I'm hoping that manufactures will start building a plausible deniability user profile you can log into while leaving your actual profile encrypted, appearing to be slack space.
This kind of thuggery seems to be getting more common.
Keep data off your devices during travel, and download it once you're safe. If corporate, require external activation by someone from the company before the contents of your device are restored. That way you cannot be forced to divulge any company trade secrets, because you simply don't have access to them while you're crossing the border.
So what if you are asked if your device is in its normal state or whether you deleted any data from your device before travelling?
Lying in that situation would seem like a very bad idea (I'm not a US national) - I've had a few uncomfortable experiences over the years entering the US and I certainly wouldn't want to do anything that would give cause to escalate things on their side.
What do they do if you say no in this situation though? Escort you home and inspect your desktop computer there? If I were to tell them that I carry a travel laptop/phone with no information on, there's little they'd be able to do about it unless that in itself was somehow made a crime.
You can be as honest as you like. Or just say you don't take data with you when you travel. For security reasons. If it's work related, this is trivial to justify: company policy, trade secrets shouldn't fall in the wrong hands, etc. And even if private, phone theft and identity theft are serious concerns.
Have a password you can't remember, so it's in your password safe which is not on this device. According to another comment, 1password has a special travel mode that supports this.
> OK and engaging full blown paranoia mode: What if they ask me to log into gmail and Office 365 ...
Doesn't sound that paranoid to me: wasn't there talk already a year ago about trying to force people to log into social media accounts when crossing the border?
Some companies issue "China" Laptops to their executives that they must discard after visiting China. Now I believe we all need throw away laptops and cell phones and Facebook accounts for any sort of international travel.
Like you I don't do Facebook and I have every Facebook domain blocked. No one except my immediate family believes I don't use Facebook and considers it an affront when I say I don't use it in response to their request "What's your Facebook?" Many people can't imagine anyone doesn't have a Facebook account. Anyone who says they don't is presumed a liar who is socially rejecting them by refusing to connect.
With TSA/Customs you need to be truthful. If you don't have an account say so. If you have one and say you don't that's a felony.
2019 appears to have lots of students who, although always on their phone, a good bunch don't have Facebook and consider it outdated. Instagram is the new Facebook.
I know that at least one big German chemical company is doing exactly the same for US trips, because they have evidence of industrial espionage attempts against then. Executives that have to go to any non-European country get a clean laptop, with nothing but the VPN client installed and access is only enabled after the traveler has reached the destination and has called and given a verbal "all good". On return the laptop is not connected to the internal network, but wiped clean.
The last company I worked for (quasi-government) would issue special temporary laptops and blackberries for international travel. You were not allowed to take company devices outside the US. At one point they brought someone in from the CIA to basically scare us with stories of how your devices will be targeted at the border, or even by someone breaking into your room when you are not there.
Maybe, but you can also hand those over to a trusted party. Would be nice if email services lets you lock your email account until a trusted party unlocks it again.
What possible interest would the government have in such a rule, and how could government agents possibly be able to know what contracts you've signed? They haven't read the Facebook ToS any more than you or I have.
There was a case recently of a NASA scientist being hassled at the border for his phone. He initially refused on the basis that handing it over would compromise his obligations to his employer. It did not work.
I'm certain they're allowed to. If the SEC thinks your employer is committing fraud, and asks you to inform on them, do they care that you have an NDA? Not a chance.
Even that is not sufficient short of a full factory reset. It can be very difficult to impossible to clear all caches and logs, or even know about them.
Once the agent has your password and takes the device into their back room for an hour, you have to assume that all data has been offloaded and the device has had an undetectable rootkit added.
This gentleman's expertise is in security and encryption and now he works for Apple, a company that makes products that the US government can't always crack. He was clearly targeted in his encounter because of his current position, based on the questions they were asking. Surreptitious access to his devices is highly desirable to US intelligence services.
Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
> Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
Seems unwise to destroy evidence. Find the rootkit, or have your employer or security researcher do so, prove it's existence, and sue the Government.
Why do you need proof? Show it to the internet, there should be other examples too.
It's way easier and less legally ambiguous to make people THINK you are rooting their devices than to actually do it and leave actual evidence to be found. They could even be looking for OTHER rootkits instead of installing them.
I suspect there's a lot of availability bias going on here as well - how many travelers go through the US per year versus how many of them are famous ex-CTOs that get reposted on HN?
If you show that you cooperate yet you can't provide access to anything (because your phone is empty for example) they may treat you better or - if you're a foreigner - not deny you entry.
As others have mentioned, lying to the agents is illegal. This isn't:
The password to this freshly wiped device is "Orwell1984". Feel free to have a look, but all you'll find is an app called "Secure Erase Free Space". This SD card I'm carrying separately? No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
>No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
I have a hard time believing that an audience that finds buying a car stressful (as is often stated in Tesla threads) is going to demonstrate assertiveness to a real authority...
But that's why relying on a trusted external party, like the company you work for, to control your access to your data, is a much more effective strategy. TSA/Chinese police can threaten and bully you, but not your co-worker in a different country following company policy.
That will do more harm than good. In order to build such a device the feature would need to be advertised, which TSA can see just like everyone else. Then when they see such a device, it becomes incumbent on you to prove you’re not using the feature, even when you’re not using it. So you can never prove you’re not using it and therefor could be detained. You might think you have more rights if you’re in the US, but there are many regimes where you don’t have them.
You could on Android add a dummy, unprivileged account under your name and rename your real account "Guest" or something. Not that this stops a motivated person, but it may placate a border officer who really just wants to thumb through your photos and downloads folder.
This seems like a good idea, but it may land you in even more trouble. If it can be shown that you intentionally misled officers about content on your device, not merely denied questioning, you risk an obstruction of justice charge.
How about enforcing this by contract to shift the responsibility towards the employer, which presumably has more teeth to defend itself from abuses?
Say a clause in every IT worker contract stating that when a LEO asks to unlock any device, a predefined user account must be used to log in. In the OP case, I'd hardly believe they'd send SWAT teams to Cupertino to raid Apple offices.
> I'm hoping that manufactures will start building a plausible deniability user profile
Deniable encryption can actually be very dangerous for people who are detained in places where torture is used. Even if you unlock your device, law enforcement have no proof that you have unlocked your real profile[0]. This is relevant to countries where people can be detained for not unlocking their devices, like Australia.
Hence why it needs to be the default. The some sort of problem kinda exists with encryption. If nobody encrypted their phones, having one immediately makes you a suspect. However, if everyone had an encrypted phone (default on ios/android), nobody would bat an eye.
At least with iOS, you can do a factory reset before you leave, and restore it after passing through customs, and for legit reasons - you're paranoid about having your device taken from you while travelling, and you don't want thieves to be able to access your contacts, pictures, whatever.
You don't have to specify that you consider customs agents thieves, that's just up to you if you wanna put that lil' spin on it.
(But for real, this seems to me to be a bulletproof way to both make sure TSA can't access data on your device AND make sure you get pulled aside "randomly" for an extra-long questioning session.)
Quick reminder: US citizens have an absolute right to reenter the country. Customs can temporarily detain you, but they cannot refuse entry. Any threat, whether implied or stated, that they will hold you until you unlock your device is not real. They can hold your stuff indefinitely, so be prepared to lose it if you go this route, but never unlock your device based on the idea that it’s the only way to go free.
Non-citizens are in a totally different boat. You can be denied entry for any reason whatsoever. Tread carefully....
"Justice delayed is justice denied." It's unlikely that it could exceed 24 hours and if it exceeded a couple of hours you could get a preliminary injunction (unfortunately of course you'd need counsel to know about the detention in order to act on your behalf).
As a practical matter, more senior officials at CBP should hopefully know about their limitations and if you request counsel and stay silent then they'd likely release you.
Yes, if they actually find probable cause to charge you with a crime, then they’ll let you enter but arrest you and put you in jail. Refusing to unlock your devices does not qualify, though.
Yes, but the rule of law in the US is mostly intact, so refusing to provide information or actively facilitate a search will not have that result. Lying to the officer can.
Sure, but without a criminal charge there's the right of habeas corpus. (Provided you have someone who will get the legal process started for you, I guess.)
Quick reminder: Non US citizens only go to conferences outside the US.
There is no excuse we should put up with this.
Canada and EU are much better locations for this reason alone.
This is often called "sterile transit" (the ability to depart the airport without passing through immigration), and the U.S. and Mexico (and apparently Canada) don't allow this, while generally European and Asian countries do.
No EU airport allows this for flights from outside the EU/Schengen zone. Every international airport has dedicated "EU internal" and "all other" terminal pathways for this reason.
Yes, they do. Unless I misinterpreted your comment, connection flights from outside EU to US/Canada don’t require the Schengen visa as passengers don’t leave the “clean” zone.
Were you flying to or from somewhere else in Europe in the Dublin case? A subtlety about this which has just come up elsewhere in this thread is that the whole Schengen Area is treated as a single "country" for immigration purposes, so if you have an intra-European flight, you have to enter or exit "Europe" in the course of a transfer to or from an external flight.
But I think if you fly, for example, from New York to Paris and then on to Tunis, you don't have to go through immigration controls in Paris.
I was flying from Seattle to Rome with a connecting flight in Dublin. In both Rome and Dublin I had to go through immigration (that is, present my passport) and in Dublin I had my carry on X-rayed again. Upon arrival in Rome, after clearing immigration I had to go through customs, which is to say I walked out the "Nothing to Declare" portal.
Oh, I just remembered that Ireland isn't in the Schengen Area (due to the Common Travel Area with the UK). So you wouldn't have a domestic-style flight from Ireland to Italy. But your experience then does seem to confirm that Dublin doesn't offer sterile transit at all, which is a bit of a surprise to me.
Yes, on a flight to and from New Zealand with a refuel/crew change in LA I was fingerprinted, retina scanned and asked about my personal business despite being held in the "secure" zone.
This was 2005 so they didn't have such a hard-on for electronic devices back then. Seeing as the US has upped its game quite a bit since then, the likelihood of me ever visiting the US is now zero. Sorry my fellow US HN'rs.
And you know it's such a shame because I had a trip to Boston in November 2002, and even with it being only just over a year since 9/11, my passage through customs was friction-less and the staff were delighted that we'd come to visit the US. No fingerprints, no eyeball scanning, no interrogation, just a friendly "business or pleasure, and enjoy your stay".
If you're not being hassled in EU airports, it's because they already have your information. Not whataboutism, but most EU states and all the powerful ones have active, conservative intelligence and police that work closely with the United States and give them any information they want. Stay safe.
There isn't data on this. This incident likely wasn't logged in any way. CBP is a rogue agency and the least transparent. They don't respond to FOIA anymore either.
It scares me the number of people who think that the US is in some uniquely bad place for some issue, not because of "whataboutism" but because of the blindness it can entail and skewed perceptions of all sides. No, it's not a dystopia in the US, but a wonderland paradise everywhere else. There's plenty of places that treat various people badly.
Agreed. I'm European and it astonishes me how a wall at the border is so divisive, with some even calling it un-American, and in the EU there are essentially no legal ways for refugees to enter at all (we've made it practically impossible to fly) and children die by the boat loads in the Mediterranean, yet we Europeans think we are in a position to judge the US.
Countries often have reciprocal arrangements regarding how they treat each other's citizens. If your country treats country X's citizens like crap, odds are country X will start treating your country's citizens like crap too.
Because of this, it's likely that the world will likely spiral to worse and worse treatment of everyone. As the saying goes, an eye for an eye and soon the whole world is blind.
“On the other hand, we’ve got very recent case law from the Supreme Court of Canada, starting in about 2010, that says you’ve got an intense amount of privacy in your electronic devices."
If he went all the way up to the supreme court instead of taking the plea deal, the story might have gone the other way.
Well if CBSA continues with this practice I hope it ends up with a lawsuit and gets shut down by the supreme court.
Alternatively, prefer to avoid bringing your own devices with you when you fly. Leave your laptop and smartphone at home, and rent temporary ones after you cross.
To be pedantic, unless you flashed coreboot it's not your own firmware and if you aren't using an open hardware laptop then it's not really your hardware either.
Although it may not be morally ok, one could just buy a laptop for a conference etc, and then return it after a week if the store has a return policy. I've seen stores take back laptops no questions asked for up to 60 days.
If you are in a pinch.
If not you can just sell it (there or at home) and take the loss as a rental fee.
Better, have a secure server at home and ansible playbooks to set up laptops (including getting any minor secrets that you need onto that laptop. Restrict more important stuff to just ssh).
If your threat model doesn't include physical tampering/rootkits, just wipe your devices pre-travel and set it up when you get where you're going. If it does and you can afford to mitigate that risk, arrange to have cheap new devices at your destination and travel with nothing.
If you're going that route, why not just create a disk image and scp it from your server? Certainly a lot easier than trying to rebuild everything from scratch.
An ansible playbook gives you much more flexibility to get to the same place. The one I run takes a mere 3-5 minutes to run (typically) regardless of where I am in the world.
actually I'd find running my ansible playbook much, much easier than transferring GB of disk image about. I maintain the playbook so that I can keep work laptop and personal laptop in sync. Although I am looking at Nixos as a possible replacement.
Would work if you trusted that the devices weren't tampered during inspection. Why would I put my keys on something which might've been wiretapped? If you really need to compute whilst traveling or through the states, just buy something cheap whilst you're there.
They can seize your stuff so your workaround won’t work when they pass it to their tech team for forensics. Also, if they find something now they have you lying to customs.
It seems (ha!) possible to design the logic for such a system with deniability, like the system has to use the second/third/fourth password to attempt decryption before you know if the padding is encrypted or random noise [if the specific encryption has a signature then each install could encrypt the empty space with a few keys taken from urandom].
First password accesses clean files, second one accesses dummy [legal!] fetish porn collection ... do border guards hold you to get a third password?
An analogue analogue might be: I have a book full of "random alphanum text", I have two (or more) one-time pads for decryption of portions of the book, I also know the page/line the actual cyphertext starts at. The rest of the text in the book is random quotations encrypted using a selection of further random one-time pads. Can forensics find that there is a "hidden" n+1 plaintext when I give them the n pads and starting points? Seems impossible??
You still are now attempting to deceive a government official. Also, you are assuming that the technician assigned to you wouldn't be able to figure this out.
Also, sweating you out in holding is probably more effective than you realize.
I do fully agree with the sentiment that people who have such a low opinion of the United States should not come here. However, that low opinion is not deserved.
> Going through customs is usually routine for me.
So this is a rare an unusual problem.
> I was eventually permitted to leave the customs area with my devices.
Which amounted to a temporary inconvenience.
> These so-called border searches are not random.
And was potentially justified.
While appreciate the desire to attribute malicious intent to people you're biased against ("my disapproval of the Trump administration"), the article makes no effort to consider whether there might have been such a valid justification for asking a few questions. Maybe the author engaged in such an analysis, but for whatever factors he may have considered we're not privy to them.
But moreover...
> surrounded by three armed agents wearing bullet proof vests.
> If the government intended to scare me, they certainly succeeded. Ever since, I travel in fear.
This is a shockingly unamerican sentiment to hear from someone who, in the same breath claims:
> When I became a U.S. citizen I swore to defend the Constitution. I’m a proud U.S. citizen and I take my oath seriously.
Then what about the second amendment? If you support and defend the fact that "a well regulated militia [is] necessary to the security of a free state... " then how is the sight of a gun so terrifying? I'm not sure what experience he has in his life, but seeing a gun is not a big deal. As the constitution says, their a basic and necessary element of free societies.
While I appreciate that a 3-hour delay is substantial, so is international travel and it's in the context of refusing to answer reasonable questions. It used to take months, weeks, or at least days. The idea that this guy in particular should be able to enter on a moment's notice, without any delay, and no questions asked is a bit of a stretch. To say he should ALWAYS be able to do so, each and every time he tries to enter without ever experiencing a delay, that's unreasonable.
> This is a shockingly unamerican sentiment to hear
So feeling fear when surrounded by 3 armed guards is "unamerican"?
My questions are why were there 3 in the first place, and why were they armed? Surely that kind of "show of force" could only be justified in response to a credible threat?
If I had to guess what OP is trying to say, what is "american", is that maybe you should have been afraid of the government before it got to this point. Which means it's possible to be better prepared by knowing your rights.
> Surely that kind of "show of force" could only be justified in response to a credible threat?
Justified, of course not, but have you ever encountered bored cops, or bullies? No matter where you go, there are always corrupt individuals, and unfortunately some of them are in positions of authority.
I'm not even sure how someone could support or oppose the second amendment. It really doesn't say much (anything?) about personal gun ownership. What people are arguing over is the interpretations through caselaw trying to figure out what this rather ambiguous segment of text was trying to say.
The Supreme Court first ruled in 2008[1] that the right to personal ownership of guns is a valid reading of the 2nd Amendment (devoid of any military/militia purpose -- a departure from previous Supreme Court decisions).
While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
So, opposing the second amendment is the only way to effectively oppose the rulings related to it (assuming that's what you want to oppose).
It would be more accurate to say advocating for a different interpretation of the second amendment. At times, some do advocate for the repeal of an amendment as well, and in that case the "opposed to x amendment" verbiage seems a bit more appropriate. There have been a few groups calling for constitutional conventions in the past few years and I think there are some examples of this there. I don't think actually repealing the second amendment has ever been a remotely mainstream idea in the United States.
> While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
The supreme court does change their mind about things, as the Heller decision demonstrates.
> The supreme court does change their mind about things, as the Heller decision demonstrates.
Heller was not a change of mind by the supreme court (it ruled on a different matter to previous rulings -- which had explicitly skirted around the problem of civilian ownership of weapons outside of a military context).
However, even if it were a change of mind -- the supreme court changing its rulings is an incredibly rare event because such events question the finality and authority of their decisions.
Hence why I said "the only way to change their decision would be through a constitutional amendment" -- because waiting for the supreme court to change their mind about it (while technically possible and sometimes the case) is hardly a useful policy position for a political argument.
Maybe they're just trying to make flying so annoying people don't do it, to help with global warming. Just video conference, easier, faster, better for not drowning.
Another anecdotal point, in the past few years I've entered the US a dozen times, China, SA, Australia, Canada and some European countries outside my native France, and I've never been asked to unlock my phone once. I always get the fingerprint treatment at LAX though.
Interesting. When they ask my occupation I say that I’m a small business owner in the software industry. Is that a high risk occupation for unauthorized work in Canada?
Canada is not exactly welcoming to visitor. Particularly visitors that may have a mark on their background check from any number of years ago. Good luck getting in at all -- its becoming a common mention in hip hop lyrics even.
Pretty much any country does this. Unless you're a citizen of that country, you have no right to enter it and should be on your best behavior at all times, and they can decline you for any reason they feel like, justified or not.
I've been all across the world. I've been turned away from Canada twice (every occasion) over some weed 15 years ago. No other country cares unless you are applying for a long term visa or something. I even tried applying for the right to visit and was turned down (again, over weed).
I agree that no one who is reasonable thinks that Americans who travel to Canada get to exercise the rights they hold as Americans in America. But is having a concealed carry permit in your wallet a reasonable indication that you have a gun on your person or in your vehicle? Statistically, in the US, CC permit holders are the most law abiding group in the country.
Let’s imagine, hypothetically, that a visitor came to the US and had a permit from their country of origin allowing them to own and travel with slaves. Would border patrol be justified in giving them extra scrutiny to see if they might have one with them?
Assuming by default that somebody would break the law, just because you politically disagree with them, is not justified. As said above, CC holders are among the most law-abiding citizens (this is true in my country too). They're aware of the laws governing their permit and assuming by default that they'd break other countries' laws is preposterous. You don't just forget that you're carrying when you travel abroad or by airplane. And you sure as hell don't do something as idiotic as that, with the accompanying consequences, intentionally.
It’s not about political disagreement. It’s about having a permit for something that’s not allowed to transit the border. Assuming nefarious intent by default is, for better or worse, how border controls operate almost everywhere for almost everyone. You have to demonstrate that you’re OK to enter, they don’t have to demonstrate that you’re not.
