Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules (forbes.com)

← Back to Stories (view on slashdot.org)

Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules (forbes.com)

Posted by msmash on Monday January 14, 2019 @08:57AM from the landmark-ruling dept.

A California judge has ruled that American cops can't force people to unlock a mobile phone with their face or finger. The ruling goes further to protect people's private lives from government searches than any before and is being hailed as a potentially landmark decision. From a report: Previously, U.S. judges had ruled that police were allowed to force unlock devices like Apple's iPhone with biometrics, such as fingerprints, faces or irises. That was despite the fact feds weren't permitted to force a suspect to divulge a passcode. But according to a ruling uncovered by Forbes, all logins are equal. The order came from the U.S. District Court for the Northern District of California in the denial of a search warrant for an unspecified property in Oakland. The warrant was filed as part of an investigation into a Facebook extortion crime, in which a victim was asked to pay up or have an "embarassing" video of them publicly released. The cops had some suspects in mind and wanted to raid their property. In doing so, the feds also wanted to open up any phone on the premises via facial recognition, a fingerprint or an iris.

172 comments

Min score:

Reason:

Sort:

I can't imagine... by cayenne8 · 2019-01-14 09:03 · Score: 2, Insightful

...why anyone would want to use biometric passcodes to unlock anything so private as a cell phone is today.
I know, most people don't seem to value privacy, but if you have any at all, doing biometric should be a no go from the start.

--
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
1. Re:I can't imagine... by Anonymous Coward · 2019-01-14 09:10 · Score: 0
  
  You're conflating the theory of biometric locks, which is sound, with the implementation on phones and inexpensive matching systems, which is not. Biometrics have value but not at this price point.
  Anyone keeping sensitive data on a PHONE as if that's where it belongs when you traverse national borders or airports, that person is unclear on the concept.
2. Re:I can't imagine... by Anonymous Coward · 2019-01-14 09:11 · Score: 0
  
  Why? It's my understanding the biometric data is kept locally on the device and encrypted.
3. Re:I can't imagine... by Pascoea · 2019-01-14 09:17 · Score: 1, Insightful
  
  ...why anyone would want to use biometric passcodes to unlock anything so private as a cell phone is today. I know, most people don't seem to value privacy, but if you have any at all, doing biometric should be a no go from the start.
  Because I don't want to type in a password every time I look at my phone. I don't keep anything in the general storage that I don't want someone else to see. That "stuff" gets relegated an encrypted actual password protected "storage locker".
4. Re:I can't imagine... by Anonymous Coward · 2019-01-14 09:30 · Score: 0
  
  I can't imagine why anyone would want to use biometric anything after watching Demolition Man.
5. Re:I can't imagine... by Anonymous Coward · 2019-01-14 09:32 · Score: 0
  
  Think of the driving a car usecase...I want some tunes, I'm driving, phone's locked. Would you rather have drivers using a fingerprint or a passcode to unlock?
6. Re:I can't imagine... by Anonymous Coward · 2019-01-14 09:34 · Score: 2, Interesting
  
  Because I don't want to type in a password every time I look at my phone. I don't keep anything in the general storage that I don't want someone else to see.
  If you don't care about the data behind the biometric lock, and the data you do care about is behind a different lock, why use biometrics at all? I am seriously asking here and genuinely am curious why.
7. Re:I can't imagine... by Dixie_Flatline · 2019-01-14 09:52 · Score: 3
  
  Using a biometric system allows me to keep a 15+ character passcode on my phone without meaningfully impacting my day. It means my phone is immune to casual (or even some non-casual) break-ins, but is still very useful and accessible to me. (Particularly now that I have an iPhone XR; it never FEELS locked to me because the transition is so seamless.)
  If someone swipes my phone or I lose it, I have no fear that my data will be taken. If someone has kidnapped me and threatens me, they'll have my data whether it's protected by a password or biometrics.
  I'm FAR more worried about persistent data tracking around the web and the amount of data that filters through google and facebook than my biometrics being the weak point in my security.
  Ultimately, all security is a tradeoff between security and convenience. My phone is a device that I want to be convenient, and that means I trade a tiny bit of security for it.
8. Re:I can't imagine... by fazig · 2019-01-14 09:55 · Score: 0
  
  Because biometric locks are convenient and fast. Is that so difficult to understand?
  
  You can use your finger to unlock something while you don't even look at it. While a more secure password with a decent enough length and a wide range of characters and require a lot more attention to be entered correctly. That is something most people won't like for all the mundane and other non critical stuff they do on their phones.
9. Re:I can't imagine... by sexconker · 2019-01-14 10:02 · Score: 3, Insightful
  
  Biometrics are trash from every angle.
  They're incredibly fuzzy, which leads them to being easy to fool. Users can't reset their biometrics when they're compromised. And the biometrics can be used to identify an individual. You can either use a shitty biometric device that records the data directly, or compromise a trusted one to do so, thus letting you go from the "secure" element to the user. OR you can identify a suspected user (or as they tried to do in this case, a swath of them) and then force them to use biometrics to generate a hash and determine if it's a match or not.
  Passwords win out always.
10. Re:I can't imagine... by sexconker · 2019-01-14 10:03 · Score: 1
  
  I, too, watch Cinemassacre Rental Reviews.
11. Re:I can't imagine... by Anonymous Coward · 2019-01-14 10:09 · Score: 0
  
  Biometrics are NOT authentication. They are a form of identification and could be used to confirm the person actually entering a password for authentication is most likely the correct user for the username/password authentication combo.
  Biometrics cannot be changed, so once they get compromised at once place, they are compromised everywhere, and biometrics like fingerprints are already compromised because you leave them everywhere.
12. Re:I can't imagine... by bobbied · 2019-01-14 10:09 · Score: 4, Informative
  
  True security requires two of the following..
  1. Something that I am (biometrics)
  2. Something that I know (password)
  3. Something that I have (A physical login token)
  You can do three and be a bit more secure if you like.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
13. Re:I can't imagine... by Anonymous Coward · 2019-01-14 10:16 · Score: 1
  
  Think of the driving a car usecase...I want some tunes, I'm driving, phone's locked. Would you rather have drivers using a fingerprint or a passcode to unlock?
  Well, if you pull over (AS YOU SHOULD) to do either, it really doesn't matter, does it?
  If you don't pull over, you're distracted for less time with the biometric, but you're still distracted.
14. Re:I can't imagine... by Rick+Schumann · 2019-01-14 10:21 · Score: 1
  
  No kidding.
  
  We're sorry for the inconvenience, can we get you something to drink while you wait?
  (Takes the cup or can/bottle from you later, lifts the print(s), uses them to unlock your phone)
  Or just plain old intimidation to coerce you into complying. The average person is enough of a wimp, doesn't know their rights, and crumbles in the face of stern-speaking authority figures, that just 'demanding' it is enough for most, just to get the angry guy with a gun and a badge to stop yelling at them.
15. Re:I can't imagine... by sjames · 2019-01-14 10:25 · Score: 1
  
  I do that too, and it's just to keep people honest. It also makes it impossible for someone to successfully claim that they had no idea they weren't supposed to access the phone.
16. Re:I can't imagine... by Xylantiel · 2019-01-14 10:31 · Score: 1
  
  This. The most likely case that a normal person will need their phone secure is if they lose it or have it stolen by a pickpocket. Security in this case requires a decently strong passcode. The problem biometrics solves is that a passcode strong enough to resist an attack on a lost or stolen phone is inconvenient to enter and is easily shoulder-surfed. If you are the target of a motivated attack, it would be be far easier to just observe you putting in a passcode than to lift your fingerprint in sufficient quality to fool a normal reader. Someone willing to lift your fingerprint and your phone is well above the "pickpocket" level and would certainly have been able to get your passcode if you used it constantly.
  I think the next level thing, with a bit more setup required, would be a bluetooth or NFC ring. This would have much the same convenience but could be changed and not copied. That still could be taken at gunpoint, but I would argue that is actually an advantage, since I certainly don't have access to any data that is comparable in worth to my life.
17. Re: I can't imagine... by Anonymous Coward · 2019-01-14 10:31 · Score: 0
  
  Is a remote unlock ever forceable?
18. Re: I can't imagine... by Zero__Kelvin · 2019-01-14 10:38 · Score: 2
  
  Well personally *I* can't imagine why you can't imagine it. The vast portion of people aren't worried about APTs. Well over 99% of the time there is no danger that someone is going to try to gather your biometrics in order to access your phone, and even less chance when you factor in likelihood of success. In almost every case the threat is a thief, a family member, an unscrupulous or "prankster" co-worker, or someone else who lacks the time, access to your person, and / or skill set to break bion biometric based protections. Couple that with the fact that it is far more easy and quick to use your finger to afford "one touch" authorization and you'd have to be ignorant and / or a fool to think it isn't a highly effective tool that maps well to the security landscape.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
19. Re:I can't imagine... by Pascoea · 2019-01-14 10:41 · Score: 1
  
