Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed …
I won't be taking my tourist dollars into the US whilst such unconstitutional behaviour persists, regardless of whether I'm carrying my laptop with me or not.
Will they be copying the contents of the memory card in my phone next? Or my SIM card address book?
Clearly, it is control-freakin' idiots that run the theatre that is airport security.
Are they going to log on as? If I create a new user (no admin rights) and log on as that then its not going to give them much at all is it?
As its a work's laptop I can always say that I do not have admin privs (or access to the administrator account) so they can't see anything that doesn't belong to the user they've logged on as.
I guess they'd just seize my computer and lock me up
Florida v. Royer
the US Constitution applies... even in US airports.
Dont take your laptop on holiday!
Given the FBI is planting 'dodgy' links and if your browser, like mine pre-loads links on a page to 'give a better browsing experience' the chances of not having something 'illegal' on your PC is pretty slim. Someone could slip a file of white noise onto a web site and you'll be hanging upside down having your feet beaten in GBay until you tell them the encryption keys for it!
It seems like the only way to function these days is to have all you data on a secure web server that can be accessed by a browser!
Florida v. Royer
the US Constitution applies everywhere in the US.. even airports.
you may also wish to review (especially all footnotes, or start at #10):
there are no legal probably causeless or warrantless searches allowed.
there are no 'suspicion' searches except as prescribed by Terry v. Ohio: http://en.wikipedia.org/wiki/Terry_v._Ohio. (outter garnet pat down for weapons only. detention must be brief and in place and no responses may be compelled.)
What would happen if you have information on your laptop that is under a Non Disclosure Agreement ?
Letting the customs see it will violate the NDA not letting the customs look through it would be making yourself a likely candidate for government harassing untill you give in.
One possible solution
If you run an operating system that has some sort of security then you could:
1. Create a dummy account containing a number of unimportant files. Give this account the minimum number of privileges.
2. Use this account when stopped at the border with your laptop and asked to start the machine.
3. When asked to provide access to other files, you can reasonably claim not to have sys admin rights and refer the enquirer to your corporate IT department (if you have one), hoping that they aren't going to bother. Of course, they might bother and corporate IT might give them the sys admin password over the phone, but how likely is that?
We should decriminalize tertiary unpaid possession
Making of kiddie porn, make it a crime it is the primary crime. Distribution of kiddie porn, keep it a crime it is a secondary crime, but nevertheless may encourage the primary crime. Possession of unpaid kiddie porn, not a crime. Where kiddie is defined as puberty, not this stupid 18 year old rule that has us locking up 16 years olds for photographing themselves having sex.
If 14 year old girls aren't sex objects why do they use them as fashion models?
I know it's common to get an emotional argument to conflate these things into 1 thing, but there was only a marginal case to ban distribution, it already was a secondary crime. Possession is a tertiary crime, it's already 2 times removed from the actual crime and was argued that *buying^* created a market. Distribution is what the FBI did recently, so distribution was already viewed as minor enough for the FBI to do it.
The argument ran that by obtaining child porn you were paying for it, which created the market that drove distribution, which in turn created production. That can't work if it isn't purchased. So the ban on possession should be changed to a ban on *purchase* of kiddie porn. If you watched a murder on TV then you are not encouraging murder, if you paid for a snuff video you would be encouraging murder indirectly.
So if FBI views distribution of child porn (a secondary crime) as acceptable to catch people for possession (a tertiary) crime then it clearly casts a question over whether that tertiary crime should actually be a crime.
Don't go to the States
This appears to be yet another reason not to go to the States.
US border patrol clearly don't want people to visit the states.
Another pointless law...
...Anyone bringing anything they truly fear into the country on a laptop is going to have it encrypted. Thus the government can look at the laptop all they want, they ain't going to get anything off it.
Search, not copy.
Fair enough customs officers are entitled to search. But copying the contents of my HDD would be the equivalent of taking away my clothes (DNA filled) or making photocopies of my (paper) address book (friends or foes).
