US court waves through border laptop searches

What about locking yourself out.

There's a couple of options I can see here:

1) Create a dummy account, that it auto logs into, you then have to log into your "real" account

2) VMware, quite a few people at work use VMware to move between laptops, especially when they break. So the clear boot of windows has nothing on. You could truecrypt where you keep the images

On one of my laptops the client insists on having a usb token in and asks for it at boot time. What would happen if I didn't have the token (left it at the destination last time, or posted it, or whatever)? You can only *get* to the boot screen and password prompt... Is that a quick stint in Gitmo?

Paris: Coz she has more clue than airport security.

Second Life

The congressional hearing seemed to point out the existence of a "certain form" of life in a laptop, even the possibility of money laundering and terrorism. Now a court rules "one cannot live in a laptop". The latter kinda contravene the former.

So what if my avatar did download some unlawful material? Do you need a reality virtually warrant to search the virtual laptop that has been used to write the cache files on the real HDD but in a virtual form.

/straight jacket with virtual sleeves please.

Work laptop

What if its a work laptop, what if you are bound by the official secrets act and have sensitive data on the laptop that the border police would not have the relevant clearance to see?

Work in the defence industry... your going to prison...

On the other hand... Just have all of your dodgy stuff in a virtual machine... I doubt that they would have the knoledge to look there... Actually... Just keep it outside the desktop/my docs folders... should be pretty safe!

Paris because, well, just because.

I wonder how they'd react to data encryption...

Anything I didn't want people to see, I'd encrypt, strip any file extension, rename it, and either bury it in the system folder with innocuous names or put it in folders like "found001", "found002", that Windows generates trying to recover files from a damaged hard drive.

The tea party is over

I was under the impression that the American War of Independence was fought to rid Americans of an over taxing and overbearing government. Steadily all of the rights fought for and thoughtfully written into the constitution are being eroded away, it may be time to put on the war paint and feathers guys! Of course now you won't be fighting for the freedom of all Americans you will just be terrorists with a free pass to gitmo.

you don't live in a laptop

I'm a big fan of privacy, but... If it's ok to search papers in a briefcase, it ought to be ok to search a laptop, and for the same reason. Sure, a laptop is getting to equal a fatter and fatter briefcase, but that's not the point. The point is, you are travelling. You aren't at home. You knew you were subject to search. You chose what things to take with you, and what things to leave in a secure place when you left.

If you chose to take a baggie of dope, that wasn't very clever of you. If you chose to take 10,000 child porn images, that wasn't very smart, and it doesn't matter if you printed them out or put 'em on your laptop. If you took trade secrets or sensitive documents, shame on you for exposing them to high risk of theft or loss, because you were *travelling* with them. They weren't secure. Duh.

What kind of excuse is, "uh, um, I forgot to take the dope out of my briefcase, so you uh, um, shouldn't be able to bust me when you noticed my hash pipe on the x-ray. Like, bummer man!" Isn't the argument pretty much the same with the kiddie porn images?

Now, I wonder what the outcome would look like if every file was encrypted, and you said, "Well, duh! It's a laptop. I'm travelling. It might get stolen or lost. Of course everything's encrypted." Reasonable search would not extend to the password, which was *in your mind*. I suppose the NSA could pwn you if it wanted you bad enough, but suspicion of possible stuff is probably not enough unless you're already on a list.

Of course, you'd be the only computer user anywhere and throughout all time ever to not have been stupid with the contents of their laptop, so maybe this constitutes probable cause. Or export of sensitive encryption technology. Or something for which there is a jail-time penalty if they want you.

Paris, because she'd try this argument.

Cue...

...lots of business travellers flying in elsewhere than LAX/SeaTac.

never again

"So for the time being, if you plan on crossing the US border into the Ninth Circuit, it's probably best to just leave the laptop at home."

a) Having been fingerprinted and questioned there by some imbecile enforcement joker before, I have sworn that I shall not visit the US ever again. It's a cultureless hellhole without history nor future.

b) My hard drive is inside encrypted linux, so should I be dragged over there by CIA operatives, they probably STILL wouldn't get in.

Secrets

This brings up the question of password protected files and encrypted folders, etc. Can they force you to open those? What if you don't have the password? Are you guilty until proven innocent then? Are they able to legally violate confidentiality agreements and NDAs? Can they hold the laptop hostage while they search and decrypt everything because you have a passworded file that can't be opened on the spot? And more importantly, how pissed off are they going to be when they spend that many resources on trying to decrypt that file full of pictures only to find that they're all pictures of o'rly owls and lolcats?

Truecrypt is your friend

http://www.truecrypt.org/

Potential for exclusion

Given that the US already has, bizarrely, policies that allow exclusion of people for some pretty spurious grounds, such as HIV infection, it seems to me that perfectly legal information found as a result of travelling with a laptop could result in you being packed off on the next flight home.

What if, say, they find an email to or from your doctor, or an HIV support organisation?

Probably best to make sure you don't have those pics from your holiday in Cuba on the laptop either....

America is a dump anyway

The natural side of the country is amazing, the people are nice, dim but nice, but the infrastructure is a total mess. Lack of pavements, too many police, you need a gun.

Well, there is another point that you should know

They can force you to turn over the password. Same as forcing you to unlock a file cabinet or safe. You aren't incriminating yourself by said actions. At least in the eyes of the law.

Now, you could go to jail for a misdemeanor (1-2 years) by refusing the key or for a long time for providing the key (assuming you have something to hide for real).

Personally, I will consider encrypting non-incriminating data just to give them a hard time. Probably with a password like: hax0r. :-) Mostly to annoy them and make a point. Not too much cause I don't want to be fingered EVERY time I fly. Then again, with this new electronic fingering that scans me behind for screeners.... I guess I'll get fingered anyway.

/Snarl. I only fly these days if I absolutely have too.

Passwords...

I believe that passwords are covered under the fifth amendment.. Meaning if your laptop is password protected, you do not need to give up that password.

But that may just be one of the many many amendments that got thrown out the window with the patriot act.

Remote is the best

Psuedo Thin client laptops are the best, I have a slipstream/ghost image of the drive with all the apps from Windows to Winamp and just reinstall or more importantly download the image and reinstall if my laptop was taken/stolen, followed by downloading all the extra encrypted user created data from a remote server. Laptops only cost about £400 or less today, only the stupid would treat it as a data store.

No good for paedophiles because everything is mirrored, backed up and copied but for everyone else in the world, there is no excuse to treat a laptop as a computer, it is a fat client dating a thin model.

The last time I lost a laptop, or had it fail with dodgy power socket, stolen, WGA failure in South Asia, the procedure is download image to install, burn to DVD DL and wipe the existing setup, connect with SSL to download documents/emails 600MB compressed, then unencrypted mp3s then movies on a fast connection any time it gets wifi available. All through SSH with host authentication so can use any connection no matter the security involved no question of trust.

Laptops are tools, nothing more, with the privacy implications of being searched, anything private should be remote. Kind of a slightly overweight client that dates a thin model.

Computers are Big

It takes only 5 minutes to search a brief case. Upon conclusion of the search, agents can be certain that they found everything in the brief case. And you can only store so much in a brief case. None of these features is true with laptops.

Any serious criminal will use one of a thousand ways to encrypt and/or hide nefarious data. And border agents certainly are not going to have the skills, tools or time to do a serious search of any laptop. It's MUCH easier to think of how to hide data than to find it once it's hidden.

Looks to me like another invasive but useless ruling.

They can search my laptop...

Assuming they don't have anything sophisticated to search through the file system of a randomly selected traveler, as they told him to just turn it on, they can have all the fun they like trying to find (and see) pictures or whatever else using nothing but a Linux shell. And of course if they want me to do all the typing, I can easily do what's suggested in the title tag of this comic... http://xkcd.com/344/

Although I really don't agree with such searchings as these, I think the guy deserves it for sheer stupidity. If you're going to be carrying around child pr0n, you might as well have the sense to hide it somewhere well on the file system. But wait, criminals that get caught are stupid...

@Work Laptop

One would hope your employer would have guidelines on how to deal with border agents and company kit. Same goes for local authorities too.

With regards to defence companies and their ilk. Not only would border agent not have the clearance they would not have 'Need to know' the info contained. Also need to know is how to solve these problems, if you need to know how then you will, if you don't know then you won't, and won't know that you need to know. It gets tricky when you know you need to know but don't know, then you ask the right people.

I would hope that few border guards would want to cause an international incident though.

For personal use something along the lines of whole disk encryption with a 'safe' login is the way forward, or a live CD, or better a VM. It is also worth keeping an eye on whether you have the right not to incriminate ones self by not revealing password/logins stored in your head. Think there's an on going US court case on that one. http://www.theregister.co.uk/2008/01/16/encryption_password_showdown/

RIPA messed that up for the UK though.

Alternative methods

Personally I don't bother moving computers, I just carry a couple of drives around and plug them into the computer I got sent previously via courier/freight.

So no 'please power it up' moments.

Unfortunately security bods seem to take a lot of interest in the drives when they see them on a scan. Generally they want another scan and/or chemical swab test before I can go through.

So far no-one has expressed interest in the contents of the drives. Generally I'd tell them to F-off - 'protectively marked content - you aren't allowed to see it' - and if that failed they'd still be stuck as the data is pretty solidly encrypted.

But if I thought I was going anywhere near the TSA I wouldn't carry any data with me - alternative transfer methods would be used.

In the future (once capacities increase a little more) I'll probably use microSD cards to move my data - no-one would even realise they were there. Duplicating the rest of the machine/contents between sites obviously costs a little, but no enough for it to be a major concern - and it's not my money anyway!

I might carry a USB key and/or a hard drive though. Not with any data on it, but rather with a modification to cause nice direct short between power and signal pins. Maybe even a nice step-up converter to help things along.

Obviously there'd be labels on the drives - 'test equipment - do not use', but I suspect these would be ignored. And the result would be magic smoke leaking out of whatever they were using to scan/copy everything.

I know this is wrong. But so is searching computers.

Really? No-one else immediately though...

I can think of a few laptops I'd like to live in...

The guy will probably not be a "paedo"...

probably just a bored, living-away-from-gf/wife consultant or businessman with too much time on his hands in hotels while travelling. Probably used a newsgroup program to download a few hundred images to entertain himself with, and didn't figure or care that any of them might be underage. Even if you avoid the explicit newsgroups that are for teens/young females/lolitas etc., you still have a bunch of pervs that post that stuff in every binary .erotic newsgroup and frequently label it as something else. If your news client simply downloads them in bulk, and you haven't seen them to delete them, OOOPS, you are suddenly a paedo and headed to a life of hell.

A real peado would know to hide/encrypt/email said images. This guy acted like he had nothing to hide, and probably didn't think he did. Was probably downloading from .erotic.brunettes and erotic.blondes. I'd like to know what proportion of the images are said to to be paedo, compared to how many in total in those directories.

I used to use newsgroup clients on my laptop when away for work 5 days a week, actually helped me stay faithful to my gf when gone (she'd rather I do that than sit in a Marriott bar and potentially meet a real woman to be tempted by). I ALWAYS set up global filters in the client for "lolita OR teen OR pubecent OR young OR incest OR..." - you get the idea. That excludes the obvious crap, and at least gives some line of defense should anyone find something they should not. At least you can show that you were not obviously looking for it, and actively trying to avoid it. And of course, make sure you avoid the obvious paedo newsgroups and websites...

Posting anon because you really can't be sure WHAT can exclude you from a job these days, and with Paris because I remember when I downloaded her own video from the newsgroups...boring as hell really girl, try to look more interested or less drugged next time...

The lad got lucky

He should be glad he wasn't traveling through Dubai or worse. Clearly the time has come when ports of any shape or type have become free police zones where the best you can hope for is a kiss, but only if there was anal tearing _and_ a handful of sand in the Vaseline.

@ you don't live in a laptop

I understand they can search your briefcase etc, but how would you react if they brought out the photocopier and made copies of every document in there (medical records, invoices for rubber products, etc) 'for their records'...

Don't they have the authority to make an image of the entire HDD for analysis?

Personally I think the entire IT industry is just a front for the NSA.......

What about phones?

I keep loads of stuff on my phone. Images, documents, URLs, emails, music, video. Some of it I encrypt to ensure that if a scumbag steals my phone he can't access the data. How long until this ruling applies to phones and PDAs too?

@Alternative methods

gotta build me one of them USB destructo drives

to leave lying around my desk

;o)

"You can't live in a computer"

... And neither can you smuggle drugs or explosives onto a plane in the data on a hard drive.

Border controls at airports exist to keep the country safe from illegal trafficking, terrorism and tax evasion. Some of these things are impossible using hard drive data, and those that aren't can be much more effectively achieved using electronic communications.

This is just a license for border controls to go fishing for extra busts. If US customs claims to exists for the protection of the US from terrorism and smuggling, there is NO WAY they can justify this ruling.

On the other hand, if one accepts this ruling as legitimate, it is a tacit admission that US Customs exists to spy on the thoughts and actions of US citizens and other foreign nationals entering the country.

Which one will it be? For the time being, I'm going with the latter, which is why I've stayed away from the US (despite countless opportunities to go) for the last 7 years.

trade secrets

i often hear:

if its a trade secret, your not alloud to travel with it, because the risk...

Come on, get real:

In bigger firms, people need to meet the people they want to do buisiness with, espacially with big deals or in themes where your opponent needs to be convinced.One can in most cases not remember all stuff that is nessecary for ones work...(especially not these big excel sheets with all the formula etc)

encryption ok, but for me its just 1 reason more not to be to eagger to visit the us of a. (allthough i know its more likley today to get a free visit to some modern and surrealistic camping site)

Paris, because their seme to be more and more around of these (at least brainwise)

Logical consequences

There are two logical consequences of this:

1) Any traveller from a civilized country must automatically refuse to travel to this uncivilized dump. Period.

2) Any traveller from this uncivilized dump must automatically turn over their computer for duplication upon arrival. Their own courts has by doing this, waived any claim of "diplomatic pouch" proteciton for their data. Period.

//Svein