back to article Smartphone passcodes protected by the Fifth Amendment – US court

The Feds can't make suspects give up their company-issued smartphone passcodes because doing so violates the Fifth Amendment of the US Constitution. So ruled Judge Mark Kearney of the federal court in East Pennsylvania in the case of Securities and Exchange Commission v Huang, an insider-trading case brought against two ex- …

  1. JeffyPoooh
    Pint

    Unsolder the flash memory ICs, and then read them

    If the SEC can't figure it out, hire a hacker.

    1. Mephistro
      Joke

      Re: Unsolder the flash memory ICs, and then read them

      Dear Mr. Uang:

      Please stop using these silly social engineering tricks to try to make us destroy the evidence.

      Thank you.

      The Plod.

    2. Voland's right hand Silver badge

      Re: Unsolder the flash memory ICs, and then read them

      SEC can and should have figured it out. According to their rules the bank should have (by whatever means necessary) kept a copy of all messages and ensured that the messages traverse the bank audit system so they are stored there.

      I am surprised that SEC has not nailed Capital bank for violating their rules to the tune of a few million.

    3. Anonymous Coward
      Anonymous Coward

      Re: Unsolder the flash memory ICs, and then read them

      iOS devices are encrypted by default these days, aren't they?

      If Apple have implemented it properly, then the encryption key will be stored inside a secure module which will only release it if sent the correct passcode; and if you send the wrong passcode too many times, it erases the key.

      This appears to be what they've done:

      http://smallbusiness.chron.com/happens-enter-wrong-password-iphone-many-times-69874.html

      https://support.apple.com/en-gb/HT204306

      (Aside: this means it's very easy to annoy an iPhone user by wiping their device)

      If you want to get around that, you'll have to crack open the secure module and examine it using something like a tunnelling electron microscope. That's assuming the secure module doesn't have defences against being opened.

      1. Anonymous Coward
        Anonymous Coward

        Re: Unsolder the flash memory ICs, and then read them

        ... or just ask siri what the time is.

        Surely that's slightly simpler?

      2. Anonymous Coward
        Anonymous Coward

        Re: Unsolder the flash memory ICs, and then read them

        If you want to get around that, you'll have to crack open the secure module and examine it using something like a tunnelling electron microscope. That's assuming the secure module doesn't have defences against being opened.

        It appears you have just produced an argument for a low iFixIt Repairability score :).

      3. stpete

        Re: Unsolder the flash memory ICs, and then read them

        And if you want to annoy someone who wants to annoy an iPhone user, just remind them that everything on that phone is probably on iCloud.

    4. Anonymous Coward
      Anonymous Coward

      Encryption & the 4th Amendment to the US Constitution

      “17. Azl Jan 26, 2012 4:34 PM CST” at the American Bar Association said it best:

      http://www.abajournal.com/news/article/judge_orders_mortgage_fraud_defendant_to_reveal_encrypted_contents_of_lapto/

      “Unlike files in a safe, the contents of an encrypted drive are entirely visible, just not understandable. A seized hard drive can have its contents examined right down the 1’s and 0’s of each bit, regardless of encryption.

      Thus, turning over the password does not hand them new information, like papers out of safe. Instead, it interprets the data they already have, but do not understand.

      It is precisely testifying against one’s self. It is the act of taking data the prosecution already has but does not understand and interpreting it for them so that they may use it against you.

      A better analogy would be a diary written in code. The government, which already HAS the diary, can see its contents clearly, but without your cooperation, cannot understand it.

      They are free to try and crack the diary code on their own [as they are free to try and brute-force your encryption] but to compel you to interpret it for them - to supply the meaning - is precisely the act of testifying against yourself. ”

  2. Mark 85

    Now it's clear...

    Why many government types here in the States push for "biometric" as opposed to password protection. This ruling just drives that nail home.

  3. Old Handle

    These cases seem to go either way, on fairly arcane procedural rules. I wonder how long it will be until we get a broader precedent (and which way it will go). I'm encouraged by the supreme court's ruling not that long ago that phones can't be searched without a warrant, but this is a separate issue, so who knows.

