> GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).
In a border interrogation scenario, isn't that just likely to get you arrested for destroying evidence?
Depends on the border. In most democracies, and at most borders, and in most LE cases, there is a line between “destruction of my own property/data” and “destruction of evidence,” where the latter usually needs a court document notifying the subject of the potential charge of their requirement to preserve evidence (for example, a subpoena, or in some cases, a direct request to avoid spoliation).
Theory. This is not how things work in practice, even in "democracies". Speaking as a person who has been harassed at the US border from Canada many times, I've learned it depends more on how the border agent "feels" about you. These people are often uneducated bullies who don't know or don't care about the law anyway. And if you start objecting on some legal basis, they can legally make things a LOT harder for you, including simply denying entry for no reason (yes, they have such a right). Better to cooperate rather than give the appearance of "destroying evidence" (even if completely legal) or you're in for a world of hurt if you got the wrong guy.
Wella, if you are a "normal person" with actually nothing to hide, yes, cooperating as much as you can is probably the best thing to do.
But if you are some "special person" (activist, journalist, diplomat etc) wiping out everything might be your best option.
With all due respect. I used to think that only Boomers and anonymous Youtube edge lords repeated the "if you have nothing to worry about, comply!" nonsense.
2 out of 3 people in the US live within U.S. Customs and Border Protection jurisdiction, where border agents can search without warrant if they determine they have "reasonable suspicion."
Additionally, SCOTUS ruled in 2022 (Egbert v Boule) that someone who has had their Fourth Amendment rights violated by CBP agents are not entitled to any damages unless Congress clearly defines a punishment for the violation by a federal agent.
That’s a significantly higher bar. It’s not foolproof though.
I believe in most countries, customs can inspect your luggage. They can’t force you to reveal information that they’re not even certain you have.
Under your situation, the best idea is to simply have a wiped device. A Chromebook, for example, allows you to login with whatever credentials you choose, including a near empty profile
> I believe in most countries, customs can inspect your luggage. They can’t force you to reveal information that they’re not even certain you have.
this isn't a very useful way to think about it.
they can definitely search your luggage, obviously, but the border guards/immigration officials/random law enforcement people hanging around/etc can also just deny non-citizens entry to a country, usually for any or no reason.
there's documented cases of Australia[0] demanding to search phones of even citizens entering the country, and the US CBP explicitly states they may deny entry for non citizens if you don't give them the password and while they can't deny entry to citizens, they state they may seize the device then do whatever they want to it[1].
> I believe in most countries, customs can inspect your luggage. They can’t force you to reveal information that they’re not even certain you have.
They can. And if you refuse, they can do a lot of very unpleasant things to you. It might against the local law, but it wouldn't really matter in a lot of countries.
> you can't be forced to remember a password you "forgot"...
No, but the border agents also aren't required to let you into the country. (Generally unless you are a citizen.)
So border agents are very different than general laws of the country because while there may be legal protections about what they may be able to force you to do there are much less protections about when you have the right to pass the border (other than entering countries where you are a citizen).
I don't think there is a technological solution for this unless you have some sort of sleight-of-hand. Typically, border agents of countries with lots of transit do not stop people for very long. Some other countries (North Korea, perhaps) might put everyone through the wringer because they do not have a lot of crossings. If a border agent of a relatively free country is stopping you, they probably have some suspicion, in which case it is best to not be holding evidence in your hand.
There are steganographic methods to hide your stuff. You can also use burners on either side of the border crossing and keep your main line clean. But bringing a device full of encrypted data (even if it's just your regular photo collection) that you refuse to unlock will probably be suspicious.
I know that there are times when there are no reasons for suspicion and people get stopped anyway. The border agent didn't like your look, or racism, or an order came down from on high to stop everyone from a particular country and annoy them. If that's the case, it's probably still best to not have a lot of incriminating evidence on your person, encrypted or not.
Or, with GrapheneOS, you give them the duress password, on the understanding that you will have to set the device up from scratch IF you ever see it again.
If that's in your threat profile, you should not be traveling with a phone. If this is a real threat for you, no amount of hardware/software security will beat a wrench: https://xkcd.com/538/
[1] https://grapheneos.org/features#duress
[2] https://grapheneos.org/features#improved-user-profiles