
Destruction of evidence charges filed for remotely wiping iPhone - asimpletune
https://dailygazette.com/article/2018/11/08/police-woman-remotely-wipes-phone-in-evidence-after-shooting
======
piotrkaminski
I'm kinda curious how the law would treat a dead man's switch that
automatically wipes the phone if you haven't unlocked it for N hours (say, 24
or 48). (Assuming it was set up well before any event that prompted the
phone's seizure, of course.) Could they somehow charge you for not warning the
police about the auto-wipe when they took your phone? Does the answer change
if you were officially under arrest and had a right to remain silent?

This seems like a pretty good idea in any case. If the seizing party can't
crack the passcode anyway then it's a no-op. If they can then presumably they
won't/can't do it right away, so it would add a bit of defense in depth.

~~~
thaumasiotes
> Does the answer change if you were officially under arrest and had a right
> to remain silent?

Being formally under arrest doesn't affect whether you have the right to
remain silent. It affects whether the police are required to tell you that you
do.

~~~
marvin
Fascinating how this varies between nations and cultures. In Norwegian case
law, refusing to explain yourself can be considered indirect evidence of
guilt.

I remember a report from a recent Norwegian criminal trial, where the judge
himself warned the accused that refusing to give an explanation could reflect
badly on the question of whether she was guilty or not.

~~~
the_watcher
In the US, the Fifth Amendment protects the opposite: you cannot be compelled
to testify against yourself in the US, and choosing to take the Fifth cannot
be considered evidence of guilt. There's some evidence that, in practice, this
isn't always true, but judges are required to clearly explain this to jurors.

------
jonstewart
Howdy, digital forensics software developer here. A few points: 1) yes, the
police probably should have put the phone in a Faraday bag, but those aren’t
perfect and municipal law enforcement generally doesn’t have the same
equipment that state and federal police do. It doesn’t excuse the suspect
allegedly taking action to destroy evidence; 2) this is probably about the
boyfriend, who they suspect committed a shooting—-they charged the girlfriend
with evidence tampering as a felony, and then the prosecutor has legal
leverage to get her to testify against her boyfriend and take a gun off the
street; 3) no amount of technical argumentation will save you from a
prosecutor, judge, or jury if you do something that causes spoiliation of
evidence—when your company is sued and your business systems are
preserved/collected as a result, don’t even think about getting in the way.

~~~
hobbescotch
How do you get into digital forensics dev? Seems like an interesting field.

~~~
jonstewart
I was laid off from a startup at the bitter, wretched end of the dotcom bust
in the spring of 2003. Another company two blocks from my apartment in
Pasadena, CA was hiring C++ engineers, and I was lucky enough to join Guidance
Software to work on EnCase. It's a fun field: bits and bytes, a whole lot of
'em, and the requirement for perfection.

~~~
RufusJacksons
I trained with Encase at uni! Quite a tool.

------
jrochkind1
> Monday Update: Suspect in remote phone-wiping case denies wrongdoing, Nov.
> 12, 2018 > [[https://dailygazette.com/article/2018/11/12/suspect-in-
> remot...](https://dailygazette.com/article/2018/11/12/suspect-in-remote-
> phone-wiping-case-denies-wrongdoing)]

> "Our position is that my client didn't access anything to remotely delete
> anything," Smalls said. "My client wouldn't have any knowledge how to do
> that."

That seems like something pretty easily disproven with a subpoena to Apple for
records of whether a remote wipe command was issued, no?

Which makes me think the defendent probably indeed didn't remote wipe.

I wonder if it wiped itself after too many wrong password attempts (is that a
thing they do?), or as the attorney suggests "days after her phone was seized,
Grant got a new phone. Smalls said he didn't know if that had any impact on
the data on the phone police had taken" \-- does it auto-wipe the old phone in
those circumstances sometimes?

~~~
null0pointer
Yes, there's an option to have your phone auto-wipe after 10 failed unlock
attempts. However, I'm not aware of any way to have it auto-wipe by itself
after n-days. Getting a new phone and signing into your Apple ID has no effect
on the data stored on your old phone.

