Feds can't get into New York City mayor Eric Adams' phone

I know scotus are ripping up the constitution, but doesn’t the 5th protect you from handing over a password? Istr that eff were saying that in America passwords had more legal protection than physical keys

2 Likes

Perhaps is Love, Sex, or God

I know this isn’t Slashdot, but here’s the obligatory XKCD reference.

security

7 Likes

IANAL, but not passively. Invoking the 5th amendment isn’t an admission of guilt, but it’s not some kind of presumption of privacy, either. It means declaring to the court that he thinks the information on the phone will incriminate him in a crime(maybe other crimes), and he is exercising his right not to incriminate himself.

Saying he changed and then forgot the password is an obvious lie, but it’s far more spin-friendly than pleading the 5th.

2 Likes

It’s complicated. And the ACLU is trying their best to bring it to the way that seems obvious to most people – Police Should Not Be Allowed to Compel Our Cell Phone Passwords | ACLU

At least thanks to Riley v. California - Wikipedia , they need a warrant to search digital content on your cell phone. So that’s progress.

5 Likes

I don’t remember the specifics, but I recall it being something like this: you can’t be coerced into giving up your passcode (something in your head), but biometrics (something on your body) are fair game. Putting the phone in front of your face or placing your finger on the sensor to unlock it would survive a legal challenge. (IANAL and this is not legal advice. This is just what I remember reading.)

It of course doesn’t stop the government from trying to brute force your device. If they have been trying unsuccessfully for over a year to unlock it, it makes me wonder what kind of device it is and how it was protected. Usually it seems like these things can be bypassed pretty quickly with specialized devices.

3 Likes

It’s a very ordinary iPhone. That’s all it takes.

The only way police have found workarounds to break into protected iPhones (and other devices) is to install some spyware on a phone, or to sell a phone with spyware already installed. If they don’t already have a foot in the door, they’re not getting access without the password.

iPhones (again, others too) have some very solid security. The device data is encrypted and unreadable to anyone without the password. Bruce Schneier said (way back in the 90s): “There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.” He wrote a book with details and guidelines of how to implement the second kind. Most of the methods he wrote about then are still impractical to crack, no matter what budget you have for the problem.

The “GrayKey” device mentioned above is still just a brute-force password-guesser: it runs through millions of common and likely passwords. If you picked something that isn’t common, like a random combination of 40 numbers and letters, then the device won’t succeed. To attempt every possible combination of a 40-character passcode would take a supercomputer over a million years.

It’s a bit astonishing that a little battery-powered device you barely notice in your pocket can throw up a barrier that can block literally all the computing power in the world. But as near as we civilians can tell (and the Snowden leaks confirm), it’s true.

4 Likes

IANAEE (I am not an encryption expert), but there are more layers to the GrayKey onion than simple brute force.

If your phone has been rebooted but not unlocked, it’s brute force all the way. And lots of luck to The Man cracking that given a well-chosen password.

But if you’ve unlocked it after rebooting, it’s in a different security state. And in this state, they can extract files WITHOUT knowing the password. From Wired:

When an iPhone has been off and boots up, all the data is in a state Apple calls “Complete Protection.” The user must unlock the device before anything else can really happen, and the device’s privacy protections are very high. You could still be forced to unlock your phone, of course, but existing forensic tools would have a difficult time pulling any readable data off it. Once you’ve unlocked your phone that first time after reboot, though, a lot of data moves into a different mode—Apple calls it “Protected Until First User Authentication,” but researchers often simply call it “After First Unlock.”

In this AFU state, some keys are decrypted themselves and floating around in quick access memory, ripe for the picking for the right exploit (which GrayKey and its ilk offer).

The solution? If you’re about to have a LEO encounter, turn your phone OFF (which, of course, ex-cop Adams would know).

6 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.