How to protect your own data from physical access and key disclosure laws

How to protect your own data from physical access, but especially if you are in a country where you have to disclose your passwords.

First of all, we need to distinguish between two situations:

1. if it would be illegal to force a person to give out their password, except at the border, airports, train stations (locations where the police sometimes have extra powers and are also locations to enter a country). This is currently the case in countries like the USA or New Zealand (but not limited to those two).

2. if you can always be forced to disclose all known passwords.

In the first case, it is sufficient to enter the country without electronic devices and then buy the necessary devices locally or send them to yourself by post before departure.

However, it is important to note that if you are not in one of the places mentioned above, such as an airport or border crossing where you can be forced to hand over your password, it is still possible for the authorities to use software from companies such as Cellebrite to exploit 0 day exploits to gain access to your devices.

The best defense against this would be for smartphones GrapheneOS with a strong passphrase, for Linux LUKS (LUKS2) also with a strong passphrase. VeraCrypt would be best for Windows. But remember, the encryption is only as strong as your password.

In the second case, this is much more difficult, as it can always happen that the authorities demand the disclosure of all known passwords and, depending on which country you are in, this does not require a court order.

In this case, it would be best to store sensitive information on a device with VeraCrypt, as this can be used to create a hidden volume.

So if you are forced to reveal the password, it is possible to decrypt only a part of the volume and thus hide the true content, as this requires a different password. However, it would not be possible to prove that another encrypted part exists in the same volume. This is deniability through encryption.

For mobile devices I see hardly any way to protect yourself, there is the possibility to wipe all data on it, but then you will be prosecuted for destroying evidence and obstructing the police.

You can perhaps store everything important in a cloud and access it through the mobile browser, which is set to delete all data after closing the app.

The second one seems to present a pretty unique threat model I haven’t seen before, but I will bite. If you are in a jurisdiction where:

1. You can be forced to reveal password without warrant
2. You can be targeted with forensic tools
3. You are a potential target
4. But still not vulnerable to physical, economic, or mental torture

Then you should not be using any system that preserves state, including phone devices running any OS or any laptop. Cloud will also not work since if they know you have an account or detect artifacts using forensics showing an account, they can force the password out.

The best bet is using Tails with the caveat of being very visible on any network analysis if you access the internet.

If 4th condition fails, then nothing can be done. They can always “extract” information out from you using a cheap screwdriver.

For the first condition if you do not have a “suspicious” name (middle eastern or asian), you are not “suspicious” looking (non-white), you are not an “extremist” (climate activist, etc.), and you do not have “interesting” destinations on passport, you will be mostly fine in US, New Zealand, Australia, etc.

If you are a citizen, you do not need to do anything, just resist. They cannot stop you.

For anyone else just keep your head down and comply with instructions. Keep no data on devices (all on cloud), and factory reset them if your devices are confiscated.

If you are a high value target, and they take the device away from your sight, open them up and compare the hardware with reference images online to check for hardware bugs, factory reset, etc. Use GrapheneOS and bring a unibody laptop which cannot be opened easily (like the macbook). Don’t do anything suspicious. Make your phone homescreen look as normal as possible, download something like Lawnchair. Keep a few google apps upfront. Macbook and pixel phone help you blend in, normal looking setups stop suspicion. Dress normally, don’t look suspicious, smile and wave.

The more ridiculous your setups get, the more interesting you seem.

The best bet is using Tails with the caveat of being very visible on any network analysis if you access the internet.

I would say it depends, in Singapore for example, you have to tell the Police everything and lying or not saying anything will be seen negative by the court. So I think for cases like this, it might be the best to use hidden volumes for the purpose of deniability.

Using Tails in such a situation might be worse, because if you dont want to hurt yourself (legally, Singapore specific for this example) you would have to tell them what you used Tails for.

If you are a citizen, you do not need to do anything, just resist. They cannot stop you.

But they can seize your devices and try to gain access to it. Depending on your Operating System and the Encryption it uses, they might be able to gain access to it.

I would say it depends, in Singapore for example, you have to tell the Police everything and lying or not saying anything will be seen negative by the court. So I think for cases like this, it might be the best to use hidden volumes for the purpose of deniability.

Interesting case…this also applies in the UK. Refusing to disclose a password or open a safe could allow the court to “infer” guilt. That is in addition to being a criminal offense by itself.

Using Tails in such a situation might be worse, because if you dont want to hurt yourself (legally, Singapore specific for this example) you would have to tell them what you used Tails for.

