The police must obtain appropriate permission from a judge to obtain a s.49 RIPA notice.
Before a judge grants the notice, they must be satisfied that:
The key to the protected information is in the possession of the person given notice.
Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK.
Disclosure is proportionate.
If the protected information cannot be obtained by reasonable means.
Feature request: Make it default behavior on phones that you can have multiple passwords, connected to different profiles. With no way to determine how many profiles a phone have.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.
It would be nice if phones had a feature where you can define more than one pin, but only one is for your actual phone contents - the other ones leave you to a completely harmless but otherwise indistinguishable looking smartphone interface that contains no or only completely bogus data.
No one likes when I say this but it's really past time to stop doing anything interesting on your phone. Delete all your apps, set it as minimally as possible. Leave it home when you go for walks, and power it off when you go driving or to the store, or whatever.
Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
That is exactly why a Duress Pin, like the one in GrapheneOS, should be standard everywhere. Ideally, it should also include an option to visibly destroy the device by overheating it, to ensure that no one can accuse you of not having actually deleted the data and keep asking for a password.
I wonder what would happen if HK tried to force somebody to unlock their business phone. It's typically a violation of corporate policy to allow a third party to access the encrypted, confidential information on corporate mobile devices.
The poor device user would be faced with a choice of losing their job and being held criminally liable for breaching their company's systems, or going to jail in Hong Kong.
160 comments
Yes, it can be a criminal offence. But the maximum tariff for this under RIPA 2000 is five years. If it’s not about nation security or CSAM, it’s two.
(Incidentally, the USA is a real outlier in this topic)
Before a judge grants the notice, they must be satisfied that:
The key to the protected information is in the possession of the person given notice. Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK. Disclosure is proportionate. If the protected information cannot be obtained by reasonable means.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
The poor device user would be faced with a choice of losing their job and being held criminally liable for breaching their company's systems, or going to jail in Hong Kong.
>The US is evil
>China makes you give phone passwords, China makes Apple give user data
>The US wiretaps 1 person
"OMG THIS IS AN OUTRAGE!"
We forget because a Republikan is in charge how good we have it in the west. We forget how bad it is elsewhere.