Posted: Tuesday, May 7, 2024

Word Count: 2489

Reading Time: 11 minutes


TL;DR

Summary Table

Recommendation Explanation
Disabling Biometrics In high-risk situations, disable biometric features on your devices to prevent unauthorized access, opting instead for traditional passcodes or patterns.
Secure Passcodes Use complex and unique passcodes that are hard to guess but easy for you to remember; avoid obvious choices like birthdays or simple numeric sequences.
Digital Privacy Tools Utilize tools such as end-to-end encrypted messaging apps and VPNs to protect your communications and obscure your digital footprint.
Smart Device Considerations Leave non-essential smart devices, such as smartwatches and fitness trackers, at home during sensitive activities to minimize data risks.
Encryption and Security Encrypt sensitive data on your devices and use secure messaging services to ensure that your communications are protected from interception.
VPN Usage Employ Proxy VPNs to mask your location and encrypt internet traffic, particularly when accessing the internet from regions with restrictive digital laws.
Preparing for Emergencies Consider having a secondary phone with minimal data and essential apps for emergency situations to protect your privacy.
Understanding and Using Privacy Laws Familiarize yourself with the privacy laws applicable in your jurisdiction to better navigate potential legal challenges.

The Legal Background: A Case Study

Biometric security can be more of a burden in certain situations. This was highlighted in a recent verdict from the 9th Circuit Court of Appeals in the case of United States v. Jeremy Travis Payne. The Court upheld the district court’s decision, affirming that law enforcement did not violate the Fourth Amendment when searching Payne’s cellphone. This search occurred during a traffic stop, where officers used Payne’s thumb to unlock his phone without a warrant. The court determined that this action was permissible under a general search condition of Payne’s parole, which allows the search of any property under his control without a warrant or probable cause. Additionally, the court found that using Payne’s biometric data (his thumbprint) to unlock his phone did not violate his Fifth Amendment rights against self-incrimination, as it required no cognitive effort by Payne, akin to providing a physical characteristic like a fingerprint during booking.

The Nuances of Mr. Payne’s Situation

However, there are additional nuances to this situation. For example, Mr. Payne was on parole at the time, and the terms of his parole required him to provide a passcode for his device. Unlike a passcode, biometric data—such as a thumbprint—does not involve disclosing knowledge, which the verdict did not address in relation to the parole agreement.

Does the action really justify the outcome?

Personally, I believe this clearly constitutes self-incrimination and is no different than someone rifling through your chest of drawers or your desktop computer. However, it seems that the method of access is what this case focused on, not the action itself. The court document states that using your thumbprint requires no cognitive effort, meaning it is a reflexive action, whereas entering a password requires a moment of thought before execution.

I fear that this may eventually extend to passcodes as well. For example, the cognitive effort for my mobile passcode ends probably about 2 to 3 days after setting it. Initially, I may need to engage my gray matter to initially set my passcode, but eventually, it becomes just a pattern that has been ingrained in my mind. In fact, I’ve had conversations with my wife about passcodes, and she’ll have trouble verbally recalling the passcode to her phone, but when given her phone, she can unlock it while saying something like “I know the pattern.” To me, she’s not recalling the passcode; she’s performing a reflexive task. Thus, this decision may have left the door cracked for a future prosecutor argue that passcodes also do not require cognitive effort.

Privacy Concerns in the Current Environment

Additionally, this brings to mind the current political, ideological, and broader social landscape, which provides numerous reasons for protests. Some of these can escalate, leading authorities to intervene, which results in injuries and arrests. For those planning to attend a protest, it would be wise to secure your digital landscape before heading out.

The following sections provide suggestions on how to protect your data privacy in situations that may increase the likelihood of encounters with governing authorities or individuals holding opposing viewpoints.

Disable all biometrics

Biometrics can be very convenient, as typing in a passcode can be a bit tedious. Attending a protest, or simply being in an unfamiliar and unsecure area, may present risks that you may not be able to quickly react to. The problem with biometrics, especially finger and thumbprints, is that they continue to work regardless of your state of consciousness.

Biometric security is unable to determine your state of well-being, nor whether you are conscious, incapacitated, or under duress. It will always work all the time. The first thing to do in this scenario is to simply disable all biometrics and stick to the old-school passcode or pattern method.

How to Disable Biometric Features:

iOS Devices:
Android Devices:

Use a Secure passcodes

On the topic of passcodes and patterns, choose options that are not easily guessed. Avoid using overly simplistic passwords, such as your birthday or your bank PIN. Instead, set a PIN that you can easily recall but isn’t easily guessed. Here are a few suggestions:

