Ask Slashdot: Would You Use A Cellphone With A Kill Code?

Slashdot reader gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter that wipes all private information on the phone? In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information.

I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone. This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.
It could be built into the operating system, added by the manufacturer, or perhaps sideloaded as a custom mod -- but that begs the question of whether it'd really be a popular feature. So leave your own thoughts in the comments. Would you use a cellphone with a kill code?

Why yes

[bytesex]

It would be *very* easy to have smartphones with adequate security from all sorts of perspectives. Secure key storage, secure storage, secure communications, secure boot, secure containers, secure remote management, secure (multiple factor) authentication, secure arbitration of what hardware can access what memory etc. The thing is: if your target audience is largely 15 year old girls, then you probably have commercial priorities elsewhere.

No.

I'll just avoid travelling to the US.

Re:This won't fly.

[rtb61]

you would actually want three pin codes. One to open the phone, one to clear the phone and one to open the phone and call the police and leave the microphone open but shut down the speaker. Obviously the code for normal open would be the most complex but the other two codes could be simple and easy to remember and distinct eg 1235 and 0070.

Re:Why not a fake account?

[Gussington]

Why not have a second PIN that opens a sanitized, but seemingly fully normal, home page? Missing a few critical apps, or having versions signed into a different account.

Because if the device is confiscated, a simple dump of the memory will reveal everything.

Re:Easy to do with an iPhone

[geekmux]

...Now, you'd be facing destruction of evidence of obstruction of justice charges but, that is probably better than what you would have been facing had the phone been unlocked.

Fucking seriously?

Unless you're engaged in some seriously illegal activity that you rather enjoy conducting on your smartphone, perhaps you should *really* sit and think about those charges before making such a statement. Gut feeling is a criminal record will impact you a hell of a lot more than your Facebook data being confiscated.

Re:Mandatory

[michelcolman]

There's no need to lock any ports, though: wiping an encrypted phone can be done in less than a millisecond. All you need to do is destroy the encryption key. That's what iPhones do when you enter the wrong pin multiple times, and the effect is instant and irreversible. It would be trivial for Apple to add a feature that wipes the phone for a specific pin chosen by the user.

Law enforcement can sometimes retrieve a password. But that password only serves to decode the actual decryption key, which is a random sequence of bits. If that key is gone, it would take billions of years to decode the device.

Re: Mandatory

[v1]

1. Duress codes are a dumb idea that sounds cool. Why ? By definition you almost never use them .

Let me just throw out a few other "dumb ideas" you almost never use... Airbags. Fire Extinguishers. Life insurance. Parachutes. Seatbelts. Fire Departments. Just because they're an extreme response and you don't use them very often doesn't make them a "dumb idea".

Home alarm systems don't have them any more for a reason.

Friend of mine proved you wrong last year. His wife got home after a craaazy day at work and put in the wrong PIN on her home alarm. 15 minutes later there's a knock on the door from a guy in a white coat and the entire backdrop is full of cops. "What is this? I disarmed my alarm?" "yes, m'am but you used the *duress code* to do it." "oh..." So a bunch of boys in blue came in and swept the entire house while she was outside talking with the cops. Yes there will be false alarms, but the feature serves a function. They had that option enabled because someone they knew a few years back had been forced to disarm their car alarm at knifepoint so they knew the risk was real.

2. On iPhone if you use TouchID, it's 4 taps to "erase all contents and settings". Any duress code would be longer to enter than that.

At first I thought you meant "four taps on the home button" but I don't find that feature anywhere. (link?) If you mean going into settings to erase it, I'm pretty sure any competent LEA will grab the phone out of your hands the instant they see you've finished unlocking the phone. You don't just leave volatile evidence in the hands of a suspect to meddle with before confiscating it. If you have touch id, they can actually use the federally-allowed fingerprints they took from you when you were booked to create a silicon finger and use THAT to unlock the phone, you never get near it again to nuke it. (and yes, there's been at least one documented case of that being done) I'd much rather have two fingers that unlock it and eight that nuke it, let them play routlette if they're feeling froggy. And there's no way a 4 digit nuke code takes any longer to enter than a 4 digit unlock code??

If you have your phone synced with your computer or cloud, if you accidentally erase it you can restore it from there. If they're THAT aggressively pursuing you that they will get search warrants for your house or cloud data, okay, you can have it. I think this discussion is more aimed at discouraging "fishing expeditions" of "We have just barely enough evidence to arrest them and take them to jail for an hour, lets see if we can find anything on their phone that will convince a judge to give us some search warrants..." To me anyway this is more about curbing illegal search and seizure than it is about trying to bypass the lawful search warrant process.