Summary
-
The Marion County Record newsroom in Kansas was raided by police, who seized two cellphones, four computers, a backup hard drive, and reporting materials.
-
A computer seized was most likely unencrypted. Law enforcement officials hope that devices seized during a raid are unencrypted, as this makes them easier to examine.
-
Modern iPhones and Android phones are encrypted by default, but older devices may not be.
-
Desktop computers typically do not have encryption enabled by default, so it is important to turn this on manually.
-
Use strong random passwords and keep them in a password manager.
-
During the raid, police seized a single backup hard drive. It is important to have multiple backups of your data in case one is lost or stolen.
-
You can encrypt USB storage devices using BitLocker To Go on Windows, or Disk Utility on macOS.
-
All major desktop operating systems support Veracrypt, which can be used to encrypt entire drives.
Main Take-aways
-
Encrypt your devices, drives, and USBs.
-
Use strong random passwords and password manager.
-
Have multiple backups.
And don’t forget to use encrypted messenging apps like Signal.
And do your research into which apps, programs, etc have the best encryption.
I vouch for Veracryp, Signal, Matrix and your favorite Linux Distro, can’t beat those tools!
If you’re not a world leading cryptographer and security expert then you vouching for something isn’t worth much. It’s just repeating others opinions without having done the work to verify these tools are as good as they claim. Any or all of these could have issues and weaknesses that you don’t know about.
Yes I don’t understand the exact mechanisms but I did my research and no one could verify all of those huge codebases, we have experts in public so normal people can do their research and no I don’t have to read every line and understand the mathematical formular to recommend secure tools…
Although you don’t have to be smarter than the experts, just smarter than police. Few local PDs can bring the kinds of resources to bear to do a decrypt on a properly encrypted data store.
Obviously if you’re pissing off major state actors, all bets are off – they are probably already surveilling you and saw you type your password through a zoom lens pointed at your window, or worse.
Don’t forget delta chat.
Encrypted cloud backup! They can take my drives, but the data is encrypted on the cloud.
The cloud is someone else’s computer, they can take that too.
Sure, but there’s not much they can do about it if things are properly encrypted, for example using DKE on M365.
properly encrypted, for example using DKE on M365.
Wouldn’t call that properly encrypted… but either way, when they lock you out “pending an investigation”, that’s no longer a backup.
Get a storage space. put servers in it. profit.
I considered this a while back but it is hard to find a place that stuff doesn’t get stolen from and has power available in some form.
That puts a wrench into that plan
Even if everything is encrypted when powered off, and decrypted while running, if you get raided while everything is running, it’s irrelevant. If you’re logged in and someone can just sit down at your computer and see everything, all the security in the world is meaningless.
Unless you have a giant electromagnet in your server rack, remote connection only from your local machine to that rack, and a panic button that fries the whole damned thing should your door be busted down, I’m not sure what else the answer is.
Even if your security is perfect, they can waterboard your ass until you give up the keys, and no court will ever call it misconduct, because they can just declare you a domestic terrorist or an enemy combatant, giving them carte blanche.
Problem #1: and this has been the prime problem for 22 fucking years: The Patriot Act. Every. Single. Bit. Of. It. Must. Be. Repealed. The harm it’s caused and the power it’s given the government is incalculable.
Problem #2: the rising tide of fascism
Problem #3: general apathy, and general lack of understanding of how computing works. We are rapidly accelerating backward in the general public’s understanding of computing principles. Hell, even just how to navigate a file system. The proliferation of locked down devices and walled gardens has driven our collective computing knowledge into the fucking stone age. You won’t get most people to adopt gpg since most mobile mail clients don’t support it. You won’t get people to encrypt their computer’s filesystem because they either don’t have a general purpose computer anymore, can’t be bothered to do so, or the idea of installing an OS that supports it is just fantastical.
Problem #4: third-party privacy services (encrypted chat apps, VPNs, etc) have a profit motive that will eventually override any other motivation.
Problem #5: cloud computing is just someone else’s computer that you don’t control.
The FBI are going to copy your data before it’s re-encrypted but these hill-billy sheriffs would unplug them and haul them off.
Even if everything is encrypted when powered off, and decrypted while running, if you get raided while everything is running, it’s irrelevant.