Tactic Description Example
Birth Dates Mix Take the birth month of a parent, and the birth year of your best friend. May 1954 becomes 0554
Favorite Store Combo The store number of your favorite Chick-Fil-A and append your favorite combo meal number. Store #12, Meal #5 becomes 1205
Weight Combination Your real weight and your dream weight smashed together. 180 lbs, dream 165 lbs becomes 180165
Job Timeline The year you landed your first job and the month/year you quit. Started 1999, ended May 2005 becomes 199905
Reverse Important Dates Reverse the digits of an important date. June 7, 1997 becomes 799706
Mix of Codes Combine unrelated numbers like the last two digits of your childhood home’s address with the current day of the month. Home #1428, today is 15th becomes 2815
Historical Year Plus Think of a year important in history that resonates with you and add or subtract a number significant to you. 1776 + 3 becomes 1779
Concatenate Phone Keypad Numbers Choose a word and use the corresponding numbers from a phone keypad. ACDC on a keypad becomes 2232
Special Numbers Combine numbers special to you but not directly personal, like jersey numbers of favorite athletes. Jersey #23 and #6 becomes 236
Key Event Time Think of a turning point event, use the hour and minute. Event at 3:15 PM becomes 1515
Book and Page Number Favorite book’s publication year and the page number of your favorite quote. Published 1965, quote on page 123 becomes 65123

Disable Lock Screen Notifications

Guide readers on how to disable lock screen notifications to prevent sensitive information from being displayed publicly.

Leave the primary Behind

If you cannot imagine using your phone without the convenience of biometric security, then purchasing an adequate spare may be the solution for you. This spare should be used only in emergency situations where your private data needs extra protection. Configure the spare with only the essential apps required for these situations.

These days, you can purchase a decent used phone with a high-quality camera for a relatively low cost. A quick search on woot.com reveals several highly rated phones that were once priced between $750 to $1000 new, now available for roughly 30% to 50% off.

So, go ahead and purchase that used, refurbished, or open-box smartphone, swap in your SIM card, and go out there and make a difference! Or, alternatively, you could use one of the three phones you still have in the back of your junk drawer.

Note: I am not involved in any affiliate program for Woot.com, which happens to be an Amazon company. I’m just a lowly wooter who sadly finds himself checking the sales of the day at midnight (CST) before I go to sleep.

Leave the Smart Accessories behind

Depending on the event, you may want to consider leaving other smart things attached to your person behind. Smartwatches, in particular, are just tiny computers that, in most cases, sync data with your phone. Additionally, accessories like Apple’s smartwatch can have their own SIM card and function completely independent of your smartphone. So even if you’re leveraging a secondary smartphone, a smartwatch may still pose a risk to your privacy. Moreover, a smartwatch may have less sophisticated security measures to prevent any malicious activity. Here’s a list of items to consider:

Smartwatches and Fitness Trackers: These devices are often synced with your smartphone, collecting sensitive data like location, health information, and more. Consider leaving them at home to avoid the risk of this data being accessed during a protest.

Wireless Earbuds and Headphones: Although less likely to store sensitive data, these devices can still be tracked and potentially used to listen in if they remain connected to your phone.

Other Smart Devices: Any wearable tech or portable devices that connect to your phone or have their own data plan (like LTE-enabled smartwatches) should also be left behind for maximum privacy.

Encrypt Everything

Regardless of what devices your take, ensure that they data at rest is encrypted with a sophisticated algorithm such as AES-256. This will make it difficult, not impossible, for a malicious actor to gain access to the data stored on the device.

E2E Encrypted Messaging

End-to-end encryption (E2E) in messaging ensures only the communicating users can read the messages exchanged, providing a strong layer of privacy and security. By encrypting messages directly on the sender’s device and only decrypting them on the recipient’s device, E2E encryption prevents anyone in between—from cybercriminals to internet service providers and even the messaging service itself—from accessing the communicative content. This is particularly crucial in an era where data breaches and unauthorized surveillance are common concerns. Additionally, end-to-end encryption is vital for maintaining the confidentiality of sensitive communications, such as personal conversations, business dealings, and the transmission of secure data, ensuring that the integrity and privacy of data are preserved across communication channels. This technology empowers users to communicate more freely and confidently, knowing their conversations are shielded from prying eyes, thus fostering a safer, more secure digital communication environment.

Here are a few services that offer some form of E2E encryption:

Proxy VPNs

The internet is a fickle beast, especially when humans are in control. More and more states are imposing their will on what can and cannot be accessed from specific regions. This isn’t as prevalent in the US, but you might find your internet restricted in other countries. Additionally, your device can be geographically located simply by the IP address it is assigned, as public CIDR ranges are regionally specific (similar to area codes once upon a time).

Proxy VPNs grant you the ability to establish a VPN tunnel to a server outside your region. This creates several benefits:

There are many solutions out there, so I recommend shopping around and testing a few. As a guide, you typically want the following features in a proxy VPN:

Wrapping Up

Before you start thinking of catchy slogans or phrases to put on that V-neck t-shirt, take a moment to familiarize yourself with privacy laws in the targeted jurisdictions. It’s wise to understand your rights if you find yourself in the crosshairs of law enforcement. Regardless, I would carefully consider what technologies to bring, as coercion may still be a concern. Additionally, nation-state-related protections will probably not concern themselves with the local laws governing privacy. Finally, you cannot rely on the government to assist you if your privacy is violated, so the best thing to do is to protect yourself.