Stop Using Your Face or Thumb to Unlock Your Phone - eviltoast

Are there any legal experts that want to weigh in on this.

Can the police in New Zealand force unlock your device with your biometrics?

How does this work with NZ law?

  • hemko@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    23
    ·
    7 months ago

    IANAL but this seems to be pretty common all across the world. The usual recommendation is to put your phone in “lockdown” mode if there’s any suspicion you may get arrested. This prevents the phone from being unlocked with biometrics and require pin.

    You can do this either by restarting or turning off your phone, or a button combination (power + volume up on my android) and selecting lockdown.

    • NateSwift@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      17
      ·
      7 months ago

      Holding power + volume down in an iphone until the power off menu comes up disables faceid until you log in with your pin as well

      • Twofacetony@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        7 months ago

        Also for iPhone: If you press just the side button/lock button five times in quick succession, it will also go into lockdown mode and can only be unlocked with a pin. A little easier to covertly do as it’s just a button mash before you get nabbed.

    • absGeekNZ@lemmy.nzOP
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      7 months ago

      Thanks for the info, I doubt I’ll need it, but it is always good to know.

      Just a note, on a Samsung, go to settings and search for “lockdown” to enable the option, then hold the power button and the option is visible.

      • DarkThoughts@fedia.io
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        7 months ago

        At least on my stock Android Pixel you cannot use biometrics to unlock after a restart. So if you just hold down the power button to shut off the phone it would require a pin after booting.

        • SirSamuel@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          7 months ago

          Same on mine. The problem is I’m so dumb and absent minded I’d immediately unlock the phone again to browse Lemmy

          • DarkThoughts@fedia.io
            link
            fedilink
            arrow-up
            7
            arrow-down
            1
            ·
            7 months ago

            We’re talking about a hypothetical situation where you know you’re potentially about to get arrested. I doubt you’d be powering it off and then on again while you talk to the cops.

            • liv@lemmy.nz
              link
              fedilink
              arrow-up
              1
              ·
              7 months ago

              If you get arrested in NZ they can search your phone and impeding them is impeding a search. As far as I know the courts haven’t intepreted the right to not self incriminate as extending to passwords, so the difference in the article is immaterial.

    • ElderWendigo@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      6 months ago

      If you’re using Android you can automate lockdown mode using Tasker so that it can it can be enabled “passively”. For example, on my phone lockdown happens after: too many incorrect access attempts (bad biometric or passcode), any Bluetooth disconnects, any sudden shakes or jolts. So if someone takes my phone away from me, takes my phone from my car, or if I turn off my watch then lockdown. If someone fails to unlock my phone: photo taken, synced to cloud, phone lockdown. If my phone gets tapped, set down a little to roughly, or I get thrown to the ground or against a car with my phone in my pocket then lockdown. Sure, it means biometrics is often disabled on my phone, but now I find that reassuring.

    • umbrella@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      in my country they will just intimidate you to unlock it regardless of the law if they really want to

  • Dippy@beehaw.org
    link
    fedilink
    arrow-up
    14
    ·
    7 months ago

    My autistic ass who doesn’t use bioauthenticators thought this meant I shouldn’t enter the passcode with my thumb or nose

  • BalpeenHammer@lemmy.nz
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    7 months ago

    If you close your eyes the face id won’t work. I suppose the police could force you to open your eyes somehow but if they are going to do that they can force you to put your pin in too.

    • Fizz@lemmy.nz
      link
      fedilink
      arrow-up
      12
      ·
      7 months ago

      😌 “Look at this cute kitten” 😯

      They would get me every time.

    • Bread@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      I mean, they can’t force you to give up something you know if really don’t want to. Torture tends to be frowned upon in government.

      • BalpeenHammer@lemmy.nz
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        they don’t have to torture you. They can pressure you in all kinds of ways. Even mere threat of locking you up and throwing away the key would get you to unlock your phone.

        • Bread@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Psychologically, the best chance they have is convincing you to unlock it. However, a privacy focused user that takes the initiave to use a custom rom like grapheneOS and not use any services that will compromise your data if requested might as well not have their phone exist at all. If they don’t want you in, you are not getting in.

            • Bread@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              That’s not really the point. Innocent people have the right to not have their things searched and dug through. Every person has some level of privacy that they want to keep. Let’s say you have nudes from your significant other and yourself all over your phone. You don’t want that information being seen by anyone else because it was meant for you and you alone. I guarantee your partner doesn’t want random people seeing them either.

              It is well known there have been bad actors in the IT and police that will make copies of that for their own personal use while they are supposed to be doing something else. Would really want to risk that?

            • Bread@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              Let me clarify, legally speaking you do, but I am not arguing that. Practically speaking, that device can become fort Knox with a properly configured phone. Use a custom android ROM like grapheneOS and not use any services that can/will give you access to the content on your phone and that phone is practically useless to them. Even with a warrant, you aren’t beating today’s privacy and security practices without a major security flaw. If a person doesn’t want you to know what they have, they don’t have to give you anything.

              Will their be consequences? Probably, but that may or may not be worth it to you if you are a privacy activist who doesn’t want to be incriminated on a legally but not moral basis. Or you could be a criminal with something you really want to hide. Doesn’t really matter in the end.

  • liv@lemmy.nz
    link
    fedilink
    arrow-up
    5
    ·
    7 months ago

    I’m not a legal expert but as far as I know if the police are arresting you they can compel this in New Zealand. There is no difference in unlock methods. People get charges for not complying.

    This page seems to back this up but it is old.

    • Dave@lemmy.nzM
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      It links to the legislation which seems to support it:

      A person exercising a search power in respect of any data held in a computer system or other data storage device may require a specified person to provide access information and other information or assistance that is reasonable and necessary to allow the person exercising the search power to access that data.

      Effectively, if the police search is otherwise legal, then they can compel you to unlock your phone. If you don’t, you can get up to 3 months in prison:

      178 Offence of failing to carry out obligations in relation to computer system search

      Every person commits an offence and is liable on conviction to imprisonment for a term not exceeding 3 months who fails, without reasonable excuse, to assist a person exercising a search power when requested to do so under section 130(1).

      However, section 130 (2) says:

      A specified person may not be required under subsection (1) to give any information tending to incriminate the person.

      But clarifies in 130 (3):

      Subsection (2) does not prevent a person exercising a search power from requiring a specified person to provide information or providing assistance that is reasonable and necessary to allow the person exercising the search power to access data held in, or accessible from, a computer system or other data storage device that contains or may contain information tending to incriminate the specified person.

      So basically, if the data used to unlock your phone can incriminate you, you don’t have to provide it. But that doesn’t protect you from incriminating evidence on your phone.

      So I guess the moral of the story is that if you’re a drug dealer, make sure your phone password is “ImADrugDealer” and then you can’t be forced to provide that information. But I guess they can force you to unlock it without telling them the password? so I’m not sure what section 130 (2) had in mind.

      (I’m also not a legal expert 🙂)

      • liv@lemmy.nz
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        The moral of the story to me is leave your smartphone at home and just bring a dumbphone if you think you could be arrested.

        My dumbphone has a broken key and it is infuriatingly hard to unlock though so it might antagonize them.

        • Dave@lemmy.nzM
          link
          fedilink
          arrow-up
          2
          ·
          6 months ago

          Haha I think it’s probably best not to antagonise the police if you can help it!

          • liv@lemmy.nz
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            Exactly!

            It antagonizes the people in my life; that’s bad enough.

      • IIII@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        How are you supposed to prove that your password is self-incriminating without giving away your password?

      • kabi@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        This feels weird to me. If your password is “ILikePotato”, which is then used to decrypt a text file that contains “IStoleTheMonaLisaAndReplacedItWithAPhotocopy”, how is that any different in terms of “incriminating yourself” than if it was the other way around…?

        And if you actually forgot your password, that’s 3 months jail for you, because they’ll hardly believe you? Better have just one so you’ll surely remember!

        I wonder, if you use special markings to keep track of your illegal doings, and one of your notebooks is found during a search, are you required to assist in deciphering the contents of it? That’s basically the same thing as decrypting your hard drive.

        • liv@lemmy.nz
          link
          fedilink
          arrow-up
          4
          ·
          6 months ago

          If you have the Mona Lisa in your house then letting the police into your house incriminates you, but the whole point of the search is for them to be able to find it.

          I think the right to remain silent was meant to protect us from being tortured, not as a shield to hide things?

          • kabi@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            6 months ago

            But will you be punished for not telling them that the key is under the mat? They will get in either way. They can get into your hard drive with brute force too, it’s just a wee bit more trouble for them.

        • Dave@lemmy.nzM
          link
          fedilink
          arrow-up
          4
          ·
          6 months ago

          I think the point is that you can grant them access in 3 seconds, it’s not like you’re giving an onerous task to someone.

          While in implementation your notebook analogy may be right, in practice it’s more similar to the police searching your house and asking you to unlock the basement so they can search there too. It’s not exactly a big ask, it’s as simple as unlocking it with the key you have, so from a legal perspective it’s perfectly reasonable.

          From a privacy perspective it’s not great, but I’d argue the control should be on when someone is allowed to rummage through your stuff, it shouldn’t matter if your notebook is physical or on your phone. Practicality changes this of course.

      • Skeezix@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        I wouldn’t be too worried. 3 months in prison is what kiwis get for murder. You’re more likely to get a month holiday at home detention on xbox duty.

    • AwkwardLookMonkeyPuppet@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      Forcing someone to unlock their phone after being arrested for something unrelated, is no different than them forcing you to unlock your house so that they can rifle through your stuff looking for additional things to charge you with. It’s immoral, and it should be illegal. The government found new ways to circumvent people’s rights with the digital world, and they’re walking all over people’s liberty.

  • Nath@aussie.zone
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    For Android:
    Power+Volume up > Lockdown.
    Takes a fraction of a second.

    I assume iPhone has something similar.