If you do not participate in any political movement or party, you are enabling these sociopaths. No amount of technology can fix bad policies. If this continues, more people will just plainly refuse to travel. Eventually, the very same sociopaths will prohibit encrypted cross-border digital communication. Then what?
If you do not participate in any political movement or party, you are enabling these sociopaths. No amount of technology can fix bad policies.
I don’t intend to debate my vaguely anarchist/reactionary political philosophy on lobsters, but I just wanted to point out that it is reasonable to disagree with this. It seems to me that technology (in the software/hardware sense, or institutional/social/etc.) is more or less the only thing that can fix and prevent bad policies in the long term. I am extremely skeptical that most Western democratic processes can do the same; indeed, one can reasonably blame many examples of bad policies or poor governance on democratic process under universal suffrage.
I am very happy to remain passivist in most politics for exactly that reason - I believe that staying away from the fray and working diligently on technology is a far more realistic and peaceful method for effecting lasting positive change. If it’s “you’re either with us or against us”, then the only way to win is not to play.
I don’t intend to debate my vaguely anarchist/reactionary political philosophy on lobsters, but I just wanted to point out that it is reasonable to disagree with this. It seems to me that technology (in the software/hardware sense, or institutional/social/etc.) is more or less the only thing that can fix and prevent bad policies in the long term.
Counterpoint: No amount of technology will save you from rubber-hose cryptanalysis.
Do you believe that the typical lobsters reader’s contribution to a) politics or b) technology is more likely to reduce the incidence of rubber-hose cryptanalysis? Why?
The point is that it doesn’t matter how you’ve hidden your data if you’re required by law to give it up. The typical lobsters' users contribution to politics may be small, but it is the only way forward.
We need to create a society that supports people keeping their data encrypted. Direct involvement in politics is one possible way to make that more likely, but it’s at least conceivable that e.g. creating more usable encryption tools so that more people use encryption might be more effective.
But without political support for encryption the tech can be rendered useless.
Edit: I may have misunderstood your point. Do you mean that creating more usable encryption could be an approach to bringing it to the general public’s attention and from there it can gain mindshare?
The point is that it doesn’t matter how you’ve hidden your data if you’re required by law to give it up.
How do you figure? There are several obvious technological countermeasures to rubber hose cryptanalysis, including plausibly deniable encryption with different passwords unlocking “fake” or “real” volumes.
If this ever gets to be a common practice, authorities are going to start seeing through it. In particular, if the data you’re protecting is your social media presence, it’s completely implausible to try to claim that you don’t have one. And it does seem that that’s a lot of what these searches are aimed at, right now.
Do you believe that the typical lobsters reader’s contribution to a) politics or b) technology is more likely to reduce the incidence of rubber-hose cryptanalysis? Why?
Politics (ok, real answer: that’s a false dichotomy. Do both. But if you insist that it’s one or the other, I think politics is the more important). At the end of the day, the only thing that stops the government from beating you to death with a rubber hose is making sure the government doesn’t want to beat you to death with a rubber hose.
As long as future governments share the attitudes of the last several (in favor of torture, in favor of surveillance, in favor of compromising civil liberties, convinced that the ends justify the means), I think that even succeeding in making strong encryption ubiquitous would simply encourage them to double down on using detention, force, and intimidation to achieve what they can no longer achieve through passive surveillance. I do not believe that there is a point whereat these people will look at the state of technology and change their behaviors and desires. To paraphrase Swift, you’ll never be able to present them with a set of facts about technology that will cause them to reason their way out of a set of positions they didn’t use reason to reach in the first place.
Couple this with the fact that we’re staring down the barrel of a jobless future which is going to make technologists very convenient scapegoats for an unemployed and desperate populace, and I think you have a recipe for Bad Things.
We’ve seen a broadly ignorant coalition of people with a shaky grasp of reality and a stock of poorly spelled signs successfully takeover the Republican party and now the Whitehouse inside of a decade. Mass political engagement from the traditionally disengaged tech sector has a real chance at changing the people making decisions.
It’s slow and tedious and not as nice as sitting at home and typing at your computer, but getting involved in local politics is an important and necessary act if we want things to change, in my opinion.
I do not believe that there is a point whereat these people will look at the state of technology and change their behaviors and desires. To paraphrase Swift, you’ll never be able to present them with a set of facts about technology that will cause them to reason their way out of a set of positions they didn’t use reason to reach in the first place.
