The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
4th AMENDMENT to the United States Constitution
General Operational Security Strategy
Over time the 4th Amendment has gone through many interpretations as is the tradition in a common law society. Assuming that you and your “effects” are safe from unwarranted (literally or otherwise) search and seizure is especially complex where digital rights and technology are still evolving. Below are some important examples of how these rights are still subject to interpretation or simply do not apply. For the sake of brevity, you should know that you may at times be lawfully compelled to provide access to your digital device contents (even in the United States). Depending on your situation, if you refuse to comply, you can be held in contempt of court, charged with additional crimes, and/or be detained for undetermined lengths of time (like at state or national borders), and even lose your property indefinitely. Border crossings and Customs Agents are the easiest example to use because it applies to most western democracies as well as more authoritarian regimes.
If you are arbitrarily asked to produce and “unlock” a device by Customs Agents then any contents accessible by law enforcement can be “searched” for any information that is accessible. If you refuse, you are already within the jurisdiction of the state in which you may be compelled to comply and you can be held or have your property confiscated. If you have a device where a single code key is required to access the contents – like a SmartPhone, Laptop, or Hardware-Only Flash Drive – it is either unlocked or not. With the AMENDMENT4 you can unlock your drive knowing that any stored data is still encrypted and unlikely to ever be accessed (at least until Quantum Computing is real). In most cases (see below) in the United States that at least may satisfy 4th Amendment exclusionary principles such as “forgone conclusion”, border searches, “evidence in plain view”, or “inevitable discovery”. More importantly, it will speed you on your way in circumstances where customs officers are simply suspicious or you are not a suspect of a specific crime. Russia, China, New Zealand, Britain, Australia, Mexico, Canada, and the United States are all examples of states where customs agents are empowered to access and copy any available data source – in the United States this is true even 100 miles from a border.
United States Department of Homeland Security Policy – Link
NPR, ACLU, and EFF on US Customs Digital Searches – Link
ProPublica on US Customs Digital Device Searches – Link
The Verge on Digital Device Searches – Link
NPR on New Zealand Customs Digital Device Policy – Link
Techdirt on New Jersey Sumpreme Court Digital Device Ruling – Link
CPO Magazine on New Jersey Supreme Court Digital Device Ruling – Link
EFF on Student Privacy Issues – Link
How Good is AMENDMENT4 Encryption?
Encrypted partitions on the AMENDMENT4 use the LUKS or Veracrypt (more below) algorithm and DM_Crypt library to encrypt data. AMENDMENT4 relies on the TAILS OS implementation to perform either process and you can see what they have to say about how secure it is. Suffice it to say it is pretty darn secure and very unlikely that any attempt to “crack” it will succeed – it would literally take all the time in the world. The only real consideration is picking a password phrase sufficiently long and complex to guarantee it is not worth trying to decrypt your data. TAILS official documentation does mention that a brute force attack on your data is possible and below are two articles about how that might work in practical terms. The more you know the better prepared you will be to thwart circumvention. As an example, see how long different passphrases might take to crack by brute force (do not enter your actual passphrase).
ElcomSoft on Brute Force Attack for LUKS – Link
ForensicsFocus on Brute Force Attack for LUKS – Link
Picking a PIN for Hardware Access
The first line of defense of your data is a good hardware pin code key. In general, the potential complexity is the same regardless of how long your actual pin code key might be (ie, if you only use 4 digits out of 15) but the longer the pin code key the safer your device will be from brute force attacks (imagine if it was your job to try entering a quadrillion pin code keys manually)! Here is a little background on estimating the number of possible combinations of a 15-digit key code with 10 repeatable values. If you are afraid you will forget your code key, try watching this video.
How to Install TAILS OS on your Own
We get it. You want to Do-It-Yourself. No problem. Simply unlock your AMENDMENT4 and reinstall TAILS or any other USB Live Boot OS you might like to use. Here is a video to show how to do it quickly and easily.
UEFI Computers – Do I Have One?
The AMENDMENT4 does require a UEFI Boot computer. Generally, any computer purchased within the last 5 years should work fine. Here is a quick tutorial on how to check your PC computer. As always, Apple computers are a bit different but in general if they are newer than 2006 models, they are UEFI compatible.
What Apple has to Say – Link
What about PCs (Win or Linux) – Link
Can I make a Live Boot USB without TAILS OS?
Of course you can. There are lots of great options out there and they will work fine on the AMENDMENT4 Live Boot USB with TAILS OS. 😉