  Company policy requires that password protect my phone.
20. Re:I can't imagine... by Pascoea · 2019-01-14 10:44 · Score: 4, Funny
  
  he will get ... my grocery list.
  I keep that in the secure locker. I don't want my health insurer to know how much crappy food I eat.
21. Re:I can't imagine... by tlhIngan · 2019-01-14 11:08 · Score: 1
  
  ...why anyone would want to use biometric passcodes to unlock anything so private as a cell phone is today.
  I know, most people don't seem to value privacy, but if you have any at all, doing biometric should be a no go from the start.
  Because passwords are inconvenient. You unlock your phone dozens or hundreds of times a day. It was discovered a PIN (a simple 4 digit PIN) made it so inconvenient that people wouldn't bother. Sure they set it up, but after a few days of constant entry, they disable it. This lead to something like 80% of all phones not having a PIN - just swipe to unlock.
  With biometrics, you can have your complex PIN and most of the time you're using the phone it doesn't get in the way - your phone unlocks just before you use it. Making life convenient, and protecting the data on your phone because now it's protected by a PIN. So your use of the phone is like before, but now it's not unlocked - it's protected. I believe Apple discovered after TouchID that 90% of phones were now locked with a PIN or password (it's mandatory to set something up when using TouchID).
  You tell me - which is more secure - that 80% of people were walking around with phones that were not protected, or 90% of phones that had a PIN or password, but had biometrics?
  Security is about tradeoffs. You can secure something to the level of Fort Knox, and for some things, that might be appropriate. But other things it gets in the way.
  Let's say you're testing an OS update and in order to test it, you must sign the update using an offline airgapped server. So you build it, copy the build to a thumbdrive, go to the machine, get it signed, walk back to your desk, and test it. Only to find a bug, which you fix, build, sign, and test. After a few trips of this (especially if said server requires a walk), well, you'll find ways around it so you don't have to sign the build before your test.
22. Re: I can't imagine... by Anonymous Coward · 2019-01-14 11:10 · Score: 0
  
  I have never really looked at the Face ID. I realized that I had never taken any selfies because it was very unnatural to hold the phone so that you could see my whole face, only the top of it. Once I got the hang of it it worked way better than I thought.
23. Re:I can't imagine... by Kjella · 2019-01-14 11:24 · Score: 2
  
  ...why anyone would want to use biometric passcodes to unlock anything so private as a cell phone is today. I know, most people don't seem to value privacy, but if you have any at all, doing biometric should be a no go from the start.
  It's good enough if it's simply lost. It's a lot easier to shoulder surf a PIN than to create a convincing enough replica of my fingerprint. If you really want access to my phone just rob me, I'll tell you the PIN as it's not worth dying over. There's no need for shears and gory scenarios and it'll unlock the phone forever and after reboots too so it's better than my finger. I suppose I could be dead or incapacitated, but why go to drugs, battery or murder if a simple threat will get you all you want? So the only people who'd have an easier time with biometrics are those where it makes a legal difference and they play by the rules.
  If it's at the border or a traffic stop or knock on the door or anything like that you have plenty time to disable it - it's just five quick taps. So basically it's just a surprise arrest, either on the streets or SWAT rushing in. As I'm already assuming it's cops following rules I suppose that could happen by a case of mistaken identity, but they wouldn't find much incriminating and they wouldn't do much else nasty with it. Basically, the Venn diagram between where the security is significantly weaker and the threats that are of any real concern to me has no overlap.
  
  --
  Live today, because you never know what tomorrow brings
24. Re:I can't imagine... by lgw · 2019-01-14 12:07 · Score: 1
  
  I can't imagine why anyone would want to use biometric anything after watching Demolition Man.
  Long ago when Back to the Future 2 came out, the newspaper headlines were "Thumb Bandit Strikes Again". The flaws in biometrics were recognized in popular media before there even were cheap biometric sensors.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
25. Re:I can't imagine... by mark-t · 2019-01-14 12:09 · Score: 1
  
  If you really want access to my phone just rob me, I'll tell you the PIN as it's not worth dying over.
  
  That being the case, one also has to ask if it is worth killing over if one isn't going to get it in the first place?
  If not, then it still makes no sense to divulge the PIN.
  If so, then it gets a bit dicier. although I still wouldn't, personally
  While I have no death wish specifically, if I'm dead, I don't have to live with the consequences of that, by definition, while conversely, a person who kills me might have to go on living with the consequences of committing murder, which may include jailtime if they are caught, plus they still won't have the PIN, so they haven't even gotten anything out of it, thereby negating any incentive they should otherwise have to bother to harm me in the first place.
  If they are not acting rationally, then that is their problem, not mine. It's definitely not my problem if they should kill me (a person facing imminent death should anticipate no particular problems at all unless one also anticipates some kind of unpleasant afterlife experience), while being irrational would *STILL* be their problem if they chose to kill me without advantage to themselves. I do not pretend to be responsible for other people's choices, and attempting to allege that I might somehow be responsible for a choice that they might make when I did not impose that choice upon them in the first place is not going to fly with me.
  Oh, and I'm quite aware that most people will think there's probably something wrong with me psychologically that I think this way....
  
  --
  File under 'M' for 'Manic ranting'
26. Re:I can't imagine... by Anonymous Coward · 2019-01-14 12:20 · Score: 0
  
  It can be used when convenient. If my Phone is left locked for too long it always asks for the password. The password database on my phone does the same. You can use a quick unlock while using the phone but once it's in my pocket for a bit it asks for the password.
27. Re: I can't imagine... by Anonymous Coward · 2019-01-14 12:33 · Score: 0
  
  The problem with that angry guy with the gun and badge is that he's always right. Even if you're right and he's wrong then he's still right. The courts decide who is actually right, but that only happens after the fact.
  Arguing with a cop over a fingerprint is a great way to end up in a cell, or with a gunshot wound, or in a body bag. The most you can hope to gain from that argument is absolutely nothing.
  (Another note: Cops don't always follow the law)
28. Re:I can't imagine... by Immerman · 2019-01-14 12:40 · Score: 1
  
  However, they're considerably more difficult to mimic than password entry - which means that the asshole who stole your phone at the club is unlikely to be able to bypass it.
  It's like having a password on your home computer - it (mostly) keeps the kids out, especially if they have their own account, and serves as a declaration of intent to anyone who happens to sit down at it. But unless you've gone a whole lot further than just adding a password, the real security against a dedicated attacker is minimal, so you may as well use something simple. Brute-forcing a three-character password is a lot more difficult than just booting off a USB stick, so there's nothing to be gained from having a password more secure than that, unless you've enabled the account for remote log in.
  All of security is really just an exercise in making yourself an inconvenient enough target that attackers look elsewhere. The lock on your front door can almost certainly be picked in under a minute by anyone with a solid weekend of practice. Even then the only reason to pick a lock is to enter without breaking anything - the door is usually the most secure entrance to any building or room.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
29. Re: I can't imagine... by Anonymous Coward · 2019-01-14 13:03 · Score: 1
  
  Your face or thumbprint can be physically extracted, and an object you control can be forced from you.
  I would argue security is (2) and at least one of (1) and (3).
30. Re:I can't imagine... by Immerman · 2019-01-14 13:31 · Score: 1
  
  > That still could be taken at gunpoint, but I would argue that is actually an advantage, since I certainly don't have access to any data that is comparable in worth to my life.
  Or even comparable in worth to my eye, thumb, etc. While many biometric scanners claim not to work with amputated body parts, I suspect they'd work just fine so long as the part was was kept alive with synthetic blood of the right color and temperature. Plus, I don't trust all thieves to know how difficult the procedure actually is - I'd hate to lose a body part because a thief didn't realize it would be useless. Besides, I'm sure any sufficiently disreputable fence would have the necessary synthetic blood, etc. to make use of a fresh stolen part kept on ice.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
31. Re:I can't imagine... by Immerman · 2019-01-14 13:35 · Score: 1
  
  Considering how many people are beaten or killed by cops on the flimsiest of pretenses, sometimes even while officially in custody, without any consequences for the cop, that I'm not completely certain that "knowing your rights" is actually adequate defense against an "angry guy with a gun and a badge"
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
32. Re:I can't imagine... by Anonymous Coward · 2019-01-14 13:57 · Score: 0
  
  Because biometric locks are convenient and fast. Is that so difficult to understand?
  I wasn't asking why they use biometrics instead of a passcode, I was asking why they use biometrics instead of NOTHING for the data that they have ALREADY STATED they do not care if other people see. Why is that so difficult to understand?
33. Re:I can't imagine... by Immerman · 2019-01-14 13:59 · Score: 1
  
