to a person who has been convicted of a crime and particularly (but not only) whose sentence is not yet completed. Is that dehumanizing? Perhaps, but I don't currently think it is.
There are legal actions necessary when engaging with someone convicted of certain types of crimes. Certain crimes in the USA prohibit you from owning a gun even after your sentence is served. Sure, I think that is dehumanizing (sentence is served, so why are there additional restrictions?) but the legal requirement to be able to identify such persons doesn't make it dehumanizing on its own, it just makes it necessary.
What words would you use to describe such a person?
> A felon is commonly used to refer to a person who has been convicted of a crime and particularly (but not only) whose sentence is not yet completed.
Not, though. According to Wikipedia:
“The status and designation as a "felon" is considered permanent and is not extinguished upon sentence completion even if parole, probation or early release was given.” https://en.m.wikipedia.org/wiki/Felony
And a felony is defined differently in different states. And since such a wide variety of crimes are classified as felonies it is really hard to usefully draw any conclusions other than “person convicted of a felony at some point in their life” which is hardly useful. Could be a stone cold killer, could be a tax evader. Who knows? A felon is a felon.
Thank you for engaging constructively on this discussion.
I would argue that the definition I provided (convicted of a crime AND particularly (but not only) whose sentence is...) is relatively compatible with the definition you cite. I continue that it's my definition I provided and so perhaps I am not the only one whose use of the word differs from Wikipedia.
> it is really hard to usefully draw any conclusions other than “person convicted of a felony at some point in their life” which is hardly useful.
It is indeed hard to usefully draw any conclusions other than "person convicted of a felony at some point in their life" and I would argue that's the point.
If you want more information, then guess what? Felonies are public record and are often available online. Go find it instead of expecting it to be directly told to you. That's kinda creepy though, so perhaps you shouldn't advertise that you know what crimes your neighbors are convicted of.
Is it hardly useful? No, it's very useful for specifically legal purposes... which only make distinctions between types of felonies when stating what the felon can or can't do. Can't buy a gun. Can't live within some distance of a school. Must tell others your criminal history. Okay, and it's good to know that someone is required to (not) do some action merely by a word: they're a felon, so they're not allowed to do this or that. That's very useful for legal purposes -- can't sell a gun to this person, can't provide a loan for this person to buy a house at this address, whatever.
It's not very useful outside of legal purposes, and it shouldn't be. As long as the person has already gone through the justice workflow, why should it matter what their crime was?
Losing the right to privacy should be part of the punishment. After enough convictions or offenses large enough tracking your location and/or randomly searching your house shouldn't be a big deal. Lower the prison sentence and fines accordingly.
My understanding is that different states have different definitions for the meaning of “felon” and the applicability depends on possible jail time, not actual jail time.
Given that “felon” means “person that’s been convicted of a felony at some point in their life” and the fact that “felony” covers such a wide variety of crimes, it is a genuinely useless indicator of context.
Counterpoint: starting with assuming over-specific context is not entirely useful and there is general consensus on broad meanings of both “felon” and “felony”. We can then quickly either narrow down to specific instances of those words, or stay in broader generalizations depending on where the conversation goes.
Jump too quickly into arguing for hyper-specific contexts bringing meaninglessness to colloquial, general contexts is a surefire way to signal to counterparties you are unwilling to play the negotiation-over-contexts games necessary for smooth conversation with most people generally.
Every time you press a button, all the numbers shuffle around. Even if someone watches you enter the passcode, they can't be certain of what the password actually was.
They do gain some information (the first digit must be either a two, a six, or a nine), but they don't get the full information.
Having had a bank that did something similar for logging onto their mobile app, annoyance at that feature was the main reason I moved to a different bank.
Do you not have the problem I had that the moving around of numbers makes it impossible to use muscle memory and you always need to think about each digit, or do you just have more patience than me and not mind? Maybe the bank's version on my phone was particularly bad and the interface on your lock particularly good? (It was almost a decade ago, I can't actually remember exactly what it looked like / how it worked, just how frustrating it was.)
I completely forgot the pin to a bank card I haven't used in a long while. It occurred to me that humans are mostly just next token predictors anyway, so I pretended I knew the pin, and just got the little machine out, went to my bank page, and started logging in, and when it came the time to type my pin into the machine to get the one time code, I simply remembered the pin while my fingers typed them in.
