Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A "kill switch" that engages upon unauthorized access to an office or a server rack should be standard operating procedure of any company that deals with sensitive data. Make it as hard as possible for actors like burglars or "inside actors" like cleaning staff to exfiltrate data.


> A "kill switch" that engages upon unauthorized access to an office or a server rack

Wouldn't a raid by police (at least if they have a warrant) be "authorized access" because they are law enforcement?

At the very least, they could trigger the kill switch when the raid first happens, but once it has been verified it is the police, the kill switch should be disengaged so they have full access.


>the kill switch should be disengaged so they have full access.

Only when you’re legally obligated to do so, which is probably often not the case.


If the police comes knocking on your door with a warrant, aren't you legally obliged to do as they say? I thought that was the entire point of a warrant.


If the warrant is to search your premises, you may not be obligated to decrypt your servers that automatically shut off on unauthorized entry.

Generally, but not always, a separate court order would be required to force you to decrypt your servers.


If the data is on the premise, how would the warrant not include being able to look at the data?

That's like saying a warrant wouldn't include data found in a safe, and that would require a second warrant.

Now, if the data is remote, I'd understand it I guess. But if the kill switch simply burns the local data so only remote copies are still there, that kind of defeats the purpose of the raid in the first place.


The warrant lets law enforcement look for and seize things. It doesn't necessarily compel the target of the search to perform an action. Normally you would oblige the officers since otherwise they would just cut open your locks, but with encryption, that's probably not an available alternative.

Afaik, courts are undecided on whether you can be compelled to decrypt your own data.

Corporations are held to different standards though. They are often required to share information about themselves with the government, are constantly involved with discovery processes, and generally have different expectations of privacy.


A search warrant will generally not compel you to open doors for law enforcement, it simply authorizes them to kick your door in.


Did they use it?


But very easy to get in and shit them down by triggering it.


For most companies, the data is more important than the service uptime.

Think about it... Would you prefer your Gmail to be down for a few hours, or for Moscow/Beijing to get a copy of all your sent/received emails cos they dumped them from Google's servers in the country?


I think they're suggesting a scenario where your Gmail is regularly down.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: