I would install such a firmware in a heartbeat if I had confidence that there were a team of freedom-fighting hackers staying one step ahead of the authorities.
I don't keep anything incriminating or illegal on my phone (hell, I don't do anything illegal) but I'm terrified of the day where I'm in the airport, embarking on a £4k holiday (not insignificant in my salary bracket) and am asked to hand my phone and laptop/tablet over to confirm I'm not a terrorist. I'll be faced with acquiescing and compromising my principles or disappointing my girlfriend (who I almost always travel with) and having both of us taking a financial hit (and probably being added to a "list" or having my threat value increased).
It's not an unheard of situation in the UK, and is most often not intelligence-driven (more likely you are travelling through an airport where they are trialling some new counter-terrorist technology we've paid a small fortune to install).
I think a device with limited state (ROM-only?) which can give me reasonable assurances that no-one could tamper with it or install any government sponsored malware may be the solution. Although the utility of such a device is questionable, and it certainly wouldn't be fun to use.
I've mentioned this in NSA stories before, the US government, the UK, are hardly the only concerns. What happens at other borders? Your devices contain sensitive information -- logins, source code, server lists, archived email, customer data; perhaps not on the machine itself but accessible through it.
Corrupt countries are one problem, but so are first world countries. There are a number of stories about American execs being spied on by first world countries. Failing to protect your physical data when you leave the country (assuming your devices have work information on them) is negligent.
Absolutely. However I'm less well versed in international privacy laws than those of the UK. With RIPA, the mere act of protecting your data while transiting through the UK can be seen as incriminatory, with failure to decrypt data a serious criminal offence which can result in prison time.
I think that steganography and plausible deniability are vital. However employing such techniques can make life even more difficult if caught ("What are you going to such an effort to hide?").
There is a good solution: don't bring your data. It is a problem if the place you are going doesn't have broadband, but then again there may be little work that can be done in such a place.
I don't know if I'd say that's a good solution. If travelling for pleasure, that would mean wiping my personal data from my device - contacts, messages, emails. It would also mean logging out of all network services. Or just leaving that data at home. Being able to stay in touch while away, and retain access to my online accounts is really useful.
If travelling for business (even to a country with poor broadband access) I may still need access to vital business data. I can't always leave this at home.
Sure, I could VPN home but if I am to travel with no private data at all then that would preclude the possibility of using certificate based encryption and relying on less secure (and memorisable) passwords.
Travelling without data is very difficult today, unless you plan on being completely disconnected.
I would add that I'd be worried that if we weren't one step ahead, the discover of such digital forensics counter-measures would be used as evidence of wrong-doing. RIPA (Regulation of Investigatory Powers Act, 2000) has set a precedent where the unwillingness to acquiesce (for example, divulge encryption keys) is a crime in and of itself, effectively outlawing privacy.
I don't live in the US, but it wouldn't surprise me if my activities have, at some point, contradicted US tax laws. I understand it's even more complex and ambiguous than that of the UK.
I don't keep anything incriminating or illegal on my phone (hell, I don't do anything illegal) but I'm terrified of the day where I'm in the airport, embarking on a £4k holiday (not insignificant in my salary bracket) and am asked to hand my phone and laptop/tablet over to confirm I'm not a terrorist. I'll be faced with acquiescing and compromising my principles or disappointing my girlfriend (who I almost always travel with) and having both of us taking a financial hit (and probably being added to a "list" or having my threat value increased).
It's not an unheard of situation in the UK, and is most often not intelligence-driven (more likely you are travelling through an airport where they are trialling some new counter-terrorist technology we've paid a small fortune to install).
I think a device with limited state (ROM-only?) which can give me reasonable assurances that no-one could tamper with it or install any government sponsored malware may be the solution. Although the utility of such a device is questionable, and it certainly wouldn't be fun to use.