Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phone Passwords Protected By 5th Amendment, Says Federal Court

Posted by timothy on from the good-luck-arguing-this-at-the-border dept.

Ars Technica reports that a Federal court in Pennsylvania ruled Wednesday that the Fifth Amendment protects from compelled disclosure the passwords that two insider-trading suspects used on their mobile phones. In this case, the SEC is investigating two former Capital One data analysts who allegedly used insider information associated with their jobs to trade stocks—in this case, a $150,000 investment allegedly turned into $2.8 million. Regulators suspect the mobile devices are holding evidence of insider trading and demanded that the two turn over their passcodes. However, the court ruled, "Since the passcodes to Defendants' work-issued smartphones are not corporate records, the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege."

109 of 178 comments (clear)

  1. A sudden breakout by fishscene · · Score: 5, Insightful

    ...of common sense no doubt! I love hearing stories of correct implementations.

    1. Re:A sudden breakout by CaptainLard · · Score: 3, Insightful

      Well of course. All we needed was for data privacy to impact a bank employee.

      In other news, of all the financial improprieties why did the SEC end up being so good (apparently) at catching insider trading? Is it the crime that least rocks the boat?

    2. Re:A sudden breakout by Mr+D+from+63 · · Score: 1

      ...of common sense no doubt! I love hearing stories of correct implementations.

      Its just sad there was ever even a question to start with.

    3. Re: A sudden breakout by asjk · · Score: 1

      Seconded

    4. Re:A sudden breakout by davester666 · · Score: 1

      without the 'like'

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Finally by Teun · · Score: 4, Insightful

    Tough for the prosecutors but this is a flash of some sense.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    1. Re:Finally by Anonymous Coward · · Score: 4, Insightful

      It is more like being obliged to tell where you hid the key to the door that couldn't be forced. Your 5th amendment right obviously protects you.

    2. Re:Finally by ArmoredDragon · · Score: 5, Informative

      No, not at all.

      Anybody who is even slightly versed in proper IT security terminology knows the difference between "who you are", "what you have" and "what you know" authentication factors. (Along with the difference between authentication, authorization, and accountability, and the concepts of integrity and nonrepudiation. If you don't know any one of these, then you haven't been properly trained in information security.)

      A key is "what you have", whereas a fingerprint is "who you are". You can't claim the 5th on either of those. You can however claim the 5th on "what you know" which is what a password is. However if you, for example, write down the password somewhere, that can be considered a "what you have" and wouldn't be protected by the 5th.

    3. Re:Finally by Dragonslicer · · Score: 1

      A key is "what you have", whereas a fingerprint is "who you are". You can't claim the 5th on either of those. You can however claim the 5th on "what you know" which is what a password is. However if you, for example, write down the password somewhere, that can be considered a "what you have" and wouldn't be protected by the 5th.

      A somewhat opposing argument is that the documents (email, text messages, photographs, etc.) fall under "what you have", and that a court can compel you to produce those documents. Of course, there are ways to get all of the data off of a phone without turning over the user's password (forcing the user to change the password to one supplied by the prosecutor is the easiest thing that comes to mind), and one would think that this would be acceptable to the prosecution.

    4. Re:Finally by Anonymous Coward · · Score: 1

      A key is "what you have", whereas a fingerprint is "who you are". You can't claim the 5th on either of those. You can however claim the 5th on "what you know" which is what a password is. However if you, for example, write down the password somewhere, that can be considered a "what you have" and wouldn't be protected by the 5th.

      But you could cut your finger off, and then you have it. And then you could memorize the pattern and throw it away, and it would just be what you know.

      Or you could take the key, and memorize the pattern, and you would know it. Then you could have it tattooed to your ass, and it would be what you are.

    5. Re:Finally by fustakrakich · · Score: 1

      Your 5th amendment right obviously protects you.

      The conscious of the person enforcing it protects you. The pen isn't really mightier than the sword. We can only hope the guy wielding the sword remains in a good mood today.

      --
      “He’s not deformed, he’s just drunk!”
    6. Re:Finally by rmdingler · · Score: 1

      A key is "what you have", whereas a fingerprint is "who you are". You can't claim the 5th on either of those. You can however claim the 5th on "what you know" which is what a password is. However if you, for example, write down the password somewhere, that can be considered a "what you have" and wouldn't be protected by the 5th.

      A somewhat opposing argument is that the documents (email, text messages, photographs, etc.) fall under "what you have", and that a court can compel you to produce those documents. Of course, there are ways to get all of the data off of a phone without turning over the user's password (forcing the user to change the password to one supplied by the prosecutor is the easiest thing that comes to mind), and one would think that this would be acceptable to the prosecution.

      One of the truly great things about humans is their innate ability to craft different meanings, occasionally along the lines of personal suitability, from identical text(s).

      Since one particular view is seldom always correct, perhaps the versatility is a survival advantage mechanism.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    7. Re: Finally by Anonymous Coward · · Score: 1

      Way to grab allegory and examples in both hands and run right off a cliff.

    8. Re:Finally by Wrath0fb0b · · Score: 2

      Tough for the prosecutors but this is a flash of some sense.

      Be careful what you wish for. Because if it becomes precedent that technologically-protected documents can't be subpoenaed than the first people to take advantage of this will be large corporations trying to cover their own asses. You know, something like "Oh, we can't give you the emails between the VW ECU engineers and their managers, they are PGP-encrypted (with a key that each employee spins on their first day) and we can't make them turn over the passwords for their key". Or, like in this case, insider traders.

      I think there needs to be the right balance between the right not to self incriminate and the obligation to turn over material documents (including electronic) when properly subpoenaed and in a process designed to minimize disclosure of non-responsive documents. There has never been protection for non-testimonial disclosure of documents, samples and the like.

    9. Re:Finally by Luthair · · Score: 1

      Actually you're incorrect, you would be required to turn over a key - http://blogs.denverpost.com/cr...

      There have been previous stories on Slashdot where this was the justification someone would have to turn over an encryption key.

