Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."
The legal situation is more complex and nuanced than the headline implies, so the article is worth reading. This adds another ruling to the confusing case history regarding forced biometric unlocking.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.6K Comments
- Modlog
If you were dumb enough to put your thumbprint into the phone in the first place then they already have it and they can access it through the modem. The courts are playing a kabuki theater or cabaret skit.
they can access most phones through modem exploits regardless of whether you have fingerprint.
You sure about that? Isn’t the hash stored on the secure element? I don’t doubt some right high rolling actors can get in there but it doesn’t sound that trivial.
It’s a real shiny kit you could say. The password is Wash too. Says so in the comics even though they know it ain’t the same as him.
Enter pin
“I don’t know what happened, it’s the right code, might be broken.”
That pin was device self sanitiziation trigger for preventing information from falling in the hands of the enemy.
Then buy enough claymores to make sure there will not be a second encounter with enemy forces.
I really wish the GrapheneOS devs would add duress passwords…
A duress password to remove selected profiles would be amazing. So it still unlocks but quietly removes the profiles you are worried about.
Not even remove them, honestly. Just unlock the phone into a sanitized, honeypot account that has no access to the secured accounts contents!
If you do go digging you would get caught. Safest way is removal in those situations. I rather have some data removed which preferably I have backups up. Then have to risk jail time in some country.
Not as part of core GrapheneOS, but an app called “Private Lock” can detect sudden force via accelerometer and disable the fingerprint based unlocking for next unlock.
But yeah, an erase passcode feature with opening a decoy profile would be a great feature to have.
E: grammar
That’s exactly right, I and it works like a charm.
This may be the first time a federal ruling has been made but I don’t know if it applies to state crimes. Many counties across the nation have ruled one way or another.
SCOTUS once ruled law enforcemeny cannot compel you to unlock a device at all and cannot access your phone without a warrant, but I don’t know if that is current. Police can legally lie to you (and beat you with a $5 wrench and pronably get away with it in court).
They also have strong phone cracking packages despite FBI’s lament about evidence locked away in seized devices.
Generally, do not consent to searches or cooperate without a lawyer present. Expect everything an officer tells you is intended to mislead. They will even lie in court to the judge.
@TaviRider@reddthat.com
First order of business: never enable the thumbprint lock on your phone.
Second order of business: never conduct any sensitive business or communication with a mobile phone.
Third order of business: use a very strong passphrase to lock your phone.
Fourth order of business: understand that all your phone calls and text messages are hoovered up into spook databases.
This is one of many reasons you should use a password of some kind that you keep inside of your head to unlock your phone rather than a biometric that people can use to unlock it against your will.
Or just use lockdown mode in android to force phone to only unlock with password
How is that different from the usual way of having a password as your way of accessing your phone?
Its temporary. Just something you can quickly switch on in case of an interaction.
lockdown mode is a button that comes up with the power menu. they mean turn it on when you’re pulled over or whatever
Logically, seems less safe
Practically, I DO miss unlocking the screen with my thumb 🤣
???
Not if I cut off my thumbs first.
j/k I use a password.
Eh, I never stopped using a password for this exact reason.
I think this solution is way too impractical for most people, who tend to unlock their phone many times a day.
Yeah, that’s the cost of good security practices. You always sacrifice convenience.
I wish I could have a fingerprint and a pin with a limited number of attempts. Plus a password after like three failed pin attempts. I think that would be a pretty good balance between security and convenience.
I mean, it is annoying. But it’s security. Don’t want people having access to your device, remove all possibility someone CAN.
But it is annoying, we shouldn’t HAVE to do this. Privacy should be baked right into our daily lives and not clawed out with tired hands every chance we get.
Yeah. The huge legal distinctions between different ways of unlocking a device seem absurd. Comprehensive privacy legislation would help.
deleted by creator
This isn’t new. I’ve been on the passcode to unlock train for a long time because of this. It’s only news in that it’s been codified by the court. You can’t be compelled to reveal info.
On iPhone: press and hold the lock button and either volume button for 1-2sec. It’ll force a passcode despite biometrics.
