Cops can force suspect to unlock phone with thumbprint, US court rules
Cops can force suspect to unlock phone with thumbprint, US court rules
Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."
There was already a case with this same fingerprint outcome a few years ago. Biometrics are not protected from seizure.
However, passcodes still are. Last time I checked you cannot be compelled to surrender your passcode locking your phone.
Which is also why both iPhone and Android have panic/lockdown modes.
For my android, if I rapidly tap the fingerprint reader or the power key five times in a row, it locks down and will only be unlocked with a password. I understand iPhones have this same activation method too. Different Android models might have different activations, so you'd have to check the settings.
You can also just hold the power key and shut the phone down, because it's pretty standard now that upon a reboot you have to put in the pin first before you can use fingerprint.
Well I just found out my phone does this but it's half fucking baked
It's one of those foldable (clamshells) and this works while the phone is open, but even if biometrics is disabled and it asks for a password, biometrics still works to unlock the phone while folded, and then stays unlocked after opening...
So the only safe way is to shut it off completely so the storage isn't decrypted yet
I just tried this on my iPhone and it worked like a charm.
For my iphone at least, to shut off the power you have to tap volume up, volume down & hold the power button to show the poweroff option. I think cause you can map multiple clicks to actions.
Where do you get that? I can't seem to find it.
For my android, if I rapidly tap the fingerprint reader or the power key five times in a row, it locks down and will only be unlocked with a password.
Mine just starts the camera app 😂
I probably changed the setting and forgot 😅
This is becoming a grey area.
In several states, especially where CBP is involved, there are legitimate challenges to this protetion.
Even so, biometrics SHOULD be protected under 5th amendment. The fact that it isnt seems very anti-freedom.
give us your password
"I cannot recall"
Or are we not rich enough for that line?
Keep giving them possible passwords since you don't remember exactly what you changed it too and don't perform well under pressure.
Make your password "I'll never tell" so when they ask for it, you can give it to them without lying but they still won't know it.
You can also make it a statement of intent to commit or confession of an illegal act and the 5th protects you from being forced to say it.
Ijaywalk might do the trick
Biometrics are ids like a username, not secret and something you can't change. Using them for passwords has risks.
What happened to being secure in our documents and personal affects?
Is the constitution a joke to you?
US "constitution" sounds honestly like a joke to me
Payne conceded that "the use of biometrics to open an electronic device is akin to providing a physical key to a safe" but argued it is still a testimonial act because it "simultaneously confirm[s] ownership and authentication of its contents," the court said. "However, Payne was never compelled to acknowledge the existence of any incriminating information. He merely had to provide access to a source of potential information."
If you can be compelled to hand over a key to a safe, I can see how that translates to putting your thumb on the scanner.
In this case, the defendant was on parole, so there was already a court order allowing the search of his devices.
The constitution is only used to protect property rights of the owners and the power of managers. The working class is not often afforded it's protections.
Never use biometrics to lock anything. You can be forced to push a finger to a sensor, or your head forcibly held still for a facial scan.
Only use passwords/passcords. only they are secure against this totalitarian bullshit.
They'll still put you in jail on fake charges if you refuse to give your passcode, but at least your datas safe and now your case is unlawful imprisonment instead of relying on octogenarian judges thinking its okay to force compliance with a biometric.
This ⬆️
Or that? Come on with this stupid Facebook shit comments.
Only use passwords/passcords. only they are secure against this totalitarian bullshit.
Oh sweet summer child. Password is as easily beaten out of you as biometric.
Obligatory XKCD https://xkcd.com/538/
I feel like this has always been the case? There's not a lot of precedence to be sure, but people have been operating under that assumption for a long time.
That's why, if you need to keep the cops from looking in your phone, you should use a password. Can't be compelled to give a password.
The classic example is a safe. There's tons of court precedence that you can be compelled to give the cops a physical key to unlock it if there is one, but you can't be compelled to tell them the combo if it's a dial lock.
Fingerprint unlocking is always secondary to there being a pin which is equivalent to a password.
As long as you turn your phone off before approaching/being approached by cops, or before they demand that you unlock it, you'll be fine. You don't even have to take it out of your pocket or look at it to turn it off, just hold the power button for a few seconds.
