Features Request: Emergency Safety Password

2»

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Hi Henry,

    I followed that case closely and also some other similar cases. I recognize the problem you are seeking to address, but I do not believe that there is a workable technological solution that would address the problem in the way that you want. A false decryption that would fool the FBI isn't easy. And so the FBI would just tell the court that you didn't reveal the true key. Only if you routinely encrypt things with a OTP and if your computer or device loaded with lots of files that contain purely random data would you be in any position to "get away with" a false decryption.

    So the solutions to the problem that you raise aren't along the lines that you suggest. In terms of technology, steganography may be the best approach. But I think for practical purposes, the solutions will involve law, not tech.

    There was a case in the 1990s in UK where an accused member of a child pornography ring claimed that he'd forgotten his PGP passphrase. For all I know, he was telling the truth. Crucially neither I, nor anyone else, can know whether he was or not. I do not know how that case ended up. I believe (but I lost track of the case) that the Crown was able to successfully prosecute him without decrypting his data.

    Again, the actual case law in the US on this is all rather thin and unsettled, with conflicting rulings in the US about whether people can be compelled to reveal a decryption key. Some courts have ruled that it is analogous to turning over a physical key, which people can be compelled to do, while other courts have treated it as information and so it would be compelling someone to testify against themselves. But even in the latter case, courts have ruled that people decrypt data without turning over the key. I do not know of cases in the US that involve the "I forgot my password" line of defense.

    For those who are interested in following these sorts of issues, I highly recommend taking a look at the research and work done by the Electronic Frontier Foundation in the US. Different countries have different laws, judgements and policing practices.

    Cheers,

    -j
  • HenryY
    HenryY
    Community Member
    Jeffrey,

    Thanks again for the detailed answers. I do remember something about the US courts ordering somebody to decrypt their data without turning over their key. I'm pretty curious to find out what would happen if someone went with the "I forgot my password" defense. Using strong passwords created with 1Password, this is actually possible.

    As for criminals, I am assuming that giving somebody a false key would buy a person enough time to escape from such a criminal, while sending them on a wild goose-chase to try to access your data. I do recognize the difficulty in implementing any such solution in 1Password at this time.

    Thanks for the discussion.
  • jpgoldberg
    jpgoldberg
    1Password Alumni

    No working passwords in the user's 1Password vault, combined with the fact that the ability to unlock "fake" passwords is a published feature of 1Password would in the very least provide evidence of continued contempt of court, if not outright perjury if the information was given under oath.

    That corresponds to my (inexpert and untrained) intuitions.

    I also think that in these sorts of cases saying "I forgot my password" is just as (in)effective or (un)lawful as providing false ones.


    As I said, I'd be curious to see it tested in court, since we have no idea how it would actually go down. I don't think it's a slam-dunk, however, and thus far all of the court tests have been about withholding information, not about knowingly providing false information.

    Yep. I don't think we've seen anything like this tested.

    I think that the UK case ("I forgot my password") that I mentioned got handled prior to trial. Prosecutors, if Hollywood is to be believed, are pretty good at saying things like, "well even if it's uncertain whether we can legally compel you to give us X, we can make sure that things will go much harder on you if you don't."

    I'm guessing that law enforcement doesn't want some of these tested, and so they will try to get what they need before it comes to an actual ruling. That, at least, is my speculative theory for why there remains so little case law on things like this. (I've had exactly these sorts of discussions back in the 90s, and had predicted then that these sorts of things would be largely settled by now.)

    Cheers,

    -j
  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Henry Yeh wrote:

    Thanks for the discussion.


    Thank YOU Henry. I've enjoyed it, and maybe we can continue it once things settle down a bit. As you can imagine, we are all pretty busy with getting people started with 1Password 4.

    Cheers,

    -j
  • Steve_Joyner
    Steve_Joyner
    1Password Alumni
    edited January 2013
    I love these topics. I think about them all the time -- especially vis-à-vis the Constitution's 4th and 5th amendment.

    For the sake of discussion, let's suppose that the 1PW we're discussing is the iOS version (iDevices).

    Let's say I return to SFO from a two-week trip to Bangkok, Taiwan, and China. At SFO customs (ICE) they ask to inspect my iPad. (BTW, no warrant or court order required. This is settled law.) I present my PIN-locked iPad to ICE officer. He asks for the 4-digit PIN. If I say I "forgot" or give him the incorrect code, this is tantamount to lying to a federal officer (a felony). However, if I say, "I refuse to consent to this search," I would be telling the truth. At this point I would most certainly be detained for a few hours, or perhaps more. But in the end, I'd be released -- albeit without my PIN-locked phone. ICE would sieze it. If I got it back at all, it would be weeks or months, not hours or days.

    Presumably, they would send it to a forensic's lab where they'd do their thing. Brute force on the PIN provides, at most, 10 attempts -- or, at min, 4 attempts (via iPhone Config Utility) -- before it would trigger a wipe of the device.

    (Remote wipe would be an option as well, but less plausible. Presumably, they would shield seized devises from cellular signals, WiFi, etc.)

    I concede that there are a lot of presumptions herein, but the takeaway, in my view, is that security is a mindset to be looked at comprehensively (i.e., as multiple perimeters). I find that many discussions here and elsewhere regarding 1PW security (or any security mechanism) fail to mention the inherent (and optional) security features of iOS6 and the device itself.
  • khad
    khad
    1Password Alumni
    I've just been hanging out with sideshow performers perfecting my glass eating technique. One wrong look from the authorities and my iPhone goes down my gullet. :)
  • jdouglasj
    jdouglasj
    Community Member
    Putting aside 1-Password for the moment, an emergency PIN for your ATM card is an excellent idea.

    In Mexico and other countries, it is not uncommon to kidnap tourists for a length of time having them withdraw the maximum daily amounts on their debit cards for as long as it takes to run the account dry. If you have a big bank account, you'll be withdrawing the daily minimums and living in peril for some time.

    What if we had an emergency PIN that wouldn't shut down access to the account? You don't want the emergency PIN to shut down the account because it might really upset your kidnappers and put you in more serious physical danger. But how about an emergency PIN that showed a fake amount of money account, such as $1,285 or whatever, when you actually have much more than that in the account? Your Mexican kidnappers could bleed that small amount dry and let you go.
This discussion has been closed.