iPhone Encryption by Default and Why Strong Passwords Matter
By Darren Chaker - Expanding on my earlier comment about the importance of both encryption and strong passwords for iPhone and Android devices.
Why Did Apple and Google Start Encrypting Phones by Default?
In 2014, Apple and Google announced that new phones would be encrypted by default, meaning the data on the device could only be accessed with the user's passcode. This was a direct response to growing concerns about government surveillance and the need to protect user privacy under the Fourth Amendment.
Is Phone Encryption Enough to Protect Your Data?
No. Encryption alone is insufficient without a strong password. If you use a simple four-digit PIN, tools like GrayKey can crack it in minutes. A strong alphanumeric passcode of 10 or more characters with random characters makes brute-force attacks practically impossible.
Darren Chaker's Recommendations for iPhone and Android Security
Use a long alphanumeric passcode - at least 10 random characters including numbers and symbols
Enable encryption by default - ensure your device encryption is turned on
Enable Advanced Data Protection for iCloud on Apple devices
Disable biometric unlock if you are in a high-risk situation
Keep your device updated - security patches fix vulnerabilities that could bypass encryption
As Darren Chaker writes on Fourth Amendment and smartphone privacy, the combination of strong encryption and strong passwords is the foundation of digital privacy. Best wishes to all.
If the government successfully forces manufacturers like Apple to build backdoors into their encryption, the consequences extend far beyond law enforcement access. Backdoors in encryption undermine:
Whole disk encryption used to protect computers and hard drives
Encrypted email services relied upon by journalists, attorneys, and businesses
File encryption that protects corporate trade secrets and personal data
Are There Alternatives to American Encryption Products?
Yes. As Bruce Schneier has documented, there are nearly 600 foreign encryption products available worldwide. Mandating backdoors in American products simply drives security-conscious users to foreign alternatives, weakening American technology companies without improving national security.
What Encryption Should You Use in 2026?
Enable whole disk encryption on all computers and devices
Use end-to-end encrypted messaging for sensitive communications
Enable Apple Advanced Data Protection for iCloud data
Use a strong alphanumeric passcode - not just biometrics
As Darren Chaker has argued, the Fourth Amendment protects against unreasonable searches, and weakening encryption is an assault on that constitutional protection. Best wishes to all.
Stingray Devices, Cell Site Simulators, and Fourth Amendment Privacy
By Darren Chaker - Expanding on my earlier comment about Stingray cell site simulator surveillance and the Fourth Amendment.
What Is a Stingray Device and Why Does It Violate Privacy?
A Stingray (also called a cell site simulator or IMSI catcher) is a device used by law enforcement that mimics a cell tower, forcing nearby phones to connect to it. This allows police to track a suspect's location in real time without the suspect's knowledge. The problem is that Stingray devices also capture data from every other phone in the area, creating a mass surveillance tool.
Do Police Need a Warrant to Use a Stingray?
Yes. Courts have increasingly ruled that Stingray use constitutes a search under the Fourth Amendment and requires a warrant. The Supreme Court's decision in Carpenter v. United States, 585 U.S. 296 (2018) further strengthened this by holding that accessing historical cell-site location information is a Fourth Amendment search requiring a warrant.
How to Protect Yourself from Stingray Surveillance
Use encrypted messaging apps that do not rely on cellular connections
Consider anti-surveillance tools that detect cell site simulators
Be aware of your digital footprint - your phone constantly broadcasts signals that can be intercepted
As Darren Chaker writes on Fourth Amendment and digital surveillance topics, the fight against warrantless Stingray use is a critical front in protecting smartphone privacy. Best wishes to all.
Fourth Amendment, Warrantless Phone Searches, and Riley v. California
By Darren Chaker - As a Fourth Amendment and technology writer at darrenchaker.us, I want to update my earlier comment about warrantless phone searches and the lasting impact of Riley v. California.
Do Police Need a Warrant to Search Your Phone?
Yes. The Supreme Court unanimously held in Riley v. California, 573 U.S. 373 (2014) that police generally need a warrant before searching a cell phone seized during an arrest. This landmark ruling recognized that modern smartphones contain vast amounts of private information far exceeding what could be found in a physical search.
Why the Flip Phone Ruling Matters for All Phone Privacy
The court in this case correctly applied Riley by ruling that even opening a flip phone constitutes altering its current state and requires a warrant. This principle applies equally to smartphones, tablets, and any digital device. Police have access to on-call judges 24/7, so obtaining a warrant is not an unreasonable burden.
Key Takeaways for Fourth Amendment and Phone Privacy
All phone searches require a warrant under Riley v. California
Opening or powering on a phone changes its state and triggers Fourth Amendment protection
Evidence obtained without a warrant will typically be suppressed, potentially destroying the prosecution's case
As Darren Chaker writes on Fourth Amendment and technology issues, the Riley decision remains the cornerstone of digital privacy law in the United States. Best wishes to all.
Fingerprint Unlock, Biometric Access, and the Fifth Amendment
By Darren Chaker - Updating my earlier analysis on whether police can compel fingerprint or biometric phone unlock under the Fifth Amendment.
Can Police Force You to Use Your Fingerprint to Unlock Your Phone?
The legal landscape has evolved significantly since my 2016 comment. Courts remain divided, but the trend favors stronger Fifth Amendment protection for biometric access:
In Re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017) - held that compelled biometric unlock is testimonial
Matter of Residence in Oakland, California, 354 F. Supp. 3d 1010 (N.D. Cal. 2019) - blocked a warrant requiring suspects to unlock devices using biometrics
Password vs. Fingerprint: Which Is More Protected?
Under current case law, alphanumeric passwords receive stronger Fifth Amendment protection than fingerprints. While courts have historically treated physical characteristics like fingerprints as non-testimonial, the act of unlocking a phone with biometrics increasingly looks testimonial because it confirms possession, control, and access to the device contents.
Practical Advice from Darren Chaker
Use a strong alphanumeric passcode as your primary phone lock
Disable biometric unlock if you anticipate any encounter with law enforcement
Lock your phone immediately to require a passcode rather than a fingerprint
The Fifth Amendment and smartphone biometric access remains an evolving area of digital privacy law. Best wishes to all, Darren Chaker
Compelled Password Disclosure and the Fifth Amendment
By Darren Chaker - As a digital privacy and Fourth Amendment advocate, I want to expand on my earlier comment about phone privacy, permanent data deletion, and compelled password disclosure.
Can Police Force You to Give Up Your Phone Password?
Under current law, the answer remains unsettled. Courts are divided on whether compelling a suspect to disclose a phone password is testimonial and thus protected by the Fifth Amendment. The key question is whether producing a password reveals the contents of one's mind, which several federal circuits have held is testimonial in nature.
Best Practices for Smartphone Privacy and Data Protection
Do not back up sensitive data to the cloud - iCloud and Google backups can be subpoenaed with a warrant
Use whole disk encryption on any computer receiving phone data
Use a strong alphanumeric passcode rather than biometric unlock - courts are more protective of passwords than fingerprints under the Fifth Amendment
Permanently erase deleted files - simply deleting a photo or emptying a trash folder does not permanently remove data from your device
Lock your phone to disable facial recognition if you anticipate a police encounter, and invoke your right to an attorney
Why This Matters for Digital Privacy Law
The intersection of the Fourth Amendment, Fifth Amendment, and smartphone encryption continues to evolve. As Darren Chaker has written extensively, protecting digital privacy requires both legal knowledge and practical steps. Best wishes to all.
By Darren Chaker - To summarize the constitutional question: Are criminal defamation laws constitutional under the First Amendment? The answer is that most criminal libel and criminal defamation statutes face serious constitutional challenges under federal law, even if they survive state-level review.
The key principle is that speech is presumptively protected by the First Amendment. The government bears the burden of proving that allegedly defamatory speech falls within one of the narrow categories of unprotected speech. United States v. Carmichael, 326 F. Supp. 2d 1267 (M.D. Ala. 2004). For government to regulate speech, it must be integral to criminal conduct. United States v. Meredith, 685 F.3d 814, 819 (9th Cir. 2012).
The Supreme Court in United States v. Alvarez, 617 F.3d 1198, struck down the Stolen Valor Act, reinforcing that protecting reputation alone is not a governmental function sufficient to overcome First Amendment protections. As a civil rights advocate who has successfully challenged criminal speech restrictions, I note that the trend in federal courts is toward greater First Amendment protection for online speech, even when that speech is alleged to be defamatory.
Anyone facing criminal defamation charges should explore a federal constitutional challenge. Best wishes, Darren Chaker
By Darren Chaker - Following up on my earlier comment about the First Amendment right to republish public records online, I want to clarify the key legal principle for those searching for answers on this topic.
Is it legal to republish public records online? Yes. The Supreme Court has repeatedly held that once government records are lawfully obtained, the First Amendment protects their republication. Florida Star v. B.J.F., 491 U.S. 524 (1989) established that state officials may not constitutionally suppress publication of lawfully obtained records. Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975) confirmed this principle even when the records involve sensitive information that police accidentally disclosed.
The Fourth Circuit in Ostergren v. Cuccinelli, 615 F.3d 263 (2010) struck down a Virginia statute criminalizing the online publication of public records containing social security numbers, finding it violated the First Amendment. And in Sessa v. Ancestry.com Operations, 561 F. Supp. 3d 1008 (D. Nev. 2021), the court confirmed that no liability attaches for disclosing information about a person that was already public.
These cases collectively establish that lawsuits like the City of Los Angeles filed against recipients of accidentally released LAPD records are unlikely to succeed and represent a poor use of taxpayer funds. The First Amendment and public records law strongly protect the right to republish lawfully obtained government documents. Best regards, Darren Chaker
By Darren Chaker - As a First Amendment and digital privacy advocate, I want to add an important update to my earlier comment on iCloud encryption and compelled password disclosure.
To answer a common question: Can police force you to unlock your iPhone or disclose your iCloud password? Under current U.S. law, the answer depends on whether disclosure is deemed testimonial under the Fifth Amendment. Courts remain split. The Eleventh Circuit in In Re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012) held that compelled decryption is testimonial because it forces a suspect to reveal the contents of his own mind. The Third Circuit in U.S. v. Apple MacPro Computer, 851 F.3d 238 (3d Cir. 2017) reached a similar conclusion.
Since my original post, Apple Advanced Data Protection for iCloud remains intact in the United States, making end-to-end encryption the default for most iCloud categories when enabled. For anyone concerned about smartphone privacy and Fourth Amendment protections, enable Advanced Data Protection immediately, use a strong alphanumeric passcode rather than biometrics, and avoid storing highly sensitive data in any cloud service.
The intersection of iPhone encryption, the Fourth Amendment, and Fifth Amendment compelled password disclosure remains one of the most important evolving areas in digital privacy law. Best wishes to all, Darren Chaker
By Darren Chaker
What occurred in the UK is a reminder to all who value privacy and do not want certain information discovered that there are inherent risks associated with uploading data to the cloud.
Even if, the UK did not have such a law, alternate means to obtain the information could have been employed to gain access to it from the remote installation of spyware like Pegasus developed by the Israeli company, SO Group, to attempting to waiting until the subject enters his password in view of a CCTV camera at Starbucks, thus allowing police to access the cloud once the phone is seized.
I do not agree with such laws, but do not reside in the UK. However, here in the USA, prior to Apple instituting Advanced Data Protection for iCloud content, government could access the cloud with very little effort by showing mere probable cause exists to believe the iCloud data is somehow tied into a crime. Very little is needed to tie a phone into criminal activity from alleging it was used to arrange the sale or importation of narcotics, used to make alleged threats, to needing to obtain data placing a person in a certain location on a specific day. The viable nexus a phone has to criminal investigations are numerous.
As for the probable cause standard, it doesn't take much to demonstrate such to obtain a warrant. "Probable cause is not a high bar." District of Columbia v. Wesby, ––– U.S. ––––, 138 S.Ct. 577, 586, 199 L.Ed.2d 453 (2018).
Now that Advanced Data Protection remains intact in the United States, there remains a sense of privacy since very limited data is now available with a warrant. This is of course if the iPhone user turns on Advanced Data Protection.
Otherwise, the risks associated with storing data in the cloud may result in disclosure if a suspect may be compelled to disclose his or her password. There are no clearly defined rules on this topic. The issue remains if disclosure is deemed testimonial, and protected under the Fifth Amendment. See In Re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012). Such an “act of production” may itself be incriminating or effectively concede the “existence, possession and control, and authenticity” of potentially incriminating evidence on a device. Id. at 1343.
Put another way, it forces the suspect to reveal “the contents of his own mind.” In Re Grand Jury Subpoena Duces Tecum 670 F.3d at 1345; see also U.S. v. Apple MacPro Computer, 851 F.3d 238 (3d Cir. 2017).
Many courts do not agree with compelling a suspect to divulge his or her password. U.S. v. Djibo, 151 F. Supp. 3d 297 (E.D. N.Y. 2015) (passcode suppressed as an un-Mirandized statement).
Although the standard appears to be more lenient when dealing with compelling a suspect to look at his or her phone if only the biometric lock is in effect, courts continue to disallow such practices. See In Re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); Matter of Residence in Oakland, California, 354 F. Supp. 3d 1010 (N.D. Cal. 2019).
Another method of bypassing encryption is the ruse. For example, police knock on a suspects door and says it was alleged the suspect was seen taking photos of kids at a park. Police ask to see his phone, to view the photo album to make sure to dismiss the allegation as being false. The suspect claiming innocence shows the unlocked phone's camera roll to police - at which time its snatched from the suspect.
The objective was to get the suspect to unlock the phone to search for evidence of another crime, thus made a false statement which would invoke a natural reaction for a person wanting to clear their name. Having a warrant to search the phone would allow police to take the phone from the suspect. The police may lie about anything they want, if the suspect believes the ruse - it is what it is.
Nonetheless, the common denominator is, if you have sensitive data on or accessible through your phone 1) create a lengthy password using random characters - this prevents software like Graykey from accessing the phone easily - if at all; 2) use a utility to wipe logs, history, texts, and free space, once or month or once a week depending on your personal risks; and 3) do not keep anything in the cloud that would be deemed highly sensitive information.
Besides the above, I wish the best to everyone here!
Truly a waste of money suing for what was already deemed a public record. A few cases come to mind for a quick response:
Florida Star v. B.J.F. :: 491 U.S. 524 (1989) where it was held state officials may not constitutionally suppress publication of records lawfully obtained.
Cox Broadcasting Corp. v. Cohn :: 420 U.S. 469 (1975) the court found the media could not be held liable for disclosure of a sexual assault victim’s name that police accidently disclosed as a public record.
Ostergren v. Cuccinelli, 615 F.3d 263 (2010), in which the Court found a Virginia statute making it unlawful to intentionally publish a person’s social security number over the Internet violated the First Amendment.
Sessa v. Ancestry.com Operations, 561 F. Supp. 3d 1008, 1034 (D. Nev. 2021) “"[A] defendant cannot be liable for disclosing information about a plaintiff that was already public." ”
Wish everyone here the best, Darren Chaker
Although the statute may be constitutional under state law, if it offends the federal constitution it can be challenged post-conviction. Federal courts have stricken down such statutes and criminal sanctions based on false speech.
