Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Seizure of devices

Table of Contents

After seizures, there is often a lot of speculation about what information could potentially be found on the devices. In these moments, we remember all the little “security sins” we have committed over the years: photos, chats, contacts, etc. that were not deleted.

The shock often hits hard and is mixed with concern about what the rest of the group will say when they find out that our mistakes could now cause problems for them too.

It is precisely at these moments that we ask ourselves:

Why didn’t we prepare better for this?!

That’s exactly what this module is about:

Goals

  • Here, we want to walk through the preparation and follow-up of a seizure of technical devices.
  • In doing so, we want to help you take possible precautions and take the necessary measures to limit damage afterwards.

Prevention

We should think carefully about the following things in advance, as they can save us a lot of stress afterwards.

Encryption

  • Are the devices encrypted?
  • Are they encrypted with strong passwords?
  • Are all storage media such as USB sticks, hard drives, and SD cards encrypted with strong passwords?

Passwords

  • Are all passwords stored securely in a password manager?
  • Is there a current backup of the password database in a secure location, so that you can recover easily, when your daily password database get’s confiscated?
  • Are there any passwords written down on paper lying around somewhere? If so, destroy them.
  • Have you set up two-factor authentication on at least all important accounts? Especially email accounts, because they can often be used to reset passwords from other services, that you used this email for.

Data hygiene

The less data you accumulate, the less data can be seized from you: Read the article on data hygiene:

  • When data is collected, ask yourself: “Do we really still need this data?”
  • It is not always possible to encrypt unencrypted media drives afterwards without leaving traces. Encrypt your devices from the beginning on.
    • Data that was unencrypted may still be recovered even after deletion
    • Deleting encrypted data is not a problem

Signal

In Signal, you should definitely:

Backups

Confiscation means: devices and data are gone. Can you “recover” from this loss as quickly as possible, i.e., restore your data to other devices?

Making backups is annoying, but without them, you and others could suffer significant damage. Sometimes, years of work are lost because essential data/results were confiscated and there was no backup strategy.

That’s why you should make backups!

Turn off devices

Devices are only properly encrypted when they are turned off, because after they are unlocked for the first time (immediately after booting up), the encryption key is stored in the device’s RAM.

Therefore, try to turn off your devices, before they get confiscated. House searches often happen at night, or very early in the morning. Setting up auto reboot for all you devices ensures that they will be secure at every morning!

  • Switch off devices before seizure!
  • Set up Auto Reboot

Follow-up

Now the devices have been seized and are out of reach. Have all of the above points been taken into account? If yes - Good job! But what if not?

In any case, you should contact a lawyer as soon as possible and tell them about what happened. We are not lawyers and therefore cannot give legal advice. You should also discuss the following points with them if possible.

Evaluation

What information could have been compromised by this seizure?

  • Who should you report this to?
  • Has your account been removed from all chat groups by your comrades so that the authorities cannot read your messages.
  • Change problematic group names in Signal as quickly as possible. Only that the name has been changed will be visible, but not what the group was called before. This may be useless for other messengers.
  • The above last two points will only work as long as the device still has a network connection, but it doesn’t hurt to try.

Have passwords/accounts been compromised?

  • Change the relevant passwords - If you haven’t already done so, set up two-factor authentication to prevent the authorities from accessing your accounts with your password.

Restore backups

Now you will want to get your data back, which will be no problem, if you’ve made your backups regularly.

Feedback: You have feedback for esc-it.org? Feel free to use our short feedback form.