If you deliberately do anything which will cause evidence to be placed beyond the reach of law enforcement then you are likely to be hit with charges.

You can quibble over technical details, but at some point a judge will be asked if it fits the charge, and make a layman decision, not a programmer's one.

Then again, if a browser cookie is the only thing providing access to "evidence" on a particular machine, then it wasn't actually on that machine to begin with.

That's far from a mere technical detail, as it also means the person lacked any meaningful physical control of, or proximity to, the evidence.

I recall there are some cases that centered on whether someone was aware of the existence of a browser cache and knew how to clear it. In that case the "evidence" really is on the local machine because that's what the cache is.

>That's far from a mere technical detail, as it also means the person lacked any meaningful physical control of, or proximity to, the evidence.

That would still be irrelevant if their intention for getting themselves to "lack any meaningful physical control of, or proximity to, the evidence" is deemed by a judge to be malicious.

You have badly misunderstood the point the GP was making. The person in question was always in a state of “lack[ing] any physical control of or, proximity to, the evidence”. They had no control of this in any way.

This, by the way is why the technical issues are important, relying solely on the lay person interpretation is dubious. A court that issued ruling on issues it doesn’t understand is inherently unjust.

This point seems to get lost so often in these discussions - intent and a judge are involved here.

The described intent is definitely to get in the way, but it's not to destroy anything. "Intent and a judge are involved" is not a magic answer.

No, but it's a binding answer, and when you get before a judge you don't want to be caught splitting hairs.

Figuring out if it's a crime, and which crime, is usually not splitting hairs.

Getting caught is less than half of the equation.

Wouldn't this mean that measures to protect your data from other adversaries (criminals or competitors) would be illegal as well? Unless, of course, "intent" is determined solely by the fact that I am or am not a criminal. But in an age of overcriminalization, where you can indict a ham sandwich if you need to, anyone could be considered a criminal if the government takes enough of an interest in your activities. This would mean that everyone who takes reasonable security precautions is at risk of stacked charges for "destruction of evidence"! Not a great situation to be in for journalists and dissidents.

The question is - have you, realising that you are under police investigation, attempted to destroy information which that investigation is interested in.

Not "Do you have a lock on your phone" or even "Do you have a lock on your phone which causes it to self-wipe after 5 incorrect password attempts" but "Did you, when you realised the police were on to you, deliberately wipe some data to stop you getting into trouble."

The implication seemed to be headed in another direction. What you've just outlined is perfectly reasonable.

>at some point a judge will be asked if it fits the charge, and make a layman decision, not a programmer's one.

There seems to be a doubles standard in regards to the use of technical vs layman decisions. I've seen legal cases where the judge is making rulings on extremely technical points of law which are far outside the layman's understanding, but these only seem to happen when there are really expensive lawyers pushing for it. Have a public defender? Layman decisions, especially if they aren't in the defendants favor.

I wonder if anyone would have the ability to formalize this into actual research to see if there is any truth behind my intuition.

It would be difficult to determine that a web app has been remotely logged out vs. an entire phone being wiped.

I assume that if you deliberately do anything to alter the state of the device in policy custody as evidence it will be considered tempering with evidence. A similar analogy - "hey, I didn't destroy evidence, I just remotely instructed my phone to encrypt itself. The data is still there, it's not destroyed." That would land you in a federal prison real fast, and rightfully so - you took action to change the device state after it entered police possession and you knew it was evidence. The contents of the RAM would definitely be considered evidence since by your own explanation they contain the data that the police are looking for.

It is probably similar to the police seizing your keys or combinations for locks to a storage unit and you changing the lock on the storage unit.

The police can just go to google or slack with a warrant to get the evidence. The physical equivalent would be going to the storage unit proprietor and cutting the lock.

IANAL but I would expect it to count as "hindering a police investigation", obstruction of justice, or something similar.

Logging the phone out doesn't matter in that case. The police can request your data from Google/Slack/Facebook's lawyers.

Depend on how easy it is to prove that you did it. For example if you're using 2FA with client specific passwords that all show locked out accounts then it's probable that they could request your access control logs for your 2FA provider.

If only one or two such services were "timed out" then it's going to be harder to prove.