Not that this is a good solution, but it is a semi-practical countermeasure: mashing the power button 5 times on an iPhone disables all biometrics immediately, starts an audible siren countdown, and calls 911 if not dismissed. Holding power + volume up for a few seconds disables biometrics silently. I long ago enabled the "10 failed logins in a row deletes the phone" toggle.
edit: There are two ways to disable biometrics for post-iPhoneX models, which are described above. Pre iPhoneX, there is no panic-mode-with-a-siren, but 5 clicks of the power button will disable biometrics.
I routinely do this before i go through the TSA complimentary-preflight-massage line, when i'm within about 50 miles of the mexico border, and whenever i'm pulled over at a traffic stop.
and i'm not even doing anything particularly interesting.
At least this case involved An Actual Warrant. It's not the best, but it's a whole lot better than the no-warrant scenario.
> holding power + volume up for a few seconds disables biometrics silently
I didn't know about this great shortcut until today. Note that it isn't particularly "silent", as it displays an "Emergency SOS" slider that, when canceled, prompts you for your password.
Apparently, saying "Hey Siri, whose phone is this?" will disable biometrics as well.
Finally, you may be interested in the "Police" shortcut[1], which sends a text to a contact, starts recording voice and video, and saves it to the cloud.
> Apparently, saying "Hey Siri, whose phone is this?" will disable biometrics as well.
This does not work on 7+, at least. Nor does holding side button + volume up. Pressing the side button 5 times will bring up the emergency screen (just press "cancel" when it shows up) and disable biometrics.
Confirmed both the Hey Siri and Power+Volume tricks do work on an iPhone 8-Plus running iOS 12.2. Wonder if it doesn’t work on older phones, but surprised it’s not tied to iOS version.
it's audibly silent -- on post-iPhoneX models, clicking power 5 times will emit a siren tone and then autodial 911 in addition to locking out biometrics.
power + volumeup displays on the screen but does not emit a noise.
I think the police shortcut got nerfed with 12.2, but I'm not sure.
> I long ago enabled the "10 failed logins in a row deletes the phone" toggle.
Unfortunately this is not adviseable if you have small children. A relative of mine saw her phone get wiped after letting my toddler fiddle with it for a few minutes.
This happened to a coworker of mine once. The feature was turned on by our IT department after he set up his work email on the device so he didn't really know about it.
He came to work one day pretty upset about Apple's "Delete your iPad when your kid plays with it" feature.
I have a strict policy to not let my kids play with phones. (Books and toys are plenty fine.) And I don't let my phone hang around and used as a passive toy (in locked mode) either. Yet more than once my phone has been "found" and the max password attempt has been triggered. It happens really easily despite my efforts.
Now in the grand scheme of things, this is just an annoyance as I can restore the phone from up-to-date backups. If someone is concerned enough, they could also toggle the wipe feature on/off based on their travels and live with the risk of an accidental wipe knowing that things can be restored.
Sounds like it was a personal device that had access to work email. That's a whole other issue that I wish had a better option than "adding your work accounts lets anyone using the phone see them."
Correct. I think it takes something like a total of 4 hours of failed password logins to trigger a wiped phone. That is a long time to be worried about your kids playing with the phone.
Once the phone is wiped you can restore the phone from backup. If you allow kids to play unsupervised with a phone for 4 hours, I hope you have it backed up for a variety of other worse case scenarios.
>mashing the power button 5 times on an iPhone disables all biometrics immediately, starts an audible siren countdown, and calls 911 if not dismissed
While you could do this before the police took position of the phone, it's important to point out that making any changes to the phone after it's in their possession, without permission, would be considered tampering with evidence.
So, disabling biometrics before going through TSA is probably OK. But mashing your finger five times on the power button when the police told you to unlock it will most likely result in some criminal charges.
You have to weigh the consequences. Let's say your phone has incontrovertible proof that you murdered someone, and you live in a state with the death penalty. The few years of prison you get for tampering with evidence is better than being executed, right? So it's still good to know.
> While you could do this before the police took position of the phone, it's important to point out that making any changes to the phone after it's in their possession, without permission, would be considered tampering with evidence.
It's obstruction either way.
Competent departments know to store the phone in a Faraday bag to prevent this, so it's not always an option in the first place.
The mashing of the power button works but the "power + volume up" only gives me the option to turn of the phone. It does not do anything for biometrics. iPhone 7.
On the iPhone Xr power + volume down brings you to the emergency call screen and disables faceID. Technically either volume button works, but if the phone is awake power + volume up just takes a screenshot. On my Xr with apple pay enabled mashing the power button 5 times just brings up apple pay, puts the phone to sleep and then wakes it back up.
I'm not sure if it's the same on other iPhone X models.
If you have a newer version of android (oreo I think? Not sure, I have a pixel), you can enable "lockdown"
Lockdown brings up a menu when you press and hold the power button to disable the fingerprint reader for the next unlock.
It's not on by default, you have to turn it on in the settings.
What I do on my Pixel 2 is use the wrong finger 5 times to force passcode / pattern entry, though I'm not sure if it resets after a certain amount of time or forces the next unlock to be passcode / pattern. Still might be useful in a pinch or if being coerced to unlock the phone under duress.
> I routinely do this before i go through the TSA complimentary-preflight-massage line, when i'm within about 50 miles of the mexico border, and whenever i'm pulled over at a traffic stop.
These are all unnecessary, to various degrees. Compelling your fingerprint requires a warrant, which officers had in the linked case. The controversy is whether a search warrant of a property extends to compelling a fingerprint, not whether officers can go searching phones with abandon.
Specifically:
- TSA officers aren't police officers. They can search you because you're entering an airport, but you're free to leave at any time (though they can detain you until police arrive, as any citizen can).
- Within 100 miles of the border (not only the Mexican) officers can detain people momentarily or search vehicles to ascertain their citizenship. That's the only additional power they have, they can't search your phone (or even search your glove compartment) without probable cause.
- When you're pulled over for a traffic stop, a search requires probable cause.
You didn't mention the one time you might think about doing this: going through customs, where your 4A rights are weaker and less certain. If you're interested in learning more, US vs Cotterman is a good jumping-off point.
> When you're pulled over for a traffic stop, a search requires probable cause.
That's the theory. In practice police can get away with pretty much anything, and if you make it to the point where a judge is listening to you, he/she won't be sympathetic.
You've seen the videos where the idiot cop didn't realize his camera was on and filmed himself placing drugs? This didn't just happen once.
> if you make it to the point where a judge is listening to you, he/she won't be sympathetic
Do you have any evidence for this? Courts routinely suppress evidence.
> and filmed himself placing drugs?
I saw the video; it's bad and it's an injustice. No one was convicted of a crime in this case, though I suspect others likely plead guilty in similar circumstances given their incentives in our current system.
But why does that affects your decision to lock your phone? Are you worried police are going to illegally compel a fingerprint from you and then put something on your phone?
Of course I can't comment on all judges, but in my few interactions with them, the court sides with the police. Call it an anecdote if you want, but "citation needed" comments wear thin.
> But why does that affects your decision to lock your phone? Are you worried police are going to illegally compel a fingerprint from you and then put something on your phone?
I worry about every interaction with a police officer. They are the single biggest threat I ever run into.
But we have a court system that suppresses evidence that's gained from those violations, or any evidence that's found from information gained in those violations.
Do you have examples where courts have allowed that evidence to be used against people?
> They can search you because you're entering an airport, but you're free to leave at any time (though they can detain you until police arrive, as any citizen can).
If they can detain you then how are you free to leave?
>Specifically, Judge Judith Dein, of the federal district court of Massachusetts, gave agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) the right to press Robert Brito-Pina's fingers on any iPhone found in his apartment in Boston. The bloke was suspected to be trafficking guns, hence the application for a search warrant
Yesterday in the thread about the MA state police getting told they need a warrant for real time location date I said that MA judges will consider politics when reading the law. This is exactly what I mean. MA really doesn't like guns (this is a statement of fact, I'm not going to get into a discussion of whether that hate is justified). It's no surprise that a MA judge allowed the state to go after someone accused of a firearms related crime. Had this been the DEA asking for a warrant for a drug trafficker's phone the judge would likely have ruled the other way.
>Jacobsen notes that gun traffickers "often use cellular telephones to acquire or sell illegal guns" and that they are "normally maintained for reasonably long periods of time because they are expensive, can often be subject to long-term contracts that contain substantial penalties for early termination, can store large amounts of information, and do not easily wear out." He also notes that even when people buy a new phone, they will typically transfer the contents of their old phone onto it.
What BS. People who make their living trafficking in illegal things use burners for their business. Everyone with a brain knows this. The ATF know they are not likely to find anything on that phone they don't already know. The ATF is just looking to set a precedent and they picked a forum likely to let them set that precedent.
FYI the second page of this article includes a pretty good summary of relevant case law to date.
In related context about MA judges arbitrarily applying or not applying the law, Judge Shelley Joseph was charged yesterday with improperly ending court proceedings and aiding the escape of a felon.
You are confusing the state and federal judges. The new MA law doesn't apply to federal agencies and this was a federal judge not a state judge and the ATF is a federal agency.
Districts and states more or less align. You're not going to get a judge who's worked their career in Arkansas appointed to a federal position in MA unless there's some edge case political shenanigans going on. For all practical purposes this guy is an MA, or at least New England judge.
