Trick is not to use your right index finger as a biometric unlock finger (the button sits on the top right corner of the keyboard). If you are "forced" to unlock, the agents will guide your fingers and probably try that first 2-3 times. 2 more tries, and fingerprint reading gets disabled. Quite good odds.
It's hold power+volume up (the "top two buttons" when reaching down into a pocket or purse and the phone) until the phone vibrates (~2s).
If you can see the screen, it's the fastest shortcut gesture to the screen that has "Slide to Power Off", "Medical ID", and "Emergency Call". Any other way to get to that screen also works to require a PIN before next unlock.
One is knowledge the user has, and the other is a physical key they own.
Providing your 'finger' to unlock a device is no different than providing your 'key' to unlock something. So you can be compelled to provide those biometrics.
Compelling you to reveal a password is not some *thing* you have but knowledge you contain. Being compelled to provide that knowledge is no different than being compelled to reveal where you were or what you were doing at some place or time.
That is genuinely the current state of law, yes. There's no real logic at work, just attempts at clawing back control whenever a new gray area appears.
My fiancé is an attorney and I'm an engineer, and she looked at me incredulously when point out anything that is not logical in her legal work. I'm thankful my father talked me out of becoming a lawyer.
Put them in jail until they do or charge them with whatever the local flavor for "obstruction" is. In places where they're allowed by law to require you to give up a password not doing so when the proper steps are taken would usually be it's own crime, usually phrased as some sort of "obstruction" charge with it's own sentence. And that's just places where the law and citizen rights are a meaningful concept in restraining state power.
Depending on the country and the willingness to comply with legal norms somewhere between putting you in prison until you give it up and hitting you with a stick until you give it up.
And to be clear, in other words, that means you can’t be compelled. You can effectively resist giving up your password, you cannot effectively resist giving up your finger, gruesome though the prospect might be.
You can still be legally compelled to provide testimony, the catch is merely that you have to be granted immunity from being charged with a crime on the basis of any derived evidence. In this case, it seems that the WaPo journalist could still be compelled to provide such information if she's not charged for any crime.
Yes the difference come from a close parsing of the 5th amendment, telling cops the password or code for a device or safe is pretty clearly compelling speech and adverse testimony while allowing cops to gather fingerprints and DNA has long been held as allowed so biometrics were analogized to that. It's also similar to the rule that cops can't force you to tell them the code to a safe but they're allowed with a warrant to destructively open the safe (if it falls under the terms of the warrant). Combine those too legal threads and it's at least reasonable to see how that line gets drawn from previous rulings.
It's interesting because the latest Cellebrite data sheets showed them to support all iPhones including e.g. unbooted, but apparently not lockdown mode? It also showed they hadn't cracked GrapheneOS.
Wait, was this an oversight on his part about the biometric unlock? My MacBook biometric gets disabled after a bit and requires a password if the lid was closed for substantial amount of time.
Does anyone know if iOS in lockdown mode stops syncing mail, imessage, call history etc to your other apple devices? I am wondering if reporter's stuff was all synced to the non lockdown MacBook from the iPhone
The warrant is the force, current jurisprudence largely says warrant do compel people to provide biometric unlocks because it's not speech the same way giving up a password/passcode would be. Blocking or not complying with a signed warrant from a judge is it's own crime and the only safe way to fight them is with a lawyer in court not with the officer holding the paper (and gun/taser/etc with the power of the state behind them).
What do you think warrants are? You think they get a warrant and they say, "Can you put your finger on the device?" You say, "No," and that's it? If all they wanted to do was ask you, they would just ask you without the warrant.
> 52. These warrants would also permit law enforcement to obtain from Natanson the display of physical biometric characteristics (e.g., fingerprint, thumbprint, or facial characteristics) in order to unlock devices subject to search and seizure pursuant to the above referenced warrants
> 60. Accordingly, if law enforcement personnel encounter a device that is subject to search and seizure pursuant to the requested warrants and may be unlocked using one of the aforementioned biometric features, the requested warrants would permit law enforcement personnel to (1) press or swipe the fingers (including thumbs) of the Subject to the fingerprint scanner of the device(s); or (2) hold the devices in front of the Subject's face for the purpose of attempting to unlock the device(s) in order to search the contents as authorized by the warrants
So yes law enforcement had the right to grab her hand and press it against the laptop to unlock before seizing it if that's what they had to do.
It'd certainly be a good first step to figure out how to identify whether or not the PDF you're linking to is in fact a warrant at all before trying to educate others on them.
"...the requested warrants would permit law enforcement personnel to (1) press or swipe the fingers (including thumbs) of the subject to the fingerprint scanner of the devices..."
