[x0x0]

I'm not a lawyer, but I very strongly doubt deliberately making yourself unavailable to give the password on demand is going to be perceived by a court as as cute a way around this law as you believe it to be.

There's no technological solutions to things like this, only political ones.

[marssaxman]

There are no political solutions to things like this either - not that any of us talking about it here have any meaningful hope of accomplishing, anyway. We might as well try whatever technical fixes we can come up with, since it's better than the nothing we'll get if we wait for the politicians to deal with it.

[k-mcgrady]

Political/legal solutions are the only ones that will work long term. Tech solutions can be legislated around.

[marssaxman]

Political/legal solutions also take a generation or more to accomplish. What are we supposed to do in the meantime, just put up with governmental abuse?

[k-mcgrady]

Politics can potentially change within one election cycle, legal faster if get our opposition politicians onside.

[adamsea]

Let's not be defeatist. Just because something is difficult and may take a long time does not make it impossible.

[jchrisa]

Don't travel with electronics?

[TeMPOraL]

Here's a business/service idea off the top of my head.

As a traveller, just before going through security you wipe your device and "sell" it to a vendor in exchange for a voucher that will allow you to exchange it back when you land and go through the security at your destination. You take the new device, provision it with your cloud data, and go on your visit; when you go back, you go through this process again, in the other direction.

Lots of problems to be solved with that idea, not the least of which is the business model, but it would allow you to travel without any electronics on your person.

[fapjacks]

I toyed with building an application like this, except that you just carry your device with you. The application basically tarballs your entire environment up, offsites it, and then wipes and factory-resets your device (incidentally I got lost in the rabbit hole of trying to wipe an SSD heh). It's completely clean, you can surrender your device for inspection, give passwords, etc. And then after you're through, you download the application which acts like a dropper, and it explodes your environment and data onto the device again. Docker was really useful here.

[TheOtherHobbes]

But this makes it very obvious you've reset your phone. Which is a red flag - although not technically illegal, so far.

You really want something that looks like an in-use device and gives no hint that you have sensitive files stored anywhere else.

[fapjacks]

It would have been configurable. The important thing is that your blob of data (e.g. VeraCrypt volume) is offsited and wiped. You could leave your laptop otherwise completely lived-in, just not containing your data anymore. Otherwise, I've worked for companies that gave out loaner phones for overseas travel. A factory-reset phone is much less suspicious than a threadbare "factory-reset" laptop.

[TheOtherHobbes]

On a laptop, it shouldn't be too hard to have a dual-boot system where OS 1 has nothing of interest, and OS 2 is temporarily hidden from the boot loader.

Alternatively keep the main OS on a USB or hard drive, and get that in/out of the country by other means.

There are other options. Generally, carrying obviously visible sensitive files with you in person is not a necessity.

[grouseway]

The tech solution might be giving partial keys to someone in another legal jurisdiction.

e.g. I send a partial key to my cousin and grandmother which live in another country. When crossing borders I then logout and cannot log back in without their part of the key. A local judge will not be able to compel someone in another country to cooperate - and my grandmother's local judge will not be able to compel her since the request is being made in another country.

Kind of hokey - but maybe it works?

[kingbirdy]

That only works if you have a grandma in a non-extraditing country

[obstinate]

And if you don't mind being held indefinitely for contempt of court.

[daxorid]

That's more or less the point of the GGP's suggestion. Contempt is generally brought in cases where you have the ability to comply, but choose not to.

If you do not have even the ability to comply, justifying contempt becomes increasingly difficult.

[BearGoesChirp]

Are we expecting a government that violates their own rules to not violate their own rules in a different area? Let's see how fast your grandma will give up the password when it is the only way to get you out of lockup at a torture center (using my definition of torture, not any of the horrible biased ones different governments use).

[obstinate]

If your mom overseas has the password, you do have the ability to comply. Ask you mom for the password. She gives it to you. You comply.

Here's another example that might make this more clear. Let's say I embezzle a million dollars from my employer, and they sue me to get it back. (Let's just pretend that I avoid criminal charges for simplicity.) When they win and I tell them, "I can't comply, I gave it to my cousin in France to hold on to," what do you think the judge does? I'll tell you what the judge does: https://en.wikipedia.org/wiki/H._Beatty_Chadwick (This only applies to the U.S.. I suppose in the U.K. you would do two years and then be released.)

[syrrim]

In the case you linked, the contention was that the judge thought the defendant had access to the money, whereas he said he didn't. If you give the money to another, autonomous, person, and the judge believes that you did, then you should be in the clear. Naturally, you could ask the person for the money, much as you would a bank teller. However, if you had previously instructed the person to ignore such a request, then you would be incapable of retrieving the money. Holding you beyond then would have the goal of using your incarceration to coerce another person, which I'm sure the courts would frown at.

[e12e]

Sure. And you will be held in contempt until you facilitate access.

[benologist]

We need security mechanisms that prevent such overreach being possible at all, just like Apple is doing with their hardware.

[r00fus]

Jonathan Zidarski (now at Apple) had a really good post on the approaches to handle security checkpoints [1]. It's enlightening and at the same time depressing.

[1] https://www.zdziarski.com/blog/?p=6918

[mLuby]

There is a technological solution: plausible deniability. Devices/apps need two passwords: one unlocks your normal and secret files, and the other only unlocks your normal files. Agents asking for your passwords would see evidence of normal use only. Sort of a "can't prove a negative" defense.

The problem is that HN-types want to assert cryptographic power over agents of governments, ie I won't show you my files and you can't make me so I win.

[benchaney]

This is a terrible attitude to have. Basically what your suggesting is that the government should be all powerful and then dole out rights to people as it sees fit. This is a completely unacceptable way for a free society to function.

[RcouF1uZ4gsC]

I agree. In addition, if you pull a stunt like that, expect to have the book thrown at you to make an example of you. Part of the reason Ross Ulbricht's sentence was so harsh was to send a message.

[vasco]

Two passwords, one wipes the device the other unlocks.

[alistairSH]

Which will lead to an Obstruction of Justice charge or similar.

[type0]

And The Justice of Obstruction is something that only politicians would have...

[IanCal]

This is likely to be even more illegal.

[vjvj]

You're right but if this kind of security becomes the norm rather than the edge case, it becomes far more acceptable.

[eikenberry]

The technological solution is to keep have separate devices for traveling internationally that are unlocked.