>The new MA law doesn't apply to federal agencies and this was a federal judge not a state judge
There is no new MA law relevant here. I'm simply contrasting this with the ruling discussed yesterday.
This is one of those issues where Federal judges in different states have ruled differently, so eventually the Supreme Court will have to weigh in on the issue.
For instance:
>A US judge last week denied police a warrant to unlock a number of devices using biometrics identifiers like fingerprints and faces, extending more privacy to device owners than previous recent cases.
The order comes from Northern California Federal District Judge Kandis Westmore in response to a request by the government to search and seize the devices found at a premises in Oakland, California, connected to two suspects.
The judge… made clear that she believes device owners should not have to testify against themselves, in accordance with US Fifth Amendment protection.
"Even if probable cause exists to seize devices located during a lawful search based on a reasonable belief that they belong to a suspect, probable cause does not permit the Government to compel a suspect to waive rights otherwise afforded by the Constitution, including the Fifth Amendment right against self-incrimination," she wrote in her order.
In one case the police have a suspect in custody and strong evidence that they were engaged in illegal arms dealing, and are looking for specific additional evidence.
In the other, the police are basically going on a hunch, with suspects not in custody, and seeking to search the phones of a broad group of people for a broad array of evidence that they don't have good reason to believe exists.
It's not as simple as "Can search phone? YES or NO" if the cops were asking to search filing cabinets, the rulings would be the same.
This doesn't seem surprising to me considering Forced fingerprinting, photographing and measuring has been part of the law for some time and held up in the supreme court. Even forced DNA samples and I believe blood samples are allowed.
My understanding is that those things are not considered testimony unlike forced password production.
A related distinction is made between being forced to surrender a key to a safe vs the combination to the safe. One is physical the other is testimony.
Basically, biometrics aren't protected like knowledge (a password) is. Fine, sometimes the old ways are best.
Here's hoping the next big feature for iOS and Android is a panic passcode that unlocks a totally banal version of the OS. That's the one of two places I see this ending, the other being always-on government (possibly corporate) spying embedded.
Well, alternatively the officer could ask you if you used the 'panic passcode'. If you say you did, they'll ask you to put in the real passcode. If you say you didn't, they can withhold your phone and if they find out you did, they can arrest you for lying.
So you're saying you need a N+1 panic codes to prove it wasn't your panic code.
That's why this should be done at the manufacturer level. If all iPhones, say, have this feature built in, then it works. But if it's a default-off feature, having it enabled makes it useless.
Though it appears that most of the conversation here is about the Apple OS - many of us are using Android. The only "emergency" action I know of on Android is to simply turn your phone off if you can. When it reboots - the password is required before bio-metrics are re-enabled.
On Pixels at least there's an optional lockdown button in the power menu. Disables all biometrics/smart lock, hides all notifications on lock screen, and more importantly doesn't say anything like "locked manually".
Which is good, but you have to unlock it first to get that screen to come up.
It would be nice if holding the power button down, or like others have said, using certain fingers, would put it in lockdown mode.
Ah, interesting. I was replying to the point about rebooting disabling biometric login, and glossing over the "only". (This probably explains the downvotes on my comment.)
This was to be expected for years. The court could always force you to do something just not reveal what you know.
Of the 3 factors, something you have, something you are, and something you know, only "something you know" is protected from warrant. They can seize your 2 factor key, they can use your fingerprint, they can use your face. They can't force you to tell a password.
This is why fundamentally killing passwords is a bad idea, because of rulings like this.
I mostly agree with you but there is no reason you can't have a strong passcode on your phone that protects your accounts using something other than passwords.
Whilst I applaud and appreciate the sentiment behind the various technological workarounds suggested here (killswitches, canaries, extra levels of security, etc.) do bear in mind that the legal/justice system is not an algorithm that works and operates like code. There are no clever tricks.
I'd say at one point there was a fairly good weighting between "letter of the law" vs "intent of the law". Where the intent of the law mattered and was considered in cases.
I haven't seen much good faith consideration of intent of the law in a long time. More and more I find we're just following the letter of the law as closely as possible - reverting to precedent when it exists.
Given this tendency... Law is EXACTLY like an algorithm that works and operates like code. It is riddled with clever tricks and often explicitly allows precisely following the letter of the law while shitting all over its original intent.
And we will complain about this here on Hacker News and the American public still won't give a flying fuck...I wonder if our "democracy" will stop being such a disappointment in our lifetimes. And I say it in quotes not because I have any opposition to democracy but because our "representatives" and unelected members of government regularly act against our interests. The system is broken.
