A state bill should be totally unnecessary. This is a constitutional right. If we accept this bill as the norm then its no longer a "right" and just a permission by the govt that can be rescinded at anytime.
The text[1] of the bill seems to affirm the sentiment that it's a constitutional right; it serves to counteract a California Supreme Court ruling:
"(e) It is the intent of the Legislature in enacting Section 1542.5
of the Penal Code to reject as a matter of California statutory law
the rule under the Fourth Amendment to the United States Constitution
announced by the California Supreme Court in People v. Diaz."
It will be interesting to see if this ends up being as abused as other warrant searches are. What is the probable cause of searching a cell phone? Does the guy have to have kiddie porn as his lock screen or is it enough to think he might have a drug dealer's home address in the phone book?
People's phones are almost their second homes, and in a way I am glad that the law is catching up with technology, but they need to be prepared for a whole nother set of issues that come with it
Doesn't much matter, all mobile devices worth using are constantly sending their data up to "the cloud", which, thanks to the USA PATRIOT Act's provisions for National Security Letters (NSLs), the federal government can access at any time, in real-time, without a warrant or even post-hoc judicial review.
The time has come to leave America. No state law can change this. The fourth has been dead for TEN YEARS next month, it is nothing short of naïve now to believe that it will get any better.
There are lots of nice places to live in the first world where the government hasn't gone totally insane. Move there.
Say what you say is true, where would you recommend? We can then discuss specifics of those countries. (On a less serious note, you don't have the Silicon Valley there, wherever there is.)
Norway is great for data privacy, however as you say, there isn't a Silicon Valley or anything similar, even in Oslo. There are some good tech groups, and some good university groups spread around, a good amount of design and media organizations, and a much larger percentage of the population know what Twitter and Facebook are and use smartphones, and youth are basically acquainted with most 4chan memes. The biggest and most notorious tech group really is Opera, which also accounts for a significant chunk of the country's data traffic (Opera also operates a very huge proxy service for mobile devices).
Despite what I'd consider to be a fairly (in U.S. terms) progressive government organization that is pro-privacy, Norway has recently enacted its own local version of the E.U. Data Retention Directive.
Personally, I'd recommend almost anywhere in the first world over America presently.
I chose Berlin for a variety of reasons, but there are many places worth living. I'd say there are roughly a dozen that spring to mind, any of which would be acceptable for starting a business.
We desperately need someone to configure Android with LUKS/dm-crypt, which theoretically shouldn't be such a huge leap since Android is based on Linux (I know nothing about Android-specific kernel divergences, but would be interested to know if device-mapper is badly broken in Android kernels).
Another interesting project would be a service that sits on your phone and automatically encrypts all of the automatically synced data, so Google only received encrypted data and your phone transparently decrypted it upon demand. This one would probably require much deeper work than making device-mapper run on Android Linux kernels.
I am grateful to Google for making an open, decent phone system so that this kind of stuff is made possible. Think about the options we'd have if iOS was the only smartphone on the market.
People need to accept that without strong encryption, any and all of their digital storage is open to adversarial or even accidental perusal, and that they should have no realistic expectation of privacy without correct application of cryptographic techniques. This is true across every form of digital storage: mobile, desktop, laptop, cloud, USB stick, etc. Encrypt or suffer.
I have my phone set up to enter a long code on boot (which goes to LUKS) but the lockscreen PIN is much smaller. The low entropy on the lockscreen doesn't matter so much as it is capable of restricting the number of tries, delaying after a certain number of failures, etc.
Is LUKS going to help here? If the phone is switched on then the LUKS keys are held in memory and the disk is completely open. All that an attacker needs to do is to ensure that the phone doesn't switch itself off or run out of battery while the information is copied off.
Indeed, I meant to address this in my original post. It is not fool-proof but in most cases it's reasonable to turn your phone off after getting pulled over or before meeting a security checkpoint. Certainly much, much more secure than what we have now.