      Makes one wonder if these guys could then be charged with destruction of evidence for encrypting data.

    10. Re:Finally by xevioso · · Score: 1

      And so one would think that if this is the case, this would be brought up in the appeal. Why didn't the current judge consider the phone records to be "what you have" rather than "what you know"? I'm sure the defense made some argument that they counted as What You Know, but I wonder what that was?

    11. Re:Finally by msauve · · Score: 2

      A key is "what you have", whereas a fingerprint is "who you are".

      Unless you're the Chinese government, and you've just stolen the fingerprint records of 5 million US Government employees.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    12. Re:Finally by budgenator · · Score: 1

      My analogy would be, I may be compelled to turn over a document, but I can't be compelled to teach your translator how to read it.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    13. Re:Finally by TsuruchiBrian · · Score: 1

      What if you hid the key to a safe in a different combination safe?

    14. Re:Finally by TsuruchiBrian · · Score: 1

      What if you hide the documents by burying them at a particular Latitude/longitude? Can the court still compel you to produce them? You know longer have them, but you know where to find them.

    15. Re:Finally by TsuruchiBrian · · Score: 2

      I think the balance should be that you have no obligation to turn over any documents, but law enforcement can, with a court issued warrant can seize whatever is appropriate. It seems silly to me to expect corporations to cooperate anyway (e.g. turning over documents when ordered to).

      The way I see it, we have 2 options. We can give the government the power to compel people to produce information (i.e. punish people for not producing information), and hope that this power is not abused, or we can not give the government this power, forcing them to exert a lot of energy in order to get the information they really want (e.g. brute force decryption), and hope they actually go to the trouble in only those cases where it is justified.

      In a more perfect world (e.g. Denmark) I think the 1st option is good, but for the United States I think we need the second option to keep us honest, even if it is less efficient.

    16. Re:Finally by NicBenjamin · · Score: 1

      They turned over the records.The phone is in Federal hands.

      It's not their fault the Feds don't know how to decrypt them.

      I suspect the Feds actually could do the job, but it would take millions of dollars.

    17. Re:Finally by Garfong · · Score: 1

      Yes. From what I remember can even be compelled to produce documents contained in a locked safe in many circumstances.

    18. Re:Finally by NicBenjamin · · Score: 2

      I think it's interesting how slashdotters reacted.

      When presented as an example of the Feds not being able to force a defendant to turn over info, it's universally lauded as correct Constitutional practice. If it had been presented as an example of rich bankers evading prosecution for their crimes by using their ill-gotten $2.65 million in stock profits to pay really good lawyers, it would be very controversial. And both readings of the situation are perfectly accurate. It would be unconstitutional to force them to say what the pass-codes are, and it's virtually certain some poor schmuck with a public defender would have to do it anyway because his lawyer didn't have a full day-and-a-half to devote to arguing rules of evidence.

      One of the ironies of US Constitutional law is that, since the Constitution assumes everybody has a decent lawyer devoted to his case full-time, and those cost a LOT these days; it's ability to protect the rights of people who don't make enough to just drop $5k-$10k on an evidentiary hearing is limited.

    19. Re:Finally by Dragonslicer · · Score: 1

      I'm not a lawyer, but I would guess that a court would still consider that to be in your position/control. If you did in such a way that the documents can't be retrieved, you would probably be subject to being charged with destruction of evidence.

      In general, judges don't like it when people try to play games like that.

    20. Re:Finally by TsuruchiBrian · · Score: 1

      How is this different than compelling a murder suspect to provide the body of the person he killed and buried in the desert? The location of the documents is itself incriminating evidence of your obstruction of justice, just like the location of a body is incriminating evidence that you murdered someone.

    21. Re:Finally by Dragonslicer · · Score: 1

      I can come up with a couple guesses, though I don't know if either of these have ever been stated by a judge.

      1. The body of someone that you murder is not considered something you own or something that's in your possession, so you can't be compelled to produce it. It's also obviously not a document, so it wouldn't go through the same process as producing documents would anyway. I'm generally more familiar with civil litigation than criminal trials, though, so I don't know exactly what differences there might be.

      2. You wouldn't have to reveal where you buried some documents, you would only have to produce them. If a judge orders you to hand over your email, you either have to hand it over or you have to explain why you can't. If you say that you can't hand it over because the only copy is on a hard drive buried in the desert, the judge probably won't care about the details (i.e. that you buried it in the desert), they'll only care that you purposefully destroyed evidence.

    22. Re:Finally by silas_moeckel · · Score: 1

      Your absolutly not obliged to do anything of the sort in a criminal case. They are perfectly free to crack the code. It does seem strange that in the highly regulated banking market that the corp phones dont have corp backup.

      The best pre computer analogy was accounting books written in code, the mob etc needed records of bets wins/loses loans and the like.

      --
      No sir I dont like it.
    23. Re:Finally by KGIII · · Score: 1

      They can physically cut the safe open. We don't allow for monkey-wrench decryption in our justice system (yet).

      --
      "So long and thanks for all the fish."
    24. Re:Finally by ArmoredDragon · · Score: 3, Interesting

      A somewhat opposing argument is that the documents (email, text messages, photographs, etc.) fall under "what you have", and that a court can compel you to produce those documents.

      They can't compel you to turn over documents that they merely suspect to exist. They'd need not only proof of their existence, but also that they're relevant to the case. That's kind of hard to do without being able to decrypt them. I.e. simply saying "turn over all of your emails" isn't good enough if they can't A) prove that those emails exist to begin with, B) prove that those emails are relevant, assuming they exist, and pointing to blobs of an unreadable encrypted blob of data doesn't meet that standard.

    25. Re:Finally by ArmoredDragon · · Score: 1

      As far as I know, a court hasn't ever compelled anybody to provide the location of a body. Prosecution has by offering a reduced sentence if they turn it over (in the interest of preventing the possibility of appeals and/or providing closure to the victim's family) but I'm not aware of a judge issuing somebody an order to do so.

      For example, Hans Reiser revealed the location of his murdered wife after the prosecution offered him a deal where he'd get a reduced conviction of second degree murder instead of his original conviction of first degree murder. The judge ultimately had to sign off on whether or not the deal was valid, but again, the judge didn't order it.

      http://www.sfgate.com/bayarea/...

    26. Re:Finally by Hognoxious · · Score: 1

      Rubbish. Otherwise you'd only be able to get a search warrant if you knew exactly what was in there.

      Proof is not needed to search for evidence, that's a logical impossibility that even Xzibit couldn't solve.

      Perhaps that's why the phrase "probable cause" exists?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    27. Re:Finally by Bob+the+Super+Hamste · · Score: 1

      This is what I have often wondered. What obligation is someone under to help the prosecution interpret evidence against them?

      --
      Time to offend someone
    28. Re:Finally by sjames · · Score: 1

      A search warrant is quite different from an order to produce something, and those must be legally separate. Otherwise, they could just order you to produce something that doesn't exist and then jail you forever for contempt when you fail to produce it.

    29. Re:Finally by OrangeTide · · Score: 1

      5th Amendment right protects you from police and courts that simply want to go up to every person and demand: Where did you hide the bodies?

      --
      “Common sense is not so common.” — Voltaire
    30. Re:Finally by OrangeTide · · Score: 1

      Some safes are hard to cut open without destroying the documents inside.
      At least with encryption they have the ability to preserve copies and eventually decrypt it at great cost and time.

      --
      “Common sense is not so common.” — Voltaire
    31. Re:Finally by q4Fry · · Score: 1

      A key is "what you have", whereas a fingerprint is "who you are".

      Unless you're the Chinese government, and you've just stolen the fingerprint records of 5 million US Government employees.

      Alternatively, the Chinese government has stolen who those people are and this case is now a mass kidnapping.

    32. Re:Finally by Anubis+IV · · Score: 1

      They could order you to turn over any relevant e-mails (e.g. "all e-mails from June 4th-July 1st", "all e-mails to Alice", "all e-mails regarding the contract"), even if they don't know that they exist. That's a standard part of the discovery process. Now, you could just tell them that none exist, and they wouldn't be able to force you to divulge them immediately, but if they later discovered evidence that you were holding back (e.g. Alice provides her side of the e-mail conversation), you'll find yourself in hot water in a hurry.

      Relatedly, I'd imagine you'd want to have a separate way to access those e-mails too, since while they can't compel you to unlock the phone (i.e. demonstrate that you know something), they can compel you to provide evidence you kept on the phone (i.e. provide things you have). If you can't access that evidence via some other means, you might find yourself forced to demonstrate you know something in order to provide something they know you have, and that could be used against you in court.

    33. Re:Finally by ArmoredDragon · · Score: 1

      Now, you could just tell them that none exist, and they wouldn't be able to force you to divulge them immediately, but if they later discovered evidence that you were holding back (e.g. Alice provides her side of the e-mail conversation), you'll find yourself in hot water in a hurry.

      Yes, and that's obstruction of justice.

    34. Re:Finally by TsuruchiBrian · · Score: 1

      I agree that it *is* (or seems to be) treated differently, but I don't understand why it *should* be treated differently, because they seem like the same thing to me.

    35. Re:Finally by TsuruchiBrian · · Score: 1

      1. I think you can be in possession of even living people (e.g. captives). Also, it is possible to deny being in possession of specific documents (e.g. like denying being in possession of a dead body), where compelling the production of that document would incriminate you by showing that you in fact were in possession of that document.

      2. What happens if you say "I don't have the email you speak of". I think the only time the lat/lon of the buried hard drive becomes important is if they know you have it or know where it is.

    36. Re:Finally by Dragonslicer · · Score: 1

      Well sure, you can always lie about whether or not you have something that the judge tells you to hand over. You better hope the judge doesn't find out, though.

  3. But your finger prints is not protected by Anonymous Coward · · Score: 5, Interesting

    by the fifth Amendment.
    http://time.com/3558936/fingerprint-password-fifth-amendment/

    1. Re:But your finger prints is not protected by pauljlucas · · Score: 2

      Which is why, if you're ever pulled over or believe you're about to be taken into custody, you power off your phone. At least an iPhone requires the pass code be used the first time before it allows your fingerprint to be used.

      --
      If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
    2. Re:But your finger prints is not protected by Anonymous Coward · · Score: 1

      On iOS, after 24 hours or less than 10 failed fingerprint attempts, you are required to enter your password to gain access to the phone (fingerprint doesn't work at that point). I would assume that it would take longer than 24 hours for the police to convince a judge to force you to use your fingerprint, and a emergency stays by appeals courts do happen as well. I also believe that the knowledge of which finger unlocks your phone would be protected by the fifth amendment, so that you would not have to inform law enforcement which fingerprint opens the phone and as a result the phone requires a password after many failed attempts.

    3. Re:But your finger prints is not protected by Moof123 · · Score: 1

      Great, cop sees you fiddling with an object and assumes it is a gun and shoots you. At least your 5th amendment rights were not violated.

    4. Re:But your finger prints is not protected by macs4all · · Score: 4, Informative

      On iOS, after 24 hours or less than 10 failed fingerprint attempts, you are required to enter your password to gain access to the phone (fingerprint doesn't work at that point). I would assume that it would take longer than 24 hours for the police to convince a judge to force you to use your fingerprint, and a emergency stays by appeals courts do happen as well. I also believe that the knowledge of which finger unlocks your phone would be protected by the fifth amendment, so that you would not have to inform law enforcement which fingerprint opens the phone and as a result the phone requires a password after many failed attempts.

      UNFORTUNATELY, There was an a decision a about a year ago that ruled that you COULD be forced to unlock your phone with your fingerprint, even if you could not be forced to do so with your passcode.

      FORTUNATELY, it was only a STATE Court; so, unless you happen to be caught in Virginia, you could still fight it, and with this decision as (non-controlling, but persuasive) precedent, maybe even score a win for all of us!

