The MyColorado FAQ explicitly states that an officer cannot take your phone, even if they think your digital ID is fraudulent. This whole article is a ton of fear mongering. Digital IDs do not require you to give your phone to anyone, they do not require you to unlock (unless it’s a state specific app), and even if its a state specific app the cops aren’t allowed to take it anyway.
alyaza@beehaw.org 5 weeks ago
In Riley v. California, the Supreme Court unanimously held that police need a warrant to search through cell phones, even during otherwise lawful arrests. But if you hand over your unlocked phone to a police officer and offer to show them something, “it becomes this complicated factual question about what consent you’ve granted for a search and what the limits of that are,” Brett Max Kaufman, a senior staff attorney in the ACLU’s Center for Democracy, told The Verge. “There have been cases where people give consent to do one thing, the cops then take the whole phone, copy the whole phone, find other evidence on the phone, and the legal question that comes up in court is: did that violate the scope of consent?”
If police do have a warrant to search your phone, numerous courts have said they can require you to provide biometric login access via your face or finger. (It’s still an unsettled legal question since other courts have ruled they can’t.) The Fifth Amendment typically protects giving up passcodes as a form of self-incrimination, but logging in with biometrics often isn’t considered protected “testimonial” evidence. In the words of one federal appeals court decision, it requires “no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”
it’s unbelievable that there is a distinction in US caselaw between giving up your biometrics and giving up your password, and your essentially unchangeable biometrics are somehow the one you’re probably obliged to give to the cops if they ask. just an incredibly goofy system
tyler@programming.dev 5 weeks ago
alyaza@beehaw.org 5 weeks ago
The MyColorado FAQ explicitly states that an officer cannot take your phone, even if they think your digital ID is fraudulent. This whole article is a ton of fear mongering.
no offense but: even if you were to grant the notion that this is an exaggerated problem–cops are not well known for their rigorous adherence to the law or proper legal procedure. they routinely fuck up and violate civil liberties, up to and including murdering people for arbitrary reasons. and unless police are held accountable (which they almost never are for a variety of systemic reasons), what a state says they cannot do is effectively meaningless. it’s just words on a screen, really.
teawrecks@sopuli.xyz 5 weeks ago
I would agree with you if we’re talking about something like the ability to search a car, where the cop is not allowed to without the owner’s permission (assuming no probable cause or warrant). In that case the cop usually figures out a loophole to manufacture probable cause or manipulate the owner into agreeing to a search. And then there’s nothing a lawyer or judge can do later, because it’s the cop’s word vs yours.
But if we’re talking about a law that actually says the cop cannot take your phone no matter what, and they do, then any public defender would be able to point it out and the judge would certainly have to enforce it. I can’t think of a way the cop would abuse their power because, in this case they don’t have it.
I could be convinced based on the actual wording of the law, though.
alyaza@beehaw.org 5 weeks ago
But if we’re talking about a law that actually says the cop cannot take your phone no matter what, and they do, then any public defender would be able to point it out and the judge would certainly have to enforce it. I can’t think of a way the cop would abuse their power because, in this case they don’t have it.
they can abuse their power because they’re a cop, with a badge and gun, and the right to maim or literally kill you with it (and probably get away with it even if it’s not strictly legal) if you don’t comply with their demands in the moment. again: cops consistently do not care about or follow legal procedures they’re supposed to, frequently fuck up those procedures even when they *do, and most cops probably don’t even think of it as their job to secure some airtight case that stands up to legal scrutiny. it’s not a profession that lend itself to the kind of charitability that’s being given here, and the record of the profession has even less of a record deserving of that charitability.
tyler@programming.dev 5 weeks ago
It doesn’t really matter if they do take your phone in the end anyway. If it’s that clear cut illegal then anything they manufacture as evidence wouldn’t be admissible in court…no matter what.
p03locke@lemmy.dbzer0.com 5 weeks ago
I have a question: Is a FAQ case law?
t3rmit3@beehaw.org 5 weeks ago
Never use biometrics. It’s just not either the tradeoffs.
Overzeetop@beehaw.org 5 weeks ago
Something you have, something you are, something you know. Are you willing to give up proper security for your cause?
t3rmit3@beehaw.org 5 weeks ago
When it’s being employed properly, it’s absolutely an important tool, but on-device biometric data stores (e.g. Apple’s secure enclave, or a TPM chip) aren’t the proper implementation. Nor is using biometrics as your primary auth method.
NIST standards for biometrics require the biometric data be stored on a secure remote server, and that the scanner device check against that during auth. Putting the biometric data on the device means that you’re losing a big part of your non-repudiation.
And it’s even worse when you’re using a secondary factor (biometric) as your primary factor (e.g. a phone unlock), that grants access to your other factors like password store and MFA tokens.
Biometrics are never supposed to be a single-factor auth method when used properly, but that’s how most people use them now.
If your phone requires a passcode, a TOTP grant, and a biometric scan, by all means, please do employ biometrics, but if it’s going to be your only factor, DO NOT.
ravhall@discuss.online 5 weeks ago
If you have an iPhone, you tap the power button 5 times to make an emergency call, after that cancel it and the PIN is required to open the phone.
B0rax@feddit.org 5 weeks ago
Or hold the power button and any volume button for 3 seconds. Same result.
SteleTrovilo@beehaw.org 5 weeks ago
Law enforcement has been collecting fingerprints for over 100 years now, and the history of using fingerprints for other reasons goes even further back.
The error here is that we decided to start using an easily obtainable piece of data as a “lock” on our phones and computers. For many reasons, it’s better to use a password or PIN.
darkkite@lemmy.ml 5 weeks ago
i don’t believe stored fingerprints can actually be used on modern devices
teawrecks@sopuli.xyz 5 weeks ago
It’s much more worrying how often face unlock works with a simple photo.
B0rax@feddit.org 5 weeks ago
Only on devices that don’t use a 3D authentication, which for example the iPhone uses.