SlideShare ist ein Scribd-Unternehmen logo

Fingerprints, Passcodes, and Self Incrimination - BSides Nova

Als PPTX, PDF herunterladen
Wendy Knox Everette
Wendy Knox Everette

You’re arrested and your phone is held up to your face to be unlocked by the arresting officer, then sent to a forensics lab. Dystopian future or one where FaceID collides with weak self-incrimination protections for biometrics? This talk will explain how your 4th and 5th Amendment rights interact with advances in biometric technology. Along the way it will offer design suggestions for creators of mobile devices and tips to end users.

Recht
1 von 55
Fingerprints, Passcodes, and Self Incrimination BSides NoVa 2018 Wendy Knox Everette @wendyck
I am a lawyer. I’m not your lawyer. None of this is legal advice. Flickr: jasmic
Wendy Knox Everette @wendyck Information Security Counsel, First Info Tech Services ZwillGen Fellow 2016-2017 GMU Law 2016, National Security Law Concentration Software developer, Amazon.com 2009-2013 Previously: Meetup, Google, Amazon.com
Let’s imagine
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
what’s “probable cause”?
Particularity Search warrants must specify place to be searched and items being looked for
Content v. Metadata Letter vs. a postcard
Other 4th Amendment Exceptions
Riley v. California
Carpenter v. US
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Foregone conclusion
US v. Fricosu: Can’t Refuse to Decrypt Hard Drive under Fifth Amendment
Not compelled self- incrimination because the government had already demonstrated that it knew of the existence of the computer files & it knew that Fricosu was the only user of the laptop
Doe v. US Can you be required to assist in gathering evidence?
Doe v. US Because the consent directive here is not testimonial in nature, compelling petitioner to sign it does not violate his Fifth Amendment privilege against self-incrimination
Holt v. US compelled “exhibition of the body’s characteristics” isn’t testimonial under the 5th Amendment
What does this have to do with your cellphone?
Biometric unlocks
What you know v. What you are
Biometric Locks & The Law: Yeah, it’s a mess
Fingerprint unlock is like giving a DNA sample – it is not seen as a testimonial act
What is testimonial
Doe v. United States, 487 U.S. 201 (1988) “In order to be testimonial,” the court wrote, “an accused’s communication must itself, explicitly or implicitly, relate a factual assertion or disclose information.”
"The Supreme Court has also long held that a suspect can be required to give his fingerprints….For devices that use the owner’s touch to unlock, the department may seek to obtain fingerprints to unlock a cell phone seized within the scope of a court- authorized search warrant if the court finds there is probable cause to obtain the fingerprints." - Peter Carr, DOJ Spokesman to Ars Technica
“Not testimonial- because you’re not using your brain. It can’t be testimonial if you can cut their finger off.” -Orin Kerr
Difference between using a fingerprint to identify a person and using one to gain access to all their digital data
"You can expect to see more cases where authorities are thwarted by encryption, and the result is you’ll see more requests that suspects decrypt phones themselves" "And by requests, I mean demands. As in, you do it or you’ll be held in contempt of court." - Hanni Fakhoury, EFF
If the police don’t know the phone is yours Or don’t know what’s inside Can you be required to unlock it?
If we can unlock one person’s phone…...
“The government submits this supplemental authority in support of its application for a search warrant which seeks authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be a user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant. The government seeks this authority because those fingerprints, when authorized by the user of the device, can unlock the device.”
What are the courts saying about decryption and the 5th Amendment?
Boucher
What can we learn from the 3rd party exception?
3rd party exception: you don’t have a reasonable expectation of privacy in information you disclose to a third
The Stored Communications Act does not require a warrant for emails over 180 days.
But service providers require a warrant now for stored content
What happened?
What if courts never begin to recognize a right to resist biometric unlocks?
Device Security
technical solutions to the 5th Amendment biometrics problem
Privacy v convenience
How do device manufacturers balance my privacy with convenience & usability?
people use biometric unlock because they’re fast and easy and making using your phone simple.
The self- incrimination issue is, at most, a distant afterthought for many users.
health data as evidence
Should we have to give up our civil rights for ease of use and being able to participate in a technological society?
So now what?
Balancing usability, neat new features & civil liberties
Enabling TouchID or FaceID is a risk-based calculation you should make yourself
Fingerprints, Passcodes, and Self Incrimination Thank you! Wendy Knox Everette @wendyck

Empfohlen

Fourth Amendment notes
Fourth Amendment notesFourth Amendment notes
Fourth Amendment notesJennifer Vogt-Erickson
 
4th amendment
4th amendment4th amendment
4th amendmentAaronChisholm
 
4th amendment
4th amendment4th amendment
4th amendmentrobbie59
 
Lesson 31
Lesson 31Lesson 31
Lesson 31guest6aeccb
 
Search And Sezuire Powerpoint
Search And Sezuire PowerpointSearch And Sezuire Powerpoint
Search And Sezuire PowerpointCarolyn Thompson
 
Chapter 8 - Conducting Constitutional Seizures
Chapter 8 - Conducting Constitutional SeizuresChapter 8 - Conducting Constitutional Seizures
Chapter 8 - Conducting Constitutional Seizureslisajurs
 
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14Joni Schultz
 
4th Amendment Search
4th Amendment Search4th Amendment Search
4th Amendment Searchbscritch
 

Empfohlen

Fourth Amendment notes
Fourth Amendment notesFourth Amendment notes
Fourth Amendment notesJennifer Vogt-Erickson
 
4th amendment
4th amendment4th amendment
4th amendmentAaronChisholm
 
4th amendment
4th amendment4th amendment
4th amendmentrobbie59
 
Lesson 31
Lesson 31Lesson 31
Lesson 31guest6aeccb
 
Search And Sezuire Powerpoint
Search And Sezuire PowerpointSearch And Sezuire Powerpoint
Search And Sezuire PowerpointCarolyn Thompson
 
Chapter 8 - Conducting Constitutional Seizures
Chapter 8 - Conducting Constitutional SeizuresChapter 8 - Conducting Constitutional Seizures
Chapter 8 - Conducting Constitutional Seizureslisajurs
 
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14
State of Louisiana v Sonny Barker_Objective Memo_FINAL_11_30_14Joni Schultz
 
4th Amendment Search
4th Amendment Search4th Amendment Search
4th Amendment Searchbscritch
 
Kplainview
KplainviewKplainview
Kplainviewsevans-idaho
 
Appellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) ArgumentAppellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) ArgumentJose Gerez
 
Chapter 7
Chapter 7Chapter 7
Chapter 7warren142
 
When Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your HomeWhen Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your HomeTom Petersen
 
Ch 7
Ch 7Ch 7
Ch 7warren142
 
The Right to Privacy
The Right to PrivacyThe Right to Privacy
The Right to Privacysherice henderson
 
Privacy act
Privacy actPrivacy act
Privacy actDAM Interactive
 
Stop and Search 2012
Stop and Search 2012Stop and Search 2012
Stop and Search 2012Miss Hart
 
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...Stan Bennett
 
Chapter 5
Chapter 5Chapter 5
Chapter 5warren142
 
Vernonia School Districtt
Vernonia School DistricttVernonia School Districtt
Vernonia School DistricttCosta Mesa High School
 
Vernonia School District
Vernonia School DistrictVernonia School District
Vernonia School DistrictCosta Mesa High School
 
Vernonia School District1
Vernonia School District1Vernonia School District1
Vernonia School District1Costa Mesa High School
 
Chapter 4
Chapter 4Chapter 4
Chapter 4warren142
 
Powers of arrest 2011 2
Powers of arrest 2011 2Powers of arrest 2011 2
Powers of arrest 2011 2Miss Hart
 
Gangcoptechspeak
GangcoptechspeakGangcoptechspeak
GangcoptechspeakCarter F. Smith, J.D., Ph.D.
 
Police powers
Police powersPolice powers
Police powersGemma Webb
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
 
PP stop and search
PP stop and searchPP stop and search
PP stop and searchI_Iqbal
 
1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docx1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docxdrennanmicah
 
4Th Amendment Essay
4Th Amendment Essay4Th Amendment Essay
4Th Amendment EssayBuying Essay Bridgeport
 
4Th Amendment Essay
4Th Amendment Essay4Th Amendment Essay
4Th Amendment EssayBest Online Paper Writing Service
 

Weitere ähnliche Inhalte

Was ist angesagt?

Appellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) ArgumentAppellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) ArgumentJose Gerez
 
When Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your HomeWhen Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your HomeTom Petersen
 
Stop and Search 2012
Stop and Search 2012Stop and Search 2012
Stop and Search 2012Miss Hart
 
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...Stan Bennett
 
Powers of arrest 2011 2
Powers of arrest 2011 2Powers of arrest 2011 2
Powers of arrest 2011 2Miss Hart
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
 
PP stop and search
PP stop and searchPP stop and search
PP stop and searchI_Iqbal
 

Was ist angesagt? (19)

Kplainview
KplainviewKplainview
Kplainview
 
Appellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) ArgumentAppellate Brief Moot Court 2015 (Part 2) Argument
Appellate Brief Moot Court 2015 (Part 2) Argument
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
When Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your HomeWhen Can The Police Conduct a Nebraska Search and Seizure of Your Home
When Can The Police Conduct a Nebraska Search and Seizure of Your Home
 
Ch 7
Ch 7Ch 7
Ch 7
 
The Right to Privacy
The Right to PrivacyThe Right to Privacy
The Right to Privacy
 
Privacy act
Privacy actPrivacy act
Privacy act
 
Stop and Search 2012
Stop and Search 2012Stop and Search 2012
Stop and Search 2012
 
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
Search and Seizure Basics - What Happens When the Police Conduct An Illegal S...
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Vernonia School Districtt
Vernonia School DistricttVernonia School Districtt
Vernonia School Districtt
 
Vernonia School District
Vernonia School DistrictVernonia School District
Vernonia School District
 
Vernonia School District1
Vernonia School District1Vernonia School District1
Vernonia School District1
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Powers of arrest 2011 2
Powers of arrest 2011 2Powers of arrest 2011 2
Powers of arrest 2011 2
 
Gangcoptechspeak
GangcoptechspeakGangcoptechspeak
Gangcoptechspeak
 
Police powers
Police powersPolice powers
Police powers
 
Privacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other lawPrivacy right under it act, 2000 and under other law
Privacy right under it act, 2000 and under other law
 
PP stop and search
PP stop and searchPP stop and search
PP stop and search
 

Ähnlich wie Fingerprints, Passcodes, and Self Incrimination - BSides Nova

1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docx1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docxdrennanmicah
 
Chapter 13 Interrogation, Electronic Surveillance, and Other .docx
Chapter 13 Interrogation, Electronic Surveillance, and Other .docxChapter 13 Interrogation, Electronic Surveillance, and Other .docx
Chapter 13 Interrogation, Electronic Surveillance, and Other .docxbartholomeocoombs
 
Search Warrants
Search WarrantsSearch Warrants
Search WarrantsCTIN
 
Criminal Law for Civil Attorneys darren-chaker
Criminal Law for Civil Attorneys darren-chakerCriminal Law for Civil Attorneys darren-chaker
Criminal Law for Civil Attorneys darren-chakerDarren Chaker
 
Informal Discovery Simple Strategies for Cost-Effective Litigation
Informal Discovery Simple Strategies for Cost-Effective LitigationInformal Discovery Simple Strategies for Cost-Effective Litigation
Informal Discovery Simple Strategies for Cost-Effective LitigationAmy Morgan
 
Informal Discovery - Simple Strategies for Cost-Effective Litigation
Informal Discovery - Simple Strategies for Cost-Effective LitigationInformal Discovery - Simple Strategies for Cost-Effective Litigation
Informal Discovery - Simple Strategies for Cost-Effective LitigationAmy Morgan
 
Constitutional Issues - Chapter 7
Constitutional Issues - Chapter 7Constitutional Issues - Chapter 7
Constitutional Issues - Chapter 7mpalaro
 
Ch 15 Search and Seizure
Ch 15 Search and SeizureCh 15 Search and Seizure
Ch 15 Search and Seizurerharrisonaz
 

Ähnlich wie Fingerprints, Passcodes, and Self Incrimination - BSides Nova (12)

1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docx1Figures title5Civil Liberties and the Supreme Court.docx
1Figures title5Civil Liberties and the Supreme Court.docx
 
4Th Amendment Essay
4Th Amendment Essay4Th Amendment Essay
4Th Amendment Essay
 
4Th Amendment Essay
4Th Amendment Essay4Th Amendment Essay
4Th Amendment Essay
 
Chapter 13 Interrogation, Electronic Surveillance, and Other .docx
Chapter 13 Interrogation, Electronic Surveillance, and Other .docxChapter 13 Interrogation, Electronic Surveillance, and Other .docx
Chapter 13 Interrogation, Electronic Surveillance, and Other .docx
 
Essay On 4Th Amendment
Essay On 4Th AmendmentEssay On 4Th Amendment
Essay On 4Th Amendment
 