    5. Re:But your finger prints is not protected by macs4all · · Score: 1

      Which is why, if you're ever pulled over or believe you're about to be taken into custody, you power off your phone. At least an iPhone requires the pass code be used the first time before it allows your fingerprint to be used.

      I have thought the EXACT same thing, especially in light of that Virginia Court Ruling about a year ago.

    6. Re:But your finger prints is not protected by mrun4982 · · Score: 1

      This is one of the reasons I don't use touch id on my iPhone.

    7. Re:But your finger prints is not protected by SumDog · · Score: 1

      Keep in mind for the passcode case, these were people involved with inside trading. They were part of the upper-class, the rich. There is a different level of law for people of different social classes. I wonder how rich/poor the person with the fingerprint case was.

    8. Re:But your finger prints is not protected by SomePoorSchmuck · · Score: 1

      Dang, posting to undo moderation error. Didn't mean to click the parent as "flamebait".

      --

      Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
    9. Re:But your finger prints is not protected by TheReaperD · · Score: 1

      I think what he was meaning is though they can make you run your fingers over the fingerprint reader, you're under no obligation to tell them which one will unlock it. Just like if you have a key, you have to surrender it but, you're under no obligation to tell them what it unlocks. Nothing is preventing them from having you run all 10 fingers though. Now, what would be nice is if you could set it to have one fingerprint unlock it and another initiate a wipe. If you volunteer to unlock it but, use the wipe finger, you would definately be charged with destroying evidence but, I could see if you refuse to state which finger unlocks it and they order you to run all fingers over it and the cops select the wipe finger before the unlock one, that could make for an interesting case. Of course, the cops will still charge you but, you'd have a reasonable chance to get out of it with a good lawyer. You'd still be stuck in court for a while, though.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    10. Re:But your finger prints is not protected by TsuruchiBrian · · Score: 1

      If the wipe is done properly, I would hope that the evidence that the information was intentionally wiped would also be wiped. Rather than displaying a message "Now wiping data as requested", it would just appear as if there was data corruption.

      Or even better than a wipe, the deice could be populated by some non incriminating data, hiding the fact that anything other than decryption was performed.

      https://en.wikipedia.org/wiki/Deniable_encryption

    11. Re:But your finger prints is not protected by cdrudge · · Score: 2

      Come on. You know that's not going to happen. The cop is going to shoot you regardless if he sees you fiddling with something or not. He only will say he saw you fiddling after the fact to justify it.

    12. Re:But your finger prints is not protected by Anubis+IV · · Score: 1

      Exactly correct. That's why you should power off your iPhone if you're being taken into custody or being pulled over. iPhones require the use of a password after they've been powered off or if you've been away for too long (which shouldn't be counted on, since the first thing a competent police department will do is image your phone so that it can be preserved in a pre-locked state), so while they can compel you to provide your fingerprint or use it in an effort to unlock the iPhone, it won't do any good if the device has been powered off.

      You can even power the device back on immediately after you power it down, then use it to record video or take pictures without unlocking it. Those videos and pictures will be available later when you do unlock it, but in the meantime you'll still enjoy the legal protection that comes from having fingerprint unlocking disabled.

    13. Re:But your finger prints is not protected by Aaden42 · · Score: 1

      The nice thing is that once precedent is set in a federal court, all cases in that district and *usually* similar cases in other districts are ruled the same.

      So the upper class fought for their rights, but they trickle down to the little guy.

      Could of course be decided differently in another district & need to go to SCOTUS for a final ruling, but for now it stands. Also possibility of direct appeal to SCOTUS.

  4. Work Issued by The+Raven · · Score: 5, Funny

    While I agree with the ruling, I must say that any idiot who uses a work issued phone to conduct illegal business is a special kind of idiot. There is no bus short enough.

    --
    "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
    1. Re:Work Issued by Moof123 · · Score: 2

      It is that aspect that gives me a little pause. Everything on a work issued phone belongs to the company, it should be the companies decision as to whether to unlock the phone. Perhaps we will see secondary access by an admin become a condition of use?

      Will this get extended to divulging passwords in general like in the Terry Childs case? Couldn't someone in his position plead the 5th on similar grounds?

    2. Re: Work Issued by ljw1004 · · Score: 1

      A "special kind of idiot" who in one act made more money than I'll make in two decades, and who looks like they'll get away with it.

      There's a word for this kind of idiot. It's either "lucky" or "not an idiot" but I'm not sure which...

    3. Re:Work Issued by zerosomething · · Score: 1

      And what business issues phones and doesn't have a Device Management system to track usage, unlock phones and remote wipe in case of loss? Another reason to not invest with Capital One. If they can't manage their own devices what the F^@( are they doing with our financial data?

      --
      It all starts at 0
    4. Re:Work Issued by Aaden42 · · Score: 1

      Absent a secondary access mechanism, the company very likely doesn't have the ability to unlock the phone. The worst penalty available would be to terminate the employee, which one would assume happened about the time charges were filed, if not before.

      Looking through the iOS docs as of 8.x, it looks like passcode reset isn't an option for MDM any more. It was at least in iOS 6. Makes sense considering how much vital key material in the Secure Enclave is derived from the passcode at power on. Resetting the passcode would be very close to a device wipe in terms of the data that would become un-decryptable. With the (very good) direction Apple's been going, the idea of key escrow or something on the MDM server would be unthinkable.

      So no secondary access mechanism available, at least on a recent iOS device. Fire their ass and sort it out in court...

  5. constitution-free zone by Lead+Butthead · · Score: 1

    someone should tell that to the border guards, airport police and TSA thugs.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  6. Should be same arguement by Anonymous Coward · · Score: 1

    For handing over your encryption keys to authorities.

    1. Re:Should be same arguement by Anonymous Coward · · Score: 1

      Indeed. I'm little surprised the ruling went this way since it was a work issued phone. Surely work issued phones are managed, metered and secured by the company issuing them, just like a workstation would be. All phone passwords would then be corporate records just like any other credential for a device that has secure access to confidential company information. Private phones, on the other hand, are and should be private.