Or use wrong finger for multiple times untill its locked out with pin password
I hate Siri, but you can do a “Hey Siri, whose phone is this?” and it will force PIN unlock. Great if you aren’t able to physically touch the phone.
You can also turn your phone off. Phones require a passcode after booting up.
Careful locking your device before the cops get there. It could be considered tampering with evidence.
Even if this is true, and I’m not arguing that it isn’t, if you’ve committed a different crime with a worse punishment, you’ll have to take that into consideration.
In the States police can bust you on false charges and it will typically (but not always) fly in court.
They also have strong phone cracking software, despite what FBI says about piles of evidence locked away in phones.
Evidence is not a thing until you are at least accused of a crime or detained.
That’s not completely true. In most states if they are knocking down your door with a search warrant and you flush a kilo of heroin down the toilet, you’re getting an evidence tampering charge that will hold up in court.
They would have to prove beyond a reasonable doubt that you only flushed it after hearing them knock on the door.
There’s a whole lot of caselaw surrounding this, and they will get someone to destroy the pipes to find out when they were flushed (their word goes, good luck finding someone impartial to say that wasn’t what happened). I wish court cases were built on 1’s and 0’s like computer code but that’s just not the way the world works.
https://www.augustachronicle.com/story/news/2011/05/27/evidence-recovery-can-be-dirty-job-police/14540952007/
Got any evidence to back that up?
Not anymore, they tampered with it
🤣
Source: his arse?
Even then, in his arse, they’d have to prove the person locked it.
But what’s worse, getting a tampering with evidence charge, or giving them everything?
Still would like to see his source.
The source:
For iphone brothers and sisters (courtsey of rpcameron)
A number of Android phones support most of this functionality. Unfortunately, you have to actually click on a “Lockdown mode” button after long pressing power+volume-up. Hopefully Google catches up here.
Another benefit to this is that the USB port goes into a restricted mode that only allows for charging, and you can still use your cameras to record while it’s in this mode.
you could also just do basically the same thing with Android, but instead of locking it you just turn it off and it’ll be locked the same way when turned back on.
Memorize and practice this! You can do it in 2 seconds.
This has been a theory for a while, just not sure it was a specifically ruled precedent. The notion being similar to how they can force fingerprinting but not testimony. Access to a physical lock or location you can’t simply say ‘stay out’ but they can’t force you to divulge a password since it’s a thought in your mind.
Also, relying on biometrics is terrible, quick but immutable keys are a big no-no.
Hmm, is there an app/feature where if I use my thumb-print instead of say, my fore-finger print, it wipes the phone instead?
deleted by creator
I looked into it a few years ago. Eg left thumb locks biometrics and requires pw (thus saving you from this particular law) . Right thumb just unlocks like normal.
Back then it was impossible, because biometrics couldn’t differentiate between fingerprints for lord knows which security reason.
No idea if there is a solution for this already, but imo it would be a very important security feature.
Tasker does this on android and the event can be chained to launch scripts and apps.
@Lycist
For convenience, I use biometrics to unlock a few apps. But I haven’t found a way to do that and be able to use only pin to unlock the phone (android)
@TaviRider
Reminder that on an iPhone, if you hold the Volume Up and Power buttons simultaneously for several seconds, the phone will vibrate and will require the PIN or password next time you unlock it, not Face/TouchID. This happens whether the screen is on or off, so you can discretely do it in your pocket.
Or just use pin all the time, no face or fingerprint.
And then some random dude takes a peek at you entering said password, and steals the phone :/
GrapheneOS has an option to scramble the numbers on the unlock screen. I don’t know if that’s a base android thing or available on IOS
Correct. Not sure about iOS either, but many custom roms can, e.g. divestos, probably resurrection remix used to have it back when it was a thing (not sure here, but I distinctly remember having this feature somewhere before graphene)
In order to turn off the Find My iPhone functionality, you need the Apple ID password, so this isn’t even a real concern. You can even remotely lock the phone with a new password. Apple has made stealing an iPhone and making it work afterwards very hard.