~~~
manicdee
Removing a phone that was previously associated with your Apple ID will
remotely erase the device. You will get an email confirming the erasure the
next time the device is turned on.

~~~
cesarb
Assuming the suspect is telling the truth, that's probably what happened. And
it might not even have been the suspect herself; a store employee helping her
set up her new phone might have helpfully removed her "lost" phone from her
account.

~~~
mirimir
OK, then, does telling the Apple Store that you lost your phone, when it was
in fact impounded by police, constitute evidence destruction? I can see how it
might.

~~~
sovietmudkipz
I bet saying the magic words "my phone is impounded by the police, please wipe
my phone" would be. But, assuming the suspect is telling the truth and
assuming an apple employee disassociated the suspect's phone from their icloud
account, let's also assume the suspect lied to the apple employee.

"I lost my phone and need a new one." "Your phone is lost? Let me disassociate
your old and and help you set your new one up. What's your icloud username,
email or phone number?"

Assuming the suspect knew disassociation meant data deletion on their old
phone, is it up to the suspect to prevent this from happening? It seems pretty
close to invoking the magic words I started out with, especially if this was
the suspect's intent going into the store.

Now assuming the suspect didn't know, and he did not intent to delete data
from his old phone... Now what? Is it acceptable to accidentally destroy
evidence? Spoliation of evidence suggests a guilty conscience, but in this
case it was an accident.

~~~
dsfyu404ed
>Is it acceptable to accidentally destroy evidence?

Theoretically no. In practice it's murkier.

If you're a cop? Definitely not acceptable on paper but you'll get a slap on
the wrist at best.

If you're OJ Simpson and can afford a good lawyer? You will probably be found
not-guilty.

Peasants like you or I? They'll throw the book and something will stick.

Edit: Am I being down-voted for being blunt or because reality makes people
uncomfortable?

~~~
DATACOMMANDER
I didn’t downvote you, but I think you were downvoted because the post you
were replying to was asking a legal/ethical question about whether it’s
acceptable to accidentally destroy evidence in general, and you gave an
unsupported answer and then veered off into a discussion of whether the law is
applied to all people fairly.

~~~
manicdee
In my view the question of whether the law is unbiased and “fair” is more
important to resolve than whether accidentally erasing a phone seized by law
enforcement counts as spoiling evidence.

There’s no point arguing that storing a vat of milk in the sun counts as the
law enforcement impounding incorrectly or the suspect deliberately arranging
evidence to destroy itself, when the crux of the matter is that the defendant
is a black woman in Alabama so has no chance of a fair trial regardless how
airtight the case might seem.

------
reustle
What if I use the gmail/slack/whatsapp website instead of the app, and
remotely log the phone out of google/etc if my device is seized. That way the
data was only stored in RAM, and they shouldn't be able to access it once they
get into the phone. Does that count as destruction of evidence?

~~~
AndrewDucker
If you deliberately do anything which will cause evidence to be placed beyond
the reach of law enforcement then you are likely to be hit with charges.

You can quibble over technical details, but at some point a judge will be
asked if it fits the charge, and make a layman decision, not a programmer's
one.

~~~
mrsteveman1
Then again, if a browser cookie is the only thing providing access to
"evidence" on a particular machine, then it wasn't actually on that machine to
begin with.

That's far from a mere technical detail, as it also means the person lacked
any meaningful physical control of, or proximity to, the evidence.

I recall there _are_ some cases that centered on whether someone was aware of
the existence of a browser cache and knew how to clear it. In that case the
"evidence" really is on the local machine because that's what the cache is.

~~~
coldtea
> _That 's far from a mere technical detail, as it also means the person
> lacked any meaningful physical control of, or proximity to, the evidence._

That would still be irrelevant if their intention for getting themselves to
"lack any meaningful physical control of, or proximity to, the evidence" is
deemed by a judge to be malicious.