    2. Re:Should be same arguement by TWX · · Score: 1

      If your corporate credentials are stored as one-way hashes, then there still isn't a practical way to retrieve the actual text to use on other devices that have different hash algorithms.

      I guess it depends on how your authorization server works.

      --
      Do not look into laser with remaining eye.
  7. On the Other hand... by eliphalet · · Score: 1

    Here is a contrary view: "Fifth Amendment protects passcode on smartphones, court holds - The Washington Post" https://www.washingtonpost.com...

  8. testimonial privilege is not immunity though by supernova87a · · Score: 2

    Good to understand though, that not having to be compelled to produce something that could be used against you, doesn't mean that you are protected from that thing being produced... by others. So if somehow their phones were brute force unlocked or decrypted, that evidence could definitely be used against them.

    1. Re:testimonial privilege is not immunity though by SwashbucklingCowboy · · Score: 1

      True, which is why you need to use a password that's long enough that it can't be brute forced. I use an 18 character password that includes non-ASCII characters. Good luck brute forcing that before I'm dead.

    2. Re:testimonial privilege is not immunity though by cybernanga · · Score: 1

      Or, one could use a confession as ones password, e.g. "I shot the sheriff, and buried him in the woods under the old oak tree."

      Suitably long, and also guarantees that telling law enforcement or the courts would be self-incrimination.

      Don't know how one would prove that though, perhaps tell ones lawyer the password, who could then testify on your behalf that the password is self-incriminating, but they are legally obliged to keep the actual password privileged.

      That should tie the courts up in deliberations for quite a while, although I guess they could offer you immunity for the crime in the password, but that runs the risk of letting you off for murder & then discovering that the evidence in the phone actually exonerates you of the current charges.

      --
      www.Buy-Proxy.com - A "buyer-driven" global marketplace.
  9. A? by irrational_design · · Score: 1

    A? Did Fonzi right this?

  10. Work phone, easy by Anonymous Coward · · Score: 1

    Get a warrant and force their employer to unlock the phone.

    Then leave it up to them to lean on their employees or face massive fines.

    Point being here that the phone and it's contents belong to the employer, NOT the employee.

    1. Re:Work phone, easy by TheReaperD · · Score: 2

      Typically, police cannot get a warrant to get a 3rd party to do what the police are not allowed to do. Example: A private citizen can hire a PI to spy on someone to gain evidence the police cannot obtain via warrant and turn that evidence over to the police and it is often legal (and even if a crime was committed the police can normally still use the evidence) but, the police cannot hire the PI to do the same thing or coerce the private citizen to do it on their behalf. In this case, if the cops leaned on the employer to coerce the password from the employee, the police are still violating his 5th amendment rights and the evidence will likely be tossed and all data on the phone will be inadmissible even if they find another way to obtain it. Nothing involving law and the courts are 100% certain thus, all the qualifying phrases.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
  11. Hmm, this kinda reminds me of So-Crates... by fustakrakich · · Score: 1

    Something about having to lift his own glass...

    --
    “He’s not deformed, he’s just drunk!”
  12. Isn't pleading the fifth roughly... by mark-t · · Score: 1

    ... equivalent to admitting that one is guilty of at least one thing that is just as bad as whatever it is they are being charged with, or that what one is being charged with is actually entirely accurate?

    Granted, they don't know exactly what that something one is evidently guilty of might be, but still...

    Maybe I'm being just a goofy non-American here, but I honestly don't understand the point. In the general case, would someone explain to me how this constitutional amendment protects genuinely innocent people?

    --
    File under 'M' for 'Manic ranting'
    1. Re:Isn't pleading the fifth roughly... by Anonymous Coward · · Score: 1

      http://lawcomic.net/guide/?p=2282

      This is a good place to start

    2. Re:Isn't pleading the fifth roughly... by Locke2005 · · Score: 4, Interesting

      The Fifth Amendment means that when they torture you into confessing, it's not admissible in court? As an American, I find the concept of throwing out evidence somewhat questionable is well, as in, if someone is guilty, they are guilty, no matter how the evidence was obtained. There should be more direct consequences for unlawfully obtaining evidence, because supressing evidence obtained by violating rights only protects the guilty, as you said. What we really need is a way of punishing law enforcement for violating the rights of INNOCENT people, as it is, they don't even say "I'm sorry". The best we can hope for is to actually get reimbursed for the property they destroy.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    3. Re:Isn't pleading the fifth roughly... by jafiwam · · Score: 3, Interesting

      ... equivalent to admitting that one is guilty of at least one thing that is just as bad as whatever it is they are being charged with, or that what one is being charged with is actually entirely accurate?

      Granted, they don't know exactly what that something one is evidently guilty of might be, but still...

      Maybe I'm being just a goofy non-American here, but I honestly don't understand the point. In the general case, would someone explain to me how this constitutional amendment protects genuinely innocent people?

      Yes.

      And. So what?

      Not having the 5th amendment opens the door to what would basically be torture. I think you want the government doing that less than you want the government to win this case.

      Anyway, they can go ASK THE FUCKING NSA about what was transferred between the phones. Oh, right, that wasn't a legal search either. Sometimes the parallel construction doesn't work I guess.

    4. Re:Isn't pleading the fifth roughly... by Anonymous Coward · · Score: 2, Informative

      Well, first let us look at the text of the 5th amendment:

      "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."

      As you can see, the 5th amendment is not just about being forced to testify against oneself. It encompasses much of what we in the States consider the 'innocent until proven guilty' principle and the idea of 'due process.' This means that not only do you have no obligation to prove yourself innocent, but also that you are under no obligation to help the courts prove your guilt. The 5th amendment (along with a few others) tries to make it more difficult to wrongly convict the innocent at the cost of occasionally not convicting the guilty.

      While not convicting a guilty person is seen as an injustice, I would like to think that most people would see the wrongful conviction of an innocent person as a significantly greater injustice.

    5. Re:Isn't pleading the fifth roughly... by TWX · · Score: 4, Insightful

      Part of the point is that confessing under pressure or torture doesn't mean that the confession is real. If one is being tortured, one may say anything that one believes will end the torture, if the torturer has stated that saying that thing will cause the torture to stop.

      Also, don't forget, everyone is innocent until they're convicted in a court of law. Right now, in the eyes of the law, Bill Cosby is completely innocent of any and all accusations that have been made against him. Individuals may choose whether or not to believe that he has or has not done the things that he has been accused of, but he has not been indicted or convicted of anything, and given that it doesn't sound like any evidence exists to substantiate these claims of acts a long time ago, it's very likely that he will not see criminal charges based on the accusations. That doesn't mean that people will trust him like they did before, but in the eyes of the law he is an innocent man.

      --
      Do not look into laser with remaining eye.
    6. Re:Isn't pleading the fifth roughly... by drinkypoo · · Score: 1

      The Fifth Amendment means that when they torture you into confessing, it's not admissible in court? [...] What we really need is a way of punishing law enforcement for violating the rights of INNOCENT people

      When the cops break the law, the evidence is inadmissible. That's how we protect innocent people from being abused by law enforcement in this way, at least, when we actually follow the rules of evidence. However, when a non-cop breaks the law and gathers evidence, it may still be admissible. In this way, it is still possible for misdeeds to be uncovered when the law must be broken to do it. See: Whistle-blowers.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:Isn't pleading the fifth roughly... by TWX · · Score: 1

      If the police have enough evidence acquired through legal means then the prosecution may still be able to seek or secure a conviction. If the police have no evidence or insufficient evidence that demonstrates the guilt of the charged then they have no case.

      The point is to force the state, in the form of the police and the prosecution, to behave and to give everyone equal treatment. People are convicted based on proof of their actions, not on their character alone. Someone can be a scumbag but that doesn't necessarily mean that they've broken the law that they're accused of, and it's the responsibility of the police and the prosecutor to prove that they're guilty of that crime.

      --
      Do not look into laser with remaining eye.
    8. Re:Isn't pleading the fifth roughly... by Lakitu · · Score: 4, Insightful

      As an American, I find the concept of throwing out evidence somewhat questionable is well, as in, if someone is guilty, they are guilty, no matter how the evidence was obtained.

      This should be "despite being American, ...". Guilt is determined by the courts and it is done so using evidence gathered. If a person of questionable guilt is found guilty in a court of law, then ALL evidence that was used against them to do so is suddenly retroactively converted into having no requirements for its gathering. The person is guilty because of the evidence, and the evidence is admissable because they will be found guilty. This might be a nice system if we could pause the universe and question God as to whether we're correct or not, but we cannot, and if we could, we would probably not need arcane concepts like legal systems in the first place.

      How could you possibly hold someone accountable for destroying your property if it's perfectly acceptable for them to destroy your property if you will eventually be convicted? It's just an incentive for everyone involved to convict you regardless of whether you did anything or not.

      Both you and the non-American OP are viewing this in a simplistic manner as if a trial exists of questions such as "did you do it?" with a yes or no response. They are not. A skilled prosecutor can make it seem like your 8:59 quick trip to a convenience store reeks of guilt when it was information you happily provided to police. If "evidence" were always as evident as a bloody knife, then the criminals would just clean up after themselves without fail.

      It's fucking crazy that a place like /., where people so greatly appreciate the overreaching of the NSA, some people can so quickly do a 180 and justify the same behavior so long as they come up guilty in the end! The 4th and 5th amendments, protecting searches without warrant and protecting you from having to testify against yourself, are intricately and irrevocably linked together. How can you justify not consenting to a search if you can be forced to consent to provide evidence incriminating yourself?

    9. Re:Isn't pleading the fifth roughly... by Lakitu · · Score: 2

      One of the major use-cases of the 5th amendment is avoiding having to take the stand during a criminal trial. It's not like the prosecutor can call you to the stand and ask you a bunch of innocuous questions like your name, birthdate, job, hometown, etc., which you must answer and then ask "did you commit the murder?" Because it is unconstitutional to force someone to testify against themselves, and because a prosecutor questioning a defendant in front of a jury could imply guilt like this, a defendant's lawyer will often object to them even being called to the stand to testify in front of a jury. In this sense it's axiomatic.

      This doesn't prevent evidence from being gathered against you before the trial, and it often doesn't prevent you from giving up information against yourself (ie, it's not like you can refuse a warrant just because they might find something inside your home). The police can still hold it against you during their investigations, like you suggest, so while you can refuse to answer their questions ("you have the right to remain silent"), if you just sit there and completely refuse to talk the police will most likely more aggressively investigate what it is that you're hiding.

    10. Re:Isn't pleading the fifth roughly... by viperidaenz · · Score: 1

      Apparently the 5th amendment protects you from disclosing the combination to your safe.

      If you have two otherwise identical safes, one with a key lock and the other with a combination lock, a warrant can only compel you to produce they key, not give up with combination. Seems a little bit backwards to me though.

      An encryption key is more like a safe combination than a physical key.

    11. Re:Isn't pleading the fifth roughly... by penguinoid · · Score: 1

      The Fifth Amendment means that when they torture you into confessing, it's not admissible in court?

      No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

      Torture is not mentioned; there are many ways to compel without using something that the government defines as torture.

      supressing evidence obtained by violating rights only protects the guilty

      Suppressing evidence obtained by violating rights protects both the guilty and the innocent. It makes violating the person's rights pointless and counterproductive.

      Of course, it is now common practice to violate a person's rights and then commit perjury to say the evidence was acquired in a different manner, a practice called parallel construction.

      What we really need is a way of punishing law enforcement for violating the rights of INNOCENT people, as it is, they don't even say "I'm sorry".

      Is it too much to ask that law enforcement follow the law? Besides, you really don't want to have a policeman who faces jailtime if you're found innocent.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    12. Re:Isn't pleading the fifth roughly... by stephanruby · · Score: 1

      As an American, I find the concept of throwing out evidence somewhat questionable is well, as in, if someone is guilty, they are guilty, no matter how the evidence was obtained.

