Mobile 'Remote Wipe' Thwarts Secret Service

bennyboy64 writes "Smartphones that offer the ability to 'remote wipe' are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service, ZDNet reports. The ability to 'remote wipe' some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking on mobile phone forensics at a security conference in Australia."

Aww..

[Jaysyn]

My heart bleeds for these guys. Really, it does.

Re:Aww..

Seriously, if they're too stoopid to turn off the phone, how do they expect to catch a master kriminal?

Re:Aww..

[h00manist]

My heart bleeds for these guys. Really, it does.

Your free flight to a remote dark room is on its way.

Re:Aww..

[Jaysyn]

Bleh, whatever.

Re:Aww..

Cool, I love photography!

Re:Aww..

[Em+Emalb]

It should, actually. The S.S. isn't your average cop, they're for counterfeiting and protecting the President of the US, (and foreign and domestic dignitaries) so if they are unable to gain access to these phones before they're remotely wiped, that's a bad thing.

I don't understand why people think this is a good thing.

It's not.

Re:Aww..

[fuzzyfuzzyfungus]

Umm... Because it suggests that the phones (though not the networks) aren't backdoored?

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

Re:Aww..

hey, are you on Twitter?

Re:Aww..

[K.+S.+Kyosuke]

Yes, Obama should be so scared of my president-lethal ringtones!

Re:Aww..

[daid303]

I might have been playing to much Commandos, The Saboteur, Wolvenstein and Day of Defeat. But when you say S.S. I think about a whole different kind of 'cop'.

Scary enough, you see them the same way as the original S.S. was seen by the public many years ago.

Re:Aww..

[palegray.net]

It's okay. Hopefully they'll still have plenty of information from tapping phone calls that were already placed.

Re:Aww..

[Jaysyn]

I don't feel sorry for them if they aren't bright enough to turn the damn thing off.

Re:Aww..

[Em+Emalb]

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

Right, because the S.S. never works with local law enforcement,etc, etc.

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

Re:Aww..

So, I'm betting you're worried 24/7 because the secret service can't decrypt private-key-based ciphers?

Hey Mr. Spook, I'm so sorry we're making your job hard. We'll discontinue all encryption that can't be reasonably broken by you.
Signed, The American People.

Re:Aww..

[KingSkippus]

...if they are unable to gain access to these phones before they're remotely wiped, that's a bad thing. I don't understand why people think this is a good thing.

Because if they are able to gain access to these phones before they're remotely wiped, then other people can gain access to your phone before it can be remotely wiped. 99.999% of those people do not have your best interest at heart. Probably 99.9% of them are thieves and criminals trying to screw you over. 0.099% of them are law enforcement officials overstepping the bounds of what is allowed by law. (But it would cost you tens or hundreds of thousands in legal fees to prove it in court, and you'd risk the chance that you get an idiot judge who sets a bad precedent for everyone else.)

If we're lucky, 0.001% of them have anything to do with the president or counterfeiters, but really, I think that's being generous.

Re:Aww..

...First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

That's a mighty big assumption to make. What if your finger print partially matches a fingerprint found at a crime scene (like Brandon Mayfield)? If that scene was an attempted attack on the president, you might have a different impression. And that was just caused by simple incompetence. If there's real malice, things get even hairier.

Re:Aww..

you are an idiot

Re:Aww..

[pelrun]

Watch out - remember they've almost figured out how to detect sarcasm in forum posts now!

http://science.slashdot.org/story/10/05/17/1541236/Software-Recognizes-Sarcastic-Tweets

Re:Aww..

[MindStalker]

No, they're for counterfeiting and reporting back to the treasury department on the Presidents actions/physically threatening the president, because the treasury really runs this country. /Or some crazy conspiracy theory, I can't remember which. //As conspiracy theories goes, it is one of the better ones.

Re:Aww..

[Mister+Whirly]

Right, becasue everyone knows that mistakes are never made by law enforcement.

I mean if you don't have anything to hide, why should anyone be worried?

Re:Aww..

[nicolas.kassis]

Except the S.S. aren't the only one who could benefit from this information. I'm sorry for them but the reality is that the function is performing as advertised. The S.S. having a backdoor is just that much easier for crackers to get in your phone. Remote wipe is an important feature now that our phones hold much more info then they used to.

Re:Aww..

It protects our privacy..

That is a good thing. Our freedoms are much more important than the life of a politician, king, or anybody else. Like Bary Goldwater, I take a very hard line. "Extremism in the defense of liberty is no vice..."

Re:Aww..

[dwillden]

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

And the Forensic techs now need to make sure they power the device up in a signal free area, so a latent wipe command can't be sitting on the network waiting for the device to log in and receive the command.

The Service will now need to ensure it's agents always have an exploitation kit at hand, to immidiately clone all data on any seized phone right there on the spot. They'd prefer to have techs do it in a controled environment, but this threat means they don't have time to wait for the device to get to the techs.

Re:Aww..

[Sir_Lewk]

I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

OH RIGHT!!! I forgot about dem darn tooten turrists! Thanks for reminding me!

Seriously though, you are in idiot. If you want to trust the government like that then fine, but you are a minority in this respect.

Re:Aww..

[Lumpy]

To me it highlights how much bumbling idiots these guys are. If you have a phone that you NEED the evidence inside it, the second you get it you wrap that thing in several layers of tinfoil and take it directly to a faraday cage workspace to start the process. Honestly, this should have been standard practice for ANY phone over the past 10 years.

Dont they teach these guys anything?

Re:Aww..

[asdfghjklqwertyuiop]

The S.S. isn't your average cop, they're for counterfeiting and protecting the President of the US, (and foreign and domestic dignitaries)

You sure about that?

Re:Aww..

[Chris+Mattern]

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

Or they can have Faraday cage boxes made up and pop the phone into a box as part of the standard procedure of picking it up. Putting the phone into a locked box as soon as it's picked up is good for the evidence chain anyways.

Re:Aww..

[bickerdyke]

the OTHER kind of darkroom.

Re:Aww..

[operagost]

You forgot to add, "if you're not a criminal, you don't have anything to worry about."

Re:Aww..

[commodore64_love]

>>>I don't understand why people think this is a good thing.

Because the Patriot Act takes-away my right to a jury trial, and that means I need extra tools (like remote erasing) to protect myself from perpetual imprisonment by the government.

Re:Aww..

[operagost]

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

Shucks. I knew you'd get to the, "if you aren't a criminal, you don't have anything to worry about" eventually.

Re:Aww..

Cool I love polaroids!

Re:Aww..

[Mysticalfruit]

I know this is crazy talk, but if you read the article they specifically say that their standard procedure is to put the phone in a Faraday bag. From there the phone is then brought to a shielded room for dissection.

Like everything else... it's people, policies and procedures.

Just because an agent has a kit containing a Faraday bag, doesn't mean they'll use it...

Re:Aww..

[Anomalyst]

the OTHER kind of darkroom

You mean where you buy the "dancer" some "champagne" and the "hostess" sticks her head to ask you to buy her another every 5 minutes?

Re:Aww..

[oakgrove]

If ever there was evidence that remote wipe is a Good Thing(TM) and sorely needed as a native tool on Android, this is it.

Re:Aww..

[gyrogeerloose]

Or they can have Faraday cage boxes made up and pop the phone into a box as part of the standard procedure of picking it up.

They don't even have to have them made up. RF-proof enclosures are readily available off the shelf for a (relatively) low price.

Re:Aww..

[commodore64_love]

>>>Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

Yeah. After all the government never, never arrests innocent people and throws them in jail to rot. So you're right. Nothing to fear.

/end sarcasm

Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid. Of course there were no drugs at the address (again: wrong house), but the man inside was scared to death so he ran to his bedroom and hid for fear of his life. When the intruders entered, he acted in self-defense of his life and killed the intruder. Then he was charged with murder and sentenced to life for murder.

That man is completely innocent, but nobody seems to give two shits. He's already spent a decade in jail. It could have just as easily been you.

http://reason.com/archives/2006/10/01/the-case-of-cory-maye

Re:Aww..

[shentino]

For starters, they ought to be getting a warrant before they even lay a fucking finger on my phone (assuming I even had one).

Re:Aww..

[bickerdyke]

Kind of.

But it's to dark to see if the "dancer" is worth the expense.

Re:Aww..

[element-o.p.]

If you want to trust the government like that then fine, but you are a minority in this respect.

Unfortunately, I doubt he is.

Re:Aww..

[mysidia]

Sometimes phones are configured to self-erase, if turned off, if the battery is removed, or if an incorrect password is entered 10 times. So pressing the power button can actually initiate a secure erase.

Re:Aww..

[nabsltd]

First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

They're concerned with counterfeiters and threats to dignitaries and the President.

And the best part is that since the Secret Service themselves get to define "threats to dignitaries and the President", there's no way anybody would ever be investigated by them for speech that isn't actually threatening but is political.

Note: please make sure you run the above through the sarcasm detector before replying.

As others have pointed out, there can also be mistakes, like Richard Jewell and the bombing at the 1996 Olympics. It that case, it wasn't the Secret Service, but anyone can screw up.

Re:Aww..

[stonewallred]

Because I am an American and believe in freedom? Or maybe because I am not a boot licking scum dog who looks for his masters' in Washington approval before I squat to piss?

Re:Aww..

[oakgrove]

This seems like a useful purpose for rfid. Make it so if the phone is out of range of your person for more than say 30 minutes or so, auto-wipe. As long as you're keeping backups somewhere, it shouldn't be too much hassle for the once every so often that you leave it at home, right?

Re:Aww..

[ehrichweiss]

And to make matters worse, if the police raided your home and killed you and your family "by accident", they'd be all like "oops, my bad" and that'd be the last you'd hear of it. Try to defend yourself and you're committing some form of crime whether that be murder or "obstruction of justice"..

Re:Aww..

[stonewallred]

Geez, thanks. Went to site, now am expecting increased scrutiny from the Secret Service and probably will have them plant false evidence on my computer.

Re:Aww..

[Em+Emalb]

Secret Service did this?

Interesting.

(FTR, I can keep trolling you guys if you'd like, the responses have been pretty interesting thus far.)

Re:Aww..

[e4g4]

I reheat all of my food in inexpensive faraday cages. It's the only way to be sure insidious mind-control radiation isn't leaking into my food.

Re:Aww..

[Ipeunipig]

For what I understand from my concealed/carry permit class, hiding in your bedroom with your gun "Waiting" for the intruder can be classified as premeditated since you thought the action through before carrying out the murder.

Shitty interpretation of the law, I know. But lawyers will always find any loophole to help their client. Be it Government or not.

Re:Aww..

[gyrogeerloose]

I reheat all of my food in inexpensive faraday cages. It's the only way to be sure insidious mind-control radiation isn't leaking into my food.

Hey, thanks, great to know! Do they make tinfoil hats as well?

Re:Aww..

[Shivetya]

because there are some aspects, if not many, of law enforcement that are good.

Just because they are "the MAN" doesn't make them bad. Like any organization they have their problem people, but as a whole they have an important job which is required in any civilized society. Regardless of what some may want to think the world is full of people who really aren't suited for a civilized society. There truly are monsters out there and if there was not something to keep them in check life would not be as enjoyable.

Many of these people risk their lives so that we don't have to think about it, making them out to be the bad guy is really immature.

Re:Aww..

[jedidiah]

Nonsense.

If your own phone can't be properly secured then that means that THEIR PHONES can't be either.

The fact that it is easy to lock down data and prevent it from getting in the wrong hands is ultimately a GOOD THING. On balance, the government comes out ahead here even if some of their cops are inconvenienced a bit.

Security for the bad guys also means security for the good guys.

People tend to forget this bit.

Re:Aww..

[arth1]

An agent not doing his job is the cell phone manufacturer's responsibility how, exactly?

I also question whether the agents have a right to the data on the cell phone. A right to try to access it is what search and seizure seems to cover (or what it did seem to cover), but I don't see that a search order transfers the ownership rights.

Incidentally, some police were very much against the telegraph back when it arrived. Because that gave the criminal a chance to telegraph ahead and have evidence removed or destroyed while the agents were still travelling. The world has become smaller, and so have their minds...

Re:Aww..

[geekoid]

" I'd have to be in a pretty precarious situation in the first place.

in thir view, yes. Not necessarily true in reality. It does give them a way to go hunting for indicators of other crimes. Not crimes, just some pre set 'indicator'

for example:
if the believed 13% of people who visits X site commit y crime, and you happened to have been to that site, they will detain you. Even if it has nothing to do with why they have the phone.

" The reality is, the S.S. doesn't give a damn about the average person. T"

And that's the problem.

" They're concerned with counterfeiters and threats to dignitaries and the President. "

really?

http://en.wikipedia.org/wiki/GURPS_Cyberpunk
http://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._United_States_Secret_Service

Imagine if that was today. They would have taken a record of every person the called, and then investigate all those people.

Do you need to actually live in a fascist state before you get it?
Talk to people who lived in the soviet union during the 70s. All that was done under the guise of making people safer and catching 'bad guys'.

You need to stop living under the pretense that only guilty people get investigated.

Re:Aww..

[geekoid]

In general the government is fine. The US government is one of the most trustworthy.

That doesn't make it perfect, and that doesn't mean it always will be.

I support remote wipe and peoples rights. Over all, the US government does a pretty damn good job for it's citizens.

Re:Aww..

[jedidiah]

The SS was originally formed to "protect our money". The whole thing about protecting the president came later.

Re:Aww..

Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid.

Not true. Read the article you linked to. There was a warrant issued for that house. The warrant was based on complete BS though - an uncorroborated unidentified confidential informant claiming that large amounts of drugs were in the house.

Of course there were no drugs at the address (again: wrong house),

Not true. Read the article you linked to. A tiny amount of drugs was found, which would have rated a $50 fine under applicable law.

Re:Aww..

[AlecC]

As TFA said, put it in a Faraday Bag. It cannot wipe on losing signal. Then you have time to contact the manufacturer to check on how to unlock it.

Re:Aww..

[geekoid]

Ot remove the battery. Granted, that only applies to people smart enough to be a device where they can replace the battery themselves.

Yeah, I went there.

\

Re:Aww..

[Minwee]

Do they make tinfoil hats as well?

They outlawed tinfoil years ago because it was too effective. Unless you're willing to settle for government-approved aluminium foil hats, which don't do a thing to block mind control rays, you'll have to do what I do. Dig up raw cassiterite from the back woods, smelt it in the barn and make your own tinfoil by smashing what comes out with a rock until it's thin enough.

While you're doing this, don't forget to drink only grain alcohol and rain water to protect yourself from the most monstrously conceived and dangerous communist plot we have ever had to face.

Re:Aww..

Yes comrade.

Re:Aww..

[Sir_Lewk]

If you want to trust the government like that...

I trust the government to some extent in my day to day life, everyone does. I just don't trust the government in this context.

Re:Aww..

[AlecC]

Which is totally irrelevant to this post. Of course you need proper oversight of, appeal against, and investigation of, all law enforcement bodies. Their powers, whatever they may be, should not be used without due cause and appropriate evidence. But this is nothing new - law enforcers are inherently liable to become over-suspicious, because they spend most if their time working with (or rather, against) criminals. *If* they are working properly, the GP's post is true; if they are not working properly, we have a bigger problem to solve.

Re:Aww..

You mean take the battery out? But yeah, you've definitely got a point.

Re:Aww..

[Fulcrum+of+Evil]

In general the government is fine. The US government is one of the most trustworthy.

Doesn't mean you should, you know, trust them.

Re:Aww..

[Fulcrum+of+Evil]

And hiding in the bedroom can be seen as attempting to avoid a deadly confrontation. Killing the intruder when he backs you into a corner is then the action of last resort.

Re:Aww..

[sjames]

It's a perfectly predictable progression. Law enforcement starts doing more harm than good to the average citizen and the people start to see it as a criminal gang rather than protectors of society.

Your use of the term S.S. is a bit.....unfortunate.

Re:Aww..

[Bigjeff5]

I've got one word for them:

Faraday Cage. ;)

Re:Aww..

[Mr.+Slippery]

The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President.

And with hackers and RPGers who play games about them.

Really, are we that ignorant of our history? The SS raid on Steve Jackson Games was one of the prime motivators that led to the founding of the EFF. Damn kids...no sense of history...get off my lawn...

Re:Aww..

[ImNotAtWork]

Maybe maybe not. Send the command and your still guilty of destroying evidence in an ongoing investigation. Your partially screwed if you have something to hide and send the command they can still stick it to you (just not for what they originally intended). However, if you do have nothing to hide and you send the command to wipe you just buried yourself for no reason.

Re:Aww..

[GameboyRMH]

Now his other love organ is going to bleed x_x

Re:Aww..

[ImNotAtWork]

you're not your (multiple times). Sorry

Re:Aww..

Got news for ya, they ALSO are responsible in no small degree in pursuing matters of internet fraud, identity theft, and systems penetration, or at least used to be. In and of itself, not necessarily bad, 'til you consider that the definition of these things has a nasty habit of being determined in part by whatever enforcement agency happens to come across it, such as.......Department of Homeland Security. I think we know how charges from THERE can sometimes turn out.

Re:Aww..

[eleuthero]

The OP didn't say he trusted the government, he said that it was "one of the most trustworthy" - it may still be about as trustworthy as the stereotypical used car salesman, but it is more trustworthy than, say, China.

Re:Aww..

[hmar]

New iPhone add: Secret service got your phone? They can't remove the battery either!!!!!!!!!

Re:Aww..

[Mr.+Slippery]

Regardless of what some may want to think the world is full of people who really aren't suited for a civilized society.

The problem is that a significant number of them are drawn to careers in law enforcement, where they get to be Authority Figures who can get away with abuses and assaults that ordinary crooks never could.

The average LEO is simply underqualified, undereducated, and undertrained for their job. But there is a significant minority who are corrupt; and a larger, more dangerous group who live in a black and white world and believe that they can do no wrong because they've got God on their side, that they are the "thin blue line" that is the only thing standing between us and rampaging hordes of Satanic destruction.

Re:Aww..

[mysidia]

It can wipe within 2 hours of losing signal, if you set the delay to 2 hours.

Or it can wipe within 15 minutes of losing signal, if you set the delay to 15 minutes. (However, you better be in a well-covered cell area, to ensure your phone can link up with the server more often than every 15mins.)

Re:Aww..

[Wyatt+Earp]

"Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid."

The United States Secret Service doesn't enforce those laws, so bringing that into this conversation is pointless.

And the article you linked to doesn't talk about Federal Law Enforcement, its local, so what the heck does that have to do with the USSS?

Re:Aww..

http://findarticles.com/p/articles/mi_m1355/is_n23_v85/ai_15133407/

75 year old Boston cleric dies in SWAT raid.

Ooops. Wrong address.

Re:Aww..

[joebok]

Yes, and we should also remove matches from store shelves because they could be used to burn incriminating notes. Additionally, paper should be treated with arsenic so spies and other nefarious scoundrels can't eat them and destroy evidence. That will take a bit out of crime!

Re:Aww..

[Wyatt+Earp]

The media is who screwed Richard Jewell, if you read the article you linked to, the investigating US Attorney actually said he didn't have anything to do with it, but the media kept hammering on him.

He sued alot of people, but never went after the Feds, and everyone settled with him except the Atlanta Constitution Journal.

Re:Aww..

[vegiVamp]

Cool, I love anal!

Re:Aww..

[LBt1st]

"..The US government is one of the most trustworthy."

I just choked on my sandwich!

Re:Aww..

[Fuji+Kitakyusho]

That's why you should always make those sort of self-protections locally initiating. Command Loss Timer Reset not received within the programmed timer duration? Wipe.

Re:Aww..

[jandrese]

Why not just pull the battery immediately? Or simply turn it off? I was under the impression that the phone had to have its cell modem on for the remote wipe feature to work. Once they get back to the crime lab they can worry about faraday cages.

Re:Aww..

[Smallpond]

As long as you have never uttered any terroristic threats such as "I wish Obama wasn't our President" or "I hate Bush" then you have nothing to worry about.

Re:Aww..

[Xaedalus]

"Extremism in the defense of liberty is no vice..."

That would depend on whose liberty you are protecting.

Re:Aww..

[treeves]

I thought you were going to say in microwave ovens, but you specifically are not using those I see. You really meant inexpensive.

Re:Aww..

[ultranova]

I don't understand why people think this is a good thing.

Because they are neither the president of the USA or a foreign dignitary?

Re:Aww..

[ultranova]

Because if they are able to gain access to these phones before they're remotely wiped, then other people can gain access to your phone before it can be remotely wiped. 99.999% of those people do not have your best interest at heart.

Not a single one of them has your best interests at heart. If you're very lucky, they aren't outright malicious creeps trying to find some excuse to throw you in jail. But not one of them steals your phone to serve your interests.

Re:Aww..

[dougmc]

The United States Secret Service doesn't enforce those laws, so bringing that into this conversation is pointless.

You can nitpick about it all you want, but the Secret Service are police, and they do a police job, with police tactics and tools. Sure, they may be somewhat different than the rank and file police, but ultimately -- they're still police, and people would be wise to treat them like police or other men with guns (i.e. don't talk to them, don't invite them in, don't consent, no sudden moves, etc.)

I'm pretty sure if the SS thought a threat to the President (or a counterfeiting operation, I guess) was at your house -- they'd get a warrant and break the door down just like SWAT does for drug operations. (The local police SWAT team would probably even help.) And if your seven year old granddaughter got shot and killed during this raid, well, she's still dead.

The entire conversation is pointless at some level.

Re:Aww..

A well respected cleric and scholar throughout the Caribbean, the Reverend Williams retired to Boston six years ago to be closer to his only daughter, Cassandra of Chicago

What's he doing in Boston if his kid is in Chicago? LOL, fail. Maybe if he was a Boston Celtic and not a cleric, people would actually give a crap.

Going to hell? Yep I am.

Re:Aww..

[denobug]

Read the Original article. The speaker clearly indicates that is the procedure (turn it off, take out the battery, seal it in a sheilded bag, then sent it to a sielded lab). It is just that not everyone is aware of the capacity of the technologies and he's trying to make everyone aware of it.

Re:Aww..

First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

Or your humorous rant on your blog or slashdot got misinterpreted as a threat, or "close enough" that they have to investigate. Now you are in a precarious situation.

Re:Aww..

My heart bleeds for these guys. Really, it does.

You should probably seek some medical care for that condition before your heart stops completely. ;)

Re:Aww..

[Jaysyn]

That wouldn't fly in any state with a "Castle Doctrine".

Re:Aww..

[Jaysyn]

Please do, you're in desperate need of the practice.

Re:Aww..

[carp3_noct3m]

not sure where you're from, but not according to my CCW in Texas. Also, that's ridiculous no matter where it is. If I'm hiding of course I'm going to think about whether or not I'm going to shoot as soon as the unknown intruder breaks down the door...

Re:Aww..

[barberousse]

You have your history all messed up. The United States Secret Service was formed in 1865. The SS from WW2? 1925.

Re:Aww..

[aunticrist]

Depends on where you live, but most places that even have conceal and carry also have a fun thing called the Castle Doctrine, which means no lawyer can come close to successfully arguing your point above. In fact, if you retreat to the furthest part in your home and have to wait there to defend yourself, and end up doing so, most states with the CD will rule it a clean kill after an investigation and you can go on with your life.

Re:Aww..

[Captain+Caveman]

Sometimes phones are configured to self-erase, if turned off, if the battery is removed,...

Where can I get a phone that works without batteries?

Re:Aww..

[Chris+Mattern]

Because turning it off or pulling the battery wipes the RAM. The techboys might be able to pull something interesting from the RAM, so best to leave it on. Just make it incommunicado.

Re:Aww..

[shutdown+-p+now]

Actually, this shouldn't fly even in a state without one. The absence of "Castle Doctrine" only means that you have to try as much as possible to avoid confrontation, retreating / running away if necessary - that's the "duty to retreat"; but, once you're cornered, with no further way to retreat, you may legitimately use deadly force in self-defense after announcing your intent to do so.

Re:Aww..

[Lehk228]

i will keep that in mind and make sure any smart phone i commit crimes on wipes itself whenever it is shut off.

Re:Aww..

and yet check out this case, of police breaking into the wrong apartment, and shooting a little girl asleep on the couch in "an unfortunate mistake."

http://www2.timesdispatch.com/rtd/news/national/article/7-year-old_girl_shot_by_police_in_detroit_was_asleep/345058/

Re:Aww..

[BBTaeKwonDo]

It's a depressing story, indeed - thanks for the link. Minor correction, though; http://reason.com/archives/2006/10/01/the-case-of-cory-maye/1 says that the warrant was for the correct address, so the search wasn't illegal.

Re:Aww..

[tagno25]

then put it in a Faraday cage and block the cellular signal

Re:Aww..

[commodore64_love]

>>>hiding in your bedroom with your gun "Waiting" for the intruder can be classified as premeditated

True but the intruder didn't have to enter the bedroom. He could have just as easily turned-around and left, in which case no killing would occur. The outcome of the situation is entirely in the *intruder's* hands.

Re:Aww..

[commodore64_love]

>>>>>"Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid."
>>
>>The United States Secret Service doesn't enforce those laws, so bringing that into this conversation is pointless.

But they all serve the same boss (U.S. Government), so it's all relevant. It's all evidence of why/how an innocent can be wrongfully jailed by the U.S.

Re:Aww..

[commodore64_love]

>>>the warrant was for the correct address

No. It was an apartment house (divided in 2) and the warrant was for the apartment on the left (call it Apt A)..... not the one on the right (Apt B). They were given permission to search ONE of them, not both. Or do you think if a warrant says "One Main Street, Sunny Apartments" that gives the cops permission to search all 10-20 apartments located there? It does not.

Re:Aww..

[GravityStar]

Just have the phone encrypt everything with a key that is stored in volatile memory. Then, if somebody pulls out the battery... instantwipe.

Bonus points if that volatile memory is actually located in a tamper-resistant TPM chip.

Re:Aww..

Self-defence; an intruder that enters your bedroom or that of your children intends murder.

If a thief really wants to waggle away with the downstairs HDTV, they can have it. But if they put their pinkey toe in the bedroom hallway I feel perfectly justified defending myself in any manner needed/possible.

Re:Aww..

[jonadab]

> Your free flight to a remote dark room is on its way.

You are six years old, weak and helpless. You cannot hurt me. There are four lights.

Re:Aww..

[jonadab]

> They're concerned with counterfeiters and threats to dignitaries
> and the President. If having the information off the phone helps
> them capture counterfeiters and helps to uncover terroristic
> plots against US dignitaries, fine by me.

I could maybe live with that, IF there were some way for a reasonable and intelligent person to be confident that a feature intended to allow the Secret Service to retrieve data for the purpose saving the President or stopping counterfeiters could not be used by anyone else for any other purpose.

Re:Aww..

[e4g4]

The Man's already gotten to the microwaves - you can really see the faraday cage doing its good work when you put one in a microwave.

Re:Aww..

[Em+Emalb]

Thanks for the feedback.

Re:Aww..

[jonadab]

> After all the government never, never arrests
> innocent people and throws them in jail to rot.

Wrong argument.

I can actually live with an *occasional* (accidental) instance of an innocent person going to jail, as long as it's greatly (and I do mean greatly) outnumbered by the actual criminals they arrest and convict by the same means. I mean, no system is perfect. If one conviction in a thousand sends an innocent person to prison, that's unfortunate (and something you try to avoid), but it's clearly better for society as a whole than letting 300 of the thousand go loose. Statistically, you're many times more likely to be a victim of one of the criminals who was let go than to be thrown in jail for something you didn't do.

