Yes, it can be a criminal offence. But the maximum tariff for this under RIPA 2000 is five years. If it’s not about nation security or CSAM, it’s two.
(Incidentally, the USA is a real outlier in this topic)
Doesn't double jeopardy prevent this? Has this actually happened?
I'm not even sure how much practical difference there is between 5 and indefinite in practice, 5 years is a long time. I imagine it is pretty life-destroying. Especially for the crime of having something on your phone that you want to keep private.
> If it’s not about nation security or CSAM, it’s two.
I am sure we all get what you mean, but there is a comic interpretation in vaguely-Soviet style here where if someone hasn't done anything wrong they only get 2 years. I'm going to spend some time this weekend making sure my encryption is plausibly deniable where possible.
Before a judge grants the notice, they must be satisfied that:
The key to the protected information is in the possession of the person given notice. Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK. Disclosure is proportionate. If the protected information cannot be obtained by reasonable means.
I'm sure China could find some judges to rule in the name of national security if it would give everyone warm fuzzies.
Judicial checks and balances only function when they're independent of the executive and parliament
A judge isn't a magistrate, but also: No, of course not. There are different layers of legal protections in the UK. You would be able to appeal the notice itself, you would be able to argue at the court against the decision, and you could make an appeal to a higher court if your were convicted. Furthermore you could make an official complaint about the investigation afterwards.
There isn't trust of the institutions in the UK. That's why there's so many layers of checks and balances like various courts of appeal and the two houses in the parliament. It's designed with the idea that a rogue player can't go wild.
It's also not true that British institutions have been well run for a long time. Bloody Sunday would be a very visceral and obvious example. Interesting case as well because obviously it took almost half a century but at least there was official recognition and apology from the prime minister after the courts and parliamentary investigative bodies did their thing.
>in preventing or detecting crime
If the police are requesting a s.49 notice it goes without saying that it will be for preventing or detecting crime, but notices can also be issued to ensure the exercise or performance of public bodies, statutory powers, or statutory duties without such a requirement.
>Disclosure is proportionate.
In regards to what is sought to be achieved by the disclosure. It is not disproportionate to request disclosure for the purpose of preventing or detecting crime regardless of how benign that crime is.
>If the protected information cannot be obtained by reasonable means.
The law has been used against people for failing to give up Facebook passwords. The police routinely ask companies for information without a warrant and they're usually legally denied such requests based on GDPR grounds. 'Reasonably practicable' means nothing if it can be bypassed by police trying their luck without a warrant.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
Or even worse, you did give them the real password, but because your phone supports the feature and your profile is kind of barren, they don't believe you. Now you are in a very bad lose-lose situation.
So when they ask for the real profile it shows in the next unlock a profile that makes it very clear you have a deeply embarrassing ASMR addiction.
It could cross reference your local laws to ensure to not spill the beans on something locally illegal.
Allow the device user to create a different (duress) password, which when entered, will immediately wipe the phone without any secondary warnings. The user could then provide that password to the people who seized their device, and be in compliance with all laws, while maintaining information security.
https://source.android.com/docs/security/features/private-sp...
I'm hard pressed to find any reason for any citizen to be compelled to share their secrets with the police because the police had "suspicions".
The 4th and 5th are paramount for a free society.
You mean wrench? https://xkcd.com/538/
if i didn't need any of those apps then sure, but unfortunately there is no way around these apps if i want to keep in touch with certain people that are important to me.
Unfortunately, it's pretty common to only have a smartphone as your sole compute device, and increasingly onerous not to own one at all.
Yes, and I think this unfortunately demands a grey area. I'm starting to treat my smartphone more like a work device, and there are a few things I do on it:
- My work's authenticator app is there.
- Unfortunately Signal is tied to smartphone usage.
- Practically speaking, people will expect to be able to send you text messages.
- It's still useful for taking pictures.
- My banking app is on there.
Outside of rare occasions, that's really all I use my phone for. I don't carry it around the house. If I go somewhere with my wife, I don't even bring my phone most of the time. I'm "required" to have it, but in principle it's not even mine. It shouldn't be trusted or enjoyed.
Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
???
Of all the issues with the US justice system, being compelled to disclose passwords isn't one of them. It is an issue for UK, though.
This is not totally true. It is also a US issue: CBP has been asking for passwords (or to unlock the device) for phones and computers for more than a year now. Last year, multiple people got turned around because they disagreed with US policies and political views that differ from those of the US's current president.
Rules at the border tend to be pretty restrictive almost everywhere. You can literally get in trouble for having a sandwich in your bag. I'd wager Hong Kong border control was also empowered to request phone passwords and turn away refusers long before this change.
CBP is also asking, not compelling. You don't have to give them your password. If you don't, and you're a foreigner, you may be turned away. If you're a citizen, and I remember correctly, they can seize your device for up to two days if they want.
But they're not going to put you in prison for refusing like the U.K. and Hong Kong will.
so they were not in US technically?
