[Manuel_D]

And perhaps more importantly, it becomes a de-facto crime to ever forget an encryption key. People forget the passkeys to crypto wallets all the time, losing millions. How can the police effectively prove that someone remembers the passcode? What if someone, after a few months in prison, says they've reconsidered and are willing to comply. They try to decrypt it but fail and subsequently say they the stress of incarceration has made them misremember the passcode?

[psychphysic]

It's also troubling that it's a crime not to disclose right now.

Disclosing those keys is probably a serious legal decision. The police will copy your entire phone including any nude pics, saucy messages etc.

Given the absurd number of UK police who have gotten in trouble recently for sharing pictures of dead bodies it's understandable you wouldn't want to just give them forever access to that or take a decent period to fully consider.

[blibble]

> How can the police effectively prove that someone remembers the passcode?

if they can prove you were using the phone an hour ago that would probably do it

[negidius]

The stress of being arrested and threatened with years in prison if you don't remember your passcode could very well cause someone to forget it.

[ericbarrett]

A few weeks ago my house sprang a massive leak in the roof during a rainstorm, just as I was preparing for a week-long business trip. I got so stressed, the next morning I forgot the passcode I'd been typing into my iPhone for the last five years. Three days of carefully writing down my attempts didn't work—I hit the ten-mistake limit and the phone auto-wiped.

[anonzzzies]

I invalidated my debit card in a similar event. I used it hours before but suddenly for the life of me I couldn’t remember the 4 digits and nor could my fingers. It was after I heard about a death of a relative. Eventually I remembered but the card was already useless and a new one had been dispatched to me.

[carlmr]

Especially that. I forgot my pin once in a stressful situation as well, and that wiped my brain.

I ordered a new SIM card which was luckily enough. But sometimes you store something in muscle memory, not number memory.

[eviks]

Yeah, 10 is a stupidly low limit, it won't save you from some hackers, and it won't help you much when you forget

[plonq]

Something similar happened to me (though I did eventually remember). Now I always save PINs and passcodes in a password manager

[jimmygrapes]

Just today (and many times before) I witnessed a coworker flummoxed by their Windows log in PIN not working. They insisted it was the same thing they used to log in not even 10 minutes ago, before locking it to go pee. However perhaps because I was asking for immediate information, the PIN they used countless times per day simply didn't work. I said "don't worry about it, I'll figure it out" and walked away. Few seconds later they shouted down the hall, "It worked this time, what did you need again?"

[lenkite]

Folks mistype when they are in a hurry. They were likely remembering it correctly but not inputing it properly until you walked away.

[blibble]

the thing is it's not incontrovertible proof, it's "beyond reasonable doubt"

the prosecution would show up with when you bought the phone, how many times you'd used it, that you used it 80 times in the last hour, and so on

and it comes down to whether or not a jury would believe that you had really forgotten it (despite that evidence)

[negidius]

Which means that someone who forgets their passcode because of the stress of being arrested and threatened with years in prison could easily be wrongfully convicted. It's a horrible law, even for those who don't care about privacy.

[yongjik]

IANAL but it sounds like this defense would be received about as well as "Your honor, the defendant was in grave stress of being arrested and threatened with years in prison. That's why he completely forgot why and how he parked his car next to Crosby Lake and was walking in the shallow water, carrying an identified bag, at 3am."

[mike_hock]

So basically that just proves the parent poster's point because the burden of proof is on the prosecution to prove that the defendant was carrying a bag containing a body and the defendant is under no obligation to remember or justify parking his car by the lake at 3am and walking around.

[bippihippi1]

The defendant didn't admit to a crime and wouldn't open their house to unreasonable search. how suspicious

[blibble]

I am not a fan of the RIP Act (and there's plenty more badness in there)

but playing devil's advocate, without this specific offence the disclosure sections would be completely ineffectual

(remember the UK also allows adverse inferences to be made from silence, it is not the US)

[miles]

> remember the UK also allows adverse inferences to be made from silence, it is not the US

Even in the US, the law has changed rather drastically[0]:

“The only way to prevent the government from introducing evidence of the suspect's silence at trial is to explicitly invoke (assert) the right to say nothing. In other words, without being warned by the police or advised by a lawyer, and without even the benefit of the familiar Miranda warnings (which might trigger an ‘I want to invoke my right to be silent!’), the interviewee must apparently say words to the effect of, ‘I invoke my privilege against self-incrimination.’”

[0] https://www.nolo.com/legal-encyclopedia/when-how-invoke-your...

[flangola7]

If you can't remain silent then what are you supposed to do to not accidentally incriminate yourself?

[yencabulator]

The lesson to take away from that is to have a smaller compartment (or multiple) inside the computer that contains all the juicy stuff. Unlock the main one, claim to have forgotten the keys for the juicy compartments, and you're keeping it around in hopes of remembering the key one day.

[counttheforks]

right, you are explaining why the law is ridiculous and unfair

[lenkite]

Actually, I forgot the passcode to my phone after being involved in an accident. It was utterly nerve wracking. Got blasted by so many people for not calling up and I was embarrassed to admit that I couldn't remember my passcode.

I had gotten used to putting in the passcode without even seeing the screen and completely lost this muscle memory at the time of the accident - likely due to high stress. I did not remember it later either - it was like my mind just rejected the memory and simply couldn't place out what were the exact digits.

Became far more understanding of my parents forgetting stuff after that incident.

Anyways, the point is that you can un-believably forget the phone passcode at a time of stress. Sure, some cool-as-cucumber humans will never forget anything, but the vast majority of people are not like that.

[causality0]

Right. I stopped using hardware encryption after I forgot the password to my IronKey and had to throw it away.

[yencabulator]

That's just a not-friendly HSM. You should be able to reinitialize things, but not extract secrets from them. For example, you can reinitialize Yubikey's "key slots", without remembering the PIN.

[eviks]

They can do it the same way they prove everything else - ineffectively

[wjnc]

Everybody’s guilty! Got unexplained 0’s and 1’s on a USB? Must be a hidden partition.