• General
  • British journalist facing years in prison for not giving his GOS Password

Hey everyone,

Saw this story shared today and thought it’s an interesting case for GrapheneOS. A British journalist is facing years in prison for refusing to share his GrapheneOS phone password : https://www.ilfattoquotidiano.it/in-edicola/articoli/2025/01/02/british-journalist-could-face-years-in-prison-for-refusing-to-hand-over-his-passwords-to-the-police/7822432/

I'm quite curious to see how GrapheneOS stands up in such high-stakes scenarios. What do you all think this means for our security features? Any thoughts on how we can keep improving to protect users in similar cases? And what do you think of the utility of the duress password feature in this kind of case? Would it help the journalist or would this be worse for him?

    Seems to me he may face years in prison, if convicted of an offence against the terrorism act 2000.
    His GrapheneOS phone is a side show. he may face an additional term in prison if and only if the Police get a court order to get him to reveal his password, then he is in contempt of court and can be sentenced. People are so excitable. His phone is secure, anyone using GrapheneOS knows that.

      IksNorTen

      IksNorTen Yes but you can also be charged with destruction of evidence and face years in jail too?

      There you go again excitable, what evidence? The phone is locked, you have assumed there is evidence on his phone, no one knows as the phone is locked. Suspecting and proving are light years apart

      Sometime what you have on your phone can lead to much more than what you risk for evidence destruction or giving your unlock code.
      Just keep that in mind.

      Remember also that each country, each nation, even each region inside the same country can have different laws, different judge etc and so you can be in more or less trouble.

      IksNorTen
      Note the "themselves".

      If you store a password on a piece of paper and the police find the paper and enter the password without you actively doing anything then it isn't you who destroyed evidence.

      One of the better options for this is to have a second phone that you know is vulnerable to forensic tools and store your duress password on that with a descriptor like GOS Password.

      Law enforcement is reasonable likely to get that password and use it while you do nothing. Thus wiping the phone with you not being on the hook for destruction of evidence.

        Before commenting, please keep this thread closely related to GrapheneOS please. It isn't our place to say what happened or what he's being investigated for, it's obviously not public and it's common for LE's to keep that to themselves at this phase.

        IksNorTen I'm quite curious to see how GrapheneOS stands up in such high-stakes scenarios. What do you all think this means for our security features?

        No changes from us to note. The tools we talk about such as Cellebrite Premium, GrayKey and XRY Pro are the highest-end offerings exclusive to law enforcement and government. Why use tools with less extraction capability for certain people when they can just use the best against anyone they put in the cuffs? They wont be using brand new tooling for certain groups of people, these tools are used on ordinary citizens as well. The only real differences between the base Cellebrite UFED and Cellebrite Premium product is broader device support and extraction range.

        It may sound like a hot-take at first but this isn't really a case I would consider "high-stakes". It is unique, sure, but for the stakes to be high, the suspect needs to be a dangerous individual and/or the content on his devices would need to have crucial information regarding the welfare of somebody or useful information about another suspect. I doubt this person is Edward Snowden, being a journalist isn't enough.

        We are aware of other forensics options available, such as the companies' advanced access services but they're mostly the same as Premium and the documentation mentions when certain accesses are only available when you contact the company to do it themselves, like Cellebrite. There are ultra high-stakes, last-resort methods like Micro Read but this person absolutely doesn't fall under the criteria to do that with, and has a high chance of total failure because of it's incredible difficulty and technical knowledge. BFU devices with long, secure passphrases aren't covered by Micro Read attacks on their own anyway.

        IksNorTen Any thoughts on how we can keep improving to protect users in similar cases?

        Be a good citizen and don't break the law. Stay out of trouble, seriously. Seized devices cannot be appropriately protected because they cannot be updated or controlled by the trusted user. The new owner can just choose to keep it for as long as they want and not update it and wait until a potential vulnerability comes. For example, Titan M1 phones unsupported by Google and GrapheneOS appear to have brute force capabilities as mentioned in our Cellebrite docs. While a strong password prevents brute forcing, don't hassle yourself. Don't be cocky. Too many people get a little too confident when they feel they have good security and that leads to their downfall.

        ...On a serious note, don't keep data you don't want to be seen in possession with. It's not worth being a data hoarder if what you're hoarding may lead you to be targeted for your operation. The delete button is your friend. In intelligence, agents are people who gather information for the agency, not for themselves.

