What happens to dev...
 
Notifications
Clear all

What happens to devices after they can't be processed?

7 Posts
6 Users
0 Reactions
867 Views
(@wotsits)
Reputable Member
Joined: 11 years ago
Posts: 253
Topic starter   [#13928]

This issue may perhaps come up more often with phones but can equally apply to anything.

This is certainly an issue that people will continue to face more and more, where you have a device come in and due to encryption you cannot access any of the data. Nothing can be done and no data can be acquired from it.

What happens next?

The investigation that the items were seized in connection with continues regardless until the investigation is complete.

Whatever the result is for the suspect whom the device was seized from, what now happens to the device or is there a procedure for this?

A department could in theory hold onto a device even after an investigation is complete claiming that it holds potential evidence and will keep it until such time as they can access it, however long that may be.

Or are they bound legally to return things to the owner after the case is concluded? What are people's policies that they've seen in practice?



   
Quote
Igor_Michailov
(@igor_michailov)
Honorable Member
Joined: 21 years ago
Posts: 529
 

Different countries have different laws about your situation.



   
ReplyQuote
Omnius
(@omnius)
Eminent Member
Joined: 11 years ago
Posts: 39
 

In the UK if you fail to disclose information such as passwords to an encrypted device then Part III of RIPA comes into play.

If there's enough evidence to suggest the device contains IIOC then I'd expect it to be destroyed.



   
ReplyQuote
(@wotsits)
Reputable Member
Joined: 11 years ago
Posts: 253
Topic starter  

In the UK if you fail to disclose information such as passwords to an encrypted device then Part III of RIPA comes into play.

In practice this piece of legislation is very rarely brought into effect.

If people know they have anything incriminating on their device they will not be giving out access to it - the fact that they would have be subjected to Part III of RIPA confirms to them that there is no other way to get into their device.

But they have many defences they can use to avoid prosecution under this law, they can say that they forgot the password, or it's not their device, they lost the key, or they simply bricked the device and have no way. Whatever excuse they use, it's only an offence if they are deliberately refusing to give up the encryption password - since by the nature of this piece of legislation the authorities have no way of accessing the device in question to disprove whatever defence they use then it's pretty meaningless.

I think only a few people have ever been prosecuted for this and not in many years.



   
ReplyQuote
BraindeadVirtually
(@braindeadvirtually)
Estimable Member
Joined: 17 years ago
Posts: 115
 

In the UK if you fail to disclose information such as passwords to an encrypted device then Part III of RIPA comes into play.

If there's enough evidence to suggest the device contains IIOC then I'd expect it to be destroyed.

I'd expect it to be held onto by the relevant force/agency while somebody decides what to do with it, which they will neglect to do. Then in about 10-15 years it will be found in a box somewhere, and eventually somebody will take the decision to destroy it if they can remember what it is.

Sarcasm aside, I wonder if in years to come these devices can be returned to, when we are able to get into what will be old devices or crack old/compromised encryption (by then….)



   
ReplyQuote
jaclaz
(@jaclaz)
Illustrious Member
Joined: 19 years ago
Posts: 5133
 

Sarcasm aside, I wonder if in years to come these devices can be returned to, when we are able to get into what will be old devices or crack old/compromised encryption (by then….)

Another point worth of note could be whether the device will be still working after a given (long) time?
What will be if you take (let's say an iPhone to name a device with a non-removable battery) and keep it in an evidence storage facility, unpowered/not connected to a power supply for - say - five years, will it power up at all?
Or the battery, contacts, *whatever* will be damaged to a point where it won't work anymore?

On the other hand, if you keep it charged/powered, how often would you check if the power supply went beserk?
Like once a day, once a week, once a month, once a year?
And wouldn't keeping a device under charge for the 5 years maybe also make some components toast?

For "simple" devices (such a hard disk) most probably it will be possible to have it working after the hypothetical five years time, but for a more complex device, like a smartphone or tablet, I don't think that one can rely on that to be happening.

jaclaz



   
ReplyQuote
(@just-encased)
New Member
Joined: 14 years ago
Posts: 3
 

I would suggest "thumb forensics". That is manually going through the device and documenting every step as you go along. Taking photograph of evidence found etc. Providing the device isnt encrypted or password protected.



   
ReplyQuote
Share: