[liberationtech] Unique Opportunity: Input to CEOs of Smartphone Manufacturers

Thu Jul 11 15:11:34 PDT 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ben,

I'd love to see hardware support for full-disk encryption and secure
deletion. Apple is streets ahead of Android in this respect: iOS's
disk encryption key depends on a unique key built into each device, so
brute-force attempts to decrypt the disk have to be run on the device
itself, slowing down such attacks. Android simply uses the screen lock
password to encrypt the disk, which is easy to brute-force.

iOS also has hardware support for secure deletion, making it hard or
impossible to recover data from the disk after the device has been
wiped. However, individual files may still be recovered if the entire
device hasn't been wiped. Android has no hardware support for secure
deletion, so there's no way to thoroughly wipe the device or an
individual file short of using a hammer.

So here's my wishlist for improving activists' digital security:

(1) A unique key built into each device, which can't be read directly
by software, but which can be used to derive other keys (e.g. for disk
encryption) at a limited rate, slowing down brute-force attacks
against such keys.

(2) An effaceable area of flash storage where the operating system can
store encryption keys for the entire disk and/or individual files,
making it possible to securely delete the corresponding data without
having to smash the device into tiny little pieces.

(3) A pony.

Cheers,
Michael

On 11/07/13 20:57, Ben Doernberg wrote:
> Hi all,
> 
> What would you change if you were the CEO of a major mobile device 
> manufacturer? One of my colleagues at WITNESS has a unique
> opportunity to make a presentation to the CEOs of these companies.
> He'll be discussing our work around verified video for human rights
> abuse documentation, but we'd also like to make a case for other
> priorities of the libtech world.
> 
> What changes could these CEOs make to protect activists' physical
> and digital security, make it easier for citizens to document and
> report human rights abuses, and generally make mobile devices more
> effective as human rights tools? We can't promise we'll get a
> chance to share all of them, but the more suggestions the better!
> 
> Thanks,
> 
> Ben
> 
> 
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at companys at stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJR3y2WAAoJEBEET9GfxSfMt+0H+wQSN+6I2PpJ3S9DnEPHMBDq
qaIvSspLHxselmI7dRCluKD2/0nl70G64cxp0FoV7lBW0RlmoiTPEKb/TyEQ7JTi
+nx1SZnrHyJ3H2QQVxd0ifBUYGmyavGygugi37zAVsGUpyRdW+iVEePyaZ18xNIo
eciBTtTZivwtiQRcleyWA1lA9TbbNXwtPJ2mk9J7Qh7Bwrjfh4Cky6OFKMuWxfvm
Y18+Cv51yfhkcDUuFLZbE29Xi9gWFgopUZynRxBd4tqXXvqo1gcG2tU+77p9+Hav
f7yuanuC153gIYmElFbhdK27s/sh6o7AYi4+S98lFgZe7vPjF2iKO8atfOp9Z54=
=CgaO
-----END PGP SIGNATURE-----