Oh, I wasn’t expecting it to be a matter of reason. Rather a matter of getting people to love their crypto.
I get your idea there – but I’m skeptical that ubiquity will achieve it. Anecdata: My mom has an iPhone. Its contents are pretty strongly encrypted by default. Her iMessages to me are encrypted. Etc. Apple, for all their faults, have been trying to make that stuff ubiquitous for people like her.
Consequently, because it’s so ubiquitous and easy to use and on by default, it’s completely invisible to her. She doesn’t conceive of herself as someone who even USES encryption, and certainly not as someone who is emotionally invested in its legality. Presented with these facts, her response is along the lines of “I have nothing to hide, so I have nothing to fear”.
Getting her, and the broad populace like her, to emotionally invest in the legality of encryption is an education problem, which is a subset of political problems rather than technical, in my view.
Not just that, but most people in the world are not in the United States, and are not United States citizens. They have very little influence on United States politics (read none), but they can have an influence on the technology.
They can not go there. It would take a pretty deep dip in tourism and very low or negative migration or hell freezing over before they revert most of these policies though. The main outcome they will see is people with brand new “empty” phones. I don’t know if the average TSA employee really cares though, “Hey, no bomb schematics or whitehouse plans, get out of my face!”.
Seems like an opportunity to write a custom unlocker that given an alternative passcode, unlocks the phone into a separate account. Containing fake contacts, messages, images, etc.
There are already encryption systems that do this. give an alternative password and get alternative data.
Right up until you make a single mistake and get caught out, at which point you can (and likely will) face indefinite detention. Perhaps the alternative data doesn’t include a location history that matches the cell-tower recorded history, maybe it does but the browser history doesn’t match the logged history for the addresses that phone has had - maybe something more obscure.
A totalitarian state can and will keep a close eye on ~everyone who could plausibly evade mass surveillance.
Given how social networks treat their users (in terms of spying, battery consumption, attention fragmentation), more people should keep these apps off their phone all the time.
There’s a feature “Erase Data” that will erase the data on an iPhone after X failed attempts. What are they going to do if you enter the wrong passcode on your phone X times? Granted it’s not going to look good when you do that in front of them, but then what?
They don’t let you input the PIN, they have you write it down and they enter it on the phone in another room, doing whatever they want for as long as they want (probably dumping the entire storage).
If you give them a bad or booby-trapped PIN, the “then what” is never going to be “they’ll shrug and move on”. If you are a citizen, they’ll seize the phone, maybe return it in 6 months or a year. If you’re not a citizen, you’ll be denied entry, perhaps visit a charming detention facility, and get to buy a last-minute one-way plane ticket back where you came from. You’ll have to disclose that on every future border crossing (note that many countries ask if you’ve ever been denied entry anywhere, not just to them) and have a very hard, if not impossible, time entering the U.S. again.
This is your best-case scenario, where the officer politely does the minimum and don’t use any of their incredibly broad, discretionary power to seize all your property and dump you in a cell indefinitely. There’s almost certainly a broadly-worded “interfering with a border officer” or “destruction of evidence” felony statute they’d charge you with.
Nothing good comes of being clever at law enforcement officers. They certainly have a broad statute or power written for dealing with serious criminals that can be trivially used against any loophole you hope to have invented. If you don’t want your phone cloned at the border, your only options are to not be carrying it or successfully reform the law governing digital storage at border crossings.
The question is whether they’d catch on if you provided a duress pin which logged into an empty home screen while performing a factory reset in the background.
I agree giving them a pin which will simply fail is foolish.
I would assume they follow procedures. If I was to set a procedure for an agent on the field like that the first step would be to image the phone; the second step would be to image the phone again after entering the provided pin.
I don’t doubt there are certain high-profile cases where this level of sophistication is used, but I doubt it’s a routine thing they do for random checks.
I could see a 3rd party tool to unlock a phone from “Panic Mode” to work, but a secondary authentication method would have to be used to unlock the phone from that point maybe?
What happens if you would have a brand new phone in original packaging? Could you treat it as an import and pay customs duty? Could you do something similar with used phone?
If you’re saying package a used phone as a new phone - that might work I suppose! It seems like a fairly large hassle (less than wiping your whole phone each flight though)
Please go and fix this!
If you do not participate in any political movement or party, you are enabling these sociopaths. No amount of technology can fix bad policies. If this continues, more people will just plainly refuse to travel. Eventually, the very same sociopaths will prohibit encrypted cross-border digital communication. Then what?
I don’t intend to debate my vaguely anarchist/reactionary political philosophy on lobsters, but I just wanted to point out that it is reasonable to disagree with this. It seems to me that technology (in the software/hardware sense, or institutional/social/etc.) is more or less the only thing that can fix and prevent bad policies in the long term. I am extremely skeptical that most Western democratic processes can do the same; indeed, one can reasonably blame many examples of bad policies or poor governance on democratic process under universal suffrage.
I am very happy to remain passivist in most politics for exactly that reason - I believe that staying away from the fray and working diligently on technology is a far more realistic and peaceful method for effecting lasting positive change. If it’s “you’re either with us or against us”, then the only way to win is not to play.
Counterpoint: No amount of technology will save you from rubber-hose cryptanalysis.
Do you believe that the typical lobsters reader’s contribution to a) politics or b) technology is more likely to reduce the incidence of rubber-hose cryptanalysis? Why?
The point is that it doesn’t matter how you’ve hidden your data if you’re required by law to give it up. The typical lobsters' users contribution to politics may be small, but it is the only way forward.
We need to create a society that supports people keeping their data encrypted. Direct involvement in politics is one possible way to make that more likely, but it’s at least conceivable that e.g. creating more usable encryption tools so that more people use encryption might be more effective.
But without political support for encryption the tech can be rendered useless.
Edit: I may have misunderstood your point. Do you mean that creating more usable encryption could be an approach to bringing it to the general public’s attention and from there it can gain mindshare?
Yeah
How do you figure? There are several obvious technological countermeasures to rubber hose cryptanalysis, including plausibly deniable encryption with different passwords unlocking “fake” or “real” volumes.
If this ever gets to be a common practice, authorities are going to start seeing through it. In particular, if the data you’re protecting is your social media presence, it’s completely implausible to try to claim that you don’t have one. And it does seem that that’s a lot of what these searches are aimed at, right now.
Politics (ok, real answer: that’s a false dichotomy. Do both. But if you insist that it’s one or the other, I think politics is the more important). At the end of the day, the only thing that stops the government from beating you to death with a rubber hose is making sure the government doesn’t want to beat you to death with a rubber hose.
As long as future governments share the attitudes of the last several (in favor of torture, in favor of surveillance, in favor of compromising civil liberties, convinced that the ends justify the means), I think that even succeeding in making strong encryption ubiquitous would simply encourage them to double down on using detention, force, and intimidation to achieve what they can no longer achieve through passive surveillance. I do not believe that there is a point whereat these people will look at the state of technology and change their behaviors and desires. To paraphrase Swift, you’ll never be able to present them with a set of facts about technology that will cause them to reason their way out of a set of positions they didn’t use reason to reach in the first place.
Couple this with the fact that we’re staring down the barrel of a jobless future which is going to make technologists very convenient scapegoats for an unemployed and desperate populace, and I think you have a recipe for Bad Things.
We’ve seen a broadly ignorant coalition of people with a shaky grasp of reality and a stock of poorly spelled signs successfully takeover the Republican party and now the Whitehouse inside of a decade. Mass political engagement from the traditionally disengaged tech sector has a real chance at changing the people making decisions.
It’s slow and tedious and not as nice as sitting at home and typing at your computer, but getting involved in local politics is an important and necessary act if we want things to change, in my opinion.
Oh, I wasn’t expecting it to be a matter of reason. Rather a matter of getting people to love their crypto.
I get your idea there – but I’m skeptical that ubiquity will achieve it. Anecdata: My mom has an iPhone. Its contents are pretty strongly encrypted by default. Her iMessages to me are encrypted. Etc. Apple, for all their faults, have been trying to make that stuff ubiquitous for people like her.
Consequently, because it’s so ubiquitous and easy to use and on by default, it’s completely invisible to her. She doesn’t conceive of herself as someone who even USES encryption, and certainly not as someone who is emotionally invested in its legality. Presented with these facts, her response is along the lines of “I have nothing to hide, so I have nothing to fear”.
Getting her, and the broad populace like her, to emotionally invest in the legality of encryption is an education problem, which is a subset of political problems rather than technical, in my view.
Not just that, but most people in the world are not in the United States, and are not United States citizens. They have very little influence on United States politics (read none), but they can have an influence on the technology.
They can not go there. It would take a pretty deep dip in tourism and very low or negative migration or hell freezing over before they revert most of these policies though. The main outcome they will see is people with brand new “empty” phones. I don’t know if the average TSA employee really cares though, “Hey, no bomb schematics or whitehouse plans, get out of my face!”.