Search Warrants
Search WarrantsSearch Warrants
Search Warrants
 
Criminal Law for Civil Attorneys darren-chaker
Criminal Law for Civil Attorneys darren-chakerCriminal Law for Civil Attorneys darren-chaker
Criminal Law for Civil Attorneys darren-chaker
 
Informal Discovery Simple Strategies for Cost-Effective Litigation
Informal Discovery Simple Strategies for Cost-Effective LitigationInformal Discovery Simple Strategies for Cost-Effective Litigation
Informal Discovery Simple Strategies for Cost-Effective Litigation
 
Informal Discovery - Simple Strategies for Cost-Effective Litigation
Informal Discovery - Simple Strategies for Cost-Effective LitigationInformal Discovery - Simple Strategies for Cost-Effective Litigation
Informal Discovery - Simple Strategies for Cost-Effective Litigation
 
Lesson 33
Lesson 33Lesson 33
Lesson 33
 
Constitutional Issues - Chapter 7
Constitutional Issues - Chapter 7Constitutional Issues - Chapter 7
Constitutional Issues - Chapter 7
 
Ch 15 Search and Seizure
Ch 15 Search and SeizureCh 15 Search and Seizure
Ch 15 Search and Seizure
 

Mehr von Wendy Knox Everette

FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)Wendy Knox Everette
 
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Wendy Knox Everette
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"Wendy Knox Everette
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Wendy Knox Everette
 
Meet the hackers: Seattle Tech Law CLE December 2018
Meet the hackers: Seattle Tech Law CLE December 2018Meet the hackers: Seattle Tech Law CLE December 2018
Meet the hackers: Seattle Tech Law CLE December 2018Wendy Knox Everette
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeWendy Knox Everette
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Wendy Knox Everette
 

Mehr von Wendy Knox Everette (13)

FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
 
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019
 
Meet the hackers: Seattle Tech Law CLE December 2018
Meet the hackers: Seattle Tech Law CLE December 2018Meet the hackers: Seattle Tech Law CLE December 2018
Meet the hackers: Seattle Tech Law CLE December 2018
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & Me
 
Green Locks for You and Me
Green Locks for You and MeGreen Locks for You and Me
Green Locks for You and Me
 
An Encyclopedia of Wiretaps
An Encyclopedia of WiretapsAn Encyclopedia of Wiretaps
An Encyclopedia of Wiretaps
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
 

Kürzlich hochgeladen

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentationKhushdeep Kaur
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxRRR Chambers
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueSkyLaw Professional Corporation
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.pptseri bangash
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理bd2c5966a56d
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...James Watkins, III JD CFP®
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt2020000445musaib
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 

Kürzlich hochgeladen (20)

