Hacker News new | past | comments | ask | show | jobs | submit login
Bill on CA Governor's desk would ban mobile device searches without a warrant (wired.com)
116 points by tonywebster on Sept 23, 2011 | hide | past | favorite | 19 comments



A state bill should be totally unnecessary. This is a constitutional right. If we accept this bill as the norm then its no longer a "right" and just a permission by the govt that can be rescinded at anytime.


The text[1] of the bill seems to affirm the sentiment that it's a constitutional right; it serves to counteract a California Supreme Court ruling:

"(e) It is the intent of the Legislature in enacting Section 1542.5 of the Penal Code to reject as a matter of California statutory law the rule under the Fourth Amendment to the United States Constitution announced by the California Supreme Court in People v. Diaz."

[1]: http://info.sen.ca.gov/pub/11-12/bill/sen/sb_0901-0950/sb_91...


Governor Jerry Brown

c/o State Capitol, Suite 1173

Sacramento, CA 95814

Phone: (916) 445-2841

Fax: (916) 558-3160

http://gov.ca.gov/m_contact.php


It will be interesting to see if this ends up being as abused as other warrant searches are. What is the probable cause of searching a cell phone? Does the guy have to have kiddie porn as his lock screen or is it enough to think he might have a drug dealer's home address in the phone book? People's phones are almost their second homes, and in a way I am glad that the law is catching up with technology, but they need to be prepared for a whole nother set of issues that come with it


Doesn't much matter, all mobile devices worth using are constantly sending their data up to "the cloud", which, thanks to the USA PATRIOT Act's provisions for National Security Letters (NSLs), the federal government can access at any time, in real-time, without a warrant or even post-hoc judicial review.

The time has come to leave America. No state law can change this. The fourth has been dead for TEN YEARS next month, it is nothing short of naïve now to believe that it will get any better.

There are lots of nice places to live in the first world where the government hasn't gone totally insane. Move there.


Say what you say is true, where would you recommend? We can then discuss specifics of those countries. (On a less serious note, you don't have the Silicon Valley there, wherever there is.)


Norway is great for data privacy, however as you say, there isn't a Silicon Valley or anything similar, even in Oslo. There are some good tech groups, and some good university groups spread around, a good amount of design and media organizations, and a much larger percentage of the population know what Twitter and Facebook are and use smartphones, and youth are basically acquainted with most 4chan memes. The biggest and most notorious tech group really is Opera, which also accounts for a significant chunk of the country's data traffic (Opera also operates a very huge proxy service for mobile devices).

* Norway's Data Authority: http://www.datatilsynet.no/templates/Page____194.aspx

Despite what I'd consider to be a fairly (in U.S. terms) progressive government organization that is pro-privacy, Norway has recently enacted its own local version of the E.U. Data Retention Directive.

* EU: http://en.wikipedia.org/wiki/Data_Retention_Directive

* Norwegian version: http://translate.google.com/translate?sl=no&tl=en&js...

So basically, even one of the better countries for data privacy still has its own struggles.


Personally, I'd recommend almost anywhere in the first world over America presently.

I chose Berlin for a variety of reasons, but there are many places worth living. I'd say there are roughly a dozen that spring to mind, any of which would be acceptable for starting a business.


We desperately need someone to configure Android with LUKS/dm-crypt, which theoretically shouldn't be such a huge leap since Android is based on Linux (I know nothing about Android-specific kernel divergences, but would be interested to know if device-mapper is badly broken in Android kernels).

Another interesting project would be a service that sits on your phone and automatically encrypts all of the automatically synced data, so Google only received encrypted data and your phone transparently decrypted it upon demand. This one would probably require much deeper work than making device-mapper run on Android Linux kernels.

I am grateful to Google for making an open, decent phone system so that this kind of stuff is made possible. Think about the options we'd have if iOS was the only smartphone on the market.

People need to accept that without strong encryption, any and all of their digital storage is open to adversarial or even accidental perusal, and that they should have no realistic expectation of privacy without correct application of cryptographic techniques. This is true across every form of digital storage: mobile, desktop, laptop, cloud, USB stick, etc. Encrypt or suffer.


That is how my netbook is configured, EncFS encrypts file names and contents before rsync sends it to a remote backup server.

On the phone, you don't need to encrypt all of the file system (for better performance) but just the parts that hold user data.

Unlocking the screen and encrypted user data by "swiping a pattern" is not a big thing and takes not even a second.


A swipe pattern has such low entropy that you may as well not encrypt it.


Sure, it doesn't stop a criminal, but it implies privacy that could be held up in court against unlawful search.


I have my phone set up to enter a long code on boot (which goes to LUKS) but the lockscreen PIN is much smaller. The low entropy on the lockscreen doesn't matter so much as it is capable of restricting the number of tries, delaying after a certain number of failures, etc.


I agree, I don't see why it'd be unreasonable to type a passphrase on boot.


An encrypted hard disk will be visible in the clear when the phone is turned on. You'd have to ensure to turn off the phone before the cops get it.

For some people encyrption is suffering. If they lose/forget the password for the encryption, then they won't be able to get their data back.


> We desperately need someone to configure Android with LUKS/dm-crypt

I've done this already on my Samsung Galaxy S II. I haven't got round to publishing it yet :-/


Is LUKS going to help here? If the phone is switched on then the LUKS keys are held in memory and the disk is completely open. All that an attacker needs to do is to ensure that the phone doesn't switch itself off or run out of battery while the information is copied off.


Indeed, I meant to address this in my original post. It is not fool-proof but in most cases it's reasonable to turn your phone off after getting pulled over or before meeting a security checkpoint. Certainly much, much more secure than what we have now.


Do we have to have the slightly emotional title of "Bill on X's Desk"?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: