I'm kinda curious how the law would treat a dead man's switch that automatically wipes the phone if you haven't unlocked it for N hours (say, 24 or 48). (Assuming it was set up well before any event that prompted the phone's seizure, of course.) Could they somehow charge you for not warning the police about the auto-wipe when they took your phone? Does the answer change if you were officially under arrest and had a right to remain silent?
This seems like a pretty good idea in any case. If the seizing party can't crack the passcode anyway then it's a no-op. If they can then presumably they won't/can't do it right away, so it would add a bit of defense in depth.
> Does the answer change if you were officially under arrest and had a right to remain silent?
Being formally under arrest doesn't affect whether you have the right to remain silent. It affects whether the police are required to tell you that you do.
> The jury was instructed that they may find the failure by the store to retain (and subsequently provide to the other party) the additional footage may be considered an attempt to hide evidence that Brookshire Brothers' management knew would be damaging to their case.
I think it is essentially identical to deletion policies - except you probably don't have any legal requirements for minimum retention policies not a lawyer admittedly.
Essentially they need to subpeona you to formally tell you to preserve all potential evidence and stop the deletions or take backups such that the day to day deletions are irrelevant. The later being a fine but important distinction that shredding extra copies of your own is okay. You wouldn't get arrested for copying a customer's account information to do profit margin math and then shred the copy when done to ensure their privacy.
If you are unbound by other regulations there is nothing illegal about reimagining your device every 24 hours.
If they were trying to keep a low investigation profile and never told you that you were to preserve the data the destruction of evidence is on their incompetence.
If you implemented it post subpoena you are at fault of course.
That a good question. I don't know how related it is, but I haven't seen anything about the legality or illegality of warrant canaries[1], so there might be something to it.
>>Could they somehow charge you for not warning the police about the auto-wipe when they took your phone?
They might charge but "I was arrested, my mind was going nuts...was setup a long time ago, never hit my mind" etc etc. You need to be doing it on purpose and knowingly.
There's already a weak version of this, in that most phones which have biometric authentication stop accepting it if the phone hasn't been unlocked for a few days.
Howdy, digital forensics software developer here. A few points: 1) yes, the police probably should have put the phone in a Faraday bag, but those aren’t perfect and municipal law enforcement generally doesn’t have the same equipment that state and federal police do. It doesn’t excuse the suspect allegedly taking action to destroy evidence; 2) this is probably about the boyfriend, who they suspect committed a shooting—-they charged the girlfriend with evidence tampering as a felony, and then the prosecutor has legal leverage to get her to testify against her boyfriend and take a gun off the street; 3) no amount of technical argumentation will save you from a prosecutor, judge, or jury if you do something that causes spoiliation of evidence—when your company is sued and your business systems are preserved/collected as a result, don’t even think about getting in the way.
How about the threat of a 3rd party _adding_ information to a device? That sounds like another threat if someone wants to frame a suspect (i.e. another reason why devices should be placed in Faraday bags)
> "Our position is that my client didn't access anything to remotely delete anything," Smalls said. "My client wouldn't have any knowledge how to do that."
That seems like something pretty easily disproven with a subpoena to Apple for records of whether a remote wipe command was issued, no?
Which makes me think the defendent probably indeed didn't remote wipe.
I wonder if it wiped itself after too many wrong password attempts (is that a thing they do?), or as the attorney suggests "days after her phone was seized, Grant got a new phone. Smalls said he didn't know if that had any impact on the data on the phone police had taken" -- does it auto-wipe the old phone in those circumstances sometimes?
That seems like something pretty easily disproven with a subpoena to Apple for records of whether a remote wipe command was issued, no?
But who wiped it? Was it her or her boyfriend or some other friend that though that she lost her phone? Or did she tell the Apple store that she lost her phone, and they wiped it as a "courtesy"?
Yes, there's an option to have your phone auto-wipe after 10 failed unlock attempts. However, I'm not aware of any way to have it auto-wipe by itself after n-days. Getting a new phone and signing into your Apple ID has no effect on the data stored on your old phone.
What if I use the gmail/slack/whatsapp website instead of the app, and remotely log the phone out of google/etc if my device is seized. That way the data was only stored in RAM, and they shouldn't be able to access it once they get into the phone. Does that count as destruction of evidence?
If you deliberately do anything which will cause evidence to be placed beyond the reach of law enforcement then you are likely to be hit with charges.
