

Bill on CA Governor's desk would ban mobile device searches without a warrant - tonywebster
http://www.wired.com/threatlevel/2011/09/smartphone-warrant/

======
sneak
Doesn't much matter, all mobile devices worth using are constantly sending
their data up to "the cloud", which, thanks to the USA PATRIOT Act's
provisions for National Security Letters (NSLs), the federal government can
access at any time, in real-time, without a warrant or even post-hoc judicial
review.

The time has come to leave America. No state law can change this. The fourth
has been dead for TEN YEARS next month, it is nothing short of naïve now to
believe that it will get any better.

There are lots of nice places to live in the first world where the government
hasn't gone totally insane. Move there.

~~~
ashishgandhi
Say what you say is true, where would you recommend? We can then discuss
specifics of those countries. (On a less serious note, you don't have the
Silicon Valley there, wherever there is.)

~~~
pyry
Norway is great for data privacy, however as you say, there isn't a Silicon
Valley or anything similar, even in Oslo. There are some good tech groups, and
some good university groups spread around, a good amount of design and media
organizations, and a much larger percentage of the population know what
Twitter and Facebook are and use smartphones, and youth are basically
acquainted with most 4chan memes. The biggest and most notorious tech group
really is Opera, which also accounts for a significant chunk of the country's
data traffic (Opera also operates a very huge proxy service for mobile
devices).

* Norway's Data Authority: <http://www.datatilsynet.no/templates/Page____194.aspx>

Despite what I'd consider to be a fairly (in U.S. terms) progressive
government organization that is pro-privacy, Norway has recently enacted its
own local version of the E.U. Data Retention Directive.

* EU: <http://en.wikipedia.org/wiki/Data_Retention_Directive>

* Norwegian version: [http://translate.google.com/translate?sl=no&tl=en&js...](http://translate.google.com/translate?sl=no&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fno.wikipedia.org%2Fwiki%2FDatalagringsdirektivet&act=url)

So basically, even one of the better countries for data privacy still has its
own struggles.

------
dmfdmf
A state bill should be totally unnecessary. This is a constitutional right. If
we accept this bill as the norm then its no longer a "right" and just a
permission by the govt that can be rescinded at anytime.

~~~
pmh
The text[1] of the bill seems to affirm the sentiment that it's a
constitutional right; it serves to counteract a California Supreme Court
ruling:

"(e) It is the intent of the Legislature in enacting Section 1542.5 of the
Penal Code to reject as a matter of California statutory law the rule under
the Fourth Amendment to the United States Constitution announced by the
California Supreme Court in People v. Diaz."

[1]:
[http://info.sen.ca.gov/pub/11-12/bill/sen/sb_0901-0950/sb_91...](http://info.sen.ca.gov/pub/11-12/bill/sen/sb_0901-0950/sb_914_bill_20110902_enrolled.html)

------
abraham
Governor Jerry Brown

c/o State Capitol, Suite 1173

Sacramento, CA 95814

Phone: (916) 445-2841

Fax: (916) 558-3160

<http://gov.ca.gov/m_contact.php>

------
SurfScore
It will be interesting to see if this ends up being as abused as other warrant
searches are. What is the probable cause of searching a cell phone? Does the
guy have to have kiddie porn as his lock screen or is it enough to think he
might have a drug dealer's home address in the phone book? People's phones are
almost their second homes, and in a way I am glad that the law is catching up
with technology, but they need to be prepared for a whole nother set of issues
that come with it

------
cookiecaper
We desperately need someone to configure Android with LUKS/dm-crypt, which
theoretically shouldn't be such a huge leap since Android is based on Linux (I
know nothing about Android-specific kernel divergences, but would be
interested to know if device-mapper is badly broken in Android kernels).

Another interesting project would be a service that sits on your phone and
automatically encrypts all of the automatically synced data, so Google only
received encrypted data and your phone transparently decrypted it upon demand.
This one would probably require much deeper work than making device-mapper run
on Android Linux kernels.

I am grateful to Google for making an open, decent phone system so that this
kind of stuff is made possible. Think about the options we'd have if iOS was
the only smartphone on the market.

People need to accept that without strong encryption, any and all of their
digital storage is open to adversarial or even accidental perusal, and that
they should have no realistic expectation of privacy without correct
application of cryptographic techniques. This is true across every form of
digital storage: mobile, desktop, laptop, cloud, USB stick, etc. Encrypt or
suffer.

~~~
yaix
That is how my netbook is configured, EncFS encrypts file names and contents
before rsync sends it to a remote backup server.

On the phone, you don't need to encrypt all of the file system (for better
performance) but just the parts that hold user data.

Unlocking the screen and encrypted user data by "swiping a pattern" is not a
big thing and takes not even a second.

~~~
Confusion
A swipe pattern has such low entropy that you may as well not encrypt it.

~~~
yock
Sure, it doesn't stop a criminal, but it implies privacy that could be held up
in court against unlawful search.

------
rmc
Do we have to have the slightly emotional title of "Bill on X's Desk"?