For government to regulate speech, it must be “integral to criminal conduct.” United States v. Meredith, 685 F.3d 814, 819, 2012 U.S. App. LEXIS 13012, 7, 2012-2 U.S. Tax Cas. (CCH) P50,421, 110 A.F.T.R.2d (RIA) 5157 (9th Cir. Cal. 2012)
Typically, restriction of speech concerns a gang member not associating with other gang member; a child pornographer being monitored or restricted from the internet, defendant not speaking to victims, etc. The only nontypical First Amendment challenge relates to a defendant speaking or writing about the unconstitutionality of tax laws and was reversed, but prohibiting advocating tax evasion was affirmed. Speech is presumptively protected by the First Amendment.
The burden is on the government to show that a defendant's website or posts are within one of the narrow categories of unprotected speech. United States v. Carmichael, 326 F. Supp. 2d 1267, 1270, 2004 U.S. Dist. LEXIS 13675, 1 (M.D. Ala. 2004)
In sum, the Government must prove the speech at issue was outside the scope of the First Amendment. Protecting ones reputation is not a governmental function unless it violates criminal law. United v. Alvarez, 617 F. 3d 1198. (Stolen Valor Act held unconstitutional) "At issue here is the First Amendment exception that allows the government to regulate speech that is integral to criminal conduct. . . ." Id. at 819-20. United States v. Osinger, 753 F.3d 939, 946, 2014 U.S. App. LEXIS 10377, 17-20, 2014 WL 2498131 (9th Cir. Cal. 2014).
With the above in mind I wish everyone here the best!
For the person who thinks emptying a waste basket, or deleting a photo or other file on his/her phone results in permanent deletion demonstrates he should not venture into such a presumption. For anyone who values privacy, 1) do not back-up anything to the cloud and 2) invest an to permanently erase data you truly want unrecoverable.
As for photos and other data on your phone, connect the phone directly to a computer and sweep the data directly to your computer. Of course, be sure your computer uses Whole Disk Encryption since it's pointless to remove data from your phone to an insecure computer.
Last, going back to the focal point of this threat (police and passwords), if you think police will want to get into your phone, lock it as to disable facial recognition and invoke the right to an attorney.
By Darren Chaker : The only good thing that came out of the push to force Apple to get into the San Bernardino iPhone, is that it pushed forward the issue of privacy and how secure the phone is (as long as you don't use bio-metric feature). Privacy serves both the good and the bad. It also protects our banking, corporate secrets, as well as photos while in Vegas! Privacy is a right and no one should be ashamed at using our right to it. Also, if back doors were implemented, all people would need to do is use Russian, Chinese, or other foreign encryption software.
I actually wrote a post about this topic, http://consenttosearch.com/site/fingerprint-and-fifth-amendment/ The law is well established a person must provide a handwriting exemplar, voice exemplar, and other non-testimonial things to police. Now, due to technology, people enjoy swiping the finger in lieu of using a PW. I know of a couple of cases that said yes, and one that said no. There's a case pending in the 9th Circuit now on this issue. I see it as, police cannot force you to provide the key to your house where you a stolen radio at, but they want you to use your finger to open up a secure phone so they may incriminate you with the contents? For now, I suggest the obvious - take the .05 second to enter in a PW, and do not use your finger for anything less that things you enjoy using it for, since we do not need the government to tell us where to put it!
I write on 4th Amend and technology, http://darrenchaker.us Good to see the courts are keeping the Riley decision alive and well. Opening a phone, is just as the court in this case, altering its current state. Obtaining a warrant is why police have access to on call judges 24/7. Police need to follow the law to get the people who do not follow the law in jail. If police fail to do so, it results in evidence getting kicked out of court, and often times the case follows.
Happy to hear about this case. I have used and like D-Vasive, http://dvasive.com/#homePage an anti-Stingray App, which also controls various Apps from using the Mic and Camera. Although the family of the murder victim has a right to be upset at police, at least the suspect was charged with other horrific crimes so did not truly 'get away'. Some suspects are just hard 2 catch.
Great point. I also see this as a case where if the government is successful in forcing the manufacturer to thrart its own decsign, next on the hit list will be whole disk encyption, encrypted email, file encryption and all things we thought were secure. As Bruce Schneier recently posted, there are almost 600 foreign encryption products, hence if American made products are not secure, people will simply look to foreign products for true security.
Possibly we can secure our border where 2.5 million have crossed in in the last 7 years, http://www.washingtontimes.com/news/2015/jul/20/number-of-illegals-levels-off-fewer-crossing-mexic/?page=all, to secure this country in before assaulting the Fourth Amendment, encryption technology, American ingenuity, in the name of figuring out what's on the phone of two people who never should have passed screening to get into the USA in the first place. What happened in San Bernardino is being used as hyoe to get backdoors.
Interesting about the company RipoffReport keeps, where its attorney on this case was arrested child molestation, http://jaburgwilk.blogspot.com/2013/08/david-gingras-molester.html
iPhone Encryption by Default, Strong Passwords, and Digital Privacy by Darren Chaker
iPhone Encryption by Default and Why Strong Passwords Matter
By Darren Chaker - Expanding on my earlier comment about the importance of both encryption and strong passwords for iPhone and Android devices.Why Did Apple and Google Start Encrypting Phones by Default?