Under the present administration I wouldn't be surprised if for example ICE tried the $5 wrench method.
US citizens are, of course, allowed in even if they refuse, but they will confiscate a citizen's phone in exchange for a custody receipt (Form 6051-D) and they are supposed to return it to the US citizen after they break into the phone / crack the encryption. If they can't crack it, they can choose to never return the phone to the US citizen. And it can be a very stressful situation in which citizens may not know what their rights are in the moment (or can't afford to replace their phone or lose access to it because how would you even get an Uber from the airport or coordinate a pickup if you don't have a phone).
You can choose to bring burner phones or make sure your phone is freshly factory reset, but if you're a non-citizen that can also be a reason to be refused entry, and if you are a citizen that can "get you on a list", leading to getting "SSSS" stamped on every boarding pass for every flight you take, in every country in the world, for the next many years. If your boarding pass gets "SSSS" written on it, you will get pulled aside by security and all your bags get individually hand-searched prior to every single flight (even transfers/connections/layovers). This will be a global thing, not limited to USA flights.
Non-citizens are also sometimes asked for a list of your social media accounts and the passwords to their social media accounts. Refusing to provide your passwords can be used as a reason to refuse entry to the USA. If the USA believes you have a social media account that you failed to tell them about, that can also be a reason to refuse entry.
Source? Given 5th amendment protections I'm guessing this only covers snitching on others, but that's standard subpoena law. If you're issued a subpoena to produce documents on someone else (eg. a customer of yours), you can't refuse. It's called protection against "self-incrimination" for a reason.
The poor device user would be faced with a choice of losing their job and being held criminally liable for breaching their company's systems, or going to jail in Hong Kong.
They are pro-business and want to remain an attractive international business hub so they are nice to foreign visitors. Likewise China (mainland) is nice to Western visitors and will not create trouble to you. If you visit the mainland these days (visa free if coming from Europe!) they also make efforts so that you are not impacted by the Great Firewall.
The way it works on the mainland and HK is that you must have shown by your actions that you are a "troublemaker" and got onto their radar. Then you are in trouble.
China is keen to attract Western visitors for tourism, business, and to stay if you're top talent (visa-free travel, new work visa for STEM talent) so they will try ot project a positive image.
I’m a white US citizen who worked on oil rigs in GCC countries (Arabian Gulf). I was put on a global watch list for 6 years due to my work in the middle east.
I still don’t know why - maybe due to colleagues in my contacts? There was a “mega church” near me that some of my coworkers attended which was the “minority religion” of Saudi Arabia, so perhaps I was a few degrees of Kevin Bacon from some people that Saudi had flagged. Or maybe just travel patterns - I often didn’t know exactly when my rotation would end and I frequently bought last minute flights to head back home / to vacation destinations.
I certainly was not put on a list for any of my speech (public or private), which had been extremely measured at the time (and still is), due to understanding that my host countries had different laws and constitutions from our own. I very carefully observed all the laws and social expectations. But nonetheless, I found myself on a list anyways and for that 6-7 year duration, all of my boarding passes globally got “SSSS” written on it and all my luggage + carryons got unpacked by hand and hand-searched prior to every flight, including connecting flights.
Every flight I flew those searches were a very personal 20-30 minute long reminder to carefully manicure who I’m in contact with, what I say, how/where/when I travel, and any other records/data that I might generate. I often had to give a heads up to anyone I was traveling with (colleagues or personal friends) that we had to leave a little extra early to accommodate those searches.
It's not about luck in this case. They want to be 'nice' so you need to actively do something, that's not the same as as "keeping your head down". Also note that as a Western visitor to China, if they have flagged you they are more likely to deny your visa or to deny you entry than to look for further trouble. In general the least waves the better.
Roleplaying inability to read will never not be funny
UK: https://www.pinsentmasons.com/out-law/news/law-requiring-dis...
France: https://www.fairtrials.org/articles/news/french-court-rules-...
That's great but of exactly zero help if you're trying to travel to the US and CBP (or ICE) are staring you down. Even if they don't gulag you, they can always just reject entry for any non-citizen (and these days even some citizens it seems.)
The constitution doesn't say shooting citizens is illegal, right?
At least 225 judges have ruled in more than 700 cases that the administration's mandatory immigration detention policy likely violates the right to due process[1] The Fifth Amendment's Due Process Clause generally requires those having federal funds cut off to receive notice and an opportunity for a hearing, which was not provided in many of DOGE's spending freezes[2]
1. https://www.justsecurity.org/107087/tracker-litigation-legal...
2. https://www.cbpp.org/research/federal-budget/many-trump-admi...
>China makes you give phone passwords, China makes Apple give user data
>The US wiretaps 1 person
"OMG THIS IS AN OUTRAGE!"
We forget because a Republikan is in charge how good we have it in the west. We forget how bad it is elsewhere.