Good afternoon and welcome back to another post from ToBeSecured. The thought of posting to my blog for this week has been hanging heavy over my head since Monday. This does not equate to lack of interest in my blog anymore, but lately the topics hasn't been intriguing or relatable to my blog. Until I received an email earlier this morning of course. I must say my coworkers and peers are truly feeding my hunger for more interesting topics and conversations to express in my blog. I have been getting some critical feedback as well as more interest into ToBeSecured, which I am excited about the most.
On today's topic, we will be discussing the debate about the ways to decrypt your phone and which part of the constitution governs compelled decryption. As you all know there are different ways to unlock your phone now, for example passwords, FaceID, and fingerprints. Or you could have a phone with no password, but where is the security in that?
In my opinion, you should have a password on all of your devices for confidentiality purposes. As we all know, technology, phones specifically, have become our lives. Everything about us is stored in a single mobile device or multiple that, if hacked or compromised, would leave us devastated or stressed out. I've had this conversation countless amount of times and it is interesting how it has resurfaced to turn into a debate. How many of you, if right now your phone was compromised or someone asked you to unlock it, you would be worried? Not even at the idea of you haven't had the chance to delete certain things you don't want them to see, but because of financial accounts, social media passwords, text messages, emails, and other important information stored inside. Well, what if you were forced to decrypt your phone whether manually typing in your password, scanning your face, or pressing your thumb against your home button?
In Hong Kong, there are protests ongoing because faces are becoming weapons in a sense that policemen are forcing "suspects" to reveal their identity to unlock their mobile phones. Protestors are also utilizing an application that lets you identify policemen who are not wearing identifiable information while on or off the job by comparing photos collected online. The quest to identify protesters and police officers has people in both groups desperate to protect their anonymity. Some fear a turn toward China-style surveillance. China-style surveillance has turned to closed circuit television cameras being installed at areas under their purview or public places for security and monitoring purposes. Colin Cheung was arrested for suspicion of “conspiring and abetting murder,” subscribes to the “Dadfindboy” channel, although he denied being among its founders as the police have said and he condemned posts calling for violence. He believes he was targeted by the police because he developed a tool that could compare images against a set of photos of officers to find matches — a project he later abandoned. The police wrestled with him in an unmarked car because they needed his face. They tried to pry open his eyes themselves, but that was no use because he disabled his facial recognition feature login with a mash of a button as soon as they grabbed him. The authorities are tracking protest leaders online and seeking their phones. Many protesters now cover their faces, and they fear that the police are using cameras and possibly other tools to single out targets for arrest.
In the article I read from The Technology Review, the author spoke about American cops most likely not resorting to forcing someone's eyes open, but they can give an order known as "compelling decryption" - commanding you to look at a phone or unlock it using your fingerprint. The debate is around the idea of whether this should be the case or not and if it violates the fifth amendment of the constitution. For years government officials in the US and elsewhere have complained about the “going dark” problem—that as it’s become more common for smartphones and computers to encrypt the data stored on them by default, it’s becoming more difficult for authorities to get hold of that data for crime-solving or anti-terrorist purposes. Government officials have called for companies to build encryption “back doors”— also known by euphemisms like “special access” or “responsible encryption”—into devices like smartphones. Though many details of the functionality are still very much in the air, they would effectively allow the government—subject to a court order—to unlock an encrypted device. Not only are back doors insecure, they would only be an addition to the already long list of ways to invade users' privacy. The precise issue or risk depend on the solution, but the general threat is that any back door will inevitably be used by more than just authorized government agents, which could be disastrous for economic and national security. The only way to access the inside of a phone before fingerprints and FaceID was invented was passcodes you had to enter manually. Some courts have treated passcodes as “testimony” under the Fifth Amendment, ruling that people cannot be compelled to give them up and potentially incriminate themselves.
Here's an excerpt from the article: Why smartphones’ “cop mode” might not keep cops out for much longer.
"Overturning a lower court’s decision, Judge David Nye asserted that there is no testimony in biometrics—indeed, barely any thought at all on the part of the suspect. If “the government agents pick the fingers to be pressed on the Touch ID sensor, there is no need to engage the thought process of the subject at all in effectuating the seizure,” Nye wrote in his decision. “The application of the fingerprint to the sensor is simply the seizure of a physical characteristic, and the fingerprint by itself does not communicate anything. It is less intrusive than a forced blood draw. Both can be done while the individual sleeps or is unconscious.” Biometrics are looked at differently than passcode. Apparently, if an agent asks you to apply your finger to your touch ID sensor or place your face in front of a phone, they are simply asking for the seizure of a physical characteristic whether face or finger. In this case, they are implying that it is not a way of communicating, compares it to a forced blood draw, and says that both can be done while the individual is sleep or unconscious. Before reading this post, if you were to ask me how courts view passwords versus fingerprints or FaceID, I would not be able to contrast them. A way of encrypting your data should not determine if it violates an amendment or not because the data or information inside the device belongs to you and at the end of the day, we are making the decision to give them access to it or not. To put it in a broader perspective, only creating a passcode to enter manually is the safest way versus having that extra protection of FaceID or fingerprint encryption.
There's also the debate about which amendment biometrics decryption should be governed by. Some argue that forced unlocking of a phone should be governed by the Fourth Amendment, the protection against unreasonable searches and seizures. If law enforcement passes that test (e.g., by getting a search warrant), then the Fifth Amendment shouldn’t block compelled decryption, whether it’s using a passcode, a fingerprint, face recognition, or any other method. If compelled decryption is ruled to be legal, there is an alternative for users who want to protect their data. It’s a method that’s already become popular with protesters in Hong Kong. Dubbed “cop mode” by fans of the feature, it involves—on an iPhone—pressing the power button on the right and volume button on the left for five seconds to disable biometric unlocking and require a passcode instead. Google’s Android has a similar feature in its settings. With a few quick button presses, biometrics are turned off. Passwords can be forced out of you too, of course, but it’s not as easy. A password is a secret inside your brain. FaceID or a fingerprint is who you are.
Police and government officials are only exploiting technology as an advantage to invade a person's privacy and in some cases, not even the law can protect against being secured with your own data. Of course, if a crime has been committed, there should be a seized document to collect the necessary information tied into the crime, but adding on ways to spy into a person's life will only create more chaos.
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Which do you prefer? Facial recognition or fingerprint encryption? If you can recall the title of the post I wrote about fingerprint ID, comment the title of it below. In addition, remember that one way of security may sometimes be better than all or many ways.
Do unto others as you’d want others to do unto you. Therefore, I feel as if the playing field will only be fair. i truly feel as if your post summarized the “art” of war going in China. The flabbergasting component of it is that the goal is to use someone else’s bodily features to forcefully reveal their identity. However, I do not believe the United States will get to this point because of the accountability components and lawsuits that can be pursued by these forceful actions. Nevertheless, I’m interested in hearing your side. Thanks for another great read TBS!