Additionally, you seem on the face of it to be arguing that if law enforcement has access to more information they will be more likely to put the wrong person in jail on average. That doesn't make a lot of sense to me. Perhaps I have misunderstood your argument.

The larger problem with a backdoor feature intended for use by law enforcement is that, in practice, they (law enforcement) aren't the only ones who end up using it, or even the primary ones who end up using it. Anything the police can do, criminals can do also, and they will.

Consequently, I'm in favor of mobile devices with remote wipe features that work as advertised, and I'm NOT in favor of including backdoors "for the police". Such a feature would be very likely to have unintended consequences that would have nothing to do with law enforcement. It's just a bad idea. Well-intentioned maybe, but still a bad idea. I'm sorry that this means the Secret Service has a harder time doing their job, really I am (because I'd prefer for their job to be done well), but that's still how it has to be. People's devices get stolen, and they need the ability to (re)secure the data.

Re:Aww..

[treeves]

Ooooooh. No, better not drink rainwater. It condenses and falls from clouds.
The same clouds seeded by the US Government and contaminated by CHEMTRAILS.

Re:Aww..

[grahamd0]

I'm as suspicious of government as anyone, and I'd hate to be falsely suspected by the USSS, but the fact is they really do only look into a couple of types of very serious crimes. The average person, who is not a counterfeiter or an assassin, has little chance of attracting their notice.

Yeah, be cautious when dealing with authorities. And yes, The innocent might very well have things to hide. However, there's no reason to live your life paranoid about being busted by the secret service when are many, many other agencies which are far more likely to come after you for crimes real or imagined.

Re:Aww..

[Thinboy00]

People are happy because if the SS can't figure it out, neither can the police or other mundane law enforcement who might be interested in the average person.

Re:Aww..

[Mr.+Freeman]

"If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me."

The ends justify the means. Brilliant. That never goes wrong.

Re:Aww..

[Mister+Whirly]

I don't see the two choices as mutually exclusive. I can realize that sometimes mistakes are made at high level of federal law enforcement involving innocent people (Anyone remember Richard Jewell?), and I can also chose to live my life not being paranoid about getting nailed for something I am not involved with. It isn't an either/or choice by any means. I realize the chance of mistake identity are small, but I won't pretend they don't exist at all.

Re:Aww..

[davidbofinger]

Can you explain to me how the ability to read cell phones is relevant to the case you adduce?

If you want to argue wipes are good then you need to show us a case where the police abused their ability to read records, where a wipe would have protected the innocent. This case doesn't seem to qualify.

The only real relevance of records in this case would seem to be that the dead police officer didn't keep them.

Given that the police apparently raided someone innocent one could argue that better access to electronic records might have reduced the chance of making this mistake. In which case it's an argument against you, though that's a bit of a stretch.

Re:Aww..

They're concerned with counterfeiters

So, based on what I have heard about ACTA, the SS will be after MP3/movie downloaders any day now.

Re:Aww..

[grahamd0]

Nor do I.

The secret service has their failures in civil liberties, the Steve Jackson Games incident being the most obvious recent incident, and I'm not suggesting they don't.

But there's really nothing Steve Jackson could have done to prevent his situation, nor is there anything you or I could do to prevent the secret service from ruining our lives on a wildly off-base investigation, and the fact is it really doesn't happen very often.

We should certainly note any government infringement on our liberties and hold the relevant parties accountable, but I just don't see any reason to waste time worrying about the secret service falsely implicating you.

It's like worrying about being stuck by lightning.

Re:Aww..

[NateTech]

Okay, replace SS with DHS/TSA.

http://www.wired.com/threatlevel/2009/12/dhs-threatens-blogger/
http://www.wired.com/threatlevel/2009/12/tsa-withdraws-subpoenas/

There are definitely "average people" being annoyed and harassed by their bullshit on a fairly regular basis. Mostly as part of the "Security Theatre" at airports, but also via subpoenas to read data from personal devices... in cases like the above... where the document in question wasn't even classified, and the Canadian government published it with additional details on their website, as quickly as the U.S. Citizen bloggers posted links to it.

Your wish that government agencies would always act sanely, is a nice platitude, but not playing out in reality.

Would it have been a whole heck of a lot easier for both of these guys if their devices had a wipe feature? Hard to say, but remember even if the subpoena called for only certain data, the DHS got a bit by bit copy of the entire hard drive.

Re:Aww..

[davester666]

What they want is:
a) the ability to force-remote wipe, no possibility for interruption, for cellphones the government uses
b) the ability to prevent and/or interrupt remote wipe operations for everybody else

Re:Aww..

[Sir_Lewk]

you are in idiot

I'm sure there is a "law" for situations like this, I just can't think of what it is.

Re:Aww..

[RockDoctor]

Umm... Because it suggests that the phones (though not the networks) aren't backdoored?

Why would you expect a phone designed in Finland and manufactured in three different countries spread across both hemispheres to have a back door designed for the benefit of one particular country's State Security Apparatus?
Oh, I see - the localisation firmware. Yeah, that's a reasonable concern. So, your phone is bilingual in (say) Urdu and Thai? Or possibly tri-lingual with Tanzanian (the English variant, not the Swahili or the rest).

Re:Aww..

[tehcyder]

If you want to trust the government like that then fine, but you are a minority in this respect.

I know, let's just not bother with governments or national security and shit, and you can pry my bricked iPhone from my cold dead fingers.

Re:Aww..

[tehcyder]

I know Americans have a different view of the use of firearms and the level of self defense you can use, but in my (UK) eyes if you shoot someone you'd better have a fucking good reason (i.e. it was a matter of life or death), and if you end up shooting a cop it's hard to feel a great deal of sympathy.

I don't think that if someone is kicking your door down that gives you the right to shoot them dead without identifying them or the actual level of threat they pose.

Re:Aww..

[daid303]

Nothing to do with history, but with Abbreviation. United States Secret Service is USSS not SS.

Re:Aww..

This from a member of a nation that is sliding right off into Big Brother.

Give me a break.

Anyone stupid enough to come bashing thru my door, or worse, my bedroom, at 2 a.m., cop or no cop, dies. End of story.

One reason this country will maintain a modicum of freedom regardless of Obama and minions is the fact that we have some 250 million guns in private hands. While I'm not itching for a 2nd American Revolution, the powers that be might want to be careful. Texas and the mid-West are not as charitable as I am.

Re:Aww..

[DavidTC]

Uh, no, hiding in your bedroom is retreating, which you are often required to do in many states. (Unless they have a 'castle' doctrine.)

There's really no state where being trapped in an inescapable bedroom and shooting an intruder would even slightly be illegal. In some states, going towards an intruder and shooting them can be illegal, or shooting at them when you could have escaped, but simply grabbing a gun and getting as far away from them as possible, and shooting them when they come towards you, is entirely legal anywhere I know of.

Unless, somehow, those intruders are actually cops, in which case they find a way to make it illegal.

Re:Aww..

[DavidTC]

More important, it's hard to figure out why anyone would think this problem only applies to the SS, or why, if there was a solution, other government agencies wouldn't use it.

For some reason, in comments to this article, people have suddenly started believing the SS, a law enforcement agency people think well of because most people have no interaction with them (Although ask Steve Jackson about them some day.), is the only law enforcement agency that exists. And that the problems here, and solutions they find, and legislature about this, and whatnot all magically apply only to them.

Re:Aww..

[DavidTC]

Indeed. Anyone who thinks the Fed went after them, and thus pointed the media at him, probably read that in the...tada...MEDIA. I'm not entirely sure they can be trusted to explain exactly what happened.

Richard Jewell was questioned by the FBI. Like, oh, a hundred other people. The FBI rather quickly, and well before any stories appeared, dismissed any theories about him planting it himself.

But because the FBI was stingy with information about the progress of the case, and the media somehow learned the fact that, at one point, the FBI had asked him a few questions aimed at seeing if he had did it, they started doing their own 'investigation' into him.

I'm not a huge fan of Federal law enforcement, or in fact how any law enforcement is allowed to operate, but the FBI isn't to blame for Richard Jewell being slimed...that was entirely the media. At no point did the FBI even consider him seriously as a suspect.

Someone, somewhere in the FBI probably let something slip they shouldn't have about who was being interviewed, or some government official, no one knows, but a perfect air-tight barrier of information is too much to expect. The media is not supposed to go 'Why, the FBI has a possible suspect! We better start meddling in the case and running information about him all over the front page.'.

Hell, if he'd been a real suspect, and actually charged, it would have been almost impossible to get an untainted jury because of the media's ass-hattery.

A much much better example of Federal law enforcement screwing with people is Steve Jackson vs. the Secret Service.

Re:Aww..

[jimnorcal]

99.999% of Law Enforcement, whether they be the secret service, fbi, or local officer Joe Asshole, do not have your best interest at heart. They have only their own interests at heart.

The sooner the American public at larges realizes this fact, the sooner we can enact laws that punish law enforcement officers for making the 'mistakes' that they do. At present, it would seem that nearly all officers who harm innocent people 'in the line of duty' are rarely questioned on their actions and even less so reprimanded in any way. It has become a horrible situation for the American way of life and the system needs fixed with new laws that punish the police (individual officers responsible for crimes committed like killing young girls indiscriminately instead of punishing innocent citizens.

Re:Aww..

[Omestes]

I'd say 1 in 1000 is still way to high, I'd be more comfortable with 1 in 5000 or more.

Statistically, you're many times more likely to be a victim of one of the criminals who was let go than to be thrown in jail for something you didn't do.

Sure if these 300 people released were much more violent and dangerous than your average criminal. Remember that your average American criminal isn't that dangerous. For most of them, the most you can expect is to be a victim of having to smell pot smoke, or seeing junkies. The rest is generally petty thieves and other "minor" criminals, and when it comes down to that I have a feeling that I am not alone in preferring getting robbed to sitting 20 years in jail for a crime I didn't commit (the knowledge of such might actually be worse than the whole jail bit). I'd also prefer minor assault, or most anything over being imprisoned.

Most criminals don't inflict anything as bad as 20 years of imprisonment on their victims.

Also, you have to look at the question of faith in the system. How many exonerated death row inmates does it take to shake the foundational faith in the system? One was enough for me to switch from being pro-death penalty to against it.

Re:Aww..

[jonadab]

> Remember that your average American criminal isn't that
> dangerous. For most of them, the most you can expect is to
> be a victim of having to smell pot smoke, or seeing junkies.

You've changed the subject.

Upthread we were talking about actually going to prison. I believe your exact words were "throw you in jail to rot".

Now you're talking about the kinds of crimes that generally result in little games like the court ordering the offender to appear in court several times, taking away his driver's license for a few weeks, making him go to rehab meetings and such, fines, and other minor inconveniences. It is theoretically possible to go to jail for possession of marijuana, in the same sense that it is theoretically possible (for a typical person) to meet and fall in love with an eccentric billionaire and only find out they're rich after the wedding, but it is unlikely in the extreme.

> I have a feeling that I am not alone in preferring getting robbed
> to sitting 20 years in jail for a crime I didn't commit

Twenty years for petty theft? Now you're just being silly. That's a murder sentence, or aggravated armed robbery at the very least.

I suppose you *could* get a twenty-year sentence for non-violent theft, theoretically, if you try to steal every Mercedes in Manhattan, lead the police on a high-speed chase, refuse to plea bargain, decline council, then flip off the jury and swear at the judge, but even then you'd probably make parole after five or maybe ten. The prisons are crowded. They don't like to keep non-violent criminals.

Re:Aww..

[wertarbyte]

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place. I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

It took some time for me until I recognized what kind of organization you are referring to with the abbreviation SS.

Re:Aww..

[Omestes]

I'm not the the person you think I am, you weren't replying to me, I'm just some random person hopping in.

Twenty years for petty theft? Now you're just being silly. That's a murder sentence, or aggravated armed robbery at the very least.

Hyperbole is the greatest thing to ever happen on this planet.

Re:Aww..

[L1feless]

I am Canadian and I have to say I agree with your statement there. The police in this case argued they identified themselves and thus this gentleman shot the cop in cold blood. This is funny because if they were planning a drug bust they are not likely to run into a home and immediately shout POLICE. I have read this article which was posted above. http://reason.com/archives/2006/10/01/the-case-of-cory-maye Interesting read. One note which seems to have been missed is the fact that he ran into his 18- Month Old child's room with the gun. Not Just his own room. This is a retreat and a means of protection if I have ever heard one. I think this quote really summarizes this whole case and sheds ot light how ridiculous it all is: "...To convict Maye, the jury had to believe, beyond a reasonable doubt, that a man with no criminal record, a man who had just moved out of his parents’ home to make a life with his daughter and girlfriend, a man who had only a minuscule amount of marijuana in his apartment, looked out the window to see a team of police officers was about to enter; decided to take them on, even though he had done nothing wrong; waited for them to forcibly enter his home; fired three shots, killing just one of them; and then surrendered, leaving four bullets still in his gun. ..." One could argue that a small amount of marijuana is technically something wrong but as it states in an earlier portion of this article in his township/ state it would have been a $50 dollar fine at best.

Secure wipes?

[Infiniti2000]

Are they secure wipes or can data still be gleaned?

Re:Secure wipes?

Are they secure wipes or can data still be gleaned?

I don't know about iphone, but blackberry wipes securely. The blackberry platform has been tested, audited & certified by many government & private agencies:

http://na.blackberry.com/eng/ataglance/security/certifications.jsp

The iphone has been tested, audited & certified by... nobody.

But there is one advantage to the iphone - since you can't take out the battery, it remains on the network for a longer time to receive the wipe signal.

Re:Secure wipes?

[fuzzyfuzzyfungus]

Depends on the phone model, I suspect.

My understanding is that the accepted "proper" way to do it is to have all the user-relevant data on the phone stored in encrypted form, with a stored key making it transparently accessible. That way, when the "wipe" command comes, you just have to nuke the key, which takes mere moments, rather than a potentially quite large block of Flash, possibly hiding behind one or more controller chips that are abstracting things, and remapping, and doing other stuff that interferes with your ability to wipe the data hard enough to resist an adversary willing to physically inspect the memory chips, or even a raw dump of their contents.

If a phone implements that correctly, any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it. If there is some nasty flaw in their implementation, or if they use an inferior system of some sort, it is quite possible that fairly trivial attacks will reveal most or all of the information.

Re:Secure wipes?

[guruevi]

Usually (as in the case with the iPhone and Blackberry), all data is encrypted by default and the remote wipe deletes the encryption key a couple of times. This makes all data unreadable and unrecoverable - even if you could read the data it would still be worthless.

Re:Secure wipes?

The real question is - are they secure, sanitary wipes?

Re:Secure wipes?

[afidel]

iPhone 3GS with OS4 will be secure, it will wipe the key immediately and then clean the datastore in the background. This change was made because the old phones took forever to wipe their fairly large flash storage space.

Re:Secure wipes?

[SQLGuru]

Were I in law enforcement, I would institute a policy where electronic devices were put into a signal inhibiting box (Faraday cage) upon acquisition. Said box could then be taken to a room for analysis. It won't necessarily prevent the wipe, but it will help a lot. Would also help in situations where the bad guys were doing something with the phone signal (like trying to locate where the cops were staked out).

Re:Secure wipes?

It appears to be already in the SOP of some LEO groups. See the file on Cryptome. (The ZIP file contains a single PDF document). Take a look on page 4 of the document for suggestions on signal disruption.

Re:Secure wipes?

[jimicus]

Had you RTFA, you'd know that this is already in place. It's just that the occasional agent here and there has forgotten to follow it and has sent a device off to the lab without removing the battery and/or putting it in the shielded envelope.

The entire FA is a big fuss about nothing, AFAICT. Even the lab admitted that it happens occasionally but it's not a huge problem.

Re:Secure wipes?

[OzPeter]

any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it.

I call you a liar .. CSI is a 3 letter agency and they surely won't need some imaginary computer stolen from some imaginary space peoples in order to recover the photo that the victim took of their attacker just moments before they died.

Re:Secure wipes?

Were I a bad guy I'd encrypt the storage and have the key wiped if a code isn't entered every 15 minutes. The key would preferably be in the most volatile location possible.

Re:Secure wipes?

[Stick32]

My understanding is that the accepted "proper" way to do it is to have all the user-relevant data on the phone stored in encrypted form, with a stored key making it transparently accessible. That way, when the "wipe" command comes, you just have to nuke the key, which takes mere moments...

This is how the 3GS does it, and it takes under 2 minutes. Older model iPhones do it by actually nuking the data which can take hours. Once the wipe is initiated on the older models, though, it can't be stopped outside of putting the iPhone into recovery mode. Also, the remote wipe option on iPhone also requires having a MobleMe account enabled on your iPhone beforehand.... Yay for lockin....

Re:Secure wipes?

[AmiMoJo]

Put a tinfoil hat on it, no network signal.

If you don't have time to make a tinfoil hat then an anti-static bag is just as effective.

Re:Secure wipes?

[mlts]

This is how Windows Mobile 6 and newer protect the contents on the memory card. It creates a key (and I forgot what exact file it uses under \Windows), and when writing to files on the SD card, uses that key with AES-128. When reading files, it checks the file against the list of keys stored to see if it can decrypt it. If it can, it will transparently decrypt it.

Hard reset the WM device either by a remote wipe, too many wrong PINs, or physically, and that keyfile is wiped and recreated with a new random key.

Blackberries go one step further and offer to ask for a passphrase, use device encryption, or both.

iPhone encryption is present, but articles have been around stating that it needs some work.

Android's weakness is that it has -no- encryption mechanism. And this is ironic because this would be trivial to set up under Linux. Device-based encryption can use LUKS, file based could use a variant of EncFS. Android by itself doesn't have any facility for remote wiping, but there are a number of third party apps (WaveSecure), as well as phone maker software (MotoBlur) which allow for remote wipe capability.

Ideally, phones should have security on par with a Blackberry. They should support:

Remote wipe (obviously).
Wipe if SIM card is changed, card is not on an authorized list.
Wipe if the phone has not been on the network in X amount of time.
Wipe if the phone has had too many bad passwords entered.
File encryption, as well as encryption by device, so the memory card would be completely unreadable to an attacker who couldn't even guess file sizes or names.
Backups, with some form of encryption, be it a passphrase or other ways.
Secure storage of private keys (client Web certificates, PGP/gpg keys) where not just any app can read the private key material, but have to go through an API which prompts the user, and optionally asks for a PIN.

Re:Secure wipes?

Any three letter agency will have their own key for the device. This way only wiping the key protects you from criminals and helps lawenforcement. All good for you or do you have something to hide?

Re:Secure wipes?

[aaarrrgggh]

The 3GS should be pretty secure now; the key is wiped immediately, although I don't know if the data store is cleaned. The feature wasn't brought out until OS3, so the 3G and 2G phones shouldn't expect the function. Only the 3GS encrypts the data on the device itself and has the hardware to support on-the-fly decryption.

Re:Secure wipes?

What is this? Multitasking and background processes on my iPhone?

Re:Secure wipes?

any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it

They're called Asgard.

Re:Secure wipes?

[mini+me]

iPhone also requires having a MobleMe account

Or an Exchange account. Which can include the use of z-push, if Exchange is not your thing.

Re:Secure wipes?

[gyrogeerloose]

Put a tinfoil hat on it, no network signal.

If you don't have time to make a tinfoil hat then an anti-static bag is just as effective.

I'm not so sure about that. The tinfoil hat might work okay but if you're talking about the typical plastic anti-static bag then I think you're mistaken. RF will go right through one of those things, especially at the frequencies (~800MHz-2.5GHz) on which cell phone networks operate.

Re:Secure wipes?

And how long would it take the perp to just deliberately flub his unlock a couple times and trigger the wipe locally?

Re:Secure wipes?

[Jeng]

I do not believe that any US based three letter agency would be stupid enough to force all hardware vendors (most of which manufacture in China now) to include a backdoor.

Any backdoor for the three letter agencies is a potential backdoor for those the three letter agencies would like to stop. Yes, they are smart enough to realize that.

It is not like the three letter agency would be able to do this without the developers knowledge which would just be another avenue for the backdoor to be released.

Now China on the other hand, they may be more likely to try that.

Re:Secure wipes?

[natehoy]

You've always had multitasking and background processes of stuff Apple writes into the OS. It's third-party apps that don't allow multitasking.

Plus, if the phone is being wiped, I don't think any other processes are going to be running. :)

Re:Secure wipes?

[shogun]

Sounds good in theory but how many bad guys would be sitting up all night entering a code every 15 minutes so they don't lose their data?

Re:Secure wipes?

[stonewallred]

If I was a phone designer I would make the phone initiate a wipe whenever it lost its signal for more than 5 minutes unless the user entered the correct password. Same with powering it off, requires password or wipes. And battery removal without password would trigger board mounted battery to wipe.

Re:Secure wipes?

[ArundelCastle]

If you click the checkbox that says "I am involved in criminal activities" when registering the device, then it only moves files to the trash bin.

Since this can be a useful feature for inexperienced users a little too quick on the draw with the wipe utility, it's checked by default, right below the e-mail newsletter opt-in.

Re:Secure wipes?

There are a faraday type bags too that can be used for collection.

These are commonly sold and used by government units.

I'm not sure why they haven't mastered a technology that has been around for a while.

Re:Secure wipes?

[khb]

Is there some reason why lead lined evidence envelopes aren't widely distributed?

Re:Secure wipes?

[phantomcircuit]

If a phone implements that correctly, any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it. If there is some nasty flaw in their implementation, or if they use an inferior system of some sort, it is quite possible that fairly trivial attacks will reveal most or all of the information.

Quantum computers would not help at all with breaking symmetric encryption and you certainly would not be using RSA to encrypt the contents of flash memory.

Re:Secure wipes?

[jonbryce]

If you are driving around in the countryside, you will drop signal from time to time, and it could well be for more than 5 minutes.

Re:Secure wipes?

[Minwee]

Plus, if the phone is being wiped, I don't think any other processes are going to be running.

No, I'm pretty sure that when you wipe an iPhone it starts up the MP3 player and sings Daisy Bell.

Re:Secure wipes?

[Bigjeff5]

A Faraday cage blocks the nuke signal, preserving everything.

I imagine only the S.S. folks who don't keep a Faraday cage handy are having problems (which may be all of them, I don't know).

It's a big oversight for a little problem.

Re:Secure wipes?

[GameboyRMH]

Plus even if the attacker's face is only 10 pixels wide in the grainy, dark, blurry photo they can zoom it right up, run an "enhance filter" (proprietary CSI stuff) on it a few times and see his face in high resolution.

Re:Secure wipes?

[AmiMoJo]

Interesting. Shoplifters use them to prevent the RF alarms by the doors going off, but they probably operate in the kHz range.

Re:Secure wipes?

[natehoy]

In that case, no one named "Dave" should ever buy an iPhone. Ever.

Re:Secure wipes?

[gyrogeerloose]

Interesting. Shoplifters use them to prevent the RF alarms by the doors going off, but they probably operate in the kHz range.

That might be the difference. I found out that 5 watts of RF at ~144MHz will go through one, though, after I fried a CMOS device by operating a hand-held 2 meter amateur radio transceiver while sitting at my workbench.

Re:Secure wipes?

[PriceIke]

Man, I'd mod you if I could. +1

Re:Secure wipes?

[afidel]

Under OS3 only some data is encrypted, under OS4 all data can be encrypted if you choose.

Re:Secure wipes?

[calmofthestorm]

Good plan if you're a terrorist/spy/etc. If you're someone who isn't breaking any laws he knows of but likes to protect his privacy, it's a bit too tinfoil. I'm safe from the NSA because I don't do anything they care about.

Re:Secure wipes?

[Lehk228]

wouldn't have to be that aggressive, as long as you have access to hardware control, you can tell if you just got put into a reflective box. very low to zero noise or any other signal when your own transmitter is not sending, and very high noise when it is on.

Re:Secure wipes?

[nurb432]

But there is one advantage to the iphone - since you can't take out the battery, it remains on the network for a longer time to receive the wipe signal.

It takes seconds to turn it off or stick it in a shielded bag.

Re:Secure wipes?

Man, I'd mod you if I could. +1

No prob ... I have a few and I bumped him up.

Re:Secure wipes?

[sexconker]

It's third-party apps that don't allow multitasking.

I think you meant "Apple doesn't allow third-party apps to multitask.".

Re:Secure wipes?

[sexconker]

The key would preferably be in the most volatile location possible.

Michael Moore's intestines after binging on poutine and other Canadian "cuisine"?

Re:Secure wipes?

[fuzzyfuzzyfungus]

Hence "magic" and "stolen from the Greys". A florid way of saying "not happening".

Re:Secure wipes?

[sznupi]

But there is one advantage to the iphone - since you can't take out the battery, it remains on the network for a longer time to receive the wipe signal.

You can take out the SIM card though? (and power it down) Sure, mobile phones without it can still sort-of connect to make emergency calls...but I don't see why they would be able to maintain a data connection / be reachable be remote kill service through ordinary cell network?

Re:Secure wipes?

[DavidTC]

DAMMIT

Hm

[pudge]

The Secret Service just need a Faraday Cage Fanny Pack.

Re:Hm

[MozeeToby]

Or just put the phone into 'airplane mode'. I would have thought that would be what they did anyway, do they just leave them connected to the network all the time when they're working on them or what?

Re:Hm

[Conspiracy_Of_Doves]

Or... you know... turn the thing off until you get it into a secure place.

Re:Hm

[davidbrit2]

They have one, apparently.

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Re:Hm

What about devices like the iPhone that don't have an easily removable battery?

Re:Hm

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Deep below the earths crust where an army of techie-like-gremlins work tirelessly in a labrinthy maze of dusty, dirty laboratories consisting of ancient testing equipment made before the dawn of man. Only Down here, where only the flicker of overhead lamps shine shadows into the darkness, is justice done.

Re:Hm

[elrous0]

Good luck explaining a scientific concept to the average Secret Service agent. That's like trying to tell a CIA analyst that psychics don't exist in real life.

Re:Hm

Sue apple for making a terrorist friendly communication device

Re:Hm

[sunderland56]

Or just put the phone into 'airplane mode'.

That would require every police officer to know how to navigate the menu system and do that on every smartphone ever made. Even just turning off a phone you've never seen before isn't necessarily obvious.

What isn't clear to me is exactly what evidence they're expecting to find. A log of every phone call made or received, and every text sent or received, is already available from the service provider. If a criminal is smart enough to know about and deploy a remote-erase feature, aren't they smart enough to just not store incriminating evidence in the phone to begin with?

Re:Hm

[RaceProUK]

There's one problem with that - it requires thinking.

Re:Hm

Didn't work for you either, eh?

Re:Hm

They pull out the battery and THEN turn it off?!

Re:Hm

[jimicus]

No it doesn't. It requires a simple, mindless process: supply all agents with shielded bags for mobile phones, instruct them that the process for mobile phone evidence is it goes in the special bag and does not come out before it gets to the lab.

And if there's one thing most law enforcement agencies worldwide are extremely good at, it's simple mindless processes.

Re:Hm

These are available (as small bags, not fanny packs per se) and have been for years and law enforcement/gov't agencies are well aware of them.

Re:Hm

[bzzfzz]

Although most of them aren't scientists or engineers, they're smarter than your average bear. Nearly all have four-year degrees, in addition to their law-enforcement training.

Don't conflate them with the donut-eating locals whose eyes glaze over when you try to explain the Doppler effect and what it has to do with their radar.

Re:Hm

'...supply all agents with shielded bags for mobile phones...'

They use them to pad their hats.

Re:Hm

[pudge]

That's what I get for not reading the story fully. At least they know what to do ... they just now need to get the people on the scene to do it. :-)

Re:Hm

[Bakkster]

And more to the point: the science of the matter doesn't need to be explained in terms of field theory and electromagnetics. Just say "place all cell phones used as evidence in a 'Faraday' container to prevent suspects from remotely destroying evidence". Now it's just an issue of job training, instead of raw intelligence or education.

Re:Hm

[Bigjeff5]

I imagine they know a good deal more about such scientific concepts than you do, you have to be a pretty smart cookie to be able to recognize potential threats and investigate such technically challenging crimes as counterfeiting, which is the purview of the Secret Service.

Even if they were too dumb, there is no need to understand the concept at all - just the procedure. I'm sure even you could handle "Put any phones you find in this special bag, then pull the battery out."

God I swear, nerds think they are the only smart people on the planet, when in fact they are in the minority.

Re:Hm

[CrackerJackz]

At least with Blackberry devices, I can configure my users devices to wipe when:

Contact with the server has been lost for n hours
Battery level drops to 5%
Battery has been removed
Unlock password has be tried n times

along with several other options, there is a reason that these devices have been issued to Government agencies for years :) they can be locked down, and fully encrypted.

So simply removing the device from the network is not good enough.

As for my users, the devices have minatory passwords and locking options, and the device will happily self-wipe after 10 incorrect password guesses.

Re:Hm

[blair1q]

The Airplane-mode switch is near the top of most System menus.

Seriously, if the average user can find it, the Secret Service can.

The local Barney Fife wasn't going to be able to figure out there was evidence on the phone anyway, so that angle is moot.

Re:Hm

I told you I paid a witch in the Appalachians $80 to put on Henry Craigsly. Do I sound like a typical CIA analyst to you?

Re:Hm

[NeedMyFix]

This was a little surprising to me but I was having a problem with my AT&T HTC Tilt 2 phone and tech support had me turn the phone OFF and they then pushed an update and turned it back on for me so OFF isn't really off anymore.

Re:Hm

[pudge]

How can the device wipe itself with no battery?

Re:Hm

[carp3_noct3m]

I just completed a course in computer forensics, and a faraday case or bag large enough for mobiles is one of the items that is suggested to have on your IRT, and sometimes even big enough to put a whole laptop in. Nothing new for these guys. But it does get expensive if you say, confiscate phones from a whole department or division of a company etc.

Re:Hm

[Kompressor]

How can you make 10 incorrect password guesses with no battery? :-D

Re:Hm

maybe a battery removal detection switch that initiates the wipe would counter that f-cage bag.

Re:Hm

[drcagn]

And what if the airplane mode doesn't do anything? It would be trivial to modify a device's firmware so that the airplane mode says it's on but isn't really.

Turn them off?

[Vectorman0]

They seriously can't turn them off temporarily before they stash the mobile devices out of range of service?

Re:Turn them off?

but then maybe the bad guy had turned on the evil "ask for pin" feature which would surely lock them out of the phone forever
so you see the US SS has to disable all features that may prevent them from immediately being able to look at the data on the phone

Re:Turn them off?

[Bigjeff5]

That's not good enough, cell phones never completely turn off. Pretty much all cell phones in the last 5-10 years are capable of remote power-on.

In fact, most PCs with a built-in network card are capable of this as well. It's called a "magic packet", and it allows you to remote power-on a PC if you know the subnet it is on and the mac address.

It can be disabled in the bios for PCs, but the cell phone version (it's obviously not the "magic packet" system for PCs) I don't think can be.

What you need is a Faraday cage (a small bag will do), and to remove the battery (nothing can power it on after that).

That is actually the procedure the S.S. uses, it's just not all agencies were as informed of the policy as others.

Gist of the story

[thesaurus]

If officers don't follow evidence procedures correctly, evidence gets screwed up. And it doesn't happen very often.

"Sometimes you'll get a cellphone that comes in that is wiped, [but] it's not all that common," he said. Agents were trained to incapacitate devices, but Kearns cautioned that not all enforcement agencies had the same knowledge.

Re:Gist of the story

[oldspewey]

So basically, this is crime scene preservation training 101. If an officer stumbles around a physical murder scene, eating hot chicken wings, randomly picking up pieces of evidence, and leaving delicious buffalo sauce all over everything, he will destroy the physical evidence before it can be expertly analyzed. But hopefully with adequate training, he learns how to take adequate precautions.

Re:Gist of the story

Why am I suddenly ordering Domino's hot wings?

Re:Gist of the story

[torgis]

Sounds like a sinfully delicious crime.

Re:Gist of the story

[arth1]

Was there a time when common sense was a requirement to become an investigator?

If all that is required is an ability to follow scripted procedures without engaging the wetware, I think it's high time that we contact Rossum for some replacements.

Re:Gist of the story

The difference would be that to avoid getting buffalo sauce over everything, the officer just has to not touch anything at the scene. With the phone, the officer needs to disable the wireless so that the data remains intact. If the officer reverts to the "secure the crime scene and don't touch anything" strategy, the phone's owner can remotely wipe incriminating evidence from the phone before investigators can examine it.

Re:Gist of the story

[Fnord666]

And it doesn't happen very often.

Seriously? Have you ever worked with evidence techs?

Re:Gist of the story

Does that mean a crime scene can be successfully covered up by hosing it down with buffalo sauce?

"Chief! The Hot Wings Bandit has struck again!"

Just pull the battery out!

[omnichad]

I wouldn't waste a moment waiting on the phone to power down on its own.

Re:Just pull the battery out!

[Pamplona+Slowpoke]

Aren't we talking about iPhones here?

Re:Just pull the battery out!

[zill]

Especially on phones running Android, where anyone proficient in Java can make a fake "Power off" button that zeros out the entire device.

Re:Just pull the battery out!

[omnichad]

Sure, why not? You think the flash chip will be erased by a little sledgehammer force? But seriously, it does take forever to turn an iPhone/iPod Touch off the proper way. It's holding down two buttons for 10 full seconds before it even responds to the request. Airplane mode would be quicker on an iPhone.

Re:Just pull the battery out!

An even better idea is to have a service that runs and periodically asks for a passcode. If you don't respond after a certain amount of time, wipe the device.

Re:Just pull the battery out!

[nneonneo]

No, to turn off an iPhone/iPod touch the proper way, you hold down the sleep button for five seconds, and slide to power off. It's really not that hard.

Re:Just pull the battery out!

[stephentyrone]

One button for 3 seconds. Details, details.

Re:Just pull the battery out!

[nneonneo]

Most Android phones also have a battery cover, so in these cases you just pull the battery: problem solved.

Re:Just pull the battery out!

[omnichad]

Sorry. Last time I powered off it was because the OS froze. A hard power off is holding the home and sleep button for 10 seconds.

Re:Just pull the battery out!

So if I leave my phone at my desk when I go to drop a deuce I could return to find my phone wiped cleaner than I am? No Thanks!

Re:Just pull the battery out!

[Ipeunipig]

Yeah, that slide to Power Off thing...just puts it to sleep. Still powered on and able to be wiped remotely.

Hold Power and Home for a few seconds. That will power it off.

Re:Just pull the battery out!

[ArundelCastle]

On my local public transit, one of the buses is outfitted with cell phone advertising. I noticed a three foot wide section that advises people to yank out the battery if the phone ever locks up. So battery resets are now part of the public lexicon.

(Also this carrier doesn't offer iPhones yet.)

Re:Just pull the battery out!

[GameboyRMH]

So the bus actually makes ads appear on phones somehow? That is one 1337 bus, pwning phones remotely.

Re:Just pull the battery out!

[hawguy]

Presumably you'd only use the auto-wipe setting if you had something to hide on your phone, so you wouldn't likely leave it on your desk while you go take a dump.

But even so, if the phone auto-wipes itself because you left it unattended for too long, then that should be better than the alternative of having someone get to your secret data when they steal (or confiscate) your phone. You do have backups of your data (encrypted, of course), right?

Re:Just pull the battery out!

[grishnav]

It's really not that hard to create a a cell connection and send a text message to a device. Most phones will roam automatically to a site if the site will let them on. I've seen it done (albeit only with 2G) at a Seattle Wireless meeting with a software defined radio and a USRP. To do it legally, you'd (as the advertising agency) just make a deal with one of the carriers to use their licensed frequencies, then essentially MITM the phone and send it a text message when within range.

Re:Just pull the battery out!

[grishnav]

Erg, my comment was directed at you, but apparently I'm incompetent or something.

Re:Just pull the battery out!

[GameboyRMH]

Wow, I've heard of it being done but I didn't think a wireless carrier would allow such a thing. Soon I'll need advanced anti-spam software on my phone.

How would you do remote wipe on a laptop?

[joeflies]

Seems to be that the gating factor with a laptop is that it has to be online in order to get a poison pill. A smart phone, well that's easy to send a poison pill because it's still online even after the point you lose control of the device. A laptop, however, can be left turned off and the disk duplicated before anyone actually turns the power on the drive.

Disk encryption helps to the extent that it prevent an unauthorized people from accessing the drive but that's not the same as a remote wipe, since you can still use rubber hose cryptanalysis or a supoena to get the passphrase. What's needed is some kind of pc hardware that can take instructions to do a remote wipe from a pre-boot phase to delete the encryption key itself (not just the passphrase), and secure enough so that some hacker can't remote wipe your pc for you.

Great!

[just_another_sean]

Sounds like it's working then.

from the cry-them-a-river dept.

[syrinx]

So the Slashdot groupthink's anti-law enforcement stance has extended to the Secret Service now? Which part are we in favor of: counterfeiting money or assassinating the president? Personally I'll go ahead and take a bold anti-counterfeiting/anti-assassination position and say that this is a bad thing.

Re:from the cry-them-a-river dept.

[chill]

Personally, I'll bet it is the counterfeiting that irritates them most. The gov't hates competition.

From the article:

The problem is that accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory, he said.

Fortunately, the person in the article isn't wanting anything done about it other than agents remembering to do this. Nothing to this article, other than the guy saying "sometimes we forget to do this and it is a pain. Don't forget."

Re:from the cry-them-a-river dept.

[tnk1]

I'm a counterfeiter, you insensitive clod!

The money just wants to be free!

Re:from the cry-them-a-river dept.

[inpher]

No one should per default have access to any of your personal items or information, nor should anyone have any kind of back door that makes it easy to gain access to another persons items or information. It is as simple as that. Some part of me is sorry that the police (and more shady agencies) will not automatically get access to everything you are and own on the mere suspicion of a crime the other part of me acknowledges that they already have the possibility to use legal tools such as subpoenas, search warrants et.c. to get access to relevant items and information when you are a suspect of a crime.

Re:from the cry-them-a-river dept.

I'm in favor of privacy and due diligence.

if they have the proof I've done something wrong, they won't need my phone.
if they don't have any proof of wrongdoing, why in hell they are searching my property?

Re:from the cry-them-a-river dept.

Yes, you are absolutely right. We all think the same, have the same opinions, and watch the same fetish pr0n. Now excuse us, we all need to go back to the site with racy photos of short red heads with acne problems, who like cockroaches, wear converse sneakers, and have a penchant for oral sex with armadillos. mmmmm.

Re:from the cry-them-a-river dept.

[maxume]

It's a bit much to read that as a blanket anti-law enforcement comment, it simply means that Taco feels that the law enforcement needs of the Secret Service are subordinate to his right to secure his possessions.

Re:from the cry-them-a-river dept.

[Yamata+no+Orochi]

(When the hell did "I disagree with your opinion" become the reason for modding someone flamebait or troll? Get your shit together, stupid moderators.)

Realistically, the only reason to ever mod someone down is because you, in one way or another, disagree with their views.

Re:from the cry-them-a-river dept.

So which crime was it they were investigating, potential assassination, or counterfeiting? Yup, didn't think so... Kinda blows your whole faux righteous position out of the water now doesn't it?

Re:from the cry-them-a-river dept.

[LWATCDR]

The level of paranoia is just too high over all.
Honestly part of the problem IMHO is that law enforcement is getting a bad rep because of dumb laws like DMCA and such.
I have a friend that works in the FBI. Yes he is very happy to bust some with a warehouse full of counterfeit goods. But I asked him about things like bit torrent and pirating MP3s... His comment was. What a freaking waste of my time. They rarely have to get involved in that and just leave it up to the lawyers.
Of course when the police must enforce stupid and unjust laws they become less trust worthy in the eyes of many people.
It is a shame since this wiping of phones is a real problem and could cause innocent people to get hurt.
I think too many people forget that there really are bad guys out there and the truth is you can never know how many attacks don't happen because they where too hard to pull off.

Re:from the cry-them-a-river dept.

[bzzfzz]

I think most Slashdotters will agree that the Service is well within their rights to perform forensic analysis on any device that they obtain during a lawful search, whether conducted under a warrant, incidental to an arrest, or based on probable cause. I do not believe that the Service suffers a poor track record regarding extralegal searches as does INS and some other agencies.

On the other hand, the availability of an effective "remote wipe" of a personal device is a rightful means of exercising freedom.

It's about balance.

Re:from the cry-them-a-river dept.

[operagost]

I don't care if it's the post office: if they want access to my information, they'll have to work for it.

Re:from the cry-them-a-river dept.

[operagost]

Personally, I'll bet it is the counterfeiting that irritates them most. The gov't hates competition.

Yay, Federal Reserve!

Re:from the cry-them-a-river dept.

Personally I'll go ahead and take a bold anti-counterfeiting/anti-assassination position and say that this is a bad thing.

You could just as easily say "anti-crime".
In which case, I'm sure you'd love to share with the government the contents of every phone/smartphone/computer you've ever used. ... you know, to make sure you haven't committed any crimes.

Re:from the cry-them-a-river dept.

[PPH]

So the Slashdot groupthink's anti-law enforcement stance has extended to the Secret Service now?

They are just another arm of law enforcement that is susceptible to social engineering by corrupt parties. If it were a question of anti-counterfeiting or executive protection, I wouldn't worry too much about them reading my phone. But they (like most LE) are just dumb muscle that can be exploited to do the bidding of others.

The revolving door between government and private business is wide open in the law enforcement area. And many private parties exploit LE's ability to wiretap and collect evidence using methods not legally available to themselves. Industrial espionage, for example, is one application of these special relationships.

Re:from the cry-them-a-river dept.

Yes, I can't imagine why anyone would have a problem with the SS. They have a spotless record!

Re:from the cry-them-a-river dept.

[dfenstrate]

assassinating the president
With Joe Biden and Nancy Pelosi as the next two people in line, Obama is perfectly safe.

Re:from the cry-them-a-river dept.

[geekoid]

Really? so you think want law enforcement to gr responsible and to keep peoples rights in mind means we are pro crime?

They also destroy the loves of people who print games they don't like as well:

Please explain which part of this would involve assassinating the president:

http://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._United_States_Secret_Service

Re:from the cry-them-a-river dept.

Where the hell have you been? The Secret Service is the agency that raided Steve Jackson Games and impounded all of their gear because they were so stupid that they thought that their GURPS: Cyberpunk role playing game was a "handbook for computer crime".

Morons.

Re:from the cry-them-a-river dept.

[gknoy]

the availability of an effective "remote wipe" of a personal device is a rightful means of exercising freedom

At what point does it stop being a "rightful means of exercising freedom" and become destruction of evidence?

Re:from the cry-them-a-river dept.

I'll openly admit I'm against the Secret Service (as an AC...er...well..I just don't have an account).

Because like every other law enforcement organization--they overextend their welcome.

http://www.sjgames.com/SS/

"Nationwide crackdown on hackers"--in which they nearly put independent publishers out of business and revealed an astounding lack of judgement for which nobody was ever held accountable or appropriately punished. Even *had* their damned ignorance been correct, there still would have been first amendment implications even for an unreasonable individual--as all of the cyberpunk books--in the manner of SJ games were clearly written in a manner that is nearly high fantasy!

If they really just cared about counterfeiting and presidential protection, I'd be fine--but just like every other government agency involved in law enforcement, the shit they do goes *WAY* beyond their official duties--and when they do so, they routinely act in the manner of violent fucking thugs.

Re:from the cry-them-a-river dept.

[ChiRaven]

As I understand it, the speaker was NOT just talking about the USSS, but about law enforcement in general. And given so many violations of individual privacy by various branches of law enforcement (e.g., border searches of laptops and other egregious intrusions going back to and beyond the Steve Jackson case), nobody is crying for them. There has just been too much abuse by the law enforcement community for the tech community to garner much sympathy for any of them, even if they might deserve it in individual instances.

Come to think of it, wasn't the USSS INVOLVED in the Jackson case?

Re:from the cry-them-a-river dept.

[blair1q]

Mod parent up.

Not only because he's right, but because I want the groupthink aligned with presumption of innocence on the part of Law Enforcement.

Re:from the cry-them-a-river dept.

[blair1q]

You can buy device at your local Fry's Electronics for $2 (yes, two bucks, batteries included) that has a magnetic sensor on one end and a UV LED on the other. It's about the size of a thumb drive.

With it, you can detect the magnetic ink and the fluorescent strip (which has the denomination printed on it) that are now used on all United States currency of $5 or greater (and maybe the $1 but I didn't check any and I don't have one on me now).

Those invisible-ink pen things were a total scam. These doobers, on the other hand, work great.

Once they're ubiquitous, the counterfeiting will dry up.

Re:from the cry-them-a-river dept.

I do not believe that the Service suffers a poor track record regarding extralegal searches as does INS and some other agencies.

Steve Jackson Games would disagree.

Re:from the cry-them-a-river dept.

Door locks make life harder on law enforcement too, but they keep out crooks. I'm just not going to sacrifice my choice to protect my personal data so that it's easier for law enforcement. I don't have an ulterior motive or some greater underlying ideological concern about a police state in this instance, I just want to protect my shit from thieves.

Re:from the cry-them-a-river dept.

[misexistentialist]

It's hard to have sympathy when G-men complain that their investigative powers are not yet infinite. As for whether we need to pay 5000 agents to protect a president who will always disappoint us or a paper currency which is always worth less... Sorry there are 2 guys in suits talking into their sleeves at my door.

Re:from the cry-them-a-river dept.

So the Slashdot groupthink's anti-law enforcement stance has extended to the Secret Service now? Which part are we in favor of: counterfeiting money or assassinating the president? Personally I'll go ahead and take a bold anti-counterfeiting/anti-assassination position and say that this is a bad thing.

Oh surrrre! That's what you want us to think! Wink, wink. Say no more.

Your post is filled with so many keywords they should be beating on your door any second now anyway.

Re:from the cry-them-a-river dept.

On the other hand, the availability of an effective "remote wipe" of a personal device is a rightful means of exercising freedom.

If you wiped a phone after the police, Secret Service, FBI, CIA etc had it are you sure that would be seen as your freedom, or would it be deemed Obstruction of Justice and perhaps destruction of evidence?

Re:from the cry-them-a-river dept.

[Weirsbaski]

So the Slashdot groupthink's anti-law enforcement stance has extended to the Secret Service now? Which part are we in favor of: counterfeiting money or assassinating the president?

So is "stopping counterfeiting" the new "think of the children"?

*disclaimer*: I already know the answer is 'yes'. Want the gov't to protect your entertainment-industry business model? Then push for a law (or better, international treaty) that stops counterfeiting with a heavy hand, then bend/twist/reinterpret the law to bow to your will instead. And if someone complains, well we can't have counterfeiting, now can we?

Re:from the cry-them-a-river dept.

[david_thornley]

Remote wipe serves a legitimate purpose, sometimes a very important one. It can be used in circumstances where it might constitute destroying evidence. For that matter, most of my possessions could be used to commit crimes, were I so inclined, and nobody proposes banning my car, or keys, or pens, or shoes.

Re:from the cry-them-a-river dept.

[shutdown+-p+now]

At what point does it stop being a "rightful means of exercising freedom" and become destruction of evidence?

At the point when remote wipe is applied to evidence.

(This post has been brought to you by Captain Obvious.)

Re:from the cry-them-a-river dept.

[R3d+M3rcury]

Actually, I like the idea of assassinating the president with counterfeit money. Like drop a bunch of bills on him.

But seriously, what you're saying is that because 0.0001% may use remote wipe to hide evidence of a crime, the other 99.9999% of the people should not be able to remote wipe their phones?

Here's a better idea: When the Secret Service gets your phone, have them perform one of the following tasks:

• Remove the SIM card.
• Remove the battery
• Bring a box with appropriate shielding and place cell phone in the box

If they can't handle doing one of those three things, then they probably aren't very good police officers. Perhaps we need some new ones.

Re:from the cry-them-a-river dept.

For a poor track record look no further than GURPS cyberpunk...

Re:from the cry-them-a-river dept.

Could we counterfeit a couple of presidents?

Re:from the cry-them-a-river dept.

I think the stance here against the Secret Service would be based on the numerous publications of Hackers being arrested in the 80s/90s by the Secret Service. Google it if you do not know what i am talking about.

It amuses me when people make a big deal about these things because in reality Law Enforcement have a huge backlog as it is let alone overstepping their powers. Yes they might make mistakes and have done plenty of times, but they have also done alot of good.

Re:from the cry-them-a-river dept.

[Yamata+no+Orochi]

Case in point: see above.

In Other Words: The Mobile Phone Network

is a botnet !

Thanks in advance.

Yours In Smolensk,
K. Trout

Airplane mode ftw.

[Mekkah]

Airplane mode F T W.

Not enough

[pavon]

Some phones never truly turn off, and have the ability to be turned on remotely. The government was pushing for this feature, and now it has turned around and bit them. The only way to be certain that the black box you are carrying cannot communicate with the outside world is to remove the battery or stick it in a Faraday cage. Both methods have advantages and disadvantages.

Re:Not enough

[toastar]

Some phones never truly turn off, and have the ability to be turned on remotely. The government was pushing for this feature, and now it has turned around and bit them. The only way to be certain that the black box you are carrying cannot communicate with the outside world is to remove the battery or stick it in a Faraday cage. Both methods have advantages and disadvantages.

What's the disadvantage of a Faraday cage? Metal rooms get hot?

Also would a cell jammer not work?

Re:Not enough

[pavon]

I can't think of any disadvantages to a faraday cage for a normal unrigged phone, other than the fact that you have to have one with you. The first cop on the scene probably won't, and will have to wait for the crime scene folks to show up. The phone could be remote wiped in that time. The disadvantages of removing the battery are that there may be info that is lost upon removing power and that not all phones have removable batteries.

A phone could be rigged to clear itself on boot and/or in the case of being without service for a certain period of time. Since you won't know which is the case then there really isn't much point in factoring it into your decision, though.

Re:Not enough

[Bigjeff5]

The first cop on the scene probably won't

There is no reason they wouldn't, all you need is a bag small enough to completely cover the phone. You can make an effective Faraday cage out of aluminum foil. If that's the problem, it's a huge oversight for a small problem.

Also, Airplane mode should block all outgoing signals, but I don't know if it blocks passive reception of signals (there really wouldn't be any reason to), so it may be completely ineffective.

Re:Not enough

[Bigjeff5]

all you need is a bag small enough to completely cover the phone.

Don't know how I missed it on preview, but that should be "small bag large enough".

Re:How would you do remote wipe on a laptop?

[fuzzyfuzzyfungus]

My understanding is that this very feature is either available or available-real-soon-now in certain corporate models with integrated cellular broadband cards(since, effectively, if the PC has a cell card with BIOS integration, doing just about anything a smartphone could do under the circumstances is just a matter of implementation).

Re:How would you do remote wipe on a laptop?

Seems to be that the gating factor with a laptop is that it has to be online in order to get a poison pill. A smart phone, well that's easy to send a poison pill because it's still online even after the point you lose control of the device. A laptop, however, can be left turned off and the disk duplicated before anyone actually turns the power on the drive.

There are laptops with built-in cellular data cards (Dell, HP and others sell them). Some of them also offer remote tracking & wipe capability.

The general case

[Sloppy]

If a device serves the interest of a particular user, then that device is less useful to people whose interests conflict with that user.

Not much of a story or revelation when you phrase it that way, huh?

Let's not forget that law enforcement is just one entry on a long, long list of entities whose interests may conflict with the owner of a phone, and most of those people happen to also be law enforcement's opponents. So it's not like you can "fix" the "problem" of devices serving their users, without taking a largely pro-crime stance. Yes, largely, because the efforts of law enforcement are pretty much small time and comparatively rare events, compared to the constant daily barrage of crackers, thieves and other unknowns.

Imagine: someone's phone may go missing, and that's all you know ahead of time. Just what are the chances that it's missing because law enforcement took it? You can practically ignore the possibility. Wipe it, and defend all users' ability to encrypt and remote-wipe their devices. Don't let them turn this into some kind of excuse to remove devices' capability to serve their users, because it really will be disingenuous. If someone tries to do that, they are not trying to protect their citizens from crime.

Reverse the process...

Don't have it waiting for the poison pill - have it waiting for the antidote.
Which is administered manually or via internet.

24 hours without the "antidote" - it locks up.
Turn it on after that without the "antidote" - it gets wiped out completely.

Battery

[LuminaireX]

I'd be pretty cross if they pulled the battery out of my iPhone. They'll void my warranty!

Re:Battery

[Fnord666]

I'd be pretty cross if they pulled the battery out of my iPhone. They'll void my warranty!

Like they would care.

Who cares?

[olddotter]

Really, your telling me there are plans for the Death Star on the phone and you can't get them any other way if it gets wiped?

Call history will be with the phone company, get a warrant. So you loose self incriminating video they took of themselves committing the crime, probably to post on youtube later...

Remote Wipe More Danagerous Than You Thought

Inclusion of this feature will likely cause cell phones to be banned in public places, since it will make it possible for terrorist cells to randomly set explosives and remotely detonate by phone without leaving a trace? If the terrorists can up the ratio of kills 100's:1, then they stand a very good chance of winning. Soon we will need to play a little smarter.

Re:Remote Wipe More Danagerous Than You Thought

Terrorists can still randomly set explosives and just have them on a timer as well. Have they banned alarm clocks yet?

Re:Remote Wipe More Danagerous Than You Thought

[TheNumberless]

Why would you bother remotely wiping a phone you're going to blow up anyway?

Re:Remote Wipe More Danagerous Than You Thought

[Wyatt+Earp]

Because even if you blow the phone up, a surprising amount of the electronics and memory survive.

A conventional explosive doesn't turn everything into a fine powder.

Re:Remote Wipe More Danagerous Than You Thought

[TheNumberless]

Fair enough. But then: if you wipe the phone before the explosion, how can it be used as a detonator? And wiping the phone after the explosion seems unlikely.

I suppose you could find a way to make the explosion trigger on some signal from the phone that the remote wipe is complete, but (if I'm correct) the remote wipe won't erase the identifying contents of the SIM card anyway. Probably better to just use a disposable cell phone that doesn't have the contact list of the rest of your terrorist cell in memory in the first place.

Re:Remote Wipe More Danagerous Than You Thought

[sexconker]

What the fuck happened here?
They're talking about using the phone to set off the bomb.

They're not talking about blowing up the phone.

If you're using another phone as a receiver, who gives a shit? Any old phone will do. Prepaid piece of shit, stolen, who gives a fuck?

Nothing on it will be traceable to anyone involved.

Re:Remote Wipe More Danagerous Than You Thought

[Wyatt+Earp]

Except Mister Swearsalot, the phones are traceable and the phones blow up into bits that can be traced.

So when Mister Terrorist blow up an IED with a cell phone bits are traced. When Mister Secret Service finds the pieces, they trace them and can compile a profile of who Mister Terrorist was/is and what they did. The memory in the phone may have logged the course Mister Terrorist took, they might get a number Mister Terrorist used to call the IED and they can track that.

Re:Remote Wipe More Danagerous Than You Thought

[sexconker]

My complaint was about the fact that AC was talking about detonating BY phone, as in, using a phone as a trigger.
Yet you and TheNumberless started talking about the chances of recovering information from the blown-up phone.

THERE IS NO PHONE ON THE BOMB, JUST SOME GENERIC RECEIVER.

Phone.
Signal.
Package.
Receiver.
Switch.
Igniter.
Explosive.

The receiver has no sensitive information.
If you cheap out and use a phone (instead of building your own receiver), just use a stolen or prepaid phone.
Trigger it however you want.
Call the thing from a payphone.
Connect it to the Starbucks WiFi and have it connect to a time server and go off at time X. Whatever.

Even if you use a phone as the receiver, to suggest that they will be able to recover any useful information is absurd. You don't have to write ANYTHING to the flash, just run everything in RAM.

Your typical moron terrorist will have a trigger set to go when he calls the stolen/prepaid/otherwise "clean" phone from his real phone, the FBI can find some hardware IDs on the scrap, and the carrier can find the last call to that phone in the log.

Anyone with a brain would anonymize their trigger signal if it had to go through the carrier at all. Push it out over the free WiFi internets littered around every urban center. Use a rooted phone which has direct access to the radio and just spam the signal at max volume. Scrawl "Call Mandy for a good time 555-1234" on bathroom stalls. Post the number on 4chan. Whatever.

I, for one, am glad the average terrorist is as dumb as the average slashdotter.

Re:Remote Wipe More Danagerous Than You Thought

[Wyatt+Earp]

Except the fact is that cell phones are used as receivers all over the world in IEDs.

So yea, no terrorist building a bomb is as smart as you are.

Can't

Can't with the iPhone

Faraday cage

[laughing_badger]

Why on earth do agents not have metalised bags to drop phones to be used as evidence into? Not to be opened until in a secure location with no network signal?

Re:Faraday cage

[Obyron]

Apparently the law enforcement lab for examining iPhones is on Manhattan.

Remote wipe requires remote signal, yes?

[DdJ]

As I understand it, doing any of the following should be able to prevent a remote wipe from happening:

* put it into "airplane mode"
* remove the SIM (assuming GSM with no wifi)
* remove the battery

If you need the SIM or battery to get the data off the device, you can then take it to a faraday cage and put the SIM or battery back in once you're sure no signal can get to the phone. Yes?

Anything that protected against these "attacks" would also make it so the phone's user couldn't access their data when the signal strength was sufficiently poor. Which some folks might choose as their configuration, but then they're open to a new kind of denial-of-service attack.

Remote wipe is useful when you want to prevent a random schlub (eg. pickpocket, guy at bar) from getting data off a randomly-acquired phone (eg. "iPhone HD"). I do not think it's useful for preventing a professional with intent from getting data off a phone they're targeting specifically because of its data. Am I wrong?

Re:Remote wipe requires remote signal, yes?

yes you are wrong.. the key is wiped in seconds rendering the data worthless unless you have supercomputer and alot of time on your hands..

Re:Remote wipe requires remote signal, yes?

[medv4380]

If i was particularly worried I'd make an app that wiped the memory if the SIM card is pulled or if a code wasn't entered on a periodic basis to prevent airplane mode from blocking a wipe. Pulling the battery and the SD card are really your only options for the paranoid wipe. Then again on hard wired internal memory it would be a pain to break open the phone to take out the chip so you could look at it without running the apps on the phone. Though I'm sure law enforcement would be able to get the manufacturer to do it but that eats time that the Secret Service would rather use instead of waiting for the lab results. It's not like a PC where you can just pull the power and remove the HD and put it in a new PC as a slave drive. Though wiping it makes it look suspect. How about a remote Nuke, Pave, and Decoy Data to remove suspicion.

Re:Remote wipe requires remote signal, yes?

[DdJ]

Huh?

Nothing I wrote had anything to do with how long a wipe took, it was based on what triggers the wipe, and how to prevent the phone from ever realizing that condition had been met. I think it's possible that you're confused.

For the iPhone for example, a remote wipe for a typical "MobileMe" user requires that user to go to a web site and press the "remote wipe" button. A phone that's in airplane mode will never receive the resulting signal, and won't be wiped.

So if a pickpocket gets the phone and immediately dodges into an alleyway, and puts it in airplane mode (or takes out the SIM card), a remote wipe cannot work, at all, period.

See?

Re:Remote wipe requires remote signal, yes?

[geekoid]

"remote wiping' isn't really the point.

The concern is wiping. It is trivial to set up a smart phone that will wipe data should a series of events occur.

Loss of contact for a period of time. On reboot after a sudden loss of power, etc..

What they are angling for is to have access to data that's been 'wiped'.

Possibly mandating the data that is wiped be moved to a server.

Re:Remote wipe requires remote signal, yes?

[Locke2005]

What if the pickpocket simply stashes the iPhone under his tinfoil hat?

iPhones don't have removable batteries, and if the phone is locked, you can't put it in "airplane mode". Can you still power it off when locked? The options of removing the SIM card or better yet immediately placing the device in a shielded container still appear viable.

Re:Remote wipe requires remote signal, yes?

[madbavarian]

You are assuming the powering down or removing of the SIM doesn't wipe the decryption key. If I were designing a more secure cell phone that's what I'd do. I'd keep the key on an internet server and send it to the phone after it powers up. If the phone got stolen / confiscated I'd send a wipe command that wiped the key from the phone if the power were still on, and simultaneously wiped the key from the server.

Re:Remote wipe requires remote signal, yes?

[Bigjeff5]

Or you could just carry a Faraday cage with you - you know they can be made to any size, right? A little baggy is good enough for a cell phone, and will prevent any remote wipe.

You also remove the battery, in case another wipe trigger - like "wipe if no connection for more than 1 hour" - is set up on the phone.

S.S. procedure is Faraday cage - battery removal, then transport to the nearest shielded agency lab for analysis.

Re:Remote wipe requires remote signal, yes?

[Macgyver7017]

Blackberries specifically have additional features that can trigger a wipe if the device fails to check in within a specified amount of time. While this could at least be delayed by pulling the battery, you better not power it up later in a shielded lab or it will nuke itself first thing. To deal with that potential, they would have to treat all devices as potentially having that feature and would need to leave them powered off and deal with reading the date directly out of the device memory. Blackberries (if configured to do so) encrypt the device memory with a key protected by the users pin. A wipe of the device first nukes the key and then actually does a secure erase of the flash memory also (takes ~90 min).

Re:Remote wipe requires remote signal, yes?

[citizenr]

* remove the SIM (assuming GSM with no wifi)
* remove the battery

You just lost a lot of data, not to mention access to the sim. Standard procedure is Faraday bag.

Re:Remote wipe requires remote signal, yes?

The guy's not confused. He's a fucking moran.

Re:Remote wipe requires remote signal, yes?

Until the remote wipe applications adapt:
Sim removed = wipe.
Fake airplane mode = wipe.
Fake off button = wipe.
Honeypot = wipe.
Sudden loss of all RF frequencies and GPS signal = wipe.
Removal from bodyheat or charger for more than 10 minutes without response to password request = wipe.

The only way to disable the device is to remove its power. Hard to do on an iPhone or any device with modified glued in battery.
Even then, encryption keys and blocks of data can be stored in RAM so that loss of power destroys them (mostly).

Self destruct mechanisms have been around since written language was developed, once a method is defeated the methods quickly evolve.

Re:Remote wipe requires remote signal, yes?

[rastoboy29]

Or, you could program your phone to wipe itself every day--unless you put in the correct code.
That would be good.

Re:Remote wipe requires remote signal, yes?

[DavidTC]

You can always power an iPhone off. You just hold 'Home' and 'Sleep' together for about five seconds and it does a cold power off, regardless of what the software is doing.

As you can't remove the battery, this is a somewhat important ability for fixing utterly wedged iPhones.

Counter-countermeasure

[Georules]

I would set my phone to wipe-on-battery-pull. Most phones have a latch you have to pull before the battery actually comes out. That could be the trigger. Or, wipe-on-out-of-range-from-me, which would require another piece of hardware, possibly implanted. Then when they turn it on in the lab, it wipes because I'm not there.

Re:Counter-countermeasure

[egcagrac0]

That's a great idea.

Where do you buy phones?

Re:Counter-countermeasure

[Georules]

Stark industries. Make it yourself.

Re:Counter-countermeasure

[egcagrac0]

Helpful. Not.

Re:How would you do remote wipe on a laptop?

[blueg3]

Remote wipe is super easy on a laptop. Use full-disk encryption and don't leave your laptop powered on. If they can't guess your passphrase, it's equivalent to what happens when an iPhone is remote-wiped -- with the exception that you could be convinced to give them your passphrase eventually.

Just use the usual solution:

[Hurricane78]

Plant some “evidence”.

There. Done.

Enemy of the State

[Tekfactory]

What no empty aluminized mylar potato chip bags?

Or a bag made out of the same Steel Mesh as these Wallets?

http://www.wired.com/gadgets/miscellaneous/news/2007/07/steel_wallet

Change paper so you can't destroy it?

[Shugart]

I wonder if they want to change paper so it can't be destroyed. That way it would be easier to investigate a paper trail.

Re:Change paper so you can't destroy it?

[operagost]

They'll simply outlaw paper. HP will have to start selling printers that print on granite using pterodactyls.

Hmmm.

[sean.peters]

But even for an iPhone, you can't remote wipe it if the device is powered down, right? I would think even putting it in airplane mode would be sufficient, as the phone stops, well, "phoning home". And if the Secret Service can't even manage to remember to turn off the phone, well, yeah. My heart bleeds for them.

Re:Hmmm.

[sexconker]

I'll just wait for a phone that stores all data encrypted and stores the key in RAM.

Boot up phone. Type in key. Access granted. Data decrypted.

Lost your key? Too bad. Data gone. Factory restore. Start over.

You'd only ever need to enter the key the first time out of the box, if the battery ever goes completely dead, or if you ever swap batteries.

You could have a capacitor that lasts for a few seconds to prevent the key from wiping if you swap batteries, like many universal remotes.

A simple hardware-based strobe would require almost no power to keep a key alive, and would work even when the rest of the phone was completely off, rebooting for a firmware update, whatever.

Have an auto wipe go once every couple of days without network contact, OR on receiving a kill signal from the network, OR on a certain number of invalid key attempts. So if they keep your phone locked up while they try to brute force your key / attack it physically, you'll have it wiped in a pretty narrow time window. If they put your phone back on the network to keep the dead man switch from wiping the phone, it'll just pick up the kill signal you sent out. This is, of course, assuming that they aren't in cahoots with whatever kill signal service you're using, so you might as well just rely on the dead man switch of no network activity, or no login, within X days, and the hardware dead man switch of "lol when the battery dies the key goes bye bye".

God bless america!

Land of the freexcvbpbp...let me go!...

Red Herring

[DeadCatX2]

The SS thing is a red herring. So what, they're one small part of the government. They only have a two-letter acronym!

What about the FBI? NSA? CIA? Trust the SS all you want. The other three-letter agencies? I don't trust them, and it's their own fault. Had they not repeatedly abused the public trust for the past several decades, I might feel differently.

Proper procedure

[cdrguru]

Well, if they followed proper procedures, this wouldn't be a problem.

Walk around the exhibits at any forensic conference and you will see a variety of devices for making sure this does not happen. You can use any of them - they all work. Anything from the Paraben "tent" to the HTCI "glove box". The idea is that you put the phone into a shielded container where you can operate on it to collect evidence.

When the phone is collected you have the choice: either remove the battery or put the phone into a shielded bag. No special shielded bags handy? Then you have to remove power and hope the phone doesn't lock itself. Don't want to deal with a locked phone? Get some shielded bags then.

This isn't a real problem with phones, it is a real problem with having the right knowledge and procedures. It shouldn't even be a matter of training anymore.

Re:Proper procedure

[mysidia]

When the phone is collected you have the choice: either remove the battery or put the phone into a shielded bag. No special shielded bags handy? Then you have to remove power and hope the phone doesn't lock itself.

And what about passworded Blackberries configured with encryption enabled and an IT policy that says "Secure Erase if low battery / battery door opened, and secure wipe after delay ?"

The act of breaking communications can result in a self-erasure.

Standard data leak protection practice. Anything that could be used by law enforcement to isolate a mobile device, could also be used by a criminal attempting to conduct industrial espionage / gathering info from a stolen handset.

Re:Proper procedure

[natehoy]

My Blackberry locks itself after 15 minutes of non-use. The key to decrypt the data on the phone is itself encrypted by the password (8 characters minimum) that I use to unlock the phone. Screw that password up ten times and the phone wipes. It also locks itself on power-up.

About the only real option would be to either have someone press a button on the phone every 10 minutes (assuming it's not already locked when taken), which would be a real trick when the thing is in a Faraday cage or bag.

The very same things that make the Blackberry and newer iPhones attractive to businesses (and Government agencies, for that matter) are what make it undesirable from a forensics point of view. These things are designed so they can be configured to be extremely paranoid, and are very tough to crack.

And therein lies the problem. If you allow your citizens their own security, you can't see everything they do, and that makes it harder to catch the wrongdoers. If you want absolute information to catch wrongdoers, perhaps a democratic republic with constitutional protection of its citizens is not for you.

Re:Proper procedure

[Bigjeff5]

The key to decrypt the data on the phone is itself encrypted by the password (8 characters minimum) that I use to unlock the phone. Screw that password up ten times and the phone wipes. It also locks itself on power-up.

An 8 character password isn't that hard to crack (I imagine people who go over this are rare), and the 10 entry limit is just an inconvenience, it's no protection.

A bit for bit copy of the phone and data will allow as many tries on the password as you like, just re-set after 10 tries. Since they are likely they have emulators for the phones they could easily run this in parallel until the password is cracked.

It makes it significantly harder, but passwords and encryption have never made hacking into things impossible - just impractical in most cases.

Re:Proper procedure

[natehoy]

Agreed, it's not uncrackable. Nothing is. Physical access to the hardware means that, eventually, you can crack it. The only real goal is to make it take long enough as to be (hopefully) impractical.

The point is, though, that even if you manage to keep it from wiping itself, it's still a damned hard nut to crack once it's locked. An 8-character password with at least one numeric (which is what my company requires - I think they can get even more complex if you're truly paranoid, and the minimum password field is two digits) is still going to take some time.

I've also never seen a Blackberry opened up - I honestly don't know how hard it would be to make a bitwise copy of the memory, or what safeguards might be in place to make that more difficult. I'm sure if RIM was cooperating with the investigation they could help bypass any physical blocks that might be in place, though.

Re:Proper procedure

[fbartho]

Depending on the design of the phone, you could engineer your blackberry to wipe itself if the phone gets turned off, or if the case gets open, etc. All of those are physical security devices that could be bypassed with sufficient time. This includes if they created a single all-in-one chip that was included everything except for power management in one tiny piece of silicon (not currently the blackberry design because it would be cost prohibitive)

Acknowledging that the above aren't really a factor, then take a suspect's blackberry. (Off, locked, but not wiped)
Pop open the device and then cut the flash chip off the board, mount it in a reader, and duplicate that to more friendly media, now you don't have to worry that the data actually disappears on you. Next you solder on a proxy chip that lets you record the exact sequence that queries the flash chip for that particular phone. Finally you just need the normal distributed cracking hardware we know NSA has, and a sufficient amount of time, money, and motivation...

If you weren't a proper forensic lab and were working on a budget (spy style), you could limit yourself to buying/building that proxy chip interface. Then you make sure your proxy interface refuses to send any write commands to the flash chip. Now you can try as many passwords as you'd like. Next you just need to do an analysis of wear on the keyboard. Presumably the most used keys are going to be among the ones in the password. Feed those as inputs to your password generator/tester.

End result? I think you have a bit more confidence in your device than you really should.

Re:Proper procedure

I propose an alternative theory...

You get arrested.
Your phone gets put into a plastic bag and goes into the evidence locker.
You are brought before a judge.
The Secret Service explain to the judge that the phone is encrypted and contains vital evidence.
The judge advises you, strongly, to disclose your password.
You refuse.
Judge rules that you are to be kept in custody until such time as the Secret Service manages to decrypt the phone by other means.

You've won. You're in jail. But you've beat the system.

From the Red Herring department

[DeadCatX2]

Anti-counterfeiting and anti-assassination are good, yeah. Killing Remote Wipe helps more than just the Secret Service, though. Just because we trust the Secret Service does not mean that other three-letter agencies are trustworthy.

Re:From the Red Herring department

I'm sure most people are not trying to secure their phones or devices against the Secret Service.

The main reason almost everyone I know who turns on encryption is wanting to protect themselves against thieves. Not NATO. Not the Secret Service. Not the FBI. No individual company wants to have a hardware theft turn into a hardware + data theft, which turns the cost from the few thousands for the hardware to running in the millions if the data that was stolen was crucial, or could lead to ID thefts. Extortion is already common, so having device and computer encryption is a must.

In fact, *not* encrypting devices and laptops may actually run businesses afoul of the law, especially if there is any personal data on the laptop present. Look at all the havoc caused by USB flash drives ending up lost on a park bench, or left in the break-room by the Vend-a-Goat machine.

skilled experts huh

[TRRosen]

stumped by a technological problem that can be solved by carrying a piece of tinfoil.

Re:skilled experts huh

[Bigjeff5]

The article is about officers who occasionally don't follow procedures, and therefore fuck up the evidence.

It's more of a "Oh damn, I forgot my Faraday cage" than a "der gots to be a way to stop da magic signals" situation.

Seriously, most SS officers are generally smarter than you think you are, which is pretty damn smart. They aren't exactly at the bottom of the law enforcement officer pool, if you know what I mean. More like pretty close to the top.

Re:skilled experts huh

[TRRosen]

Seriously, most SS officers ...aren't exactly at the bottom of the law enforcement officer pool, if you know what I mean. More like pretty close to the top.

True. Unfortunately most other police experts consider reading explorer's history file as the height of computer forensics.

Sad to say but even at the state level in many places the so called experts are guys who went to a seminar.

Re:skilled experts huh

+1 insightful

Just make sure it's wrapped around the ENTIRE phone, not just four sides.

Re:skilled experts huh

I get tired of the tinfoil thing. I actually had my doomsday prophet relative over recently and he carried in a tinfoil covered box. This was his prototype to protect his electronics, and somehow his car, from suffering the effects of an EMP pulse.

Without laughing or groaning I simply suggested he put his cellphone inside and I would try to call it. Guess what happened through all those layers of tinfoil... the phone rang. I think he threw his box away after that, I never saw it or any other items that looked to be a modification of it again.

So yeah, tinfoil doesn't actually do much. But I hope your hat still makes you feel good.

Tinfoil Hat time

[rickb928]

Just wrap it in tin foil, and keep the rays from getting to it and commanding the wipe.

Act quickly...

Later, keep it inside the Faraday cage you have constructed. You HAVE constructed the cage, right? If it's GSM, pull the SIM. If not, well, the cage will need to be expanded to be comfortable...

Any questions?

Re:Tinfoil Hat time

[Bigjeff5]

That's the procedure, just sometimes they forget, and get reamed by their bosses for losing evidence.

RTFA man.

Re:Tinfoil Hat time

[rickb928]

'losing evidence'

In an unguarded moment, we do accept that they have some 'right' to the information.

It's not even that easy, I know...

Re:How would you do remote wipe on a laptop?

[ArundelCastle]

A laptop Dead Man's Switch? Thus:

Hard drive is connected to another circuit in one of X possible number of places. If hard drive does not receive keyphrase from circuit after powering on, then bootstrap sequence is programmed to immediately wipe control sectors, then whole drive if it has the time.

Alternate configuration would be more true to the name where the hard drive must constantly have power and circuit connections. Very difficult to remove all possible pieces at once. Any data stored by this method is probably valued enough to be on a mainframe somewhere, so the laptop is expendable.

Anything can be patched around with enough time, of course. But the effort involved to remove platters or memory in order to extract the data, would probably mean that what you are suspected of doing is very bad indeed.

Speaking of which, if I crack open a SSD hard drive in my dusty garage, how tough is it to transplant the memory without damage?

Self destruct

[sam0737]

I have thought of this for a very long time....but never have time to get my hand dirty to implement. It goes like this:
1. Pair with a few bluetooth devices. (hand free, or laptop, or another cell phone...)
2. A software that monitor the signal of the devices, or Wifi
3. If all or predefined set of the devices go offline longer than the predefined timeout, nuke the device.
(Say it would never trigger if it see your home/office wifi, then when you are outside it has to be paired with the bluetooth hand free to prevent being triggered)

Depends if the officer take the battery out quick enough...or how it will be treated in the lab. But at least this is more effective against thief.
Instead of nuking the device, it could be programmed to do something like SOUND loudly so you could recover it before the thief runs away, or it could turn the phone into recording mode, taking pictures, audio, geolocation, phone home...

Re:Self destruct

Depends if the officer take the battery out quick enough

Personally I've got a Windows Mobile 6 device which, after being fired up once, likes to keep the executables stored in RAM (for fast access). Assuming you can get the encryption-key and maybe even the data in there too removing the power will also mean loosing everything. Combine this with a "must see GSM signals at least once every hour" (or shorter) mechanism in place anyone obtaining the phone from you (the police or other people) would have a hard time to actually find something worth-while on that phone if you do not want them to.

Phone "dead-man" switch

[zerofoo]

Every time I see an article about remote wipe, someone inevitably recommends a Faraday cage to prevent reception of a remote wipe signal.

The question is, does any mobile platform enable a "dead-man" switch, or call-home switch? The thought is that if the phone does not call home after a specified period of time, the device wipes itself.

This would seem to be an effective countermeasure against the "Faraday cage" remote wipe work-around.

It might not be effective for those that use AT&T's service though....

Re:Phone "dead-man" switch

[Locke2005]

A dead-man's switch on a phone that is frequently out of contact with cell towers? Sure, that's gonna work... especially when you forget to disable it while on an airplane. Here's a better idea: don't keep incriminating evidence on your smart phone!!!

Re:Phone "dead-man" switch

[Bigjeff5]

This would seem to be an effective countermeasure against the "Faraday cage" remote wipe work-around.

Except when you remove the battery, which is also part of the procedure. No power, no wipe, Faraday cage or no Faraday cage.

This protects it until they can get to a forensic lab, where they can pull the data off without running the phone's OS (where all the handy wipe triggers and software are).

Re:Phone "dead-man" switch

[mjwx]

The question is, does any mobile platform enable a "dead-man" switch, or call-home switch?

Blackberries can be set to wipe if the password is entered incorrectly a few too many times. I've seen similar functionality for available for Android such as wiping it when it receives an SMS.

Encrypt your Blackberry

[jamesyouwish]

If you are running BES and have properly setup encryption on your Blackberry they will need the password to unencrypted. With 246bit AES encryption this will take some time to break. The remote wipe is just added security.

Re:Encrypt your Blackberry

[tehcyder]

If you are running BES and have properly setup encryption on your Blackberry they will need the password to unencrypt

Well, duh, they can just torture that out of you.

Won't work

[geekoid]

I an put an application on my phone that auto wipes under certain conditions.

If I was conducting large scale criminal operation, I would.
 

Re:Won't work

[Bigjeff5]

If your conditions are "loss of signal" then you'll be wiping your phone an awful lot. That's all a Faraday cage is going to do - cut off the signal.

Battery removal is also not something that can not be worked around without installing intrusion detection for the case. That's some significant modding, but is plausible.

Assuming your wipe conditions are only something like a certain time without connection (which is more reasonable), if they pull the battery quickly enough you still won't stop it.

Also remember that the data can be read without running the phone software itself, so they can make a copy of the intact key and data before any nuking can happen if they follow proper procedures.

Re:Won't work

[Lehk228]

no, faraday cage reflects signals in and out. when the phone "listens" it will hear silence, a unusual circumstance, when it transmits at minimum power it gets vastly more noise than normal

On more thing. Read the Secret service mission

[geekoid]

statement:

The mission of the United States Secret Service is to safeguard the nation's financial infrastructure and payment systems to preserve the integrity of the economy, and to protect national leaders, visiting heads of state and government, designated sites and National Special Security Events.

There first priority is being sure bankers get paid.

Think about that.

What information is not available elsewhere?

[dagarath]

What information are they really going to get from a phone that they can't get somewhere else?

Call history is going to be available from the carrier. Message history from the carrier. Email is stored on a server somewhere. All those cloud apps are on a server somewhere. And if you've got a wipe function for your phone.. isn't it likely you have a backup of your phone somewhere.. that could be retrieved for analysis?

Re:How would you do remote wipe on a laptop?

[GameboyRMH]

Speaking of which, if I crack open a SSD hard drive in my dusty garage, how tough is it to transplant the memory without damage?

If you have the exact same model SSD to transplant the chips into, it's just down to your soldering skills.

Can anyone say....

[r3zurector]

Faraday cage?

Right to Burn One's Own Papers

[Doc+Ruby]

People have the right to destroy our own property. That right can be infringed by a legitimate order not to destroy evidence of a crime, when due process uses prior evidence of that crime and the existence of further evidence.

But until a person is so ordered, it is their right to destroy their own property. The condition of our property that we cause is also our property. So deleting electronic records from our own devices is within our rights.

Re:Right to Burn One's Own Papers

[tehcyder]

So were all those guys at Enron who burned potentially incriminating evidence not doing anything illegal in the US?

Re:Right to Burn One's Own Papers

[Doc+Ruby]

There are other laws requiring retaining business records.

Just another example of how a corporation is not a person; corporations don't have rights like privacy.

Not needed

Smashing the phone into the ground also helps.

I'm not impressed...

If you come up with Remote Wipe toilet paper, then I will be impressed.

Faraday Cage

[nurb432]

If the device cant talk to the towers, it wont get a wipe signal:

1 - get device and turn off immediately or remove battery
2 - put in cage ( room sized is best )
3 - power back up and do your forensics without concern

Remote Wipe, easily defeatable?

[BlueF]

When a smart phone is taken into custody, how often would the owner not also be detained?

In the event a phone is acquired by itself, isn't it possible to simply power down a phone, to be accessed in presence of signal suppression equipment (inexpensive, "off the shelf" technology)??

Faraday cage vs Walmart

Who needs a faraday cage? Law enforcement around here could just take the phone into our local Walmart. Never seem to get a signal in there!

I got the answer

[andcal]

The Secret Service can bring any phone they want to work on to my workplace, and work on it at their leisure. You can't get a wireless signal inside my building to save your life. Plenty of time to crack the phone without it being remotely disabled.