All we really need is a real passcode, and then a second special passcode that wipes the phone instantly if typed.
so, my normal code might be 123456, but if someone asks what my code is and I say 345678, then the phone does a data wipe that isn't obvious from the outside, and just deletes all credentials, cookies, history, documents, etc.
Not a new idea. There has long been a meme going around that if you enter your ATM PIN backwards, it will let you access your bank account but silently calls the police to your location (AFAIK it's just an urban myth). False passwords have a much older history than that.
Investigators are going to take a very dim view of such events, and probably didn't get to the point of demanding access without having documented sensible reason to believe the evidence is there - and may very well have actionable proof that you destroyed evidence, which will not turn out in your favor.
Not really, no, because it turns out cops aren't actually stupid. When they arrest you and take your phone (or anything electronic, really) the first thing they do is clone the memory. You might succeed in wiping out a copy by giving them the alternate password, but that's just going to add to your charge list.
There was a case a few years back (discussed on HN) where a gang had software installed on everyone's phone that caused a remote wipe when activated. The cops did a big raid, and even though they took everyone's phone someone they hadn't caught yet was able to wipe them.
The cops changed their SOP so that when they get ahold of your phone the first thing they do is yank the battery.
You're assuming your device is still in control, and hasn't been imaged. This isn't the way a proper forensic process actually works.
More important to the issue at hand, I believe that in at least one case the reason for the passcode/phrase being "testimony" isn't so much that you're revealing what's in the locked container, but that you're demonstrating that you have access to/control over its contents. So entering your erasecode would undermine this point. A courier could not know a passphrase yet be deputized to erase the contents, but that is going to be an uphill argument.
What we really want is a proper layered steganographic filesystem, with an arbitrary number of unlockable levels. But we need an OS and apps that play nicely with that as well.
If you share the information-destroying code, then you're the one who caused the destruction of evidence after an investigation is underway. Which you don't want.
Perhaps some software that clears the phone when someone tries to break into the phone / copy data? A prudent security precaution for all sorts of reasons.
I really don't see why not. My home security system has a code similar, disables the alarm but sends a signal to send police now without calling.
I could even see it with touch sensors, that being teaching it that the middle finger wipes the puppy.
With regards to the court decision, I am not sure it will stand in this context. The phones belong to the employer and not the employees. So how as an employer do you retain some access over your provided phones? I can see both sides here. To be honest as a company I don't think its worth the legal ramifications to have power over the content of the phone as it just opens a can of worms
Where I work we are required to pass code our phones if we access the corporate internet or exchange servers but we are not required to divulge our phone contents, passcode, nor place software on the phone giving the company any such ability.
A more fun solution would be to count the time it takes to enter the password. If it's too slow, then wipe the data. Or more advanced, count the tempo, beat and duration of key presses. "Your honor, my password is 1234121234... but be sure to type the 4's as dotted eighth notes, take a rest after the 2's, and moderato!"
I know in the Windows Mobile/Blackberry days if you typed in the incorrect password so many times it would reset the device.
However, with many Android devices now a days have the ability to have a "guest mode" - that is activated using a different unlock code. This mode can be limited to not even be able to make/receive calls. Arguably most people won't know what this "mode" is and if they are in it.
The guy quoted at the end seems to think it's the passcode itself that would be incriminating, rather than the contents of the phone. Weird. I've seen a theory that compelling someone to disclose a password can be incriminating because it is the same as asking them to admit that they stored the data in the first place, and obviously there's a case to be made that compelling disclosure of the data on the phone could be self incriminating, but the idea that the password would be something like yesiinsidertraded4 is new to me.
Edit: I missed the part where he's a former federal prosecutor. Mystery solved.
The location of the body isn't the evidence, it is the body found there that is the evidence. This is why forcing someone to tell the location of the body and holding them in jail until they do is perfectly fine. Except that would be unconstitutional.
