IME an easy defeat for Touch ID, on the iPhone 5S at least, is to lick your fingers. Your phone will fail to unlock, and if you do it five times, your phone disables Touch ID for you.
Another trick is to simply turn off the phone. Touch ID is always initially disabled at boot.
I wish Apple would add a “duress finger” feature though.
One of the most unexpected aspects of the emerging global surveillance regime is how trivially easy it is to opt out of.
All you have to do is leave your phone at home.
The over reliance on consumer technology and social platforms by end users is unfortunate but expected. Seeing how law enforcement has become so lazy as to piggyback all of their investigatory efforts on top of it is truly stupefying...
Leaving your tracking device at home will eventually be a criminal offense, if it's even possible to do without ripping it out of the vital organ it's implanted in.
What makes you say they piggyback all their efforts on our reliance on consumer tech? It's low-hanging fruit that probably yields results reliably, but that doesn't mean LE is helpless if you don't have a phone.
Obviously there should be two modes of operation for the personal device both enabled biometrically. Pinky for police-mode, thumb for internationalmanofmystery-mode... or just don't keep shit the cops want on your phone.
I love being a Norwegian but damn, occasionally the government does some really dumb stuff. Like this. This is just like when they introduced the Data Retention Directive and whadda ya know, it's against human rights and now it's put on ice. I hope it'll happen with this directive.
Android (stock at least, but likely other flavours too) allows you to have multiple users on a device. Swipe down from the top a couple of times, then press the little blue User icon and set up a different user with a pass code for things you want to remain private. You could happily unlock your phone for the default user without giving up any private data.
It's not a method of securing anything as it's just obscurity, but very few people would know about it or bother to look. It's very useful for having 'work stuff' and 'personal stuff' on one device.
That's why all phones should have a decoy feature so that when asked to produce a password, you just give them the decoy pass, and it unlocks a clean profile with no way for them to find anything personal, and or incriminating.
My phone has a guest code. I think phones should just have profiles that are complex enough to where nobody could know if it's your main one or not. However, apparently someone somewhere holds a patent to this sort of thing and thus...
One example I found off Google, though I've heard of others:
Don't use a thumbprint scanner. Set a PIN. They can force you to put your thumb in the screen but they cannot force you to remember a PIN. OK their may be able to put you in prison for not handing over the PIN, but at least that is your decision. On some phones you can set a PIN that destroys everything....
The argument that "we're allowed to force you to unlock your phone with your fingerprint, because we could physically force you to do it anyway" makes me think that the governments will eventually not give citizens a pass when they have a PIN number or passphrase either, once they develop the technology to read our thoughts. And the reason is the same: because they could physically force you to reveal it.
That's such a shitty way of thinking about laws. Should men be allowed to beat women just because they are physically stronger, too? No, we've simply decided as a society that just because you can do something with physical force, doesn't mean you should be able to do it, and that it's illegal to do it.
And this is why I think forcing you to unlock your phone with your fingerprint, just because in theory the policemen can hold you down and force your finger on the phone, is also an immoral law and an immoral way of thinking.
Use the wrong finger. Try it quickly 5 times and it locks, forcing the passcode. If they hold the correct finger down, twist the tip of the finger and try to roll it.
Even better, train a non obvious finger for your passcode. After the last application of your thumb/index finger fails and forces the passcode, turn to them, shrug your shoulders and say I don't know why it didn't work.
Or just don't use the biometric unlock features. I don't have anything on my phone I need to hide from the police, but turning on fingerprint login was a complete "nope" to me, because obviously I can be forced to put my finger on the sensor. Not to mention the general spoofability of fingerprint readers. Refusing to make civil rights abuse easier seems like a civic responsibility to me, so biometric security is not something I'm going to use. Bad incentives.
This is about unlocking electronic equipment (phones) based on biometrics and not pin/passwords. I suppose the logic behind it is that the police are already allowed to do similar things. They can use physical force to restrain for instance. They can search one's possessions.
Or consider fingerprinting. What would happen if one were to refuse getting fingerprinted and made trouble? Are police allowed to use force in that case?
The only reason police organizations are making it about biometrics is because they have an easier time getting that then getting laws changed to compel pin/password unlocking.
But make no mistake, this is all about getting unfettered access to everything bit of data they can without a warrant. They saw an easy opening to circumvent existing laws and they jumped for it.
Can you have it require both a fingerprint and password? Perhaps, requiring a different password for each finger? That is why you need open-source, so that you can program it by yourself.
Or to do like I, don't have cell phone. You can write notes on paper, even in code if you need to I suppose. Confuse thieves (including police, which count as thieves too in this case) by writing very confusing stuff.
I see a lot of people in this thread pulling the trigger of this "being an invasion of privacy".
While this is true, I can't help but to feel that the Hacker News crowd tends of see only one side of this issue.
They are not asking smartphone companies to introduce backdoors in their products. They are just trying to make sure that police has the right resources to be able to solve investigations.
To be honest, this sounds reasonable to some extent. When someone gets questioned by the police, you expect the person to tell the truth. If the police gets a hint that your smartphone might have significant evidence of some sort of crime, isn't it reasonable to comply with the request?
It's not like they are asking to access it remotely from anywhere at anytime.
> They are just trying to make sure that police has the right resources to be able to solve investigations.
Which the police can and have been able to do with a search warrant. Courts in various parts of the world have spoken here: the smartphone is unlike other personal effects, in that it may provide access to a historically unprecedented vault of personal information about its owner. The space for police abuse here is vast, and using courts as a check against police power is a common solution.
>When someone gets questioned by the police, you expect the person to tell the truth.
Police should not expect anything.
Even if you tell the truth, police could still build a story so that it will make you guilty of something. Not because police are evil, but because investigation is not easy, so any interaction with the police is a great danger for any person, especially the honest ones since they are often more naive and less equipped to deal with the police.
> To be honest, this sounds reasonable to some extent.
Some - many, most? - of the people they will be questioning are completely innocent of a crime.
Imagine you are an innocent bystander in some political event and a group of policemen are holding you down while one of them tears your eyelids open with his fingers and forces your phone against your eye.
Does that sound reasonable to you?
And who gets to make this decision, some policeman, on the spot, in a busy crowd, on a bad day when he's been dealing with rioters? For any reason he likes?
This is just opening up a new avenue for police brutality and physical intimidation of minorities.
Look at stop and search in the US and how it is used (specifically, who it is used against), and it is far less invasive than this.
I think policemen should be standing up to oppose this and require the use of a court warrant, as is the current standard. I wonder how many will.
Meanwhile to search my house you need a search warrant. I'd feel more violated in my privacy by someone snooping through my phone or computer than by someone searching my house. With a search warrant this would be a different discussion.
> When someone gets questioned by the police, you expect the person to tell the truth. If the police gets a hint that your smartphone might have significant evidence of some sort of crime, isn't it reasonable to comply with the request?
A person does not have to testify against oneself. This principle stands in the USA and Finland for sure (that I know of), I'd expect it to stand in Norway as well.
> If the police gets a hint that your smartphone might have significant evidence of some sort of crime, isn't it reasonable to comply with the request?
In the US you don't have to talk to the police, and you never should talk to the police. Remember, they aren't necessarily trying to find the perpetrator, they are trying to convict someone, and that's not necessarily the same thing.
If they can establish you had the means, motive and opportunity, why look for anyone else. Your device can put you close enough to a crime scene that you become the convenient person to convict.
The problem is that as this stands, they can force almost anyone. They need probable cause to search my home, but not to unlock my phone. And I'd rather have them look through my clothes and possessions than all my mail and private conversations...
If you consider your smartphone external memory, only accessible through your brain via encryption keys stored therein, then this is compelled speech and potentially self-incrimination. Without a warrant, without a lawyer.
[+] [-] TazeTSchnitzel|8 years ago|reply
Another trick is to simply turn off the phone. Touch ID is always initially disabled at boot.
I wish Apple would add a “duress finger” feature though.
[+] [-] LyalinDotCom|8 years ago|reply
[+] [-] rsync|8 years ago|reply
All you have to do is leave your phone at home.
The over reliance on consumer technology and social platforms by end users is unfortunate but expected. Seeing how law enforcement has become so lazy as to piggyback all of their investigatory efforts on top of it is truly stupefying...
[+] [-] jasonkostempski|8 years ago|reply
[+] [-] alkonaut|8 years ago|reply
[+] [-] gberger|8 years ago|reply
Leaving your phone at home is equivalent to having no phone at all.
[+] [-] rebuilder|8 years ago|reply
[+] [-] collyw|8 years ago|reply
[+] [-] nthcolumn|8 years ago|reply
[+] [-] sondr3|8 years ago|reply
[+] [-] onion2k|8 years ago|reply
It's not a method of securing anything as it's just obscurity, but very few people would know about it or bother to look. It's very useful for having 'work stuff' and 'personal stuff' on one device.
[+] [-] greglindahl|8 years ago|reply
[+] [-] shostack|8 years ago|reply
[+] [-] sr2|8 years ago|reply
[+] [-] giancarlostoro|8 years ago|reply
One example I found off Google, though I've heard of others:
https://arstechnica.com/gadgets/2012/10/nokia-patent-may-be-...
[+] [-] mvdwoord|8 years ago|reply
[+] [-] jimnotgym|8 years ago|reply
[+] [-] mtgx|8 years ago|reply
That's such a shitty way of thinking about laws. Should men be allowed to beat women just because they are physically stronger, too? No, we've simply decided as a society that just because you can do something with physical force, doesn't mean you should be able to do it, and that it's illegal to do it.
And this is why I think forcing you to unlock your phone with your fingerprint, just because in theory the policemen can hold you down and force your finger on the phone, is also an immoral law and an immoral way of thinking.
[+] [-] gnodar|8 years ago|reply
Even better, you can set a pin to only destroy specific data. Less chance of arousing suspicion.
[+] [-] valuearb|8 years ago|reply
Even better, train a non obvious finger for your passcode. After the last application of your thumb/index finger fails and forces the passcode, turn to them, shrug your shoulders and say I don't know why it didn't work.
[+] [-] bitwize|8 years ago|reply
[+] [-] rebuilder|8 years ago|reply
[+] [-] jopsen|8 years ago|reply
[+] [-] tyingq|8 years ago|reply
[+] [-] Zigurd|8 years ago|reply
[+] [-] GreaterFool|8 years ago|reply
Or consider fingerprinting. What would happen if one were to refuse getting fingerprinted and made trouble? Are police allowed to use force in that case?
[+] [-] shostack|8 years ago|reply
But make no mistake, this is all about getting unfettered access to everything bit of data they can without a warrant. They saw an easy opening to circumvent existing laws and they jumped for it.
[+] [-] jopsen|8 years ago|reply
That makes more sense...
Similar to how the police can require you to unlock the trunk of your car. It's a physical key.
[+] [-] pavement|8 years ago|reply
Don't secure your phone with biometrics in Norway.
[+] [-] zzo38computer|8 years ago|reply
Or to do like I, don't have cell phone. You can write notes on paper, even in code if you need to I suppose. Confuse thieves (including police, which count as thieves too in this case) by writing very confusing stuff.
[+] [-] EGreg|8 years ago|reply
[+] [-] GreaterFool|8 years ago|reply
[deleted]
[+] [-] sweden|8 years ago|reply
While this is true, I can't help but to feel that the Hacker News crowd tends of see only one side of this issue.
They are not asking smartphone companies to introduce backdoors in their products. They are just trying to make sure that police has the right resources to be able to solve investigations.
To be honest, this sounds reasonable to some extent. When someone gets questioned by the police, you expect the person to tell the truth. If the police gets a hint that your smartphone might have significant evidence of some sort of crime, isn't it reasonable to comply with the request?
It's not like they are asking to access it remotely from anywhere at anytime.
[+] [-] saidajigumi|8 years ago|reply
Which the police can and have been able to do with a search warrant. Courts in various parts of the world have spoken here: the smartphone is unlike other personal effects, in that it may provide access to a historically unprecedented vault of personal information about its owner. The space for police abuse here is vast, and using courts as a check against police power is a common solution.
[+] [-] nannePOPI|8 years ago|reply
Police should not expect anything. Even if you tell the truth, police could still build a story so that it will make you guilty of something. Not because police are evil, but because investigation is not easy, so any interaction with the police is a great danger for any person, especially the honest ones since they are often more naive and less equipped to deal with the police.
https://www.youtube.com/watch?v=d-7o9xYp7eE
[+] [-] random_comment|8 years ago|reply
Some - many, most? - of the people they will be questioning are completely innocent of a crime.
Imagine you are an innocent bystander in some political event and a group of policemen are holding you down while one of them tears your eyelids open with his fingers and forces your phone against your eye.
Does that sound reasonable to you?
And who gets to make this decision, some policeman, on the spot, in a busy crowd, on a bad day when he's been dealing with rioters? For any reason he likes?
This is just opening up a new avenue for police brutality and physical intimidation of minorities.
Look at stop and search in the US and how it is used (specifically, who it is used against), and it is far less invasive than this.
I think policemen should be standing up to oppose this and require the use of a court warrant, as is the current standard. I wonder how many will.
[+] [-] ajmurmann|8 years ago|reply
[+] [-] noinsight|8 years ago|reply
A person does not have to testify against oneself. This principle stands in the USA and Finland for sure (that I know of), I'd expect it to stand in Norway as well.
[+] [-] colmvp|8 years ago|reply
Sure, with a warrant.
[+] [-] valuearb|8 years ago|reply
If they can establish you had the means, motive and opportunity, why look for anyone else. Your device can put you close enough to a crime scene that you become the convenient person to convict.
https://www.youtube.com/watch?v=d-7o9xYp7eE&feature=share
[+] [-] maaaats|8 years ago|reply
[+] [-] the8472|8 years ago|reply
[+] [-] yjftsjthsd-h|8 years ago|reply
What? No, I expect them to invoke the 5th and shut up.
[+] [-] unknown|8 years ago|reply
[deleted]