As far as forgetting that you’re carrying, numerous examples say otherwise. Random data point: the TSA confiscated over 4,000 guns last year, of which I imagine approximately 100% were inadvertently packed by innocent people. Whether it’s intentional is immaterial; Canada doesn’t want guns crossing the border, and they couldn’t care less if you’re doing it by accident.
But having a CC permit is an announcement that you own firearms, and you’re in the habit of carrying them on your person. It makes sense to check this person for firearms, even if to make sure they didn’t accidentally bring one out of habit.
> Americans who have concealed carry permits on their person when entering Canada will have their vehicle searched with a fine toothed comb.
If the Canadian border authorities are searching your person, such that they are likely to notice something like a concealed carry permit, your border crossing has already gone south.
>Canada is not exactly welcoming to visitor. Particularly visitors that may have a mark on their background check from any number of years ago.
Not a bug, working as intended. Entering a country that you aren't a citizen of isn't some inalienable human right, especially if you're a convicted criminal.
By that same token there is no reason to complain about how difficult it can be to enter the U.S. for certain individuals -- or working as intended as you call it. I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
>By that same token there is no reason to complain about how difficult it can be to enter the U.S. for certain individuals
Well, yeah, entering the US as a non-citizen is a privilege granted at the discretion of the US federal government. Border control is an essential function of a sovereign state.
>I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
It's disturbing to not want criminal elements freely entering your country? If they're a not refugee and they can't follow the law in their country of origin, why should any other country be obligated to let them in?
Let me put things into perspective for you. Cops raided the wrong house (battering ram and everything) which happened to be where I lived. They ripped up floor boards and broken holes in the wall -- they found $300 worth of personal weed. So they confiscated everything I own because it could possibly be related to drug money. I'm also incarcerated without the ability to post bail (because cops just took everything). I wasn't granted personal recognizance bond, it was $50,000 -- my family takes this as a sign that I must be guilty of whatever they say so I have no access to money for bail or for a lawyer. So I did my own case work while I sat in jail for 3 months, got a different judge to finally give me a personal recognizance bond, pick apart the prosecutor and detective at later hearings/motions, and finally leading up to the day before a jury trial (for two felony charges). I was offered a better plea and took it -- everything leading up to this point was so fucking asinine that despite all the headway I made I could not trust I would not spend years in prison. Its quite clear they did not want to look like idiots after getting a warrant and executing it in force based entirely on some 17 year old kid told them while being interrogated himself.
You can't plead guilty to (what sounds like) a trafficking charge and then claim to be innocent and expect to be freely admitted to other countries. Canada has no way of knowing you're innocent so your logic is that they should just let you in anyways? I think countries have very good reasons to keep people with drug convictions from entering regardless of whether or not you believe drugs should be decriminalized or legal.
> I think countries have very good reasons to keep people with drug convictions from entering regardless of whether or not you believe drugs should be decriminalized or legal.
What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering. People that are well off would/do not have the same legal outcomes, and thus your measurement of law-abiding is not reasonable.
>What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering.
Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
Canada has a generous welfare system and social safety net that that would likely be unsustainable if it let in sufficient number of people unable to support their own benefits. Even if you hold the view that drug use ought to be a public health matter and not a criminal matter, there's a limited amount of immigration that can be sustained without overburdening these services and why let in a drug user when you can let in a doctor or engineer?
In the case of tourism, it's just about limiting risk of someone overstaying their visa.
> Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
I make well into six figures as an engineer and cannot make legitimate business trips to Canada even when the company lawyer has appealed for my entry, complete with compiling a report with ample evidence of merit. It is a naive view to think that entry is merit based when I'm being denied entry based solely on the fact that I was once a teenager that was discovered to be around weed once.
> In the case of tourism, it's just about limiting risk of someone overstaying their visa.
Then why do so many performance artists have to cancel Canadian stops when they are not allowed entry? Are they really scared a platinum artist is going to become a drain on their society? That quite obviously has nothing to do with it.
I don’t think this so great for non us citizens working in the USA because they have to go in and out and can just as well be denied entry. For someone like that who made his life in the USA and has family here, going to conferences outside the USA is potentially much worse and riskier than say a German resident and citizen getting denied travel into the USA for a number of years.
> They can hold your stuff indefinitely, so be prepared to lose it if you go this route
CBP do need reasonable suspicion to hold you belongings or do a forensic search of your computer (Cotterman 2013) - they can't just randomly take things on a whim. The longer they hold it, the higher standard required.
Laws and precedent are one thing, but "law enforcement" behavior is another. You might indeed get your stuff back, but they can make it unreasonably difficult, expensive (in legal fees), or time consuming if they want.
Yes. The courts will suppress any evidence that's not gathered legally, but aside from that, officers' qualified immunity protects them from all but the most obvious infringements
Does refusing to unlock your devices trigger a reasonable suspicion?
(In Cotterman, it sounds like the Ninth Circuit said reasonable suspicion was required, but also decided on its own - despite it not being argued by the government - that an alert from a CBP database about Cotterman's previous conviction justified a search. Which seems reasonable to me, as a layperson, I thin.)
Officers need articulable facts for reasonable suspicion. Not consenting to a search is explicitly not grounds for reasonable suspicion here or in any other context
I strongly suspect that CBP's "strong suspicion" is equivalent to a HN poster's "whim." I'm not insulting either party, however when anything similar to this debate plays out, parties talk past each other on this sort of disagreement.
I agree -- and apologies, I might not have made my point very well.
A different way to phrase it might be: The officers and the suspects disagree about what a reasonable suspicion might entail. Given the incentives, I don't think this is surprising.
I'll admit, my point in no way addresses yours -- how often are officers adhering the the specific legal standard?
"Reasonable suspicion" is a legal term. In this context, a CBP officer would need to have evidence that would lead a reasonable person to believe the item to be searched is illegal to bring into the country, or contains something that is illegal to bring into the country. A hunch is not sufficient; it requires objective evidence.
Reasonable suspicion is not required for every search at a border crossing, and the Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing. The 9th circuit has jurisdiction in this case, and has ruled that it is required.
Exept borders (and anything within 100 miles from it) are basically a zone where US Constitution does not apply. You can be detained and sent to Guantanamo for made up "terrirst threat" and there's no really a legal recourse.
That only applies if the case goes to trial though. Border guards frequently assume that they have near unlimited power regardless of what the law says.
The fundamental problem is that there are rarely consequences for border guards exceeding or misusing their power. The incentives support them trying to exceed legal limits on their authority.
The 9th circuit has jurisdiction in this case because it happened in California. US v. Cotterman is the relevant case, and the 4th circuit made a similar ruling in US v. Kolsuz, but the 11th circuit held differently in US v. Touset.
So in some parts of the US, reasonable suspicion is required. In some parts, it isn't. In some parts, there is no binding precedent on the issue. It's likely that the supreme court will hear a case on the issue eventually.
They can still take it, illegally, and then you have to spend thousands and weeks (and have to stay in the US for those weeks) suing them to get it back.
> but never unlock your device based on the idea that it’s the only way to go free.
Best to enter the customs zone with the phone powered off, your device's security is likely better in this state, less likely to be circumvented while you surrender it.
Things like mobile boarding passes and the "Mobile Passport" app encourage and train people to hand their devices over to TSA and CBP personnel. In that later case, unlocked and with an app CBP/DHS controls already installed (with a lengthy ToS no one ever reads).
I’ve been using mobile boarding passes exclusively for the past few years and it doesn’t even remotely work in the way you describe (within the US, at least; cannot comment on CBP).
1. There is no special app you need for mobile boarding passes. It has always been either a PDF or a PNG file emailed to you.
2. I was never asked to hand over my phone to TSA agents at any point. They just ask you to put your phone with the boarding pass QR code displayed over a QR scanner. At no point the phone leaves your hands.
On a related note, car rental places now email me the contract and rental documents by default, I receive no paperwork unless I remember to ask. The problem didn't register with me right away (It was so similar to what hotels do when you travel, all paperless now) but the last time I returned the car I asked them what I was supposed to do if I was stopped for a traffic violation. "You can open the email from us on your phone and give it to the officer" they suggested. I recommend everyone ask for a printed contract instead.
As an aside, on iOS, the airline apps I have used work like the Wallet app and are visible on the lock-screen, the device must be powered on but remains locked when you display your boarding pass, etc.
Also probably a good idea to delete all your 2FA entries you may have in Goog Authenticator on the phone. Or they may want to look into those accounts too.
Best to just wipe any device and restore from backup.
Isn't the device lock easily defeatable on the computer?
Hold shift or some other key combination when you boot and it boots into the 'real' machine, the other OS is just a dummy with generic search history and data.
I would advise against this. It might work but there’s no guarantee, and by lying to customs you’ve transformed your situation from one where you might have to buy a new computer to one where you might be convicted of a crime.
I also wouldn't answer any questions. If you're being detained and questioned by law enforcement, you have a right to have an attorney present. And to be charged with a crime within a certain timeframe, for that matter. If there's none of that, hey by golly you must not be under arrest and this isn't a legal proceeding. Answer every question by reminding them you're a US citizen. Maybe repeat your social security number dramatically as if you're a POW in the hands of a foreign power. (Certainly you're in the hands of some traitors against the USA, so it's not a huge stretch.)
I'd think any such confiscation would be for a finite time only, but "finite" possibly encompassing a good portion of the useful life of an electronic device.
The US can confiscate your kids and send you back without them. I doubt they'd draw the line at confiscating a phone.
I am a US citizen. For many years I tried exercising this right while remaining silent.
I’ve been kicked out of a border control point in northern Vermont in February in a snowstorm after a four hour interrogation. (They sent the bus without me.)
I’ve been arrested and locked in a room for twelve hours with no food or water or medication.
I’ve been endlessly harassed and interrogated on other entries even when not exercising 5th amendment rights to silence.
In all cases they eventually let me go without charges.
They have to let you enter, but they don’t have to do it quickly or humanely.
Nguyen v. I.N.S. stated that citizens are entitled “to the absolute right to enter its borders....” Some more info and references to cases here: https://fas.org/sgp/crs/misc/home.pdf
Oh, and for non-citizens: I entered the US with a partner that was canadian, we both refused to unlock our phones. She was denied entry, but they strip searched and physically groped both of our genitals before being released. Simply not wanting to enter the US was insufficient; the only way we could leave the building was by letting the cops handle our genitals.
They will use every option available to them to punish you for disobeying their commands to unlock, even if you are not legally obligated to do so.
> They can hold your stuff indefinitely, so be prepared to lose it if you go this route, but never unlock your device based on the idea that it’s the only way to go free.
Wonder if you can sue them after for your property back.
For business? Yes if I have to, but thank god I don't.
For leisure? I mean, seriously, who would shell their own free time and money and risk being treated like this? You get 1000x better treatment in Iran as a visitor for example.
In fact, any country not currently in some sort of civil war is a better idea for a visit than US.
People in Charleston WV are super nice (but we were caucasian so it might have helped). They might be _sightly_ surprised that someone from another country chose their place as a vacation/tourist spot however (despite amazing rivers).
There's a cost to doing that. I guess it depends just how badly you need to travel to the US, but as a Canadian citizen, I see no reason to endanger myself or my family by traveling there at the current time. Walt Disney World will still be there in 2021.
Hey we could still see a sea change at the US federal level of either progressive or adherent libertarian representatives that curtail the fear / police / surveillance state in the 2020 election.
Its about as likely as bitcoin taking over the world economy, but hey we all have to cling to false hope sometimes.
Even if a Democratic regime takes over in 2021 I promise you it will be no different. One of the largest expanses of the surveillance state was a consequence of the previous President, and there is no reason to believe that won’t continue into the foreseeable future.
I think you'll have to wait awhile. These policy tools have been under both parties starting with GWB far as the initial PATRIOT Act (I think?). Right now, we're at a point where the USA might, but unlikely, go back to an isolationist policy far as borders.
At a meta level, this is a debate around internationalism vs globalism. Currently, Earth is in an era of internationalism. There is a desire by lots of people to move towards Globalism.
I'd rather save my money and just not visit. I don't see anything that could out balance all the negatives. Many millions of Americans are lovely people who I'd donate a kidney to. I'd just not want to put myself through all that for so little gain.
I used to say that until I started doing sports competitions and had to travel there repeatedly. I was admittedly worried because of my ethnicity but it went fine (a Canadian passport and NEXUS membership might've helped...you also wouldn't find much on my phone other than sports memes, as much as I care about my privacy).
Similarly in the game development community, lots of people complain about customs but then go to GDC every year.
I guess my point is that as long as America continues being a pillar of the world, people (like myself!) will continue putting their principles aside and comply, and the system will have no reason to change.
Sometimes? If I see a person in their 20s or 30s that have other status items (expensive clothes/accessories) but a $50 smartphone I assume something isn't quite right.
Say that you take a burner when traveling abroad because you don't trust foreign governments to accord you the same civil rights protections against unreasonable searches that the United States does.
We lead the world in R&D, we aren't in a surveillance state like China (~1.3B people), we aren't undeveloped, we have the US dollar - the commanding world currency. We develop the best military technology, space technology, most all technology. We issue the most patents, by far. We (as people) have more rights than most all other nations and we led many other rights to attain rights for their own citizens. We protect Europe and the West. We will continue leading the galaxy in space development. We have the best talent in the world. We are Earth's shining civilization.
I don't have any knowledge one way or another, but is this true? I guess it seems like we can afford healthcare just fine, but allocating money to healthcare/education/etc is a different problem.
Agreed. I personally view Daylight Savings as being horrid for mental health reasons, and I have plenty of friends and family that feel the same. There is no hope for any of us to change that. So from my view point, if we can't discuss an issue as simple as Daylight Savings, then there's little hope for bigger issues.
Also, from a "peasants" view, we want to change, but getting that translated to actual change through the system seems impossible. It doesn't help there are legitimate differences on what solutions even looks like.
> I don't believe you can seriously believe such statements.
While the parent commenter's tone was extremely glorifying, do you _not_ believe that the U.S. leads the world in R&D? Or that China _is_ a surveillance state, and one in which the citizens have much less in terms of rights? Does the U.S. not hold the most patents?
At least half of his statements aren't even subjective ones... Are you berating him for his content, or his tone? This seems like the opposite of the Principle of Charity, which is what HN was built upon.
It is, as is the US. Or most other developed nations, if we're going to be honest with ourselves.
> Does the U.S. not hold the most patents?
The US patent system has a very large number of patents (maybe the largest number in the world), but how many are held by US citizens and companies? Foreign entities are allowed to register US patents (and many do) in order to be able to sue US entities.
In fact, this effect is significant enough that the Australian Government's Law Reform Commission noted in a 1990 report[1] that the existence of a patent system may actually have a net negative effect to the economy because of this effect.
Ignoring the silly stuff the parent poster wrote, the facts available indicate that by millions of people's analysis the US is the best country on Earth. The US naturalizes a million immigrants every year and has done so for the last thirty years. There are more than forty million non-citizens living in the US. No other country has that number of immigrants. Plus there is no country to which more Americans emigrate than from which people immigrate to the US.
Good points. Military technology isn't that important, therefore the US continues to be the best country because it has the best military technology. Also, it's okay that the US didn't defend Europe from Communism because it was allied with the Communists.
Oh, I'm not taking issue with the US's behavior. I'm just taking issue with people who use it to argue that the US is the bestest country evar. If it really were, it would have been able to defeat the USSR soundly with its superior military technology.
It's perfectly fine to admit the US is a mediocre large country, absolutely worth living in, but not some singular shining glory. It's perfectly fine to admit the US is bad at both picking and waging wars. That's my position.
Also the US has never met Russia in an overt war. Not that I ever want them to either but your point is again invalid. There is a reason US pulls it's weight in diplomacy and military and currency are two big factors for this. Denying this is just you being delusional. Also US , barring the current govt., has always been very welcoming to immigrants. Every country has flaws but this country gave me and countless others an opportunity and a voice. That alone separates the US from many other countries.
I appreciate the fact I'm British, but not out of any patriotism. I certainly don't think my country is awesome. Considering life is a lottery, all things considered I've been incredibly lucky to be born in a 'developed' wealthy nation.
That's my take as well and has been for a while. Even if I'm not of a segment of people that gets selected for "random searches" I don't trust them to believe I have no facebook account etc when they ask for the password.
The risk of travelling there is simply too high now.
OP didn't say it was a decision, just the message perceived. If you live outside the US, hearing stories or reading what happens to others is enough to know these things happen, anyway.
Reading a story like this, which is based entirely upon the information provided by Gal, and drawing any widespread conclusion about travel into the US is utterly irrational. From this story there is zero ability to determine if it really happened, or assuming it happened, you have no idea what the actual interactions were like between Gal and CBP agents.
Some of the facts presented don't even make sense. You don't take the fifth when refusing a search. You're relying on the fourth amendment and refusing to consent to a search. Searches like this having nothing to do with self incrimination.
It's not just one story though - there have been plenty stories and comments on HN, as well as other places.
I'd be surprised if anyone who regularly travels to the US hasn't found it to be extremely unpleasant at times. A while back I spent 6 months or so going back and forth from the UK to Houston or Atlanta, and every time I absolutely hated going through immigration. I've travelled to dozens of countries, and literally everywhere I've found the border guards to be friendly - except the US. Every time they behaved like power-hungry bullies, or I saw them behaving that way towards others. One time I travelled with a female colleague who was basically harassed by ridiculous questions from a very angry and loud border guard for no reason at all. He wasn't satisfied until she was in tears.
Another time there was a really long queue after getting off a flight (think it took over an hour to get to the desk), and there was a pregnant woman in the queue who seemed unwell and wanted to sit down - a guard shouted at her to stay in line, refused to get her a chair, and refused to let her jump forward in the queue (despite prompting from willing fellow passengers).
So the reason people don't want to travel to the US? Because it's a fucking horrible experience.
> there have been plenty stories and comments on HN, as well as other places.
We have ZERO data on the probability of this happening to someone. What we do know is that when it happens to certain people and they have some kind of notoriety or the ability to get noticed we hear about it. That means there is a non rational reaction from people which makes it seem like any one person stands a large chance of having the same experience. Obviously they have not the time or resources to doing this on any widespread basis. Hence it's a small risk. Ditto for that matter to letting them see what is on your phone. Don't want to sound like the 'if you have nothing to hide' guy (Eric Schmidt) but honestly is it such a big deal? [1]
[1] By that token I have no clue why people would allow complete and total strangers access to where they live (or drive them) which to me seems like a much greater risk. (Not saying the OP did this).
I agree that it would be nice to get 'real' number on this, rather than relying solely on empirical evidence. But given the nature of it, I don't see how that's possible.
When I mentioned other stories and comments, I wasn't only referring to those by people with "notoriety or the ability to get noticed" - indeed, I was mainly referring to randoms (such as myself, and BTW I have no notoriety and am an introvert).
I think you mean "never visit Anywhere", since the UK (where you say you're from) does this exact same type of search and seizure, even to UK citizens. You could be subject to it when returning home from any trip abroad, not just the US.
It was my understanding that 5-th amendment protections against unreasonable searches are suspended at the border. That would certainly include customs at the airport.
So, in a strict legal sense, demanding to unlock a device does not violate the 5th.
the ACLU complaint is based on the 4th amendment right against unreasonable search. He demanded to speak to his lawyer and was thereafter allowed to leave, so his 5th amendment rights were not actually abridged. That's how the 5th amendment works, and it worked at the border.
> CBP must ensure that its officers comply with the U.S. Constitution. Even at the border, the search of an electronic device is governed by the Fourth Amendment. To satisfy Ninth Circuit and Supreme Court law concerning electronic searches, any such search should be based on a warrant and be limited in scope to information relevant to the agency’s legitimate purpose in conducting the search. The attempted unconstitutional search of Dr. Gal’s devices illustrates that CBP’s policies do not in fact include the requirements necessary to safeguard the constitutional rights of people at the border
Right, he meant to say that 4th amendment protections are suspended at the border, and, while you might quibble with that wording, it's a valid point: border searches usually don't require a warrant, owing to the border search exception, which has precedent going all the way back to the founders.