[Comment removed by author]
Seems like an opportunity to write a custom unlocker that given an alternative passcode, unlocks the phone into a separate account. Containing fake contacts, messages, images, etc.
There are already encryption systems that do this. give an alternative password and get alternative data.
Right up until you make a single mistake and get caught out, at which point you can (and likely will) face indefinite detention. Perhaps the alternative data doesn’t include a location history that matches the cell-tower recorded history, maybe it does but the browser history doesn’t match the logged history for the addresses that phone has had - maybe something more obscure.
A totalitarian state can and will keep a close eye on ~everyone who could plausibly evade mass surveillance.
At the very least, deleting apps like Facebook when traveling is probably prudent, just to avoid having them easily available for casual prying.
Given how social networks treat their users (in terms of spying, battery consumption, attention fragmentation), more people should keep these apps off their phone all the time.
There’s a feature “Erase Data” that will erase the data on an iPhone after X failed attempts. What are they going to do if you enter the wrong passcode on your phone X times? Granted it’s not going to look good when you do that in front of them, but then what?
This sort of thing is getting pretty nasty.
They don’t let you input the PIN, they have you write it down and they enter it on the phone in another room, doing whatever they want for as long as they want (probably dumping the entire storage).
If you give them a bad or booby-trapped PIN, the “then what” is never going to be “they’ll shrug and move on”. If you are a citizen, they’ll seize the phone, maybe return it in 6 months or a year. If you’re not a citizen, you’ll be denied entry, perhaps visit a charming detention facility, and get to buy a last-minute one-way plane ticket back where you came from. You’ll have to disclose that on every future border crossing (note that many countries ask if you’ve ever been denied entry anywhere, not just to them) and have a very hard, if not impossible, time entering the U.S. again.
This is your best-case scenario, where the officer politely does the minimum and don’t use any of their incredibly broad, discretionary power to seize all your property and dump you in a cell indefinitely. There’s almost certainly a broadly-worded “interfering with a border officer” or “destruction of evidence” felony statute they’d charge you with.
Nothing good comes of being clever at law enforcement officers. They certainly have a broad statute or power written for dealing with serious criminals that can be trivially used against any loophole you hope to have invented. If you don’t want your phone cloned at the border, your only options are to not be carrying it or successfully reform the law governing digital storage at border crossings.
This, a thousand times. Who is going to win this game - the person who plays it every day, or the newbie who shows up with a clever trick?
The question is whether they’d catch on if you provided a duress pin which logged into an empty home screen while performing a factory reset in the background.
I agree giving them a pin which will simply fail is foolish.
I would assume they follow procedures. If I was to set a procedure for an agent on the field like that the first step would be to image the phone; the second step would be to image the phone again after entering the provided pin.
Storage is cheap.
I don’t doubt there are certain high-profile cases where this level of sophistication is used, but I doubt it’s a routine thing they do for random checks.
It shouldn’t be possible to image the phone without entering the pin — at least not without cracking it open in a fairly permanent fashion.
how security-conscious are MMU’s in modern phones?
It might work, or it might land you in the hole indefinitely. Maybe that’s a risk profile that appeals to you - I’ll pass on it.
[Comment removed by author]
Sadly Android at least has no duress-pin feature as far as I can tell. Here’s a wishlist issue discussing implementing one: https://code.google.com/p/android/issues/detail?id=132451
It would be a lot more convenient than pre-emptively wiping it for every flight you board. Maybe it can be done with a 3rd-party tool.
I could see a 3rd party tool to unlock a phone from “Panic Mode” to work, but a secondary authentication method would have to be used to unlock the phone from that point maybe?
For anyone looking for detail on the NASA scientist’s detention, I think this is the source: http://www.theverge.com/2017/2/12/14583124/nasa-sidd-bikkannavar-detained-cbp-phone-search-trump-travel-ban
Sounds like this is a danger with US flights only, not all international flights.
We’ve heard this story before and it always seems to be the US border security doing it.
What happens if you would have a brand new phone in original packaging? Could you treat it as an import and pay customs duty? Could you do something similar with used phone?
Don’t piss off the border control officers (especially in a foreign country where you haven’t got any rights at all).
They can wreck your day on a whim.
If you’re saying package a used phone as a new phone - that might work I suppose! It seems like a fairly large hassle (less than wiping your whole phone each flight though)