      Don't worry, you're not the only one. There was a study that found that 70% of juries still convicted based on the very hint of thrown out confessions (when no other evidence was present to corroborate the guilt of the accused).

      This has lead police officers to purposefully avoid mirandizing some of the suspects they arrest, and then interpret almost anything they say as a confession (while at the same time making sure that any recording of the so-called confession gets conveniently lost). Because once the district attorney mentions that there was a confession in front of a jury, and even if the judge throws it out, the accused is then caught in a bind, either he says it wasn't a confession and that claim (that he confessed) possibly gets used against him officially (because as a defendant, if he brings it up in court, it becomes admissible), or he says nothing and the so-called "confession" still possibly gets used unofficially against him by the jury.

      This is why you should never talk without your lawyer present. Your lawyer should always bring in his own recorder as well. And you should never answer hypothetical questions about where you think a potential murderer could have buried the body, or what was possibly used to commit the crime, or really say anything at all, until you speak to your own lawyer first.

      The truth is that the real harden criminals and the real psycopaths do not confess. They just don't. And that the US criminal justice system makes it so damn hard to convict any kind of people without direct evidence, that we've given the police and the justice system an almost impossible job to do. That's why extraordinary measures are being taken on an almost daily basis to try to make the system work (despite all the rules that prevent it from working in the first place).

    13. Re:Isn't pleading the fifth roughly... by sociocapitalist · · Score: 1

      The Fifth Amendment means that when they torture you into confessing, it's not admissible in court? As an American, I find the concept of throwing out evidence somewhat questionable is well, as in, if someone is guilty, they are guilty, no matter how the evidence was obtained. There should be more direct consequences for unlawfully obtaining evidence, because supressing evidence obtained by violating rights only protects the guilty, as you said. What we really need is a way of punishing law enforcement for violating the rights of INNOCENT people, as it is, they don't even say "I'm sorry". The best we can hope for is to actually get reimbursed for the property they destroy.

      So the drugs and child porn found in your apartment by Bob the Bad Cop (bought and paid for by someone you pissed off last week) who broke down your door and found them there, alone with no witness to contest his story...should be allowed as evidence in court against you?

      --
      blindly antisocialist = antisocial
    14. Re:Isn't pleading the fifth roughly... by sociocapitalist · · Score: 1

      everyone is innocent until they're convicted in a court of law

      Except anyone who looks like a terrorist who, under The Patriot Act (tm), is grabbed off the street, stuffed in a hole somewhere and denied access to legal counsel and a swift trial.

      --
      blindly antisocialist = antisocial
    15. Re:Isn't pleading the fifth roughly... by Lakitu · · Score: 2

      You may be an American by birth or by other processes legally, but you have zero concept of what it means to actually be an American, or of why the US was even founded then.

      My post says nothing about police behavior other than condemning those who would wish for greater police powers as some kind of wishful thinking about simultaneously convicting more guilty people while reducing executive misbehavior. If you can believe that kind of wishful thinking, backing it up only with your "no true American.." logic, then you should move to Syria, where similar feelings are actually being implemented. Tell me how it turns out!

  13. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  14. Re:Hoorah! by serviscope_minor · · Score: 3

    The price of living free is that sometimes paedophiles will go free.

    No system is perfect. In order to guarantee every pedo is locked up, 1000 innocents will have to be locked up for every pedo. Sane people realise that's not worth the tradeoff.

    --
    SJW n. One who posts facts.
  15. No brainer by schwit1 · · Score: 2

    No one should be compelled to assist in their own prosecution.

    1. Re:No brainer by viperidaenz · · Score: 1

      You can be compelled to produce physical keys.

      Blood samples, hand writing samples, recorded voice samples, finger prints... All OK. Just not passwords.

  16. Re:Hoorah! by Cafe+Alpha · · Score: 1

    That sound you hear is thousands of pedophiles and other criminals shouting out with glee...

    No way, it won't apply to them. There will be some way that this only applies to the 0.1% who work on wallstreet. You aren't the class of people who constitutional protections apply to. You don't have enough money to matter.

  17. Re:It's about time by viperidaenz · · Score: 2

    They didn't really leech money from society.
    If anything, they didn't play fair with other traders, so they missed out on the opportunities.

    Unless you're a stock trader, you're not impacted.

  18. Re:Hoorah! by FlyHelicopters · · Score: 1

    Exactly... I'd rather let a thousand guilty go free than put an innocent person in prison...

  19. Re:Business vs. Personally owned device... by KGIII · · Score: 1

    I'm pretty sure that they can't be forced to provide evidence that would implicate them in a criminal matter. That's why this is a matter of the 5th amendment and not the 4th amendment. The device (and probably even the content on it) belong to the company. The password belongs to the user.

    If I wanted to troll then I'd point out that this is the courts upholding the idea of intellectual property. ;)

    Anyhow, as this information is likely covered under other laws (like the need to retain financial information or similar - there's probably some sort of law but I have no idea which one it would be specifically for I am not a lawyer) that will be used instead. Then, if that were prosecuted, I have no idea who would be culpable. Perhaps the person who set up the phones in such a manner that the company is unable to open them to comply with a request for the data that they're likely supposed to be preserving as a matter of course. I'm not sure how well that would fly and I'm not really qualified to opine.

    --
    "So long and thanks for all the fish."
  20. See..... by TheCarp · · Score: 1

    We have been saying for years that only good can come from bringing economic fraudsters to trial. Put them on trial and....poof....our rights expand!

    Lets put some bankers up next, maybe we can get some more freedom.

    --
    "I opened my eyes, and everything went dark again"
  21. Will be reversed on appeal by Etherwalk · · Score: 1

    I'm pretty sure that they can't be forced to provide evidence that would implicate them in a criminal matter.

    You are wrong, and if the court used the reasoning identified in the summary, it will likely be overturned on appeal.

    You do not have to incriminate yourself by your testimony, but you can be obligated to give the state access to your records. The right against self-incrimination doesn't protect your *records*, it protects you. That is well-established law. (Stupid but true).

