Finger Prints Are Not Passwords
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.
Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.
-
And now more biometrics in the news: Yahoo considering ear biometrics.
-
@scottalanmiller said:
Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files, but you can be compelled through law to use your finger to unlock a device, this leads me back to you being surveilled and they KNOW which finger you use to unlock your device, so trying to use the wrong one and saying it doesn't work wouldn't be possible. While this isn't an actual issue today, in light of the Snowden revelations, it's only a matter of time before this type of information will be keyed in on during surveillance.
Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.
-
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
-
@Dashrender said:
Yes still very tin foil hat stuff, at this point to me it's more about what is possible so we as citizens can be prepared.
That's the biggest problem, though. The number of things that "are possible" are insane. Once we go down that path, none of this matters because they already have access to everything, everywhere. What information is on your device that they can't already get or get in some other way? They can grab your transmissions in and out, they can shim the device, they can pull the chips and unencrypt, etc.
Knowing what is possible is only marginally useful. Knowing what is practical is what we need to know for security. Otherwise we spend our time worrying about what isn't reasonable instead of focusing on what is. The most important aspect of security is practicality. Once you leave practicality behind, either you end up losing security or you lose the reason for the security.
-
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
You sure?
-
According to the current legal information from the EFF:
Even if you're arrested, police can only search your phone under limited circumstances.
After a person has been arrested, the police generally may search the items on her person and in her pockets, as well as anything within her immediate control, automatically and without a warrant. But the Supreme Court has ruled that police cannot search the data on a cell phone under this warrant exception.8 Police can, however, search the physical aspects of the phone (like removing the phone from its case or removing the battery) and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.
-
I didn't trust it from the beginning, the thought of it being leaked worried me, and guess what.....I was right. I'm safe.....well safeish
-
@scottalanmiller said:
and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.*
This exception is up to an officers subjective opinion. It's used all the time here by the county. The assume everyone is either a drug dealer or has a meth lab.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
You sure?
Happens a lot. Companies even have to give over Encrpytion codes for all data (and end users data) all the time. No idea what happens if you "forgot" it.
-
@thecreativeone91 said:
@scottalanmiller said:
and in situations where they actually believe evidence on the phone is likely to be immediately destroyed, police can search the cell phone without a warrant.*
This exception is up to an officers subjective opinion. It's used all the time here by the county. The assume everyone is either a drug dealer or has a meth lab.
If the police officer is taking the phone for evidence, they can't really can't still make that claim. If they can, then you are into the "no law applies here" and none of this matters since we are into the realm of them doing anything that they want.
The benefit of fingerprints being required and passwords not doesn't seem to work. Fingerprints can't be required by law. Once there is no law, they can beat the password out of you. Making the point moot.
-
@BMarie said:
I didn't trust it from the beginning, the thought of it being leaked worried me, and guess what.....I was right. I'm safe.....well safeish
But WHAT was leaked? A hash of your fingerprint? What difference does that make?
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Did you miss the point where I said you get grabbed? and therefore I assume they have the needed warrants? But even with a warrant, you can't be compelled to provide a password to protected files....
Is that true? I thought that the point of the warrant was to get access to more than they could get without one.
Yes it's true, a warrant can't compel you to give up a password, it's considered testifying against yourself, which you are protected from doing. But giving up your fingerprints is not protected I'm guessing because it's a physical thing that you leave everything.. if enough time is taken, the authorities could get your finger prints, then make a fake one to use to unlock your device themselves.
You sure?
That's definitely different than other trusted sources lead me to understand.
-
@Dashrender said:
That's definitely different than other trusted sources lead me to understand.
Check your sources. Are they quoting the laundry list of 2013 (this article was 2014) references to the opposite being true? Looks like there was reason to believe it in 2013, but nothing substantial, so everyone repeated it. But it got put to the test in 2014 and proved to not be what people had been saying.