Cops Can Force Suspect To Unlock Phone With Thumbprint, US Court Rules

An anonymous reader quotes a report from Ars Technica: The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law. The US Court of Appeals for the 9th Circuit had to grapple with the question of "whether the compelled use of Payne's thumb to unlock his phone was testimonial," the ruling (PDF) in United States v. Jeremy Travis Payne said. "To date, neither the Supreme Court nor any of our sister circuits have addressed whether the compelled use of a biometric to unlock an electronic device is testimonial."

A three-judge panel at the 9th Circuit ruled unanimously against Payne, affirming a US District Court's denial of Payne's motion to suppress evidence. Payne was a California parolee who was arrested by California Highway Patrol (CHP) after a 2021 traffic stop and charged with possession with intent to distribute fentanyl, fluorofentanyl, and cocaine. There was a dispute in District Court over whether a CHP officer "forcibly used Payne's thumb to unlock the phone." But for the purposes of Payne's appeal, the government "accepted the defendant's version of the facts, i.e., 'that defendant's thumbprint was compelled.'" Payne's Fifth Amendment claim "rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination," the ruling said. Judges rejected his claim, holding "that the compelled use of Payne's thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking." "When Officer Coddington used Payne's thumb to unlock his phone -- which he could have accomplished even if Payne had been unconscious -- he did not intrude on the contents of Payne's mind," the court also said.

This has been known for ages

[rsilvergun]

if it ain't in your head they can use it.

Police don't even need this

[Morromist]

There have been plenty of examples of people using various materials to fake a thumb and then add someone's print to it and unlock phones. They could easily get someone to manufacture devices that do this.

Because the authorities don't even need to attack the constitution to unlock phones with thumbprints I can only guess they are doing it because it pleases them to dimish our rights.

Re:

[DamnOregonian]

You have no such right.
You have a right against self-incrimination. You do not have a right to obstruct justice.

Re:

[ls671]

Indeed, I would never force anybody to do anything, it's against my religion. So, I just cut their thumb off to access their phones.
-agent William Bumbray https://www.infocrimemontreal.... [infocrimemontreal.ca]

Re: Police don't even need this

[saloomy]

Why you should (if you own an iPhone) lock it with 5 clicks when doing things like going thru security lines or getting pulled over. Always. It requires the pin to enable touch or Face ID.

Re:

[volcan0]

On android it is called lockdown mode and can be activated from the power button long press menu

Re:

[DamnOregonian]

Why not just avoid using the biometric crap entirely?

That's the solution. Having biometrics is equivalent to having a physical key.

We know that's protected the most to date.

And rightly so. Physical keys have never been protected.

Ultimately, all that will ever stand between you and anything you've got protected by a key, is the 4th amendment. A warrant.
If you're worried about a judge granting a warrant to go through your shit, you need shit that doesn't have keys. Then you'll be protected by the 5th amendment.
Of course, then you've entered a whole new territory of not-fun.
Hiding evidence, exculpa

Re:

[Loki_1929]

Having biometrics is equivalent to having a physical key.

Fingerprints specifically are a password you can never change that you leave copies of everywhere you go. It's the worst possible "security" imaginable. It's just convenient.

Re:

[DamnOregonian]

For sure. The idea that any physical part of your body is a "secret" is pretty laughable on its face.
As you said, it's convenient to touch something or look at something, but it's by no means anything remotely approaching secure, no matter what the marketing material says.
If for no other reason than you don't even need the $5 pipe to get someones credentials, just a guy to hold him down.

Re:

[volcan0]

You are gonna have to more specific about what they did, that link is not very forthcoming.

Re:

[ls671]

He didn't do anything wrong, it was just an old meme joke. William Bumbray used to make messages on TV aired during commercial breaks aimed mostly at kids, the "kids, don't do drugs" style so it has become folklore.

   

Re:

[dnaumov]

You have no such right.

You have a right against self-incrimination. You do not have a right to obstruct justice.

