Posted: Tuesday, May 7, 2024
Word Count: 2489
Reading Time: 11 minutes
TL;DR
- Biometric Vulnerabilities: The 9th Circuit Court ruling in United States v. Jeremy Travis Payne highlights the risks of biometric security, particularly in situations where law enforcement can access your device without a warrant.
- Legal Considerations: Understanding your rights under current privacy laws is crucial, especially if you’re involved in activities like protests where you might encounter law enforcement.
Summary Table
| Recommendation | Explanation |
|---|---|
| Disabling Biometrics | In high-risk situations, disable biometric features on your devices to prevent unauthorized access, opting instead for traditional passcodes or patterns. |
| Secure Passcodes | Use complex and unique passcodes that are hard to guess but easy for you to remember; avoid obvious choices like birthdays or simple numeric sequences. |
| Digital Privacy Tools | Utilize tools such as end-to-end encrypted messaging apps and VPNs to protect your communications and obscure your digital footprint. |
| Smart Device Considerations | Leave non-essential smart devices, such as smartwatches and fitness trackers, at home during sensitive activities to minimize data risks. |
| Encryption and Security | Encrypt sensitive data on your devices and use secure messaging services to ensure that your communications are protected from interception. |
| VPN Usage | Employ Proxy VPNs to mask your location and encrypt internet traffic, particularly when accessing the internet from regions with restrictive digital laws. |
| Preparing for Emergencies | Consider having a secondary phone with minimal data and essential apps for emergency situations to protect your privacy. |
| Understanding and Using Privacy Laws | Familiarize yourself with the privacy laws applicable in your jurisdiction to better navigate potential legal challenges. |
The Legal Background: A Case Study
Biometric security can be more of a burden in certain situations. This was highlighted in a recent verdict from the 9th Circuit Court of Appeals in the case of United States v. Jeremy Travis Payne. The Court upheld the district court’s decision, affirming that law enforcement did not violate the Fourth Amendment when searching Payne’s cellphone. This search occurred during a traffic stop, where officers used Payne’s thumb to unlock his phone without a warrant. The court determined that this action was permissible under a general search condition of Payne’s parole, which allows the search of any property under his control without a warrant or probable cause. Additionally, the court found that using Payne’s biometric data (his thumbprint) to unlock his phone did not violate his Fifth Amendment rights against self-incrimination, as it required no cognitive effort by Payne, akin to providing a physical characteristic like a fingerprint during booking.
The Nuances of Mr. Payne’s Situation
However, there are additional nuances to this situation. For example, Mr. Payne was on parole at the time, and the terms of his parole required him to provide a passcode for his device. Unlike a passcode, biometric data—such as a thumbprint—does not involve disclosing knowledge, which the verdict did not address in relation to the parole agreement.
Does the action really justify the outcome?
Personally, I believe this clearly constitutes self-incrimination and is no different than someone rifling through your chest of drawers or your desktop computer. However, it seems that the method of access is what this case focused on, not the action itself. The court document states that using your thumbprint requires no cognitive effort, meaning it is a reflexive action, whereas entering a password requires a moment of thought before execution.
I fear that this may eventually extend to passcodes as well. For example, the cognitive effort for my mobile passcode ends probably about 2 to 3 days after setting it. Initially, I may need to engage my gray matter to initially set my passcode, but eventually, it becomes just a pattern that has been ingrained in my mind. In fact, I’ve had conversations with my wife about passcodes, and she’ll have trouble verbally recalling the passcode to her phone, but when given her phone, she can unlock it while saying something like “I know the pattern.” To me, she’s not recalling the passcode; she’s performing a reflexive task. Thus, this decision may have left the door cracked for a future prosecutor argue that passcodes also do not require cognitive effort.
Privacy Concerns in the Current Environment
Additionally, this brings to mind the current political, ideological, and broader social landscape, which provides numerous reasons for protests. Some of these can escalate, leading authorities to intervene, which results in injuries and arrests. For those planning to attend a protest, it would be wise to secure your digital landscape before heading out.
The following sections provide suggestions on how to protect your data privacy in situations that may increase the likelihood of encounters with governing authorities or individuals holding opposing viewpoints.
Disable all biometrics
Biometrics can be very convenient, as typing in a passcode can be a bit tedious. Attending a protest, or simply being in an unfamiliar and unsecure area, may present risks that you may not be able to quickly react to. The problem with biometrics, especially finger and thumbprints, is that they continue to work regardless of your state of consciousness.