If you're even more paranoid, enable the setting that requires a PIN code to reactivate the fingerprint unlock after 30 minutes or something.
Or force it to demand the pin after a single failure of the fingerprint unlock and then let your finger kind of slip when they tell you to unlock it.
There are countless ways to mitigate the risks here. You don't have to forgo fingerprint unlock entirely.
Is this some weird free speech thing?
Nah, it's the 5th Amendment. The right against self incrimination. You can't be forced to testify against yourself.
Basically, I can't put you on the stand in the court room and be like, "did you do it?"
You're always aloud to just stay silent and make the prosecution have to prove their case without your help.
But they are allowed to search you physically and take any physical things they want as evidence, be it a ring of keys or your fingerprint.
I think it’s a fifth amendment thing about not having to incriminate yourself.
Don't use biometrics.
Period.
Full stop.
Biometrics are fine, just use lockdown of you get pulled over or are going throgh TSA.
You can still activate the camera/camcoder by double tapping power on a Pixel even in lockdown.
I love the confidence that a US cop or CBP agent are going to allow you to lock your phone while they're asking you to hand it to them.
Biometrics is not security. Biometrics is ease of access. It's literally designed to make your phone easier to access for you and by extension for a low skilled strong arm attacker or jack booted neo-fascist police state cop or border agent, a high skilled hacker, or a nation state actor. If your intention is to make your device easy to access, congratulations, biometrics is the right choice.
Just restarting also works
Is there a way to set up multiple user profiles for the same phone, activated by different prints/PINs?
Then you could have your main profile unlocked by like your ring finger print; but if you scan your thumb or index, it'll unlock basically a dummy account with some bullshit apps and contacts and nothing else.
Like the phone equivalent of a throw wallet with a few bucks and an expired credit card or two so you have something to surrender in the event of getting mugged, without losing anything of actual value.
I don't know of how to do that without visibly switching accounts, but I believe the GrapheneOS folks are prepping a "duress PIN" for the next major release. I'm not 100% sure of what it entails but could have a similar end result to what you're after
That would be cool enough to get me off my ass tbh
The problem there would be if they have told you to unlock the device and you do something to further lock it down, and they can prove that you did that (like there's some big letters on the lock screen that say "lockdown initiated" or something), that can be considered obstruction.
To picture it another way, imagine you had the one key to your vault, they order you to unlock it, and you swallow the key.
It's kind of in the same way that you can destroy evidence at any time until an investigation has started or you have a reasonable belief that one is about to start. At that point, destroying the evidence would get you in trouble.
BlackBerry devices had this.
They had a “under duress but unlock” PIN and a “under duress and wipe device now” PIN. You needed their enterprise management server to configure it.
There is. ColorOS by Oppo have that feature
this is the way.
regardless of what the law says, at least where i live, cops will compel you to unlock it anyway if they decide to. this feature is a must.
Don't use fingerprint to unlock phone. They can force your fingerprint, but they can't force your password .... So just use a password. Problem solved
Edit: wow pulptastic shared this gem: Power+volume up > lockdown
My original comment: Restart your phone if they ask for it. Then it will need a passcode and can't be unlocked by a fingerprint
They can beat the shit out of you - along with the password
Turn on pin-secured boot and shut off the phone and a fingerprint should be useless now, right? And don't the cops have a lot people's fingerprints on record? Are we just waiting for a cop with a higher than room temperature IQ to come up with a duplicating method to get in people's phones without warrant or even probable cause?
The initial pin that most folks have to enter is needed to decrypt the partition with user data. This is not 100% foolproof for keeping LEOs out since there are many known, and likely more unknown, ways to brute force these but it is still the best option.
If you have the time?
Luckily LineageOS and GrapheneOS have a lockdown mode (Graphene also supports disabling fingerprint for screen unlock), though rebooting your phone usually doesn't cause you to lose any work since everything autosaves as phones kill background apps to save battery and memory. Separate user profiles for situations like protests or certain contexts (preferably with some dummy data to make it not look to sus) are also useful.
to lose* any work
It's very unlikely the OS actually kills apps in the background as that would legitimately break many apps and is a source of frustration from other OEMs.
