One solution is for all other countries' border control started to demand passwords to unlock phone/all social apps for UK citizens, SPECIALLY target UK politicians and government workers.
Love to see any/all the interesting info one can find from the politicians.
Sounds like a good way to fight back. The US is doing this too sometimes. I don't really see a reason to search everyone's phone unless there's a reasonable suspicion and be allowed to watch them as they go through it. Just check if they have a weapon or not. If no weapon, don't see why further searching is needed. I saw another article about them wanting to scan people's papers they take with them. If they keep this stuff up, I think they will destroy the tourism industry and maybe more people will care.
I have sadly seen people commenting on similar articles on HN about how they don't ever plan to visit the US over these searches. Even a NASA engineer got searched.
Plus TSA has been known to steal also. I hope private jets become cheaper some day to avoid all this, well there are jet sharing programs. Drive straight to the runway and take off :) I guess if you have a huge company like Google or Apple, a private jet is basically free with all the write offs. Probably boosts productivity without all the waiting in lines.
I'm a US born citizen and I don't even look forward to flying. I haven't yet in my life but do want to fly and travel more someday. Every single day lately there's aways some news story about some major airline messing with people, or some story is talked about back to back on every news program involving the TSA.
I recently flew to the U.S. - I did consider wiping my iPhone in advance and then restoring it from iCloud backup once safely in the hotel, but in the end just left it at home. It was very nice taking a break too.
Of course, as a fairly unremarkable middle-aged white guy, I didn't get stopped at all.
This makes me wonder what the statistical likelihood of 'getting into trouble' is for 'unremarkable' people entering the US (by flight).
If I'd fly to the US (unlikely), I'd definitely wipe my phone or leave it at home. But since I'm also 'unremarkable', I'm now wondering if perhaps the chance of getting into trouble is ridiculously small for me, and that perhaps I'm in a bit of a bubble of my own going through all this (pointless) trouble to be 'safe'.
Surprised more app developers are not creating solutions to this kind of thing - e.g. some form of multisig authorisation to access certain files or 2FA that relies on the second factor only being available at times access is genuinely needed.
If the governments claim they have authority to search your phone, then the only solution is not to store things on your phone during those border activities. Any system for denial of access will simply be considered obstruction.
So technical solutions would simply be to have a backup somewhere, with no trace of the backup software on the device itself. Get to where you're going, go to the website, or download the app, or plug it into another computer, and restore your data from the internet via access codes you have memorized. Or simply travel with a device dedicated for travel, and not your personal goings on.
But obviously, technical solutions don't solve the root poison, which is government destruction of rights and social health in the name of "protecting our rights and society from terrorists".
What I don't understand about the "create a backup" approach is that the government could simply ask you to surrender the backup. You shouldn't lie about having one, since that's (probably) a felony!
Also, what's to stop them from asking for your email or other account passwords?
Depending on the jurisdiction, the government agent may not be able to ask for the backup.
I only know US border control considerations and they can only legally ask for access to what you have on you when you cross the border. If you are an American citizen (or permanent resident) you can decline, and they may well seize your device(s) but cannot deny you entrance. If you are a visitor to the US they can legally deny you entry if you do not comply with their vague and ever changing requests.
But in neither scenario could they legally demand access to a backup copy: they can only ask for access to items in your possession while crossing the border, otherwise they would need to get a warrant.
Use two factor authentication for your email and whatnot and leave the authenticator at home. Use a different email for travel that is only password protected.
I'm not a lawyer, but I very strongly doubt deliberately making yourself unavailable to give the password on demand is going to be perceived by a court as as cute a way around this law as you believe it to be.
There's no technological solutions to things like this, only political ones.
There are no political solutions to things like this either - not that any of us talking about it here have any meaningful hope of accomplishing, anyway. We might as well try whatever technical fixes we can come up with, since it's better than the nothing we'll get if we wait for the politicians to deal with it.
Political/legal solutions also take a generation or more to accomplish. What are we supposed to do in the meantime, just put up with governmental abuse?
Here's a business/service idea off the top of my head.
As a traveller, just before going through security you wipe your device and "sell" it to a vendor in exchange for a voucher that will allow you to exchange it back when you land and go through the security at your destination. You take the new device, provision it with your cloud data, and go on your visit; when you go back, you go through this process again, in the other direction.
Lots of problems to be solved with that idea, not the least of which is the business model, but it would allow you to travel without any electronics on your person.
I toyed with building an application like this, except that you just carry your device with you. The application basically tarballs your entire environment up, offsites it, and then wipes and factory-resets your device (incidentally I got lost in the rabbit hole of trying to wipe an SSD heh). It's completely clean, you can surrender your device for inspection, give passwords, etc. And then after you're through, you download the application which acts like a dropper, and it explodes your environment and data onto the device again. Docker was really useful here.
On a laptop, it shouldn't be too hard to have a dual-boot system where OS 1 has nothing of interest, and OS 2 is temporarily hidden from the boot loader.
Alternatively keep the main OS on a USB or hard drive, and get that in/out of the country by other means.
There are other options. Generally, carrying obviously visible sensitive files with you in person is not a necessity.
The tech solution might be giving partial keys to someone in another legal jurisdiction.
e.g. I send a partial key to my cousin and grandmother which live in another country. When crossing borders I then logout and cannot log back in without their part of the key. A local judge will not be able to compel someone in another country to cooperate - and my grandmother's local judge will not be able to compel her since the request is being made in another country.
Jonathan Zidarski (now at Apple) had a really good post on the approaches to handle security checkpoints [1]. It's enlightening and at the same time depressing.
There is a technological solution: plausible deniability. Devices/apps need two passwords: one unlocks your normal and secret files, and the other only unlocks your normal files. Agents asking for your passwords would see evidence of normal use only. Sort of a "can't prove a negative" defense.
The problem is that HN-types want to assert cryptographic power over agents of governments, ie I won't show you my files and you can't make me so I win.
This is a terrible attitude to have. Basically what your suggesting is that the government should be all powerful and then dole out rights to people as it sees fit. This is a completely unacceptable way for a free society to function.
I agree. In addition, if you pull a stunt like that, expect to have the book thrown at you to make an example of you. Part of the reason Ross Ulbricht's sentence was so harsh was to send a message.
I guess the challenge is one of UX; if you're hiding features behind specific sign-in patterns (to avoid security services) then you're also hiding them from a proportion of your users
Love to see any/all the interesting info one can find from the politicians.