in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Smartphone Encryption: Canada Law Enforcement Requires Warrants For Searching Cellphones

A Canadian appellate court has ruled that the police need a warrant if they want to search a person's phone – but only if there's a password in place (or if the phone is physically locked up).  Otherwise, it's open season for going through your phone, which – depending on whether it's a smartphone or not – could contain a whole lot of personal data.  But, you might want something stronger in place, like smartphone encryption.

Thus Spake Court of Appeal for Ontario

The ruling overturns an appeal involving armed robbery.  You can read some of the details by visiting thestar.com (link below) and other fine publications but, in a nutshell, the police were able to arrest the appellant because they found on his body a phone which, "after manipulating [it], police officers found it contained photographs of a gun and cash as well as an incriminating text message."

In other words, the alleged bank robber was arrested because he was carrying incriminating evidence on his person at the time of the arrest.  This subsequently led to a conviction.  The question is – aside from "how stupid can you be?" – whether the search was a legal one.

Experts' opinions are divided on this one.  Take, for instance, laptop computers: according to the globeandmail.com, a Canadian judge ruled last year that accessing computers requires a warrant:
Justice Thomas Heeney decided [that a warrant is required to search through a laptop's contents], because in the 21st century, a computer is no longer a "thing," but rather a "place" - a repository of vast amounts of personal information.

The judge's ruling stemmed in large part from an earlier court ruling, also involving a high-profile murder.
Whether the laptop computer was protected with encryption software, or other safeguards were in place, doesn't matter: if the police are going to search through a laptop's files, they need a warrant.

And yet, the Court of Appeals' ruling on searching phones appears to present a significant difference.  If the phone was protected with a password – or locked in a drawer, which moots the "in plain view" aspect of the law – a warrant is required.  If not, it's open season on the phone.  This despite the fact that certain phones, such as smartphones, are in essence miniature computers with a phone chip attached to them.

(One wonders where tablets would fall.  If I use my tablet to Skype people on a paid plan – meaning that I'm using it as a phone – is my tablet a phone or a computing device like a laptop?  The absence of a password means the cops can go through it in the former; if the latter, they'd need a warrant.)

Going with Something a Little Stronger.  (OK, a Lot Stronger)

We'll have to see what happens.  The discrepancy between how searches on "phones" are being approaches vs. laptops is quite glaring, and it's quite obvious that there is a case here to take it all the way to the Supreme Court.

In the meantime, let's talk security: do you really think that a simple little password will keep someone out of your phone?  Most phones – smart or "dumb" – come with the ability to apply a 4-digit passcode, at least.  Because the numbers run from 0000 to 9999, it actually represents 10,000 different combinations.  I'm not bragging, but I can go through all 10,000 combos in an afternoon.  It will only take me 3 hours at one second per passcode.

If you have it, what you really want is a password that is coupled to phone disk encryption.  This gives you some flexibility in terms of security:

  • If possible, choose an extended password as opposed to a 4-digit passcode.  The longer the password and the more complex it can be (aka, lower-case letters, upper-case, letters, and number), the more secure it is.
  • Enable automatic wiping of data after 10 erroneous tries.  This setting will delete the encryption key if the wrong passcode or password is entered more ten times.  If you're using a 4-digit passcode, this is definitely a "want."

Related Articles and Sites:
http://www.thestar.com/news/crime/2013/02/20/privacy_rights_police_can_search_unprotected_cellphone_without_warrant_appeal_court_rules.html
http://www.theglobeandmail.com/news/national/can-police-look-through-your-cellphone-depends-on-whether-theres-a-password/article8908107/
http://yro.slashdot.org/story/13/02/21/1343231/cellphone-privacy-in-canada-encryption-triggers-need-for-warrant
 
<Previous Next>

Deleting Solid State Drives: Cleaning SSDs Almost Impossible, So Use Encryption

Apple iPhone Protection: NYPD Team Dedicated To Apple Device Recovery

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.