Slashdot Mirror
Encrypt Your Smartphone — Or Else
pin0chet writes "Modern smartphones contain ever-increasing volumes of our private personal data — from text messages to images to emails — yet many smartphone security features can easily be circumvented by thieves or police officers equipped with off-the-shelf forensics equipment. Worse, thanks to a recent California Supreme Court ruling, police officers may be able to search your smartphone for hours without a warrant if you're arrested for any reason. Ars Technica has an article exploring the legal issues surrounding cell phone searches and explaining how you can safeguard your smartphone from the prying eyes of law enforcement officers."
Or Else What?
You ever seen Deliverance?
I read this yesterday and it basically says "No apps can actually encrypt your entire phone, so buy a Blackberry". They point to some apps that will selectivly encrypt parts of your data but none seem to do all of it. I found myself wondering about the headline if for %99 of the phone sout there it's actually impossible.
Normal people worry me!
I use TextSecure by Whisper Systems for text messaging. It's currently in beta, but secure sessions are easy to set up, and the whole application, in general, is working out quite well for me. Better than the stock messaging application in CyanogenMod, at least.
vos nescitis quicquam, nec cogitatis quia expedit nobis ut unus moriatur homo pro populo et non tota gens pereat.
Not storing any incriminating data on your phone to begin with?
This is like telling a person to buy a portable safe to carry illegal drugs on him.
What part of this Supreme Law do they not understand? "The right of the people to be secure in their persons, houses, papers[data], and effects[cellphones], against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things [phones] to be seized." It was adopted as a response to the abuse of the British Writ of Assistance, which is a type of general search warrant, during the 1760s and 70s and their use forbidden in 1776 when the Colonies declared themselves independent States.
Cellphones should not be searchable until a police officer stands before a judge and obtains a warrant, and swears an oath that he, the officer, is telling the truth (and punishable with Perjury if not).
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
The computer in your pocket deserves the same respect as any other. A simple password to access it will block the the same person that you invite into your house and use your bathroom with permission while you expect them to to not look in your medicine cabinet. Even worse, you can loose that phone. If you do not safeguard the location of your phone, consider having a second phone on occasion and use call forwarding, Do not save anything you do not wish to share on your person. Security in layers must be applied to smartphone usage behavior and if you don't know a little about that, consider asking a technical person that does. If a person has access to your smartphone and you have unprotected access to your email, it will take seconds for them to browse your email accounts that are not even associated with your phone. I am not paranoid, but you must consider that loss of your phone may grant access to any email or accounts that that you access regularly with your phone.
This is not news, but the limits related to abusing this ability have not been fully tested in the courts and I don't want to be the test case.
We win together or suffer without.
TFS:
Worse, thanks to a recent California Supreme Court ruling, police officers may be able to search your smartphone for hours without a warrant if you're arrested for any reason.
First, not all Americans live in California. Other States can (and have) interpreted their 4A equivalents to provide more or less protection than the Federal one.
More to the point, it's probably not true that they can search your cellphone if you are arrested for any reason. Rather, the US Supreme Court explained recently in Gant[1], the idea is that the police can search for things "reasonably believed to contain evidence of the offense of arrest". So searching the cell phone of the CA drug dealer might come out differently than searching the cell phone of (say) a parole violator or a drunk driver.
To be fair, Gant was an automobile search and the court might distinguish a cellphone from a car in some important sense. Nevertheless, the blanket statement in the summary is not likely to hold up if the police do not have some nexus between the arresting crime and the cellphone.
And of course, Gant might be wrong as a matter of policy, although Orin Kerr has a very good writeup[2] of the extensive history of search incident to arrest in Anglo-Saxon law that's worth reading for some historical context.
[1] http://www.law.cornell.edu/supct/html/07-542.ZO.html
[2] http://volokh.com/2010/12/14/the-origins-of-the-search-incident-to-arrest-exception/
In the wrong hands, very little except time. It is called social engineering. I am not concerned with law enforcement looking at my phone. Still, in the wrong hands, it is much like losing my wallet. There is no smartphone equivalent to canceling my credit or debit card.
We win together or suffer without.
as a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion is nullified at the state (maybe even fed) level.
until then, I can EASILY do without carrying another computer with me. I spend enough time in front of an actual pc (work and home) that its somewhat of a relief NOT to have to carry yet another 'bother me' device while I'm out.
even if you have done 'nothing wrong' the fact that some thug in a badge can ruffle thru your correspondence for NO good reason - just ends the conversation on getting a smart phone.
thanks - you just saved me close to $100/mo for a 2yr minimum.
--
"It is now safe to switch off your computer."
It doesn’t only affect smartphones they will be able to search all your messages to make sure you weren’t planning something illegal check you don't talk to any known criminals. Also by taking your phone off you it stops you from contacting legal help, which could shut down their operation very quickly.
Rocket Surgeon.
It would probably be trivial to write a lockscreen program with a pair of passwords: One that you use personally to unlock it and another that silently wipes text messages / e-mail / saved data for selected applications (e.g. saved login for facebook, IM) for cases where you are compelled to provide a password.
But I would expect that as warrantless cell phone searches gain popularity software will be available to just about anybody to bypass any security at the application level.
> as a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion is nullified at the state (maybe even fed) level.
As a person who does not currently have a smartphone, I think I just decided not to EVER get one - until this kind of privacy invasion can be nullified [[BY ME having the ultimate control over my own device, rather than Apple or whichever telecom]].
That's the *only* way to trust it. Laws cannot accomplish that. If nothing else, the law cannot protect you from the government that made the law.
FTFY.
Aren't they supposed to be the good guys?
For justice, we must go to Don Corleone
It's unsettling how fast police rights are expanding. The courts seem to take little regard of what the intent is of the Constitution. You should have a reasonable expectation of privacy for your cell phone and laptop but the courts seem to feel your private data is fair game. How is a cop searching for nude photos of your wife protecting the public? If a cop was caught searching for personal photos they should be fired and loose all benefits but I'd bet money they wouldn't face any form of punishment. If we loose privacy rights what rights do we loose next?
Let's say, that my smartphone provides acess to my emails that are not stored locally, but on a server somewhere, or files that II acess using a key that is stored on my smartphone. Would the CA Supremes think that an arrest would allow the police to then rifle through my (remotely stored) files and emails?
What if the files and email are stored on my home PC and acessed over a VPN?
What if I can access a camera in my house?
The real "Libtards" are the Libertarians!
Enjoy it while it lasts.
You reckon it will take long for the single choice you have for a mobile to be a smart-phone?
Questions raise, answers kill. Raise questions to stay alive.
or police officers equipped with off-the-shelf forensics equipment
So? If you're not doing anything wrong, then why worry about this?
dnuof eruc rof aixelsid
We've moved out of the US to a third world country. Either you have influence or you don't. The US is a big mess now with too many dangerous criminals. The government variety doing their [illegal] supposed job are the most common hazard.
Well, if you were really concerned about it, I suppose you could get a Blackberry and encrypt it (which means your data is pretty decently protected), then if you were REALLY concerned spend the extra to implement a BES and run your Blackberry as if it were a corporate one (which supports nice little features like "remote wipe", "remote brick", etc). It's costly for an individual, but...
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
If you've done nothing wrong, you have nothing to fe-... hang on, I just have to answer the knock at the door...................
When they came for the communists, I said "He's next door. Take him away. Goddam commies."
just get a cheap dumb phone, no camera, no apps, no browser, nothing, just makes phone calls
Politics is Treachery, Religion is Brainwashing
Cops will be the good guys when they are replaced by robots. Until then, they are just as lazy, corruptible, malicious, greedy, biased, and negligent as the rest of humanity.
Humans can at least exercise reasonable judgment over the enforcement of laws. How often have you been pulled over by a cop, only to be given a warning or a reduced ticket? About a year ago, I entered an intersection 0.6 seconds too late and ended up with an automated ticket that can't be disputed in court, nor could I face my accuser (since it is a machine). A human being would either not notice the roughly half-second difference, or would agree that it was safer to proceed through rather than slam on the brakes.
I'm sure a hypothetical future scenario of a hover drone detecting marijuana smoke, scanning your RFID national ID card and telling you to remain where you are for your apprehension by the authorities is not that far off. About the only good that could possibly come from that, though, is making people realize how bad absolute enforcement of every law on the books actually can be.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
. . . just use the smartphone as a shield and let them kill two birds with one bullet.
Don't be such a downer. Instead, develop software that makes your phone look completely unlocked (and mostly vanilla and innocent data on it) if you don't swipe the screen unlock thing the correct way.
Not only could it hide/wipe personal data when the pigs are trying to rummage through your phone, it could also record them talking to each other about it - with a false data transfer icon showing low or no bandwidth use (lying) as it uploads their chatter to a server they could never hope to reach, even if they knew about it. Not only while they screw with your phone, but the whole time they have it near them. Trying to unlock it wrong would trigger the recording, but only the battery dying (or extended silence) would stop it. You would have to turn this decoy mode off once you got your phone back.
Imagine how useful this insider knowledge could be to you! This thing cuts both ways. Pigs might have physical might/intimidation, but they tend to not have a lot of brains. A smart enough person could easily trick some pigs into revealing a lot about themselves, while the pigs learn nothing (and suspect nothing) of the phone owner.
P.S. I don't hate police (one of my best friends is one). I do hate (and unfortunately, know some) pigs.
The really frightening (and continuing) trend is for LEOs to seemingly look for ways to skip doing the work before hand, and swoop in and defend questionable search and seizures on people they claim to know are 'guilty'.
While somewhat off topic, it seems to go back to the Bush era warrantless wiretapping and the FISA court. The DoJ would wiretap anyone they wanted without a warrant beforehand, under the cover of clear and present danger (or some such) and then apply later for the warrant. Now think about this a moment, a situation was deemed *so* immanently dangerous they didn't have time to do the paperwork... and then even *afterwards* the DoJ claimed they didn't have the manpower to file it afterwards. Thats right.. the govt didn't have enough people to push paper.
But back to the point.. if you think someone in custody has evidence on the phone.. seize the phone and file the paperwork. Ya know what happens if it turns out you didn't need it? You're covered anyway.
Yup - And the simplest thing to do is to never carry a 'dirty' phone. I keep very little on my smart phone other than some 'apps' I use now and again so they can look through it any time they want to. I always assume my phone will be lost or stolen when I leave the house. I've never had a phone stolen, nor have I ever lost one, but I know people who have lost their phones and a couple ended up very sorry that they kept all the info they did on it. I also have a 'clean' laptop for travel. Same principle. I can VPN to my home server when I'm away and do what I want that way.
My iPhone is set with a non-PIN password, which will wipe the phone after 10 bad entries.
The solution, if you have recent backups, is to nuke the phone (entering 10 bad attempts) immediately upon being pulled over in your car... it would be nice if you could say, enter a "self-destruct" password and just do it with one go, but 10 is easily doable (10 blank entries, for example).
It's sad we have to resort to these tactics, but it is wise if you have any even marginally questionable content or are worried about LEO corruption, to clean your phone as needed.
Make sure everyone's vote counts: Verified Voting
Let's assume for argument's sake that I'm stopped by the police and I'm arrested. My phone is unlocked and they start to search it.
Are they entitled to data only ON the phone, or are they allowed to use an application on the phone which allows access to data stored elsewhere on the phone?
In theory, an email client setup for IMAP doesn't store data on the phone -- messages are retrieved from the server. This glosses over caching, butassume the device could be setup to NOT cache messages locally (or background erase them after N seconds/minutes), the data isn't "on the phone" it's only being *presented* on the phone.
My vague understanding of searches when arrested is that proximate searches are OK, but with an always-connected network device, what's proximate, especially if (like almost all IMAP clients, even ones with very limited caching) there's no perceptible difference between data that's local and data that's on some server somewhere else?
Is the limit some dump of flash (and RAM, if they could do that)?
And why stop at smartphone application data? What if I have an RDP or a SSH/telnet app on my phone that gives them access to dozens of machines (which, in turn, may ALSO offer dozens of machines)? Are those remote systems, because they can be accessed as if local, also eligible for a search?
I guess what's scary is that it's not hard to see a slippery slope where anything the phone allows them into they have access to.
no cell phone is trackable if the BATTERY IS REMOVED.
simple things sometimes work wonders.
and yes, when I used to carry a phone, I would remove the battery when I didn't need the phone on. lots of reasons, really.
--
"It is now safe to switch off your computer."
then they get you on 'destroying evidence'.
citizen: ANYTHING you do can be construed as a violation of SOME US law. there are over 10k laws in the US! we are all breaking the law 5 times a day, at least, technically.
(this was done on purpose. when you are always able to be arrested, it keeps the population 'in check'. ie, afraid to speak up.)
--
"It is now safe to switch off your computer."
Ok, say an arrest has been made. The phone/device is confiscated and the officers are able to log in. Stored passwords also let them log into your facebook account, your email account and let's say your work computers via VPN/SSH. Once into the work computer, further searching of company records ensues. Let's even say that the officer sees some cool system and starts 'pushing buttons'. Does this qualify as computer trespass? My employer has authorized me to access these systems remotely, but not the officer. What if the officer took it upon themselves to download what he thought was evidence? Would that be theft of intellectual property? If said systems were damaged as a result and this were critical infrastructure, would the police department then be liable or the individual officer for taking it upon himself to 'search for evidence'?
I like my privacy but really....what the hell do you carry on your phone that having the police look at it would bother you? If you're a criminal then you shouldn't be carrying around a computer loaded with evidence that can put you away. It never fails to amaze me how simple minded so many criminals are. If you've got secrets then secure them. Having them on a mobile phone is beyond stupid.
To my knowledge, no court has addressed that particular issue to date. Professor Adam Gershowitz argues in his 2008 UCLA Law Review article http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1084503 that courts addressing warrantless cell phone searches might consider distinguishing between data that is stored locally on a cell phone and data that is accessible via a cell phone. The rationale for such a distinction is rooted in the notion of the "immediate grabbing space" which police are allowed to search incident to arrest.
Have you actually tried this? I just did. I intentionally biffed the passcode 6 times and it locked the phone for 1 minute. After the minute was up I intentionally biffed it again. It then locked the phone for 5 minutes. I did not bother to complete the experiment.
You can't get rid of your data that quickly. It makes sense. Otherwise some joker at work could get hold of your phone and cause you instant grief for the rest of the day.
http://www.rootstrikers.org/
Parent said:
If you look at the text of the fourth amendment, it requires probable cause, not a warrant, a warrant is only a confirmation by a judge that there is probable cause.
FTF Constitution:
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The "probable cause" part is qualifying when a warrant can be issued. So the amendment not only doesn't leave a warrant as optional, as you say; it rather assumes warrants to be a central part of the process.
And what happens if there is no probable cause, and so a warrant can't be issued? Well, let's check the fucking constitution:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,
I've been looking but can't find any reputable source that says a phone can be located when it's switched off. Lots of paranoid ravings on various message boards though.
Considering that I'll keep my iPhone thanks.
If all else fails, immortality can always be assured by spectacular error.
Well that's great for you if you have nothing to hide. But for everyone else, advice like this is useful.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
In addition to all the other downsides, like having to switch to a particular carrier, and the regular drawbacks of cellphones that you supposedly can't use 'em anywhere in public 'cuz it might annoy someone, or in the car 'cuz the state believes we can't walk and chew gum at the same time nor drive while talking on a cell phone, we now have to worry about the state tromping around it looking for something - anything - to try to hang us with it. Maybe I have a single phone # in my address book for somone who turns out to be a criminal, so I end up sharing the same cell with the guy 'cuz the cops can make a case out of anything. Hey, Mel Gibson is now going to be charged with hitting his girlfriend, whether she's maybe lying or not, mostly 'cuz a lotta politically correct righteous individuals who never had a wrong though don't like him because of his views and beliefs. Odds are, he didn't do a D thing. But I bet he ends up in the clink. Shoulda gone back to Australia while he had the chance.
I have the simplest, cheapest phone you can imagine - doesn't text, doesn't GPS, doesn't do anything but 1 single thing, and that's make and receive phone calls. I think I'll keep it.
You're not paranoid if they really are out to get you, and the cops are always out to get you - they have a case to close, and if you're a reasonably probable innocent bystander, they can make a case just from you being there, and close their books, problem solved. You think the Duke LaCrosse Team are the only ones to ever have been railroaded? Ha! Happens every day.
Ever heard of airplane-mode? :)
I imagine it would be very odd to see a smartphone with a completely stock srt of data on it: no calls made or received, no texts sent, etc. That would make me VERY suspecious if I were looking at someone's phone.
Or you could just secure your smartphone, of course, which is exactly what TFA is all about. Had you read TFA, you'd also have known that 60% of criminal offenses can be committed without even being aware of it, so you might be a criminal and not know it.
In any case, just like any other computer, a smartphone is bound to contain thousands of emails, browsing history, cookies, and other data that you'd expect to be protected by privacy laws. Make sure you protect it as good as you'd protect any other computer. Better even, because it's much more easily stolen, lost or confiscated.
TFA mentions that the issue of warrantless searches of smartphones hasn't been definitively settled yet, so with some luck, supreme judges might be smart enough to realize that law enforcement officers should need a warrant for it. But even then, it could also be criminals that are rummaging through your personal details.
Everybody has something to hide. Even if they're not aware of it.
The article was painting a scary image about unjust searches, average Joes getting in PMITA prison for something on their cellphone that was found in conjunction with a petty little arrest, so basically poor alsmost-innocent citizens crushed under the heels of totally corrupt, jackbooted officers.
What I missed is even a single plausible example situation that fulfills the three basic requirements the entire article and scare is built upon:
The first two I can understand:
- "being arrested fpr a petty crime with the smartphone searched in the process" (Side question: which "petty" infractions lead to actual arrests?)
- "getting a heavy sentence for something they found on the smartphone" (Side question: what "crimes" can proven beyond the reasonable doubt of judge and jury from smartphone data only - emails, photos, browser logs, GPS, apps?)
Until here, I would still call it "good work in reducing crime, thank you officer for keeping us safe".
But I have a hard time wrapping my head around the third requirement, but which is needed for this act to become actual oppression:
- "not having done anything wrong, at least so you know, because there's so many criminal laws that no average Joe knows them"
What conceivable situation would fulfill all three, ie. being oppression rather than good police work?
Here's the argument from the article again, we all break the laws several times a day without knowing, but the police know and will put us all in prison or worse for crimes we didn't commit or for things that shouldn't be "crimes" in any non-fascist society.
This accusation of unjust incrimination for everyone and everything is the crucial difference between the Police and the Gestapo, yet no one bothered to name a single situation, example or proof, where this could happen.
If there are 10.000 laws in the US which everyone is breaking 5 times a day without knowing, it shouldn't be that hard to name a few so us average Joes can learn to avoid breaking that law in the first place and/or organize a petition to get rid of them.
Some of us a more cognitively challenged than others. It was said the amount of human knowledge doubles almost each day. Without a smartphone, you go to sleep and wake-up half as smart as when you went to bed.
Views expressed do not necessarily reflect those of the author.
If you have a rooted Android and your own kernel you can make the base filesystems anything you want, included AES encrypted loopback. It takes some doing, but anyone who knows how to do it in linux can do it in android, it is just a bit of a hassle to do so.
You were arrested for public photography. Oops, public photography isn't against the law. Sorry, our bad. But you resisted by putting your face into our fist, so now you're guilty of resisting arrest.
Enjoy it while it lasts. You reckon it will take long for the single choice you have for a mobile to be a smart-phone?
You can always turn off or not use most "smart" features. If you don't set up email/twitter/facebook on your smartphone, the police won't be able to immediately access your email/twitter/facebook records.
Similarly, if you don't have an always-on GPS tracking app running, they won't be able to immediately trace where you have been recently; you can delete your call/SMS logs as you go along so there's no history on your phone there.
Now, none of this will happen with most people, for the very simple reason that it is extremely convenient to have all these "smart" features.
To have a right to do a thing is not at all the same as to be right in doing it
If you're really paranoid, yank the SIM out and disable Wifi.
Also, leave the phone at home at all times.
To have a right to do a thing is not at all the same as to be right in doing it
Everybody has something to hide. Even if they're not aware of it.
Well if you're not aware of it, you can hardly secure it can you?
To have a right to do a thing is not at all the same as to be right in doing it
60% of criminal offenses can be committed without even being aware of it
I'd say that was an issue with the stupidity of the criminal law system rather than anything to do with smartphones, civil rights or real criminals.
To have a right to do a thing is not at all the same as to be right in doing it
Some of us a more cognitively challenged than others. It was said the amount of human knowledge doubles almost each day. Without a smartphone, you go to sleep and wake-up half as smart as when you went to bed.
I hope this was an attempt at humour, as you are otherwise deranged if you believe that you can double your store of knowledge each day either with or without a smartphone.
To have a right to do a thing is not at all the same as to be right in doing it
Shouldn't searches be illegal without a warrant? I thought that we are innocent until proven guilty. Is there a specific law that allows searches without a warrant?
citizen: ANYTHING you do can be construed as a violation of SOME US law. there are over 10k laws in the US! we are all breaking the law 5 times a day, at least, technically.
(this was done on purpose. when you are always able to be arrested, it keeps the population 'in check'. ie, afraid to speak up.)
So why doesn't the US government use this fact to mop up all suspected terrorists/undesirables/commies and chuck them all in jail, then re-arrest them as soon as they come out, rinse and repeat?
Possibly because it's utter bollocks?
To have a right to do a thing is not at all the same as to be right in doing it
Wrap your phone in aluminum foil, and line your pocket copper wire to form a faraday cage kind of concept.
The way I see it, if I was worried about being tracked for any reason I would not have my cell phone. While most saying this are just spouting crap from their mouth, I've done it before. Disposable cell phones are available nowadays also, which for those that are on the "fringe" and fear being known... that's an option.
-- This space for lease, low setup fee, inquire within!
you mean... like a land line?
-- This space for lease, low setup fee, inquire within!
I'm putting full-disk encryption on all my machines (or all my portable machines at the very least), to keep my files private in case of physical seizure by law enforcement. All my machine backups except one are already encrypted.
There have been some attempts to hack full-disk encryption onto my current PDA (N900, the OS requires heavy modifications to pull it off and it sort of breaks USB Mass Storage mode) but my next PDA MUST support it out of the box.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Read "Three Felonies a Day"; the third is definitely the case. Federal prosecutors "throw everything at 'em and see what sticks"; they're not interested in justice, they're only interested in getting prosecutions so they can run for office.
I feel fantastic, and I'm still alive.
law enforcement officers should need a warrant for it. But even then, it could also be criminals that are rummaging through your personal details.
"But then, I repeat myself." (Thanks Mark Twain!)
I feel fantastic, and I'm still alive.
Laws are written vaguely, with the express purpose of "keeping us in line"; if we fear that we're breaking the law constantly then we will behave better, I guess, or more cynically, "Find me six lines from the most honest of men and I will find something in there to have him hanged."
I feel fantastic, and I'm still alive.
If there are 10.000 laws in the US
There are well over 10,000 laws in the US. Last year alone over 31,000 laws were passed across the country. In 2009 over 40,000 new laws were passed.
which everyone is breaking 5 times a day without knowing, it shouldn't be that hard to name a few so us average Joes can learn to avoid breaking that law
Well, there are some books on it (both of these are on my to-read list):
Three Felonies a Day: How the Feds Target The Innocent
Go Directly to Jail: The Criminalization of Almost Everything
in the first place and/or organize a petition to get rid of them.
You think they really care about petitions? It is very difficult to repeal laws and scale back power.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
The link in the article, "how you can safeguard your smartphone" actually has zero information about how to safeguard your smartphone. It's all about explaining why you should, not how.
Sarbonn's blog: http://www.sarbonn.com/blog
there's a setting to erase the data after 10 unsuccessful attempts. just keep it away from the kids :P
That doesn't make it any less of an issue.
Shouldn't searches be illegal without a warrant? I thought that we are innocent until proven guilty. Is there a specific law that allows searches without a warrant?
It goes like this:
This hasn't been tested by the supreme court, and I'm almost certain if there is an unlock password on the phone you are under no obligation to give it up unless ordered to do so by a judge (even then it's a bit iffy).
But I'm not a lawyer. I just watch Law & Order and read slashdot.
6th Street Radio @ddombrowsky
You could just secure everything, and hope you didn't miss anything important. It's better than securing nothing.
Here's one example. If I go down my usual highway faster than 55, I'm speeding. If I'm slower than 60, I'm obstructing traffic.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
It is only a matter of time before the government requires ID to buy a prepaid cell phone. In the long term, DARPA is trying to develop "smartdust" tracking capability that would be attached to the outside of your shielding.
There is a program called SecuBox, http://aikosolutions.com/ it creates virtual encrypted disk on Windows-powered handhelds. You can keep your sensitive data there, in encrypted form.
Your phonebook, SMS and other data are still kept in the phone using regular methods though. On the bright side - at least you get to control where your files are kept.
The saddest poem
Okay so my Samsung Epic (Android 2.1) doesn't support full disk encryption... what is the next best thing that I can do? Any app suggestions? And please don't tell me to get a Blackberry or don't use a smartphone.
A phone is roughly about as likely as a laptop, to be stolen or lost. Just ask the Apple employees who bring their prototypes to bars. With portable things, shit happens to a greater degree than with desktops and their tangle of cables that have 'em effectively anchored to your desk (at least losing that requires malice).
So if you have sensitive stuff on it, then you already knew your phone was a risk. You dealt with this question before you even had a "smart" phone.
The cops and lack of warrants stuff is interesting, but doesn't change the scenario. Even if SCOTUS reverses the warrantless search decision, not everyone who steals or finds your phone is subject to constitutional limits on government. And even if you think that government is the only threat (there are no common criminals or nosy people, the world is full of 100% good people from 1950s TV shows) then imagine someone finds your phone. Obvously they're going to hand it over to the cops for 30 days so that you can go get it back. So now the cops have a reasonable expectation to go poking through the phone anyway just to try to figure out who to give it back to, so there ya go. Ignore all the legal issues here; none of them end up mattering, from a security standpoint.
I found it strange they left out the N900 when talking about how to deal with the problem, since that phone is probably the most capable thing on the market, being able to use the tried and true solutions that people have been coming up with over the last few decades. People shouldn't talk about this tech only in terms of the toylike stuff that throws away all our experience, while ignoring the state of the art. If your phone can't encrypt, don't worry, your next one will.
My main worry about phones is that the usage scenario demands (?) convenience but having a user enter a reasonably high-entropy key is usually going to be inconvenient. I don't mind entering a passphrase when I turn on a laptop, but I'm used to being able to dial a phone without going through bullshit. Maybe we'll end up with some kind of partitioning, where lots of capability is available to "guests" but people sometimes login to do a little bit more (mount certain encrypted volumes), so people have to decide when to cross the inconvenience barrier or not.
The "virtual combination lock" picture looks silly; if there's enough entropy in that, then it's either going to be hard to reliably reproduce, or the users are going to be going through a very amusing performance. Long term, the key will probably have to be biometric. Or maybe a physical key (but I don't think so). These won't protect you from law enforcement or violent criminals, but that's not an interesting threat model anyway -- once someone has you then your throat is the topic rather than your phone.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
What conceivable situation would fulfill all three, ie. being oppression rather than good police work?
Here's an easy example, since we are talking about smartphones. The police are now arresting people for taking video on public streets with their cellphone. No, really.
The referenced articles will lead you to a trove of cases where there is no other reason for police action other than oppression. Why might you want to record something happening on a public street if you are not a criminal?
Well, the cops might jump you, beat the crap out of you, charge you with felony assault on a police officer and then destroy the police surveillance videos that document the crime. In this case a cell phone video of what really happened surfaced and the charges were dropped. Lest you think this is a "one off", there are plenty of other cases where police video equipment mysteriously malfunctions just at the critical moment. You can find examples via the referenced articles.
Still wondering why you might want to keep your cellphone private if "you have done nothing wrong"? Follow those links and you'll find plenty of cases where people were arrested (and later released) and evidence on their cellphone was destroyed by the police. Catching bad guys by searching cell phones is probably quite possible. Does that mean that you should give up your right to privacy and have the police rifling through your electronic papers every time you interact with them? Does the 4th amendment really mean nothing?
That is with that setting enabled.
http://www.rootstrikers.org/
A couple of people have mentioned co-workers messing with phones. If someone at work touches my phone they are going to get a nasty talk from HR. Are we in high school here?