  Well, in general it's a bad practice to make threats you don't intend to follow though on. And vanishingly few people consistently behave rationally.
  And while a person facing imminent *certain* death should anticipate no particular problems at all (and in fact it seems common for such people to experience preternatural calm and often life-changing clarity - at least according to those whose lives were spared by chance) Facing imminent *potential* death on the other hand leaves you facing the very large problem of "not being killed" - as your death will not only hurt all your loved ones (an important consideration for non-psychopaths), but also put a serious damper on continuing to enjoy life. Which personally is a priority I rank higher than all but a small handful of other concerns.
  So, somebody asks for my PIN at gunpoint - I'm giving them my PIN, as it's far more likely that I'll survive that way. I'm just as dead if they kill me out of spite or self-consistency, and would much rather they profit from the theft if it means I also profit by continuing to survive. The only exception would be if that PIN provided access to information that would jeopardize one of the few priorities I hold higher than my life - but I don't carry any nuclear launch codes, bioweapon designs, or even really juicy blackmail material on my loved ones - so that seems unlikely.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
34. Re:I can't imagine... by Immerman · 2019-01-14 14:01 · Score: 1
  
  Plus, if they kill me I won't care that they didn't profit, so what exactly is the motive to invite that?
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
35. Re:I can't imagine... by Jane+Q.+Public · 2019-01-14 14:10 · Score: 1
  
  An overall better solution, in my opinion, would be to have a strong passcode for accessing the phone when turning it on, then an easy one like biometrics for unlocking.
  
  I admit that at first, I did not see a need for 2 systems.
  
  But it has bothered me for a while now that they continue to insist on just one access system, both for initial access to the phone, and for the lock screen.
36. Re:I can't imagine... by Jane+Q.+Public · 2019-01-14 14:11 · Score: 1
  
  At the same time, as part of that dual security system, there should be a near-instant way to turn your phone off.
37. Re: I can't imagine... by ljw1004 · 2019-01-14 14:33 · Score: 1
  
  For the people who check their phone 300 times a day, biometry saves them over half an hour a day. That seems a very reasonable tradeoff.
38. Re:I can't imagine... by antdude · 2019-01-14 14:41 · Score: 1
  
  And if your biometic get corrupted like your fingerprints, faces, etc.? :P
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
39. Re:I can't imagine... by Anonymous Coward · 2019-01-14 14:41 · Score: 0
  
  Ok, that is a fair point I hadn't considered, thank you for that.
40. Re: I can't imagine... by Rick+Schumann · 2019-01-14 15:21 · Score: 1
  
  Arguing with a cop over a fingerprint is a great way to end up in a cell, or with a gunshot wound, or in a body bag.
  Are you in the U.S.? I am, and I guess I'd be a martyr for civil rights, then, because I would refuse to be bullied into ANYTHING, and just keep repeating "LAWYER" and "PHONE CALL" until I got one, the other, or both, because I'm not a pussy and I won't be bullied, even if you wave a gun in my face. Be my guest, though, officer, and rough me up, intimidate me, and otherwise violate my civil rights. Then I won't have to work again a day in my life after I sue your department, the city/state/federal goverment, and perhaps you, for doing so, and win millions of dollars.
  
  Since it sounds to me like you're not in the U.S.: sorry to hear that your country doesn't have civil rights worth a damn.
41. Re:I can't imagine... by Rick+Schumann · 2019-01-14 15:22 · Score: 1
  
  I'll probably never find out but in case I do here's what I have to say about that: https://slashdot.org/comments....
42. Re:I can't imagine... by mark-t · 2019-01-14 15:42 · Score: 1
  
  Facing imminent *potential* death on the other hand leaves you facing the very large problem of "not being killed"
  Not really... your choice in the matter is wholly illusionary. The choice to kill or not is theirs, and any impression that you have an influence on their decision simply by doing what they ask is nothing but a coincidence. I will not pretend to be responsible for a decision that someone else has imposed upon themselves just because they've somehow put themselves in a corner of feeling like they need to somehow carry out their threat if I don't happen to do what they want. If I refuse and die, it's not my problem... if I refuse and live, then it's still not my problem. If I accept and die, then it's not my problem, but an injustice has occurred, and the criminal rewarded for his acts, while if I accept and live, I may continue to enjoy life, but there is still a loss to my estate, and I still have to live with the consequences of that.
  So only scenario in which I have to live with any negative consequences of my choice is if I choose to accept the offer... any option for some kind of net positive gain from this scenario is imaginary... the only way I can actually just break even is if I refuse and they don't kill me. "Continuing to live" is not a net positive gain, because one was already continuing to live before the scenario anyways.
  
  --
  File under 'M' for 'Manic ranting'
43. Re:I can't imagine... by registrations_suck · 2019-01-14 15:54 · Score: 1
  
  However, they're considerably more difficult to mimic than password entry - which means that the asshole who stole your phone at the club is unlikely to be able to bypass it.
  I have an eight digit alphanumeric passcode on my phone. That asshole is unlikely to bypass it.
44. Re:I can't imagine... by registrations_suck · 2019-01-14 15:57 · Score: 1
  
  You can use your finger to unlock something while you don't even look at it.
  That's not all you can use it for.
45. Re:I can't imagine... by registrations_suck · 2019-01-14 15:59 · Score: 1
  
  I wasn't asking why they use biometrics instead of a passcode, I was asking why they use biometrics instead of NOTHING for the data that they have ALREADY STATED they do not care if other people see. Why is that so difficult to understand?
  Maybe they want to deny usable access to the hardware to someone who found it or stole it, simply out of spite (hey, that's mine! So you can't use it even though I'll never get it back).
  Maybe they want to keep someone from using up their data plan.
  Maybe they want to keep someone from using it to frame them for some crime.
  Who the fuck knows?
  Who the fuck wants to know?
  Do you know where his phone as been?
  Neither do I.
  And I don't want to.
46. Re:I can't imagine... by Anonymous Coward · 2019-01-14 16:04 · Score: 0
  
  Fingerprint unlock is still infinitely better than a weak or non-existent password. It's the balance between security and convenience.
47. Re: I can't imagine... by Lenny369 · 2019-01-14 17:02 · Score: 1
  
  Thank you for finally bringing up my point / solution. I would prefer a dual-OS system, so that I may use my thumbprint as usual for regular phone tasks, but also if I choose to enter into a sort of root access [to my life, not the OS] then I would indicate that via an on-screen slider, button, or even a physical button combo, which would prompt me for my password. This almost resembles a multiple user interface, which we developed 25 years ago (me personally and others, I know it was developed earlier).
48. Re: I can't imagine... by Anonymous Coward · 2019-01-14 17:55 · Score: 0
  
  You're in the US? Then you know that if you are ARRESTED then you have one or more charges. You aren't just detained. You can get your phone call (to bail you out of jail) and seek counsel (if they give you more than one phone call, or after you bail out... assuming no interrogation) but first you'll be photographed and fingerprinted as part of... BOOKING. Thus, they already have your biometrics attached to your charge(s) in case of your skipping bail and even if after a trial the charges are dismissed. (Getting the arrest expunged would be a separate process.) I wouldn't recommend getting "roughed up" as part of standing up for any perceived or actual rights since it could be a tackle to ground to start with as the start of a use-of-force physical fight, or even a TASER shock of the officer's discretion duration... after which you are injured and still being taken to jail (unless you have injuries so serious they require medical emergency treatment).
49. Re: I can't imagine... by Rick+Schumann · 2019-01-14 18:32 · Score: 1
  
  BLAH BLAH BLAH scare tactics from the internet troll BLAH BLAH BLAH
  Oh shut the fuck up. I don't even own a goddamned smartphone or anything that can even be 'locked' in the first place, or that can even access the internet (I specifically disable it's limited ability to do so as a matter of course), there's not even anything of value on it that cops couldn't get from the phone company. However I also know my RIGHTS under the LAW so all your trolling is just more noise to me. Go back to 4chan and lurk more you're not impressing anyone. Better yet get a different hobby, preferably something you do alone, far from other people.
50. Re:I can't imagine... by Anonymous Coward · 2019-01-14 18:33 · Score: 0
  
  An overall better solution, in my opinion, would be to have a strong passcode for accessing the phone when turning it on, then an easy one like biometrics for unlocking.
  You mean almost exactly like what Apple has on the iPhone, where you have to enter a passkey before being able to unlock using biometrics after each restart or if you leave it lying around for too long?
51. Re:I can't imagine... by AmiMoJo · 2019-01-14 22:41 · Score: 1
  
  Biometrics on phones are good enough. They can be fooled, but what is the threat model here? An attacker who goes to all the trouble of cloning your fingerprints or making a 3D model of your head?
  Biometrics are perfectly adequate against the threats most people face - thieves and "friends"/family. Even against abusive law enforcement they aren't terrible, as most generally lock and require a password after a certain amount of time, and offer a "panic button" (press the power button several times quickly, or hold it down) to disable biometrics. Train yourself to use that function whenever the cops are near and you will be fine.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
52. Re:I can't imagine... by thegarbz · 2019-01-14 23:36 · Score: 1
  
  ...why anyone would want to use biometric passcodes to unlock anything so private as a cell phone is today.
  Because for nearly everyone in the world the biggest security risk is losing their phone and hoping that whoever finds it doesn't have automatic access to your Facebook account.
  If you work for the CIA then you may have a differing opinion on that. Personally if you want my phone you can have it. Just don't delete any of the dickpicks. I'll even give you my passcode: 000000
53. Re: I can't imagine... by fazig · 2019-01-14 23:56 · Score: 1
  
  Unfortunately system access levels do not appear to be a concept all people can wrap their heads around.
  Black and white think and nirvana fallacy is so much more convenient.
54. Re:I can't imagine... by fazig · 2019-01-15 00:48 · Score: 1
  
  What else can you use it for?
  
  If you're afraid that someone may get access to your fingerprint and uses it without your authorization, know that a finger print is easy to obtain if someone intended to do so. Whenever you touch a smooth surface with your finger, it leaves a good enough print that someone can take using something as simple as scotch tape. It is so easy that a digitalized fingerprint it is not suited for anything that is supposed to be secure.
  It only makes sense to use your finger as a lock mechanism for mundane stuff you still don't want everyone to access on the fly.
  
  Think of a chain link fence some people put around their gardens or whatever. There you also have a door that is locked with something as simple as a padlock.
  It's not at all secure and can easily be broken into by using simple tools. But it does serve some purpose to deter some trespassers and stop them from just taking stuff that lies around your garden.
  Of course the more sensitive stuff you probably won't put into your garden in the first place. For that you may have a locker/safe.
55. Re:I can't imagine... by dcw3 · 2019-01-15 01:00 · Score: 1
  
  That only happens when crossing the international date line on a leap year, so you're good to go.
  
  --
  Just another day in Paradise
56. Re:I can't imagine... by dcw3 · 2019-01-15 01:05 · Score: 1
  
  Having just upgraded my iPhone to one with facial recognition, I've wondered if someone could potentially hold it up to my face to unlock it. Thinking TSA, a traffic stop, or even a nosey spouse or grandkid while I'm sleeping on the couch. I haven't checked yet, but I'm hoping I can at least change it to require the code as well.
  
  --
  Just another day in Paradise
57. Re:I can't imagine... by dcw3 · 2019-01-15 01:35 · Score: 1
  
  Considering how many people are beaten or killed by cops on the flimsiest of pretenses, sometimes even while officially in custody, without any consequences for the cop, that I'm not completely certain that "knowing your rights" is actually adequate defense against an "angry guy with a gun and a badge"
  Since your chances of that are much lower than winning the lottery (unless you purposely do something to attract their attention), it's not worth your time and effort to even think about it.
  
  --
  Just another day in Paradise
58. Re:I can't imagine... by Anonymous Coward · 2019-01-15 01:51 · Score: 0
  
  You might be surprised. I once had a locksmith try to pick my front door's typical Schlage deadbolt and he couldn't do it even after an hour of trying.
59. Re:I can't imagine... by quenda · 2019-01-15 02:34 · Score: 1
  
  It needs a duress code.
  Wink left then right, and it silently erases the phone, except for the decoy profile.
60. Re:I can't imagine... by v1 · 2019-01-15 02:52 · Score: 1
  
  Biometrics are trash from every angle.
  Not really, they've just got their own unique qualities.
  There are essentially three kinds of security:
  - "Something you know" : like a passcode
  - "Something you have" : like a key
  - "Something you are" : biometrics
  The BEST security combines all three of these aspects. That's when you see the general in the movie walk up to the big door, swipe his card (something he has), type a code into the pin pad (somthing he knows), and then scan his iris or face (something he is).
  Each method has its own benefits and drawbacks. Using more than one method at a time helps overcome some of the deficiencies, although it also negates some of the benefits. The big benefits of biometrics are ease of use and reliability. It's reliable in the sense that you can forget a passcode or lose a key, but you can't lose or forget your retina. Access to things you need to authenticate many times a day really benefit form biometrics because ease of use is a high priority. The low security of the method is less important for a cell phone, compared to say your house or car. Biometrics on a car would be a terrible idea. On a phone though, they make perfect sense. Then just imagine if you needed a physical object (like a key) to unlock your phone? But we're OK with that for a house or a car. But needing a key for an ATM is impractical and would be terrible for security, since many people need to use it. And low security of biometrics would also be a terrible idea. So we use a pin code/ (something we know)
  It's all about using the method of security that's appropriate for the application. There is no universal "best" type of security..
  Though it's useful to offer more than one kind of security, so users can decide what's appropriate for them. The average soccer mom will do just fine with a fingerprint scanner on her phone. A business's IT department will probably turn that off on their corporate phones, and enforce the phones to require long PINs. Same device, but different security/convenience requirements. Again, there IS no one best way. Pick the right tool for the job.
  
  --
  I work for the Department of Redundancy Department.
61. Re:I can't imagine... by Pascoea · 2019-01-15 03:59 · Score: 1
  
  That's not all you can use it for
  
  What else can you use it for?
  If you're afraid that someone may get access to your fingerprint and uses it without your authorization ...
  Think of a chain link fence some people put around their gardens or whatever.... For that you may have a locker/safe.
  I can't be the only one that read "that's not all you can use it for." as a sex innuendo... Can I?
62. Re:I can't imagine... by Pascoea · 2019-01-15 04:12 · Score: 1
  
  My company requires me to have a PIN code or other password on the device because my work e-mail is on there and it may contain sensitive information. (It doesn't, but that's not the point.) Biometrics allow me to follow company policy while maintaining easy access to my phone. I have a corporate duty to protect the "sensitive data" that's on my phone, but since I'm authorized to use the phone for "personal use" I wanted the extra layer of security of the secure storage locker that my company doesn't have access to.
  That being said, all of your points are 100% valid. I'm not looking to keep the authorities out of my phone, if they want in there they are going to get in there either via questionable means or by compelling me to give them access. (The legality of that is for the courts to decide.) My security posture has two goals: 1) Follow company policy (protecting "sensitive data") and 2) keep prying eyes out of my collection of sexy wife pics. You know, like when you hand your mother in law your phone to show her a cute pic of your dog only to have her start swiping around.
  
  And I don't want to.
  Good call.
63. Re:I can't imagine... by Immerman · 2019-01-15 05:07 · Score: 1
  
  You never have control over anything but your own actions, but those actions influence the probable actions of the people around you. You could be hit at any moment by a careless driver - but that doesn't mean you just ignore your own part and go wandering in traffic at night wearing black clothes. Heck, that's the entire point of wearing bright orange hiking gear during hunting season.
  Or, you know, maybe they don't actually kill you. There's a pretty good chance a bullet wound just causes serious pain over an extended period, large medical bills, and possibly permanent partial paralysis or other health problems.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
64. Re: I can't imagine... by Anonymous Coward · 2019-01-15 05:14 · Score: 0
  
  Do you live in North Korea or something? Where I live if you are arrested, you only say "I want a lawyer" and shut the fuck up. You don't have to provide the police with anything, not even your name.
65. Re:I can't imagine... by Immerman · 2019-01-15 05:43 · Score: 1
  
  Are they actually less likely to bypass that, than a much-lower-(time)cost-to-you biometric scanner though? Assuming they weren't specifically targeting you at least - in which case recording you entering your passcode is probably only a bit more difficult that getting your fingerprints (unless of course your phone had a nice
  I think such generally low-criticality security is exactly where biometrics make sense. They'll probably never be secure enough for places where security is truly important, except perhaps as an auxiliary layer. But as a lock for your "diary"? Sure. You're really just trying to keep out casual prying eyes and make sure a casual thief only steals the device itself and not your data. Once you're personally targeted by someone who knows what they're doing, your odds of staying secure are low unless you're truly paranoid. Of course, it you are personally targeted it's probably with good reason, unless it's just authorities flexing their power.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
66. Re:I can't imagine... by Anonymous Coward · 2019-01-15 06:11 · Score: 0
  
  bullshit.
67. Re: I can't imagine... by cellocgw · 2019-01-15 06:23 · Score: 1
  
  I would prefer a dual-OS system, so that I may use my thumbprint as usual for regular phone tasks, but also if I choose to enter into a sort of root access [to my life, not the OS] then I would indicate that via an on-screen slider, button, or even a physical button combo, which would prompt me for my password.
  Congratulation: you just re-invented sudo.
  
  --
  https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
68. Re: I can't imagine... by Anonymous Coward · 2019-01-15 06:42 · Score: 0
  
  What the fuck could you possibly be doing that would require you to check your phone 300 times a day. I hate to break it to you but very few people are actually that important where they have a need to do that. Most of the people who engage in that kind of behavior are incredibly Vain and are checking their phone 300 times a day because they can't go more than 5 minutes without looking at Facebook or Twitter. Nobody and I repeat nobody is important enough to need to check their phone 300 times a day
Tony Soprano could by OffTheLip · 2019-01-14 09:04 · Score: 4, Funny

obligatory: https://www.xkcd.com/538/
1. Re:Tony Soprano could by Anonymous Coward · 2019-01-14 09:51 · Score: 0
  
  Came here for this. Was not disappointed.
2. Re:Tony Soprano could by Anonymous Coward · 2019-01-14 10:10 · Score: 0
  
  I've memorized the comic number. Most articles become "omg relevant" by using the word crypto or password.
  Whether a $5 wrench or a dystopic government saying "you have to cause I said so" is the duress, the solution is to somehow remove yourself from being furnish-capable at all. Usually I describe that as "password mails itself off to an unknown contact, with instructions to not approach you" such that you're immune to legal voodoo.
  It's not entirely relevant to biometrics, but hey, seeing as we're already shoehorning.
Can't force but... by the_skywise · 2019-01-14 09:04 · Score: 1, Insightful

It's going to be really hard not to look at your iPhone if they hold it up quickly.
1. Re:Can't force but... by sunking2 · 2019-01-14 09:06 · Score: 2
  
  Or use the finger prints that they had no choice but to have taken when they booked you.
2. Re:Can't force but... by artemis67 · 2019-01-14 09:19 · Score: 1
  
  If you're that concerned about it, you can go into the Settings app and turn off "iPhone Unlock" by Face ID.
  You can still used Face ID with other parts of iOS that use it.
3. Re:Can't force but... by captaindomon · 2019-01-14 09:44 · Score: 4, Insightful
  
  Yep and then in both of these cases the evidence will be thrown out of court. The point isn't to stop the police from being physically able to do something, it's to take away the incentive. If using the fingerprints they gathered when they booked you to unlock your phone results in the whole case being thrown out of court for lack of admissible evidence, and a civil counter-suit quickly filed by the person who was arrested, the police are going to stop doing that. Quickly. As someone once said on this board, it's the Judicial version of "Judge Hulk SMASH."
  
  --
  Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
4. Re:Can't force but... by fustakrakich · 2019-01-14 09:55 · Score: 2
  
  Yep and then in both of these cases the evidence will be thrown out of court.
  Cops will just say you gave it up voluntarily. Then it's your word against theirs (unless the phone recorded it). Happy hunting for your lost rights.
  civil counter-suit quickly filed by the person
  Uh huh, Yeah, we all got plenty of money for that.
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:Can't force but... by sexconker · 2019-01-14 10:06 · Score: 2, Informative
  
  Cops will just lie. Best case they force you to unlock it, find out what you're doing, then get at that from some other angle, such as an "anonymous tip". Parallel construction.
  If you're not lucky, they'll beat you and force you to unlock it, then it's your word against 3 seasoned cops saying you unlocked the device voluntarily then reached for one of the cops's gun.
6. Re:Can't force but... by Anonymous Coward · 2019-01-14 10:16 · Score: 0
  
  inadmissible evidence
  Please. You might delay them, but once you're a POI or whatever hoohah they cook up at will, your privacy is only as good as your walls. Don't put faith in imaginary ones.
  Of course, at that point* the law sometimes-does-sometimes-doesn't entertain the idea that your POI ass can be forced to give out fresh biometrics anyway.
  *the escalated point at which they can use fingerprints from whatever fucking archive they want, Mr. I'd Win A Countersuit
7. Re: Can't force but... by Anonymous Coward · 2019-01-14 10:38 · Score: 0
  
  The average cop is not snooping in peoples phones. How many of these super capable phone cracking cops are walking around exactly?
8. Re:Can't force but... by spiritplumber · 2019-01-14 11:02 · Score: 0
  
  Why would three seasoned cops want to die for something so small? You make no sense.
  
  --
  Liberty - Security - Laziness - Pick any two.
9. Re: Can't force but... by sarren1901 · 2019-01-14 12:47 · Score: 1
  
  All it takes is a cop threatening to arrest you until they can get a warrant from a judge to look into your phone. That's enough for most of us to give in unless we know we are guilty. Who wants to waste all the time and money on even a book and release.
10. Re:Can't force but... by Immerman · 2019-01-14 14:03 · Score: 1
  
  Who said the cops lives were in danger? Other than them, to justify the fact that they beat the shit out of you.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
11. Re:Can't force but... by Anonymous Coward · 2019-01-14 18:06 · Score: 0
  
  It probably isn't that easy for them to clone the fingerprints and use them to unlock the phone. Legacy ink, can the fingerprint reader even use that without any actual finger pressure? Especially if the ink slightly smeared as the finger is rolled. (One can learn fingerprinting by taking Fingerprinting Merit Badge in Boy Scouts and need not be arrested). Digital fingerprints (e.g., LiveScan also used for some background checks)... if so then what is the minimum DPI required to print a fingerprint output and apply it with pressure so the fingerprint reaer can read it?
12. Re:Can't force but... by spiritplumber · 2019-01-14 23:52 · Score: 1
  
  The two things kinda go together.
  
  --
  Liberty - Security - Laziness - Pick any two.
13. Re:Can't force but... by Dixie_Flatline · 2019-01-15 04:01 · Score: 1
  
  In this case, there is literally no good way to secure your phone. If the police are going to beat you, they'll beat you until you give them your password, too. At least your phone was a more convenient object to have the whole time that you weren't under arrest for something so heinous that the police decided you were worth the risks of depriving you of your rights.
14. Re:Can't force but... by sunking2 · 2019-01-15 06:43 · Score: 1
  
  Except not really if the evidence that they see on your phone merely sends them in the direction to obtain it through other means. Take your address book or snap contact list for instance. It's not evidence on it's own, but now they have a list of people to go to to obtain evidence.
  If they can't unlock and use it anyway there's no reason not to go through it.
15. Re: Can't force but... by Anonymous Coward · 2019-01-15 06:47 · Score: 0
  
  Do you really live in a world where the police are just some like malicious body going out and killing civilians and lying about everything. Do you have a single thought beyond "police man bad"?
  At this point I'm convinced that you or someone in your immediate family had a bad encounter with police or else you wouldn't have such a bias against them
Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 09:05 · Score: 0

Shouldn't hold my breath, probably won't last long, Will get overturned soon.
1. Re:Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 09:21 · Score: 0
  
  Cops wont care they will use your fingerprint after beating you unconscious
2. Re: Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 09:25 · Score: 0
  
  Is it really true that cops could force you to do this before? It sounds unspeakably bizarre!
3. Re: Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 09:31 · Score: 0
  
  I really do not think so. And there is the whole problem of police identification. Either way, I would imagine there are no police who would do that.
4. Re: Wow.. Common Sense Prevails? by nospam007 · 2019-01-14 09:36 · Score: 1
  
  "Is it really true that cops could force you to do this before? "
  Force? No. They just asked: "Is this your phone?" And it unlocked as if by magic.
5. Re: Wow.. Common Sense Prevails? by AHuxley · 2019-01-14 09:58 · Score: 1
  
  AC most of the more advance police forces use words to attempt to fool the criminal.
  That the police can still somehow alter the legal options.
  Keep the smartphone secure and that's more years the state/federal system can add to crimes.
  Become an informant and everything is ok again.
  The person now nit a criminal is back out in their community having to support police work and bring in a lot of criminals.
  Putting in work for the police everyday for many, many years.
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re: Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 10:00 · Score: 0
  
  Haha good one. Seriously fucked up mind you have there
7. Re:Wow.. Common Sense Prevails? by bobbied · 2019-01-14 10:12 · Score: 1
  
  Shouldn't hold my breath, probably won't last long, Will get overturned soon.
  This was my first thought. The judge in question has limited authority and until this decision survives appeal it's only impacting a limited area.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
8. Re: Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-14 10:25 · Score: 0
  
  "Seriously fucked up mind you have there"
  Or you've never seen the seedier side of life. Yes, cops around the world have done, and will continue, to do just that.
  Maybe not as many as in the past, but there will always be some. Power corrupts.
9. Re: Wow.. Common Sense Prevails? by Anonymous Coward · 2019-01-15 06:50 · Score: 0
  
