I'll offer my "rag doll testimony" IANAL axiom: re the 5th Amendment (right against compelled self-incrimination) the court can only "compel" your "testimony" insofar as they can manipulate your limp uncooperative body for fingerprints, hair samples, and other non-invasive observations. Anything inside your body, including blood & ideas, is yours to retain as you see fit.
Not perfect, but seems generally sensible. Have at it.
Depends on your definition of "compel." If the government offers you a choice between you giving testimony or them making your life a living hell, I would consider that compulsion.
Hence my putting 'compel' in quotes, and proceeding to define it.
The whole "testify or we'll make your life a living hell" thing should be prosecuted via "violation of rights under color of law", which can carry some pretty severe penalties.
Caveat: The rag-doll should be considered mindless. No fair trying to project EM radiation into it in order to make it susceptible to verbal suggestion either.
Drawing a legal distinction between a password to unlock and a fingerprint to unlock is absurd.
Legally, the method of restricting access (physical key, combination safe, fingerprint, password) should have no bearing on whether somebody can be compelled to provide access. A smartphone filled with documents should be legally equivalent to a locked filing cabinet. Either both should be compellable or neither.
> Drawing a legal distinction between a password to unlock and a fingerprint to unlock is absurd.
Yes, but the distinction is drawn because privacy advocates don't have much else to hang their hat on here. A court can compel you to open a locked filing cabinet. That's open and shut. Saying that giving up a password is testimonial leaves open an angle to distinguish cell phones from locked filing cabinets.
The purpose of the 5th amendment was to keep people from having to testify as a witness against themselves, which has a very prejudicial effect on juries. It was not intended to be a blanket protection against investigation of your personal assets by court order.
I agree that privacy advocated don't have a lot to hang their hat on here.
However, just a few notes:
" Saying that giving up a password is testimonial leaves open an angle to distinguish cell phones from locked filing cabinets."
Well, it is testimonial in some cases, as i'm sure you know.
If the government can essentially prove that they don't need your password to prove your access/control to that device, they can often get your password. But there are cases where it is testimonial. A laptop in a shared house for example, that has encrypted child pornography. Part of their case will be proving it is your laptop. If you dispute that fact, they aren't going to be able to prove it by requesting you enter the password, even if they can prove you have the password.
IE you are only generally protected from revealing it if revealing it would establish something about access/control to the device the government can't prove otherwise.
With the caveat that if they offer immunity for using your production in the prosecution, they can often get access.
Additionally, the government will almost never request the password itself, because that is often considered specific testimony concerning a fact. They will request you produce a document that is on the encrypted device, because they are allowed to ask for that.
They will then offer immunity for the act of production.
"That the government SHALL BE precluded from using Ms. Fricosu’s act of production of the unencrypted contents of the computer’s hard drive against her in any prosecution".
A fingerprint is more like a username than a password. It is simply not a secret credential. A password that is left behind on everything its owner touches isn't very secure.
If you did this, a court would usually sanction you.
In cases like this, the sanction is often "whatever they thought they could prove with the phone, is assumed to be proved".
Add a feature where you can select what to wipe, e.g. you could choose to have it wipe only your SMS messages, so the phone still looks lived-in and not factory-fresh and make it impossible to tell whether the normal unlock code or wipe code was used.
A better alternative is to have a second decryption code that allows you to unlock the phone, but to a completely unrelated set of files. This would be along the lines of a Truecrypt hidden volume. That way, the court can't get pissed at you for deleting evidence.
Oh, I dunno, what have you got to hide? And before you say "nothing" realize that there's a hell of a lot more laws on the books than you think. You don't even have to dig very far for laws against things that shouldn't be illegal. What if you were living during prohibition, and the court ordered you to unlock your safe that had photos of you drinking in it? The biggest problems with how warrants are handled these days is that many are "fishing expeditions" where even when they are written for something specific, they can get you for something completely unrelated (eg, found a joint in your house while searching for stolen goods).
This isn't "NSA surveillance when you've done nothing wrong".
This is a proper legal process initiated against you, with a proper court order.
What greater process do you want?
Do you believe the answer is "you should never be forced to disclose this?".
If so, the answer is to expand the fifth amendment. It doesn't say that :)
"What if you were living during prohibition, and the court ordered you to unlock your safe that had photos of you drinking in it? "
Don't do illegal things?
"The biggest problems with how warrants are handled these days is that many are "fishing expeditions" where even when they are written for something specific, they can get you for something completely unrelated (eg, found a joint in your house while searching for stolen goods)."
So then your problem is essentially "you don't liek what is illegal", and "you don't like that warrants enable the police to investigate"?
Seriously, i'm not trying to make light of your concerns, i'm just trying to see what you see as the solution, and i can't see how "not having to unlock your phone" is the solution to any of the concerns you raise.
While i'll admit my remark is a a bit flippant, i don't see how your example is relevant to the current discussion.
I think we can safely separate "drinking alcohol during prohibition" and "protecting people who are going to be shipped off to be killed" in the scale of things here. One is a clearly legitimate use of government power, one is not.
Note that all criminal laws legislate morality, so it's always a matter of degrees.
Nothing in the discussion above related in any way to the "need to protect refugees from oppressive government" use case. The original article is about US courts, and the discussion centered around fifth amendment rights in the US.
So i'm trying to understand why "you have done something society has deemed illegal, that illegality is within the legitimate power of the government, a court has ordered you to unlock your phone so the police can investigate the crime" is not a legitimate exercise of power.
Hint: The fifth amendment does not give you the right to destroy or hide evidence.
The fifth amendment doesn't mean that if you are really really good at hiding stuff in your phone, you get away with a crime.
It literally says "nor shall be compelled in any criminal case to be a witness against himself".
This was originally referring to being forced to take the stand or being tortured to give evidence.
To the degree some act you are being asked to do is testimonial in nature, the fifth amendment protects you.
It is not a general "i don't have to do anything if they are criminally investigating me" right. You may have to give hair, stand in lineups, or a bunch of other things.
If your argument is that these are immoral requests, modify the fifth amendment. It 100% was not written to protect you from these cases, and it was 100% anticipated that you may be required to do things like "stand in lineups" and all kinds of things.
"The 5th amendment prohibits the courts from doing it, and even if it didn't I would still think it was wrong."
No, it does not. The fifth amendment does not allow you to hide or destroy evidence. You can be ordered to produce things in your possession that you are hiding. It's not a game where the fifth amendment says "well, if you hide a murder weapon well enough, ..."
The founders believed the same, and that's how the fifth was written.
If the police can prove you are in possession of something, and that you are the single owner/controller, you can be ordered to produce it, because the goal is not to enable evidence hiding, but to avoid things like "torture".
The fifth amendment literally says a person cannot be compelled to give "witness against himself".
It is referring to testimonial situations, like being put on the stand in your own trial.
You are welcome to thing "this is wrong". You are welcome to try to convince society of this. So far, not enough of society has bought it that it has been changed.
You are always welcome to think things are immoral, but that does not change what they actually say or mean.
I too would love to see a plausible deniability like Truecrypt provided. Entering a passcode unlocks the phone, but only files stored under that passcode is visible. There is no way to tell how many hidden volumes there are.
This does fall apart however. If I took an encrypted laptop or external drive somewhere and was required to unlock it, I would most likely be opening a filesystem that is out of date. During normal operation, you have to pay attention and ensure both volumes get files updated to make it appear current. For an external drive, you do this by mounting both volumes and storing your files accordingly.
On a computer, you have to be concerned about traces left within the OS itself. So you have to be really careful about cleaning up after yourself. Or, you setup two copies of your OS and occasionally boot into your "clean" one and load files onto it.
On a phone though.. the important stuff like call logs, sms messages, chat history.. that's what the authorities are after. If they know your phone is capable of "hidden volumes" and find that you have minimal/old history on your phones, they'll get suspicious. If messages or calls known to be sent to your phone don't appear, that is a pretty good indicator that you're not complying with the order.
I think the only thing that could really work is a built in "kill switch". This would be a time sensitive in-memory program that requires a periodic check-in by you to keep it from nulling out all the application data and factory reseting the phone. Essentially, this has to work with no action on your part. If it can happen without you ever touching the phone once it's in custody, that's ideal.
That's not conclusive. Look up how truecrypt's hidden volumes work. That is at least cryptographically sound. Then, you employ obfuscation techniques like occasionally using your "decoy" files.
Apple's implementation makes this incredibly difficult given the 10-attempt failsafe (wipes device) and increasing timeouts for failed login ("try again in 1 hr" - after 7th failed attempt).
Also even given a trivial passcode, if you use "complex passcode" and the same 4-character passcode, you've vastly increase the key search space with a minor change to usability (esp. if you have touchID).
I don't like the 10-attempt-auto-wipe because it also gives someone an easy way to erase your device -- which I think is just as likely as a scenario. For example if you recorded the police and they didn't like it...
Having the password (in your mind and on your fingers) and the "sensitive information" ;- having them together in the same place at the same time is just asking for it really.
Isn't it standard to do all decryption attempts on a clone of the phone rather than the phone itself? After ten attempts, just reset the copy and try again.
The researcher does recommend never surrendering your phone unlocked however - that guarantees someone can just hook it up to a USB connection, and tap "trust", and then proceed to pull all your personal info and credentials out.
As we saw with the celebrity nude leaks, backups are often easier to acquire and trivial to crack using software like EPPB. Just take a look though Elcomsoft's product list if you're questioning whether you should upgrade to a stronger passcode.
The failsafe/wipe and timeouts are all implemented in software, and are still in Apple's control. They would be able to easily remove those restrictions without you needing to give up anything.
"The failsafe/wipe and timeouts are all implemented in software"
So is unlocking your phone, changing your password, decrypting your phone, etc. How is it easy for them to disable the failsafe wipe if they can't decrypt your phone (and presumable the settings file where that option is stored)?
You can encrypt the flash content, which puts you down to memory, something that is pretty hard to do when it's embedded inside the CPU SoC. If the baseband & other co-processors are not trusted with full DMA access to the CPU ram, then it's practically impossible.
Correct. Even with hardware-entangled key stretching, Apple can jack into your phone, disable the 10-entry erase, and then brute-force your passkey. With Android, they don't even need to use the phone. They can just dump the flash storage and attack it on arbitrarily powerful hardware.
You can thankfully enable arbitrarily long numeric or alphanumeric PINs on Android and iOS.
Not related to smart phones, but with some something like GDBE where you can set it up so that two keys are needed (one of which is stored locally, the other provided by the user) to encrypt/decrypt, and the local key was deleted, what could the court do? The evidence isn't necessarily destroyed, it just cannot be decrypted.
You'll continually be found in contempt of court until you comply, until they break through some other way, or until they get tired of dealing with you.
Interestingly and strangely enough, jail can only be used for contempt of court when they believe that keeping you there has a chance of making you comply. If you make a principled enough stand that you are never going to comply, they legally have to let you out. In practice, this usually takes a long time.
Not perfect, but seems generally sensible. Have at it.