There is no difference between a cop pressing a finger against a fingerprint reader to unlock a phone to gather evidence, and a cop pressing a finger against an inkpad (or scanner) to collect a fingerprint to compare to one found on an object or surface found at a crime scene.
If law enforcement suspects your fingerprints are on a crowbar found at the scene of a bank robbery, they tell a judge, present their evidence, and get a court order for you to press your finger on a fingerprint scanner.
If law enforcement suspects your fingerprint will unlock your phone and your phone as evidence of a crime on it, they tell a judge, present their evidence, and get a court order for you to press your finger on a fingerprint reader.
The difference is in scope. So if you open a person's phone, you can potentially access their correspondence, browsing history, banking history, location history, etc.
If you take someone's fingerprint to match against a fingerprint you already have, all you get is confirmation of something you suspect.
It’s not just your phone, and a warrant isn’t always needed thanks to this precedent. Police are able to search without a warrant under many circumstances. For example, they could pull you over, give their dog a command to “hit” on your car, claim the dog smells drugs to search your vehicle, and force anyone in the vehicle to unlock their phones if they’re using biometric security.
Its not just police being able to force to unlock your device. The idea of possession alone for security authentication is generally very problematic. Its only introduced out of convenience, which is generally not a good sign when it comes to security. Opsec unfortunately is and remains rather difficult.
So, when do we get an interpretive dance based unlock?
I'd almost be okay with it if I had the satisfaction of knowing some poor bastard out there had a job that basically boiled down to trying to figure out how the user would dance with a cellphone.
Bonus points in that security minded people would get some much needed exercise.
That, ignoring that warrant signing might be rubber stamp in some courts cause that is a different issue, is an ok compromise between privacy and enforcing laws.
Just don't use biometrics to unlock your phone. It seems silly to me to discuss ways to disable the biometrics on-demand.
It still reduces to something you can be compelled to produce (your finger) vs. something you must remember (your passphrase). Now, you might end up spending time in jail to help your memory, so there's that to think about too.
I'll stick with the passcode. It places the ball into my court automatically.
Or if they have a newer iPhone they just hold it near their face. They don't even need to touch the person. It means someone can take your phone while you are sleeping and unlock it as well. Glad my kids don't realize this yet.
In theory, that's not supposed to work, as FaceID has an "attention check" to make sure your eyes are open and looking at the phone. I don't know how robust this is, but perhaps your kids could do some tests?
do it with the siren and call 911 :D now you have 2 officers forcing you do use your appliances :D
in my country, police take what they want. they just do, and you can buck up and fuck off if u don't like it. and to be honest, thats how police should be. that being said, they don't randomly beat people up so much :D so perhaps our people are still a bit more forthcoming to them
People who refuse all government intrusion on privacy, including search warrants, regardless of circumstances, altogether, have logically consistent position. People who accept that government can overrule any privacy that you might have for the purposes of investigation also have logically consistent position.
But people who, on one hand, don't have any problem with things like search warrants to go through suspect's home, but at the same time treat any intrusion to suspect's digital privacy as a violation - this viewpoint I find very weird and contradictory.
"this viewpoint I find very weird and contradictory"
There are very few things at the intersection of society and justice (like law is) that are logically consistent.
This is by design, because people are not logically consistent in how they operate (provably so, in fact). Maybe in a few million years depending on how we evolve.
But for now, I'm not sure why you would expect anything else.
This is similar to the old saying of "in nature, the optimum is rarely at the extremes"
The extremes tend to be the most logically consistent positions.
Contemplate computing devices as direct extensions of one's mind. There's a long held philosophical right to not incriminate oneself that even extends to spouses.
The justification for this paradigm is so that technology augments human intelligence (functioning as agents for each of us individually), as opposed to islands of human intelligence being left at the mercy of technology.
Imagine if that devices you interacted with for a significant part of the day were all bona fide agents of the state, and you could never actually trust them with your raw thoughts. I know with the deluge of proprietary apps and pervasive surveillance it can still effectively feel that way for the technologically illiterate, but that's a temporary condition and far from calcifying it as uniform policy.
And sure, the same argument could be applied to paper records (bookkeeping) or other close personal possessions, yet hasn't been. But what's forcing the issue now is the sheer level of advancement of computational intelligence.
edit: There are two ways to disable biometrics for post-iPhoneX models, which are described above. Pre iPhoneX, there is no panic-mode-with-a-siren, but 5 clicks of the power button will disable biometrics.
I routinely do this before i go through the TSA complimentary-preflight-massage line, when i'm within about 50 miles of the mexico border, and whenever i'm pulled over at a traffic stop.
and i'm not even doing anything particularly interesting.
At least this case involved An Actual Warrant. It's not the best, but it's a whole lot better than the no-warrant scenario.