The idea is usually to access the victim’s banking app, or 2fa app, etc, AFAIK.
Both of those require their own password or biometrics, so you couldn’t access those either.
Idk about iOS, but android lets you add a fingerprint using the lock screen password
When changing biometric data on the iPhone, it locks you out of using it in other apps, making you put in your bank/other specific password.
Basically every Android also has a variation of this
Absent an idiotic carrier/mfg skin that disables the feature, you just long-press power then click “lockdown”.
Or reboot the device. Rebooting the device will also leave it encrypted if your device has encryption (the PIN/password is needed to decrypt, essentially).
Nope.
Samsung A50 doesn’t have this option.
Will keep an eye out for it though.
You need to enable it. “show lockdown option”
My Samsung A11 (android 12) has a “lockdown” option when you held the power button. It would turn off all biometrics and hide notifications. You may have to dig in the settings to enable it, though
If you don’t, just force power restart it. You can search this up online for your model.
https://www.hardreset.info/devices/samsung/samsung-galaxy-a50/softreset-second-method/
Depends on the rom. It’s in Android since 9. Samsung definitely has it, but you have to enable it
I didn’t realize how many people didn’t know this so someone should probably post a PSA and quick guide in c/Privacy.
Without having to look at the device?
Nope :(
So you know what it is? I just tried both volume keys and all I got was TalkBack (Google’s screen reader).
it’s called lockdown mode. on my phone you press and hold the power button and select the option. you might have to enable this in settings.
I find it a little useless since you can also shut it down or force restart (continuously hold power button until it restarts)
Holy connoli, you are right! I just enabled it.
At least on my phone, rebooting also makes it require PIN
Yeah, that’s right. Which is fucking annoying, to be honest.
Not sure about all phone models, but at least with mine, if I switch it off then it requires a PIN, rather than biometrics, upon being switched back on. Thus if the police arrive, immediately switching off your phone could be a sensible thing to do
On iPhone, maybe Android too, you click the power button 5 times and you have enter the pin.
Watch out I guess, because that opens the Emergency SOS page on my OnePlus phone and, if I have an additional setting toggled, automatically phones emergency services… the phone does not lock
Also, just going to the power off slider screen will force a passcode reentry.
On my phone, it gives a 5 second delay before making an SOS call.
press and hold the lock button and select the option to enter lockdown mode. lockdown mode requires the PIN.
this might be an option in settings if yours does not have it enabled already.
Ditto. That gave me quite the fright!
Restarting phone as well so the same thing
Use. Lockdown. On. Your. Phones. It is easy and prevents legal shitbags from literally forcing your hand.
I just wish you could setup logic for this. Pulling out your phone to hold the power button for 3 seconds and then tapping the lockdown button is slow, very obvious, and likely to be prevented by an attacker.
Would be great if I could set it up to lockdown on a specific finger, or a specific number of presses on an analog button. Or even like if I leave a WiFi network or some other arbitrary condition.
This article and similar threads keeps popping up in my feed, so I’m going to keep spreading this tip around. (I’m using Android.)
I use tasker to automatically lockdown my phone based on accelerometer and Bluetooth. A sharp tap to my phone or being disconnected from Bluetooth is enough to lockdown my phone and disable all biometric access. I dialed in the sensitivity so that it doesn’t take much, just a tap on my pocket, being set down a little too aggressively, pulled from my car and thrown to the ground is all it takes. I set it to notify me with a quick vibrate when it does this for a little added confidence that it is behaving as expected.
For a little added effort I can have tasker snap a photo that gets backed up to the cloud any time there is a failed unlock attempt, just be prepared for some unflattering photos of yourself looking like an aging male boomer posting selfies to the facebook.
Will check it out, thanks for the tip.
EDIT: It’s closed source, $4/license with a 7-day free trial.
Do you mind share it?
deleted by creator
I like using a specific finger. Guess which one wed all pick 😂
Lol.
I’m right handed… But I almost always use my left index to unlock, so that’s what’s set.
Be funny to watch police force me to use my right index…