US Customs sued for information about border phone searches US Customs and Homeland Security are being sued to get them to hand over the rules by which people have their electronic devices seized and searched at the border. The lawsuit [PDF], brought in Washington, DC, by the Knight First Amendment Institute at Columbia University, claims that the US government failed to respond to a …
I had my laptop taken on a flight into the US back in about 2010; they insisted it was started up, logged in, and then without a word walked off with it for about half an hour before returning it without a word and sending me on to be further processed. I presume they were duplicating the hard drive data or something. That was also the trip where - as a foreigner - I was "randomly selected" on each internal flight for further checking. I would have been more offended if I had not (a) had nothing of value on the machine anyway, and (b) feared they would abuse their powers by kicking me out of the country or locking me up on a pretext if I said anything. Needless to say, I've avoided the US as much as possible ever since and always flown via Asia.
We have protocol for US border crossings. First of all, staff does not take along laptops, and all the iOS gear is set up for corporate data delete. Staff is required to run the delete software before landing, so by the time they get to the TSA people, there's noting on the devices that could harm the company.
If they have to hand off any devices, those are no longer permitted to be used for company purposes until they have been formatted from the ground up - we'll take the hit in productivity over the incoming GDPR fines any day.
What happens when you unlock your laptop and give it to them to copy/infest or whatever and there are large numbers of encrypted files on there?
Can they force you to unlock the files?
What about if the reason the files are encrypted is because it is sensitive data that is subject to strict handling rules (rules determined by a US organisation for example).
Which law has the most clout?
I travel only with a mobile that is given to me for when I go to the USA. My employers have a policy whereby a guest laptop is to be provided for visiting colleagues, so we can log-on to our VPN etc. If my phone is taken, they given my email contacts, which are all work colleagues, and all on our website anyway.
I would have been more offended if I had not (a) had nothing of value on the machine anyway,
All-time favourite opsec fail: misjudging the value of your data (or system, account creds,.. whatever) to attackers.
This used to be a thing when people refused to run AV because "I've got nothing worth hacking". Nowadays apart from banking and CC data, most people have some sort of idea that their bandwidth and processor cycles may have a value to an attacker.
Time to start developing a phone with built-in plausible deniability: enter your normal password and it unlocks your normal filesystem with all your intimate details; enter the under-duress password and it unlocks an alternate filesystem which just contains a few touristy photos and nondescript messages about feeding the cat, with timestamps updated for effect.
Time to start developing a phone with built-in plausible deniability...under-duress password...alternate filesystem
Visiting the USA in the 2010s now has the same flavour as visiting the Soviet Union in the 1980s. It's not worth the hassle of playing stupid games with US Authorities, and it could backfire on you rather nastily. Unless you have to go there for work, just avoid the hassle by going somewhere else. There are a lot of other countries to choose from, and many of their governments encourage tourists.
I remember visiting Moscow in the mid 1970s when I visited Red Square. A beautiful place with a fantastic if somewhat elaborate cathedral (St Basil's).
Anyway I was sauntering towards it and had my Practica 35mm camera (good East German make) ready for a few quick snaps when I noticed a guy in a grey raincoat standing quite close by, watching me. I realised I had seen him before at my hotel and suddenly had a mild panic attack that I was being "monitored" by the KGB or summat.
I went over to him and asked him if it was OK for me to take pictures here, that I was a budding architect and I wanted to study buildings for reference (I particularly like Ecclesiastical architecture). He spoke most polite English and took it upon himself to show me the best places to film and gave me a fascinating insight into Russian life.
How annoying therefore that I have spent most of my life (well since Sept 11th 2001) fighting with English and US authorities to take innocuous pictures such as Canary Wharf or in Times Square!
> There are a lot of other countries to choose from
Unfortunately, if you happen to be an eclipse chaser then the choice of where and when to take the holiday that you want is limited. I get the feeling that this year's stories could put the Libya trip into an entirely new perspective.
Damn, I've just suggested on a social website that I may have visited Libya.
wouldn't it be easier to just get a throwaway phone for trips to my wonderful country?
load it with only emergency/business/family numbers you can expect to need . . . any other numbers you either memorize or call someone back home who knows the number.
i'm sorry about the hassle for you folks visiting here but it's even worse living here . . . i despair.
This post has been deleted by its author
This is my thinking as an Android user. Backup phone prior to visiting the US, factory reset it and if it's taken they get to copy a blank phone. Once through you sign in as normal and Google pushes all my data to my phone. Repeat the process when leaving if you're super paranoid. It's inconvenient but given the limited choices I'd pick this over having my phone data copied.
For any "Nothing to hide, nothing to fear" types I will paraphrase JD from Scrubs. "For the man (or woman) who has nothing to hide but still wants to."
1. I wouldn't be so sure that data on a factory reset phone couldn't be read, unless it were encrypted (in which case the key is thrown away when you factory reset effectively making the data unreadable).
2. An obviously non-new phone with a new shiny out-of-the-box software experience might be grounds for further questioning, with rubber gloves.
I wouldn't be so sure that data on a factory reset phone couldn't be read, unless it were encrypted (in which case the key is thrown away when you factory reset effectively making the data unreadable).
That's how iOS does it. On format, it creates a data container with a key that is held in hardware (in software until iPhone 5C). On reset (or too many password entries) it zaps that key, rendering the data inaccessible. Simple and effective. No doubt Android will do this too, but it needs a hardware held key to become truly safe (that was the entry path to FBI vs Apple).
There's a simple solution: get something non-smart. In my case its a Samsung B2100 - cost £55 IIRC, does everything I need a phone to do and is obviously far too dumb to interest Homes operatives. IMO this makes it the perfect phone to take to the US of A or any other place with an over-intrusive border garrison.
If I have to go for non-work reasons, i'm likely to try the following.
TSA: Do you have a mobile phone
Me: No, my provider doesn't supply roaming so I figured i'd pick up a cheap phone and SIM packed once i'd landed. Save me a fortune in roaming fees.
No idea how that will work, but I have no intention of taking any electronic devices through US customs, unless they are work devices.
You might want to consider the exact phrasing of those responses to the border droid. Anything that sounds like, "I left my primary trackable phone at home. Now I'm here I'm going to buy a disposable anonymous burner phone." sounds remarkably like a conversation the trigger happy border guard will want to continue with rubber gloves on.
The Grugq, who knows whereof he speaks: "Stop fabricating travel security advice. Advice that includes lying to federal officers is worse than useless" :
https://medium.com/@thegrugq/stop-fabricating-travel-security-advice-35259bf0e869
As a US national I passed through German security on the way to India in 2005-ish, and they did the same - turned on my (work) laptop, bade me log in, and carried it into a back room for around 20 minutes where they did... presumably something. It seemed relatively routine to the officer, though in retrospect perhaps she twigged me for something and was just acting nonchalant. I guess EU members don't have to deal with German customs? Or has this been tightened up in the interim? By coincidence I've only gone through Dubai since.
My policy is to never go there, I have been told that the country is fantastic but is spoiled by the Americans.
Well you can keep it as I will not go there not even when requested to do so by my company on the previous five occasions when they needed me to go.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
