Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Just one simple question for my understanding - given some "law enforcement" had you in restraint. Wouldn't it be possible, to bag the phone and strap you to a chair and then holding the phone right under your nose and strip the bag to unlock it?

I was just wondering. Because forcing you to look at your phone is a lot easier then forcing your finger to touch the home button I guess.
They can’t force your eyes open, and trying to, say with fingers, obstructs face and interferes with the ID and gives a failed attempt. It would be a lot easier to take your finger against your will, and press it to the home button.
 
Who on earth would wanna disable a 'security' feature ?

It's design to prevent others from from getting in, and that should apply to the law..... There should be no exceptions, but what we are saying we would want to disable FaceID in order for the police to invade our privacy as well..

The same security set up, would be turned against us. Good to know anyway,but security is still security.

I'd say FaceID would be even more insecure, because you don't need a thumb print... correct/or incorrect, you may not even be aware a police just "looked" at your phone if he as it. (i.e its out sight)
 
My point, which i've made repeatedly, as that the armchair lawyers who confidently state that "the government can't make you unlock your device if all you use is a passcode instead of biometrics" are giving bad advice.


Nobody is giving advice (to anyone), rather people are participating in a discussion forum on a very topical subject.

With that said, since you're a licensed attorney, what would your advice be to people who in the future might be detained or arrested by the police, who then via a warrant demand access to their phone and ask for the phone's passcode?

Assert your right to remain silent? Or comply with law enforcement's demand? Both in and out of the jurisdiction of the 3rd and 11th circuits.
 
Last edited:
While you're waiting for Apple to make an official method, some clever person/people came up with this Shortcut:
https://www.icloud.com/shortcuts/2d68cb1ee7b84f08ace2fd600b9855b5
Based on what MacRumors member rjtyork posted it does the following:
"Just by saying “Hey Siri, I’m getting pulled over”, Siri will pause your music, turn on do not disturb, send your location and a message to pre-determined contacts, dim your screen, start recording video from your front camera, upload that video to iCloud Drive or google drive, and send the video to any contacts you choose."

Many thanks to you for sharing this! It is amazing what can be done with shorcuts, this one really shows the power of this application.
 
https://www.theregister.co.uk/2017/03/20/appeals_court_contempt_passwords/

https://itknowledgeexchange.techtar...ry/man-jailed-forgetting-encryption-passcode/

He claimed to have forgotten. He went to jail.

And as this article states, this is the law in at least the third and eleventh circuits. So delaware, pennsylvania, new jersey, alabama, florida and georgia.

The state of the law in this area is different between the 3rd and 11th circuits.

If the government knows with particularity what is on an encrypted device then, yes, it can compel a defendant to decrypt that device using a passcode. That is, generally speaking and assuming the government also knows that the defendant knows the passcode. That's the case in the 3rd Circuit and in the 11th Circuit. Further, whether other circuits have already decided that issue or not, that's most likely to be the case in those circuits as well.

But in the 11th Circuit, the government can't compel a defendant to decrypt a device if it doesn't know with particularity what is on that encrypted device (i.e. what would be on it if it were decrypted). That's the case even if the government knows that the defendant knows the passcode. Under 11th Circuit precedent, that's not enough for the forgone conclusion doctrine to apply.

As for the 3rd Circuit, it remains an open question whether the government can compel a defendant to decrypt a device if it doesn't know with particularity what is on that encrypted device. The 3rd Circuit hasn't, as far as I'm aware, decided that issue. It has, however, suggested in dicta (in the MacPro Computer case) that the government might be able to compel a defendant to decrypt a device in such circumstances so long as the government knows that the defendant knows the passcode (or the defendant has been granted immunity with regard to the use of the defendant's knowledge, demonstrated by the act of decrypting the device, of the passcode).

So, as things stand now, in the 11th Circuit police can't compel a defendant to use a passcode to decrypt a device just because they suspect it contains evidence of a crime or otherwise because they have a search warrant that covers it. That may or may not be the case in the 3rd Circuit (and in some other circuits).
 
I disabled all security check on my Iphone. With no passwords, no Face ID, I'm saving so many seconds and if I forget my phone somewhere it can be easily returned to me.
My private data is not worse than average and I have nothing to hide.

You have a lot to hide, you just don't know it. Everyone who doesn't want to be a victim of identity theft has something to hide, so the common statement "If you've done nothing wrong, you have nothing to hide" is flatly untrue.

If you disagree, then send me all of your logins, passwords, and answers to security questions. If you refuse, then you now understand that there are things that you definitely need to hide.

I see this come up so often that I have to ask.
Which websites are you people "visiting"? Because you all seem quite paranoid that someone will know you've "been there".
[doublepost=1539531256][/doublepost]

How can they get into banking apps?
Sure they can go to town on many of the other things you've listed, but tell me how you think the thief can get into someone's banking apps without their password/finger ID etc input?

I'll start with your second question. First of all, you don't need access to the application to have access to the account. So the better question is how does the thief get access to your online banking (or any online account really).

Go to the website for whatever login are trying to take over (email, banking, Facebook, Amazon, whatever). Use the "forgot password" link. Verify with email address, which you can do because you have the owner's email.

Maybe there's two factor authentication, but that's no problem because the second factor is typically phone-related (a text message with a code, a telephone call stating the code, or an authentication application like Google Authenticator or Symantec VIP). Now you have 100% of the accounts which use email and/or the phone for authentication.

What's left are accounts that also use security questions. This is a little harder, but not impossible. Look on Facebook. Search through email. Pretend you are the phone's owner and ask via text messaging, for example "hey, I was reminiscing today and I forgot the name of my elementary school, do you remember?"

Now, back to the first question. Aside from the obvious naughty stuff that's private and nobody else's business, your browser history will include all of the websites you visit that have accounts that the thief can take over. In many cases there may even be cookies which enable him to "still be logged in" as if it were you. If it weren't for the browser history, the thief might not know to go there.
 
Last edited:
  • Like
Reactions: CarlJ
Mr. Hypothetical will have his lawyer move to have all evidence gathered from his phone with out a warrant to be held inadmissible and walk. If Mr. Hypothetical voluntarily unlocked his phone then it's on him.

That sounds good but as I’m sure you are aware police cannot compel you to give your PIN code to open the iPhone but can use your biometrics to do it.

If you are arrested and they find weed in your pocket when searching you for the arrest is it inadmissible? What about in your car when they are inventorying it?
 
Maybe there's two factor authentication, but that's no problem because the second factor is typically phone-related (a text message with a code, a telephone call stating the code, or an authentication application like Google Authenticator or Symantec VIP). ...

What's left are accounts that also use security questions. This is a little harder, but not impossible.
For the first part, that's why my 2FA codes are all secured behind a second password that they'll never get. For the second part, that's why I never ever use legit answers to "security" questions. They're all random answers, duly recorded in an encrypted database in case I need them. Someone who can figure out my elementary school will be no closer to getting access (indeed, if they keep trying variations of the "right" answer, they're likely to trip a "you need to come talk to us to straighten this out" scenario).

But I do agree with your answer - thus the several layers of security (and exploding phone case).
 
Mr. Hypothetical will have his lawyer move to have all evidence gathered from his phone with out a warrant to be held inadmissible and walk. If Mr. Hypothetical voluntarily unlocked his phone then it's on him.

Is it enough to just dismiss a case? What punishments are available for crooked cops who obtain information illegally? A stern lecture from the judge? :rolleyes:
 
Most people have a passcode to prevent their phones from being accessed by other people; should the phone be lost, or left out on your desk at work, etc. They obviously care about privacy.

Your response above was to a post about the police searching your phone.
Riddle me this: How is the police searching your phone different than some random person doing it?
[doublepost=1539676130][/doublepost]
It’s also true of a passcode. There is a thin veneer of difference in the US ... You probably aren’t supposed to be compelled to provide a password, but if there is probable cause that you own the phone and it contains evidence of a crime, you can be forced to.
You cannot. The 5th amendment protects you against that.
 
Wait. What? Why not? Personally, if I need to hire a lawyer I like to know that they’ve been educated, are held to ethical guidelines, etc. It’s not like licensure is a new thing, either.
Right by the same monopoly that makes the laws, rules and forces everyone to abide by them. Oh yeah and the people enforcing it are on the same payroll as the “impartial” judges. Right.
[doublepost=1539678574][/doublepost]
The good news is that if you are ever accused under one of the above bizarre scenarios you can defend yourself.
I genuinely hope you continue to have the luxury of thinking any of my scenarios are “bizarre”
 
Riddle me this: How is the police searching your phone different than some random person doing it?

Some random person, after finding your phone, does not require probable cause in order to convince a judge to sign a search warrant application to examine the contents of your phone. Without a passcode or some other authentication method, that random person can have access to anything that may be contained within the phone.

I might be going out on a limb here, but I suspect most people would likely want to set a passcode on their phone to prevent that from happening.
 
In this case, a warrant was obtained and the iPhone searched by compelling the accused to use his finger to ope. The iPhone. The information the iPhone contained was used as evidence against him. He lost in the appellate court.

https://www.google.com/amp/s/arstechnica.com/tech-policy/2017/01/court-rules-against-man-who-was-forced-to-fingerprint-unlock-his-phone/?amp=1
Yeah. Almost since the start they’ve held that biometric security isn’t the same as a password.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.