> It was my understanding that 5-th amendment protections against unreasonable searches are suspended at the border. That would certainly include customs at the airport.
This isn't true and has never been backed up by a court ruling, including at the Supreme Court. Currently there is no legal foundation to the premise that any rights for US citizens are suspended just because you're at the border (typically people refer to the premise as also including N miles inside of the border, eg 100 or 300 miles).
Right now what you have is a few government agencies attempting to write over the Constitution, without anything to actually support their doing so. They go out of their way to avoid an actual court confrontation with their fake / invented 'laws,' knowing that they'll lose.
It sure shouldn’t be. Can you point to a law (it would have to be an amendment to the Constitution) that codifies this? As far as I know, it’s only practically a “constitutional exclusion zone”, not legally.
The fourth amendment has been interpreted by SCOTUS in such a way that certain things are "reasonable" near the border that would not be further away from it.
As a non-American, can someone explain to me why the entire constitution wouldn't be applicable upon entering your own country? This makes no sense to me, but it seems to be the way it is?
It's called the "border search exception." It's not exactly that the constitution does not apply, but that certain searches are- in the context of the border- considered "reasonable", that would not be in the interior. The 4th amendment is not an absolute right- a search just has to be "reasonable;" context is a big factor into whether a search is reasonable.
> This balance at international borders means that routine searches are "reasonable" there, and therefore do not violate the Fourth Amendment's proscription against "unreasonable searches and seizures".
According to Wikipedia, there is currently a circuit split* on whether phone searches at the border require individualized suspicion, or can be conducted routinely, without falling foul of the 4th amendment.
* (two sets of appeals courts have ruled in contradictory ways; these splits can be resolved by SCOTUS if they choose)
I think this would be a good opportunity for Apple's legal department to do something. Maybe help the ACLU with it's case against the Department of Homeland security.
If you're being investigated, and they have emails sent to a domain you own (for example), then search your device, but you've given them a burner device with no reference to that email account, would that be considered 'hiding' evidence?
It would be nice if phone and laptops had removable batteries, so we literally could not turn them on until we got to our destination and buy a new battery.
A forensic search would require reasonable suspicion. I'm not aware of any legal weight attached to batteries - what's the legal precedent you're thinking of?
Having a third party install anything new (i.e. battery) to the device that wasn't present when it was confiscated would put into question the integrity of anything found on the device.
Chilling, and Kafka-esque. As it happens I'm not convinced that the reason for his being detained had anything to do with him being a Trump critic and Democrat donor, contrary to his claims in the article, but more likely it's some lifeless bureaucrat/computer program or both putting a red flag on his file for some esoteric reason, very possibly connected to his work and writings on online privacy.
The lack of transparency on the reasons for detention are the real problem. Josef K never found out the charge made against him either.
"...he clammed up, taking the Fifth, and citing constitutional rights against unwarranted searches.
...border agents told him he had no constitutional nor any legal protections, and threatened him with criminal charges should he not concede to the search.
...he was eventually allowed to leave with his belongings, the devices still locked, and no charges were pressed."
My goodness! I guess those protections did exit after all! :)
Guidelines:
-Goons can lie to you all they want. Never budge.
-Politely refuse, and remain cordial. Stay strong mentally.
-Make sure your devices are turned off prior to even leaving for the airport.
That’s what makes this all the more malicious. No one wants to miss a flight, and sometimes the consequences are irreparable. Time is the one resource you can’t recover.
That's certainly a problem. My grandfather was a man who was tasked with killing spies, knew three languages, and out of all of this, I cannot even get him to talk about privacy or security. It appears even he was taught just to shut down on it and say nothing; even on your practices. All the while he taught child soldiers to become child assassin's for the US military.
If you're a security person, I suspect his recommendation would be - even though he doesn't understand IT and tech - to say you don't even understand how SSH works or can't tell the difference between encryption and hashing.
Turning them on doesn't reduce the security. The issue is unlocking them.
As far as the security of the data on the device is concerned, a powered-off device is equivalent to a powered-on device that hasn't been unlocked since it was powered on.
Pro tip: on newer iPhones with either Face ID or Touch ID, holding the sleep/wake button and the volume down button for some time puts the device in a mode where Touch/Face ID are disabled, the phone is locked, and the device passcode is required to unlock.
Customs and Border Patrol operate under a special set of circumstances within ports of entry. You do not have the right to have an attorney present during the interrogation, you can have your personal belongings confiscated, you can be held without charge for up to four hours for any "reasonable" suspicion.
These same rules apply within one hundred miles of the United States border. So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
> So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
Interesting. You'd think that "real America" was just a turn of phrase - turns out that it isn't, that there is a Real America and that it does care far more about protecting individual rights.
The border agents are in fact correct. The Supreme court has ruled that US citizens have no constitutional protections against search and seizure or basically anything else on the border of the US: https://www.aclu.org/other/constitution-100-mile-border-zone
Also police are allowed to lie about anything they want during interrogations.
I feel like there's a difference between "lying about the facts of an investigation, including what they know or don't know, during questioning" and "misrepresenting the rights of the accused."
The latter feels like a serious problem that should get rectified.
Friendly reminder that the amendment after the first amendment is for correcting this sort of tyrannical behavior by the government whether it likes it or not.
The process is the punishment, and they know it. The current state is as exactly predicted by those of us who were against creating the TSA in the first place.
Seriously. When traveling with my pregnant wife we realized that we weren't sure the scanners were safe for pregnant women, so we asked for a pat down.
She was in tears by the end of the experience.
We have both received many pat downs in Chinese airports that didn't bother either of us.
Traveling internationally with encrypted data you don't want to disclose to border officials is not a good plan these days. Much safer to transfer securely via network connection.
It's easy to single out the US but the reality is that most countries have pretty far reaching rules these days. E.g. the UK and Australia are hardly any safer. And forget about China, Russia, or indeed most countries with even less democratic regimes.
The bottom line is that if you are not willing to unlock your device at any of the security checkpoints you will pass on your journey, you should leave it at home or just wipe it preemptively and restore over a secure connection after you arrive. In case it does get unlocked or taken from you, consider the device burned. It may come back to you with all sorts of malware. The people doing this are not thinking you are a terrorist or a child pornographer: you are being targeted and under attack by a hostile entity. Assuming otherwise would be a mistake. Wipe it, sell it on e-bay, never use it again.
Transfering via network is only secure, if you believe that forward security exists for network traffic, which is very likely untrue.
The point being: if your encrypted network traffic is captured and retained, maybe it can still be brute forced at liesure, and deduplicated for deltas only. Thus, volume is only a temporary issue, and everyone still gets to see everything eventually, and full retrospective records are still enriched, so maybe that's fine for some things, and not for others.
This is true regardless of whether you travel internationally. The converse is true as well: traveling internationally does not make it less secure to exchange information. Either way, we are well into tin foil hat territory here but if you do believe this, stop using (networked) computers.
If another country were plan well, they could create opportunities that would attract and welcome the smart people from the US and elsewhere. If they made it economically attractive to tech businesses, they could set themselves up as a dominant leader of the world within 20-30 years, regardless of their current size.
I don't know enough about Estonia to suggest they would try this, but they do seem progressive in this regard. I would vote for Netherlands, Belgium, or Portugal just because I like being in those countries.
That's not actually realistic, for the exact same reason why China is such a juggernaut in tech while having almost no human rights. If it worked the way you're implying, China wouldn't be able to do what it's doing in tech at all.
Things like this don't even remotely threaten US dominance in tech, because: 1) the US allows a lot of legal immigration; 2) US tech wages are far beyond anything you can make in those other locations 3) the US as a singular integrated market that is the world's largest economy, makes it impossible to compete with unless you're China, due to inherent scaling benefits 4) nowhere other than China has the capital markets to support competing with the US start-up scene properly and 5) the actual context - Andreas was let go after three hours, with his devices - isn't close to being bad enough to matter, in fact it barely registers these days (increasingly the era of domestic surveillence and censorship all around the world, from the UK to South Korea) as a very mild inconvenience on human rights, and doesn't impact ~99.999% of travelers to the US.
US dominance in tech - outside of China - has only increased since 9/11, not decreased. That's despite non-stop issues of this sort, the Patriot Act, NSA spying, and so on. A rogue border search, or a hundred of them, won't dent that. That's the reality.
There seems to be a lot of concern and disdain in this thread about the treatment of a US citizen. The truth however is that non US citizens in the same circumstances can be, for all intents and purposes, "disappeared". If something concerns you as a US citizen, it should be that, not comical mishaps in the security circus happening to semi-famous people.
Also, Gal didn't make any sort of moral stand, he was simply defending his proprietary employer's interest. It's not the most sympathetic story.
So, in the end, the article only left me wondering how people who climb the ladder inside Mozilla, ostensibly an open and free environment, can easily end up at Apple, which revels in closed and proprietary environments. Maybe Mozilla should introduce some of the values they claim to hold into the hiring and promotion process.
This assumes that he was not picked by random but instead there is some sort of list of people to check at airports that you can be put on because of your work within IT-security.
That would be a big story if that is the case.
I will offer a counter-narrative which is more in line with my own experience (from other places than the US):
The people who work at border control in particular in airports are bored.
They are also overstaffed and given extreme discretion over the people they patrol; most of whom are non-citizen and thus have basically no rights at all.
This leads to them doing work for the sake of showing they work, overreacting to the least of resistance and maybe even some games of entertainment.
They're likely not stupid enough to have a "list". They have a set of factors and probably tally up some sort of score and search everyone above X. It just so happens that anyone they wanted to put on the list will score X or above. Doing IT security probably gets you a pretty high score just by itself. Add in the fact that he was originally from Eastern Europe and there you are.
I will definitely agree bored cops looking for stuff to do cause a lot of problems.
I don't disagree with you. I just don't think they have detailed information on your profession to the extend that they distinguish a software engineer from a software engineer doing security work.
I think it is obvious that they profile on overall looks, race, citizen status, place of birth, travel patterns.
When I was returning from Hong Kong a few weeks ago, the agent asked what city I was born in (fine) what hospital I was born in (I remember where it used to be, but I can't remember the name) and what the "number" of the county was I grew up in.
What he meant was the prefix for the license plate. Luckily I remembered it. I suspect he grew up in the area, but it was super weird; also, he was probably fairly bored.
Moreover, its interesting that he believes that he was targeted because he said anti-Trump statements. Yet, it doesn't seem to occur to him that: This is what you get when you advocate for "big government".
The downside of having big government is that it winds up being staffed with mad-with-power bureaucrats, who will mess your life up just because.
I miss the time when most techies believed in civil liberties and were wary of government. Chickens coming home to roost and all that...
Um, this is definitely the case. DHS has an advanced record keeping system. They have tons of information on every person arriving in the US. Yes they even know what you ordered on your in flight meal.
well, one CBP officer almost sent me to secondary checks because i had two US entry stamps within a week and a half of each other. why? because i went to europe from my own country and both flights (to and from) had layovers in the US.
she said it was absolutely not common (which i doubt very much) and she was concerned i was coming and going because i want to stay (?!?!?!).
I was once randomly selected for screening at Chicago Midway, that quickly became shockingly specific: "Do you know that professor at DePaul that teaches Python?" "Do you mean Massimo Di Pierro?" "Yeah, I think that was his name." "I've met him a few times..." At this point it all seems very surreal. "He was through here a few weeks ago and had stickers on his laptop that were like yours." Ooooh...
> Gal said the agents did take away his Global Entry pass, which allows express entry through customs, as punishment for not complying with their demands.
I wonder about the legality of the CBP punitively confiscating his Global Entry pass.
In addition to that, I also wonder what punishments they can mete out to people who happen to not be high-level Apple employees with a network of powerful people who can advocate on his behalf.
377 comments
[ 4.3 ms ] story [ 347 ms ] threadThis kind of thuggery seems to be getting more common.
Lying in that situation would seem like a very bad idea (I'm not a US national) - I've had a few uncomfortable experiences over the years entering the US and I certainly wouldn't want to do anything that would give cause to escalate things on their side.
Doesn't sound that paranoid to me: wasn't there talk already a year ago about trying to force people to log into social media accounts when crossing the border?
Fact is: I don't do Facebook, nor any other Facebook product, so I'm really not able to hand over any such credentials.
With TSA/Customs you need to be truthful. If you don't have an account say so. If you have one and say you don't that's a felony.
There was a case recently of a NASA scientist being hassled at the border for his phone. He initially refused on the basis that handing it over would compromise his obligations to his employer. It did not work.
https://www.theverge.com/2017/2/12/14583124/nasa-sidd-bikkan...
Are allowed to? Maybe, maybe not. Will do anyway? Probably yes.
Once the agent has your password and takes the device into their back room for an hour, you have to assume that all data has been offloaded and the device has had an undetectable rootkit added.
This gentleman's expertise is in security and encryption and now he works for Apple, a company that makes products that the US government can't always crack. He was clearly targeted in his encounter because of his current position, based on the questions they were asking. Surreptitious access to his devices is highly desirable to US intelligence services.
Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
Seems unwise to destroy evidence. Find the rootkit, or have your employer or security researcher do so, prove it's existence, and sue the Government.
But yes, definitely get a new laptop.
It's way easier and less legally ambiguous to make people THINK you are rooting their devices than to actually do it and leave actual evidence to be found. They could even be looking for OTHER rootkits instead of installing them.
I suspect there's a lot of availability bias going on here as well - how many travelers go through the US per year versus how many of them are famous ex-CTOs that get reposted on HN?
He wasn't FORCED to unlock his computer, he was just detained for three hours because he wasn't. Adding technical restrictions won't stop that.
The password to this freshly wiped device is "Orwell1984". Feel free to have a look, but all you'll find is an app called "Secure Erase Free Space". This SD card I'm carrying separately? No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
I have a hard time believing that an audience that finds buying a car stressful (as is often stated in Tesla threads) is going to demonstrate assertiveness to a real authority...
But that's why relying on a trusted external party, like the company you work for, to control your access to your data, is a much more effective strategy. TSA/Chinese police can threaten and bully you, but not your co-worker in a different country following company policy.
There's also a good argument to be made that the search is illegal, it's important that everyone stand up for that, even if its stressful.
https://www.eff.org/deeplinks/2017/04/bill-rights-border-fou...
Also: https://xkcd.com/538/
Common mix up, but the agency in question is CBP, not TSA.
Aside: don't use TrueCrypt anymore for other reasons.
Deniable encryption can actually be very dangerous for people who are detained in places where torture is used. Even if you unlock your device, law enforcement have no proof that you have unlocked your real profile[0]. This is relevant to countries where people can be detained for not unlocking their devices, like Australia.
[0]: https://en.wikipedia.org/wiki/Deniable_encryption#Drawbacks
You don't have to specify that you consider customs agents thieves, that's just up to you if you wanna put that lil' spin on it.
(But for real, this seems to me to be a bulletproof way to both make sure TSA can't access data on your device AND make sure you get pulled aside "randomly" for an extra-long questioning session.)
See also Andreas Gal's blog post https://medium.com/@andreasgal/no-one-should-have-to-travel-... , the ACLU's press release https://www.aclunc.org/news/aclu-files-complaint-department-... , and the ACLU's formal complaint https://www.aclunc.org/docs/ACLU-NC_2019-03-28_Letter_re._El... .
Non-citizens are in a totally different boat. You can be denied entry for any reason whatsoever. Tread carefully....
What's the definition of "temporarily" in this case?
[0]: https://en.wikipedia.org/wiki/Saifullah_Paracha
As a practical matter, more senior officials at CBP should hopefully know about their limitations and if you request counsel and stay silent then they'd likely release you.
Going to a prison somewhere in the US is 'reentry' I suppose.
Is there evidence of US citizens going to prison for the act of refusing to unlock a device at the border?
https://wikitravel.org/en/Avoiding_a_transit_of_the_United_S...
But I think if you fly, for example, from New York to Paris and then on to Tunis, you don't have to go through immigration controls in Paris.
This was 2005 so they didn't have such a hard-on for electronic devices back then. Seeing as the US has upped its game quite a bit since then, the likelihood of me ever visiting the US is now zero. Sorry my fellow US HN'rs.
And you know it's such a shame because I had a trip to Boston in November 2002, and even with it being only just over a year since 9/11, my passage through customs was friction-less and the staff were delighted that we'd come to visit the US. No fingerprints, no eyeball scanning, no interrogation, just a friendly "business or pleasure, and enjoy your stay".
It's not just 5 countries: https://en.wikipedia.org/wiki/Five_Eyes
Plus, it doesn't matter if it happens as much or more in some backwater third world country.
It's already enough of a problem that among first world countries the US is quite a pain in the ass airport control.
Heck, it's enough of a problem that it feels like a pain in the ass. It wont be less of a problem if per capita e.g. Belgium or Albania are worse...
https://www.abc.net.au/news/2018-10-08/if-a-border-agent-dem...
https://techcrunch.com/2017/09/25/traveler-who-refused-to-gi...
It seems to be mostly a Five Eyes thing.
Astonishing is the word.
Because of this, it's likely that the world will likely spiral to worse and worse treatment of everyone. As the saying goes, an eye for an eye and soon the whole world is blind.
If he went all the way up to the supreme court instead of taking the plea deal, the story might have gone the other way.
Well if CBSA continues with this practice I hope it ends up with a lawsuit and gets shut down by the supreme court.
If you are in a pinch.
If not you can just sell it (there or at home) and take the loss as a rental fee.
If your threat model doesn't include physical tampering/rootkits, just wipe your devices pre-travel and set it up when you get where you're going. If it does and you can afford to mitigate that risk, arrange to have cheap new devices at your destination and travel with nothing.
First password accesses clean files, second one accesses dummy [legal!] fetish porn collection ... do border guards hold you to get a third password?
An analogue analogue might be: I have a book full of "random alphanum text", I have two (or more) one-time pads for decryption of portions of the book, I also know the page/line the actual cyphertext starts at. The rest of the text in the book is random quotations encrypted using a selection of further random one-time pads. Can forensics find that there is a "hidden" n+1 plaintext when I give them the n pads and starting points? Seems impossible??
Also, sweating you out in holding is probably more effective than you realize.
I do fully agree with the sentiment that people who have such a low opinion of the United States should not come here. However, that low opinion is not deserved.
> Going through customs is usually routine for me.
So this is a rare an unusual problem.
> I was eventually permitted to leave the customs area with my devices.
Which amounted to a temporary inconvenience.
> These so-called border searches are not random.
And was potentially justified.
While appreciate the desire to attribute malicious intent to people you're biased against ("my disapproval of the Trump administration"), the article makes no effort to consider whether there might have been such a valid justification for asking a few questions. Maybe the author engaged in such an analysis, but for whatever factors he may have considered we're not privy to them.
But moreover...
> surrounded by three armed agents wearing bullet proof vests.
> If the government intended to scare me, they certainly succeeded. Ever since, I travel in fear.
This is a shockingly unamerican sentiment to hear from someone who, in the same breath claims:
> When I became a U.S. citizen I swore to defend the Constitution. I’m a proud U.S. citizen and I take my oath seriously.
Then what about the second amendment? If you support and defend the fact that "a well regulated militia [is] necessary to the security of a free state... " then how is the sight of a gun so terrifying? I'm not sure what experience he has in his life, but seeing a gun is not a big deal. As the constitution says, their a basic and necessary element of free societies.
While I appreciate that a 3-hour delay is substantial, so is international travel and it's in the context of refusing to answer reasonable questions. It used to take months, weeks, or at least days. The idea that this guy in particular should be able to enter on a moment's notice, without any delay, and no questions asked is a bit of a stretch. To say he should ALWAYS be able to do so, each and every time he tries to enter without ever experiencing a delay, that's unreasonable.
