Florida appeals court orders man to surrender iPhone passcode

Posted:
in iPhone
A Florida man accused of voyeurism can be forced to share the passcode of his iPhone 5, the state's Second District Court of Appeals ruled this week, potentially challenging established interpretations of the Fifth Amendment.




The suspect, Aaron Stahl, originally gave verbal consent for police to search his iPhone for photos, but withdrew it before sharing his passcode, Courthouse News said. Police obtained a warrant for the phone, but were still unable to access its contents -- since iOS 8, the encryption on iPhones makes it virtually impossible to extract data without a passcode or Touch ID, especially since a device can be set to auto-erase after 10 failed passcode attempts.

In some other U.S. cases police have been able to compel people to supply a Touch ID unlock, but the iPhone 5 lacks the appropriate sensor, and regardless there's only a limited window in which iOS will accept Touch ID input without re-entering a passcode.

A trial judge initially denied a state motion that would force Stahl to surrender his passcode, saying it would violate Fifth Amendment protections against self-incriminating testimony. Precedent for this was set in a 1988 Supreme Court decision, which suggested that while a person could be forced to turn over a key to a strongbox, for instance, they couldn't be made to share the combination to a safe.

Writing on behalf of a three-judge panel however, appeals court judge Anthony Black questioned "whether identifying the key which will open the strongbox -- such that the key is surrendered -- is, in fact, distinct from telling an officer the combination," as well as the viability of any such argument with growing advances in technology.

"Unquestionably, the State established, with reasonable particularity, its knowledge of the existence of the passcode, Stahl's control or possession of the passcode, and the self-authenticating nature of the passcode. This is a case of surrender and not testimony."

Such disputes have intensified in the past year following Apple's refusal to write a backdoor into the iPhone of San Bernardino shooter Syed Rizwan Farook. To date Apple and other encryption supporters have typically come out on top, but are still facing challenges from politicians, spy agencies, and law enforcement concerned that criminals and terrorists may be "going dark" to surveillance.
«1

Comments

  • Reply 1 of 40
    macxpressmacxpress Posts: 5,930member
    What if you were just to put it in wrong 10 times and let it erase itself?
    hydrogenlongpathairnerdchasm
  • Reply 2 of 40
    macxpress said:
    What if you were just to put it in wrong 10 times and let it erase itself?
    First, you can't just sit there and enter a passcode 10 times, as after the first five attempts you start getting longer and longer "timeout" periods between entry attempts. It can take over two hours to enter 10 failed passcodes, and I'm pretty sure the cops aren't going to just hand you the phone and sit around while you do your best to erase it. (Or even simply try to smash it.)

    What Apple needs to do is let the user setup a "self-destruct" passcode that, if entered, deletes user data for all/selected apps. (Tying this to a specific fingerprint wouldn't hurt things either.)

    Being able to delete selected applications or wipe application data is key, as typically you'd like the authorities to think they're looking at an ordinary phone, while in reality you've deleted all of the app data for Message or Facebook or Twitter or Mail, protecting that information and those communications and contacts.
    edited December 2016 longpathbaconstangrazormaidchasmjony0
  • Reply 3 of 40
    jsmythe00 said:
    ant convict for having a bad memory 
    I guess you've never heard of "contempt of court"?
    lostkiwi
  • Reply 4 of 40
    eightzeroeightzero Posts: 3,142member
    I heard that if you type your passcode in backwards, it alerts the police.

    Wait...
    chasm
  • Reply 5 of 40
    rob53rob53 Posts: 3,300member
    "Unquestionably, the State established, with reasonable particularity, its knowledge of the existence of the passcode, Stahl's control or possession of the passcode, and the self-authenticating nature of the passcode. This is a case of surrender and not testimony."

    Talk about twisting the law to meet your own needs. I don't condone what this person is alleged to have done but you don't set legal precedent on a case like this. One person's voyeurism is another's business (paparazzi), and a well paid one at that! Add all the YouTube videos drunken young (and older) adults posts and why is this person even in court? They have witnesses who saw him take the photos, just fine him for a misdemeanor and quit wasting our taxpayers money.
    boltsfan17lostkiwigeorgie01zoetmblongpathHerbivore2badmonkration albaconstang
  • Reply 6 of 40
    What's to say he hasn't "forgotten" the passcode now? The stress of the situation has maybe blurred his memory, I know there has been times I've completely forgotten my ATM pincode for an entire day then it suddenly came back to me the next day as if it was second nature to enter it. They would then have to prove contempt of court on whether he genuinely forgot or not, and how the hell do you "prove" that one way or another?!
  • Reply 7 of 40
    People who feel strongly on both sides of the issue -- and there are very good arguments on both sides -- see it in black-and-white terms, unfortunately.

    For the "liberty or death" types, what if this was a ticking time bomb that might kill or maim you friends or family, for instance? Would you feel differently? Similarly, for the "allow the police to see the iPhone's content at all times" types, what about the slippery slope that essentially invites government intrusion of all sorts into your private life, including family communications, lawyer communications, finances, health records, trade secrets, browsing habits... in fact, why not just allow the government to tap all connected devices all the time and store everything in a giant database?

    As always, it is a matter of balance. That is why we have courts. Hopefully, an efficient process can be set up, and it is one that looks at the modalities of a particular case to decide. Of course, this assumes that we have courts and judges that are sensible, and not like the brazenly craven FISA court that is a rubber stamp for the spooks in the executive branch.
    jSnively
  • Reply 8 of 40
    zimmiezimmie Posts: 651member
    hmlongco said:
    macxpress said:
    What if you were just to put it in wrong 10 times and let it erase itself?
    First, you can't just sit there and enter a passcode 10 times, as after the first five attempts you start getting longer and longer "timeout" periods between entry attempts. It can take over two hours to enter 10 failed passcodes, and I'm pretty sure the cops aren't going to just hand you the phone and sit around while you do your best to erase it. (Or even simply try to smash it.)

    What Apple needs to do is let the user setup a "self-destruct" passcode that, if entered, deletes user data for all/selected apps. (Tying this to a specific fingerprint wouldn't hurt things either.)

    Being able to delete selected applications or wipe application data is key, as typically you'd like the authorities to think they're looking at an ordinary phone, while in reality you've deleted all of the app data for Message or Facebook or Twitter or Mail, protecting that information and those communications and contacts.
    This is typically called a "duress code". Law enforcement and the various security services use them to allow someone to alert colleagues that something is wrong, ideally without also alerting people who may be eavesdropping. For example, many police departments have a particular code phrase they change on a regular basis. If an officer uses this phrase over the radio, the others know he is not able to speak freely.

    Agreed, this functionality would be really nice in iOS. It would be hard to justify, though.
    edited December 2016
  • Reply 9 of 40
    tshapitshapi Posts: 372member
    They will label it contempt of court. But they wil argue it demonstrates guilt since he Willingly forgot or attempted to delete incriminatory information. 
  • Reply 10 of 40
    netroxnetrox Posts: 1,495member
    Frightening ruling. 
  • Reply 11 of 40
    hmlongco said:
    [...]
    What Apple needs to do is let the user setup a "self-destruct" passcode that, if entered, deletes user data for all/selected apps. (Tying this to a specific fingerprint wouldn't hurt things either.)

    Being able to delete selected applications or wipe application data is key, as typically you'd like the authorities to think they're looking at an ordinary phone, while in reality you've deleted all of the app data for Message or Facebook or Twitter or Mail, protecting that information and those communications and contacts.
    "0-0-0-Destruct-1"

    Everyone knows that
    larrya[Deleted User]
  • Reply 12 of 40
    macxpress said:
    What if you were just to put it in wrong 10 times and let it erase itself?
    Wouldn't work, the courts aren't asking the guy to enter the code him self, they are asking for him to verbally surrender the pass code which these tree judges are strangely treating as a kind of tangible object to be surrendered at legally forcible seizure of physical evidence or physical access to such evidence, well outside the provisions of the 5th' I think, very cleaver, in their view they aren't asking the guynto say something that might incriminate him, they are asking for warrant authorised access to a locked object "box" called iPhone and to do so they require the key that unlocks it, and it is supposedly possessed as knowledge by the owner of the box and legally they find they have grounds to procure the key from said owner. "CUTE" This crap probably wouldn't survive rigorous scrutiny at a higher level but who ever is representing this guy could just buckle and tell the guy to surrender the code setting great president. It's a cleaver work around but all the guy has to say is that he can't seem to remember the combo, that woul be equivalent to loosing a key to a safe and no one can prove otherwise
    georgie01
  • Reply 13 of 40
    So now you can accuse someone of voyeurism in order to get their phone password and use the access for anything else, voyeurism being the "master access code".
    hydrogenbadmonkbaconstang
  • Reply 14 of 40

     Precedent for this was set in a 1988 Supreme Court decision, which suggested that while a person could be forced to turn over a key to a strongbox, for instance, they couldn't be made to share the combination to a safe.

    Writing on behalf of a three-judge panel however, appeals court judge Anthony Black questioned "whether identifying the key which will open the strongbox -- such that the key is surrendered -- is, in fact, distinct from telling an officer the combination," as well as the viability of any such argument with growing advances in technology.

    If you can't be forced to hand over the combination to a safe, how is the combination to a phone any different? And don't you always have the right to remain silent? It seems like this would be covered by the fifth amendment.
    larryalinkmanration alicoco3
  • Reply 15 of 40
    hmlongco said:
    jsmythe00 said:
    ant convict for having a bad memory 
    I guess you've never heard of "contempt of court"?
    Not really, its contempt if its done with the forethought and intent to defeat the ends of justice I think, an assertion that requires proving, but no one can prove that you can still remember something when you claim you can't all they can assert is unreasonableness, how reasonable is it that something a person does daily such as entering a passcode can suddenly be forgotten, and that is quite a different argument altogether, could get quite interesting
  • Reply 16 of 40

     Precedent for this was set in a 1988 Supreme Court decision, which suggested that while a person could be forced to turn over a key to a strongbox, for instance, they couldn't be made to share the combination to a safe.

    Writing on behalf of a three-judge panel however, appeals court judge Anthony Black questioned "whether identifying the key which will open the strongbox -- such that the key is surrendered -- is, in fact, distinct from telling an officer the combination," as well as the viability of any such argument with growing advances in technology.

    If you can't be forced to hand over the combination to a safe, how is the combination to a phone any different? And don't you always have the right to remain silent? It seems like this would be covered by the fifth amendment.
    The court is wrong about this so hopefully the defendant takes it to a higher court. There was a case similar to this one and the federal court ruled providing a password is self incrimination so its a violation of the 5th Amendment. 

    https://en.wikipedia.org/wiki/United_States_v._Kirschner
    edited December 2016 ration alSpamSandwichretrogustor00fus1
  • Reply 17 of 40
    NemWanNemWan Posts: 118member
    People who feel strongly on both sides of the issue -- and there are very good arguments on both sides -- see it in black-and-white terms, unfortunately.

    For the "liberty or death" types, what if this was a ticking time bomb that might kill or maim you friends or family, for instance? Would you feel differently? Similarly, for the "allow the police to see the iPhone's content at all times" types, what about the slippery slope that essentially invites government intrusion of all sorts into your private life, including family communications, lawyer communications, finances, health records, trade secrets, browsing habits... in fact, why not just allow the government to tap all connected devices all the time and store everything in a giant database?

    As always, it is a matter of balance. That is why we have courts. Hopefully, an efficient process can be set up, and it is one that looks at the modalities of a particular case to decide. Of course, this assumes that we have courts and judges that are sensible, and not like the brazenly craven FISA court that is a rubber stamp for the spooks in the executive branch.

    The ticking-time-bomb scenario is easy to dramatize but difficult to encounter. It's extraordinarily chancy that the combination of factors would occur: law enforcement actually catching someone in the act, gaining control and accurate knowledge of all aspects of the situation, except for one terrible thing that will still happen and can't be stopped in any way except with a passcode in exclusive possession of one person they also have control and accurate knowlege of. This is one-in-a-billion stuff — absolutely not what policy should be based upon, because the routine use of that policy will be in much more mundane, non-emergency situations that lack similar emotional urgency.
  • Reply 18 of 40
    zoetmbzoetmb Posts: 2,656member
    adm1 said:
    What's to say he hasn't "forgotten" the passcode now? The stress of the situation has maybe blurred his memory, I know there has been times I've completely forgotten my ATM pincode for an entire day then it suddenly came back to me the next day as if it was second nature to enter it. They would then have to prove contempt of court on whether he genuinely forgot or not, and how the hell do you "prove" that one way or another?!
    True.  In fact, I'm running an update on my phone right now and it asked me for the passcode.  Strangely, if it asked me on the regular sign-on screen, I would remember it.  But because this screen is slightly different, I got thrown and threw a blank for a bit.   And that happens to me quite often:  I forget passwords if I don't use them every day or almost every day.  

    But I'm puzzled about one thing:  how old is his iPhone?  Because if he has fingerprint control turned on, they don't need his passcode, only his finger.   I wonder why this didn't come up in court - even if the court ruled that he "has to" provide the passcode, would he be forced to use his finger to open the phone?


  • Reply 19 of 40
    hmlongco said:
    [...]
    What Apple needs to do is let the user setup a "self-destruct" passcode that, if entered, deletes user data for all/selected apps. (Tying this to a specific fingerprint wouldn't hurt things either.)

    Being able to delete selected applications or wipe application data is key, as typically you'd like the authorities to think they're looking at an ordinary phone, while in reality you've deleted all of the app data for Message or Facebook or Twitter or Mail, protecting that information and those communications and contacts.
    "0-0-0-Destruct-1"

    Everyone knows that
    That's tempering with evidence, at this juncture the phone is now the property of law enforcement, if you knowingly enter an incorrect passcode with the intention of destroying police evidence you will be convicted as though the original accusation was well proven thus adding what ever terms that particular crime carries in addition to doing the opposite of what the court ordered you do, remember its not a request, it's a demand that carries punishment if not followed to the letter that's why Apple can't refuse court orders, and can't mess with the information in their own servers because as soon as the order is rendered what ever is requested is thence owned by the authorities, well at least that's how it is over here
    icoco3xamax
  • Reply 20 of 40
    macxpress said:
    What if you were just to put it in wrong 10 times and let it erase itself?
    Then you are charged with destroying evidence I'd imagine. 

    There is always a way for authorities to get you, if they REALLY want.
Sign In or Register to comment.