Good-bye
If your email is proximate to you via this phone, regardless of network mechanism, then it is proximate to them. If you can "grab it immediately," so can they. Anything you have immediate access to could have been used to commit the crime you were arrested for. If there is a bomb procedure you were referring to in your email on your phone, regardless of network delivery mechanism, then it is proximate to them precisely because it is also proximate to you. Seems simple, really (when things seem simple, I'm usually missing something). I don't necessarily like it, but it is logical. I can easily hear a Supreme Court Justice asking their "obvious" questions on this topic: "Was the smart phone with them when they were arrested? Was there any reason to suspect the phone might have been used to facilitate the crime they were arrested for? Does it really matter, on a network protocol level or other digital machination method, how the phone may have been used to facilitate the crime they were arrested for?"
I'm thinking about it, therefore I might be.
The rationale for such a distinction is rooted in the notion of the "immediate grabbing space" which police are allowed to search incident to arrest.
The long arm of the law, indeed.
It's frightening, because it's very easy and -- at least on the face of it -- desirable to be able to access anything from my iPhone -- Evernote, dropbox, email accounts, SSH, RDP sessions, much of it is *right there*.
I totally agree that prosecutors and the cops will sell the idea that proximate access makes for proximate data.
I guess if I was defending this, I'd ask the judge if during a proximate search my keys were found, does this give them probable cause to search every place those keys open, even though the places in question are not physically proximate?
I suspect we will lose more freedom on this issue, but I think they might require prima facie proof that the data was being accessed during the arrest, or make prima facie evidence that the data was not being accessed during the arrest and affirmative defense against the search.
We may also see more apps supporting secondary passwords or requiring passwords to access data every time the user wants it and not caching it locally or purging the cache very quickly.
Failing proper crypto on the device, Remote wipe is your friend. But that won't stop any forensics tools either, unfortunately, since they don't do a secure wipe. Luckily most local police don't have those tools or the skills to use them. Yet.
If I was worried about being tracked my cell phone would be sitting at home, where I would claim I was the entire time.
If corporations are people, aren't stockholders guilty of slavery?
Data theft from phones is a very real possibility - just look at that recent Ars article. This is what I wrote my LokPix Android photo encryption app for - keeping pictures private in case my phone is stolen. I have scanned images of documents (ID, medical cards, etc.) that I need access to away from home, but I don't want freely accessible. So they get the full AES treatment, and no unencrypted bytes hit the SD card - thus no forensic recovery from there.
That should stop an info thief, but a police agency can always try to force you to divulge your keys (if they realize that there are secured images). Encryption systems aren't automatically all about hiding unlawful activity - there's a very strong case for legitimate use as well.
In today's climate, if you're a male and have a picture of a child on your phone (regardless of whether it's your own child), you're asking for trouble. Plus, as TFA points out, most laws passed recently don't require criminal intent, and given there are thousands of them, how can you possibly know what laws you have broken today?
This climate is what makes this such a concern. If a cop decides he doesn't like you, and has access to enough information about you, there's probably something legally acceptable to charge you with. That's pretty much the definition of a police state.
You seem to be thinking that you're safe because you haven't done anything wrong - but that offers no protection if the government or police are malicious. The fundamental reason we need our constitutional protections is to protect us from people in power abusing that power.
Socialism: a lie told by totalitarians and believed by fools.
Oooh, a nasty talk. That'll fix em. Why, if they keep messing with you they might get a sternly worded note!
Socialism: a lie told by totalitarians and believed by fools.
I have a hard time wrapping my head around these accusations. I didn't say it is impossible or untrue, but accusations of the police in general and in the majority acting like fascist thugs is an incredibly strong one which should carry with them either a metric ton of proof or a rather large grain of salt.
Being naive and missing even a single line of proof, I chose the grain of salt, decided, they're conspiring against me. Occam's Razor, if you will.
Without even constructed examples or singular anecdotes, it's hard to believe. Maybe I'm just too White to get arrested for "driving while Black" or my car looks too bland but spotless, I don't know.
If I was wrongfully sentenced to anything larger than a fine, I contest it in court until the very end. If they planted false evidence, it's time to join the militia, though. The same goes for investigating an innocent photo of my very own kid.
But until then, every cop is my friend. If they catch me speeding or with a blown brake light, I have no one to blame but me.
So, what crime(s) does the average Joe unknowingly commit on a regular basis?
The line should read
"[...] decided, they're NOT conspiring against me [...]"
I will always encrypt everything to the highest extent possible.
Because of privacy against all unlawful searches, by police, burglars, housemates and ex-girlfriends alike.
I didn't meant to advocating *not* hiding everything just because there is nothing *illegal* to hide.
I just wanted to know what *could* happen - there's no risk-benefit-decision without outlining an actual risk.