What a bright idea. Lets just beat you up until you confess, right? You don't get to obstruct justice!

Re:

[DamnOregonian]

That's literally what the 5th amendment was written to prevent- compelled confession: "nor shall be compelled in any criminal case to be a witness against himself"
You're trying to equate preventing police from obtaining evidence with compelled confession. That's either disingenuous, or stupid. I'll give you the benefit of the doubt and call it the latter.

Re:

[mspohr]

Unreasonable search and seizure... you need a search warrant.

Re:

[DamnOregonian]

Correct.
Which is the 4th amendment, not the 5th, and is also not being argued by anyone, or "the troglodyte judges"

The police concluded that they did not need the warrant, because defendant was a parolee.
Court agreed, as caselaw has determined long long ago, that parolees are not free citizens, they're just those out of prison early.

Re:

[OrangeTide]

I'm pretty sure assault is still illegal, even for a cop. Although with qualified immunity it is possible that no one will be held responsible for the assault.

Re:

[mspohr]

Without a search warrant?

Re:

[DamnOregonian]

Of course not. You are protected against unreasonable search and seizure. A warrant would absolutely be required, just as it is for the police to collect your blood.

A warrant was not required.

[www.sorehands.com]

I was thinking the same as, but I RFAd and read the case. Under Rodriguez v. United States, 575 U.S. 348 (2015), the Court ruled that a search warrant was required. However, he was a parolee, and as a part of his parole, he was subject to warrantless searches. His condition of parole included :

"You shall surrender any digital/electronic device and provide a pass key/code to unlock the device to any law enforcement officer for inspection other than what is visible on the display screen.

This includes any d

Re: Police don't even need this

[AcidFnTonic]

My brain obstructs it just fine

Re:

[DamnOregonian]

Correct- and that's protected.
Nothing physical that can be collected is.

Re:

[DamnOregonian]

I'd say yes.

It's physical evidence. It's the same as writing it down.
Would you deny law the right to collect things people had written down?

I'll grant you that you could have your legislatures pass laws protecting "brain dumps in readable media", but it's pretty absurd to think that the Constitution protects it.

Re:

[codebase7]

By definition a right against self-incrimination is a right to obstruct justice.

If you are actually guilty of a crime, and the only evidence that will convict you is in your head, then by willfully withholding that evidence in your head you are actively obstructing justice.

Future /. article: The Fifth Amendment ruled irrelevant by The Supreme Court after invention of computerized forced memory (insert....er) extraction device.

Re:

[ledow]

I have nothing worth hiding, but I have an even simpler method:

Don't put incriminating things on your phone.
Don't use biometrics AT ALL. Literally just turn them off.

My bank app tries to remind me every 6 months or so and I just dismiss it. Google also seems to think that I can "pay" with a biometric as an option whenever I buy an app or book on their apps... which is interesting because I've literally never given them one. Selecting the option wants me to enroll a fingerprint using my Google password.

Re:This has been known for ages

[AmiMoJo]

PROTIP for Android users, and I think iPhones have something similar.

Press the power button 5 times rapidly to enable "emergency mode" or whatever they call it. Biometric unlock will be disabled and you will have to enter your password/PIN to access the device again.

You can configure what else it does. I think the default is to call the emergency services, so you might want to disable that. You can have it record video and text people too.

Re:

[henrik stigell]

Emergency mode doesn't disable the biometric lock on my Oneplus.

Re:

[AmiMoJo]

Did you let the countdown hit zero? Try setting it to record an emergency video. Once it starts it usually asks for your password to stop the recording. Otherwise it must be a OnePlus thing.

Re:

[AmiMoJo]

Try holding the power button down. You should get a menu, if not you can probably change it to the menu in the shortcut key settings.

One option is "lockdown" on most devices.

Re:

[swillden]

Press the power button 5 times rapidly to enable "emergency mode" or whatever they call it. Biometric unlock will be disabled and you will have to enter your password/PIN to access the device again.

I don't think this is true. If you enable emergency mode video recording you have to enter your PIN to end the recording, but biometrics will still unlock the lockscreen. While the recording is going, hit the power button to activate the lockscreen, which will be unlockable with biometrics. You can also swipe up from the bottom (assuming gesture navigation) and switch to other apps. The device is not locked and not in lockdown mode while in emergency mode.

What you can do is press power and volume up to

Clickbait title, nobody read the article or...

[leptons]

Nobody read the court judgement either.

This is about a parolee who's condition of parole was that he must allow law enforcement to gain access to his phone whenever they want. This is not a normal person doing normal things, this is a parolee who agreed to allow law enforcement into his phone as condition of his parole.

The word "parole" is mentioned 99 times in the judgement. This is strictly about whether or not a parolee must allow law enforcement to access their devices.

https://cdn.ca9.uscourts.gov [uscourts.gov]

Re:

[DamnOregonian]

Not quite that strict.
The judgement discussed the 4th amendment implications.
The police argued it was allowed because the parole allowed them to violate the defendant's 4th amendment rights- the court agreed.
However, that does confirm that only the 4th amendment stands between them and compelling you to provide biometrics. (i.e., a warrant)

Which shouldn't come as a surprise to anyone, but strangely enough, it is, because most of the people on here have no fucking idea what the 5th amendment actually is

They can have my smartphone when

[davide marney]

They can have my smartphone when they pry it from my cold, dead fingers. Oh. Wait.

Who you are; Something you know

[Rinnon]

I've long held that the use of biometrics to replace passwords is a mistake. The classic "username" and "password" combo provides two pieces of information in order to verify identify: who you are, and something you know. A thumbprint, or an iris scan, more accurately represents who you are than something you know; so using those to replace your username would make sense... but using them to replace your password seems like a bad idea.

Re:

[sarren1901]

I could see using "Who you are" AND "Something you know" together but I wouldn't think using "Who you are" as the password would be a good idea either. This article just highlights one of the reasons.

People are very lax on security though, so what do you expect.

This is old stuff!

[bussdriver]

It may not have gone up higher in the courts but rulings from decades ago already properly handled this stuff. If it's public info you broadcast lacking the reasonable expectation of privacy then it's totally fair game. You broadcast your fingerprints all over the place and it's been used for centuries so the idea you somehow own rights to them to prevent their use is nearly beyond academic ..venturing into the impractically absurd.
The same "reasonable expectation" measure applies to most stuff. Biometric

Re:

[penguinoid]

The 5th Amendment isn't about public vs private stuff. It's because at the time it was common to torture people until they confess. Passwords are an interesting case because they can't be a false confession; but confessing that you know the password is confessing that you have access to the account, but the stuff protected by the password is physical evidence and not a confession. There's been cases of people being compelled to share their password after admitting they know it. And biometrics are physical e

Re:

[bussdriver]

The Fourth Amendment is more relevant here and was part of the rulings I read about decades ago on these matters. Fingerprints were totally fair game before computers; no court order required and DNA shouldn't require one (but does if taken off your person while taking a fingerprint off your person is different.)

Biometric is Worse

[Kunedog]

A thumbprint, or an iris scan, more accurately represents who you are than something you know

Years ago a slashdot comment noted that those things are something you have, like a key or fob. But they are starkly inferior, because they can be copied/faked with sufficient tech and effort, cannot be hidden, and cannot be "rekeyed."

The last two points are probably what make it attractive to those who would force it as a means of control for them, under the guise of security for you.

Re:

[NotRobot]

I've long held that the use of biometrics to replace passwords is a mistake. The classic "username" and "password" combo provides two pieces of information in order to verify identify: who you are, and something you know.

While I 100% agree with your overall sentiment, your terminology is slightly off.

By definition, the three main method categories used to authenticate a user are:
who you are = Attributes of the user, in practical terms mainly biometrics: face, fingerprints, voice, etc.
what you know = Something known by the user, including user ids, passwords, PIN codes, host addresses, etc.
what you have = Something the user has, such as a token generator, a smart card, etc. Also, this should be something that cannot be trivi

Re:

[Rinnon]

You've captured what I was getting at better than I did. Thanks!

Re:

[tlhIngan]

I've long held that the use of biometrics to replace passwords is a mistake. The classic "username" and "password" combo provides two pieces of information in order to verify identify: who you are, and something you know. A thumbprint, or an iris scan, more accurately represents who you are than something you know; so using those to replace your username would make sense... but using them to replace your password seems like a bad idea.

Except that the truth is far worse. The reason phones use biometrics is b

Re:

[rastos1]

I've long held that the use of biometrics to replace passwords is a mistake.

That would be because biometrics is "identification" and that alone is not not enough for "authorization/authentification".

Re:

[nicubunu]

I don't think username is by any way who you are. There are two scenarios: 1. list of users on the device is public (default on Android, Windows, etc.), where anyone know your username, so is not something you are and 2. list of users on the device is secret, so it simply a second password, something you know.

Re:

[Tom]

The classic "username" and "password" combo provides two pieces of information in order to verify identify: who you are, and something you know.

Actually, it doesn't. Nothing in the username field has anything to do with identity. I can enter whatever I want there, or where it is an e-mail I can just enter whatever I want followed by @gmail.com once I've registered that as my e-mail account.

These are not two differen things. There's no actual difference between "username+password" and "password1+password2".

but using them to replace your password seems like a bad idea.

Only because passwords are such a stupid idea.

I want my biometric devices to have a distress function. Like "if I try to log in with THIS finger,

Re:

[thegarbz]

I've long held that the use of biometrics to replace passwords is a mistake.

For what? Who I am is more relevant than what I know for the vast majority of transactions I have. Phones have functions to lock out biometrics, simply rebooting the phone would trigger a password requirement on every mobile I've used recently. I can't face unlock or thumb unlock a freshly started phone. On the iPhone you can simply press power + volume for 2 seconds and it will disable touch/face ID until the next time you enter your passcode.

On the flip side biometrics are quick and easy and more than suf

Re:

[AmiMoJo]

It depends on your threat model.

For most people, a fingerprint is a decent way to unlock their phone. It's fast and good enough for banks to trust it with payments. It can easily be disabled in an emergency situation (press the power button 5 times rapidly). Thieves aren't equipped to lift your print and unlock your device, and will just sell it on or break it down for parts.

For fingerprint unlock to be an issue you would have to consider a threat actor who can get your device before you have a chance to di

Re:

[AmiMoJo]

I guess it's different in the US where the cops immediately point a gun at you. So again, it depends on your threat model.

Re:

[strikethree]

I've long held that the use of biometrics to replace passwords is a mistake.

It works fine as a second factor. As a primary and only factor, biometrics (who knew that biometrics wasn't a word? When did Mozilla decide this?) is not really a lock at all.

Re:

[volcan0]

The parent describe exactly one such scenario. look up truecrypt plausible deniability.

Who on SLASHDOT is using biometric data for cons..

[Subgenius]

consumer or IOT devices? Feel free to scan my thumb or face. NONE of my devices are biometric locked, despite tons of companies wanting to setup that for 'ease of use.' Sorry, I'll keep my 18 to 24 digit passwords and not turn them over.

Re:Who on SLASHDOT is using biometric data for con

[Dan East]

Sorry, I'll keep my 18 to 24 digit passwords and not turn them over.

Must be quite entertaining to watch you unlock your phone hundreds of times a day.

Re:

[orzetto]

It could actually be a good way to deal with compulsive smartphone use.

Re:

[Ed Tice]

If it's really a 24 digit password, it would take a lot to shoulder-surf that. Yes, I'm sure it can be done. But most people struggle to memorize seven digit phone numbers. I'm sure anyone can learn to memorize 24 digit strings if they dedicate significant time to that skill. But the people who have done such a thing are few and far between. So unless you're a high-value target (Maybe Dan East is, I don't know), an unlock code that long is pretty immune to having someone watch you type it in and then re

Re:

[swillden]

Must be quite entertaining to watch you unlock your phone hundreds of times a day.

JFC...why in the world would you need to be accessing your phone "hundreds of times a day"???

Maybe not hundreds, but at least dozens. For most people their phone is their digital assistant in all sorts of ways... not only for communication for for calendaring, looking up random things, reading the news or books, listening to music, getting directions, checking their bank account/brokerage, doing calculations, fitness tracking, managing shopping and to-do lists... the list goes on and on.

bIoMeTrIcS aRe TeH FuChAr!

[GameboyRMH]

Biometrics: Credentials that can be stolen off your body, can't be hashed, and can never be reset...and stealing them off your body can be legal too.

Re:

[markdavis]

>"Biometrics: Credentials that can be stolen off your body"

If DNA or fingerprints, they are "credentials" that can be stolen off anything you have touched or been around, and for a loooong time. They are pretty bad overall methods for confirming who you are if you care about abuse or security. And in the case of DNA, it *really* invades privacy, by its nature.

If you must use biometrics, the only reasonable one I have seen so far is deep vein palm scan. You are not leaving that data all over the place,

Nipple

[labnet]

Just as well as I use my left nipple for unlocking.

Re:

[Fly Swatter]

Now if he had used his nipple, would him having to tell them which body part unlocks the phone be protected by self incrimination?

Also he was a parolee? Way to bury the main problem of repeat offenders and the current penal system simply not working.

Like self-incriminating evidence in your safe

[gnasher719]

It's the same thing. The cops are allowed to open your safe. If you claim you don't have the key, or you forgot the combination, then they are allowed to break it open with force, assuming they have a valid warrant.

The only case where you are safe is when the information that you know the passcode is in itself incriminating.

An unknown person X hit Y over the head with their MacBook and killed them. The MacBook is locked with a password. The fact alone that you know the password means it's your MacBook and you are the murderer. Then they can't force you to unlock it, or can't use the fact that you know the password as evidence against you.

Or you bought a used hard drive on eBay. It's password locked. The police claims there is CP on it. You claim you don't know the password, you intended to reformat and use the drive. The fact that you know the password is evidence against you which cannot be used.

5 quick taps on the side button (or power button)

[93 Escort Wagon]

Disables biometric authentication on an iPhone.

Re:

[markdavis]

>"Disables biometric authentication on an iPhone."

And on Android starts an emergency services call.

So on Android, simply turn off the phone. Any reboot always requires the non-biometric unlock.

Or go into settings and choose "show lockdown option" which puts a button on your lockscreen (and power button menu) that instantly disables all biometrics and lockscreen notifications.

Re:

[ledow]

Not storing incriminating evidence on a cloud-controlled mass-market consumer piece of technology is probably a good idea too if you want to avoid such things coming to light.

Re:

[93 Escort Wagon]

Yeah, that would seem obvious.

I'm not worried about what the cops could find on my phone - for me, it's just the principle of the thing.

Insane ruling by troglodyte judges

[sinij]

Forcing to unlock or decrypt your devices is compelling to testify against yourself.

Re:

[schwit1]

Yes. The spirit of the 5th amendment is that no one should be compelled to aid in their own prosecution.

Re: Insane ruling by troglodyte judges

[Slashythenkilly]

While I agree with you, the point is there is a major difference between self incrimination and legally obtainable evidence. Dont give them access and you wont have a problem.

Re:

[sinij]

The issue here is that you are held in contempt and jailed if you refuse.

Re: Insane ruling by troglodyte judges

[Slashythenkilly]

...because you are witholding evidence, the same as refusing to testify as a witness.

Re:

[sinij]

They already have physical access to a locked phone.The only reason to unlock it access data, Data is what you know, it is memory prosthesis. The same logic used to force unlock the phone can be used to undergo mandatory brain scan to read your thoughts (if it existed). Both would be forcing you to produce data. It is by definition forced confession.

Re:

[laughing_badger]

The 'memory prosthesis' angle coupled with disability rights law might be a way to challenge this. If you can effectively show that you are storing the contents of your mind on the device, and that the officers have no way to separate that from other information while searching the device after unlocking it with your body, you might be able to get the result of the whole search thrown out.

Re:

[DamnOregonian]

That's certainly an angle you could argue, but it's a very loose one, particularly since brain scans that can extract information do not exist.
However, it is an undeniable fact right now, that your stored data is physical evidence. No different than you having written something down.

Re:

[DamnOregonian]

Actually it does. That's why government is required to get a warrant when performing a search.

The warrant is because you are protected against unreasonably search and seizure. Has nothing to do with self-incrimination.

The issue today is, with mobile devices and cloud storage, people can take their personal information outside their home and with them. This gives the illusion that whatever information a person have on them is now public and available.

Your invented legal theories are meaningless. You have no right to deny the Government physical evidence. What a wonderful criminal world that would be.

Re:

[DamnOregonian]

No, it is not.
Trying to keep physical evidence from the police is not testimony.

Re:

[sinij]

Accessing your phone is about accessing data on your phone, therefore it is about data. As much was established with passwords, but for some reason biometric unlock is different? It is only different to the corrupt or ignorant judge that does not believe that compelling testimony is a problem. What next, torture until you confess?

Re:

[DamnOregonian]

Stored data is physical evidence.
Passwords are different because they're in your head. They're something you can know (and forget).
Only constitutional protections against unreasonable search and seizure protect you from access to physical data.

5th amendment protects against compelled confession. It does not protect you from the collection of physical evidence, including your biometrics (or even your blood in the case of DUIs and such)

Re:

[DamnOregonian]

A search of your house was never a violation of your 5th amendment rights.
You are still protected by the 4th amendment, and a warrant would be required, as it is for a blood draw or forcing you to unlock your phone.

In this particular instance, the police concluded that existing authorization from the defendant's parole allowed it. The court agreed.
There was never any 5th amendment concern brought up, because it doesn't fucking apply, by any stretch of the (reasonable) imagination.

This is why...

[msauve]

I use a toeprint to unlock my phone. If they force me to use a finger (pick one, any one), it will lock out after 3 tries and then will only unlock with something I know.

It does take more time when paying with "touch", the cashiers look at me like I'm not doing it right.

You want control

[Baron_Yam]

Ideally, you want encrypted storage that unlocks with a long and complex password. And an alternate password accesses a benign alternate storage or starts a digital shredder.

You may be threatened with force to unlock, but it'll be your choice to do so (or deal with the price of not doing so).

Left thumb ...

[PPH]

... unlocks it. Right thumb wipes the storage. The cops came at me holding my phone. I tried to stuff my right hand in my pocket. They grabbed it and put my thumb on the scanner.

I tried to assist them by keeping my right thumb away from the phone.

Re:

[Powercntrl]

... unlocks it. Right thumb wipes the storage.

Which is an absolutely brilliant idea until you're distracted, rushed, or under the influence of alcohol/drugs. Then it's "Whoops, hope you have a recent backup!"

Re:

[Tom]

which phone has that feature? I've been asking for biometrics distress features for a really, really long time.

Re:

[Ed Tice]

Indeed, biometric distress is frustratingly lacking. Especially now that many people wear continuous biometric sensors like Apple watch. Sense distress and don't allow unlock of the phone except with an exceptionally long code.

Re:

[thegarbz]

Most phones have a function to quickly disable biometrics with a simple key press. Remember to hold those buttons down when you hand over your phone and you're safe. No need to put your data at risk of you confusing left and right while out drinking.