  Yeah dude totally unthinkable that the cops could force you to put your finger on a fucking phone screen. Totally fucking unbelievable that they can hold the phone in front of your face and have it automatically unlock itself. Oh the humanity!!
  You're an absolute moron. Neither of these activities cause duress of the person in question
Does it really matter in the long run? by Riceballsan · 2019-01-14 09:06 · Score: 3, Interesting

If I'm not misunderstanding, the police can still search the phone, if they can find a way in. This seems to say they can't force you to put your finger on your phone, but it doesn't sound like they can't try to figure out the code on phones they are able to bring into evidence. Unless I'm mistaken, that still seems like they can take your phone, run your prints... and I'm sure in a few years they could easily have a device to quickly 3d print the fingerprints onto some form of glove or something.
1. Re:Does it really matter in the long run? by cayenne8 · 2019-01-14 09:08 · Score: 2
  
  Unless I'm mistaken, that still seems like they can take your phone, run your prints... and I'm sure in a few years they could easily have a device to quickly 3d print the fingerprints onto some form of glove or something.
  Well, that still won't do them any good, if you do NOT use a biometric passcode, such as a fingerprint.
  They can try your prints all day long if you set a nice, complex passcode you have to type in.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
2. Re:Does it really matter in the long run? by Anonymous Coward · 2019-01-14 09:15 · Score: 0
  
  The underlying system is insecure, they go right around your "nice long password" trivially. Cell phones are not hardened systems, just consumer grade.
3. Re:Does it really matter in the long run? by fahrbot-bot · 2019-01-14 09:18 · Score: 1
  
  I'm sure in a few years they could easily have a device to quickly 3d print the fingerprints onto some form of glove or something.
  The Mythbusters did this a few years ago using a photocopy of a fingerprint stuck to their finger as well as using other methods. Perhaps the scanner technology is more sophisticated now, but I'm sure it can be still bypassed by less than casual attempts.
  
  --
  It must have been something you assimilated. . . .
4. Re:Does it really matter in the long run? by AHuxley · 2019-01-14 09:50 · Score: 1
  
  Software that can be found around the world will get in.
  Make the user click a link to push malware down.
  Once the police have the smartphone other products can be used to extract data.
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Does it really matter in the long run? by dissy · 2019-01-14 10:46 · Score: 2
  
  If I'm not misunderstanding, the police can still search the phone, if they can find a way in.
  
  From the second link above to the document by the judge, it seems the issue is the police requested a warrant for the phones of the two suspects, and it was both granted and forcing them to unlock the phones is fine.
  But the cops also requested a warrant to force every person also found in those homes that had nothing to do with the case nor were suspects, and the judge said no to both the warrant and said the cops can't force the unrelated people to do anything.
  Which to anyone with common sense this is how it *should* work.
  If the cops can't be bothered or have no reason for asking for a warrant they shouldn't be allowed to violate those peoples rights.
  If the cops ask a judge for a warrant and the judge agrees with it, they can force them.
  So this issue is mainly about illegal warrantless searches being reaffirmed as illegal.
6. Re: Does it really matter in the long run? by Anonymous Coward · 2019-01-14 12:55 · Score: 0
  
  Even a warrant does not necessarily allow them to force you to enter a passcode - this is still an unsettled area.
7. Re:Does it really matter in the long run? by Anonymous Coward · 2019-01-14 19:28 · Score: 0
  
  The underlying system is insecure, they go right around your "nice long password" trivially. Cell phones are not hardened systems, just consumer grade.
  If that were true, there would not have been a request to be denied in the first place.
8. Re: Does it really matter in the long run? by Anonymous Coward · 2019-01-15 06:55 · Score: 0
  
  Technically speaking the FBI can create custom malware and use that to exploit your device to gain information about you. Just like the nine pedophiles they had to drop charges against because they didn't want to reveal their custom Tor Browser exploit
Good ruling by Anonymous Coward · 2019-01-14 09:08 · Score: 0

Of course they will just spoof or circumvent anyway, but legally this precedent is good that you can't be compelled to furnish your own body without already being charged with a crime. That's key.
what if you had an I want my lawyer = auto wipe se by Joe_Dragon · 2019-01-14 09:14 · Score: 1

what if you had an I want my lawyer = auto wipe setup on your phone?
Homerun! by Murdoch5 · 2019-01-14 09:16 · Score: 1

Ignoring that fact that you should NEVER save sensitive or incriminating information on your personal mobiles devices, without employing some form of encrypted volume, this is a home run!
1. Re:Homerun! by DeputySpade · 2019-01-16 06:07 · Score: 1
  
  Actually it's more like a double. We still need the Supreme Court to bat the runner in.
  
  --
  
  This space intentionally left blank
2. Re:Homerun! by Murdoch5 · 2019-01-16 09:01 · Score: 1
  
  Fair enough :D
You mean like they already can do? by Anonymous Coward · 2019-01-14 09:19 · Score: 0

https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands
Re:what if you had an I want my lawyer = auto wipe by artemis67 · 2019-01-14 09:23 · Score: 2

I like to play survival video games. And I like to put traps in and around my bases.
9 times out of 10, the person who ends up getting killed by my traps is me.
This would not be a good solution for me.
How to crack a password w/o a $5 hammer by davidwr · 2019-01-14 09:25 · Score: 3, Informative

If the police put you under surveillance, it's likely they will see you unlock your phone at least a few times.
If they can catch you doing it from different angles, they can probably figure out what the passcode is.
Once they do that, execute the warrant, seize the phone, unlock the phone, then declare victory.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:How to crack a password w/o a $5 hammer by Immerman · 2019-01-14 14:21 · Score: 1
  
  $5 hammer is a lot cheaper and easier though. What, you want the enforcers to have to actually work for their results?
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
2. Re:How to crack a password w/o a $5 hammer by Anonymous Coward · 2019-01-15 02:29 · Score: 0
  
  It's a $5 wrench, actually.
Now by RickyShade · 2019-01-14 09:27 · Score: 3, Interesting

Now let's find a sane judge who will stand with the constitution and declare Civil Asset Forfeiture to be unconstitutional as it most certainly is.
1. Re:Now by apoc.famine · 2019-01-14 09:33 · Score: 1
  
  You don't read the news ever, do you?
  
  --
  Velociraptor = Distiraptor / Timeraptor
2. Re:Now by Anonymous Coward · 2019-01-14 10:31 · Score: 0
  
  Now let's find a sane judge who will stand with the constitution and declare Civil Asset Forfeiture to be unconstitutional as it most certainly is.
  Right there with you, but it won't happen - too much money being made by the cops.
  "For the children!!1!"
3. Re:Now by Anonymous Coward · 2019-01-15 02:27 · Score: 0
  
  You don't read the news ever, do you?
  wow, that was sooo useful, ass..
Re:Another Commifornia Ruling by b0s0z0ku · 2019-01-14 09:28 · Score: 1

Coward spotted.
American cops can't by PPH · 2019-01-14 09:32 · Score: 1

You are just asking for extraordinary rendition, aren't you?

--
Have gnu, will travel.
I disagree... by thedarb · 2019-01-14 09:32 · Score: 1

I am very much in favor of privacy and protecting your data, but I cannot see how a finger print, iris, facial, or other bio-metric unlocking method can be considered protected by the 4th Amendment. How is this different than a physical key you've been ordered to surrender? Only passwords / keys in your mind should be protected. I really don't expect this decision to withstand appeal. Never thought I'd be arguing *for* the cops, but really, this should be obvious.

--
This sig intentionally left blank.
1. Re:I disagree... by Anonymous Coward · 2019-01-14 09:41 · Score: 0
  
  Until this low-level decision, U.S. courts have always distinguished what you "have," e.g., biometric data, from what you "know," e.g., a password. The courts held that police can force you to surrender what you have during a search but cannot force you to divulge the contents of your mind.
2. Re:I disagree... by StormReaver · 2019-01-14 10:01 · Score: 1
  
  How is this different than a physical key you've been ordered to surrender?
  It's not, if the order comes from a judge through due process.
  Police are not judges, and a police demand is not due process.
3. Re:I disagree... by pauljlucas · 2019-01-14 12:30 · Score: 1
  
  I am very much in favor of privacy and protecting your data, but I cannot see how a finger print, iris, facial, or other bio-metric unlocking method can be considered protected by the 4th Amendment.
  That's because it isn't. It's protected by the Fifth Amendment.
  
