Ben Dodson

Freelance iOS, Apple Watch, and Apple TV Developer

Proposal for an Erase Data Passcode

Last month, US-born NASA scientist Sidd Bikkannavar was detained by Customs and Border Patrol agents and told he would not be released until he gave the agents the passcode to his phone. They then took his phone (containing sensitive information from NASA) for 30 minutes before returning it and letting him go. He doesn’t know what information was taken at that point although popular consensus is that the entire device could be cloned within that time period.

Many articles have been written about this but the one that caught my eye was by Quincy Larson of freeCodeCamp entitled “I’ll never bring my phone on an international flight again. Neither should you.

When you travel internationally, you should leave your mobile phone and laptop at home. You can rent phones at most international airports that include data plans.

If you have family overseas, you can buy a second phone and laptop and leave them there at their home.

If you’re an employer, you can create a policy that your employees are not to bring devices with them during international travel. You can then issue them “loaner” laptops and phones once they enter the country.

Since most of our private data is stored in the cloud — and not on individual devices — you could also reset your phone to its factory settings before boarding an international flight. This process will also delete the keys necessary to unencrypt any residual data on your phone (iOS and Android fully encrypt your data).

This way, you could bring your physical phone with you, then reinstall apps and re-authenticate with them once you’ve arrived. If you’re asked to hand over your unlocked phone at the border, there won’t be any personal data on it. All your data will be safe behind the world-class security that Facebook, Google, Apple, Signal, and all these other companies use.

Is all this inconvenient? Absolutely. But it’s the only sane course of action when you consider the gravity of your data falling into the wrong hands.

I’ve seen similar responses on Twitter including one that you should use a burner phone with a different sim. This is all massively inconvenient, even if you follow the “wipe everything and reinstall once you’ve landed” method; bear in mind that the average iPhone takes hours to re-download all of its data1 at a point when you likely need to get maps, book transport, etc.

My suggestion is much simpler; Apple (and other handset manufacturers) should introduce an Erase Data Passcode. This would be a user-defined passcode2 that when entered immediately performs a secure wipe of the device in a similar way in which the existing “Erase Data” option works3. It would be expected that the device would disable power-off options during the secure wipe so that the only way to stop it would be to remove the battery (which in most circumstances would take considerable time at which point the data would be erased).

This is a solution that would also work in other cases such as theft, muggings, or a jealous partner. Whilst Apple have long had the option to remotely wipe your device via iCloud.com this has become far less easy to do quickly if you have 2-Factor Authentication enabled4 as you may not have access to your own devices.

I’ve filed a Radar on this issue (rdar://30553231) and would urge any other Apple customers that deem this to be a good idea to duplicate it. Apple goes to extraordinary lengths to protect user data and fight for the privacy of its customers but all of that is pointless if you are compelled to give up the keys to your device5. It is also pointless to have such powerful devices if we need to reset them every time we travel.

  1. This is especially true if you are data roaming as you usually get the slower speeds not to mention that airports generally have congested networks due to the volume of people. Finally, iOS 10 does a load of additional stuff during the first few days of a new device (like Machine Learning on your entire Photos library) which will cause further battery drain / wear and tear on components. ↩︎

  2. And optional fingerprint for TouchID devices (i.e. my right thumb unlocks the phone, left thumb wipes it) ↩︎

  3. This is an option within Settings > Touch ID & Passcode that will trigger an automatic secure wipe of the device if your passcode has been entered incorrectly ten times. I’ve always wanted an option to reduce this to three times. ↩︎

  4. You have 2-Factor Authentication enabled, right? No!?! Go do that now. ↩︎

  5. As usual, XKCD sums this up nicely. ↩︎

Building tools for Kylo Ben » « The Checked Shirt #1 - Lost AirPods, iOS 10.3 beta, App Store changes, and Invoicing