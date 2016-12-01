Hacker News new | comments | show | ask | jobs | submit login
Deniability and Duress (mit.edu)
iPhones require the password(/code) when turned on and (IIRC) under certain other conditions.

But I believe this isn't enough considering recent developments. They write:

    It’s important to note that deniability refers to the
    ability to deny some plaintext, not the ability to deny 
    that you’re using a deniable algorithm.
It's now common for border agents in the US to demand login credentials for social media accounts, and search all electronic devises. I can't think of anything more invasive than someone going through my photos and messages. Yet many people are required to visit the US (or countries only reachable via the US). We need methods to separate data into two parts, one being highly private and completely hidden from someone given access to our devises.

And while I would welcome a technical solution, it's important not to discount the power of the law. Such invasions of privacy would be illegal in the EU, and contrary to the cynics, laws are generally respected in the developed world. The current news are making me hopeful that (parts of) the US population are also starting to be sympathetic to some rights of foreigners even when they're applying for the privilege of crossing the border.

> It's now common for border agents in the US to demand login credentials for social media accounts, and search all electronic devises.

Can you define common?

Requesting account names is already common practice: http://www.politico.com/story/2016/12/foreign-travelers-soci.... That does not include passwords, and it's "voluntary". But having filled out US immigration forms a few times (and watched others doing it), the process is quite intimidating and many will be pressured into providing that data. Why else would they? There is no upside to the US gov having that data for me.

With regards to passwords, I don't have numbers, but have seen a few dozen reports over the years without actively looking for them and knowing someone personally to whom it happened (he refused and was allowed entry after a few hours). And whatever is currently discussed would probably include it, considering the San Bernadino case they cite as justification involved information shared with strict privacy setting:

https://www.google.de/search?client=safari&rls=en&q=us+askin...

The ESTA form asks for social media accounts (though not passwords, and ostensibly providing the accounts is "optional"): https://esta.cbp.dhs.gov/esta/

The worst thing to do, when facing rubber hoses, or legalistic equivalents thereof, is to lie. Especially if you're not a well-trained lier. And especially if there may be independent evidence that would trip you up. The best option is having nothing to hide. When crossing hazardous borders, sensitive stuff should be securely in the cloud. And when coercion is likely, a third party should control access to it.

Except that travellers may be (and sometimes are being) asked for login credentials to online accounts.

Or for an iPhone a finger that says "Upload my backup to iCloud, turn on password until the backup is done, then wipe my phone."

Android had user profiles for a while. If you associate different fingerprints or different pin codes with different accounts, you can have your sneaky account with all the warcrime photos and the "open" account which is full of dick pics and selfies, as per usual. Almost no new technology required.

This all assumes the border guard is simply going to go through texts, pictures and maybe open up a facebook or similar. If forensics get hold of it you're screwed.

This is a really excellent idea that can do nothing but good. I would support this however I could.

I like the idea of using a sequence to unlock the phone, or specific finger to wipe the phone, and a different finger to load into a "clean" environment. That would be a usable mix of secret knowledge, physical security, and convienience.

A system like that would need to do more than provide a clean slate. It wouldn't be plausible that someone would be using a worn phone without having installed any apps on it. Also, I don't know how the phone would be able to obscure the contents of a micro-SD card, for example.

Why shouldn't it have any apps on it? From my understanding, the point is that the crucial subset of user data is not available in that usage mode.

The malicious actor would find it very suspicious (especially if/when these features are in popular platforms and thus widely known), breaking the deniability.

It's your own responsibility to tailor this "clean" state to your liking and make it look like you use it.

Make technology to resist.

