Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It’s kind of silly that the law draws a distinction between face, thumbprint, and passcode. The purpose of any of those authentication mechanisms is to prevent unauthorized parties from reading your phone. Yes, a passcode is compelled information, but from the perspective of the phone so is a thumbprint or a face scan. On the other hand, if accessing the phone is legal, then it also shouldn’t matter what the particular form of authentication is.

I’m not sure how much it matters that the suspect was on parole though.



They can't force you to volunteer information out of your brain, that's where it ends. They can do stuff with your body: restrain it, put it in cars and chairs and cells, take your fingerprint. Essentially, they can do anything that they could do if you were unconscious.

This guy's parole terms included his phone could be searched so no need for a new warrant to search it.


Just because they were allowed to take fingerprints when fingerprints were only useful for establishing identity, does not mean they should be allowed to use a fingerprint to work around other restrictions.


Maybe they shouldn't (I'm not quite sure myself), but the arguments for that seem to me completely separate from any "self incrimination" angle. I frankly can't find a difference between the passkey being your fingerprint and, for example, the passkey being written with a pen on your finger's skin or a postit on your pocket.


If your password is written down, then it is fair game for seizure.

If your password must be divulged from you with forced complicity, then the complicity is self-incriminating; the constitution forbids this.

As an actual sidestep, you could be legally obliged to provide your password to a third-party computer; the current legal hiccup (although not in issue in practice) is to make your password itself incriminating.

(hypothetically in minecraft)


> As an actual sidestep, you could be legally obliged to provide your password to a third-party computer

I don't understand how this is a sidestep: could you expand?


There are legal arguments that providing a passphrase to an unbiased, unconnected, unrelated and compartmentalized computer to facilitate decryption is not a violation of the accused's 5th amendment rights if the court is sure, beyond a reasonable doubt, that the encrypted partition contains evidence. The derived decryption key would be analogous to a lockbox key/written instructions to further evidence, and therefore be fair for seizure.

In that particular case, even the accused acknowledge the existence of the evidence; whether this is the nuance that allows compulsion via force is the crux of the matter.


The case you're referencing has nothing to do with how the password is provided and rather with the fact that the existence of the evidence was a foregone conclusion.

(Of course, if it was really a foregone conclusion then the question remains why they needed access to that evidence)


It doesn't negate, innately, that the action is literally compelling the defendant to incriminate himself with his own actions/words, not his bio-metrics.

If the crux is literally that his compulsion is moot to the establishment of the evidence, then it both begs the question you had mentioned - why is it needed - and raises the obvious comparison of a murderer who has confessed to his crimes being compelled to divulge the location of a body.

In that comparative example, the location could contain more incriminating evidence.

So I guess make your passwords incriminating or make sure you have multiple domains/spans of crimes all unrelated in the same virtual place.


The key difference to me is that they can't prove that you know your password. What if it isn't you phone? Or you just changed your password yesterday and in the stressful moment can't remember it. It would be fair to punish you for not knowing the password. Since they can't prove you know it they can't force you to enter it.

However they can know if you put your finger on the phone. So they can compel you to do it and either it works or it doesn't. Either way not your problem.

If it is a warrantless search or not is a problem, but seemingly orthogonal to password vs fingerprint. I agree that they shouldn't be able to look through your phone without a warrant even if it has no authentication.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: