Ask Slashdot: Would You Use A Cellphone With A Kill Code?

Slashdot reader gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter that wipes all private information on the phone? In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information.

I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone. This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.
It could be built into the operating system, added by the manufacturer, or perhaps sideloaded as a custom mod -- but that begs the question of whether it'd really be a popular feature. So leave your own thoughts in the comments. Would you use a cellphone with a kill code?

Mandatory

Yes.

Re:Mandatory

[michelcolman]

There's no need to lock any ports, though: wiping an encrypted phone can be done in less than a millisecond. All you need to do is destroy the encryption key. That's what iPhones do when you enter the wrong pin multiple times, and the effect is instant and irreversible. It would be trivial for Apple to add a feature that wipes the phone for a specific pin chosen by the user.

Law enforcement can sometimes retrieve a password. But that password only serves to decode the actual decryption key, which is a random sequence of bits. If that key is gone, it would take billions of years to decode the device.

Re: Mandatory

1. Duress codes are a dumb idea that sounds cool. Why ? By definition you almost never use them . Now try remembering that code you set up 3 years ago and never used since while arrested , and are freaking the fuck out in a stress situation. Doesn't happen in the real world.

Home alarm systems don't have them any more for a reason.

2. On iPhone if you use TouchID, it's 4 taps to "erase all contents and settings". Any duress code would be longer to enter than that.

Re: Mandatory

[v1]

1. Duress codes are a dumb idea that sounds cool. Why ? By definition you almost never use them .

Let me just throw out a few other "dumb ideas" you almost never use... Airbags. Fire Extinguishers. Life insurance. Parachutes. Seatbelts. Fire Departments. Just because they're an extreme response and you don't use them very often doesn't make them a "dumb idea".

Home alarm systems don't have them any more for a reason.

Friend of mine proved you wrong last year. His wife got home after a craaazy day at work and put in the wrong PIN on her home alarm. 15 minutes later there's a knock on the door from a guy in a white coat and the entire backdrop is full of cops. "What is this? I disarmed my alarm?" "yes, m'am but you used the *duress code* to do it." "oh..." So a bunch of boys in blue came in and swept the entire house while she was outside talking with the cops. Yes there will be false alarms, but the feature serves a function. They had that option enabled because someone they knew a few years back had been forced to disarm their car alarm at knifepoint so they knew the risk was real.

2. On iPhone if you use TouchID, it's 4 taps to "erase all contents and settings". Any duress code would be longer to enter than that.

At first I thought you meant "four taps on the home button" but I don't find that feature anywhere. (link?) If you mean going into settings to erase it, I'm pretty sure any competent LEA will grab the phone out of your hands the instant they see you've finished unlocking the phone. You don't just leave volatile evidence in the hands of a suspect to meddle with before confiscating it. If you have touch id, they can actually use the federally-allowed fingerprints they took from you when you were booked to create a silicon finger and use THAT to unlock the phone, you never get near it again to nuke it. (and yes, there's been at least one documented case of that being done) I'd much rather have two fingers that unlock it and eight that nuke it, let them play routlette if they're feeling froggy. And there's no way a 4 digit nuke code takes any longer to enter than a 4 digit unlock code??

If you have your phone synced with your computer or cloud, if you accidentally erase it you can restore it from there. If they're THAT aggressively pursuing you that they will get search warrants for your house or cloud data, okay, you can have it. I think this discussion is more aimed at discouraging "fishing expeditions" of "We have just barely enough evidence to arrest them and take them to jail for an hour, lets see if we can find anything on their phone that will convince a judge to give us some search warrants..." To me anyway this is more about curbing illegal search and seizure than it is about trying to bypass the lawful search warrant process.

Re: Mandatory

[Nunya666]

1. Duress codes are a dumb idea that sounds cool. Why ? By definition you almost never use them .

Let me just throw out a few other "dumb ideas" you almost never use... Airbags. Fire Extinguishers. Life insurance. Parachutes. Seatbelts. Fire Departments. Just because they're an extreme response and you don't use them very often doesn't make them a "dumb idea".

Home alarm systems don't have them any more for a reason.

Friend of mine proved you wrong last year. His wife got home after a craaazy day at work and put in the wrong PIN on her home alarm. 15 minutes later there's a knock on the door from a guy in a white coat and the entire backdrop is full of cops. "What is this? I disarmed my alarm?" "yes, m'am but you used the *duress code* to do it." "oh..." So a bunch of boys in blue came in and swept the entire house while she was outside talking with the cops. Yes there will be false alarms, but the feature serves a function. They had that option enabled because someone they knew a few years back had been forced to disarm their car alarm at knifepoint so they knew the risk was real.

My home security system has the same feature, and it's easy to remember the "panic" code. It's just one number less than your "real" code.

Re: Mandatory

[drewsup]

Why not use thumb for regular login, middle finger for wipe, seems apropo

Re: Mandatory

[PopeRatzo]

His wife got home after a craaazy day at work and put in the wrong PIN on her home alarm. 15 minutes later there's a knock on the door from a guy in a white coat and the entire backdrop is full of cops.

I love these letters to Penthouse Forum.

Re: Mandatory

When seconds count, the police are only minutes away.

Re: Mandatory

[Trailer+Trash]

My home security system has the same feature, and it's easy to remember the "panic" code. It's just one number less than your "real" code.

It's whatever the installer sets it to. The installers around here typically set it to your street address - the added bonus is a dumb robber might try that to disarm your alarm and it'll appear to work until the cops show up.

Re:Mandatory

The downside of a duress code which actively destroys data, is that if LEOs find any proof that it is there, that's a destruction of evidence charge. The ideal would be a duress code that silently destroys sensitive data, then puts a "wrong password" error, then one puts in their normal password, and most of their stuff is there, all but the real bad bits.

What might be the best thing would be a hypervisor and VMs... and a filesystem that can has great granularity for encryption. Couple this with an authentication mechanism that can be configured where the PIN would not decrypt on the device... but actually hit an Internet connected server [1] for the key. The duress code would tell the remote server to refuse to give up the key, as well as tell the local device to TRIM all sectors used by the VMs.

This way, some goons in Lower Elbonia seize someone's phone, the user types in the duress code, it sends an alert and also zaps the protected VMs by having the flash storage TRIM that area, then shows "wrong PIN". The user then types their usual PIN, and gets a nice decoy environment. When the device is forensically imaged, all it shows is the valid image and trimmed sectors everywhere else.

[1]: Via challenge/response mechanism of course, to deter replay attacks. This is awkward and would suck if in an area with low connections... but it adds security.

Re: Mandatory

[Known+Nutter]

It's whatever the installer sets it to. The installers around here typically set it to your street address - the added bonus is a dumb robber might try that to disarm your alarm and it'll appear to work until the cops show up.

Huh? If you're using an alarm system with codes that aren't end-user defined, then you're doing it WAY fucking wrong.

Re:Mandatory

[Stewie241]

It depends what you're trying to protect. One might be more interested in protecting company secrets than hiding evidence. Sort of like the case a while back where a NASA engineer (might have been a difference agency - don't recall exactly) had his device searched at the border. He hadn't committed a crime, but there were secrets on his phone that might need to be protected from unauthorized access.

Re: Mandatory

Turns out destruction of evidence is a thing.

Even exculpatory evidence.

Re: Mandatory

[R3d+M3rcury]

Now try remembering that code you set up 3 years ago and never used [...]

1234.

Re: Mandatory

[Trailer+Trash]

It's whatever the installer sets it to. The installers around here typically set it to your street address - the added bonus is a dumb robber might try that to disarm your alarm and it'll appear to work until the cops show up.

Huh? If you're using an alarm system with codes that aren't end-user defined, then you're doing it WAY fucking wrong.

During installation, the installer can set the master code. What the guys around here do is call me over, type in the setup and then have me type my code in twice while they walk to the other side of the room and look away. Same thing with the duress code. They suggest the street address. I guess I should have been more specific about the exact steps taken. And, yes, I can change my master code at any time (of course, I have the installer code as well so I can change *anything*).

Re:Mandatory

Better yet, use a cheap flip phone that only does calls and texts. If you have a so called "smart" phone, leave it at home when you travel, and use the above mentioned flip phone on your trip. Memorize the phone numbers you will need to call on your trip, or give someone you can trust a list and just memorize their number. Don't do texts, and don't enter any personal info into the phone even if it has the capability to store any.

They can't find whats not there, and if your phone can only do calls and texts and you don't do texts, there is not much for them to find anyway.

Re: Mandatory

[Bob+the+Super+Hamste]

Is that even still around? I now feel old for know what that is.

Re: Mandatory

[jxander]

If Apple let you assign a separate fingerprint as a duress code, that would be easy to remember: middle finger.

They could even add an extra safety step: "duress code detected, enter pass code or phone will be wiped in 10... 9..."

Re:Mandatory

[Trogre]

Really, so you can brick anyone's iPhone by playing the lock screen like a piano?

Not sure they've really thought that one through...

Re:Mandatory

[JohnFen]

The downside of a duress code which actively destroys data, is that if LEOs find any proof that it is there, that's a destruction of evidence charge.

Only if what you're destroying is evidence, and they can prove it. In my case, I am not engaging in any illegal behavior, so there's nothing on my phone that is "evidence". I have a kill code simply to keep my private papers private.

Re: Mandatory

[v1]

" from a guy in a white coat and the entire backdrop is full of cops."

such amazing bullshit.

the sentry hotline phones into dispatch through the normal channels which then goes to the person(s) assigned at that time and turns into a call to squad cars in the area to investigate at their discretion.

source: i worked dispatch for 7 years.

No this was actually what happened. She was stunned that there were cops everywhere, wondering why her alarm company didn't call her. (she'd forgotten / dumbthumbed the code a few times and had been called at least a few times in the past) "they don't call when you put in your DURESS code".. "oh, ok, that makes sense."

If that's not how it works in your neck of the woods, *shrug*. That's what happened here and everyone seemed to agree it was SOP. The purpose of the duress code is "someone has a gun to your head and is making you punch in the code to turn off the alarm. Go in soft but heavy, treat it as a hostage situation."

Re: Mandatory

[BoogieChile]

The duress code is your pin, backwards.

Re:Mandatory

[michelcolman]

Not bricked, just erased. Not a huge problem if you also activate automatic backups.

Re:Mandatory

[david_thornley]

Assuming you're talking about iPhones with secure enclave, the wipe-after-ten-tries has to be enabled, and there are increasingly long lockout delays with incorrect entries. Personally, if I have possession of someone's iPhone for a few days, and want it useless, I'll just break the thing.

Re: Mandatory

[easyTree]

For example: 1337 is the panic code, 1338 is the chilled code. Same number of digits.

Re: Mandatory

[easyTree]

15 minutes is actually a pretty good response time when you consider the logistics involved

1. Walk back from coffee machine
2. Finish box of donuts
3. Look around for uneaten donuts on nearby desks
4. Check the box on the captain's desk whilst he's not looking
5. Check for emergencies which need immediate response
6. etc..

Re: Mandatory

[easyTree]

It turns out making everything illegal so that people have no freedom is a thing too, as are the exchanging of one's integrity and the trust placed in your office by the people in favour of maximising kick-backs (however indirect) from the prison industry.

Re:Mandatory

[easyTree]

Better still, move to a civilised country (where they hack in to your phone remotely and don't trouble you with Nazi-themed reenactments.)

Re: Mandatory

[tattood]

Why not use thumb for regular login, middle finger for wipe, seems apropo

Maybe switch them around. Good luck convincing a cop/FBI/border patrol that you regularly use your middle finger to unlock your phone.

Re:Mandatory

[KingBenny]

interesting, so a triple pass on the few bits or bytes holding the encryption key would do
so
... some type of yubikey-type technology might be the shit, giving you the choice to instalock / encrypt beyond fubar and only undoable with
well some kind of yubikey lol
as far as i understand yubikeys, ive been trying to find out how to use the ones i have for zipfiles and archives, like locally but thats way above my paygrade i think
would be nice to not need a password but just put in the key and press the button to unlock all those archives full of incriminating evidence (which i dont have ofcourse) its just in gedanken, i get paranoid about my holiday pictures and remembering decent passwords is something for less chaotic people
writing them down and pinning them to the wall seems like google giving you backup codes as two-fac or steam giving you a recovery code if you lose your phone or mega giving you a recovery key
which you can store on your hard drive or pin to the wall, the total flaw being what if anyone but you has access to the room there
same thing with the key i suppose, still i often been wondering how i could just use my one yubikey to lock or unlock all my archives
which is, i know, off-topic, but actually not completely is it ? the hardware key that gives you the choice between destroy everything or maybe if i get it back unlock it , its not really technologically further than mining gas from ur anus, probably a little closer to the realm of can be done right now

Why not a fake account?

[fredgiblet]

Why not have a second PIN that opens a sanitized, but seemingly fully normal, home page? Missing a few critical apps, or having versions signed into a different account.

Re:Why not a fake account?

[Gussington]

Why not have a second PIN that opens a sanitized, but seemingly fully normal, home page? Missing a few critical apps, or having versions signed into a different account.

Because if the device is confiscated, a simple dump of the memory will reveal everything.

Re:Why not a fake account?

The correct thing is to do both. You have a real and a fake account on the phone. When you give the fake account it wipes the key for the real one and opens up the fake one. This is much less likely to cause problems on the border than an obvious wipe code.

Re:Why not a fake account?

[wierd_w]

What you really want is a "destroy adopted storage decryption key + zerofill SD card" option on the recovery menu.

At least for Android devices anyway.

Re:Why not a fake account?

[jbolden]

Samsung Knox does what the parent wants. If the device gets compromised the Knox subsystem will blow a physical fuse and destroy the data permanently.

Re:Why not a fake account?

[Carewolf]

What you really want is a "destroy adopted storage decryption key + zerofill SD card" option on the recovery menu.

At least for Android devices anyway.

The SD card can be encrypted too.

Re:Why not a fake account?

[Duckman5]

Adopted storage is actually automatically encrypted with a 128 bit AES key. Assuming gp is using the correct terminology. Adoptable storage is the name that android gave to the ability to store entire apps on a specially formatted portion of the microSD card rather than the previous implementation of some developers allowing a small portion of the app to be moved to an encrypted container file on the card. I think it was meant to allow people to supplement those really tiny entry level phones that may only give you like 4 GB of storage for your apps.
It makes sense, though, that you could put all your sensitive apps/data on adoptable storage so you would end up with a seemingly innocuous phone if you erased/destroyed the SD card. In fact, you could mail the SD card, instead, so that you would have a fully functioning phone while traveling but none of your sensitive data would be available at your border "interview."

Re:Why not a fake account?

[torkus]

If the device is compromised in a technical sense.

Knox doesn't do anything at all for your password/PIN being compromised.

Re:Why not a fake account?

[chihowa]

Zero-filling the SD card will take forever and, by the time the device is grabbed, most of the data on the card will be intact with the partial zero-fill being obvious evidence of you trying to destroy the contents of the card. Much better to keep the whole SD card encrypted and just destroy the key there, too.

Re:Why not a fake account?

[wasteoid]

Then have the duress code present the fake, normal-looking home page, while it deletes the real user data. Then by all appearances nothing happened (evidence tampering/destruction), and your data is wiped, and you can still use your phone afterwards.

Re:Why not a fake account?

[david_thornley]

Given full-phone encryption, a simple dump of the memory will reveal garbage that doesn't say anything.

Re:Why not a fake account?

[easyTree]

With the partial zero-fill being obvious evidence of you attempting to exert your existential right to privacy in a climate of intrusive violence-backed 'authority.'

Re:Why not a fake account?

[chihowa]

Oh yeah, sure. It's not fair that there's a bear poised to maul you, but it still doesn't make sense to goad it on.

Why yes

[bytesex]

It would be *very* easy to have smartphones with adequate security from all sorts of perspectives. Secure key storage, secure storage, secure communications, secure boot, secure containers, secure remote management, secure (multiple factor) authentication, secure arbitration of what hardware can access what memory etc. The thing is: if your target audience is largely 15 year old girls, then you probably have commercial priorities elsewhere.

Re:Why yes

I don't think that's the only reason. There are massive government interests all over the world in having insecure and searchable cell phones, and it would be naive to believe that governments and their agencies (law enforcement, intelligence) do not exert some pressure and influence on manufacturers of said devices. For example, all early cell phone encryption standards turned out to be flawed and insecure, even though the teams who developed them should have known better. Maybe that's just because security wasn't their top priority, but there are reasonable doubts about that.

Notice also that governments all over the world were pretty successful at advertising the myth that cell phones are hard to track or tap into, which turned out to be 100% false but was believed by many criminals in the 90s. And I'm not even claiming that the interests of government authorities to make cell phones insecure are illegitimate, it's a complex issue.

So to the topic: There will be no "kill code" phones or "super-strong" encryption phones for non-military private end-consumers, as long as the manufacturer of their hardware or software sits in the US or even more totalitarian countries like China or Russia.

Re:Why yes

[geekmux]

It would be *very* easy to have smartphones with adequate security from all sorts of perspectives. Secure key storage, secure storage, secure communications, secure boot, secure containers, secure remote management, secure (multiple factor) authentication, secure arbitration of what hardware can access what memory etc.

It would be *very* easy for citizens to give a shit enough about their privacy to not carry around their entire lives in a cellular tracking device too.

Simple fact is, they don't give a shit, convenience trumps privacy every time, and it's gonna take a hell of a lot more than a dozen border patrol searches gone overboard to change human behavior.

The thing is: if your target audience is largely 15 year old girls, then you probably have commercial priorities elsewhere.

Yeah right. Everyone from 7 - 70 years old uses a cellular device these days, and the models are hardly different no matter who is using it. Governments rather enjoy insecure civilian communications and devices. They also know you will gladly surrender your Rights in exchange for giving back the precious confiscated cell phone. Addiction is often an easy exploit in order to enforce Control.

Re:Why yes

[GuB-42]

People don't want super-tight security.
They don't want to enter passwords everytime they need to use their phone, especially not long/string passwords.
They want to be able to recover their password in case they forget it.
They want their apps to communicate : share a picture in one click, have their contact book shared between multiple services.
Some want to be able to customize their device, add features, etc...

Securing a device while taking into account user needs for a general purpose computer (this is what smartphones are) is not easy at all.

Re:Why yes

[AmiMoJo]

Lots of phones have that level of security now. Their target audience is business users and consumers who care about privacy. 15 year olds don't really buy many phones, having little disposable income and only one birthday/xmas a year.

Re:Why yes

[chihowa]

You could have phones with great security that even the 15 year old girls would be fine with. The priorities toward non-securirty come from the the data harvesting interests of the phone manufacturers, carriers, advertising companies, and (comparatively distantly) snooping governments.

Seriously... the most common phone OS is developed by an advertising company and it's a surprise that security and privacy are low priorities?

Re:Why yes

[amiga3D]

I don't keep anything on my phone that isn't pretty much publicly available. If I had anything sensitive my phone is the very last place I'd put it. I've already decided that if I go out of country my smartphone isn't traveling with me. I'll pick up an old Note2 and if they want to look at it they can enjoy the hell out of it. If, I'm into anything at all illegal I'll buy a burner phone at my destination, use it and toss it. (hypothetical of course)

Re:Why yes

[geekmux]

"Simple fact is, they don't give a shit"

i think the problem is that they havent been taught to give a shit.

Give me a break.

Over and over again, consumers hear stories on the nightly news about hackers stealing identities and the costly impact, followed up by the "top 10 worst passwords" list that hasn't changed in decades. Also fighting against statistics and common sense is the it'll-never-happen-to-me syndrome.

Of course, capitalism responded in kind, creating entirely new insurance industries (e.g. Lifelock), to at least insure those who refuse to change their favorite pet-name password they've had since high school, as well as ransomware blooming into a $500-million dollar juggernaut.

It's rather sad, but this isn't simple ignorance anymore. It's willful ignorance, also known as not giving a shit.

Watch and see how nothing will change regarding human behavior, no matter how the masses are manipulated.

Re:Why yes

[david_thornley]

Security is difficult. If it's at all onerous to use, people will either not buy the phone or not use the security. The idea behind Apple's fingerprint reader was that it was security people would actually use. Moreover, phones can be easily confiscated or stolen, so you're talking about strong security against an attacker with physical possession of the device. That gets real tricky.

No.

I'll just avoid travelling to the US.

Re:No.

This. In practically no other "modern western country" is this an issue except in the US (and to some extent in the UK either now or in the immediate future). Everyone knows this. Everyone knows how to avaoid it, and that makes it completely useless.

Re:No.

[CohibaVancouver]

From my experience it seems that the reason for most phone searches on the Canadian side are to make sure that you aren't dodging taxes when you bring something in to the country.

Actually, no. It's generally for two other purposes -

1) People who claim they are not coming to Canada to work / move here, but who are entering the country with all of their worldly belongings. The CBSA will search a phone to find emailed job offers, texts from friends saying "Have a great new life in Canada!", photos from going-away parties and calendar appointments with entries like "first day at new job."

2) Child pornography. If you're typically a single, 40ish, dweebyish, white male travelling home alone from a vacation in a region in Asia know for child sex tourism you may get pulled aside and have your phone and computer searched for incriminating pictures.

Re:No.

[Dread_ed]

It's almost like some countries think borders are important to maintain and control.

What the fuck is wrong with them? Aren't they just letting people come in with no checking, oversight, or vetting at all? That is what we are supposed to do, you know.

Re:No.

[amiga3D]

That's the idea. Stay the fuck away.

Re:No.

[gordo3000]

you may not remember, but I recall there was a time in the 80s when leaving and returning to the US, and going through airport security was fast, painless, and non-invasive. We actually expected the bad treatment in places like India, but never a western country. And you basically had the exact same rate of "problems". Security efficiency has not markedly improved in any way since then, but the amount of time we spend and the invasiveness has gone up incredibly. When the US is now a much bigger hassle than India, the UAE, or Singapore, maybe we have a more fundamental problem with imagined threats? In fact of all the countries I regularly find myself traveling to, the one that is the most painful is easily the US (the UK is worse, but I don't have any business that takes me there).

Re: No.

[antdah]

Heh, it's not even a problem in archaic eastern countries. Not even the chinese molest your phone at the border like the US. And they're evil communists!*

* sarcasm

Easy to do with an iPhone

[PhunkySchtuff]

Put in a PIN code. Set the phone to wipe after 3 incorrect attempts.
When the phone goes to wipe itself, it just deletes the crypto key to the main storage, thereby rendering it completely scrambled in an instant. No need to lock out the Lightning port while this occurs, it happens too quickly.

Re:Easy to do with an iPhone

[TheReaperD]

I would gladly have a phone that would have a self-wipe feature after both a multiple failed attempts and with an alternate code or different fingerprint entered. That last one being especially important with the police forcing people to unlock phone with their fingerprints. This would allow you to use your fingerprint on the phone but instead of unlocking it, it would wipe. Now, you'd be facing destruction of evidence of obstruction of justice charges but, that is probably better than what you would have been facing had the phone been unlocked.

Re:Easy to do with an iPhone

[PhunkySchtuff]

Yeah, if I go to the USA again at any stage in the foreseeable future, I'm seriously considering just wiping my phone on the plane and then restoring from a cloud backup as soon as I've cleared customs.

Re:Easy to do with an iPhone

[geekmux]

...Now, you'd be facing destruction of evidence of obstruction of justice charges but, that is probably better than what you would have been facing had the phone been unlocked.

Fucking seriously?

Unless you're engaged in some seriously illegal activity that you rather enjoy conducting on your smartphone, perhaps you should *really* sit and think about those charges before making such a statement. Gut feeling is a criminal record will impact you a hell of a lot more than your Facebook data being confiscated.

Re:Easy to do with an iPhone

[0111+1110]

Index finger fingerprint = open phone. Middle finger fingerprint = delete or randomize encryption key. Maybe require a second fingerprint (middle finger on other hand) just to be sure.

Re:Easy to do with an iPhone

[Kergan]

Unless you're engaged in some seriously illegal activity that you rather enjoy conducting on your smartphone, perhaps you should *really* sit and think about those charges before making such a statement. Gut feeling is a criminal record will impact you a hell of a lot more than your Facebook data being confiscated.

> If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
> -- Richelieu

Re:Easy to do with an iPhone

[AmiMoJo]

Best to use something other than the tip of your finger for fingerprint unlock. How many phones will let you use, say, a knuckle or partial palm print? Basically anywhere that the police don't normally make a copy of, which is generally just the tips of your fingers.

Re:Easy to do with an iPhone

[AmiMoJo]

If you give me a phone unlocked by the hand of the most honest of men, I will find something in it which will hang him.

- Cardinal Richelieu

Re:Easy to do with an iPhone

[lionchild]

I thought you were being detained and your phone searched without due process, because you're in one of those legal "grey zones" not technically in the US. If you can't be protected by the laws there, why would you be subject to charges?

Customs and boarder crossing is becoming more and more the a little mini US GITMO.

Re:Easy to do with an iPhone

[Grishnakh]

oh, fuck it. just stay home. it's better. really.

No, you don't need to go to that extreme. If you're a non-American, it's simple: there's dozens of civilized, developed nations that you can travel to without worrying about Nazi-like interrogations at the airport. Just go to any of those for your vacation.

Re:Easy to do with an iPhone

[CanadianMacFan]

Don't take anything through customs with you but ship them to where you are staying using a courier. The last day you are there you ship everything home with a courier. If you aren't driving then remember to take a book or a couple of magazines for the trip or else it's going to get boring.

This doesn't work if you are going for a day trip or an overnight stay but hopefully you can live without a phone for a day.

Re:Easy to do with an iPhone

[Dread_ed]

Conveniently, this particular biosignature becomes inactive for 36-48 hours after an "enhanced" search.

This won't fly.

[kaur]

People will accidentally wipe the phones.
There would be 10 legitimate use and 10,000,000 acciddental customers with lost data and liability claims.

I, as a phone / OS provider, would fight this feature.
I, as a phone user, would fight this feature.

Imagine a prankster or a drunk friend or a child getting your phone and trying this out.

Re:This won't fly.

[bazmail]

Then don't give the code to pranksters or drunk friends. Problem solved.

Re:This won't fly.

[rtb61]

you would actually want three pin codes. One to open the phone, one to clear the phone and one to open the phone and call the police and leave the microphone open but shut down the speaker. Obviously the code for normal open would be the most complex but the other two codes could be simple and easy to remember and distinct eg 1235 and 0070.

Re:This won't fly.

[Gussington]

I, as a phone user, would fight this feature.

How would you fight it? By moaning loudly on internet forums?
The proposal is only a wipe. If this happened accidentally you can log back into icloud or your google account and resync. Crisis averted.
Personally I have no need for it, but if manufacturers built it in I wouldn't complain. It doesn't have to be compulsory, like most features it could be disabled.

Imagine a prankster or a drunk friend or a child getting your phone and trying this out.

How would they know the code?

Re:This won't fly.

[Kjella]

The proposal is only a wipe. If this happened accidentally you can log back into icloud or your google account and resync. Crisis averted.

So to protect all your information, put it in the cloud. The NSA loves you.

How would they know the code?

Well what should happen when you type the wrong code over and over? Here it's company mandated that four wrong attempts = wipe. Somebody's figured out the hard way what happens when the kid gets hold of your phone, bye bye vacation photos (abroad, too expensive to cloud sync).

Re:This won't fly.

[Anne+Thwacks]

How would they know the code?

His code is 0000.

Re:This won't fly.

Hah, so glad my code is the reverse of this. ;)

Re:This won't fly.

[geekmux]

People will accidentally wipe the phones. There would be 10 legitimate use and 10,000,000 acciddental customers with lost data and liability claims.

There would be zero liability claims, and you would agree to that in the EULA you never read.

I, as a phone / OS provider, would fight this feature. I, as a phone user, would fight this feature.

Of course you would.

So would the rest of society, because privacy is the concept that "won't fly" anymore.

Re: This won't fly.

[omnichad]

The iphone is 4 taps to get to the wipe screen if use TouchID to unlock, which is probably comparable effort to a duress wipe pin.

Effort isn't the issue here - apparent compliance to instructions while being watched is.

Re:This won't fly.

[whopis]

This seems to be a rather stupid, short-sighted approach to me.

Since you brought up misuse by drunk people, what about protecting people from sending text messages while drunk? That should be a concern as well, shouldn't it? Should we get rid of text messaging to prevent this tragedy?

Here is a simple, logical solution. Provide the feature along with the ability to enable/disable it. Have it be disabled by default. Now anyone who wants to continue on as they have been can do so, while allowing those who wish to take advantage of the feature do so.

If you wipe your phone - you're a suspect

[vsavkin]

Well, you wipe your phone when trying to enter - it means that you have something to hide and should be detained and not allowed in.

Re:If you wipe your phone - you're a suspect

[gravewax]

exactly this. once the feature is implemented border security will be aware of it. a reset screen when then instantly scream "ARREST ME" or "INTERROGATE ME" and almost certainly "REFUSE ME ENTRY". Why not save yourself the effort and just abuse the border security as you get to the gate, will save you having to wipe your phone and achieve the same outcome.

Re:If you wipe your phone - you're a suspect

[PvtVoid]

“They said, ‘Next time you come through, don’t have a cleared phone,'"

Re:If you wipe your phone - you're a suspect

[CanadianMacFan]

The next thing will be if you have a phone that is capable of being wiped it will mean that you have something to hide and should be detained and not allowed in.

Re:If you wipe your phone - you're a suspect

[gravewax]

The reality is entering through a border of a country is NOT the place to make a personal stand unless you are prepared to pay the consequences (if so then go ahead), one of which may be permanent refusal of entry if you are not a citizen and extreme inconvenience or arrest even if you are. You don't have the same rights as person standing 20 feet the other side of border security, this is reality. The company I work for has very explicit policy for this. never ever carry customer data (sackable offense) and if border security in ANY country request access to devices or data you grant them access then report it to the security section of the company.

Just smoke and mirrors

Facebook and Apple already have backdoors for them. This is just a show of power and conditioning of sheep into giving up any notion of private data.

It should always be mutual

[Quakeulf]

If they ask to see my phone I should see theirs.

It can be improved

[LordHighExecutioner]

The most unsuspicious way would be to have the smartphone selfdestroy itself by shorting the battery or by executing code that overheats the CPU when the appropriate PIN code is entered. This is the reason why I always buy Samsung smartphones: nobody would blame me if "accidentally" it catches fire

Re:It can be improved

[donutz]

Why not use a phone with a removable battery? Then, ditch your battery before you board the plane, and have a new battery waiting for you at your destination. Then, you're not traveling without your phone, you just have the expense of buying and shipping batteries to your destination. Border control can't force you to unlock your phone because you can't even power it on.

This only works until it becomes common enough that border control starts keeping batteries in stock, I suppose...

Theory good, practice bad

[mathew7]

Please ask yourself: would you remember a pin you set half-year ago and never used it? Although most people will not use it (thus why invest in development), those that know it, 90%(so I won't repeat "most") will forget the wipe PIN and would not rememeber it when needed. You have to be extremely well organised+great memory to be able to use it.

Re:Theory good, practice bad

[Falconhell]

Yes, I certainly would and Ive not got a great memory, but I can remember my grandfathers phone number, and he died 30 years ago!
001144928575213.

Re:Theory good, practice bad

[coofercat]

your pin: 12345
safety pin: 12344

Not too hard, surely?

Been there, done that

[niks42]

I have it already on my own phone; it's a requirement that I change my security settings so that the entire phone is factory reset if the passcode is entered incorrectly a set number of times. I also need to change my PIN regularly, and to register the device with a central authentication server; AND the internal and SD card storage are both encrypted. The requirements came from my desire not to have another work phone to access my NHS emails, but to use my own handset. Since the NHS are so cautious about any unauthorised person having access to patient information, it is entirely understandable. It's inconvenient having to change my PIN or passphrase with the regularity they demand, and when I get a new handset it's a pain to re-register my device - but convenience is always an enemy to security.

Already exists

[dwillden]

WMD app on Android, similar apps on other devices. Hand over your phone, leave customs, borrow another phone, send a text and it's wiped. Also most phone carriers give you a web based service account that also includes a remote wipe function. Corporate Cell phone access and management tools also include this capability.

Re:Already exists

[wbr1]

"Leave customs"

Hah.. double hah

Re:Already exists

[R3d+M3rcury]

Right. Because cell phone service is ubiquitous and unblockable and there's absolutely no way to turn off the cell-phone radios.

Oh wait...Airplane mode.

Nice but useless

[tele]

Availability of this feature would result in new regulations which make it illegal to nuke your phone when asked to hand it over to a border agent/law enforcement officer. Add something like 1 year in prison etc and the functionality is practically useless.

Change your PIN

[GrokvL]

But don't memorize it, before crossing the border, and send it to yourself securely on another device not in your possession. That way you can swear that you don't know it and cannot obtain it. It becomes something you neither know or have. State that this is your standard travel policy for safety reasons.

Re:Change your PIN

[niks42]

Forgetting a password will land you in jail for two years in the UK, thanks to the RIPA legislation. No ifs, ands or buts.

Re:Change your PIN

[coofercat]

"I don't know it *now*, but I will know it in the future" would be a new defence. Whilst I'd be inclined to agree with you, it might be a new technicality. Not sure I'm ready to risk my liberty to try it out though.

This is getting ridiculous

[argee]

You are in a foreign country.
Upload your data to a foreign server.
I recommend a one-time key for encryption.
Erase it from your phone.
Enter the U.S.A.
Retrieve the data. Erase it from server.
End of problem.
Avoids border hassles.
All perfectly legal.

Re:This is getting ridiculous

[kaur]

You don't call "encrypt and upload all your data, reset your device, restore data" a "hassle"?
Consumers disagree.

Re:This is getting ridiculous

[coofercat]

Surely...

Upload your data to foreign server
Take a burner phone, or indeed no phone at all (and buy one on arrivial)
Copy data from server to new phone, or just reference it on server ...would be less hassle.

Re:This is getting ridiculous

[XxtraLarGe]

You are in a foreign country.
Upload your data to a foreign server.
...

Seems to me that an easier solution is to just buy a cheap pay-as-you go burner flip phone. Bring a camera if you want to take photos.

Re:This is getting ridiculous

[wbr1]

Rooted phone, using nandrod backup in TWRP or Titanium backup. Drop the encrypted 7z wherever. It is multiple GB so if necessary just have it on a couple thumbdrives for redundancy. Takes lass than an hour in your hotel before you leave.

18 USC 1503

[tlambert]

18 USC 1503 : Federal Obstruction of Justice.

10 years in a Federal pound-you-in-the-ass prison.

Your new cellmate is named "Bubba".

Re:18 USC 1503

[omnichad]

I thought US law was suspended at the border. Otherwise the protections of the Constitution would apply.

data is never lost

[zaax]

Don't forget the data has not really gone. There is always a shadow, difficult to get at and needs very expensive equipment but its do able.

Avast supposedly already has all that

[RevRagnarok]

I can text a kill code from a trusted sender, e.g. my wife's cell. They turn on a siren, wipe, etc... https://www.avast.com/en-us/an...

The problem is not big enough for most people

[OpenSourced]

Most people may not like having their phones perused, but they also don't mind terribly, and don't travel so often.

If you do mind, you already have two phones, one for home and one for traveling. That's a safer solution, even if you have to keep both updated.

The real problem will come when not having a Facebook account will make you lose your flight, marking you as a suspect element.

The real issue is ...

[Misagon]

The real issue is that you are storing sensitive information on a device on which you don't have root.
If you don't have root then how could you trust your phone to keep that data safe in the first place?

Also, the sensitive info that authorities are after are your phone book, your call history and your photos.
The phone should be configured to not store those on the phone itself, either not store them at all to have them on a secure server somewhere.

Re:The real issue is ...

[ebyrob]

This ^^

Heck, even with root, are you sure you can trust the manufacturers enough not to be keeping something and sharing it with "the authorities". SIM cards, SOC, hidden hardware functionality. Do we really know what those devices are/aren't doing below the OS level?

No, I wouldn't build a zombie apocalypse moat, eit

[DThorne]

Anything designed for "war" can be hacked, or can accidentally go off. I'm happy with a reasonable level of security and a realistic understanding of the risks. Most phones provide the first and most users completely fail to get the second. Just give me a padlock that will keep out the vast majority of casual identity thieves.

Kill Code will get you busted in USA

[RichardAFairchild]

Remember folks in the USA, you COULD then be charged with tampering with evidence or DESTROYING evidence if you use a kill code. A very slippery slope. Rather, you enter a code in that locks, the phone down, and the next time someone enters any other code than your rescind code, the phone wipes, that way YOU are not the one that wiped it, with L.E. did. However, I am sure they WILL still charge you with something as they will be P!ssed off!

Re:Kill Code will get you busted in USA

[Overzeetop]

This is the real danger of using a kill or wipe code.

Still better than handing over your phone. The first rule of criminal law if that you never, ever talk to police without your lawyer present. Never. No matter how innocent or how innocuous the situation is, if you are being questioned you must have your lawyer. Personally, I have nothing to hide, but I'd still wipe my phone if I were detained by TSA or law enforcement.

Re:Kill Code will get you busted in USA

[dbIII]

The first rule of criminal law if that you never, ever talk to police without your lawyer present. Never. No matter how innocent or how innocuous the situation is

That works in a perfect world where the police respect you. A lot of people on this site are not in that perfect world and have a choice of talking very politely to police or suffering consequences, sometimes physical ones, if they are silent.

People with nothing to hide, such as a 70 year old children's book author this week (on her 116th trip to the USA), are getting detained by the TSA and treated badly.

It would be illegal

[Aurien]

In the United States if a border agent asks for your cellphone and you wipe it right there, you've just broken the law. You can now be charged with an obstruction of justice charge. Now if you wipe your phone on the flight or before you're interacting with the border agent, then you've done nothing. But once they ask for it, any actions you do to delete the information on that device is illegal.

Re:It would be illegal

[omnichad]

Either you have Constitutional rights and won't have to hand over your phone, or you're not under US law at the US border and there's no law to charge you with. There's no legitimate way to charge with a crime at the border like that.

Re:It would be illegal

[fustakrakich]

Whaddya gonna do? Call a cop? There is no point in even discussing the law. They will do what they want. The feeble resistance isn't even noticed.

Re:It would be illegal

[omnichad]

If you are not under the Bill of Rights, you are not under US law. There is no grounds for suspending them on US soil.

Re:Backups?

[Overzeetop]

There are a number of automatic backup apps which can run on a schedule. Many applications themselves have options to back up to cloud services. For those paranoid, several android phones have removable uSD cards which can be set to be the default location for application storage. If you're travelling and don't have the necessary network for backups, you can remove the uSD and store it somewhere unlikely to be found or searched - or just drop it in the mail to yourself on the way to the airport.

When interdictions at the airport became news, my first thought was to having a kill PIN. That would be better than a wipe and reset, as the whole process of re-downloading my apps from a fresh install, having to re-set some of my personal ringtones, custom keyboard, and logging back into apps can take close to an hour (Even if most of it is unattended).

What you're looking for is a dd-like mirror of the device which, afaik, does not exist for either platform. It's unlikely for iOS and most Android simply because you're talking about a backup which, for the barest devices, is going to be north of 12GB. Even on good WiFi to a local server that's going to be a long process, likely taking over an hour - easily three or more if you want to do a verification of the transfer (which you'd better do if you're about to wipe your phone). Phones with removable storage are an option, but even then you're talking multiple hours for backup and verification based on even the fastest cards.