If the police get the warrant you either allow them to take it or you face an obstruction charge. The only safe way to fight a warrant like that when signed is after the gathering is done in court or at trial.
You would at the very least make them guess which finger, there's no indication that happened here.
The court can compel you to make your fingers available, it can not force you to disclose which finger or the manner in which you touch that finger on the fingerprint sensor. Apple devices allow only limited attempts.
If you're not being actively helpful, the investigators may end in a rather awkward position.
I'd be wary of trying this as it reeks of "one neat trick" thinking applied to law based on a small technicality where law is often subject to the spirit instead of strictly hewing to the most favorable interpretation the exact wording for the citizen. The warrant can just state you're required to unlock the system not simply "make your fingers available".
It's fun to try to find places where the rules seem to leave holes but it's important to remember the courts don't have to hew precisely to how you read the law. I see that a lot on tech centric boards where the law is treated like it's strictly, precisely, and impartially interpreted down to the exact words (though often not using the legal meaning of words which have decades of caselaw and interpretation informing their legal meaning).
Unless that's already established in your circuit you're counting on the court agreeing with your interpretation because the cops/courts certainly think they can compel that.
All I'm doing is cautioning you and anyone else reading against DIY legal interpretations. Have a lawyer.
>During the execution of the search of HANNAH NATANSON as described in Attachment A-3, law enforcement personnel are authorized to (1) press or swipe the fingers (including thumbs) of HANNAH NATANSON to the fingerprint scanner of the device; (2) hold a device found during the search in front of the face of HANNAH NATANSON and activate the facial recognition feature, for the purpose of attempting to unlock the device in order to search the contents as
authorized by this warrant.
>While attempting to unlock the device by use of the compelled display of biometric characteristics pursuant to this warrant, law enforcement is not authorized to demand that an occupant state or otherwise provide the password or identify the specific biometric characteristics (including the unique fingers) or other physical features), that may be used to unlock or access the device(s). Nor does the warrant authorize law enforcement to use the fact that the warrant allows law enforcement to obtain the display of any biometric characteristics to compel an occupant to state or otherwise provide that information. However, the voluntary disclosure of such information by an occupant is permitted. To avoid confusion on that point, if agents in executing the warrant ask an occupant for the password to any device(s), or to identify which biometric characteristic (including the unique fingers) or other physical features) unlocks any device(s), the agents will not state or otherwise imply that the warrant requires the person to provide such information, and will make clear that providing any such information is voluntary and that the
person is free to refuse the request.
I do not think anyone has made the entire warrant public yet.
Also FWIW that's boilerplate language commonly used on these warrants across multiple federal districts, google "While attempting to unlock the device by use of the compelled display" and see for yourself.
Touch ID allows only limited attempts, so odds are the FBI wouldn't just try to wrestle her to attempt different fingers on the spot even if they were allowed to do so.
`hnrayst` seems to be another AI (?) bot account created in 2022 with only two comments, both being in this very thread we're in today:
https://news.ycombinator.com/threads?id=hnrayst
Something weird is going on at Hacker News recently. I've been noticing these more and more.
[dead]
Takeaway is to not enable biometric unlock if you are concerned about your data being accessed by authorities.
Trick is not to use your right index finger as a biometric unlock finger (the button sits on the top right corner of the keyboard). If you are "forced" to unlock, the agents will guide your fingers and probably try that first 2-3 times. 2 more tries, and fingerprint reading gets disabled. Quite good odds.
This has long been true. In a pinch you can mash the power button 5+ times to require a key code at next unlock.
Also, on iPhone, if you have face ID turned on, you can hold power+volume down (may differ depending on model) to force a passcode.
This doesn’t work for my iPhone that’s about three years old.
It's hold power+volume up (the "top two buttons" when reaching down into a pocket or purse and the phone) until the phone vibrates (~2s).
If you can see the screen, it's the fastest shortcut gesture to the screen that has "Slide to Power Off", "Medical ID", and "Emergency Call". Any other way to get to that screen also works to require a PIN before next unlock.
If your phone has home button, then you don't need to press the volume button. Otherwise, yes it does work.
So in america, they can force you to use a biometric but they can't compel you to reveal your password?
I mean, i agree with you, but its a really weird line in the sand to draw
One is knowledge the user has, and the other is a physical key they own.
Providing your 'finger' to unlock a device is no different than providing your 'key' to unlock something. So you can be compelled to provide those biometrics.
Compelling you to reveal a password is not some *thing* you have but knowledge you contain. Being compelled to provide that knowledge is no different than being compelled to reveal where you were or what you were doing at some place or time.
That is genuinely the current state of law, yes. There's no real logic at work, just attempts at clawing back control whenever a new gray area appears.
