Suspects can refuse to provide phone passcodes to police, court rules::Phone-unlocking case law is “total mess,” may be ripe for Supreme Court review.
Shut down your phones so they can’t uze biometrics on you
Android also has a Lockdown mode that will disable biometrics until you unlock with the pin.
How many digits is the pin? Can you try all codes?
Pins are pretty damn secure because after too many wrong guesses the phone will start making you wait a long time between attempts.
OTOH, as a point of reference, Microsoft requires an 8-digit pin on phones that can access comment resources. It was 6 until very recently, though, so that’s probably fine if you’re not a target of corporate espionage.
What makes it secure is the master key in a TPM which is considerably longer than four digits and can only be accessed by for digits in under twenty attempts.
Hypothetically.
Some TPMs are allegedly backdoored by their manufacturers (e.g. Microsoft), and regardless of the original intent of these backdoors they’re now accessible through cracking software to which some law enforcement departments have access.
Then, if a government department really, really wants to get into a phone, the TPM can be cracked with a tunneling electron microscope, but this process is still slow, expensive and requires an expert.
I don’t know about the key length of a TPM. If I had to guess I’d say something like 256 or 512 bits, or even 1024. But I was just addressing the PIN the user might type in to unlock their phone. That’s something the user can control, and it provides plenty of security against naive brute force attacks by people not sophisticated enough to disassemble the phone. I assume that group includes the majority of police departments and any cop whose main work is outside of a lab.
Usually 128 or 256 bit root keys for symmetric keys, almost always 256 bits for ECC for asymmetric keys these days (used to be RSA between 1024 and 2048 bit)
Here in the states, in municipal precincts, we can expect they’ll have some phone cracking software on hand, so if your TPM is backdoored, your PIN isn’t going to matter much. If yours is an early phone (notoriously the iPhone 5, I think) that doesn’t have a TPM, then it might be susceptible to exploits that lift the limits of tries, in which case a four digit PIN can be cracked by a machine using brute force.
It depends, you can pick it. It can range from a simple 4 digit numeric PIN to a full blown alphanumeric with symbols password text field. But I guess the most common is that grid gesture thing, which in some phones you can also customise the size of the grid itself. All these options work as the default fallback to biometrics.
As far as I know as well, you are required to input your pin/password/gesture after a long period of inactivity, after X days, and after a reboot, before being able to use biometrics again.
I personally use 10 digits.
Default is between 4-8 (your choice) and you can set a password too
As does iOS for over a decade now.
Why are you being downvoted?
He sounds like android just got this feature.
On lemmy, Apple Bad™
On Reddit, people say “Redd say Apple bad.” Maybe it’s not Reddit or Lemmy. Maybe it’s just people in general. I have an iPhone, I just hate that stupid response “On X platform, people hate Y” and they say it on every platform.
I don’t care about Reddit, though? I’m just making a statement that there’s a heavily anti-Apple sentiment on this platform.
First you’d need to activate it.
So, there’s a bunch of factors going on regarding crap like this. The general argument is that the passwords are protected by the Fifth Amendment to the Constitution of the United States, the protection against testifying against yourself. While biometrics are not.
Then there’s the Constitution Free Zone established by the DHS and ICE and upheld by some judges depending on how related to immigrant control your detention by law enforcement is. The Federalist Society doesn’t like non-nationals, and if you can’t prove you’re an American in the zone (100 inland from any US border) then you get zero Constitutional protections.
Then there’s the matter that law enforcement can lie to you to convince you to authorize searches. So they may insist you are required by law to open your device for them when you are not. This is why you don’t cooperate without a lawyer. For now police are not allowed to give you a fake lawyer and lawyers, even public defenders, are required to adhere to a code of ethics to serve in the client’s interests. But this may change in the next few years as rights in the US deteriorate.
Then police departments in Cook County (Chicago), New York City and Los Angeles have all used the $5 wrench method to force detainees to open their devices. While there are allegedly laws against this sort of thing, it doesn’t slow down the precincts, and judges sometimes uphold found evidence in court the way they’ll uphold coerced confessions.
So it’s really better not to interact with law enforcement ever if you can avoid it, and to have a high powered defense lawyer if you can afford to establish a legal relationship with one. If you’re doing something the state wouldn’t like (say, operating a mutual aid program) then look into having multiple accounts on your phone, one of which is pristine and can call your grandma. Then you have the option to unlock to that account rather than the one that has your life’s history (and all your CFAA violations).
This is the most American thing I’ve read in a long time. I lived for decades in several European countries, and this description just seems like a different planet.
deleted by creator
this is still up in the air, but it seems to be generally breaking such that police can force you to use fingerprints or faceID to unlock your phone because fingerprints and face scans are evidence, but you can refuse to give them a passcode because a passcode is testimony. so use passcodes, not biometrics.
That’s what the ‘Lockdown’ feature on Pixel phones does.
https://9to5google.com/2022/03/08/how-to-enable-lockdown-mode-on-pixel/
Impossible to force a fingerprint or face scan because it asks the phone to only accept passcodes.
