This seems like a pretty good idea in any case. If the seizing party can't crack the passcode anyway then it's a no-op. If they can then presumably they won't/can't do it right away, so it would add a bit of defense in depth.
Being formally under arrest doesn't affect whether you have the right to remain silent. It affects whether the police are required to tell you that you do.
I remember a report from a recent Norwegian criminal trial, where the judge himself warned the accused that refusing to give an explanation could reflect badly on the question of whether she was guilty or not.
The legal protection for refusing to speak in the US is the Fifth Amendment, which of course predates most modern police tactics. But there are basically no calls to change that, and it has a lot of cultural support too - there's plenty of media where "I ain't sayin' nothin'" marks a tough or well-informed character instead of a guilty one.
The other side of which is that US police have very few boundaries in interrogations other than giving a Miranda warning and avoid physical violence. A lot of police forces rely heavily on the Reid Technique, which presumes the suspect is guilty and has a long history of producing false confessions. They're also free to outright lie about both the state of evidence and how a confession will be handled.
I don't know a great deal about Norwegian policing, but just hearing this I would predict that "brought in for questioning" doesn't have the same "try to drag a confession out of you" associations it does in the US.
Under certain cases in which your testimony cannot be used against you the court can compel you to testify if you refuse then you can be charged with contempt a common case for this would be a court ordering a reporter to disclose their source.
But the prosecution classifying a defendant as a witness would not fly.
> The jury was instructed that they may find the failure by the store to retain (and subsequently provide to the other party) the additional footage may be considered an attempt to hide evidence that Brookshire Brothers' management knew would be damaging to their case.
Although this may not be settled law.
> The Texas Supreme Court reversed, ordering a new trial, stating that it was abuse of discretion by the trial court to issue a spoliation inference instruction in this case, that the court should have imposed a different corrective measure on Brookshire Brothers (a less severe sanction), and that a spoliation inference instruction to the jury is only warranted in egregious cases of destruction of relevant evidence.
Essentially they need to subpeona you to formally tell you to preserve all potential evidence and stop the deletions or take backups such that the day to day deletions are irrelevant. The later being a fine but important distinction that shredding extra copies of your own is okay. You wouldn't get arrested for copying a customer's account information to do profit margin math and then shred the copy when done to ensure their privacy.
If you are unbound by other regulations there is nothing illegal about reimagining your device every 24 hours.
If they were trying to keep a low investigation profile and never told you that you were to preserve the data the destruction of evidence is on their incompetence.
If you implemented it post subpoena you are at fault of course.
If someone just so happens to ask me on Twitter each day if I received an order, and I say no, but on day 99 I don't reply or say "I'd rather not answer", does that muddy the waters a little?
The law can be unjust but that's another thing.
The idea is that you have a message you update regularly to specify whether you have received an NSL -- you never delete the latest version. If you get an NSL you comply by doing nothing (and by your inactivity you've signalled that the warrant canary was tripped). There is a valid freedom-of-speech question (at least in the US) about whether you can be compelled to continue updating the message -- you can be forced to be silent but can you be forced to proactively lie when the NSL forced you to be silent?
Though, of course, they could subpoena the signing key for the canary and destroying the key would be destruction of evidence. A quorum system for signing might be more robust against this, but I have my doubts.
And of course quite a few folks think that warrant canaries wouldn't work in any case.
While I do think secret warrants are unjust most of the time (and nobody can verify that they are justly applied when applied), the intent of the law is obviously to not let anyone know about the warrant, if you do you have broken the law regardless of how you did it. Any judge that rules otherwise is engaging in judicial activism.
In Australia we have an explicit law which makes it illegal to talk about the existence or non-existence of a journalist surveillance warrant (though in Australia you might not even be aware of such a warrant's existence). This means that any discussion of such warrants is technically illegal -- making warrant canaries impossible to implement here. The minimum sentence is 2 years, and it's specifically targeted toward journalists (and affects anyone who shares already-public information -- so retweeting such a story on Twitter would be a serious crime).
Warrant canaries are an effective PR move irrespective of the legality of tripping them. They only stop working as a PR move if you don't trip them after getting a secret warrant and that warrant later becomes non-secret.
The same is true about due process in the US, but there are limitations on what it can apply to regarding speech. The US government can legally stop you from speaking on certain matters via court order. But speech is explicitly separated from lack of speech in the US and are treated as two totally separate things. There is legal standing that non-speech cannot be considered as speech - this goes hand in hand with the 5th amendment and how a person's refusal to speak and provide testimony against themselves cannot in of itself be considered evidence against them. So a lack of speech cannot be considered evidence of guilt.