You can quibble over technical details, but at some point a judge will be asked if it fits the charge, and make a layman decision, not a programmer's one.
I assume that if you deliberately do anything to alter the state of the device in policy custody as evidence it will be considered tempering with evidence. A similar analogy - "hey, I didn't destroy evidence, I just remotely instructed my phone to encrypt itself. The data is still there, it's not destroyed." That would land you in a federal prison real fast, and rightfully so - you took action to change the device state after it entered police possession and you knew it was evidence. The contents of the RAM would definitely be considered evidence since by your own explanation they contain the data that the police are looking for.
It is probably similar to the police seizing your keys or combinations for locks to a storage unit and you changing the lock on the storage unit.
The police can just go to google or slack with a warrant to get the evidence. The physical equivalent would be going to the storage unit proprietor and cutting the lock.
IANAL but I would expect it to count as "hindering a police investigation", obstruction of justice, or something similar.
Depend on how easy it is to prove that you did it. For example if you're using 2FA with client specific passwords that all show locked out accounts then it's probable that they could request your access control logs for your 2FA provider.
If only one or two such services were "timed out" then it's going to be harder to prove.
I’m curious what sort of notice was given to this person that the phone was evidence. For example was she arrested, and had her phone on her, and then the police never returned it, or was there a search warrant/subpoena and she was given a receipt for items held under that order?
How long until we find out that attempting to use a Greybox will trigger the self destruct feature built into iOS by Apple as part of that patch where they disable USB data when the phone is locked?
Does anyone know what the standard of proof is for destruction of evidence? It seems a simple defense in a case like this is to have previously shared ones iCloud password with their entire family. Each family member then creates reasonable doubt for any family member who is tried for the crime.
I guess it didn't have a passcode? Just let the police try whatever they have, as long as you have the iOS 12 update that disables accessories and thwarts "GrayKey" there's no need to remotely wipe it.
It only locks out accessories if the device has been locked for over an hour, so make sure to lock your device at least an hour before getting arrested, or reboot it. Also make sure the option is enabled under passcode settings; I think it's disabled by default.
Nobody cares about who did the mechanical act of destroying, especially since they (e.g. Apple) had no intent and where totally unrelated to the crime.
So that wont fly as an excuse to a judge. In general pedantic splitting hair arguments will more likely turn against the person.
I believe the GDPR allows a company to refuse (or delay) processing your request to delete their data about you if they have a legitimate reason, and being legally obligated to hold onto that data is one of the legitimate reasons. However, GDPR is a big law and I am not a European lawyer (I am neither, in fact), so I'm curious if my understanding is wrong. What section of GDPR are you thinking of and what exceptions does it have?
Maybe the detective should have to undergo some extra training? Though I guess they probably figured it out by now so no point but I mean seriously? In 2018 you are going to allow this to happen? Outsmarted by someone who sounds like a gangster. This has been an issue for years. I had a friend who was arrested for illegal fishing(5 fish out of season) and they took his phone. He was panicked because he didn't have a password on his phone and had done something that may have gotten him in trouble. For me being so experienced with tech at the time without even thinking said I would just remote wipe it if this happened to me. He said how. I said well just sign into google device manager. For those wondering he had some marijuana stuff which is now legal in Canada on his phone pictures of his plants or something nothing crazy. We were young and never thought about legal ramifications. But it seems like this has been possible for at least half a decade there should be standard procedure when taking a persons phone into custody.
[+] [-] piotrkaminski|7 years ago|reply
This seems like a pretty good idea in any case. If the seizing party can't crack the passcode anyway then it's a no-op. If they can then presumably they won't/can't do it right away, so it would add a bit of defense in depth.
[+] [-] thaumasiotes|7 years ago|reply
Being formally under arrest doesn't affect whether you have the right to remain silent. It affects whether the police are required to tell you that you do.
[+] [-] tedunangst|7 years ago|reply
> The jury was instructed that they may find the failure by the store to retain (and subsequently provide to the other party) the additional footage may be considered an attempt to hide evidence that Brookshire Brothers' management knew would be damaging to their case.
Although this may not be settled law.
[+] [-] Nasrudith|7 years ago|reply
Essentially they need to subpeona you to formally tell you to preserve all potential evidence and stop the deletions or take backups such that the day to day deletions are irrelevant. The later being a fine but important distinction that shredding extra copies of your own is okay. You wouldn't get arrested for copying a customer's account information to do profit margin math and then shred the copy when done to ensure their privacy.
If you are unbound by other regulations there is nothing illegal about reimagining your device every 24 hours.
If they were trying to keep a low investigation profile and never told you that you were to preserve the data the destruction of evidence is on their incompetence.
If you implemented it post subpoena you are at fault of course.
[+] [-] jedimastert|7 years ago|reply
[1]https://en.wikipedia.org/wiki/Warrant_canary
[+] [-] onetimemanytime|7 years ago|reply
They might charge but "I was arrested, my mind was going nuts...was setup a long time ago, never hit my mind" etc etc. You need to be doing it on purpose and knowingly.
[+] [-] cesarb|7 years ago|reply
[+] [-] jonstewart|7 years ago|reply
[+] [-] 0xb100db1ade|7 years ago|reply
[+] [-] ams6110|7 years ago|reply
Powerful people seem to get away with this....
[+] [-] empath75|7 years ago|reply
[+] [-] mbrookes|7 years ago|reply
[+] [-] hobbescotch|7 years ago|reply
[+] [-] asimpletune|7 years ago|reply
[+] [-] danmg|7 years ago|reply
[+] [-] chapium|7 years ago|reply
[+] [-] jrochkind1|7 years ago|reply
> "Our position is that my client didn't access anything to remotely delete anything," Smalls said. "My client wouldn't have any knowledge how to do that."
That seems like something pretty easily disproven with a subpoena to Apple for records of whether a remote wipe command was issued, no?
Which makes me think the defendent probably indeed didn't remote wipe.
I wonder if it wiped itself after too many wrong password attempts (is that a thing they do?), or as the attorney suggests "days after her phone was seized, Grant got a new phone. Smalls said he didn't know if that had any impact on the data on the phone police had taken" -- does it auto-wipe the old phone in those circumstances sometimes?
[+] [-] Johnny555|7 years ago|reply
But who wiped it? Was it her or her boyfriend or some other friend that though that she lost her phone? Or did she tell the Apple store that she lost her phone, and they wiped it as a "courtesy"?
[+] [-] null0pointer|7 years ago|reply
[+] [-] reustle|7 years ago|reply
[+] [-] AndrewDucker|7 years ago|reply
You can quibble over technical details, but at some point a judge will be asked if it fits the charge, and make a layman decision, not a programmer's one.
[+] [-] turc1656|7 years ago|reply
[+] [-] uiri|7 years ago|reply
The police can just go to google or slack with a warrant to get the evidence. The physical equivalent would be going to the storage unit proprietor and cutting the lock.
IANAL but I would expect it to count as "hindering a police investigation", obstruction of justice, or something similar.
[+] [-] cbhl|7 years ago|reply
[+] [-] r00fus|7 years ago|reply
If only one or two such services were "timed out" then it's going to be harder to prove.
[+] [-] cascom|7 years ago|reply
[+] [-] manicdee|7 years ago|reply
[+] [-] umvi|7 years ago|reply
[+] [-] CodeWriter23|7 years ago|reply
[+] [-] ChrisArchitect|7 years ago|reply
https://dailygazette.com/article/2018/11/12/suspect-in-remot...
[+] [-] clubm8|7 years ago|reply
I'm a little surprised the police don't have faraday bags or a room to store evidence in that doesn't allow radio signals in.
[+] [-] JadeNB|7 years ago|reply
According to https://en.wikipedia.org/wiki/Spoliation_of_evidence#Tamperi... , in my non-lawyerly (hence probably imprecise) summary, the act of destroying evidence can be regarded as incriminating evidence.
[+] [-] dharmab|7 years ago|reply
https://www.law.cornell.edu/uscode/text/18/1519
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] judge2020|7 years ago|reply
[+] [-] geofft|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] btbuildem|7 years ago|reply
[+] [-] mcfedr|7 years ago|reply
[+] [-] coldtea|7 years ago|reply
So that wont fly as an excuse to a judge. In general pedantic splitting hair arguments will more likely turn against the person.
[+] [-] billfruit|7 years ago|reply
[+] [-] sbhn|7 years ago|reply
[+] [-] geofft|7 years ago|reply
[+] [-] seangrant|7 years ago|reply
[+] [-] 14|7 years ago|reply
[+] [-] LogicX|7 years ago|reply