Re:

[ArchieBunker]

Welcome to a new charge, destruction of evidence.

Re:

[PPH]

What part of "No! No! Don't do that!" did they not understand?

What Is The Threashold For Laws?

[zenlessyank]

How many will there have to be? When was the last time the government sent you a copy of all the laws you are supposed follow?

The glass will overflow and when it does, watch out.

New proceedure

[Slashythenkilly]

Keep phone backed up to a localized computer with airgap. If stopped, restore to factory settings.

Question

[pierreact]

I'm European so maybe I don't get it all. How unlocking a phone to see documents in it differs from unlocking a door to see document in the place? This is a private space, even though a digital one. Shouldn't a warrant be required?

Re:

[ledow]

At the point of arrest, are you suggesting that the police couldn't open a locked door that they suspect has evidence behind it?

That they'd have to arrest the guy, take him away, go to court, get a warrant, in order to open the boiler cupboard?

No, it doesn't work like that. Reasonable suspicion of a crime has rules too, and those allow such actions. It's always "unreasonable" search that's the problem.

Otherwise criminals would put cheap tiny padlocks on everything they own, including their phone, and make

Re:

[chas.williams]

Yes, that's precisely what happens in the US. If you suspect there is evidence behind a door, locked or otherwise, you need to get a warrant. It's that simple. There typically isn't a burden of getting a warrant for every single door, but the person getting the warrant must be able to articulate what they plan to search, where they plan to search, and why they plan to search. The are a few exceptions, and you should try to avoid them because they are always challenged:

https://www.law.cornell.edu/co... [cornell.edu]

Biometric passcodes are stupid

[n2hightech]

Why would anyone use fingerprints or iris scans to unlock anything? It's like walking around with your password on a sticky note posted to your forehead. Or dropping sticky notes with your password on everything you touch. I have never enabled the fingerprint scanner on my phone and never will. Even the mythbusters showed they can be hacked or like in 007 movie just kill the guy and take out his eyeball. It's a false sense of security. Biometrics are great for identifying an uncooperative person but good old long passwords are more secure. Adding a human scale delay of a few seconds into every attempt and some attention to side channel attack mitigation makes passwords near perfect security.

Re: Biometric passcodes are stupid

[toutankh]

Patterns and passwords can be spied on pretty easily and nowadays there's cameras everywhere, so that's pretty bad as well.

Wrong decision, probably because of bad defendant

[PortHaven]

Wrong decision, probably because of bad defendant case. This is often how bad decisions are made. They argued the 5th,.. but this case is a 4th amendment case.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,"

Secure in papers and effects (phone is effects).

Secure in their persons, who does the thumb belong to?

Use your pinky to authenticate

[PortHaven]

Most cops are too stupid to figure that out... LOLZ

Re:

[awwshit]

If I'm going to use biometrics only, I want to use a combination of them. Right thumb, left pointer, right iris - something where I have to know a pattern in addition to being me.

If you aim to misbehave, turn off Biometrics.

[Vandil X]

They can't require you to tell them your passcode. But you can always be... unofficially encouraged to do so.

Thanks for telling everyone

[roc97007]

I guess we'll all go back to passwords now.

Warrant?

[bataras]

They searched his phone without a warrant?

Re:

[DamnOregonian]

Your thumbprint is not a password though.
Just as a Judge can compel you to give blood to look for evidence of a charge of intoxication, they can compel you to give your thumbprint to look for evidence for the charge of X.

Leaving the password in public view does not grant rights to it any more than leaving one's belongings in the garden.

The fuck? If you leave things in public view, police don't even need a damn warrant to use it.

Re:

[v1]

Most phones lock up the biometric keys when they're rebooted, and require something like a pin code to unlock after reboot. (at which time the biometrics get unlocked)

So if you're in a situation where you're worried about someone forcefully unlocking your phone, shut it off.

Although this frustratingly means you can't record the interaction with your phone...