Security Keys are rendered useless if you're compelled to provide device password

You’re welcome.

It’s certainly an interesting topic.

I suspect that in the end, it’s driven by the fundamental iOS architecture which is single user.

Within that architecture, the possessor - once authenticated as the user - is explicitly trusted.

I think you’re suggesting that a multi-tiered iOS permissions system might be better.

Or perhaps the user might be able to more easily limit how much of his/her “larger” iCloud data is actually accessible from the mobile device.

While a valid point for feedback to Apple …

… at present the iPhone possessor / user permissions are effectively “Authenticated and Fully Trusted” …

… or else permissions are effectively “Deny All.”

The EFF article - while certainly U.S. Focused” - does provide some good conceptual safeguards and practices which are applicable at some level to ANY border crossing or while working within more “intrusive” states.

Spackintosh wrote:

Thanks MrHoffman and Chattanoogan for the thoughtful comments. I generally agree with you, but it’s not really about carrying data across borders. It’s about cloud credentials. Few corporate users have, or should have, much IP routinely stored on their device.

That’s not a distinction I’d make in this era.

The idea of “burner” devices is more James Bond than real world practice.

Check with your organization’s legal and CIO/CISO teams.

Several years ago, was invited to a major vendor’s private high-level IT security session with their senior VP, directors, and other senior vendor staff, and noticed somebody was vacuuming the vendor’s staff and the hundred-or-so participants’ Wi-Fi network traffic using a WiFi Pineapple device, or similar.

Had a discussion with the vendor’s IT network and security staff after the presentation, and they were unaware the Wi-Fi connection collection was happening.

The Wi-Fi vacuum was running again at the presentation by the vendor’s CEO, too.

The miscreants certainly got metadata from me, but AFAIK all of my Wi-Fi connections were TLS. What they got from the vendor and the other attendees?

So yes, what you are concerned about can and does happen. And quite possibly not in environments where you might not expect it, nor in ways you might expect. And the available means of collection or of filtering or of blocking certain traffic to force fallbacks have only gotten better in recent years.

Chat with your legal folks, and with your CIO/CISO’s team.

Apple Inc says; "We read all feedback carefully, but we are unable to respond to each submission individually."

Here is how for iPhone · Country or region* Select your country or region. · Feedback Type* Select feedback type. · Comments* Enter a comment.

Feedback - iPhone - Apple

You will want to discuss this whole topic with your organization’s legal staff, and will probably also want to mention this discussion thread to them.

Not complying with applicable export and import regulations, and with other applicable regulations—whether at a border crossing, or elsewhere—can end badly, either for the individuals involved, or quite possibly for the individuals and the organization involved.

I’d expect that not having device access would result in device seizure and detention. They’re just going to keep the device. And quite probably also keep the bearer—a person that might be called a “mule” in some similar contexts—in custody, pending compliance with their demands. Or forever, if they’re inclined.

If your environment and your applications require data security past what Apple offers, or if y’all are transporting sensitive data across international borders, you will want and need legal and technical and organizational policy review. This includes practices, software, and hardware all appropriate, and preferably also compliant with all applicable regulations.

For this topic, either review your organization’s existing policies where it covers this topic, or you will want and need to consult with your organization’s legal staff to address this topic.

I would not want to knowingly be holding a device containing sensitive, restricted, or prohibited data at any national border, whether or not I could gain access to the device contents.

IANAL

Apple requires Re-Entry of the passcode to delete keys.

If a state can compel one to divulge one’s passcode, they can also compel one to reveal other passwords as well.

You might find this an interesting read:

https://www.eff.org/wp/digital-privacy-us-border-2017

I don’t disagree.

However, these keys are only being “registered” by Apple to allow ONLY hardware-based token authentication to your AppleID from untrusted devices. (Completely replacing the TOTP-based 2FA scheme)

It’s NOT “copying” your hardware key to allow the Apple device to function as a “proxy” key. (technically impossible by design)

You can still register and use the same hardware keys for other supported apps and services.

There is no security issue w/ registering the same hardware key(s) for multiple services.

[Although I always recommend implementing a PIN on each hardware key to better limit it’s unauthorized use AND to prepare for “passwordless logins”. (both uses are Web site implementation dependent)]

Depending on which countries you will be traveling to, you might want to consider this:

XKCD (comic) – Security

https://xkcd.com/538/

Hello ~ Excellent.

~Katana-San~