How could the police verify any testimony? There’s so much plausible deniability when using Tails

+1. I never use password manager/2fa apps but something like aliasvault + html webpage where i can paste totp secrets on the go. Local data isn’t always the most secure option especially when your fate is in the hands of app developers that are not prioritizing defenses against Cellebrite.

Lying by omission is possible with Tails since it has a minimal footprint to observe. Veracrypt or anything else is simply not serious, tons of indications a person has used it on device. Anything that writes to disk just writes more evidence, in my experience.

The threat model presented is very impossible to me. If you are interesting enough to be targeted at that level, and country has no laws against warrantless surveillance and forced access, then you actually can’t do anything to be safe.

The main advantage of having no device is that it is also great in preventing planting of evidence. They can plant CSAM, “suspicious” material, etc. on any device with storage that you have and convict you for that.

I will be honest, most people haven’t actually planned for that level of threat model since their life does not depend on protecting themselves against it. So there is a lot of information out there that assumes it will work. It is like End of the world LARPers trying to write a survival guide, it will be wrong and misguided since real life is much more harsh and unfair.

Storing and Carrying Concealed Encrypted Data

Please look at at the following screenshot.

Screenshot839×692 145 KB

It looks like this 16 GB volume contains only one 8.7 MiB file. Is it really true? Maybe yes, maybe no.

The file system tells us that there is only one file here. But is there really only one file on the volume? We cannot find this out using the file system. In fact, data may be located outside the file system and be undetectable by file system tools. 15.2 GiB of space marked as free may be occupied by a hidden file system. This “free” space may be taken up by hidden encrypted data.

Can the existence of this data be disproven? Yes, for example, by examining the entropy level of this free space using binwalk. Low entropy indicates a probable absence of hidden data. High entropy does not, by itself, prove the presence of encrypted hidden data. Areas with high entropy can be either just residual data or hidden encrypted data.

If you are interested in hiding data outside the visible file system, then tird is at your service.

How can this prevent someone from planting drugs or thumb drives in your pockets?

Lie detector maybe, I dont think that telling them that shopping was the reason tails was used for is something they would believe, but you are right, they would have have a hard time verifying that you are telling the truth or not.

Yes!

Diceware is a good method for randomly generating passphrases for your encryption - a 10 word DW passphrase has over 128 bits of entropy which is out of reach conventional digital computing techniques for the foreseeable future. Memorizing 10 words isn’t difficult.

And full-disk encryption and file-based encryption are inherently vulnerable to cold-boot attacks, so devices should be fully powered off when not in use, and immediately powered if physical access is going to occur, such as during a raid. This is what will stop software like Cellebrite. In phones a “Before First Unlock” state where the keys are not in RAM is sufficient. An encrypted device in use should be considered unencrypted.

Its a common threat model.

When dealing with non-government actors ready to use force - from drug cartels to a teenager’s parents, saying “No” is usually an unacceptable answer. Thankfully, these kind of actors are usually less technologically sophisticated, and a fake app or folder put in a weird place might stop them. This is also the threat model for people living in countries like the UK.

Great comment, but I have one nitpick: Hardware implants are, even for well-resourced organizations, are horrendously difficult to find and may not even be visible. It may not be wise to trust that you are reliably able to detect one. Hezbollah, a well-resourced organization was unable to detect explosives in their pagers even after X-raying them.

If you’re worried about hardware bugs, its effective and easy to buy computer parts off-the-shelf with cash to prevent package intercepts.

The indications that definitely point to a hidden volume are mainly due to system logs, config files and other evidence. If you have a hidden VC volume on a removable hard drive that you access using Windows, there might be evidence of what kind of things you did on that drive left on your main drive. Deniable encryption when used with a live (amnesic) operating system helps mitigate this issue.

There are plenty of people living with this highly dangerous threat model, such as hackers, whistleblowers that communicate to journalists, users or owners of highly targeted Onion services (CP sites for example), many or most of whom get away with it. Its largely a matter of staying anonymous to the people that want to bust in your door.

In case of deanonymization, using amnesic operating systems, using encryption software that is sufficiently deniable or deceptive (steganography, deniable encryption) can and has stopped government actors with authorization to compel users to surrender encryption keys, from securing convictions.

You could have CP or really anything else planted on you with or without a device.

If the police planted a USB device with teen lesbian porn, a laptop without a hard-drive, and a separate USB with Tails OS to explain the lack of digital trails, let you put your fingerprints on the laptop through some social engineering action, how would one even defend yourself? Any evidence that it wasn’t you could be suppressed or ignored by a jury of non-technically-proficient people who are blinded by the ongoing moral panic on the subject. I’m not sure if there is a good technological defense to a government, or even a crafty malicious actor determined to imprison you.