The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-
It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.
Use GrapheneOS so you can “unlock” your phone and enter the wipe code instead.
Wasn’t there a legal dispute around this that was trying to get them with tampering/destruction of evidence? Not sure if it’s foolproof.
If you do use GrapheneOS, quickly restarting the device means your pin is required before biometrics unlock is available. As I understand it – in the U.S. – law enforcement can legally compel you to unlock your phone with biometrics, but not a pin. Not that you can trust law enforcement to be law abiding, but at least it’s a stronger case in court.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any “evidence” by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
In this economy??!
You mean you’re not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.
Always back up anything you don’t want to loose.
How should I protect the backups? Same story?
Your backups aren’t nearly as likely to be subject to an immediate civil forfiture as a phone is. Cops don’t need a judicial warrent to take your phone, but they do need one to search your home legally, and if you do your offsite backups in another country, they would need the cooperation of the local authorities of that country. Strong encryption can provide a relatively safe barrier for offsite backups.
Also, it’s possible to have some things that may only exist on your phone and not your server/backup system(easy biometric unlock for a password manager, or encrypted chat logs, to name a few examples).
These practices and tips are not for everyday people but for high targets and work devices
Actually, these tips are for every day people (just not people whose kids can get to their phones). High targets get their ram frozen with liquid nitrogen, their PSU spliced into a battery pack, and the entire system-state backed up for retries.
Don’t they make a copy of the phone before they go about trying to unlock it?
This kind of security is only going to work against a careless or incompetent atta-- oh. I see…
That requires USB connection to even be possible with a locked phone.
Yes, and you can disable usb completely on graphene.
It also will not accept new USB connections while the screen is locked.
Not for state sponsored campaigns. They’ll cut the damn chips from your phone and send signals directly to the individual pins if they have to. They’ll freeze your ram into super cold state to make it nonvolatile. They’ll do some crazy shit, man.
Holy Christ, what are you guys doing on your phones to fuel this much paranoia? I have a constitutional right to privacy and i dont want my information/data (the very essence that makes me me) harvested and sold – for those reasons im opposed to most searches and i’ve never used biometrics. But the need to nuke my phone because a cop got it is so far from a necessity that I cant think of what im doing that I would need it.
If you’ve got nothing to hide you e got nothing to fear…?
In a situation where you are raided like the journalist, it may be worth nuking the phone. Consider the sources that could be exposed.
Having your phone available to law enforcement is the equivalent of forfeit your right to remain silent.
And more, once they have access, what is stopping them from planting false evidence? In this fascist fever that US is living… I would prefer to avoid the risks.
Other than literally everything I think and feel you mean? I think it’s perfectly reasonable to not want to allow police or especially federal agents into my own head. My note taking apps, my password manager which links to all of my online accounts, and my entire web browsing and search history are all linked through my phone. Also signal and discord and lemmy, and on and on…
Exactly this.
Read about the Hawthorne effect: https://en.wikipedia.org/wiki/Hawthorne_effect and how people change their behaviors when they are being observed. Being free of observation is vital to being able to think your own thoughts without outside influence.
If the problem is with the usage framing the hypothetical adversary as a country’s law enforcement, pretend you live in a cyber North Korea and have a cellphone. The idea of an adversary is just a means of thinking about the problem. You want to build a system so that they can’t capture your flag (your flag being some digital information that you want private).
Whatever the opposite of TL;DR is:
It isn’t intended to be read as ‘do this to avoid law enforcement so you can do crimes’.
When thinking about security/privacy (same thing), you don’t know what kind of attack you may eventually have to defend against, maybe you have a partner who has decided to stalk you and so they screen read your PIN or a strong arm robbery where they’ll try to use your phone to access your bank.
Instead of trying to imagine every single possible scenario, you imagine one model scenario. In this model scenario, the adversary has every possible capability that is available and your goal is to keep your flag safe, or be able to pass a flag between two people without it being seen, or various other scenarios (which are themselves just model problems of types of system that you need to secure).
This hypothetical adversary, in order to have these capabilities in real life, would be the equivalent of a sovereign nation with unlimited funding and access to all technologies that are possible (and some that are only hypothetical). This description fits one country pretty well and so, as shorthand, people often just write ‘the feds’. I guess they could also write ‘Eve’ but that is a specific adversary in one kind of scenario and not the general Adversary.