It is very logical, as revealing a password is considered testimonial and is protected by the fifth amendment.
Right, and pressing your finger on a fingerprint sensor is also revealing a password, just via different means.
But is not legal testimonial
Right. Like I said, that's not logical, that's just legalese to gain access where you didn't have it before.
My fiancé is an attorney and I'm an engineer, and she looked at me incredulously when point out anything that is not logical in her legal work. I'm thankful my father talked me out of becoming a lawyer.
> So in america, they can force you to use a biometric but they can't compel you to reveal your password?
I don't get it, touching finger is easy, but how do you compel someone to reveal their password?
Put them in jail until they do or charge them with whatever the local flavor for "obstruction" is. In places where they're allowed by law to require you to give up a password not doing so when the proper steps are taken would usually be it's own crime, usually phrased as some sort of "obstruction" charge with it's own sentence. And that's just places where the law and citizen rights are a meaningful concept in restraining state power.
Depending on the country and the willingness to comply with legal norms somewhere between putting you in prison until you give it up and hitting you with a stick until you give it up.
And to be clear, in other words, that means you can’t be compelled. You can effectively resist giving up your password, you cannot effectively resist giving up your finger, gruesome though the prospect might be.
The UK simply puts you in jail for not doing so.
Tell us the password or we throw you in jail, shoot you, etc. The legal system is always ultimately backed by the state's monopoly on violence.
Pretty much.
Something you are: can be legally compelled Something you have: can be legally compelled Something you know: cannot be legally compelled
You can still be legally compelled to provide testimony, the catch is merely that you have to be granted immunity from being charged with a crime on the basis of any derived evidence. In this case, it seems that the WaPo journalist could still be compelled to provide such information if she's not charged for any crime.
Yes the difference come from a close parsing of the 5th amendment, telling cops the password or code for a device or safe is pretty clearly compelling speech and adverse testimony while allowing cops to gather fingerprints and DNA has long been held as allowed so biometrics were analogized to that. It's also similar to the rule that cops can't force you to tell them the code to a safe but they're allowed with a warrant to destructively open the safe (if it falls under the terms of the warrant). Combine those too legal threads and it's at least reasonable to see how that line gets drawn from previous rulings.
Germany does the same thing too . They can force you to unlock via faceid/biometric but can't force you to enter password.
It's interesting because the latest Cellebrite data sheets showed them to support all iPhones including e.g. unbooted, but apparently not lockdown mode? It also showed they hadn't cracked GrapheneOS.
Wait, was this an oversight on his part about the biometric unlock? My MacBook biometric gets disabled after a bit and requires a password if the lid was closed for substantial amount of time.
Does anyone know if iOS in lockdown mode stops syncing mail, imessage, call history etc to your other apple devices? I am wondering if reporter's stuff was all synced to the non lockdown MacBook from the iPhone
They usually ask you to enable lockdown mode on all your devices for advanced protection, even though you can skip it if you want.
Yeah.
This reporter very likely knew who she was dealing with. For users like her, everything is likely locked down and she probably didn't do much sharing.
I'm thinking that, to her, her sources would be probably one of the most important things in her life to protect.
https://support.apple.com/en-us/105120
Looks like lockdown mode is focused on blocking inbound threats, not the sharing of data from the device.
I can't imagine it would. The accounts don't flow through the phone you're just logged in to them on both devices.
> (forced her finger on Touch ID per the warrant)
Can anyone link a source for this? I’ve been seeing conflicting claims about this part.
https://news.ycombinator.com/item?id=46886694
I understand that it’s within the law. I’m looking for specific evidence that this is what happened in this specific case. Not conjecture.
> forced her finger on Touch ID per the warrant
She was not forced, and the warrant does not state that she could be forced. The warrant, almost certainly deliberately, uses far milder language.
The warrant is the force, current jurisprudence largely says warrant do compel people to provide biometric unlocks because it's not speech the same way giving up a password/passcode would be. Blocking or not complying with a signed warrant from a judge is it's own crime and the only safe way to fight them is with a lawyer in court not with the officer holding the paper (and gun/taser/etc with the power of the state behind them).
What do you think warrants are? You think they get a warrant and they say, "Can you put your finger on the device?" You say, "No," and that's it? If all they wanted to do was ask you, they would just ask you without the warrant.
I think you should simply try to read the warrant in question.
Perhaps you should? From pages 20 and 22:
> 52. These warrants would also permit law enforcement to obtain from Natanson the display of physical biometric characteristics (e.g., fingerprint, thumbprint, or facial characteristics) in order to unlock devices subject to search and seizure pursuant to the above referenced warrants
> 60. Accordingly, if law enforcement personnel encounter a device that is subject to search and seizure pursuant to the requested warrants and may be unlocked using one of the aforementioned biometric features, the requested warrants would permit law enforcement personnel to (1) press or swipe the fingers (including thumbs) of the Subject to the fingerprint scanner of the device(s); or (2) hold the devices in front of the Subject's face for the purpose of attempting to unlock the device(s) in order to search the contents as authorized by the warrants
So yes law enforcement had the right to grab her hand and press it against the laptop to unlock before seizing it if that's what they had to do.
[0] https://www.rcfp.org/wp-content/uploads/2026/01/2026-01-30-I...
>From pages 20 and 22:
From pages 20 and 22 of ... not the warrant:
It'd certainly be a good first step to figure out how to identify whether or not the PDF you're linking to is in fact a warrant at all before trying to educate others on them.
So post a link to the warrant.
This document is specifically asking for the right to force biometric access. It seems based on reporting that biometric access was granted.
If you're claiming the warrant doesn't force biometric access despite it being request, you need to substantiate the claim.
"...the requested warrants would permit law enforcement personnel to (1) press or swipe the fingers (including thumbs) of the subject to the fingerprint scanner of the devices..."
You're citing an affidavit produced by a FBI agent, the author is most likely not even a lawyer.
They're merely presenting a wishlist to the judge.
By definition a warrant is force backed by state violence
You’re saying she complied willingly?
If the police get the warrant you either allow them to take it or you face an obstruction charge. The only safe way to fight a warrant like that when signed is after the gathering is done in court or at trial.
You would at the very least make them guess which finger, there's no indication that happened here.
The court can compel you to make your fingers available, it can not force you to disclose which finger or the manner in which you touch that finger on the fingerprint sensor. Apple devices allow only limited attempts.
If you're not being actively helpful, the investigators may end in a rather awkward position.
I'd be wary of trying this as it reeks of "one neat trick" thinking applied to law based on a small technicality where law is often subject to the spirit instead of strictly hewing to the most favorable interpretation the exact wording for the citizen. The warrant can just state you're required to unlock the system not simply "make your fingers available".
It's fun to try to find places where the rules seem to leave holes but it's important to remember the courts don't have to hew precisely to how you read the law. I see that a lot on tech centric boards where the law is treated like it's strictly, precisely, and impartially interpreted down to the exact words (though often not using the legal meaning of words which have decades of caselaw and interpretation informing their legal meaning).
No, it's literally based on existing boilerplate language that's already commonly associated with these warrants based on previous litigation.
Making your body parts available is not testimonial, answering "Which finger?" undoubtedly is.
> answering "Which finger?" undoubtedly is.
Unless that's already established in your circuit you're counting on the court agreeing with your interpretation because the cops/courts certainly think they can compel that.
All I'm doing is cautioning you and anyone else reading against DIY legal interpretations. Have a lawyer.
From the warrant:
>During the execution of the search of HANNAH NATANSON as described in Attachment A-3, law enforcement personnel are authorized to (1) press or swipe the fingers (including thumbs) of HANNAH NATANSON to the fingerprint scanner of the device; (2) hold a device found during the search in front of the face of HANNAH NATANSON and activate the facial recognition feature, for the purpose of attempting to unlock the device in order to search the contents as authorized by this warrant.
>While attempting to unlock the device by use of the compelled display of biometric characteristics pursuant to this warrant, law enforcement is not authorized to demand that an occupant state or otherwise provide the password or identify the specific biometric characteristics (including the unique fingers) or other physical features), that may be used to unlock or access the device(s). Nor does the warrant authorize law enforcement to use the fact that the warrant allows law enforcement to obtain the display of any biometric characteristics to compel an occupant to state or otherwise provide that information. However, the voluntary disclosure of such information by an occupant is permitted. To avoid confusion on that point, if agents in executing the warrant ask an occupant for the password to any device(s), or to identify which biometric characteristic (including the unique fingers) or other physical features) unlocks any device(s), the agents will not state or otherwise imply that the warrant requires the person to provide such information, and will make clear that providing any such information is voluntary and that the person is free to refuse the request.
Link? I've not seen the warrant till now only the affidavit supporting it's granting. That's different as the warrant specifically limits it.
I do not think anyone has made the entire warrant public yet.
Also FWIW that's boilerplate language commonly used on these warrants across multiple federal districts, google "While attempting to unlock the device by use of the compelled display" and see for yourself.
Sounds like it, yeah.
Touch ID allows only limited attempts, so odds are the FBI wouldn't just try to wrestle her to attempt different fingers on the spot even if they were allowed to do so.