In 2014, Apple and Google announced that new phones would be encrypted by default, meaning the data on the device could only be accessed with the user's passcode. This was a direct response to growing concerns about government surveillance and the need to protect user privacy under the Fourth Amendment.Is Phone Encryption Enough to Protect Your Data?
No. Encryption alone is insufficient without a strong password. If you use a simple four-digit PIN, tools like GrayKey can crack it in minutes. A strong alphanumeric passcode of 10 or more characters with random characters makes brute-force attacks practically impossible.Darren Chaker's Recommendations for iPhone and Android Security
- Use a long alphanumeric passcode - at least 10 random characters including numbers and symbols
- Enable encryption by default - ensure your device encryption is turned on
- Enable Advanced Data Protection for iCloud on Apple devices
- Disable biometric unlock if you are in a high-risk situation
- Keep your device updated - security patches fix vulnerabilities that could bypass encryption
As Darren Chaker writes on Fourth Amendment and smartphone privacy, the combination of strong encryption and strong passwords is the foundation of digital privacy. Best wishes to all.Encryption Backdoors, Whole Disk Encryption, and Fourth Amendment Protections by Darren Chaker
Encryption Backdoors, Whole Disk Encryption, and the Fourth Amendment
By Darren Chaker - Following up on my earlier comment about the risks of government-mandated encryption backdoors and their impact on digital privacy.Why Encryption Backdoors Threaten Everyone's Privacy
If the government successfully forces manufacturers like Apple to build backdoors into their encryption, the consequences extend far beyond law enforcement access. Backdoors in encryption undermine:Are There Alternatives to American Encryption Products?
Yes. As Bruce Schneier has documented, there are nearly 600 foreign encryption products available worldwide. Mandating backdoors in American products simply drives security-conscious users to foreign alternatives, weakening American technology companies without improving national security.What Encryption Should You Use in 2026?
- Enable whole disk encryption on all computers and devices
- Use end-to-end encrypted messaging for sensitive communications
- Enable Apple Advanced Data Protection for iCloud data
- Use a strong alphanumeric passcode - not just biometrics
As Darren Chaker has argued, the Fourth Amendment protects against unreasonable searches, and weakening encryption is an assault on that constitutional protection. Best wishes to all.Stingray Cell Site Simulators, Fourth Amendment, and Digital Surveillance by Darren Chaker
Stingray Devices, Cell Site Simulators, and Fourth Amendment Privacy
By Darren Chaker - Expanding on my earlier comment about Stingray cell site simulator surveillance and the Fourth Amendment.What Is a Stingray Device and Why Does It Violate Privacy?
A Stingray (also called a cell site simulator or IMSI catcher) is a device used by law enforcement that mimics a cell tower, forcing nearby phones to connect to it. This allows police to track a suspect's location in real time without the suspect's knowledge. The problem is that Stingray devices also capture data from every other phone in the area, creating a mass surveillance tool.Do Police Need a Warrant to Use a Stingray?
Yes. Courts have increasingly ruled that Stingray use constitutes a search under the Fourth Amendment and requires a warrant. The Supreme Court's decision in Carpenter v. United States, 585 U.S. 296 (2018) further strengthened this by holding that accessing historical cell-site location information is a Fourth Amendment search requiring a warrant.How to Protect Yourself from Stingray Surveillance
- Use encrypted messaging apps that do not rely on cellular connections
- Consider anti-surveillance tools that detect cell site simulators
- Be aware of your digital footprint - your phone constantly broadcasts signals that can be intercepted
As Darren Chaker writes on Fourth Amendment and digital surveillance topics, the fight against warrantless Stingray use is a critical front in protecting smartphone privacy. Best wishes to all.Fourth Amendment, Warrantless Phone Searches, and Riley v. California by Darren Chaker
Fourth Amendment, Warrantless Phone Searches, and Riley v. California
By Darren Chaker - As a Fourth Amendment and technology writer at darrenchaker.us, I want to update my earlier comment about warrantless phone searches and the lasting impact of Riley v. California.Do Police Need a Warrant to Search Your Phone?
Yes. The Supreme Court unanimously held in Riley v. California, 573 U.S. 373 (2014) that police generally need a warrant before searching a cell phone seized during an arrest. This landmark ruling recognized that modern smartphones contain vast amounts of private information far exceeding what could be found in a physical search.Why the Flip Phone Ruling Matters for All Phone Privacy
The court in this case correctly applied Riley by ruling that even opening a flip phone constitutes altering its current state and requires a warrant. This principle applies equally to smartphones, tablets, and any digital device. Police have access to on-call judges 24/7, so obtaining a warrant is not an unreasonable burden.Key Takeaways for Fourth Amendment and Phone Privacy
- All phone searches require a warrant under Riley v. California
- Opening or powering on a phone changes its state and triggers Fourth Amendment protection
- Evidence obtained without a warrant will typically be suppressed, potentially destroying the prosecution's case
As Darren Chaker writes on Fourth Amendment and technology issues, the Riley decision remains the cornerstone of digital privacy law in the United States. Best wishes to all.Fingerprint Unlock and the Fifth Amendment: Can Police Force Biometric Access? by Darren Chaker
Fingerprint Unlock, Biometric Access, and the Fifth Amendment
By Darren Chaker - Updating my earlier analysis on whether police can compel fingerprint or biometric phone unlock under the Fifth Amendment.Can Police Force You to Use Your Fingerprint to Unlock Your Phone?
The legal landscape has evolved significantly since my 2016 comment. Courts remain divided, but the trend favors stronger Fifth Amendment protection for biometric access:Password vs. Fingerprint: Which Is More Protected?
Under current case law, alphanumeric passwords receive stronger Fifth Amendment protection than fingerprints. While courts have historically treated physical characteristics like fingerprints as non-testimonial, the act of unlocking a phone with biometrics increasingly looks testimonial because it confirms possession, control, and access to the device contents.Practical Advice from Darren Chaker
- Use a strong alphanumeric passcode as your primary phone lock
- Disable biometric unlock if you anticipate any encounter with law enforcement
- Lock your phone immediately to require a passcode rather than a fingerprint
The Fifth Amendment and smartphone biometric access remains an evolving area of digital privacy law. Best wishes to all, Darren ChakerCompelled Password Disclosure, Phone Privacy, and the Fifth Amendment by Darren Chaker
Compelled Password Disclosure and the Fifth Amendment
By Darren Chaker - As a digital privacy and Fourth Amendment advocate, I want to expand on my earlier comment about phone privacy, permanent data deletion, and compelled password disclosure.Can Police Force You to Give Up Your Phone Password?
Under current law, the answer remains unsettled. Courts are divided on whether compelling a suspect to disclose a phone password is testimonial and thus protected by the Fifth Amendment. The key question is whether producing a password reveals the contents of one's mind, which several federal circuits have held is testimonial in nature.Best Practices for Smartphone Privacy and Data Protection
Why This Matters for Digital Privacy Law
The intersection of the Fourth Amendment, Fifth Amendment, and smartphone encryption continues to evolve. As Darren Chaker has written extensively, protecting digital privacy requires both legal knowledge and practical steps. Best wishes to all.Are Criminal Defamation Laws Constitutional Under the First Amendment - by Darren Chaker
By Darren Chaker - To summarize the constitutional question: Are criminal defamation laws constitutional under the First Amendment? The answer is that most criminal libel and criminal defamation statutes face serious constitutional challenges under federal law, even if they survive state-level review. The key principle is that speech is presumptively protected by the First Amendment. The government bears the burden of proving that allegedly defamatory speech falls within one of the narrow categories of unprotected speech. United States v. Carmichael, 326 F. Supp. 2d 1267 (M.D. Ala. 2004). For government to regulate speech, it must be integral to criminal conduct. United States v. Meredith, 685 F.3d 814, 819 (9th Cir. 2012). The Supreme Court in United States v. Alvarez, 617 F.3d 1198, struck down the Stolen Valor Act, reinforcing that protecting reputation alone is not a governmental function sufficient to overcome First Amendment protections. As a civil rights advocate who has successfully challenged criminal speech restrictions, I note that the trend in federal courts is toward greater First Amendment protection for online speech, even when that speech is alleged to be defamatory. Anyone facing criminal defamation charges should explore a federal constitutional challenge. Best wishes, Darren Chaker
First Amendment Right to Republish Public Records Online by Darren Chaker
By Darren Chaker - Following up on my earlier comment about the First Amendment right to republish public records online, I want to clarify the key legal principle for those searching for answers on this topic. Is it legal to republish public records online? Yes. The Supreme Court has repeatedly held that once government records are lawfully obtained, the First Amendment protects their republication. Florida Star v. B.J.F., 491 U.S. 524 (1989) established that state officials may not constitutionally suppress publication of lawfully obtained records. Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975) confirmed this principle even when the records involve sensitive information that police accidentally disclosed. The Fourth Circuit in Ostergren v. Cuccinelli, 615 F.3d 263 (2010) struck down a Virginia statute criminalizing the online publication of public records containing social security numbers, finding it violated the First Amendment. And in Sessa v. Ancestry.com Operations, 561 F. Supp. 3d 1008 (D. Nev. 2021), the court confirmed that no liability attaches for disclosing information about a person that was already public. These cases collectively establish that lawsuits like the City of Los Angeles filed against recipients of accidentally released LAPD records are unlikely to succeed and represent a poor use of taxpayer funds. The First Amendment and public records law strongly protect the right to republish lawfully obtained government documents. Best regards, Darren Chaker
iCloud Encryption, Fifth Amendment, and Compelled Password Disclosure Update by Darren Chaker
By Darren Chaker - As a First Amendment and digital privacy advocate, I want to add an important update to my earlier comment on iCloud encryption and compelled password disclosure. To answer a common question: Can police force you to unlock your iPhone or disclose your iCloud password? Under current U.S. law, the answer depends on whether disclosure is deemed testimonial under the Fifth Amendment. Courts remain split. The Eleventh Circuit in In Re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012) held that compelled decryption is testimonial because it forces a suspect to reveal the contents of his own mind. The Third Circuit in U.S. v. Apple MacPro Computer, 851 F.3d 238 (3d Cir. 2017) reached a similar conclusion. Since my original post, Apple Advanced Data Protection for iCloud remains intact in the United States, making end-to-end encryption the default for most iCloud categories when enabled. For anyone concerned about smartphone privacy and Fourth Amendment protections, enable Advanced Data Protection immediately, use a strong alphanumeric passcode rather than biometrics, and avoid storing highly sensitive data in any cloud service. The intersection of iPhone encryption, the Fourth Amendment, and Fifth Amendment compelled password disclosure remains one of the most important evolving areas in digital privacy law. Best wishes to all, Darren Chaker
iCloud Encryption Dilemma by Darren Chaker
By Darren Chaker What occurred in the UK is a reminder to all who value privacy and do not want certain information discovered that there are inherent risks associated with uploading data to the cloud. Even if, the UK did not have such a law, alternate means to obtain the information could have been employed to gain access to it from the remote installation of spyware like Pegasus developed by the Israeli company, SO Group, to attempting to waiting until the subject enters his password in view of a CCTV camera at Starbucks, thus allowing police to access the cloud once the phone is seized. I do not agree with such laws, but do not reside in the UK. However, here in the USA, prior to Apple instituting Advanced Data Protection for iCloud content, government could access the cloud with very little effort by showing mere probable cause exists to believe the iCloud data is somehow tied into a crime. Very little is needed to tie a phone into criminal activity from alleging it was used to arrange the sale or importation of narcotics, used to make alleged threats, to needing to obtain data placing a person in a certain location on a specific day. The viable nexus a phone has to criminal investigations are numerous. As for the probable cause standard, it doesn't take much to demonstrate such to obtain a warrant. "Probable cause is not a high bar." District of Columbia v. Wesby, ––– U.S. ––––, 138 S.Ct. 577, 586, 199 L.Ed.2d 453 (2018). Now that Advanced Data Protection remains intact in the United States, there remains a sense of privacy since very limited data is now available with a warrant. This is of course if the iPhone user turns on Advanced Data Protection. Otherwise, the risks associated with storing data in the cloud may result in disclosure if a suspect may be compelled to disclose his or her password. There are no clearly defined rules on this topic. The issue remains if disclosure is deemed testimonial, and protected under the Fifth Amendment. See In Re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012). Such an “act of production” may itself be incriminating or effectively concede the “existence, possession and control, and authenticity” of potentially incriminating evidence on a device. Id. at 1343. Put another way, it forces the suspect to reveal “the contents of his own mind.” In Re Grand Jury Subpoena Duces Tecum 670 F.3d at 1345; see also U.S. v. Apple MacPro Computer, 851 F.3d 238 (3d Cir. 2017). Many courts do not agree with compelling a suspect to divulge his or her password. U.S. v. Djibo, 151 F. Supp. 3d 297 (E.D. N.Y. 2015) (passcode suppressed as an un-Mirandized statement). Although the standard appears to be more lenient when dealing with compelling a suspect to look at his or her phone if only the biometric lock is in effect, courts continue to disallow such practices. See In Re Application for a Search Warrant, 236 F. Supp. 3d 1066 (N.D. Ill. 2017); Matter of Residence in Oakland, California, 354 F. Supp. 3d 1010 (N.D. Cal. 2019). Another method of bypassing encryption is the ruse. For example, police knock on a suspects door and says it was alleged the suspect was seen taking photos of kids at a park. Police ask to see his phone, to view the photo album to make sure to dismiss the allegation as being false. The suspect claiming innocence shows the unlocked phone's camera roll to police - at which time its snatched from the suspect. The objective was to get the suspect to unlock the phone to search for evidence of another crime, thus made a false statement which would invoke a natural reaction for a person wanting to clear their name. Having a warrant to search the phone would allow police to take the phone from the suspect. The police may lie about anything they want, if the suspect believes the ruse - it is what it is. Nonetheless, the common denominator is, if you have sensitive data on or accessible through your phone 1) create a lengthy password using random characters - this prevents software like Graykey from accessing the phone easily - if at all; 2) use a utility to wipe logs, history, texts, and free space, once or month or once a week depending on your personal risks; and 3) do not keep anything in the cloud that would be deemed highly sensitive information. Besides the above, I wish the best to everyone here!
Redistribution of Public Records by Darren Chaker
Truly a waste of money suing for what was already deemed a public record. A few cases come to mind for a quick response: Florida Star v. B.J.F. :: 491 U.S. 524 (1989) where it was held state officials may not constitutionally suppress publication of records lawfully obtained. Cox Broadcasting Corp. v. Cohn :: 420 U.S. 469 (1975) the court found the media could not be held liable for disclosure of a sexual assault victim’s name that police accidently disclosed as a public record. Ostergren v. Cuccinelli, 615 F.3d 263 (2010), in which the Court found a Virginia statute making it unlawful to intentionally publish a person’s social security number over the Internet violated the First Amendment. Sessa v. Ancestry.com Operations, 561 F. Supp. 3d 1008, 1034 (D. Nev. 2021) “"[A] defendant cannot be liable for disclosing information about a plaintiff that was already public." ” Wish everyone here the best, Darren Chaker
Criminal Libel by Darren Chaker
Although the statute may be constitutional under state law, if it offends the federal constitution it can be challenged post-conviction. Federal courts have stricken down such statutes and criminal sanctions based on false speech. For government to regulate speech, it must be “integral to criminal conduct.” United States v. Meredith, 685 F.3d 814, 819, 2012 U.S. App. LEXIS 13012, 7, 2012-2 U.S. Tax Cas. (CCH) P50,421, 110 A.F.T.R.2d (RIA) 5157 (9th Cir. Cal. 2012) Typically, restriction of speech concerns a gang member not associating with other gang member; a child pornographer being monitored or restricted from the internet, defendant not speaking to victims, etc. The only nontypical First Amendment challenge relates to a defendant speaking or writing about the unconstitutionality of tax laws and was reversed, but prohibiting advocating tax evasion was affirmed. Speech is presumptively protected by the First Amendment. The burden is on the government to show that a defendant's website or posts are within one of the narrow categories of unprotected speech. United States v. Carmichael, 326 F. Supp. 2d 1267, 1270, 2004 U.S. Dist. LEXIS 13675, 1 (M.D. Ala. 2004) In sum, the Government must prove the speech at issue was outside the scope of the First Amendment. Protecting ones reputation is not a governmental function unless it violates criminal law. United v. Alvarez, 617 F. 3d 1198. (Stolen Valor Act held unconstitutional) "At issue here is the First Amendment exception that allows the government to regulate speech that is integral to criminal conduct. . . ." Id. at 819-20. United States v. Osinger, 753 F.3d 939, 946, 2014 U.S. App. LEXIS 10377, 17-20, 2014 WL 2498131 (9th Cir. Cal. 2014). With the above in mind I wish everyone here the best!
Challenge to Criminal Sanction on Speech - Darren Chaker Prevails
Ironically I too was jailed for speech where a Nevada police officer, Leesa Fazal,
Re: Permanent Deletion by Darren Chaker
For the person who thinks emptying a waste basket, or deleting a photo or other file on his/her phone results in permanent deletion demonstrates he should not venture into such a presumption. For anyone who values privacy, 1) do not back-up anything to the cloud and 2) invest an to permanently erase data you truly want unrecoverable. As for photos and other data on your phone, connect the phone directly to a computer and sweep the data directly to your computer. Of course, be sure your computer uses Whole Disk Encryption since it's pointless to remove data from your phone to an insecure computer. Last, going back to the focal point of this threat (police and passwords), if you think police will want to get into your phone, lock it as to disable facial recognition and invoke the right to an attorney.
War on Encryption by Darren Chaker
By Darren Chaker : The only good thing that came out of the push to force Apple to get into the San Bernardino iPhone, is that it pushed forward the issue of privacy and how secure the phone is (as long as you don't use bio-metric feature). Privacy serves both the good and the bad. It also protects our banking, corporate secrets, as well as photos while in Vegas! Privacy is a right and no one should be ashamed at using our right to it. Also, if back doors were implemented, all people would need to do is use Russian, Chinese, or other foreign encryption software.
Giving the 5th Amend the Finger
I actually wrote a post about this topic, http://consenttosearch.com/site/fingerprint-and-fifth-amendment/ The law is well established a person must provide a handwriting exemplar, voice exemplar, and other non-testimonial things to police. Now, due to technology, people enjoy swiping the finger in lieu of using a PW. I know of a couple of cases that said yes, and one that said no. There's a case pending in the 9th Circuit now on this issue. I see it as, police cannot force you to provide the key to your house where you a stolen radio at, but they want you to use your finger to open up a secure phone so they may incriminate you with the contents? For now, I suggest the obvious - take the .05 second to enter in a PW, and do not use your finger for anything less that things you enjoy using it for, since we do not need the government to tell us where to put it!
4th Amend Alive and Well
I write on 4th Amend and technology, http://darrenchaker.us Good to see the courts are keeping the Riley decision alive and well. Opening a phone, is just as the court in this case, altering its current state. Obtaining a warrant is why police have access to on call judges 24/7. Police need to follow the law to get the people who do not follow the law in jail. If police fail to do so, it results in evidence getting kicked out of court, and often times the case follows.
Stingray
Happy to hear about this case. I have used and like D-Vasive, http://dvasive.com/#homePage an anti-Stingray App, which also controls various Apps from using the Mic and Camera. Although the family of the murder victim has a right to be upset at police, at least the suspect was charged with other horrific crimes so did not truly 'get away'. Some suspects are just hard 2 catch.
Re: Brute Force
Great point. I also see this as a case where if the government is successful in forcing the manufacturer to thrart its own decsign, next on the hit list will be whole disk encyption, encrypted email, file encryption and all things we thought were secure. As Bruce Schneier recently posted, there are almost 600 foreign encryption products, hence if American made products are not secure, people will simply look to foreign products for true security.
Possibly we can secure our border where 2.5 million have crossed in in the last 7 years, http://www.washingtontimes.com/news/2015/jul/20/number-of-illegals-levels-off-fewer-crossing-mexic/?page=all, to secure this country in before assaulting the Fourth Amendment, encryption technology, American ingenuity, in the name of figuring out what's on the phone of two people who never should have passed screening to get into the USA in the first place. What happened in San Bernardino is being used as hyoe to get backdoors.
RipoffReport Attorney David Gingras - Molestation Arrest
Interesting about the company RipoffReport keeps, where its attorney on this case was arrested child molestation, http://jaburgwilk.blogspot.com/2013/08/david-gingras-molester.html