I think all Android phones have this feature, but it has to be turned on.
You can also turn your phone off if they ask for it. Phones need the password to unlock if they’ve been turned off.
But I like lockdown more, since it can still record audio.
Wow thanks had no idea this was an option on my Samsung. . it was just hiding disabled in my settings as “lockdown mode”
Also nice to know, on an iPhone you can press power and volume up for a few second and then cancel the upcoming dialog. It will only be then require your pin to enable any other authentication method.
On recent almost all Androids from the last decade+ you can reboot them to force a PIN requirement, and lockdown mode is available on most recent Android phones, not just Pixel
FTA:
“The Valdez case does not involve an order to compel a suspect to unlock a device. Instead, “law enforcement asked Valdez to verbally provide his passcode,” Utah justices wrote. “While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles.””
So now, every cop everywhere is going to be like “Yeah, I’m going to need you to unlock your phone.”
IT’S SHUT THE FUCK UP FRIDAY
I’m not discussing my day.
“Do me a favor”
That’s a free trade agreement?
Oh no, I get it, the Federal Transit Administration said that. To the Forum on Tax Administration.
[Sarcasm] That everything has to be an initialism now is sooooooper convenient and cool. Imean, TEHTBAINISCAC. EWKWTM.
* in the USA.
Would be handy to have that key piece of information on the title, so I know I don’t need to read the article, as it’s about law in a different country.
While it’s tough to have any sympathy for an offender like this, even the worst monsters are entitled to due process and their rights as human beings. Most of the article is about disobeying the court, so that really shouldn’t be news.
It’s the twisted logic that got them there that’s really suspect. If I can paraphrase, “we don’t have enough evidence to incriminate you so you must provide that evidence. The ruling stand because the police already know you’re guilty so incriminating yourself is not self-incrimination”. Yeah, I took some liberties with it, but not as much as the court
At least the ruling limiting jail time makes sense, you can’t imprison someone for contempt longer than the court proceedings, or impanelment, or 18 months, whichever comes first. I didn’t see any implications in the article, but hopefully it either applies generally to contempt, or any contempt charge has a similar limitation. You can’t just imprison someone indefinitely for refusing to speak
Totalitarians try to use cases like this to take your rights away. Never forget how this impacts the innocent. If they can force this man to unlock his phone, they can force any innocent person to do the same. If the police think you’ve committed a crime, accessing your phone will never make them think you’re innocent. The absolute best case scenario is that they don’t find anything useful to their case. The worst case scenario is that they find your social media account where you called arson based last year, and they will use that against you.
Isn’t this a human right?
Bold of you to assume human rights are respected.
deleted by creator
I think we’re sort of deciding that right now? Lots of new technologies are getting out ahead of any substantial laws that would protect human rights in these situations.
An app can clear your phone with a specific password, can’t remember the name…
Wasted on F-Droid.
Can you suggest any app, which gives more flexibility in what to erase?
That app supports this, which can be granular
Pretty sure the 5th Amendment doesn’t protect against obstruction of justice if you knowingly wipe your phone while under custody
How could they know?
Just yell at them “WTF DID YOU DO? MY LAST GRANDFATHER PICTURES ARE GONE!”
And tadaaaaa
Doing it before you’re under custody isn’t a crime, and they also can’t prevent you from deleting non-evidence but otherwise private data which you don’t want to see misused (proving that is a whole other issue, though)
What if you have face unlock?
Last I heard biometrics were not protected. As in you have to unlock your phone upon request. A code, pattern or other thing you know was treated differently from using your body to unlock your phone.
In my state, police aren’t allowed to use your fingerprint against you, but they can use facial recognition. It’s backwards and doesn’t make a ton of sense, but that’s the state of affairs.
No one has ever accused criminals of being smart
Criminals are just the smallest group that interact with cops and get harassed by them.
What about biometrics?
That’s for including jurisdiction in the headline like we’ve all been asking for. V helpful.
I’m sorry, but this headline is weird to me because “I forgot my passcode” if a cop ever asks me for it.
This is the best summary I could come up with:
Criminal suspects can refuse to provide phone passcodes to police under the US Constitution’s Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued today by Utah’s state Supreme Court.
Police officers obtained a search warrant for the contents of Valdez’s phone but couldn’t crack his passcode.
At his trial, the state “elicited testimony from the detective about Valdez’s refusal to provide his passcode when asked,” today’s ruling said.
"And during closing arguments, the State argued in rebuttal that Valdez’s refusal and the resulting lack of evidence from his cell phone undermined the veracity of one of his defenses.
“While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles.”
“One of the major issues in the law of digital evidence investigations is how the Fifth Amendment privilege against self-incrimination applies to unlocking phones,” Kerr wrote.
The original article contains 499 words, the summary contains 161 words. Saved 68%. I’m a bot and I’m open source!