  --
  If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Fecal sensor makes more and more sense by Anonymous Coward · 2019-01-14 09:39 · Score: 0

My patented fecal sensor is still the way to go. I introduced the idea over a decade ago and you guys laughed. But it would save you from this intrusive probing. Everyone's shit is unique! We can leverage this fact.
1. Re:Fecal sensor makes more and more sense by Anonymous Coward · 2019-01-14 10:12 · Score: 0
  
  Then they'd just lock you up and wait for you to defecate, maybe secretly give you some laxatives in your food.
Security isn't binary by Anonymous Coward · 2019-01-14 09:45 · Score: 0

Simply put, security isn't binary. I know that both my passcode and my iris are vulnerable to a $10 wrench. However, the cost of using the passphrase is a lot higher than the cost of using the iris, measured in millisecond/year.
Now, from a constitutional perspective, a passcode is something you know, while your iris and fingerprint are not something you know, they're something about you. If you tossed your fingerprint into the trashcan, that's certainly subject to a search warrant. Is your iris any more protected than your eye color? It's just more detail on the same thing.
The real question, and one that's very, very challenging, and supremely difficult to prove judicially, but must be answered is not "is providing a fingerprint equivalent to testifying against yourself" but "is refusing the passphrase a form of destruction of evidence?" The problem there, of course, is demonstrating that the evidence exists, but it's a valid question.
1. Re:Security isn't binary by Immerman · 2019-01-14 13:18 · Score: 1
  
  >"is refusing the passphrase a form of destruction of evidence?"
  I can't imagine how. It might be contempt of court, or even obstruction of justice, but unless you've got a script set up to securely wipe all data if you haven't logged in within a certain amount of time, nothing is destroyed. Except possibly by incompetent forensic hacking attempts hitting a built-in self-destruct limit, but I would think that that's on them, you had nothing to do with it.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
2. Re:Security isn't binary by Anonymous Coward · 2019-01-15 05:32 · Score: 0
  
  You've got software in there that has scrambled all of the evidence stored on your phone. You've attempted to destroy the evidence (you don't have to succeed, just have intent and action) by encrypting your phone and refusing the iris scan.
3. Re:Security isn't binary by Immerman · 2019-01-15 07:33 · Score: 1
  
  No, I haven't destroyed anything - I've just denied you access to it. The moment I change my mind, you can have access - the data will still be there. No different than locking it in an uncrackable/self-desctucting safe.
  If you have enough other evidence to convince a judge to order me to do so, then he can hit me with contempt of court penalties until I comply.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
What if authority unlock it 'accidentally'? by Anonymous Coward · 2019-01-14 09:49 · Score: 0

"Is this your phone? Take a look."
Not likely to make its way through appeals by Headw1nd · 2019-01-14 09:51 · Score: 5, Insightful

I seriously doubt this is going to survive appeal. Providing your fingers and face, for fingerprints and lineups respectively, is already considered non-testimonial and well accepted. That providing these to unlock a phone is objectively the same as a passcode is irrelevant, a physical key such as a dongle would have the same purpose and it seems to be established that you could be compelled to hand it over to the police. In fact it seems in this case that the law is specifically unconcerned with the objective, and only concerned about the means.
This does invalidate an earlier comment I made concerning using 3D sculpting to fool face recognition, I guess the government might need to look into it now. If this leads to a ridiculous chain where you cannot be compelled to look at your phone to unlock it, but you can be compelled to have your face 3D scanned so that a copy can be made and used to unlock your phone, then I will be disappointed but not surprised.
1. Re:Not likely to make its way through appeals by TheGratefulNet · 2019-01-14 14:48 · Score: 1
  
  I don't follow your line of thinking AT ALL.
  being fingerprinted and photo'd for booking is NOT the same as invading your whole life, which tends to be stored on your phone, these days.
  
  --
  
  --
  "It is now safe to switch off your computer."
2. Re:Not likely to make its way through appeals by Headw1nd · 2019-01-16 01:34 · Score: 1
  
  "Invading your whole life" is what a warrant is for. In this situation I am assuming a warrant has been issued to search the phone, thus we are only really discussing providing access.
3. Re:Not likely to make its way through appeals by flink · 2019-01-17 02:27 · Score: 1
  
  I seriously doubt this is going to survive appeal. Providing your fingers and face, for fingerprints and lineups respectively, is already considered non-testimonial and well accepted.
  I've always wondered that about lineups. In order for them to work, everyone has to stand there and act exactly the same so as not to bias the witness. Why doesn't the suspect just refuse to read the line given by the police or just jump around and point at one of the other participants and say "He did it!"?
Re:what if you had an I want my lawyer = auto wipe by Anonymous Coward · 2019-01-14 09:53 · Score: 0

Then you'd get charged with destruction of evidence.
Any time you think you've discovered This One Weird Trick that makes you immune to prosecution, you're wrong.
Re: what if you had an I want my lawyer = auto wip by Anonymous Coward · 2019-01-14 10:04 · Score: 0

Privacy.
Still works just fine.
If the redcoats want my cell by WillAffleckUW · 2019-01-14 10:09 · Score: 1

they can pry it from my cold dead hands.

--
-- Tigger warning: This post may contain tiggers! --
1. Re:If the redcoats want my cell by Anonymous Coward · 2019-01-15 11:15 · Score: 0
  
  I give your court order the finger! I stick my tongue out at you and waggle it around, you poultry-eyed English pig-dog! I fart in your general direction! Your father smelled of elderberries and your mother was a hamster!
Re:Another Commifornia Ruling by bobbied · 2019-01-14 10:14 · Score: 1

At least let me arm myself then... :)
IF you expect me to defend myself, don't take away the best tools I have to do the job. Thank you!

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
destruction of evidence for asking for an lawyer?? by Joe_Dragon · 2019-01-14 10:18 · Score: 1

destruction of evidence for asking for an lawyer?? will be hard to prove in court with out the Constitution issues killing the case and it can set a bad precedent.
Like the cops can say talk now or we burn the evidence and you get hard time for destruction of evidence.
Why not do both ? by nehumanuscrede · 2019-01-14 10:19 · Score: 2

Instead of the either / or aspect, why not the option to require both a biometric AND a passcode / pin ?
If the biometric AND the pin / passcode match you get access. If either fail, you don't.
What problems would arise from such a setup ?
Cell phones will never be secure, it's stupid. by Anonymous Coward · 2019-01-14 10:24 · Score: 0

"They're incredibly fuzzy, which leads them to being easy to fool" - But if you use enough metrics they're not easy to fool, that's the point. Using JUST a fingerprint or IRIS by itself is foolish. "True" biometric security is multi factor.
Re:Another Commifornia Ruling by zlives · 2019-01-14 10:24 · Score: 1

no body is denying you an education.
Odd ruling by superdave80 · 2019-01-14 10:35 · Score: 1

That created a paradox: How could a passcode be treated differently to a finger or face, when any of the three could be used to unlock a device and expose a user’s private life?
Paradox? That's an asinine statement. They are treated differently BECAUSE they are in fact different.
A word/phrase passcode is something that you have to say. Between that and the possibility that you don't know or don't remember the password, it made perfect sense to deny jailing people for not giving out their password.
You fingerprint and face are just... there. Cops take mug shots. Cops take fingerprints. Hell, cops can take DNA samples. Because they are just there and don't require you to incriminate yourself. I usually praise our court system for protecting our rights and privacy from overreach, but this one seems to make no logical sense to me.
1. Re:Odd ruling by Anubis+IV · 2019-01-14 11:54 · Score: 1
  
  Completely agree. I have no idea what the basis for this ruling is.
  From what the article says, the judge is suggesting that because both a passcode and biometric key can be used to the same ends, they should both be treated the same, which is utterly nonsensical. That's no different than saying that if you have a combination lock with a backup key, the cops can't compel you to turn over the backup key because they can't compel you to turn over the combination number. But a number is nothing like a physical key. One is testimonial, the other is physical. The act of collecting testimonial evidence speaks to your knowledge of the subject, hence why it cannot be compelled. Collecting physical evidence merely speaks to the facts of the case, such as whether it is in your possession or not. That evidence can be linked to other evidence that incriminates the perpetrator is the whole point of evidence.
  According to the logic I see a lot of people on Slashdot espousing, collecting biometric keys shouldn't be allowed because they can be used to unlock the phone, which may incriminate you, ipso facto: self-incrimination. The problem with that logic is that it disqualifies virtually any collection of physical evidence that originates from the suspect. After all, if they can't compel me to use my fingerprint to unlock a phone that would incriminate me, what's their basis for collecting my fingerprint to see if it matches one at the scene of a crime? I'd be incriminating myself, wouldn't I? For that matter, I don't think I should have to show my face in court, since I'd be "incriminating myself" by allowing a witness to recognize me. Likewise, how can they show security footage that may use my own image against me? Self-incrimination! And what's their legal basis for compelling me to provide a blood sample for a BAC test after allegations of drunk driving, given that they'd be using my own blood to incriminate me? The 5th Amendment protects me from having to provide a blood sample that they can use against me, doesn't it?
  Well, no, it doesn't. The fact that you have physical evidence in your possession that can be used to incriminate you does NOT mean that it's self-incrimination to provide it. That's not what the 5th Amendment protects you against. Not at all.
  Physical evidence is factual. It's evidence that exists, independent of your awareness, will, or participation. It just is, and officers with proper warrants are entitled to collect physical evidence in whatever way the warrant specifies, including collecting it via the sensors used in a device/evidence in their possession and/or comparing it to other evidence in their possession. If physical evidence you provide incriminates you in a crime, once again, that's NOT self-incrimination. That's simply incriminating evidence in your possession, no different than them finding stolen goods in your home or that your fingerprints match those at the scene of the crime.
  And for Slashdotters who don't like the fact that every other lower court case with this same ruling (e.g. in Illinois, as the article mentioned) has already been overturned by higher courts, then don't secure your devices using biometrics. Simple as that.
Re:Another Commifornia Ruling by bobbied · 2019-01-14 10:45 · Score: 1

Yea... Think 2nd amendment... Let me carry concealed in public w/o a license, after all, you admit to tying the hands of law enforcement, untie mine to compensate.
And I'm well educated already, but I'm working on my Master's degree now. None of that will reduce the risk from terrorists though. Nobody survived on 9/11 based on having a better education. In fact, some really well educated folks died that day.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Cops: "He tripped... by Anonymous Coward · 2019-01-14 11:15 · Score: 0

and fell on his phone, unlocking it... not our fault"
Re:Another Commifornia Ruling by zlives · 2019-01-14 11:19 · Score: 1

and having a handgun would have protected you how?
Re:destruction of evidence for asking for an lawye by Anonymous Coward · 2019-01-14 11:47 · Score: 0

Do yourself a favor and never commit a crime. You're not very good at it.
The act of rigging the self destruct switch that you can then activate on demand, then later when you suspect the device may be used as evidence activating it to destroy potential evidence is "destruction of evidence".
If anything that is worse than blatantly destroying the data when you see the cop coming as doing it ahead of time proves premeditation, and choosing a phrase that you are likely to say during an arrest proves intent to use it during an arrest.
Re:Another Commifornia Ruling by Anonymous Coward · 2019-01-14 11:51 · Score: 0

Even for an American, you are incredibly stupid, going to shoot down a jet with your pop gun?
Re:Another Commifornia Ruling by bobbied · 2019-01-14 11:58 · Score: 1

On 9/11? Oh I don't know... Stopping a high jacking, or at least ending it? Even if the crew is dead, I at least would have a chance of surviving being a private pilot. Or more to the place it would matter, when someone starts shooting up some place I happen to be, say a public school or a movie theater?
But I'm just asking for some consideration if you are going to take power from the police. You understand the trade right? Not that I should have to ask...

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Cops lie too... by sarren1901 · 2019-01-14 12:25 · Score: 1

The feds/police will still do it but if you complain they will say you were asked and complied. No force needed. Your word against theirs. Judge probably knows the cops on a first name basis. Who do you think he believes?
1. Re:Cops lie too... by Anonymous Coward · 2019-01-15 00:42 · Score: 0
  
  Well, if I'm on a jury and the cop says permission was given and the defendant says they didn't give it, well, I'm going to assume the cop placed the defendant under duress and will likely find the person innocent if the court still allows the evidence.
  Jury nullification really is an important tool to use to keep the courts honest.
Re:Another Commifornia Ruling by Anonymous Coward · 2019-01-14 12:54 · Score: 0

No dumbass, he would of been one of the defenseless passengers that could of shot the fucking terrorist before they were able to get control of the plane.
Re:Another Commifornia Ruling by zlives · 2019-01-14 13:00 · Score: 1

it has never been about a question of police power, if you stand behind the 2nd amendment, then you should also realize why it was there in the first place, as in to curb the power of the government by a militia.
having the weapons available to you (assuming you are mentally stable) means they are also available to a wider audience which inevitably leads to more gun violence. Case in point, USA.
that really even is not the point. the real point is that you are equating civil liberties that a government may violate to be answered by the threat of violence against a party not involved in the argument.This by using the somewhat ludicrous argument against the powers of the said government ( 2nd amendment). I say ludicrous as there really is no equivalent to military power in civilian accessible hardware. In the end it would always come down to the concious choices each one, military or civilian, must make about use of such power.
as I said, education...
but perhaps even i digress to much and thus have lost all interest in this conversation.
Re:destruction of evidence for asking for an lawye by Anonymous Coward · 2019-01-14 13:33 · Score: 0

destruction of evidence for asking for an lawyer??
No, you moron. Destruction of evidence for wiping the device that has evidence on it. It doesn't matter what phrase you set up as the trigger. If anything, picking that phrase would just save them the trouble of proving intent, since it's a phrase you would expect to use as a criminal suspect.
That would be like rigging a bomb to go off when you spoke the phrase "I accept Jesus Christ as my personal lord and savior", and then expecting to be let go because golly gee all you did was express your sincere religious convictions, what is this communist Russia?
Biometrics is fine on android by Anonymous Coward · 2019-01-14 14:07 · Score: 0

As most apps support 2nd level login like gallery and sms etc
Re:Another Commifornia Ruling by Immerman · 2019-01-14 14:16 · Score: 1

So, you need a gun to take out a few assholes with box-cutters?
The only reason the early hijackers were able to get away with anything was that it was official policy to let hijackers have the plane, so that everybody could walk away safely when it eventually landed. Once the result of the early hijackings hit the news, the later attempts were foiled by the passengers. And shortly thereafter the only necessary increase in security was made - locks on the cockpit door. Everything else has been security theater, either to make people feel safer, or, if you're cynical, for the purpose of getting people used to living in a police state.
Besides which, it's not like it's particularly difficult to get a gun license in the U.S. - like a drivers license the purpose is primarily to make sure you know how to handle it safely, and (increasingly) aren't a violent criminal or otherwise mentally unstable. If you can't get a license, then the odds are that you'll do a lot more harm than good with a gun.

--
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Sort of moot if theres a warrent by Dusanyu · 2019-01-14 14:46 · Score: 1

If they have a warrant to get search the content of your phone they will get in or else you will face further charges. It is genneraly a good idea just to comply and unlock a device if a proper warrant is issued for the contents of your phone.
1. Re:Sort of moot if theres a warrent by Anonymous Coward · 2019-01-15 01:11 · Score: 0
  
  Not necessarily. The reason you aren't required to hand over your password is because of the 5th amendment and not being required to incriminate ones self. If the justification for this is that all logins are equal, then the judge is implying that this would be 5th amendment protected as well. And if that's the case, a court cannot order you to unlock it for any reason, as that would be a violation of your 5th amendment rights, warrant be damned.
  They can still search the phone, but you aren't required to help them search it, it's up to them to figure it out without your aid.
I use biometrics... by The+Raven · 2019-01-14 18:07 · Score: 1

...because typing my 14 character pin every time I want to unlock is pretty excessive, since I lock my phone every time I turn it away from me.
If I ever need to turn my phone over to the police, I'll simply reboot it. Biometrics are disabled until you log in normally, so they can force mo to stick my finger on it all they like, it won't help.

--
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
inverse of nothing to hide... by Anonymous Coward · 2019-01-14 21:44 · Score: 0

authoritarians and cops love to say "if you've got nothing to hide, then you've got no reason to fear search/questioning/etc"
which my response is "if you think you've got a real case, then you've got no reason not to get a proper warrant"
so that should be the real answer, just get warrants for everything, and yes it will take more time, but then you'll have the security of knowing your evidence won't be thrown out, no matter how unlikely you think it may be
related, I think cops should make you have a lawyer present for any questioning whether you ask for one or not, that would also save them cases being thrown out or being accused of "beating" it out of them
they don't need it by sad_ · 2019-01-14 23:51 · Score: 1

They don't really need your biometric passport to unlock your phone, they have other ways to get to the data.

--
On a long enough timeline, the survival rate for everyone drops to zero.
Re:Another Commifornia Ruling by bobbied · 2019-01-15 01:08 · Score: 1

So, you need a gun to take out a few assholes with box-cutters?
Yes. I'm not looking for a fair fight in this case, just a quick one.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
of course. by Anonymous Coward · 2019-01-15 02:22 · Score: 0

ALl THESE THINGS are extensions of aspects of life that are already protected!
The idea of protecting privacy and individual rights is a concept that transcends technology, this shouldn't even be questioned.
Email is an extension of mail, your phone that is LOCKED WOTH YOUR FINGERPRINT is like a safe or private storage. It's a blatant abuse to disregard the protections already in place for this stuff.
What's Actually Going to Happen by Anonymous Coward · 2019-01-16 04:30 · Score: 0

You do realize that they'll just put the suspect in a head lock, point his camera at his face and then stand in court with one hand on a Bible and swear, "We don't know what he's talking about, Your Honor. He gave us the passcode for his phone".