There's a difference between killing an app and putting it into a less active state.
When you swipe an app away from your recent lists, it's not actually killing it, its just putting it in a different state.
When your force stop an app from its info under settings, you're actually killing it. Nothing about it is alive.
When you actually kill an app, things like alarms stop functioning. The app needs to be alive for the alarm to function. Even so much that when you set an alarm on your phone, you need to set the alarm again after rebooting as they arent permanently stored and if the phone is rebooted the app needs to be woken up and the alarms re set. There's a whole development workflow to do that.
There was a brief period many years ago when an OEM actually force killed an app when swiped away from recents without fully understanding the implications and they later reverted the change.
Push notifications of any type would also completely cease functioning.
I always hated how android phones seem to have everything running. This certainly explains why there is no proper task manager in them.
Fuck America
Power+volume up > lockdown
It turns on vibrate mode for me, and power + volume down makes a screenshot
Thanks for the reminder
Clearly we need a finger print to wipe it.
Thumb to open, middle to initiate wipe.
And for face unlock: blink SOS in Morse code to wipe.
Too long.
At the point that they have ordered you to unlock the phone, an investigation has begun, so if you do anything to the data on that phone, it could be considered destroying evidence.
Kind of in the same way that if the cops are searching your home and you try to flush some cocaine, they would consider that destroying evidence. But if you flushed cocaine the moment you saw cops on your street, that wouldn't count as destroying evidence, because there was no investigation at the time.
This person was on parole and got pulled over by the highway patrol. No investigation.
Or better yet:
One thumb to open, the other to wipe.
Makes it more inconspicuous.
You don't want to wipe it, you just want to lock it. Wiping it in that moment would get you in trouble.
You do not have to help them access incriminating information about you, but you cannot destroy potentially incriminating information after they've started doing their search..
FYI for iPhone users if you run into the Fuzz and you need to lock it out of biometrics, hit the lock button five times. This will start the emergency call count down but once canceled the iPhone can only be opened via passcode. Caveat, you need to have the five press to call turned on in Settings>Emergency SOS>Call with 5 Button presses
On my Android I can scan the wrong finger a few times and it'll ask for my pin instead. I'm pretty sure rebooting would do the same but I'm too lazy to try that right now.
However, please make sure you try this yourself for your specific phone and Android version before relying on it.
On my Android I can scan the wrong finger a few times and it'll ask for my pin instead.
Be careful. If they've ordered you to use your fingerprint to unlock the phone, and you "accidentally" do it wrong five times in a row to cause the device to lock, that may be considered disobeying an order.
You would want to lock the phone down before they've ordered you to do this.
idk maybe its just my phone (I'm on graphene os, a privacy and security focused ROM) but I have an option for "lockdown mode" which disables biometrics
You can also just hold the power and volume up buttons. You don’t actually have to swipe to power off the phone. Just holding those buttons long enough for the “Swipe to power off” to appear on screen will also lock out biometrics and force a PIN.
Holy shit it worked. That’s great advice.
You don't need anything turned on in settings, emergency sos. My iphone does the lock on 5 presses without those options on.
For Android there's a literal "lockdown mode" button on the lock screen that does this, if you push it you can only use pattern or PIN for the next unlock.
this might count as destroying evidence
If you haven't locked the device down by the time they have instructed you to unlock it, doing then might be considered obstruction, but until they compel you to do it, you can do whatever you like with the phone.
As for destruction of evidence, it certainly wouldn't be that, but even if it could be, it would kind of depend on them proving intent because you're not under arrest yet or charged with anything. They would have to prove that you were aware of an impending investigation when you made the choice to dispose of evidence.
I've always wondered why phones don't have a locked dowm "guest mode" that's accessible by typing in a non admin password/pin.
Some do. You can also just restart a phone real quick and it'll demand your passcode not biometrics.
The passcode itself isn't circumvented by this, after all.
But locking/resetting your phone should be an urgent thing, if you suspect the police will take it. Apple also does this if you hit the power button 5 times fast.
What an awful day.
Buying phones with no thumbprint would be my next priority in life. No thumbprint, no camera.
You know you can just not use it, right?
People like to complicate things.
I was thinking about face ID the other day. What if you trained it while making a funny face? So then you would have to make that face to unlock the phone and how could someone compel you to do so? It's sort of a 2-factor authentication in a way.
That's a fair point. Not sure if that's been litigated yet.
The only reason that a cop can't compel you to give up a pin or a passcode is because that is information you have in your brain, and they can only compel actions, not information.
They could probably compel you to make a face, but they couldn't compel you to unlock the phone with your face without knowing what that specific face is, and they can't make you provide them with the information on that specific face either.
Right, so your choice of facial expression would, in effect, act like a passcode. Good luck breaking into Jim Carrey's phone!
I got the idea initially when I noticed I couldn't unlock the phone while laughing. Then I got annoyed and I guess angry face didn't work either.
I wonder now what would be the minimum facial contortion you would need to make a distinct ID? It could be something as subtle as curling your lip or raising a cheek muscle slightly? I might have to experiment with this a bit…
On iOS hold power and volume up until SOS/power off options appear. TouchID/FaceID is now disabled until the next time you input the code.
Also you’re experiencing some amnesia due to the stress of interacting with a cop.
5 taps on the lock button works too
Pro-tip: get a folding phone and use biometrics happily. If the cops come for you. Snap it in half. /S
Pro tip: every phone is a folding phone if you try hard enough.
Passcode, baby, I’m coming back to you!
OR you could carry a knife with you and chop off your thumb if they try to arrest you
I prefer to just have my phone's fingerprint reader loaded with a non-fingerprint. You can use any part of your body, really. Use your imagination. It'll be functionally impossible to unlock your phone even using that same part of your anatomy later, even if anyone could guess what it was.
So then your phone will ask for a fingerprint but none of your fingers will ever in a million years actually unlock it. Jack booted thugs are welcome to try; they will fail. To actually use your phone, just enter your PIN or passcode.
Obviously the decision here is an easy one.....
Know where to get a good whetstone?
For iPhones, a reboot will require passcode even if you have biometrics configured.
You don’t even need to reboot. Just holding the shutdown combination to pull the menu up is enough to activate the passcode lock. You can just hit cancel after that.
I think that's all phones
Joke's on them. The fingerprint scanner on my Pixel 7 is so shit it doesn't work even when I want it to.
Pixel 7 Power+volume up, lock down
Just make sure to shutdown lock your phone before dealing with the cops, but also make sure to record your interaction with the cops cause they can and will lie. 🤷♂️
That's always been the craziest thing to me about the US police system. In Finland the police is not legally allowed to lie to you about facts. They can lie about themselves and whatever, but not wholesale invent out of the thin air and gaslight people into believing that they did something.
They can literally lie to you saying they found complete evidence that you committed a crime and that you'll get jail time unless you confess in the interrogation room. And then when you confess, they'll still give you jail time.
Cops in the US have very little oversight.
Kind of tough to do both since the only way most people have of recording their interactions is with their phone.
Simply use Tasker to make a persistent notification disguised as a reminder to take your daily vitamins, but actually starts an audio recording when you press "done"
Kiss your 4th amendment rights good buy. Can't wait for "we are locking you up until you confess"
Can’t wait for “we are locking you up until you confess”
We already have that, it’s called not being rich and white.
People get strong-armed into confessing all the time. I personally know some one who confessed to arson they didn’t commit, forced to pay restitution, and serve time in a juvenile facility on the weekends.
Why would they confess to something they didn’t do? I asked the same thing from a mutual friend. It turns out they were feeling a lot of pressure because one parent had died and the other one would be left alone if he they were convicted and sent to jail. The plea deal made it plausible to love a semi-normal life.
This person isn’t alone. I’ve met someone else who pled to (as far as I know fictitious) child abuse claims from an ex-spouse to stay out of prison.
It happens all the time.
Some people simply will not believe that it's possible to extract a false confession out of someone. Part of the reason I'm vehemently against the death penalty. How many people have been killed by the state for a crime they didn't commit for this exact reason? If it's higher than zero, then it's best we get rid of the practice altogether.
america is a joke. the 4th amendment is basically worthless. it's time to rise up
Sure but what about a dick print? Or even better, ball print?