        If you have to be in possession of a journalism product then don't be the only person who owns a copy of it, or else you have a single point of failure, You. If you are a journalist reporting on something detrimental you cannot have a single point of failure. You should always keep backups of your data to somewhere, it can be encrypted on a cloud, to someone you trust, and in other local media.

        IksNorTen And what do you think of the utility of the duress password feature in this kind of case? Would it help the journalist or would this be worse for him?

        Duress password helps, it's designed to be used just before or during a distress event. All data is erased. It would be obvious it was triggered though as it would appear the phone had been factory reset. The purpose of duress password is to use it when the consequences for unauthorised access of the data is worse than what happens if the data is destroyed, and ideally the latter should be miniscule if you had backups.

        IksNorTen Yes but you can also be charged with destruction of evidence and face years in jail too?

        Overall, people choosing to give/not give credentials up to an authority is up to their own discretion, if he chose to do that then that's his choice. We don't and can't make that decision for other people. Same goes for using the duress PIN, etc. Users should use it when it is most appropriate to them. Assume that if he's done this, clearly he's aware of the consequences.

        phone-company In the best case scenario, you get the authorities to enter the Duress Pin themselves

        I cannot recommend people to try this, the feature isn't designed to be used on tricking somebody. When devices are seized, they are kept in a lab in a preservative state then examined for it's characteristics so they can be documented for the case. It only takes a slightly experienced person, and in some cases, a complete novice to recognise it's a Pixel with GrapheneOS installed. Moment that's known they're never going to ask you because they know a password can erase the device. If they had been spying on you they could just build a brute force dictionary based on what inputs or hand movements you made while entering your primary credential instead and completely ignore you.

        Nothing stops a user on this forum or elsewhere making a little guide or a warning about GrapheneOS devices and how they may appear. It isn't worth the risk.

        JollyRancher One of the better options for this is to have a second phone that you know is vulnerable to forensic tools and store your duress password on that with a descriptor like GOS Password.

        Same as above, If I was putting myself in the shoes of an experienced investigator I wouldn't trust anything a device owner says about their GrapheneOS device, this file wouldn't confirm anything about it being the password unlike surveillance of the target. A good investigator shouldn't fall for lures or red herrings.

          final Same as above, If I was putting myself in the shoes of an experienced investigator I wouldn't trust anything a device owner says about their GrapheneOS device, this file wouldn't confirm anything about it being the password unlike surveillance of the target. A good investigator shouldn't fall for lures or red herrings.

          Yes, they shouldn't do so, but people do stupid things every day.

            JollyRancher If you store a password on a piece of paper and the police find the paper and enter the password without you actively doing anything then it isn't you who destroyed evidence.

            Really, so you have arrested a potential terrorist and they have an electronic device on their person, you have seized it, its in your hand in front of you, now do you press buttons to guess the password and potentially disappear in a huge explosion to only reappear as red mist raining out of the atmosphere into the crater that used to be the ground you were standing on, or do you just leave it the fuck alone place it in a container and get a lab to look at it, after it has been expertly assessed for explosives, etc..
            Were talking real word here not NCIS on the TV.

              As already mentioned by final, this message is to reiterate that the topic of this discussion should be kept technical, i.e., the technical capabilities of GrapheneOS.

                treequell then allow me to reiterate what I have already said..."His phone is secure, anyone using GrapheneOS knows that."

                This thread is purely theoretical. Of course, everyone should abide by the law. But anyone who has ever been targeted by investigators due to false information will be grateful for Graphene OS

                horde
                Oh, yeah I remember that laughable story πŸ˜‚

                I know this might seem a little bit unrealistic. Wouldn't it potentially be possible to say you simply forgot the pin or password to your phone? People forget their passwords, pin codes, wallets, bank details all the time. I'm just wondering would it be possible to play the fool here and say you simply cannot remember given the gravity and the stress of the situation? Surely it wouldn't be possible to prosecute somebody on something they simply cannot remember.

                • de0u replied to this.

                  byteigcart Wouldn't it potentially be possible to say you simply forgot the pin or password to your phone?

                  If you are genuinely curious as to how that would play out in a specific legal jurisdiction, it might be productive to speak with an attorney licensed to practice in that jurisdiction.