So feeling fear when surrounded by 3 armed guards is "unamerican"?
My questions are why were there 3 in the first place, and why were they armed? Surely that kind of "show of force" could only be justified in response to a credible threat?
> Surely that kind of "show of force" could only be justified in response to a credible threat?
Justified, of course not, but have you ever encountered bored cops, or bullies? No matter where you go, there are always corrupt individuals, and unfortunately some of them are in positions of authority.
While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
So, opposing the second amendment is the only way to effectively oppose the rulings related to it (assuming that's what you want to oppose).
[1]: https://en.wikipedia.org/wiki/District_of_Columbia_v._Heller
> While it is correct to argue that Supreme Court decisions are "case law", the Supreme Court is the final appellate court in the US -- so the only way to change their decision would be through a constitutional amendment.
The supreme court does change their mind about things, as the Heller decision demonstrates.
Heller was not a change of mind by the supreme court (it ruled on a different matter to previous rulings -- which had explicitly skirted around the problem of civilian ownership of weapons outside of a military context).
However, even if it were a change of mind -- the supreme court changing its rulings is an incredibly rare event because such events question the finality and authority of their decisions.
Hence why I said "the only way to change their decision would be through a constitutional amendment" -- because waiting for the supreme court to change their mind about it (while technically possible and sometimes the case) is hardly a useful policy position for a political argument.
"They're"?
> It used to take months, weeks, or at least days.
Sure. Many things were different in the past. For example: hysterical and paranoid border patrol personnel didn't use to be the norm.
The government does what the government wants. If you're lucky, later a different part of the government will apologize.
A bill of rights may reduce the odds that those enumerated rights are denied to you, but it cannot prevent it.
Assuming by default that somebody would break the law, just because you politically disagree with them, is not justified. As said above, CC holders are among the most law-abiding citizens (this is true in my country too). They're aware of the laws governing their permit and assuming by default that they'd break other countries' laws is preposterous. You don't just forget that you're carrying when you travel abroad or by airplane. And you sure as hell don't do something as idiotic as that, with the accompanying consequences, intentionally.
As far as forgetting that you’re carrying, numerous examples say otherwise. Random data point: the TSA confiscated over 4,000 guns last year, of which I imagine approximately 100% were inadvertently packed by innocent people. Whether it’s intentional is immaterial; Canada doesn’t want guns crossing the border, and they couldn’t care less if you’re doing it by accident.
If the Canadian border authorities are searching your person, such that they are likely to notice something like a concealed carry permit, your border crossing has already gone south.
Not a bug, working as intended. Entering a country that you aren't a citizen of isn't some inalienable human right, especially if you're a convicted criminal.
Well, yeah, entering the US as a non-citizen is a privilege granted at the discretion of the US federal government. Border control is an essential function of a sovereign state.
>I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
It's disturbing to not want criminal elements freely entering your country? If they're a not refugee and they can't follow the law in their country of origin, why should any other country be obligated to let them in?
I'm only a criminal to someone like you.
What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering. People that are well off would/do not have the same legal outcomes, and thus your measurement of law-abiding is not reasonable.
Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
Canada has a generous welfare system and social safety net that that would likely be unsustainable if it let in sufficient number of people unable to support their own benefits. Even if you hold the view that drug use ought to be a public health matter and not a criminal matter, there's a limited amount of immigration that can be sustained without overburdening these services and why let in a drug user when you can let in a doctor or engineer?
In the case of tourism, it's just about limiting risk of someone overstaying their visa.
I make well into six figures as an engineer and cannot make legitimate business trips to Canada even when the company lawyer has appealed for my entry, complete with compiling a report with ample evidence of merit. It is a naive view to think that entry is merit based when I'm being denied entry based solely on the fact that I was once a teenager that was discovered to be around weed once.
> In the case of tourism, it's just about limiting risk of someone overstaying their visa.
Then why do so many performance artists have to cancel Canadian stops when they are not allowed entry? Are they really scared a platinum artist is going to become a drain on their society? That quite obviously has nothing to do with it.
https://www.theatlantic.com/magazine/archive/2017/09/innocen... https://abovethelaw.com/2018/11/plea-bargaining-a-necessary-...
I have a feeling that is an empty set.
CBP do need reasonable suspicion to hold you belongings or do a forensic search of your computer (Cotterman 2013) - they can't just randomly take things on a whim. The longer they hold it, the higher standard required.
(In Cotterman, it sounds like the Ninth Circuit said reasonable suspicion was required, but also decided on its own - despite it not being argued by the government - that an alert from a CBP database about Cotterman's previous conviction justified a search. Which seems reasonable to me, as a layperson, I thin.)
...and there you have it: He's done something wrong in the past, so - of course - he must be doing something bad now - forever and always!
For more: https://en.wikipedia.org/wiki/Reasonable_suspicion
A different way to phrase it might be: The officers and the suspects disagree about what a reasonable suspicion might entail. Given the incentives, I don't think this is surprising.
I'll admit, my point in no way addresses yours -- how often are officers adhering the the specific legal standard?
I'm really not sure how often officers violate the standard; it wouldn't shock me if it were frequent
But when they do, courts will suppress the evidence, and anything that's obtained from knowledge gained in that search ("fruit of the poisoned tree").
I trust that mechanism. And think it's likely better held in the US than literally any other country (v open to evidence to the contrary though)
Not if the violation was done in “good faith”:
https://www.law.cornell.edu/wex/good_faith_exception_to_excl...
Reasonable suspicion is not required for every search at a border crossing, and the Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing. The 9th circuit has jurisdiction in this case, and has ruled that it is required.
Did Cotterman 2013 clear this up? How does are circuit courts split yet the 9th assumed jurisdiction?
So in some parts of the US, reasonable suspicion is required. In some parts, it isn't. In some parts, there is no binding precedent on the issue. It's likely that the supreme court will hear a case on the issue eventually.
I don't think that will discourage them to call any whim "reasonable suspicion".
Best to enter the customs zone with the phone powered off, your device's security is likely better in this state, less likely to be circumvented while you surrender it.
Things like mobile boarding passes and the "Mobile Passport" app encourage and train people to hand their devices over to TSA and CBP personnel. In that later case, unlocked and with an app CBP/DHS controls already installed (with a lengthy ToS no one ever reads).
1. There is no special app you need for mobile boarding passes. It has always been either a PDF or a PNG file emailed to you.
2. I was never asked to hand over my phone to TSA agents at any point. They just ask you to put your phone with the boarding pass QR code displayed over a QR scanner. At no point the phone leaves your hands.
As an aside, on iOS, the airline apps I have used work like the Wallet app and are visible on the lock-screen, the device must be powered on but remains locked when you display your boarding pass, etc.
Best to just wipe any device and restore from backup.
Hold shift or some other key combination when you boot and it boots into the 'real' machine, the other OS is just a dummy with generic search history and data.
Except the threat to put you on a "mess up with every time they fly" list.
I’ve been kicked out of a border control point in northern Vermont in February in a snowstorm after a four hour interrogation. (They sent the bus without me.)
I’ve been arrested and locked in a room for twelve hours with no food or water or medication.
I’ve been endlessly harassed and interrogated on other entries even when not exercising 5th amendment rights to silence.
In all cases they eventually let me go without charges.
They have to let you enter, but they don’t have to do it quickly or humanely.
Legal / Official Source please.
They will use every option available to them to punish you for disobeying their commands to unlock, even if you are not legally obligated to do so.
Wonder if you can sue them after for your property back.
For leisure? I mean, seriously, who would shell their own free time and money and risk being treated like this? You get 1000x better treatment in Iran as a visitor for example.
In fact, any country not currently in some sort of civil war is a better idea for a visit than US.
Sure, as long as you aren't LGBTQ or a woman.
Border policy won't change by 2021 either, at least not for the better.
Its about as likely as bitcoin taking over the world economy, but hey we all have to cling to false hope sometimes.
I think you'll have to wait awhile. These policy tools have been under both parties starting with GWB far as the initial PATRIOT Act (I think?). Right now, we're at a point where the USA might, but unlikely, go back to an isolationist policy far as borders.
At a meta level, this is a debate around internationalism vs globalism. Currently, Earth is in an era of internationalism. There is a desire by lots of people to move towards Globalism.
Similarly in the game development community, lots of people complain about customs but then go to GDC every year.
I guess my point is that as long as America continues being a pillar of the world, people (like myself!) will continue putting their principles aside and comply, and the system will have no reason to change.
I hope you'll last longer than I did. :)
Edit for clarifications.
In which regard? Compared to which place?
Agreed. I personally view Daylight Savings as being horrid for mental health reasons, and I have plenty of friends and family that feel the same. There is no hope for any of us to change that. So from my view point, if we can't discuss an issue as simple as Daylight Savings, then there's little hope for bigger issues.
Also, from a "peasants" view, we want to change, but getting that translated to actual change through the system seems impossible. It doesn't help there are legitimate differences on what solutions even looks like.
While the parent commenter's tone was extremely glorifying, do you _not_ believe that the U.S. leads the world in R&D? Or that China _is_ a surveillance state, and one in which the citizens have much less in terms of rights? Does the U.S. not hold the most patents?
At least half of his statements aren't even subjective ones... Are you berating him for his content, or his tone? This seems like the opposite of the Principle of Charity, which is what HN was built upon.
It is, as is the US. Or most other developed nations, if we're going to be honest with ourselves.
> Does the U.S. not hold the most patents?
The US patent system has a very large number of patents (maybe the largest number in the world), but how many are held by US citizens and companies? Foreign entities are allowed to register US patents (and many do) in order to be able to sue US entities.
In fact, this effect is significant enough that the Australian Government's Law Reform Commission noted in a 1990 report[1] that the existence of a patent system may actually have a net negative effect to the economy because of this effect.
[1]: https://www.alrc.gov.au/publications/2-patent-system/economi...
Then why didn't you win in Vietnam?
> We issue the most patents, by far.
The US decides what is patentable, so that's basically a participation trophy.
> We (as people) have more rights than most all other nations
How have you enumerated this?
> We protect Europe and the West.
By handing half of Germany over to Stalin?
Also, Russia was an ally in WW2, it demanded reparations.
These two are unrelated and historical facts.
It's perfectly fine to admit the US is a mediocre large country, absolutely worth living in, but not some singular shining glory. It's perfectly fine to admit the US is bad at both picking and waging wars. That's my position.
https://en.wikipedia.org/wiki/North_Russia_Intervention
Please let's not kid ourselves, the US rocks!
The risk of travelling there is simply too high now.
Message? So you read one story and a bunch of HN comments and that is how you decide?
Some of the facts presented don't even make sense. You don't take the fifth when refusing a search. You're relying on the fourth amendment and refusing to consent to a search. Searches like this having nothing to do with self incrimination.
I'd be surprised if anyone who regularly travels to the US hasn't found it to be extremely unpleasant at times. A while back I spent 6 months or so going back and forth from the UK to Houston or Atlanta, and every time I absolutely hated going through immigration. I've travelled to dozens of countries, and literally everywhere I've found the border guards to be friendly - except the US. Every time they behaved like power-hungry bullies, or I saw them behaving that way towards others. One time I travelled with a female colleague who was basically harassed by ridiculous questions from a very angry and loud border guard for no reason at all. He wasn't satisfied until she was in tears.
Another time there was a really long queue after getting off a flight (think it took over an hour to get to the desk), and there was a pregnant woman in the queue who seemed unwell and wanted to sit down - a guard shouted at her to stay in line, refused to get her a chair, and refused to let her jump forward in the queue (despite prompting from willing fellow passengers).
So the reason people don't want to travel to the US? Because it's a fucking horrible experience.
We have ZERO data on the probability of this happening to someone. What we do know is that when it happens to certain people and they have some kind of notoriety or the ability to get noticed we hear about it. That means there is a non rational reaction from people which makes it seem like any one person stands a large chance of having the same experience. Obviously they have not the time or resources to doing this on any widespread basis. Hence it's a small risk. Ditto for that matter to letting them see what is on your phone. Don't want to sound like the 'if you have nothing to hide' guy (Eric Schmidt) but honestly is it such a big deal? [1]
[1] By that token I have no clue why people would allow complete and total strangers access to where they live (or drive them) which to me seems like a much greater risk. (Not saying the OP did this).
When I mentioned other stories and comments, I wasn't only referring to those by people with "notoriety or the ability to get noticed" - indeed, I was mainly referring to randoms (such as myself, and BTW I have no notoriety and am an introvert).
Yes, I know (as stated above). By no means am I saying it couldn't. Still, it doesn't excuse Americas practices in any way.
So, in a strict legal sense, demanding to unlock a device does not violate the 5th.
https://www.aclunc.org/docs/ACLU-NC_2019-03-28_Letter_re._El...
> CBP must ensure that its officers comply with the U.S. Constitution. Even at the border, the search of an electronic device is governed by the Fourth Amendment. To satisfy Ninth Circuit and Supreme Court law concerning electronic searches, any such search should be based on a warrant and be limited in scope to information relevant to the agency’s legitimate purpose in conducting the search. The attempted unconstitutional search of Dr. Gal’s devices illustrates that CBP’s policies do not in fact include the requirements necessary to safeguard the constitutional rights of people at the border
This isn't true and has never been backed up by a court ruling, including at the Supreme Court. Currently there is no legal foundation to the premise that any rights for US citizens are suspended just because you're at the border (typically people refer to the premise as also including N miles inside of the border, eg 100 or 300 miles).
Right now what you have is a few government agencies attempting to write over the Constitution, without anything to actually support their doing so. They go out of their way to avoid an actual court confrontation with their fake / invented 'laws,' knowing that they'll lose.
https://en.wikipedia.org/wiki/United_States_v._Martinez-Fuer...
SCOTUS is, for good and ill, the last word on what's Constitutional, until it changes its mind.
https://en.wikipedia.org/wiki/Border_search_exception
> This balance at international borders means that routine searches are "reasonable" there, and therefore do not violate the Fourth Amendment's proscription against "unreasonable searches and seizures".
According to Wikipedia, there is currently a circuit split* on whether phone searches at the border require individualized suspicion, or can be conducted routinely, without falling foul of the 4th amendment.
* (two sets of appeals courts have ruled in contradictory ways; these splits can be resolved by SCOTUS if they choose)
The lack of transparency on the reasons for detention are the real problem. Josef K never found out the charge made against him either.
(edit -spelling)
...border agents told him he had no constitutional nor any legal protections, and threatened him with criminal charges should he not concede to the search.
...he was eventually allowed to leave with his belongings, the devices still locked, and no charges were pressed."
My goodness! I guess those protections did exit after all! :)
Guidelines:
-Goons can lie to you all they want. Never budge.
-Politely refuse, and remain cordial. Stay strong mentally.
-Make sure your devices are turned off prior to even leaving for the airport.
This is the sick reality we live in.
Security may ask you to turn them back on, not to search them, but to verify that they are actual working devices, and not a bomb.
But never decrypt. If this results in you missing your flight, so be it.
Why? Is that more important to stay locked than miss granma's funeral, or more positively, 75th birthday?
If you're a security person, I suspect his recommendation would be - even though he doesn't understand IT and tech - to say you don't even understand how SSH works or can't tell the difference between encryption and hashing.
As far as the security of the data on the device is concerned, a powered-off device is equivalent to a powered-on device that hasn't been unlocked since it was powered on.
Customs and Border Patrol operate under a special set of circumstances within ports of entry. You do not have the right to have an attorney present during the interrogation, you can have your personal belongings confiscated, you can be held without charge for up to four hours for any "reasonable" suspicion.
These same rules apply within one hundred miles of the United States border. So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
Interesting. You'd think that "real America" was just a turn of phrase - turns out that it isn't, that there is a Real America and that it does care far more about protecting individual rights.
No, there isn't. Civil rights get trampled regularly outside the 100 mile Constitution-free zone too, just under different pretexts.
Also police are allowed to lie about anything they want during interrogations.
The latter feels like a serious problem that should get rectified.
She was in tears by the end of the experience.
We have both received many pat downs in Chinese airports that didn't bother either of us.
It's easy to single out the US but the reality is that most countries have pretty far reaching rules these days. E.g. the UK and Australia are hardly any safer. And forget about China, Russia, or indeed most countries with even less democratic regimes.
The bottom line is that if you are not willing to unlock your device at any of the security checkpoints you will pass on your journey, you should leave it at home or just wipe it preemptively and restore over a secure connection after you arrive. In case it does get unlocked or taken from you, consider the device burned. It may come back to you with all sorts of malware. The people doing this are not thinking you are a terrorist or a child pornographer: you are being targeted and under attack by a hostile entity. Assuming otherwise would be a mistake. Wipe it, sell it on e-bay, never use it again.
The point being: if your encrypted network traffic is captured and retained, maybe it can still be brute forced at liesure, and deduplicated for deltas only. Thus, volume is only a temporary issue, and everyone still gets to see everything eventually, and full retrospective records are still enriched, so maybe that's fine for some things, and not for others.
I don't know enough about Estonia to suggest they would try this, but they do seem progressive in this regard. I would vote for Netherlands, Belgium, or Portugal just because I like being in those countries.
Things like this don't even remotely threaten US dominance in tech, because: 1) the US allows a lot of legal immigration; 2) US tech wages are far beyond anything you can make in those other locations 3) the US as a singular integrated market that is the world's largest economy, makes it impossible to compete with unless you're China, due to inherent scaling benefits 4) nowhere other than China has the capital markets to support competing with the US start-up scene properly and 5) the actual context - Andreas was let go after three hours, with his devices - isn't close to being bad enough to matter, in fact it barely registers these days (increasingly the era of domestic surveillence and censorship all around the world, from the UK to South Korea) as a very mild inconvenience on human rights, and doesn't impact ~99.999% of travelers to the US.
US dominance in tech - outside of China - has only increased since 9/11, not decreased. That's despite non-stop issues of this sort, the Patriot Act, NSA spying, and so on. A rogue border search, or a hundred of them, won't dent that. That's the reality.
"Apple employee gets mildly harassed at airport because of proprietary confidentially agreements" with
"A terrible, terrible tragedy, non US-citizen travellers agree" as a byline.
The main thing of interest here would be that maybe Mozilla should employ better hiring practices.
As you phrased your comment, it is entirely opaque to me what you intend to convey.
Also, Gal didn't make any sort of moral stand, he was simply defending his proprietary employer's interest. It's not the most sympathetic story.
So, in the end, the article only left me wondering how people who climb the ladder inside Mozilla, ostensibly an open and free environment, can easily end up at Apple, which revels in closed and proprietary environments. Maybe Mozilla should introduce some of the values they claim to hold into the hiring and promotion process.
Sorry for any confusion.
They want entrance, just grant it to a sandboxed environment.
That would be a big story if that is the case.
I will offer a counter-narrative which is more in line with my own experience (from other places than the US):
The people who work at border control in particular in airports are bored.
They are also overstaffed and given extreme discretion over the people they patrol; most of whom are non-citizen and thus have basically no rights at all.
This leads to them doing work for the sake of showing they work, overreacting to the least of resistance and maybe even some games of entertainment.
I will definitely agree bored cops looking for stuff to do cause a lot of problems.
I think it is obvious that they profile on overall looks, race, citizen status, place of birth, travel patterns.
[0] https://www.nbcnews.com/politics/immigration/u-s-officials-m...
What he meant was the prefix for the license plate. Luckily I remembered it. I suspect he grew up in the area, but it was super weird; also, he was probably fairly bored.
people are expected to know this?
The downside of having big government is that it winds up being staffed with mad-with-power bureaucrats, who will mess your life up just because.
I miss the time when most techies believed in civil liberties and were wary of government. Chickens coming home to roost and all that...
she said it was absolutely not common (which i doubt very much) and she was concerned i was coming and going because i want to stay (?!?!?!).
I wonder about the legality of the CBP punitively confiscating his Global Entry pass.
What if unlocking the device requires a security key that I do not have with me?
My intuition is that they'd still treat that as though I was impeding their search, but I wonder legally if it changes anything.