OSRS also encourages everyone to enable 2fa by tying it to a quest that gives you 10k ingame currency.
I assume they are so serious about security because it would generate a lot of work for support, and people are constantly trying to scam each other and hack accounts. Plus, they don't have the luxury of locking the whole account until you go into your bank in person.
And countless cameras with frame-by-frame playback.
Linux: print * to hide password keystrokes
BSD: print * to hide password keystrokes
Windows: print * to hide password keystrokes
Apple iOS: E N L A R G E and INVERT password keystrokes
What do stock Android and Graphene show during password entry?
By default Android is the same but it let's you turn it off. With the lock screen you can reduce feedback to only the password stars appearing and no key highlights. With password elsewhere you can remove the momentary password character preview. The keyboard lets you reduce key press feedback prominence so it's only a momentary flicker (and no character pop up), but there really should be an API to make the keyboard aware it's in "password mode" so you could eliminate feedback entirely.
My iphone code is 10 characters long. Just use your grand-mothers phone number as a passcode, complete with the long 1-areacode, and shoulder surfers would be hard pressed.
As has been suggested elsewhere, it would be great if certain actions could be taken by the device if the 'wrong' fingerprint is used.
For instance, you encode one fingerprint to silently wipe all biometric data on the phone when used. No indication that it happened, just a 'biometric verification error' for all biometrics going forward (until the device is unlocked and new biometrics are encoded).
I've always wanted this for payment cards- alternate PIN number that instantly blocks cards and notifies banks security (ie. in case when someone extorts your PIN or wants you to use ATM forcibly) and returns something like "Not enough funds" or similar.
I saw video "do that if you are forced to enter your card PIN" where they tell you to enter your PIN backwards, which will allegedly be accepted as a usual PIN, but additionally notify authorities.
Unfortunately none of the banks I was client of did that
I think that's an urban legend. it appears to work sometimes as some ATMs don't do anything with the provided pin until you get further in the transaction. A surprising number of ATMs also do "offline" verification, where the card itself is the only thing validating the pin and the transaction is send back to the card processor later.
I'd argue it's easier to trick you looking into the phone's camera than get you to unlock it with your finger.
"Hey, look, is this your phone? Oh, thanks for unlocking it for us."
fwiw FaceID requires your attention by default (unless you turn that off), so you have to be looking at it to unlock keeping your eyes closed or even just looking away should thwart any forced attempts.
"the outcome ... may have been different had [the officer] required Payne to independently select the finger that he placed on the phone" instead of forcibly mashing Payne's thumb into it himself
Next mobile OS feature: shuffle eligible fingers regularly so users get to pick.
The phone should have two fingerprint sets. One will unlock, one will super lock. User your left finger for super locking, and right for unlock. then when the cops mash your thumb it super locks it, and after that mashing won't work.
Also, police also cannot demand that you tell them which finger is the "correct" one, for the same reasons they can't demand that you tell them the "correct" password.
In both cases the question can be considered forcing you to admit ownership of some evidence, and thus (unconstitutionally) forcing you to testify against yourself.
You mean something that would actually hold up in a court of law? Can you expand on the what those literal charges would be, and what legal criteria has been met?
I'm skeptical because that kind of lockout has perfectly innocent applications, the same way that my laptop might throttle password attempts after too many failures.
Somebody please make a transformer base semantic checker that highlights "you must really have meant this other thing, with high probability, please check". There is money in it, and service.
(Do NOT implement trusted approval of all suggestions though! Times are dire and that would clearly be dangerous.)
I don't bother to lock my phone as there's nothing on it of importance—no emails, no social media posts, no bank payments or such.
If lost, I'd lose a perfectly good phone but not much else and that would be inconvenient and I'd need a new SIM. As for data, I could potentially lose records of calls and SMS for a day or so as anything useful is backed up. I lost a valuable HTC once and never changed anything, no worries about accounts being stolen as there were none and I just canceled the SIM.
If I were a crim I'd would go to much more trouble to ensure that there was nothing on my phone to incriminate me. So I remain perplexed why crims take such obvious risks when it's well known the first thing the Law will want is their phone, and second, the Law will eventually gain access to their phone locked or otherwise.
Of course, it's sad it has to come to this, as this is effectively a warrantless search.