
Wanted: App with hot key that can wipe a phone's contents - ColinWright
http://www.bbc.co.uk/news/technology-18102793
======
JonnieCache
Wanted: working shellcode for this device that will fit in a text message.

Also wanted: custom bootloaders for androids that will self-wipe if the phone
is powered on without a certain button combo.

------
rjknight
s/wipe/encrypt/, or will they be able to force you to give up the key?

~~~
ColinWright
If you don't give up the key they can jail you. Also, not sure I'd trust
encryption in a widely used app to be strong enough and with a good enough
implementation. Too many side-channel attacks.

~~~
rjknight
There are two scenarios here. In the first instance, you're an innocent member
of the public who has been arrested for {wearing a hoodie, being the wrong
ethnicity, photographing something} and the police take you into custody
briefly before letting you go. In this case, they're probably not hugely
interested in the contents of your phone and are just fishing for data. If
they can't get anything from your phone, they'll just let you have it back
when they let you go. Minimal barriers to data extraction should be sufficient
here, and the advantage of encryption is that your phone remains usable once
you decrypt the data again. Bear in mind that you're an innocent person who
doesn't want to wipe all the data off your computing devices at a moment's
notice.

In the second scenario, you're a hardened terrorist who has just been caught
red-handed selling child pornography in order to fund an international drug
deal with the Iranian Revolutionary Guard. In this case, the police will go to
great lengths to extract data from your phone, and will force you to hand over
encryption keys. Here you probably want your phone to self-destruct as
completely as possible, at the very least wiping all data from it.

My point is that the self-destruct option is only a good fit for someone who
expects to face a serious attempt at data extraction. Encryption should be
sufficient to prevent casual snooping from any attackers, police included.

~~~
DanBC
I agree with what you say.

> _the advantage of encryption is that your phone remains usable once you
> decrypt the data again._

Assuming the police don't damage the phone or data in attempts to extract
data. And assuming they keep it for a reasonable length of time, and not for
months while they slowly grind through the process of finding forensic
examiners who'll look at it.

You mention laws that force users to hand over encryption keys. These are
worrying! In the UK that'd be RIPA.

([http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Pow...](http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000#Prosecutions_under_the_RIPA))

Here's a quote from the wiki article:

> _The first person jailed under RIPA Part III, for not giving police access
> to encrypted material, was a schizophrenic man who was later judged to be no
> threat to national security. He said he was refusing to provide keys on
> principle, on the basis that he should have a right to silence. He was
> jailed for 9 months for refusing to hand over his decryption keys, or
> otherwise decrypt the data, and was later moved to a secure mental hospital
> part way through his sentence. Notably, the encrypted material in question
> was not suspected of securing illegal material._

EDIT: The article says that the phone data is only taken when the phones are
suspected of being used in crime, and that the data is kept, so the police
will want to decrypt it.