Witness Immunization from Procurement of Evidence

[Overzeetop]

Total destruction seems excessive. If your phone is (properly) encrypted, a simple deletion of the key is sufficient. I think a WIPE (Witness Immunization from Procurement of Evidence) PIN would be a fabulous addition to both Android and iOS.

If nothing else, the existence of such a PIN would stop law enforcement from requesting/requiring your PIN, as they could receive the wrong one.

Self Destruct PINs already exist

[Overzeetop]

For those worried about hackers remotely wiping your phone - such a mechanism already exists. If you mis-enter your pin X times, most phones will automatically lock or wipe as an anti-theft protection. If you're concerted about a hacker entering your wipe code, you should be more concerned about the same hacker entering 5/10/12 incorrect PINs and locking you out or using the iOS or Android Find My Phone functionality to remotely wipe the phone.

Duress pin

[Minupla]

I'd like a duress pin instead. It lets the phone function totally as normal, except it fires an email with my location, and an email that I'm being forced to unlock my phone to my lawyer or (for my work phone) my corporate legal dept. If I'm being forced to unlock my phone, I want to make it tough to disappear me, no matter what the circumstances are.

If you want, have it fire a user-defined script too, that way if you want to fry your crypto memory, have at it, or wipe your lastpass storage, or whatever.

Min

Re:Duress pin

[jenningsthecat]

I'd like a duress pin instead. It lets the phone function totally as normal, except it fires an email with my location, and an email that I'm being forced to unlock my phone to my lawyer or (for my work phone) my corporate legal dept.

That's a great idea - until they start operating Stingray equipment at all borders so they can control your phone's data traffic and prevent any such 'security breaches'.

use a burner phone... leave your real one at home.

[advocate_one]

Our sales reps take factory wiped burner phones and laptops with them when they go on trips to the USA...

How about this instead?

[jenningsthecat]

Wouldn't it be better to start holding our governments accountable to us, the people who elected the leaders of said governments, and the people who ultimately pay all their salaries? Yeah, I know, corporations own the governments, you can't fight city hall, etc. But really, fuck this nonsense of either taking inconvenient, expensive, extraordinary, and unreliable countermeasures to protect ourselves from our own elected and paid for governments, or taking it up the a** from same! It's time to start organizing and fighting for change, the way civil rights activists did decades ago. Our civil rights are being violated, and it's time to politely but firmly say "No!" to sitting at the back of our own goddamned bus!

Re:use a burner phone... leave your real one at ho

[jenningsthecat]

Our sales reps take factory wiped burner phones and laptops with them when they go on trips to the USA...

How long will it be before 'clean' devices like that will be sufficient cause for being denied entry? For the "nothing to hide, nothing to fear" crowd running things now, anything suggesting that you value your own privacy enough to take precautions, makes you at least an object of suspicion, and possibly even a criminal or a terrorist.

Why not wipe it in advance?

[nine-times]

If you're worried about the border patrol, it seems pretty easy to know when you're approaching a border. You can just wipe the phone in advance using the built in feature to wipe the phone and return it to the factory settings.

The whole thing gets more complicated if we're assuming the police just start confiscating phones of random people without a warrant, but I'd imagine that would face a stronger 4th amendment challenge. And really, at that point, I don't think a kill switch would be good enough. I'd want manufacturers to rethink the whole security design, probably limiting the information stored on the phone in the first place.

Re:Why not wipe it in advance?

[gordo3000]

the 4th amendment doesn't apply at the physical border or areas that act as a border (think international airports). OR to be precise, they have shifted the 4th amendment to mean the hurdle of suspicion is 0. It's the border search exception.

Re:Why not wipe it in advance?

[nine-times]

Yes, that was sort of my point. If the police start searching the contents of people's phones randomly, it's a bigger issue. If it's only at borders, you know you're going to be crossing a border, so just wipe the phone in advance.

Buy a Burner Phone

[bigdady92]

The Nokia 3010 just came back on the market for $50. This sucker will have a battery life for MONTHS. If all you need is a phone and you travel and don't want the bad man looking at your email just carry a crappy phone that you don't mind losing and forward all your phone calls to that other number.

I'd love to see the look on the security person's face when they try to figure that device out. It'll be insanely hilarious.

Re:Buy a Burner Phone

[avjt]

I believe you mean the 3310. I understand that the 'new' 3310 only supports the 900 & 1800 MHz bands, none of which works in the US. So unfortunately it will be useless for the purpose...

There is a solution that already exists in phones.

[blubdog]

With all the warrantless border searches happening, I wondered the same thing recently. Then I thought of another solution that would do the same thing. Something that is already built into smartphones.

I have my iphone set to wipe after 10 invalid attempts. So the next time I cross the border, I'm going to enter 9 invalid attempts before I arrive at the border crossing. If ask for my passcode, I'll supply an invalid code; bam it's wiped first try!

Re:the real question

[shortscruffydave]

I was thinking something along the same lines...not "would you...?" but "do you really need to....?"

You can be all protectionist about your personal data to the point that you'd rather nuke it on the phone than let a government official see it, but that throws up other issues. Once it's gone, it's gone, so how do you convince someone that you just deleted a load of personal photos that you're very protective of, and not some horrible and incriminating terror-related material?

No

[PPH]

Because I'd lose my Candy Crush high score.

Re:Nothing on my phone anyway

[mallyn]

This friend speaks my words! I have had the same IPhone for 4 years now. During those 4 years, I have accumulated the following private information:

1. Seven photographs of some artwork at a museum in Portland, Oregon

2. Seventy phone numbers of family, friends, my drycleaners, my welding supply places, my jewelry wholsaler, my doctor, my dentist, my eyedoctor, my friends (none foreign), my church, my electronics parts wholsaler, my sewing machine repairman, seventeen fabric stores between Portland, Oregon and Bellingham, Washington, a few scrap metal distributiers, my washing machine repairman, my electrician, the local movie theater's movie times phone, LedSupply in Vermont, and other such phones

3. Nothing on the calendar except a dentist appointment two years ago for a crown replacement

4. One google maps location for a Mill End Fabrics in Portland, Oregon

5. One google maps location for the Spark Museum of Electrical Invention in Bellingham, Washington

6. A few text messages from my bank indicating Debit Card withdrawals taken at the Community Food Coop here in Bellingham, Washington.

7. Browser history consisting mostly of weather forecasts for both Bellingham, Washington and Portland, Oregon as well as flight times for a round trip from Portland, Oregon to Newark, New Jersey to go to mom's memorial service

And that's about it. If customs/ICE/FBI/NSA/FCC/IRS/FDA/DHS/HEW/OSS or whatever knows that I patronise Whole 9 Yards Fabrics in Portland, Oregon or volunteer at the Spark Museum in Bellingham, Washington, or have my washing machine fixed by Bodie Appliance in Belingham, Washington or I had 10,000 dollars of electrical work done by Eric Benson Electrical Service in Bellingham, Washington, or bought 700 dollars of upholstery fabric from Mill End Store in Portland Oregon to make my home made clothing that you all can see on www.allyn.com; or that I call my sister in Belmont, Massachusetts at 9 AM on Christmas morning, then fine. I don't think I should care.

Yes, I'd use one, however I wouldn't buy one

[Rick+Schumann]

1. I don't use a smartphone, because they are proven time and time again to be easily exploited and compromised, even if you're careful
2. I wouldn't buy a smartphone, for the reasons stated in #1
3. If I found I had no choice but to own a smartphone, all Internet access would be disabled by intentional misconfigure of network settings (and NO, I don't care)
4. #1 through #3 having been said: If I was travelling internationally, I would NEVER bring my actual phone with me, I would get a cheap prepaid phone, put nothing at all on it, and if it was taken to be 'examined' by customs officials or law enforcement, I'd destroy the SIM card and throw the phone away immediately, and get a new one if necessary.

Seriously, folks, if you're going to travel internationally, leave your real phone at home and buy a cheap porepaid phone to take with you. Then the whole issue of having your privacy invaded and/or your phone compromised and/or your phone confiscated becomes moot. Would cost you all of $50 at most plus however many minutes you want to put on it.

wiping screen is the last thing you want

[JustNiz]

I was with you until you said it brings up a wiping screen. I doubt very much that the feds/TSA really give a crap that your last facebook post said you think Trump is an Ahole, otherwise they'd be detaining about 50% of everyone travelling, but the moment they see your phone is wiping itself they will assume you must have something to far more significant to hide.
A much better bet would be to have a removeable SD card and/or a password that silently logs in to a second environment which just has a bunch of bland work-related texts and emails and no social media accounts or anything else.
I can't believe there isn't already an app for this.

Simple, secure privacy centric design

[WaffleMonster]

Physical wipes are worthless because they take way too long and expose users to liability WRT destruction of evidence.

What I would like to see are mobile computers sporting encrypted file systems designed for deniability. Availability of data depends on key(s) entered by users.

You could elect to enter a "duress" key that only reveals bullshit.

Or you could enter your normal key yet elect not to enter additional keys to reveal additional data. For example a work key that unlocks proprietary data related to a current project.

Everything would be designed for deniability. Without access to encryption key number and extent of encrypted volumes let alone data they contain would be totally indistinguishable from background.

The ideal system would be a computer that always boots from protected read-only volume without any field upgradable persistently stored firmware.

Upgrading core OS requires throwing an actual switch to make overwrite physically possible. A mode that concurrently restarts system if still running and physically disconnects all user storage.

Coupled with an encrypted filesystem you could safely reboot and reuse the same device for multiple purposes without having to ever worry about candy crush selling out your business secrets to the highest bidder even after candy crush has successfully completely rooted your device.

Structures like this would provide real security with real freedom not compromise both by relying on indefensible houses of cards like secureboot.

It's called Obstruction

[Macdude]

The problem with your plan is it would be obstruction. You are destroying information the government has requested you provide obstructing their investigation. If you wipe the phone prior to the government requesting it you've done nothing wrong.

If you're concerned about the government accessing your cell phone or computer while you cross the border, wipe it and restore it at your destination.

Re:It's called Obstruction

[Shotgun]

Hillary proved to us all with her email that this is not an issue. The government will allow your lawyers to go through it and decide what the government should be allowed to see.

You could do better than that ...

[dougmc]

Rather than having a PIN that erases everything, just make one that unlocks a totally different filesystem.

You've got 32 GB of space on your phone, so dedicate 8 GB of that to an alternate system (and make sure the phone doesn't say 32 GB on the outside) and when you give it the alternate PIN you log into the alternate setup that has no access whatsoever to the main setup. You can even install apps and stuff in this alternate setup, so it looks real but it only has the things you've deemed to be OK.

This wouldn't fool the FBI using forensic software on your phone, but it would stop the border patrol guy who wants to poke around your phone, as long as such things don't become common knowledge and he starts checking sizes vs. published specs and such.

You could even set up multiple PINs -- PIN #1 gives the main phone, #2 gives alternate setup #1, #3 gives alternate setup #2, #4 erases everything if entered three times in a row ...

I'd absolutely

[TheOuterLinux]

A Cydia developer could make a fortune with this. Side note, it wouldn't surprise me if airports where doing more than charging your phone with those USB ports below the waiting seats.

Cannot Imagine That I Would Ever Need One.....

[kenwd0elq]

I'm as vanilla as they come. Retired US Navy officer, don't speed, do drugs, or have any other bad habits. My worst bad habit is drinking too much Diet Pepsi. I cannot imagine that I would EVER need a cell phone, or a computer, or a tablet, with a "kill code".

But you can never imagine it happening until it does, at which time it's too late. Yes, I'd like for Android and iOS and Windows and *nix to offer operating systems with an option of a duress password that invokes a "super vanilla, bare-bones" experience. A smart phone that, if you enter the duress code, reverts to be just a "POTS"; "Plain Old Telephone System". (Better yet, emulate a Nokia with only a handful of basic contacts.) A laptop that, if the duress password is entered, boot into a functional-but-contains-nothing desktop with no network access to ANYTHING. A tablet that would erase the local memory and password list.

We'll never NEED this, of course.

Until we do.

I still have my 11-year-old Nokia 6015i

[knorthern+knight]

http://nokiamuseum.info/nokia-... The main reason I'm hanging on to it is that it's on a grandfathered $100 per year plan from Virgin Mobile Canada. It's pre-paid, and unused balance carries over. I don't use it much. I try to do my few long-distance calls on it. Although the rates may look high, that's the only way I can use my accumulated balance.

Yes

[JohnFen]

I already do.

Re:data is never lost

[david_thornley]

Modern phones generally have full encryption using strong crypto. Destroying a random 256-bit key is a lot easier than wiping gigs of storage.

A better idea

[vuffi_raa]

create encrypted partitions and encrypted redactions on a phone - realize that the law says that you must unlock and allow the HS officer to look at and copy data from your phone, if there are hidden or encrypted partitions in the phone or redacted information - that would require an order from a judge to compel you to decrypt it.

Rather the Reverse!

[tmjva]

I could be tempted to use a kill code with a cell phone. I think operatives of certain agencies have something like that.

code 12345

[ebvwfbw]

Code to kill it - 12345. Nobody would think of that.