Well, you can hit the power switch. The local constabulary isn’t gonna be smart enough to plunge the computer into liquid nitrogen and work on extracting the symmetric key from the frozen memory (although, federal authorities might be).
It’s not meaningless.
I know that it’s pretty easy to pick the lock on my front door. Or to break the window and get in. But still, there are a non-zero number of burglars who would be stopped by that lock. Same with my bike lock, which is a bit harder to pick but still possible. Nevertheless, the lock itself does deter and prevent some non-zero number of opportunistic thefts.
There are a non-zero number of law enforcement agencies that would be stopped by full disk encryption, even if the device is powered on and the encrypted media is mounted. There are a non-zero number of law enforcement agencies that would be stopped by all sorts of security and encryption strategies. And I’d argue that simple best practices would stop quite a few more than you’re seeming to assume: encrypt any data at rest on any devices you control, and then use e2e encryption for any data stored elsewhere.
You don’t even have to be that technically sophisticated. For Apple devices, turn on FileVault (as it is by default if you log into an Apple account when you set up the device), turn off iCloud. For Windows devices, use Bitlocker. For Android, turn on the “Encrypt Phone” setting, which is on by default. If you’re messing around with your own Linux devices, using LUKS isn’t significantly more difficult than the rest of system administration.
So encryption really matters, totally agree. Protection at all times.
But I’m also curious about this story. Why are the police raiding a newspaper and seizing computers? That is sketchy as hell.
Short version:
-
Police chief was accused of sexual impropriety, and the newspaper was investigating.
-
A prominent local restaurant owner got caught in a DUI and the newspaper got a tip and investigated. On investigation, they decided the story was not newsworthy.
-
Police raided the newspaper claiming that the DUI tip was the result of illegal computer hacking, and that they had to confiscate the computers to analyze for evidence of hacking.
-
The judge who signed the search warrant also had a history of DUI.
-
Critics believe that the police used this hacking claim as a thinly veiled excuse to cripple the newspaper and check to see what they really had on the chief.
-
Critics have also suggested that the police themselves may have leaked the information to set up the flimsy excuse for the search.
Thanks for the summary.
That is kind of what I suspected which is:
- There was some conflict between the newspaper and local government
- Government found some flimsy excuse to attack the newspaper
Overall that’s bad news. It implies the government’s gloves are coming off.
-
The paper was investigating the police chief.
If you encrypt your device, and dirty cops like these decide they want in, they’ll just toss you in the slammer and forget about you until you either cough up the password or die of dehydration. Either way works for them.
Similarly when you cross a border… you don’t have to give them you password, but they can just keep you for a few days. Also note:
Currently, police officers have the authority to demand that you unlock your mobile phone using face recognition and fingerprint identification. When unlocking your phone, police officers have no right to demand that you disclose your passcode or pattern.
They can also kill you where you stand with total impunity, so I’m not sure I see how these limitations of their supposed rights are at all meaningful.
should have complied
Law enforcement routinely makes demands that are intentionally impossible to comply with, such as the deadly game of Simon Says that was played by the officers who murdered Daniel Shaver.
It’s like a cat playing with its prey. The prey is not intended to survive.
It’s layers on an onion. Every extralegal step they take provides a possible mitigation if you go to trial.
Obviously, if they straight up murder somebody, that’s a whole different problem. But in general, you should invoke your rights at every step of the process, so that if they trample over those rights you’ll have an argument in court to get evidence or charges thrown out.
No I won’t give the password
Make the authentication a biological indicator of consensual, free, unhindered existence.
“Sorry officers I literally can’t unlock this computer while I’m in your custody. Unless you can find a way to make me want to be here, that is”
“Well then we’ll just torture you”
“Nope, as you can see pain I experience burns this fuse here. Once the fuse is consumed, data begins to progressively degrade”
Offsite backup
Bitlocker only support win 10/11 pro or above, most devices are shipped with win 10/11 home which doesn’t have the capability. Linux supports full drive encryption using LUKS.
Yup, my win10 and win11 have bitlocker on. They dual boot with Linux, FDE on them too.
Well, you can work on a Veracrypt partition.
Or only encrypt your sensutive data, having it in a encrypted cloud storage (rclone, cryptomator, such things).