January 05, 2011

Urgent Call for Privacy-Enhanced Mobile Data Storage and Self-Destruct Mechanisms

Greetings. Once upon a time -- not so very long ago -- an individual arrested by law enforcement, or subjected to search at border custom checkpoints, would typically be carrying little more of interest than clothing, a purse or wallet containing limited sundry items, and more recently a very simple cell phone.

But now many of us carry powerful computing devices that frequently contain immense volumes of personal and business data -- laptops, smartphones, tablets, flash memory thumb drives, and soon other yet to be imagined marvels. While it is increasingly possible to store data only in the cloud for download or streaming on demand, many users still need to maintain significantly large amounts of data on their local devices due to data access speed requirements, or to assure data availability when remote data connections are not available.

Governments in general and law enforcement in particular are increasingly taking the view that their detailed inspections of mobile devices, and the masses of data that they frequently contain, are no different in kind than a simple search of a suspect's or traveler's pockets.

Now the California Supreme Court has alarmingly ruled that arrested suspects' phones -- and by extension any other devices on their person or in their vehicles at the time of their arrest -- can be comprehensively searched in detail. This includes all contained data, without the need for a search warrant: "Photos, address book, Web browsing history, data stored in apps (including social media apps), voicemail messages, search history, chat logs, and more."

While this ruling is not without conflict vis-a-vis some rulings in other states, and may ultimately be decided by the U.S. Supreme Court, it still appears on its face to represent an enormous overreaching of law enforcement in a highly inappropriate manner.

As I mentioned above, international travelers have long faced the risk of U.S. Customs not only inspecting the data on their laptops or other computers upon reentry to the U.S., but of having those devices arbitrarily confiscated for detailed inspection, data copying, and other intrusive investigations for prolonged periods of time.

If the framers of the U.S. Constitution had been able to anticipate that individuals would one day carry such vast quantities of information representing virtually the sum totals of their business and personal lives, it is likely that the Fourth Amendment prohibiting unreasonable searches and seizures would have been written in ways that even more explicitly prohibited "high-tech" data device strip searches.

It's very important to remember that this is not about protecting criminal behavior -- we're talking about the protection and preservation of fundamental constitutional rights, that are now being eroded by opportunistic overreaching on the part of authorities (whether for laudable motives in any given case or not). Nor can we confidently assume that all future governments will even be as "benign" as our own at any given time -- encroachments on privacy rights by government are fundamentally dangerous, especially for innocent, law-abiding citizens.

Fortunately, we do have the means at hand to restore some sense of balance regarding the privacy of our personal, mobile data devices.

The powerful combination of local device storage, increasingly fast "persistent" data connections, cloud-based data repositories, high-grade encryption, and associated technologies, can provide the foundation for an open-source framework to provide privacy-enhanced mobile data storage and data "self-destruction" systems to help return "search and seizure" closer to the concept that the Founding Fathers had in mind.

So, I'm now making this urgent call for broad cooperation in the development of open-source systems and environments that would include at least the following initial attributes:

  • Provide for the "continuous and automatic" backing up of all mobile device data (as desired) in secure off-device locations. Such locations could include cloud-based services and/or locally controlled (e.g. business or home) computer systems and data arrays. Note that under current laws the precise physical location of data greatly impacts the required mechanisms for government inspection or seizure of that data. Mobile devices (certainly in California for now) are pretty much an open book after the new Supreme Court ruling. Various groups are working toward trying to achieve harmonization of laws to provide the equivalent of locally-hosted data privacy protections for cloud-based data, but battles in this regard are still ahead. Also, the ability of authorities to try compel the provision of data decryption keys and related information varies depending on situations, jurisdictions, and other factors.
  • Users should be able to optionally specify degrees of data security desired on a per-item basis. For data without significant privacy-related concerns, mobile device data self-destruct mechanisms could be flagged to bypass that specific data (e.g. specific files, databases, etc.) under particular usage scenarios. Individual data items could also be flagged for various degrees of off-device data repository security -- unencrypted (e.g. publicly shared data), encrypted, or various combinations as appropriate.
  • All communications between mobile devices and remote data repositories would be encrypted.
  • Mobile device data self-destruct mechanisms would be designed to enable ease of use in routine, unusual, and emergency situations for selected or full data. For example, a traveler about to enter U.S. customs could use a routine activation sequence to "cleanse" sensitive business data from a mobile device, then restore it completely (restoration priority at the control of the user) afterwards. In unusual or emergency situations, data self-destruct activation may be through a unique device key sequence or carefully confirmed voice command sequence. Sequences to delete off-device stored backup data in remote repositories, and methodologies for remote triggering of mobile device data self-destruct (including both manually triggered and "tamper triggered" sequences, would likely be commensurately more complex to avoid undesired data loss, depending on the level of backup data chosen and available.
  • Self-destruct/deletion procedures for stored data (both locally stored on mobile devices and to the greatest extent possible on remote repository backup data systems), would be designed to offer varying levels of resistance to forensic deleted data reconstruction, as specified by users for particular data and usage scenarios.

I hope that's enough to get the ball rolling. It's very important that such concepts be implemented in an open-source environment, and that strong, high-grade encryption be used throughout the framework wherever encryption is employed.

Again, this is most definitely not about protecting illegal activities or criminals. The goal is to protect us all -- and our completely legal personal, business, and other data -- from unreasonable acts by those entities who are now leveraging our advanced mobile data devices to a level of intrusion into our lives that is simply not in keeping with our fundamental rights and liberties.

While I do have my own very preliminary, somewhat specific implementation concepts relating to this project, I'm very much inviting all comers and all ideas. In terms of practical project goals, I would encourage the development of these principles into exploratory code as rapidly as possible, across a wide array of mobile platforms and supporting backup repository system environments.

Linux, Windows, and Android are currently available to me in various incarnations. Google's Cr-48 Chrome notebook would be another obvious implementation target platform that I would like to explore early on for the project, though unfortunately I do not have one of those units in hand.

I am not a routine user of the Apple ecosystem, so developers comfortable in the Mac/iPhone world are definitely needed as well, plus Blackberry, Symbian, and any other common mobile platforms.

Please let me know if you're interested in participating. Any and all comments, questions, criticisms, and ideas are of course welcome.

Thanks all. Be seeing you.


Posted by Lauren at January 5, 2011 05:09 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein