The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-
It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn’t bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
Use GrapheneOS so you can “unlock” your phone and enter the wipe code instead.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any “evidence” by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
Always back up anything you don’t want to loose.
How should I protect the backups? Same story?
Your backups aren’t nearly as likely to be subject to an immediate civil forfiture as a phone is. Cops don’t need a judicial warrent to take your phone, but they do need one to search your home legally, and if you do your offsite backups in another country, they would need the cooperation of the local authorities of that country. Strong encryption can provide a relatively safe barrier for offsite backups.
Also, it’s possible to have some things that may only exist on your phone and not your server/backup system(easy biometric unlock for a password manager, or encrypted chat logs, to name a few examples).
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when ‘at rest’, ie shutdown.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn’t fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
Also, don’t take your phone to protests. ACAB.
Wear clothing that can’t identify you. Hide tattoos and anything that might make you stand out. Get clothes from a free giveaway place, without cameras. Walk a bit differently if you need to.
Cover your face and cover surveillance cameras, or break them, or hack them (do the latter two only if you know what you’re doing).
Wear a body cam. Get bear and pepper spray. Pigs can fucking get it.