I don't know enough about this issue to have a real opinion. But I know that Orin Kerr is a smart guy who I usually agree with, so I'm inclined to give his analysis some weight.
Do you have any passwords that would be embarrassing to you if they came out? Can you imagine someone that breaks the law might have an encryption password that was incriminating?
I know there are folks here on HN who believe that they should have an absolute power to exclude the government at all times. I'm not one of them, though. Particularly in situations where law enforcement has obtained a lawful warrant, I think they should have a way to get that information. People do commit crimes, and the police do need to solve them.
One way to grant the police access is to somehow give them privileged access to the encryption. For me, this idea is dead on arrival. There is no way to grant privileged access to the police without dangerously weakening the encryption in general. I'm a believer that encryption, properly implemented without backdoors, creates a lot more good than bad.
So what does that leave? It leaves compelling the owner of the phone to unlock it. If the police get a warrant to search your house, you are legally required to unlock the door and let them in. It seems to me that a passcode on the phone serves exactly the same purpose.
So, my concern is that if compelling the phone owner to unlock is not an option, it will put a lot more pressure behind the idea of encryption backdoors, as the "only option" to give law enforcement the power they need to do their jobs.
It's not totally unreasonable. On the other hand, there's the 5th amendment, and you are not actually required to open the door when presented with a warrant, that's just a way of saving your door.
Your argument as presented seems to conflate the right to access information and the ability to access information. (Not that you're necessarily doing this, but the way you've written it doesn't seem to distinguish.)
For example, under the law I have the right to go to the Moon. But I don't have the ability. Having the right doesn't compel anyone to create that ability for me.
Back to the issue at hand, I believe the government should have the right to access any information relevant to a criminal investigation, if they have a warrant for it. But I don't think they should be able to compel the ability. At best they should be able to compel that people don't interfere, but the actual ability to access the material is up to them. So while I don't think I fall into that category of person you describe as "believe that they should have an absolute power to exclude the government," I also think that given the current state of technology, that power does exist.
I'm not really worried about backdoors. They look to me to be so ridiculous that it won't even be possible to attempt to mandate them. Even if they are mandated, how will that be enforced? The genie is far out of the bottle on this.
If the only evidence that someone committed a crime is on their cell phone, the authorities haven't done a thorough investigation and they shouldn't be rewarded for laziness.
Let's take it one step back from electronic devices.
If a corrupt businessman kept encoded records in a notepad, the authorities could compel him to turn over that notebook but no warrant can compel him to explain its contents. That's what encryption is. They authorities can seize the device but they can not force you to explain how to interpret what's in it.
Fortunately, high profile data breaches have put the thought in the public mind that weaknesses can be exploited. We can use that concern to keep people from demanding back-doors.
I'd argue that it's much more important to maintain strong privacy rights than it is to convict the minority of criminals that would be caught by indiscriminately searching their phones.
Keep in mind, almost all this data lives elsewhere too. If it's important enough they can still get it.
If a crime is so overwhelmingly in cyberspace that only the evidence on a computer would make the case, I'm very skeptical that that is the kind of crime that would impact me if it went unsolved.
You aren't legally required to unlock your door and let the police in with a warrant. They will force their way in without your consent however, in some cases with out asking nicely first.
The real problem here is the fact that there is missing oversight on these court orders, since it might be the case that the judge handing out the order does not have sufficient knowledge of the matter at hand and so there is a huge potential for misuse by the police or intelligence agencies.
In the end it boils down to the simply dilemma of choosing between either catching all "criminals" or protecting the rights of the people.
The latter way of course makes life a bit harder, since you'll never be able to prevent all crimes and people will potentially die, but people die all the time, since dying is a a basic risk of life.
The former way is essentially a rabbit hole, because it allows you to rewrite the definition of a "criminal" to just about anything you'd like and once you get a court order the "criminal" being is pretty much done with their life. This of course was and is still used in dictatorships of all kinds of sizes and employed by numerous secret police agencies around the world. Once there is a way to criminalize any action and then instantly "get rid" of that person, people who are going to use these powers WILL pop up and take over power.
Now of course in the short term no third party candidate is going to show up on the US politcal floor and take win a majority in the elections over night and then install a dictator system based on all the pre-existing powers by simply outlawing all other parties and anyone who objects to the new rulers claims. But 10 or 20 years from now things might be different and if we don't fight over abuse of the law and protect the general public we might end up in a pretty bad situation someday.
Any lawyers (or wanna be lawyers) want to chime in -- is your thumbprint protected in the same way? I can see how the 5th amendment prevents them from compelling you to reveal your passcode, but does it prevent them from grabbing your thumb and using TouchID to unlock your phone? (That, or, just using a thumbprint provided during booking or whatnot...)
From what I've read in the past, it doesn't cover your thumbprint. [1]
Thumbprints are physical, so they don't get the same protections. It's kind of like having a physical key to a physical lock. It's not self-incrimination for law enforcement to take that key and use it in the lock.
Same with writing your passcode on a piece of paper. It's no longer a matter of self-incrimination if they find that and use it.
I'm just in the wannabe category (not even that), but I seem to recall it being ruled that since this was just a physical thing, it could be compelled. If you're paranoid, try to shut off your phone before any such interaction, since it requires a passcode when powering on for the first time. Alternately, use the wrong finger five times in a row to lock out TouchID.
I'm glad they've narrowed the conditions to compel suspects of revealing passwords. It just seems that it was too wide open for just any minor hint of suspicion was enough (sans warrant) to do these fishing expeditions. If they got reasonable suspicion then they need to get a friggin' warrant. I just don't get why law enforcement is getting so sloppy these days.
I think it's the result of the easy-going attitude of such things in the past in the effort to appear tough on crime. When they were given such lenient rules of how they approached crimes and suspects. Rules that are now being slowly taken away from them, as unconstitutional, but are still trying to operate as if they are still there.
I assume there is no difference between being forced to reveal a phone password and being forced to reveal a password to some other system such as a PC, encrypted container or website?
Here's a somewhat-related quote from patio11 that I often refer back to:
> Developers have a cultural quirk where they believe that, e.g., "file sharing is not theft" / "manipulating a URL can't be a crime" / "laws about disclosing protected information invariably contain a public policy exception which comports to the temperament of the dev community" are axiomatic and thereby create an internally consistent legal system which fails to falsify those axioms but also fails to meaningfully resemble the legal system we actually operate in.
> This results in developers sincerely believe things like "Your Bitcoins are unprotected by the legal system because nobody can steal a number", which is a proposition that is absurd to the legal system as "JavaScript is not a programming language" is to a programmer.
There's a more elegant solution: the government should be allowed to compel you to disclose your password if probable cause exists to search your device but
only subject to an evidentiary privilege that prevents your knowledge of the correct password from itself being admitted as evidence to prosecute you.
I think this ruling marks the recognition that the information processing performed by the devices we carry has, in a legal sense, "merged" with the thoughts we carry in our heads, and are now worthy of the same fifth amendment protections.
I'm in favor, but for some reason this also makes me a little worried.
If backdoors legislation is passed, would there be any economic effect? Personally, I wouldn't be interested in doing anything more than "basic" stuff with my phone and would not feel compelled to upgrade phones so soon.
As for computing devices, aside from proprietary systems like Windows and Macs, do we not have reliable options that allow us to use uncompromised encryption?
Whats to stop app developers for embedding encryption packages or would they be forced to use compromised solutions?
Can you stop a person from building a secure line over a compromised medium, if that is even doable?
This is the reason (along with probably constitutional issues) I'm not terribly concerned about most of this sort of talk [0]. It seems to me that it'd be a temporary problem, mostly with proprietary systems, that would be resolved in a few years. Sort of like the encryption export issues in the 90s, and the OpenSSH project being hosted in Canada.
[0] Ok, I'm not concerned about it actually happening. The part of it that bothers me is the otherwise seemingly-sane individuals who agree with these backdoors. It's very difficult to discuss the issue with some of them because their interest in it is largely driven by emotions, specifically a desire for security and justice/revenge/control of criminal/terrorists/whatevers.
Why they should really need your password?. They can ask the telephone company for a saved copy of your incoming and outcoming calls in the last year so they have already (or can trace) the 90% of the interesting data in your phone.
This seems also protect the policy from the temptation of doing stupid things that could lead to future lawsuits against them (like leaking photos of you drunken in a party, of from your girlfriend naked brushing her teeth and so...)
Can someone comment on what level of court this decision was made at, and how final this decision is likely to be (i.e. how many more appeals are possible at this point)?
I'm glad when the courts uphold the U.S. Constitution in a meaningful way. I have faith America will sort its shit out.
But we shouldn't have to rely on the law alone. We should be able to rely on technology to make it impossible to compel people to give up their most intimidate data. Computing devices have become an extension of the mind and no one on earth has a right to the contents of your mind.
Here's hoping we're making progress toward ending TSA's fishing expedition. Given the concerns about mass murder being preventable via a security check, at least establishing that TSA's job is ONLY to watch for explosives et al, and may not act on discovery of other harmless (to the flight & passengers) contraband.
[+] [-] abakker|10 years ago|reply
so, my normal code might be 123456, but if someone asks what my code is and I say 345678, then the phone does a data wipe that isn't obvious from the outside, and just deletes all credentials, cookies, history, documents, etc.
Is this workable?
[+] [-] ctdonath|10 years ago|reply
Investigators are going to take a very dim view of such events, and probably didn't get to the point of demanding access without having documented sensible reason to believe the evidence is there - and may very well have actionable proof that you destroyed evidence, which will not turn out in your favor.
[+] [-] tsotha|10 years ago|reply
There was a case a few years back (discussed on HN) where a gang had software installed on everyone's phone that caused a remote wipe when activated. The cops did a big raid, and even though they took everyone's phone someone they hadn't caught yet was able to wipe them.
The cops changed their SOP so that when they get ahold of your phone the first thing they do is yank the battery.
[+] [-] mindslight|10 years ago|reply
More important to the issue at hand, I believe that in at least one case the reason for the passcode/phrase being "testimony" isn't so much that you're revealing what's in the locked container, but that you're demonstrating that you have access to/control over its contents. So entering your erasecode would undermine this point. A courier could not know a passphrase yet be deputized to erase the contents, but that is going to be an uphill argument.
What we really want is a proper layered steganographic filesystem, with an arbitrary number of unlockable levels. But we need an OS and apps that play nicely with that as well.
[+] [-] monochromatic|10 years ago|reply
[+] [-] paulsutter|10 years ago|reply
Perhaps some software that clears the phone when someone tries to break into the phone / copy data? A prudent security precaution for all sorts of reasons.
[+] [-] Shivetya|10 years ago|reply
I could even see it with touch sensors, that being teaching it that the middle finger wipes the puppy.
With regards to the court decision, I am not sure it will stand in this context. The phones belong to the employer and not the employees. So how as an employer do you retain some access over your provided phones? I can see both sides here. To be honest as a company I don't think its worth the legal ramifications to have power over the content of the phone as it just opens a can of worms
Where I work we are required to pass code our phones if we access the corporate internet or exchange servers but we are not required to divulge our phone contents, passcode, nor place software on the phone giving the company any such ability.
[+] [-] logn|10 years ago|reply
[+] [-] nadams|10 years ago|reply
I know in the Windows Mobile/Blackberry days if you typed in the incorrect password so many times it would reset the device.
However, with many Android devices now a days have the ability to have a "guest mode" - that is activated using a different unlock code. This mode can be limited to not even be able to make/receive calls. Arguably most people won't know what this "mode" is and if they are in it.
[+] [-] aianus|10 years ago|reply
The first layer contains something embarrassing but legal like gay porn, and the second layer contains the stuff you really want to hide.
You just unlock the first layer and act really embarrassed if forced and never acknowledge the existence of the second layer.
[+] [-] zipfle|10 years ago|reply
Edit: I missed the part where he's a former federal prosecutor. Mystery solved.
[+] [-] avar|10 years ago|reply
[+] [-] CrossWired|10 years ago|reply
https://www.washingtonpost.com/news/volokh-conspiracy/wp/201...
[+] [-] Ensorceled|10 years ago|reply
[+] [-] Lawtonfogle|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] monochromatic|10 years ago|reply
[+] [-] ikeboy|10 years ago|reply
[+] [-] snowwrestler|10 years ago|reply
I know there are folks here on HN who believe that they should have an absolute power to exclude the government at all times. I'm not one of them, though. Particularly in situations where law enforcement has obtained a lawful warrant, I think they should have a way to get that information. People do commit crimes, and the police do need to solve them.
One way to grant the police access is to somehow give them privileged access to the encryption. For me, this idea is dead on arrival. There is no way to grant privileged access to the police without dangerously weakening the encryption in general. I'm a believer that encryption, properly implemented without backdoors, creates a lot more good than bad.
So what does that leave? It leaves compelling the owner of the phone to unlock it. If the police get a warrant to search your house, you are legally required to unlock the door and let them in. It seems to me that a passcode on the phone serves exactly the same purpose.
So, my concern is that if compelling the phone owner to unlock is not an option, it will put a lot more pressure behind the idea of encryption backdoors, as the "only option" to give law enforcement the power they need to do their jobs.
[+] [-] pjc50|10 years ago|reply
It's not totally unreasonable. On the other hand, there's the 5th amendment, and you are not actually required to open the door when presented with a warrant, that's just a way of saving your door.
[+] [-] mikeash|10 years ago|reply
For example, under the law I have the right to go to the Moon. But I don't have the ability. Having the right doesn't compel anyone to create that ability for me.
Back to the issue at hand, I believe the government should have the right to access any information relevant to a criminal investigation, if they have a warrant for it. But I don't think they should be able to compel the ability. At best they should be able to compel that people don't interfere, but the actual ability to access the material is up to them. So while I don't think I fall into that category of person you describe as "believe that they should have an absolute power to exclude the government," I also think that given the current state of technology, that power does exist.
I'm not really worried about backdoors. They look to me to be so ridiculous that it won't even be possible to attempt to mandate them. Even if they are mandated, how will that be enforced? The genie is far out of the bottle on this.
[+] [-] LordKano|10 years ago|reply
Let's take it one step back from electronic devices.
If a corrupt businessman kept encoded records in a notepad, the authorities could compel him to turn over that notebook but no warrant can compel him to explain its contents. That's what encryption is. They authorities can seize the device but they can not force you to explain how to interpret what's in it.
Fortunately, high profile data breaches have put the thought in the public mind that weaknesses can be exploited. We can use that concern to keep people from demanding back-doors.
[+] [-] johnthedebs|10 years ago|reply
Keep in mind, almost all this data lives elsewhere too. If it's important enough they can still get it.
[+] [-] Zigurd|10 years ago|reply
[+] [-] brewdad|10 years ago|reply
[+] [-] BonsaiDen|10 years ago|reply
In the end it boils down to the simply dilemma of choosing between either catching all "criminals" or protecting the rights of the people.
The latter way of course makes life a bit harder, since you'll never be able to prevent all crimes and people will potentially die, but people die all the time, since dying is a a basic risk of life.
The former way is essentially a rabbit hole, because it allows you to rewrite the definition of a "criminal" to just about anything you'd like and once you get a court order the "criminal" being is pretty much done with their life. This of course was and is still used in dictatorships of all kinds of sizes and employed by numerous secret police agencies around the world. Once there is a way to criminalize any action and then instantly "get rid" of that person, people who are going to use these powers WILL pop up and take over power.
Now of course in the short term no third party candidate is going to show up on the US politcal floor and take win a majority in the elections over night and then install a dictator system based on all the pre-existing powers by simply outlawing all other parties and anyone who objects to the new rulers claims. But 10 or 20 years from now things might be different and if we don't fight over abuse of the law and protect the general public we might end up in a pretty bad situation someday.
[+] [-] navait|10 years ago|reply
[+] [-] msluyter|10 years ago|reply
[+] [-] slinkyavenger|10 years ago|reply
Thumbprints are physical, so they don't get the same protections. It's kind of like having a physical key to a physical lock. It's not self-incrimination for law enforcement to take that key and use it in the lock.
Same with writing your passcode on a piece of paper. It's no longer a matter of self-incrimination if they find that and use it.
[1]: http://arstechnica.com/tech-policy/2014/10/virginia-judge-po...
[+] [-] CrossWired|10 years ago|reply
https://www.washingtonpost.com/news/volokh-conspiracy/wp/201...
Basically, having to provide something in your mind, the passcode, is testimony, a finger print, much like a key, is not testimony.
[+] [-] mikeash|10 years ago|reply
[+] [-] norea-armozel|10 years ago|reply
[+] [-] talmand|10 years ago|reply
[+] [-] izzydata|10 years ago|reply
[+] [-] lamby|10 years ago|reply
> Developers have a cultural quirk where they believe that, e.g., "file sharing is not theft" / "manipulating a URL can't be a crime" / "laws about disclosing protected information invariably contain a public policy exception which comports to the temperament of the dev community" are axiomatic and thereby create an internally consistent legal system which fails to falsify those axioms but also fails to meaningfully resemble the legal system we actually operate in.
> This results in developers sincerely believe things like "Your Bitcoins are unprotected by the legal system because nobody can steal a number", which is a proposition that is absurd to the legal system as "JavaScript is not a programming language" is to a programmer.
(https://news.ycombinator.com/item?id=7367312)
In other words, no. There is—and should be—nothing special about computers.
[+] [-] tormeh|10 years ago|reply
[+] [-] ClintEhrlich|10 years ago|reply
[+] [-] blendo|10 years ago|reply
I'm in favor, but for some reason this also makes me a little worried.
[+] [-] suneilp|10 years ago|reply
As for computing devices, aside from proprietary systems like Windows and Macs, do we not have reliable options that allow us to use uncompromised encryption?
Whats to stop app developers for embedding encryption packages or would they be forced to use compromised solutions?
Can you stop a person from building a secure line over a compromised medium, if that is even doable?
[+] [-] Jtsummers|10 years ago|reply
[0] Ok, I'm not concerned about it actually happening. The part of it that bothers me is the otherwise seemingly-sane individuals who agree with these backdoors. It's very difficult to discuss the issue with some of them because their interest in it is largely driven by emotions, specifically a desire for security and justice/revenge/control of criminal/terrorists/whatevers.
[+] [-] pvaldes|10 years ago|reply
This seems also protect the policy from the temptation of doing stupid things that could lead to future lawsuits against them (like leaking photos of you drunken in a party, of from your girlfriend naked brushing her teeth and so...)
[+] [-] MengerSponge|10 years ago|reply
[+] [-] eslaught|10 years ago|reply
[+] [-] staunch|10 years ago|reply
But we shouldn't have to rely on the law alone. We should be able to rely on technology to make it impossible to compel people to give up their most intimidate data. Computing devices have become an extension of the mind and no one on earth has a right to the contents of your mind.
[+] [-] vectorEQ|10 years ago|reply
[+] [-] ck2|10 years ago|reply
[+] [-] ctdonath|10 years ago|reply
[+] [-] draugadrotten|10 years ago|reply
[+] [-] joesmo|10 years ago|reply
[deleted]
[+] [-] jonknee|10 years ago|reply