    The fact that these are personal and not business records usually won't help and almost certainly won't help here. Usually that only matters because business records can be admitted even when they are "hearsay," meaning an out-of-court statement presented in court for the truth of the matter asserted in the statement. From the summary the holding is that because they are personal records they are testimonial in nature and therefore covered by the fifth amendment right against self-incrimination. I don't think an appellate panel anywhere in the country would buy that for a minute.

    1. Re:Will be reversed on appeal by KGIII · · Score: 1

      Would not the password be giving testimony? Albeit not a statement in front of a judge but still I think it might qualify as testimony according to the dictionary. I'm curious as to where this goes. I seem to recall the courts tossing someone in jail over an encrypted laptop at one point in the past.

      --
      "So long and thanks for all the fish."
    2. Re:Will be reversed on appeal by cayenne8 · · Score: 1
      I'm wondering if these same "protections" on passwords apply to the newly popular fingerprint ID capability to open/unlock your phone?

      I'm thinking I'd not want to have that, as that anyone can force you to put your finger not the thing, but they can't force you to type a long, complex password...

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    3. Re:Will be reversed on appeal by Aaden42 · · Score: 2

      If you're in a situation where your phone might be confiscated, power it off completely. At least for iOS, TouchID will not unlock the device at power on. The full passcode must be entered. Using more than the 4 (or now 6) digit minimum would be a GoodIdea(TM).

      If you're compelled to provide your finger under duress, do the best you can to "smear" the print or else provide fingers that aren't enrolled for TouchID. You only get five attempts. After that, the phone will require your passphrase and even the correct finger print will no longer unlock the device.

      If you're in a time-sensitive situation or can touch but can't look at the phone, hold Home & Power down for five seconds or more to force a hard power off.

      In any case, powered off is safer than locked as the Secure Enclave processor holds several session keys that are derived from your passcode. Powered on but locked, the keys are technically still "there" and vulnerabilities could conceivably expose them. Powered off, they're gone completely.

    4. Re:Will be reversed on appeal by KGIII · · Score: 1

      I am really curious to see where this goes. I am not, by any means, an expert on constitutional law but I did stay at an EconoLodge last night (and tonight - and through the weekend as I've decided to stick around Buffalo for a little while). I do have a hobby (and a social obligation) to observe the courts so I've learned a little and this has potential to go all sorts of directions.

      The data, as it stands, is encrypted which is, quite expressly, not the original content. Giving the password so that it can be decrypted could be construed as creating proof - forced to testify against yourself basically. I recall one instance (though I don't remember the details) where a suspected child porn aficionado crossed the border with an encrypted laptop and was arrested for refusing to decrypt it. I seem to recall that they ended up doing some time for contempt of court and I can't recall the resolution of that case.

      This is something that needs to be clearly defined. This case is particularly good for it - I think. It's got potential to define it really well and establish a precedent. In this case the company is also, probably, liable as they're probably required to enforce certain data retention/records policies. So, first we have the matter of who's responsible to decrypt this and then we have the issue of whose property the password is. If the property is the company's and the SEC goes after the company for data retention violations then, I'd suspect, the individual could be forced to comply with an order to unlock the phone - any illegal activity would be subsequently discovered and incidental. I'm really, really, curious about this.

      Unfortunately, things take so long to move through the courts that I'll likely forget all about it and fail to follow up. I should probably set up one of those Google Alerts (or a few hundred of them) for this sort of stuff. My memory is not as good as it used to be and my attention span has always been akin to that of a gnat.

      --
      "So long and thanks for all the fish."
  22. Why we let bad guys go by Etherwalk · · Score: 1

    The Fifth Amendment means that when they torture you into confessing, it's not admissible in court? As an American, I find the concept of throwing out evidence somewhat questionable is well, as in, if someone is guilty, they are guilty, no matter how the evidence was obtained. There should be more direct consequences for unlawfully obtaining evidence, because supressing evidence obtained by violating rights only protects the guilty, as you said. What we really need is a way of punishing law enforcement for violating the rights of INNOCENT people, as it is, they don't even say "I'm sorry". The best we can hope for is to actually get reimbursed for the property they destroy.

    The "exclusionary rule" requires courts to exclude evidence that is obtained unconstitutionally. There's a simple reason why the remedy is exclusion of evidence rather than punishing cops who torture people: practicality. Courts can't punish cops who torture people, because somebody would need to arrest them.

    The exclusionary rule was developed so that cops wouldn't have an *incentive* to abuse their power and gather evidence illegally. This in turn discourages them from doing so. We let bad guys go not because they're not guilty, but because as a practical matter it is the only power courts have to keep cops following the laws which protect the citizens from government overreach.

  23. Business not personal device by WillAdams · · Score: 1

    What if the company has a policy that the password for all company-issued devices has to be kept in a sealed envelope in a company lockbox?

    --
    Sphinx of black quartz, judge my vow.
  24. Re:I have other prints by macs4all · · Score: 1

    So, I'll try ten times - once with each finger and let it lock me out. They don't need to know I use the big toe on my left foot to unlock my phone.

    That must make you VERY "popular" in line at the McDonald's, as you unlock your phone to use Apple Pay!

  25. Re:I have other prints by mattventura · · Score: 1

    A toe isn't even the worst body part I can think of for unlocking a phone.

  26. Re:I have other prints by Aaden42 · · Score: 1

    I've tried other parts. (Just for science, mind you!) TouchID looks for ridge detail and won't enroll anything but a finger. Haven't tried toes, though.

    (It was my nose, you perverts... Ever tried to use your phone on a cold winter day with gloves on? You can at least poke the Next Track button with your nose, but not unlock the phone.)

  27. Re:ISO by Aaden42 · · Score: 1

    That requirement would be in conflict with a lot of existing standards that require that no one except the employee know their password. PCI for one has a line item that forbids any kind of credential sharing. Wouldn't surprise me if SOx and others had similar. There's no accountability if anyone knows (or could know) your password. Administrative reset capability is different since it leaves an audit trail.