If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it? And I know that legally they can’t make you give up your PIN, but what’s to keep them from just beating it out of you? Cops of any stripe rarely if ever face consequences for their actions, especially in the US.
If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.
That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…
So what does that mean for you, an individual?
A super locked down device is just gonna get your ass beat… if you are lucky.
A completely clean factory wiped device? That is going to raise a bunch of red flags (kind of rightfully) and more or less equate to the above
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it?
Depends on what state it’s in. If it’s in lockdown mode, nothing. GOS blocks all access to data via the USB. If it’s unlocked, everything that’s not locked by further authentication.
but what’s to keep them from just beating it out of you
Nothing. That doesn’t mean you should willingly consent to it.
That doesn’t mean you should willingly consent to it.
Rubber hose cryptanalysis.
Most of us wouldn’t stand 5 minutes of torture (I know I’ll break in 1 minute), so don’t start a fight you cant win. This is the border, most of the constitution doesn’t apply, and this was way before this admin, most administrations just wasn’t that insane as the current one, but the law was already there.
So just bring a burner phone and just give them the pin.
I’ve seen this a lot recently. This isn’t about what police can do, it’s about border crossings. You can be required to unlock your device when entering the country or be denied entry (or possibly worse).
The best route is to have a phone specifically for travel.
Use GrapheneOS and switch to PIN authentication didabling fingerprint auth, especially when travelling abroad.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it? And I know that legally they can’t make you give up your PIN, but what’s to keep them from just beating it out of you? Cops of any stripe rarely if ever face consequences for their actions, especially in the US.
Pretty sure they can. Or at least, they can deny you entry into the country if you decline to unlock it for them.
If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.
That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…
So what does that mean for you, an individual?
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.
Depends on what state it’s in. If it’s in lockdown mode, nothing. GOS blocks all access to data via the USB. If it’s unlocked, everything that’s not locked by further authentication.
Nothing. That doesn’t mean you should willingly consent to it.
Rubber hose cryptanalysis.
Most of us wouldn’t stand 5 minutes of torture (I know I’ll break in 1 minute), so don’t start a fight you cant win. This is the border, most of the constitution doesn’t apply, and this was way before this admin, most administrations just wasn’t that insane as the current one, but the law was already there.
So just bring a burner phone and just give them the pin.
(Or just avoid travelling to the US)
I’ve seen this a lot recently. This isn’t about what police can do, it’s about border crossings. You can be required to unlock your device when entering the country or be denied entry (or possibly worse).
The best route is to have a phone specifically for travel.
Sure seems like it’s about what police can do. And no, they cannot force you to do that.
This article and thread are talking about border agents, which operate under different rules/regulations than you local police officer.
While US citizens cannot be denied entry, non-citizens can if they refuse to unlock their phone. Even US citizens can have devices confiscated if you refuse to unlock the phone for them - https://www.theverge.com/policy/634264/customs-border-protection-search-phone-airport-rights. Because at the border, it’s been decided searches don’t require a warrant.