  4. Anonymous Coward
    Anonymous Coward

    so....

    If you are about to get collared by the US Police then power down your iPhone before that can cuff you.

    That way, any fingerprint unlocking bypass of the court ruling is null and void because for some strange reason iOS seems to want you to put in your passkey after a powerup.

    Perhaps for once Apple has done the right thing for its Hipster owners?

    I'm like the guys in the article in that I have a company iPhone 5s and I get to choose the passkey. Not that I have anything stored on it that could anyway incriminate me in any crime unless you think that having Office 365 (Word etc) on a phone is a crime? (Well I do but that is another story)

  5. James 51

    Where as in the UK refusing to hand over the password would be the way the police would get them when they can't do it any other way.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    in the meantime, passcodes are protected

    provided you're a citizen of the US of A. The rest of the world... well, it's waterboarding, or stoning. Take your pick.

    1. Anonymous Coward
      Anonymous Coward

      Re: in the meantime, passcodes are protected

      They just seem to get all muddled up about the an*l probing bit.

      AFAIK, that's done BY aliens, not TO aliens..

    2. steward
      Devil

      Re: in the meantime, passcodes are protected

      And only in the Eastern District of PA - other Federal courts are not bound by the decision.

  8. Steve Evans

    Meanwhile...

    In the UK... Failure to provide passwords/decryption keys upon demand is in itself a criminal act and punishable by 2 years iirc...

    So if you're going to hide something, you might as well make it a serious something which is worth more than 2 years!

    1. Anonymous Coward
      Anonymous Coward

      Re: Meanwhile...

      I believe as soon as your 2 years are up and you walk out of prison, they just ask you again.

      1. Jonathan

        Re: Meanwhile...

        really? - as they've gotten rid of double-jeopardy, i suppose they could

        1. Mark 85
          Big Brother

          Re: Meanwhile...

          It's not double jeopardy at all... refuse the first time, you get two years. They release you and ask again. You refuse, you get two years because this now a "new" offense. Ad nauseum ad infinitum ad mortem and if the device finally rolls over and dies, they'll probably keep asking and not believe that the device has died.

  9. Pascal Monett Silver badge

    A passcode is a thought process [..] whereas a biometric identifier is out in the open

    So, whatever you access by being you, is also accessible to the Government. Well that finally kills the "biometric security" platform in one fell swoop.

    Kudos there, maybe we'll finally stop hearing about that nonsense.

    1. Anonymous Coward
      Anonymous Coward

      Re: A passcode is a thought process [..] whereas a biometric identifier is out in the open

      Why do you think Apple added the fingerprint lock in the first place?

      Back door has more than one meaning Tim.

  10. Stratman

    Can they be ordered to unlock the phones themselves? That way they don't have to disclose their passwords to the feds, which seems to be the crux of this particular lawyer feeding frenzy.

    1. Steve Todd

      I think you'll find that still falls under the Fifth Ammendment. "Nor shall be compelled in any criminal case to be a witness against himself" means offering any evidence for their own prosecution, verbal or otherwise. The prosecution can present any evidence they can legally uncover, or is freely offered by a defendant, but they can't compel them to show where the evidence is or to testify against themselves. If the prosecution knew EXACTLY what was in the phone then they can subpoena them to produce the data, but as it stands they are only fishing.

  11. CrosscutSaw

    Why would they turn in phones with info

    If they had been smarter, they would have wiped their phones before handing them over.

    Even if they surprised them in a meeting, they could have "had to go to the bathroom real bad", then poof.

    Every job I've left, I clean house before I even put notice in.

    Can't the fuzz subpoena the cell phone text records?

  12. PacketPusher
    Meh

    But not on the border

    I seem to recall that there was a supreme court case where it was determined that you had to give passwords to allow computer searches if you were crossing the border.

  13. Looper
    Mushroom

    What iPhone? I only read SMART phone.

    Lots of mostly anonymous, snivelling cowardly ASSumptions going on here...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like