[guardian-dev] What is "Panic" discussion

Nathan of Guardian nathan at guardianproject.info
Thu Feb 28 22:30:09 EST 2013

(moving this discussion to guardian-dev)

On 03/01/2013 03:18 AM, David Oliver wrote:
> Nate - is your experience radically different? That is, is "panic"
> indeed defined as a timeframe which can be handled by the current
> software - which appears to me to be roughly 2-30 MINUTES?
I replied to this in the other thread message, but it is important to
consider how these things usually play out, and by these things, I mean
the imminent detention of someone carrying a smartphone full of
sensitive data. In general, even if they only have a few moments to
realize something is going to happen, there is still quite a while
between that happening, and their smartphone being accessed or
inspected. In some cases, even in some of the worst places you can
imagine, I have first hand knowledge that people were allowed to keep
their phones for quite a while before they were taken and inspected. I
am talking *hours* hours before these devices were removed from their
pockets and inspected. OTOH, in more local cases with NYPD arrests,
phones are immediately taken, but unlikely to be
clone/processed/extracted for a few hours.

2nd, I also want to make the point that if our target audience is using
full-disk encryption of some sort (such as is built into Android 4.x),
then the wipe process for this is quite fast technically, though the
actual mechanism for doing this on an Android phone takes too many
steps, and can often fail mid-process. For apps with SQLCipher or
IOCipher in them, our hope is to optimize this process, and so the
"insta-nuke" feature we have been designing into our new apps matter
greatly here.

3rd, in our work on panic apps, with InTheClear, the feature of wipe was
paired with the "emergency distress beacon" feature that uses ongoing
background SMS alerts containing GPS and cellular tower location to
notify your friends, family, support network that something has happened
to you. This is a whole nother side of panic functionality, that doesn't
really involve anything about forensically sound data-wiping.


More information about the Guardian-dev mailing list