Also, there is a substantial body of law protecting the people (even government employees) from being forced to say anything by government. So, for others here wondering if the US can require them to keep updating it - they almost certainly cannot. There may be a way around that because the US government does have a fairly broad ability to regulate businesses so they could, in theory, pass legislation requiring businesses update this...maybe. But I doubt such a law would pass challenges as it would be challenged on first amendment grounds and the idea that other compulsive speech requirements on businesses have generally been geared toward information sharing and notifications of legal rights and other things that protect consumers. This is something entirely different and doesn't fall in those categories. Those requirements are all structured around spreading truthful information to keep consumers informed where here the government would be requiring businesses to lie - something that could easily be argued is against consumer interest.
I agree there are several theoretical reasons why warrant canaries might actually be a useful tool, but it's just as likely that intentionally constructing a scenario where you are implicitly telling people about a gag order through a bunch of hurdles would not be considered following the spirit of the law.
For instance, if you get an NSL you can't tell your family about it. When going to see your lawyer, you need to omit the reason why you're seeing a lawyer -- which is basically de-facto requiring you to actively lie to your family (because "I can't tell you why I'm seeing my lawyer" is arguably code for "I have received an NSL" if your family is aware that you might get an NSL one day).
I personally think this is massively unjust (and in Australia, we have explicit laws to disallow speaking about the existence or non-existence of any such secret warrants -- which makes even attempting to set up a warrant canary a crime with a minimum 2 year sentence).
The court will, either way, not be impressed by someone communicating that they got a warrant by not communicating in a previously arranged manner (this is basically communicating in a code language).
It's an argument, I'm no fan of secret orders or the government telling you to lie or keep quiet.
They might charge but "I was arrested, my mind was going nuts...was setup a long time ago, never hit my mind" etc etc. You need to be doing it on purpose and knowingly.
You are probably better off just pretending it got bricked by some random software update.
Thieves also steal phones, not everyone is El Chappo's #2 guy
Powerful people seem to get away with this....
> In 2014, months prior to public knowledge of the server's existence, Clinton chief of staff Cheryl Mills and two attorneys worked to identify work-related emails on the server to be archived and preserved for the State Department. Upon completion of this task in December 2014, Mills instructed Clinton's computer services provider, Platte River Networks (PRN), to change the server's retention period to 60 days, allowing 31,830 older personal emails to be automatically deleted from the server, as Clinton had decided she no longer needed them. However, the PRN technician assigned for this task failed to carry it out at that time
I guess people of varying political viewpoints would differ on whether Clinton had gotten away with anything. But plenty of other cases in which powerful people did not get away with destroying evidence. Or rather, they had the ability to destroy email evidence and didn't, because they knew they wouldn't get away with it. Gen. David Petraeus , for example, and the officials currently under the Mueller probe.
You don’t really need to look very far. The moment you have so many people that you can plausibly chalk the deletion up to miscommunication or automated processes you are basically home free.
Or at least, just get off with a fine, it’s the company doing a wrong after all, and you can’t jail a company.
Having so many people involved is as much a liability as any kind of benefit. It means more people to testify, and if you are involved in a cover up, more people willing to join in your conspiracy. Bigger companies also likelier have better guidelines regarding automated processes, are you suggesting any deletion by an automated process should be judged as suspect?
Not in all cases. But if it hits something like email records, it becomes a bit silly to think they’re doing it for any reasons other than that there’s stuff in the emails that’s going to hurt them (at some point).
To answer your original question, she has a degree in computer forensics.
> "Our position is that my client didn't access anything to remotely delete anything," Smalls said. "My client wouldn't have any knowledge how to do that."
That seems like something pretty easily disproven with a subpoena to Apple for records of whether a remote wipe command was issued, no?
Which makes me think the defendent probably indeed didn't remote wipe.
I wonder if it wiped itself after too many wrong password attempts (is that a thing they do?), or as the attorney suggests "days after her phone was seized, Grant got a new phone. Smalls said he didn't know if that had any impact on the data on the phone police had taken" -- does it auto-wipe the old phone in those circumstances sometimes?
But who wiped it? Was it her or her boyfriend or some other friend that though that she lost her phone? Or did she tell the Apple store that she lost her phone, and they wiped it as a "courtesy"?
"I lost my phone and need a new one." "Your phone is lost? Let me disassociate your old and and help you set your new one up. What's your icloud username, email or phone number?"
Assuming the suspect knew disassociation meant data deletion on their old phone, is it up to the suspect to prevent this from happening? It seems pretty close to invoking the magic words I started out with, especially if this was the suspect's intent going into the store.
Now assuming the suspect didn't know, and he did not intent to delete data from his old phone... Now what? Is it acceptable to accidentally destroy evidence? Spoliation of evidence suggests a guilty conscience, but in this case it was an accident.
Theoretically no. In practice it's murkier.