Biometric security is unable to determine your state of well-being, nor whether you are conscious, incapacitated, or under duress. It will always work all the time. The first thing to do in this scenario is to simply disable all biometrics and stick to the old-school passcode or pattern method.
How to Disable Biometric Features:
iOS Devices:
- Go to Settings > Face ID & Passcode or Touch ID & Passcode.
- Toggle off all options for iPhone Unlock and other features like Apple Pay and iTunes & App Store.
- Confirm by entering your passcode.
Android Devices:
- Go to Settings > Security or Security and Privacy.
- Find options like Fingerprint or Face Recognition and toggle these features off.
- You may need to set up a PIN, pattern, or password as an alternative if you haven’t already.
Use a Secure passcodes
On the topic of passcodes and patterns, choose options that are not easily guessed. Avoid using overly simplistic passwords, such as your birthday or your bank PIN. Instead, set a PIN that you can easily recall but isn’t easily guessed. Here are a few suggestions:
| Tactic | Description | Example |
|---|---|---|
| Birth Dates Mix | Take the birth month of a parent, and the birth year of your best friend. | May 1954 becomes 0554 |
| Favorite Store Combo | The store number of your favorite Chick-Fil-A and append your favorite combo meal number. | Store #12, Meal #5 becomes 1205 |
| Weight Combination | Your real weight and your dream weight smashed together. | 180 lbs, dream 165 lbs becomes 180165 |
| Job Timeline | The year you landed your first job and the month/year you quit. | Started 1999, ended May 2005 becomes 199905 |
| Reverse Important Dates | Reverse the digits of an important date. | June 7, 1997 becomes 799706 |
| Mix of Codes | Combine unrelated numbers like the last two digits of your childhood home’s address with the current day of the month. | Home #1428, today is 15th becomes 2815 |
| Historical Year Plus | Think of a year important in history that resonates with you and add or subtract a number significant to you. | 1776 + 3 becomes 1779 |
| Concatenate Phone Keypad Numbers | Choose a word and use the corresponding numbers from a phone keypad. | ACDC on a keypad becomes 2232 |
| Special Numbers | Combine numbers special to you but not directly personal, like jersey numbers of favorite athletes. | Jersey #23 and #6 becomes 236 |
| Key Event Time | Think of a turning point event, use the hour and minute. | Event at 3:15 PM becomes 1515 |
| Book and Page Number | Favorite book’s publication year and the page number of your favorite quote. | Published 1965, quote on page 123 becomes 65123 |
Disable Lock Screen Notifications
Guide readers on how to disable lock screen notifications to prevent sensitive information from being displayed publicly.
Leave the primary Behind
If you cannot imagine using your phone without the convenience of biometric security, then purchasing an adequate spare may be the solution for you. This spare should be used only in emergency situations where your private data needs extra protection. Configure the spare with only the essential apps required for these situations.
These days, you can purchase a decent used phone with a high-quality camera for a relatively low cost. A quick search on woot.com reveals several highly rated phones that were once priced between $750 to $1000 new, now available for roughly 30% to 50% off.
So, go ahead and purchase that used, refurbished, or open-box smartphone, swap in your SIM card, and go out there and make a difference! Or, alternatively, you could use one of the three phones you still have in the back of your junk drawer.
Note: I am not involved in any affiliate program for Woot.com, which happens to be an Amazon company. I’m just a lowly wooter who sadly finds himself checking the sales of the day at midnight (CST) before I go to sleep.
Leave the Smart Accessories behind
Depending on the event, you may want to consider leaving other smart things attached to your person behind. Smartwatches, in particular, are just tiny computers that, in most cases, sync data with your phone. Additionally, accessories like Apple’s smartwatch can have their own SIM card and function completely independent of your smartphone. So even if you’re leveraging a secondary smartphone, a smartwatch may still pose a risk to your privacy. Moreover, a smartwatch may have less sophisticated security measures to prevent any malicious activity. Here’s a list of items to consider:
Smartwatches and Fitness Trackers: These devices are often synced with your smartphone, collecting sensitive data like location, health information, and more. Consider leaving them at home to avoid the risk of this data being accessed during a protest.
Wireless Earbuds and Headphones: Although less likely to store sensitive data, these devices can still be tracked and potentially used to listen in if they remain connected to your phone.
Other Smart Devices: Any wearable tech or portable devices that connect to your phone or have their own data plan (like LTE-enabled smartwatches) should also be left behind for maximum privacy.
Encrypt Everything
Regardless of what devices your take, ensure that they data at rest is encrypted with a sophisticated algorithm such as AES-256. This will make it difficult, not impossible, for a malicious actor to gain access to the data stored on the device.
E2E Encrypted Messaging
End-to-end encryption (E2E) in messaging ensures only the communicating users can read the messages exchanged, providing a strong layer of privacy and security. By encrypting messages directly on the sender’s device and only decrypting them on the recipient’s device, E2E encryption prevents anyone in between—from cybercriminals to internet service providers and even the messaging service itself—from accessing the communicative content. This is particularly crucial in an era where data breaches and unauthorized surveillance are common concerns. Additionally, end-to-end encryption is vital for maintaining the confidentiality of sensitive communications, such as personal conversations, business dealings, and the transmission of secure data, ensuring that the integrity and privacy of data are preserved across communication channels. This technology empowers users to communicate more freely and confidently, knowing their conversations are shielded from prying eyes, thus fostering a safer, more secure digital communication environment.
Here are a few services that offer some form of E2E encryption:
- WhatsApp: WhatsApp provides E2E encryption for all its messages, calls, and video chats by default.
- Signal: Known for its strong focus on security and privacy, Signal offers E2E encryption for messages, calls, and video chats. It is open-source, allowing experts to verify its security.
- Telegram: While Telegram offers E2E encryption, it is not enabled by default. Users must start “Secret Chats” to use E2E encryption for their conversations.
- Apple iMessage and FaceTime: Apple provides E2E encryption for messages and calls made through iMessage and FaceTime, but only between Apple devices.
Proxy VPNs
The internet is a fickle beast, especially when humans are in control. More and more states are imposing their will on what can and cannot be accessed from specific regions. This isn’t as prevalent in the US, but you might find your internet restricted in other countries. Additionally, your device can be geographically located simply by the IP address it is assigned, as public CIDR ranges are regionally specific (similar to area codes once upon a time).
Proxy VPNs grant you the ability to establish a VPN tunnel to a server outside your region. This creates several benefits:
- The traffic from your device is encrypted to the VPN server.
- The VPN tunnel can be established outside your local region, effectively masking your real location.
- Many Proxy VPNs adhere to a no-logging rule, meaning there’s no way for legal authorities to effectively track your internet activity.
There are many solutions out there, so I recommend shopping around and testing a few. As a guide, you typically want the following features in a proxy VPN:
- Privacy: As mentioned previously, you want the VPN service to maintain your privacy and anonymity. Review the VPN service’s privacy policies and how they store data. For maximized privacy, they should explicitly state in writing that they do not log your activity during the VPN session.
- Geographic Selection: A true proxy VPN will allow you to select the state or region to which you want to connect.
- Server Locations: In addition to allowing geographic selection, check the diversity and strategic placement of server locations. More servers spread across a wide range of locations can provide better service and more options for bypassing geo-restrictions.
- OS Compatibility: Proxy solutions that offer installations across multiple operating systems will enable you to protect more devices and offer a unified experience.
- Simultaneous Connections: Depending on your needs, you might want to use a VPN on multiple devices at once. Some VPN providers allow for multiple simultaneous connections, so you don’t need separate subscriptions for each device.
- Kill Switch: A VPN kill switch is a critical security feature that automatically disconnects your device from the internet if the VPN connection fails. This prevents your data from being transmitted without encryption.
- Speed and Performance: Since VPNs encrypt your traffic and route it through another server, they can sometimes slow down your internet speed. Look for VPNs that offer fast connection speeds and have a large number of servers to avoid overcrowding and reduce latency.
- Security Protocols: Different VPNs use different protocols to secure your data as it travels across the internet. Protocols such as OpenVPN, WireGuard, IKEv2, and L2TP/IPSec offer varying balances of speed and security. Ensure that the VPN supports the latest and most secure protocols.
Wrapping Up
Before you start thinking of catchy slogans or phrases to put on that V-neck t-shirt, take a moment to familiarize yourself with privacy laws in the targeted jurisdictions. It’s wise to understand your rights if you find yourself in the crosshairs of law enforcement. Regardless, I would carefully consider what technologies to bring, as coercion may still be a concern. Additionally, nation-state-related protections will probably not concern themselves with the local laws governing privacy. Finally, you cannot rely on the government to assist you if your privacy is violated, so the best thing to do is to protect yourself.