Mobile devices and border controls

[MM 6,562]

From https://medium.freecodecamp.com/ill-never-bring-my-phone-on-an-international-flight-again-neither-should-you-e9289cde0e5f#.tfu4rnpa5

I’ll never bring my phone on an international flight again. Neither should you.







A public domain image of a US Customs and Border Patrol agent in an airport.


A few months ago I wrote about how you can encrypt your entire life in less than an hour. Well, all the security in the world can’t save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password.





Image credit: XKCD
And a few weeks ago, that’s precisely what happened to a US citizen returning home from abroad.
On January 30th, Sidd Bikkannavar, a US-born scientist at NASA’s Jet Propulsion Laboratory flew back to Houston, Texas from Santiago, Chile.
On his way through through the airport, Customs and Border Patrol agents pulled him aside. They searched him, then detained him in a room with a bunch of other people sleeping in cots. They eventually returned and said they’d release him if he told them the password to unlock his phone.





Sidd Bikkannavar’s hobbies include racing solar-powered cars. Photo by The Verge
Bikkannavar explained that the phone belonged to NASA and had sensitive information on it, but his pleas fell on deaf ears. He eventually yielded and unlocked his phone. The agents left with his phone. Half an hour later, they returned, handed him his phone, and released him.
We’re going to discuss the legality of all of this, and what likely happened during that 30 minutes where Bikkannavar’s phone was unlocked and outside of his possession.
But before we do, take a moment to think about all the apps you have on your phone. Email? Facebook? Dropbox? Your browser? Signal? The history of everything you’ve ever done — everything you’ve ever searched, and everything you’ve ever said to anyone — is right there in those apps.
“We should treat personal electronic data with the same care and respect as weapons-grade plutonium — it is dangerous, long-lasting and once it has leaked there’s no getting it back.” — Cory Doctorow
How many potentially incriminating things do you have lying around your home? If you’re like most people, the answer is probably zero. And yet police would need to go before a judge and establish probable cause before they could get a warrant to search your home.
What we’re seeing now is that anyone can be grabbed on their way through customs and forced to hand over the full contents of their digital life.
Companies like Elcomsoft make “forensic software” that can suck down all your photos, contacts — even passwords for your email and social media accounts — in a matter of minutes. Their customers include the police forces of various countries, militaries, and private security forces. They can use these tools to permanently archive everything there is to know about you. All they need is your unlocked phone.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641
What’s the worst thing that could happen if the Customs and Border Patrol succeed in getting ahold of your unlocked phone? Well…

• Think of all of the people you’ve ever called or emailed, and all the people you’re connected with on Facebook and LinkedIn. What are the chances that one of them has committed a serious crime, or will do so in the future?
• Have you ever taken a photo at a protest, bought a controversial book on Amazon, or vented about an encounter with a police officer to a loved one? That information is now part of your permanent record, and could be dragged out as evidence against you if you ever end up in court.
• There’s a movement within government to make all data from all departments available to all staff at a local, state, and federal level. The more places your data ends up, the larger a hacker’s “attack surface” is — that is, the more vulnerable your data is. A security breach in a single police station in the middle of nowhere could result in your data ending up in the hands of hackers — and potentially used against you from the shadows — for the rest of your life.

Wait a second. What about my fourth and fifth amendment rights? Isn’t this illegal?
The fourth amendment protects you against unreasonable search and seizure. The fifth amendment protects you against self-incrimination.
If a police officer were to stop you on the street of America and ask you to unlock your phone and give it to them, these amendments would give you strong legal ground for refusing to do so.
But unfortunately, the US border isn’t technically the US, and you don’t have either of these rights at the border.
It’s totally legal for a US Customs and Border Patrol officer to ask you to unlock your phone and hand it over to them. And they can detain you indefinitely if you don’t. Even if you’re a American citizen.
The border is technically outside of US jurisdiction, in a sort of legal no-man’s-land. You have very few rights there. Barring the use of “excessive force,” agents can do whatever they want to you.
So my advice is to just do whatever they tell you, to and get through customs and on into the US as quickly as you can.

The US isn’t the only country that does this.
It’s only a matter of time before downloading the contents of people’s phones becomes a standard procedure for entering every country. This already happens in Canada. And you can bet that countries like China and Russia aren’t far behind.
“Never say anything in an electronic message that you wouldn’t want appearing, and attributed to you, in tomorrow morning’s front-page headline in the New York Times.” — Colonel David Russell, former head of DARPA’s Information Processing Techniques Office
Since it’s illegal in most countries to profile individual travelers, customs officers will soon require everyone to do this.
The companies who make the software that downloads data from your phones are about to get a huge infusion of money from governments. Their software will get much faster — maybe requiring only a few seconds to download all of your most pertinent data from your phone.
If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they’re getting their passport swiped.
Over time, this unparalleled intrusion into your personal privacy may come to feel as routine as taking off your shoes and putting them on a conveyer belt.










And with this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone — and fighting for your privacy in court — will be a completely moot point.
Governments will have succeeded in utterly circumventing decades of innovation in security and privacy protection. All by demanding you hand them the skeleton key to your life — your unlocked phone.

You can’t hand over a device that you don’t have.
When you travel internationally, you should leave your mobile phone and laptop at home. You can rent phones at most international airports that include data plans.
If you have family overseas, you can buy a second phone and laptop and leave them there at their home.
If you’re an employer, you can create a policy that your employees are not to bring devices with them during international travel. You can then issue them “loaner” laptops and phones once they enter the country.
Since most of our private data is stored in the cloud — and not on individual devices — you could also reset your phone to its factory settings before boarding an international flight. This process will also delete the keys necessary to unencrypt any residual data on your phone (iOS and Android fully encrypt your data).
This way, you could bring your physical phone with you, then reinstall apps and re-authenticate with them once you’ve arrived. If you’re asked to hand over your unlocked phone at the border, there won’t be any personal data on it. All your data will be safe behind the world-class security that Facebook, Google, Apple, Signal, and all these other companies use.
Is all this inconvenient? Absolutely. But it’s the only sane course of action when you consider the gravity of your data falling into the wrong hands.
If you bother locking your doors at night, you should bother securing your phone’s data during international travel.
This may upset Customs and Border Patrol agents, who are probably smart enough to realize that 85% of Americans now have smart phones, and probably 100% of the Americans who travel internationally have smart phones. They may choose to detain you anyway, and force you to give them passwords to various accounts manually. But there’s no easy way for them to know which services you use and which services you don’t use, or whether you have multiple accounts.
We live in an era of mass surveillance, where governments around the world are passing terrifying new anti-privacy laws every year.
“Those who are willing to surrender their freedom for security have always demanded that if they give up their full freedom it should also be taken from those not prepared to do so.” — Friedrich Hayek
With a lot of hard work on our part, enlightenment will triumph. Privacy will be restored. And we will beat back the current climate of fear that’s confusing people into unnecessarily giving up their rights.
In the meantime, follow the Boy Scouts of America Motto: always be prepared. The next time you plan to cross a border, leave your phone at home.
Thank you for taking the time to reading this. If you liked this, click the ? below so other people will see this here on Medium.

[Bazle 1,665]

Not good.

 

Big Brother is gripping ever harder.

[midlifecrisis 4,065]

The only country I have ever entered that was more draconian than the USA at the point of entry was the former East Germany and that was about multiple passport control stations. They did not search our car or belongings coming or going to West Berlin in 1984.

 

When you are entering the USA you do not have the protections as those on the other side of the line. Everything you have with you is subject to search. Every time I return to the USA from Asia I am searched and questioned.

 

Phones, computers, cameras....are not protected by the 4th Amendment at this point. Until being passed through into the USA proper, you are in a no man's land. It does no good to complain because you will be further delayed - perhaps taken into a room and being strip searched. You have no rights, not even 1st Amendment rights.

 

A lot of what they do, especially in their questioning, are fishing expeditions. They get to you after you have had little sleep and are exhausted from the better part of a day's long journey. That is calculated. They are trying to trap people, especially sex tourists. I no longer take nude photos. They may want proof of age. Etc.

 

I have nothing on any devices that can get me delayed further because, as a single male, I am always sent to that line by passport control.

 

When I get to Thailand and clear passport control, I get my bag and walk right out of the airport. Europe was like that too when I went there. Not our "free" country.

 

Now, they can look at my phone but I do not use it there. I do need it upon my return. I get a prepaid phone in Thailand. I understand that is not an option for those that live over there. For those of us that are just tourists, it is important to understand what can and probably will happen upon your return.

[js007 795]

It's sad, what the world has come to. My prior mindset was that I didn't really care if they searched me or not. I had nothing to hide. They could look at my computer. They could look at my phone. They never did, but if they wanted to, I wouldn't have complained.

However, the more I read about this issue the more I get pissed. Why should I give up my entire digital/online presence to some guy, just because I'm crossing a border?

 

So, the answer is to leave ll your information somewhere on the cloud and never cross the border with a phone or computer? Phones can be cheap enough. Ditto for Chromebook computers. Buy them when you arrive in Thailand and throw them away before you leave.

 

For what it's worth, I've never been searched when returning to the US. I've seen it happen to other people, though. Bu why make it easy for them?

 

I guess the whole issue is more important now than it used to be in the days before we had computers. Still, the border officers have always had an exemption, of sorts, from the 4th Amendment. In law school, my criminal procedure professor was the Harvard professor who wrote the casebook. He told a story about how they were giving him a hard time at the border one time when he was coming back into the country. And there was nothing he could do or say to stop them. Nothing. So it they want to be jerks, they get to be jerks.

 

Do most of you guys use a VPN? I suppose I should set one up.

 

One more thing: if you're a US citizen, I don't thenk they have an absolute right to your passwords. They can ask, but you can say no.

Edited February 20, 2017 by js007

[midlifecrisis 4,065]

 

 

One more thing: if you're a US citizen, I don't thenk they have an absolute right to your passwords. They can ask, but you can say no.

 

Failure to cooperate to their satisfaction is not a crime but can lead to further delays. At some point they have to let you go or allow you to have your day in court. The recent kerfuffle regarding Trump's immigration order shows that their power has limits.

 

My way now is to be totally clean. I don't even bring back things I need to declare. What they decide to search is of no consequence. It is just a delay when I am tired. An annoyance and nothing more.

[MM 6,562]

 

One more thing: if you're a US citizen, I don't thenk they have an absolute right to your passwords. They can ask, but you can say no.

And they can impound your password protected device if you don't give them the password. Perfectly "legal".

[MM 6,562]

The event I referred to where they wanted my laptop password or they would impound my laptop occurred back in 2005.

 

I wrote about it here and here.

 

 

Posted 12 September 2010 - 07:29 PM

kaiser71, on Sep 12 2010, 09:21 AM, said:

The 4th Amendment deals with searches and seizures. There is a borders exception.
They can examine your laptop and other electronic devices without probable cause or suspicion. If they find something suspicious, they can seize the item and then contact you (whenever) to pick it up. Encrypting, double encrypting, a totally clean computer - all would probably raise suspicion.

You can ask to speak to a supervisor.

Yes, exactly.

During the search I described above, they turned on my laptop and asked me for my password. I told them they could log in as a guest, but they said they wanted the password to my admin user account. I told them there was personal, private, and business related information on there, and that I wasn't about to give them my password. They then told me that they would need to keep my computer to send to the lab to break the password protection. I might get the computer in a month or so.

I gave them my password.

They then scanned for all media files. I had some porn movies I had downloaded IN THE USA on a previous trip (to show to my GF ). They then entered the titles of the video files into some database they had which flagged any movies with underage actors in it. Luckily, none of them was a hit in their database.

They also pulled up some pictures of my daughter I had taken during her horseback riding lessons. They asked me who she was. I said "That's my daughter". They then asked me her name and age. I was really offended that they would be inquiring about pictures of a girl riding a horse.

Anyway, yes they can confiscate your computer. Encryption won't help you if they take it to examine at their labs. I'm sure they know all the tricks.

midlifecrisis, on Sep 12 2010, 06:50 PM, said:

They are nicer to visitors. They just treat their own citizens like the are guilty before being proved innocent.

I believe that is generally true.

Also, since I have permanently moved to Thailand, and only return for brief visits, I have never been bothered. I think they pay more attention to US citizen/residents coming back from vacation than they do to people just coming for a short visit.

I find that mind-boggling, since a terrorist would likely be coming for a short visit, rather than coming back from a vacation.

It's all about morality, not security, IMHO.

[midlifecrisis 4,065]

And they can impound your password protected device if you don't give them the password. Perfectly "legal".

ouch. I did not realize that but it is consistent with my other experiences.

[MM 6,562]

ouch. I did not realize that but it is consistent with my other experiences.

Read the story above your reply...we posted simultaneously.

 

Hehe, you're even quoted in that post.

[midlifecrisis 4,065]

Read the story above your reply...we posted simultaneously.

 

Hehe, you're even quoted in that post.

You are correct but my old brain cramped up on that. The premise sounded familiar but I could not put my finger on where I had read, seen or heard it. You have a great memory!

 

I stand by what I said in comment back then. We citizens are treated as guilty until we convince them we are innocent.

 

Well, I have nothing to feel guilty about and I have nothing in my belongings to incriminate me or even raise eyebrows.

 

This makes me appreciate Tim Cook's stand against a back door on Apple products.

 

Also, what you said at the end about it being about morality and not security is imho key to understanding this. We are a very uptight country. I don't discuss my trips to Thailand. People think everyone who goes there is a pedophile. It happened to Picoman. I wish he was around to share that.