If you're a cop? Definitely not acceptable on paper but you'll get a slap on the wrist at best.
If you're OJ Simpson and can afford a good lawyer? You will probably be found not-guilty.
Peasants like you or I? They'll throw the book and something will stick.
Edit: Am I being down-voted for being blunt or because reality makes people uncomfortable?
There’s no point arguing that storing a vat of milk in the sun counts as the law enforcement impounding incorrectly or the suspect deliberately arranging evidence to destroy itself, when the crux of the matter is that the defendant is a black woman in Alabama so has no chance of a fair trial regardless how airtight the case might seem.
You can quibble over technical details, but at some point a judge will be asked if it fits the charge, and make a layman decision, not a programmer's one.
That's far from a mere technical detail, as it also means the person lacked any meaningful physical control of, or proximity to, the evidence.
I recall there are some cases that centered on whether someone was aware of the existence of a browser cache and knew how to clear it. In that case the "evidence" really is on the local machine because that's what the cache is.
That would still be irrelevant if their intention for getting themselves to "lack any meaningful physical control of, or proximity to, the evidence" is deemed by a judge to be malicious.
This, by the way is why the technical issues are important, relying solely on the lay person interpretation is dubious. A court that issued ruling on issues it doesn’t understand is inherently unjust.
Well, if they arranged so they are always, from the start, in that position, with the intent to leverage that "lack of control" to not produce evidence (i.e. with doing some law breaking in mind), that could still be considering incriminating...
And that, in the end, is a lay person's judgement to make...
If you are doing something to alter the device itself in any way (i.e. the bits anywhere on the device), it's a pretty straightforward path to the clink.
What isn't clear, though, is if the device was, for example, an "approved" device on some site/services and you logged into your accounts and removed access. Let's say for the sake of argument you had an encrypted chat app on your phone and that service has both web and mobile access. Your phone and laptop are approved devices. The police confiscate your phone. As soon as they release you, you log into your account from your laptop and remove the phone's access. The phone itself hasn't been changed. I wonder what would happen there.
Getting caught is less than half of the equation.
Not "Do you have a lock on your phone" or even "Do you have a lock on your phone which causes it to self-wipe after 5 incorrect password attempts" but "Did you, when you realised the police were on to you, deliberately wipe some data to stop you getting into trouble."
There seems to be a doubles standard in regards to the use of technical vs layman decisions. I've seen legal cases where the judge is making rulings on extremely technical points of law which are far outside the layman's understanding, but these only seem to happen when there are really expensive lawyers pushing for it. Have a public defender? Layman decisions, especially if they aren't in the defendants favor.
I wonder if anyone would have the ability to formalize this into actual research to see if there is any truth behind my intuition.
The police can just go to google or slack with a warrant to get the evidence. The physical equivalent would be going to the storage unit proprietor and cutting the lock.
IANAL but I would expect it to count as "hindering a police investigation", obstruction of justice, or something similar.
If only one or two such services were "timed out" then it's going to be harder to prove.
"detect the lack of any electromagnetic field paired with no vibrations at all and colder temperature"
You go hiking far outside of civilization and go to sleep in a tent, there are no electromagnetic fields around you at all(that the phone can detect anyway), there are no vibrations at all, and the temperature is cold because the phone is not on your body.
Or for a slightly more realistic example - I stayed with a friend recently who lives in a house from the 12th century - walls in there are about a meter thick, in certain rooms there is absolutely zero reception from any network, wifi doesn't penetrate at all. The no vibrations and low temperature points also apply there.
What am I missing that the post apparently said?
I wonder how can they prove that she did it? Or it's your phone, you know the password and let's try to convict you? If it was programmed to be erased before the phone was taken /crime committed she is not guilty I guess.
I'm a little surprised the police don't have faraday bags or a room to store evidence in that doesn't allow radio signals in.
According to https://en.wikipedia.org/wiki/Spoliation_of_evidence#Tamperi... , in my non-lawyerly (hence probably imprecise) summary, the act of destroying evidence can be regarded as incriminating evidence.
So that wont fly as an excuse to a judge. In general pedantic splitting hair arguments will more likely turn against the person.
However, once they have the data (and after asking the forensics team if it's okay) you can certainly follow up on the request and it's probably good manners to inform people that there is a legal obligation holding up the deletion of some data (unless the warrant prohibits that).
But, more importantly, the GDPR doesn't help if the data is needed for a criminal investigation. There are very clear exemptions to the GDPR protections, and this is one of them.
In what court would you bring a case against the United States under the GDPR?
I get your point, but practically most large companies have EU subsidiaries (and in many cases, structure their businesses to exploit the benefits of EU nations like Ireland) and thus must follow EU laws anyway.
> but the GDPR effects non-EU businesses and governments