Thank you for providing these examples. And yes, arresting and even beating people for recording the police is crazy thuggish and probably reminds many people to look for their Guy Fawkes mask and gunpowder. But as everyone has a cellphones with video now, some even with HD, not even the entire National Guard can enforce that law. People will just do it veeery discreetly, which should be enough to get out unharmed and upload it where it can cause the most outrage.
After all, it worked pretty good in the Islamic Theocratic Republic of Iran. It didn't succeed all the way, for crying out loud, but still...
If everyone who was wrongly convicted instantly joined the appropriate militia, the size and strength of that militia would soon match the level of corruption among the respective prosecutors. Just like it should be.
Aren't there any signs?
Speaking about Germany, we have nothing BUT signs, usually several dozen per kilometer, several hundreds, if in inner city areas.
Sure there isn't any sign anywhere?
Can you get the next policeperson handing you a ticket to also write down the correct legally prescribed and 100% ticket-safe speed and sign it for you?
Have you tried driving 58? Getting tickets for both, driving too slow and too fast at the same second will surely yield extreme comic value but is also front page material. (Look at you GPS on a level road to do exactly 58 and then use cruise control to keep it)
[citation needed]
Sorry, but the article and so many other posters had similar broad accusations, but only one wrote actual links to actual events - in that case LEOs from Maryland prosecuting people for using their cellphone cameras in public to record public actions of officers on public duty.
All other posts were just repeating the message "be wary, be afraid, the cops are out to get you". Being physically unable to commit "driving while Black", may have spared me this sobering experience.
So, what *laws* are written vaguely and how can the express purpose of keeping the rabble in line be proven? Posts written vaguely with the express purpose of "keeping us guessing" won't help.
I really do care about petitions. And ballots, and jury. And that what follows.
But arguments from books still on the to-read list will not convince me it is time to panic.
While I haven't used the product I think the idea behind this "turbosim" app. is good for securing sms messages : http://www.bladox.com/doc/sec_ed_ug_en-2.pdf It is based on Sim ToolKit (STK) which runs on all modern GSM phones. Basically, your SIM can have apps. on it but only big biz gets to put them there (banks etc). This thing gets sandwiched between the legit SIM and the phone. The security editions' encryption uses Shneier's Twofish algorithm (128 bit). I didn't see the product on their product list but the guy who sells them says to include a note and he'd load the security apps on the sim before shipping. Never got around to it though.
I like how when the police get the power to search our phones our first reaction is "encrypt our phones!" not "tell our police force they're not allowed!" After all, they work for us, right?
Or you could use a watch phone (it might pass by under the radar). Good idea having a clean travel laptop.
Rocket Surgeon.
Citation: the book "Three Felonies a Day".
I feel fantastic, and I'm still alive.
I've got maybe 10 comments relating to that single book, no excerpts, no examples.
Is it that hard to write one clarifying sentence?
Has everyone put this book on the to-read-list like some other poster, spelling doom and gloom from a book he's not even started to read yet?
Don't people write what everyday thing is illegal because it's also illegal to tell people what the laws are or is it because it would be a tacit admission of guilt because it is something that many people do but still know full well it is illegal as heck?
I'm starting to suspect there's only one law that's bothering everyone or else they'd bombarded me with a flurry of cases where their liberties are truly trampled upon.
Even the professionally-made educational YouTube videos on how to handle everyday police encounters best through knowing your rights were all touching this topic. ("Flex Your Rights" and others)
Really, I guess when most people cite the "10.000 laws that no one knows but everyone crosses 5 times a day" without telling any of them, they mean only ONE law that EVERYONE knows and only THEY cross 5 times a day, but can't tell anyone. The Controlled Substance Act of 1970. "Possession, use, trade of Marijuana is illegal"
Prove me I am wrong.
Read the damn book. You asked for a citation, you got one.
I feel fantastic, and I'm still alive.
"Doom impending for the uninformed. Read the book to know and be prepared."
Now where have I heard that argument before?
Apparently all the guys who voted for 3 stars on Amazon thought the same and were missing the same.
"The book is supposed to be about: "the average professional in this country wakes up in the morning, goes to work, comes home, eats dinner, and then goes to sleep, unaware that he or she has likely committed several federal crimes that day.[...]
The book gave some anecdotal stories, but did not do a good job in supporting the statement about "the AVERAGE professional," and as we all know, the plural of anecdotes is not data. [...] I would rather have seen some evidence that everyday activities are crimes.
I guess no one here has read or remembered more of that book except a few anecdotes and a general uneasy feeling.
Or it really is just about the weed in the trunk.
Again: you asked for a citation, and I gave one. WTF.
I feel fantastic, and I'm still alive.
See here for some recent case where a 19 year old was sent to jail for 16 weeks for not disclosing his password to the police.
So, the US has just to copy some lines from the UKs "Regulation of Investigatory Powers Act 2000" and police will be fine.
First, you'll be temporary withheld for whatever reason, then you'll be arrested for not disclosing your password.