> Gach resisted, but finally gave in when he was told that if he didn’t, CBP would keep his phone for an indefinite period.
The sad thing is if this happened to me I'd have no problems with just letting them have the phone and get myself a new one. In fact the company I work for would probably let me expense the new phone because they'd be happy I didn't give away the passcode to a phone that has company emails on it that contain private info.
So this ends up punishing those who can't afford to just dispose of a phone. Disgusting. Privacy should be a right, not something that you have to ask yourself if you can afford.
I hate to break this to you, but the feds are snooping on your company emails/texts/phone calls anyway and filing them away forever in a nice big data center in Utah.
And a passcode isn't much in the way of protection, except from the airport rent-a-cops and maybe the first tier of Homeland Security. Physical possession of a device guarantees access, if a three-letter-agency wants it. The security theatre of last year w/r/t the iPhone access was to lull us into believing the CIA/FBI/NSA could not access a 'locked' phone. Counterintelligence. It has been accessible all this time.
Finally, corporate espionage on behalf of governments is a thing we'll read about in a decade or so. The stories aren't ready to break just yet.
I like to be as paranoid as possible as well, but I feel like if the three letter agencies had already solved breaking SSL and they had already figured out how to break into the secure enclave on a modern, up to date device then that news would have been leaked by someone.
Maybe I underestimate those three letter agencies, but I simply don't think they are that good. Even the stuff we've seen leaked already has been interesting but nothing that groundbreaking really, just better organized versions of tools that hackers have already had for a while. As far as I'm concerned the government seems to be mostly in the business of buying exploits from other people and then using them as long as they can, and they seem lacking in the ability to create new exploits themselves that are dramatically better than what is already on the market. So I don't really believe that they have super powered levels of access.
But its still best to have multiple layers of security which is why I have a 1Password vault in addition to the pin code to unlock, further limiting what access you have to things on my phone even assuming you can bypass the Apple security mechanisms. And full disk encryption on my laptop, with some extra sensitive things like SSH keys and private keys for SSL certs stored in a secondary encrypted disk volume as well.
Can't be too careful, but generally speaking I feel pretty confident that even with physical access they'd have a hard time accessing any data unless I gave them the info they needed to access it.
The sad thing is if this happened to me I'd have no problems with just letting them have the phone and get myself a new one. In fact the company I work for would probably let me expense the new phone because they'd be happy I didn't give away the passcode to a phone that has company emails on it that contain private info.
So this ends up punishing those who can't afford to just dispose of a phone. Disgusting. Privacy should be a right, not something that you have to ask yourself if you can afford.