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 

Fingerprints, Passcodes, and Self Incrimination - BSides Nova

Hinweis der Redaktion

  1. The civil rights we’ll be discussing today are all in the Bill of Rights and give you protections from state and federal law enforcement and shield you from abuses of government powers Many of these rights have loopholes and exceptions, and the courts struggle with how these interact with consumer technologies. https://www.flickr.com/photos/78744619@N05
  2. https://www.flickr.com/photos/jasmic/2418715405/
  3. You’re arrested and your phone is held up to your face to be unlocked by the arresting officer, then sent to a forensics lab. Does this worry you? Even if you don’t think that you’ve committed any serious crimes, our phones contain an incredible amount of information about our lives. Should information taken from the phone be able to be used in a court case against you? The Bill of Rights, specifically the 4th and 5th Amendments, give you some protections. https://www.flickr.com/photos/ferran-jorda/3295094604/
  4. What is the Fourth Amendment? https://www.flickr.com/photos/12614773@N07/3926801152
  5. a. “Come back with a Warrant” – this is the amendment behind all those “Come back with a warrant” doormats and “I do not consent to a search of this device” phone stickers. - CONSENT b. What is needed for a warrant? Law enforcement must show that there is “probable cause.” c. what’s “probable cause”? → next https://twitter.com/CathyGellis/status/949442443966955520
  6. facts and circumstances known to the officer provide the basis for a reasonable person to believe that a crime was committed at the place to be searched, or that evidence of a crime exists at the location
  7. Search warrants must specify the place to be searched, as well as items to be seized
  8. subpoena v warrant Subpoena - lower standard than probable cause but only get metadata Warrant - full content, higher standard
  9. ● Consent - from phone stickers ● Search incident to arrest ● hot pursuit ● plain view ● Car search exception ● Exigent circumstances
  10. Supreme Court case from 2015 Riley Court held warrantless search exception following an arrest exists for the purposes of protecting officer safety and preserving evidence Neither at issue in the search of digital data digital data cannot be used as a weapon to harm an arresting officer, and police officers have the ability to preserve evidence while awaiting a warrant by disconnecting the phone from the network and placing the phone in a "Faraday bag." https://www.flickr.com/photos/9304652@N06/6406662487/
  11. Government made a request under Stored Communications Act allows data when "specific and articulable facts show[] that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation." Subpoena -- "metadata" Obtained cell site request data -  revealing the location and movements of a cellphone user over the course of 127 days  Argued before Supreme Court Nov 29, 2017
  12. a. The Fifth Amendment gives you many rights, but the one we’ll focus on is the right against Self Incrimination. b. What’s self-incrimination? This means that you can’t be required to give testimony in a court case that would show that you’d committed a crime.
  13. If the government already knows the information implicit in a testimony, then you aren’t incriminating yourself by giving that testimony; you’ve already been incriminated. https://www.flickr.com/photos/iggyshoot/16007451309/
  14. 2012 Colorado district Ramona Fricosu (mortgage fraud case) surrender password to her locked laptop after she was heard on a recorded phone call telling co-defendant husband that the incriminating evidence was encrypted call was enough to nullify her Fifth amendment argument - judge ruled that she give police access to the files or be held in contempt. https://www.flickr.com/photos/andymw91/4804053349
  15. 487 U.S. 201 (1988) produced some records as to accounts at foreign banks, but invoked his Fifth Amendment privilege against self-incrimination when questioned about the existence or location of additional bank records
  16. Signature needed bc foreign banks refused to comply with subpoenas
  17. The Court first held that the compelled exhibition of the body’s characteristics was not testimonial under the Fifth Amendment in Holt,218 U.S. at 252. The Court explained that it would be an “extravagant extension of the 5th Amendment” to prevent a jury from hearing a witness testify that a prisoner, who was compelled to put on clothes, did so and that the clothes fit him.
  18. i. Courts have interpreted this to mean that a person may refuse to enter a password for a computing device if doing so would grant law enforcement access to evidence that would incriminate the person. ii. Entering the password is akin to testifying. https://www.flickr.com/photos/alescicchitano/6206982979/
  19. https://www.flickr.com/photos/smss/8329600691/ a. Apple devices require a passcode after they’ve been restarted, or after 48 hours. This provides some protection for users, as law enforcement must do the biometric unlocking within 48 hours. Several other devices now use fingerprint unlocking as well- Samsung Galaxy S5 can also do a fingerprint unlock; some Thinkpads, and other devices. b. Samsung Galaxy S8 and iPhone X both offer facial recognition unlock, which will unlock the mobile device when it’s held up to your face
  20. https://www.flickr.com/photos/73014677@N05/7651902808/ act of unlocking the cellphone communicates some degree of possession, control, and authentication of the cellphone’s contents
  21. a biometric unlock is (usually) not seen as equivalent to testifying against yourself What you are DNA swabs breathalyzer https://www.flickr.com/photos/sarath_kuchi/8043044878/
  22. Fingerprint but not passcode
  23. Maryland v. King, 569 U.S. ___ (2013) 4th Am suspicionless collection of the DNA of those arrested for a serious crime did not violate the Fourth Amendment although swabbing an arrestee's cheek for DNA collection did constitute a search, the minimal physical invasiveness of the collection technique was important in evaluating the reasonableness of the search https://www.flickr.com/photos/janitors/10575772326
  24. https://arstechnica.com/tech-policy/2016/10/to-beat-crypto-feds-have-tried-to-force-fingerprint-unlocking-in-2-cases/
  25. Breathalyzer - could be overturned if biometric unlock is a Thing? What’s different?
  26. https://www.wired.com/2014/09/google-apple-wont-unlock-phone-court-can-make/
  27. https://www.flickr.com/photos/adrianclarkmbbs/3011533286/
  28. https://www.flickr.com/photos/leolondon/6198649600/
  29. https://arstechnica.com/tech-policy/2016/10/to-beat-crypto-feds-have-tried-to-force-fingerprint-unlocking-in-2-cases/ https://www.flickr.com/photos/jca_does_photos/7294238880/ Ybarra v. Illinois government can’t search a person present where the warrant is executed for evidence under the warrant unless the government has probable cause that this particular person is involved in the criminal activity. limitation on the search of people that gets to the seizure of the phone, not a search of the phone after it has been seized.
  30. https://twitter.com/JakeLaperruque/status/951113970949263360 Vermont 2009 Sebastien Boucher child pornography defendant allowed police access to computer following his arrest at the Canadian border found child pornography but after seizing his computer realized the portion of the hard drive containing the incriminating files was encrypted Demanded password He plead the Fifth judge ruled "foregone conclusion"
  31. This problem is very similar to the Fourth Amendment’s Third Party doctrine, so let’s quickly look at that to see what similarities we can draw: a.
  32. cases which established this doctrine involved the phone numbers you dialed and banking information. i. Without a reasonable expectation of privacy in that information, a warrant is not needed for law enforcement to obtain this information. ii. Cloud computing and social networking throw a wrench into this idea – I personally think that I have a pretty strong expectation of privacy in my social media DMs and the information I store in Gmail.
  33. https://www.flickr.com/photos/so_wrong_its_kelly/4151529943/
  34. After pushback from tech companies, and the Warshak opinion in the 6th Circuit in 2010, a warrant is now required to access emails and other information stored on the servers of tech companies. i. The Supreme Court is currently considering this expectation of privacy in third party information to Cell Site Location Data, in the Carpenter case. ii. Also see Riley, even once a phone is unlocked, a warrant is required to search it. c. So here we see the law adapting to technology and re-extending some privacy protections. This could happen with biometric unlocks. (But you should still want to have 5th Amendment protections for biometric unlocks, because of the plain view doctrine!)
  35. 1. Device makers may want to emulate Apple and create special modes for their devices that quickly and securely disable biometric unlock. a. Should users have a vocal way to put phones into a secure mode that they can enable even if they can’t touch their phone? i. Would this lead to harmful side effects in restraining people who are arrested? ii. Are “duress” fingers the answer? Some devices, such as Samsung Galaxy, require a passcode if the fingerprint unlock doesn’t work five times in a row (but see consumer frustration with the fingerprint scanner quality & this fallback).
  36. Apple’s TPM module makes it very difficult to bypass the security protections they put on devices. However, we saw in the San Bernardino case that the phone was eventually hacked into in order to bypass the lock. Should we assume that security vulnerabilities will give law enforcement access? a. But then what about criminal actors? b. Using security vulnerabilities as an escape hatch is damaging in the long term, as it allows both sides to side step the legal issues and keeps any real consensus from forming about where the right level of access is. In a way, this is not just about biometric unlocks, this is also about many kinds of compelled decryption and law enforcement access. https://www.flickr.com/photos/matsuyuki/15482074983/
  37. “duress fingers” for Touch ID Should users should be given a duress password to wipe their data in the cloud from the field to protect it from discovery with a search warrant (and would that could be obstruction of justice or evidence tampering)? how emergency mode works and how it might be tweaked to provide a cloud wipe or better biometric lock protection while still balancing user convenience – for instance while in a location or during a time, requiring the user to say a phrase while doing a face or fingerprint unlock, thus doing an end-run around the “non- expressive” issues with pure biometric unlock while balancing with user convenience)? https://www.flickr.com/photos/roozbeh11/4137075891
  38. How do device manufacturers balance my privacy with convenience? a. This is really the core issue here- people use biometric unlock because they’re fast and easy and making using your phone simple. The self-incrimination issue is, at most, a distant afterthought for many users. b. Should it be this way? Should we have to give up our civil rights for ease of use and being able to participate in a technological society?
  39. https://www.flickr.com/photos/hjl/9048268938
  40. https://www.flickr.com/photos/pincfloit/2472345324
  41. Not quite the same as biometric unlock, but implicated in collection of biometric data & 4th Amendment protections Convenience, entertainment: users like using fitness trackers
  42. 1. Balancing usability & releasing awesome new features for consumers with protecting civil liberties is a tough job right now, as we’re in a period where we are trying to figure out how our historical case law precedent applies to new technologies 2. As with everything in infosec, enabling TouchID or FaceID is a risk-based calculation you should make yourself; hopefully this talk has helped inform you about some of those risks 3. If you work on consumer devices, hopefully this helped you think about risks to weigh in designing your devices to balance safety and usability. https://www.flickr.com/photos/hjl/9048268938/
  43. https://www.flickr.com/photos/sbirenda/11422540985