~~~
benchaney
You have badly misunderstood the point the GP was making. The person in
question was always in a state of “lack[ing] any physical control of or,
proximity to, the evidence”. They had no control of this in any way.

This, by the way is why the technical issues are important, relying solely on
the lay person interpretation is dubious. A court that issued ruling on issues
it doesn’t understand is inherently unjust.

~~~
coldtea
> _The person in question was always in a state of “lack[ing] any physical
> control of or, proximity to, the evidence”. They had no control of this in
> any way._

Well, if they arranged so they are always, from the start, in that position,
with the intent to leverage that "lack of control" to not produce evidence
(i.e. with doing some law breaking in mind), that could still be considering
incriminating...

And that, in the end, is a lay person's judgement to make...

------
cascom
I’m curious what sort of notice was given to this person that the phone was
evidence. For example was she arrested, and had her phone on her, and then the
police never returned it, or was there a search warrant/subpoena and she was
given a receipt for items held under that order?

------
manicdee
How long until we find out that attempting to use a Greybox will trigger the
self destruct feature built into iOS by Apple as part of that patch where they
disable USB data when the phone is locked?

------
umvi
I guess the police will learn to put the phone in a Faraday cage as soon as
it's seized

~~~
vuln
Sell 'mobile' Faraday cages one for every squad car... Profit?

~~~
lisper
[http://www.reynoldskitchens.com/aluminum-
foil/](http://www.reynoldskitchens.com/aluminum-foil/)

~~~
vuln
[1] + this kind of pouch. Probably could sell them for at least 100$ a piece.
'battle tested'

[1][https://i5.walmartimages.com/asr/15479a20-388b-4138-9f8c-1a1...](https://i5.walmartimages.com/asr/15479a20-388b-4138-9f8c-1a1cee17513f_1.68da8590f42851e5d4bb9dda0ba2d89f.jpeg?odnHeight=450&odnWidth=450&odnBg=FFFFFF)

~~~
klodolph
It would be hard to sell it for $100 if you can buy digital evidence bags for
a couple bucks: [https://www.arrowheadforensics.com/products/evidence-
packagi...](https://www.arrowheadforensics.com/products/evidence-
packaging/faraday-pouches-bags/cell-phone-faraday-storage-kit.html)

~~~
TeMPOraL
Put a "5G-ready!" sticker on it, and you're back in business.

------
CodeWriter23
Does anyone know what the standard of proof is for destruction of evidence? It
seems a simple defense in a case like this is to have previously shared ones
iCloud password with their entire family. Each family member then creates
reasonable doubt for any family member who is tried for the crime.

------
ChrisArchitect
follow-up article "Suspect in remote phone-wiping case denies wrongdoing --
Accused woman doesn't even know how to do that, her attorney says"

[https://dailygazette.com/article/2018/11/12/suspect-in-
remot...](https://dailygazette.com/article/2018/11/12/suspect-in-remote-phone-
wiping-case-denies-wrongdoing)

------
clubm8
What is the penalty for destruction of evidence? If it's less than the crime
at hand, it's logical to wipe.

I'm a little surprised the police don't have faraday bags or a room to store
evidence in that doesn't allow radio signals in.

~~~
JadeNB
> What is the penalty for destruction of evidence? If it's less than the crime
> at hand, it's logical to wipe.

According to
[https://en.wikipedia.org/wiki/Spoliation_of_evidence#Tamperi...](https://en.wikipedia.org/wiki/Spoliation_of_evidence#Tampering_with_evidence)
, in my non-lawyerly (hence probably imprecise) summary, the act of destroying
evidence can be regarded as incriminating evidence.

------
judge2020
I guess it didn't have a passcode? Just let the police try whatever they have,
as long as you have the iOS 12 update that disables accessories and thwarts
"GrayKey" there's no need to remotely wipe it.

~~~
geofft
It only locks out accessories if the device has been locked for over an hour,
so make sure to lock your device at least an hour before getting arrested, or
reboot it. Also make sure the option is enabled under passcode settings; I
think it's disabled by default.

------
btbuildem
So data stored on a phone counts as "physical evidence"?

~~~
swebs
Why wouldn't it be? It's the same as words on paper.

~~~
mcfedr
Because there is nothing 'physical' about it.

~~~
swebs
The phone is the physical evidence. Would you not consider a flash drive as
physical evidence? Even at the most pedantic level, the data is still stored
physically as the state of the logic gates.

------
mcfedr
But who wiped the data anyway? Apple - sure she asked them to, but apple did
it.

~~~
billfruit
But then if it was Apple who deleted, does it raise the question that
they(Apple) didn't check if the data being deleted was evidence or not?

~~~
DATACOMMANDER
You can’t expect Apple to do an investigation of every phone they wipe at a
customer’s request. What about Google Docs? Even if the user clicks the
“delete” button, Google performs the physical act of deletion. So should
clicking that button trigger a pop-up with the message, “Deletion will occur
once we’ve verified that you are not under investigation by the authorities in
your jurisdiction”? Or should it silently send the “deleted” document to an
archive that Google must maintain indefinitely for the purpose of responding
to subpoenas?

------
sbhn
But GDPR says I can delete my data, I’m confused

~~~
geofft
I believe the GDPR allows a company to refuse (or delay) processing your
request to delete their data about you if they have a legitimate reason, and
being legally obligated to hold onto that data is one of the legitimate
reasons. However, GDPR is a big law and I am not a European lawyer (I am
neither, in fact), so I'm curious if my understanding is wrong. What section
of GDPR are you thinking of and what exceptions does it have?

~~~
zaarn
The GDPR regulation has some exceptions for legal requests and generally puts
itself below local laws and regulations that specify further, to my knowledge,
if you get a letter from the police/state that says some data is needed for a
court case, you can safely ignore all deletion requests for that data until
such time that the state/police request is no longer valid (ie, they copied it
off your server).

However, once they have the data (and after asking the forensics team if it's
okay) you can certainly follow up on the request and it's probably good
manners to inform people that there is a legal obligation holding up the
deletion of some data (unless the warrant prohibits that).

~~~
DATACOMMANDER
This again raises the issue of speech vs absence of speech. What if a cloud
provider has applications that confirm deletions that are initiated by the
user? A secret warrant prohibits disclosure of the warrant’s existence, but
now we’re talking about a requirement to actively lie to users. I really don’t
think that this hair-splitting.

~~~
zaarn
Then you'll have to lie to the user. Simple as that.

------
14
Maybe the detective should have to undergo some extra training? Though I guess
they probably figured it out by now so no point but I mean seriously? In 2018
you are going to allow this to happen? Outsmarted by someone who sounds like a
gangster. This has been an issue for years. I had a friend who was arrested
for illegal fishing(5 fish out of season) and they took his phone. He was
panicked because he didn't have a password on his phone and had done something
that may have gotten him in trouble. For me being so experienced with tech at
the time without even thinking said I would just remote wipe it if this
happened to me. He said how. I said well just sign into google device manager.
For those wondering he had some marijuana stuff which is now legal in Canada
on his phone pictures of his plants or something nothing crazy. We were young
and never thought about legal ramifications. But it seems like this has been
possible for at least half a decade there should be standard procedure when
taking a persons phone into custody.

~~~
LogicX
wait a second, i've seen this before...

~~~
14
Not really sure what you mean by that? I also knew my opinion would be
unpopular here on HN, perhaps it was my tone I'm not sure, but really if I was
the family of a murder victim and the detectives lost incriminating evidence
on the phone in this way I would be upset. This has been in the news many
times. We know better then that and in my opinion the detective screwed up. It
appears almost everyone here knows about faraday cages it is common knowledge.
So why did this happen again in 2018? Have a good day everyone