Are they allowed to do so?
I doubt the searches are occurring at random, I'm pretty sure the Arnold's case was a matter of opportunity, he was on "a" list and him getting in from the Philippines made it a perfect timing. As you said your inspection was "cursory".
I know the gov.uk have a got a propensity to leave loaded laptops unattended but personally I don't and believe no one should, PCs get lifted & looked at. But I'm glad the pervs are doing so, that way there is a chance they get caught.
Anon rodent says: "Terrorists win, again"—if you still believe this is all about terrorism.
While you focus primarily on personal privacy issues, what about business? You might be returning from a field-research trip, some conference, contract negotiations or whatever, your computer might be filled to the brim with critical business or even NDA-material, or maybe your latest novel or critical analysis of modern-day fashism that makes government X look bad. Now would you please hand that over, decrypted, for reasons of national security, to be copied, analyzed, stored?
Invasive searches like the ones described lead to people no longer carrying any data of any value whatsoever, thereby curbing travellers' work efficiency -> "Terrorists win". So if you bother to take along a computer at all, you will have all data on some secure remote sever, and you will rather not put the server data (and no encryption, no hidden partitions, no nothing) on the machine but in your head. If you believe in secure remote severs that is. Now if that machine got inspected, you would be suspicious as hell, and you know what happens to suspicious people who will not admit. They get special treatments, sometimes even a free vacation in an interesting place. Like Syria. So you might better fill your machine with some random "identity" bull in order to make it look "pure". Thereby, being denied privacy essentially promotes a culture of lies and deception. I am not even touching on the inherently connected issues of classism and racism that determine who is searched and who is not.
A laptop is exactly the same as a briefcase with respect to documents contained therein. If you wouldn't wish to go through border control with a briefcase full of child porn then why should you expect to do so with a laptop full of the same.
Just because a laptop is more convenient for storing documents and in greater quantity than a briefcase should not make it the equivalent of a diplomatic bag. In fact for these very reasons it should be more of a focus for investigation.
the premise doesn't look quite so far fetched anymore... data-smuggling using brain implants...
anyway, I'm off to find some smooth USB keydrives... no sharp edges...
Thanks for pointing out another indignity / loss of privacy we have to suffer when going to the land of the free and the home of the brave.
I think it is necessary, though, to stop the warrantless searching of devices at just booting the things up. Even a cursory glance for kiddie porn or similar should be off-limits for border guards.
One reason is the fact that governments already have ample powers and abilities to track traffic in what you could call illegal data online. Unlike other contraband, the government already has plenty of opportunity to nab you before you reach the border. The ability to disrupt the possibility of extensive international traffic in illegal data by physical devices alone (i.e. a sneaky sneakernet) is more than sufficiently taken care of by the hoarding of all other personal flight and border control data by the goverment.
Furthermore, how do you limit a 'cursory inspection'? 1 minute, 5 minutes, an hour? Can you be present while the inspection takes place? Can a borderguard boot your laptop off a special inspection CD, or download or otherwise install some search programme of their own (NSA rootkit anyone?) Can they ask for root access, and if they can, what if you don't have it yourself?
Basically, border guards shouldn't ever go there. Literally.
The Arnold Search
Although I am not a lawyer, I think the search on Michael Timothy Arnold was reasonable and justified because:
"They were also suspicious because Arnold could not remember the name of the company where he had once worked as a night auditor and appeared "fidgety." "
Probably a lot of material in other laptops has already got through because the carrier stayed calm. Although a knowledge of Body Language is useful, the theory sometimes breaks down in a real life stressful scenario.
stupid criminals only?
The question is, why would a bad person keep incriminating data on a laptop when online storage is easily available and accessible over a secure web connection?
When I worked for a US computer manufacturer we used to travel to team meets in the mid-west. Company laptops had only started being xrayed at this time and we noticed that managers making frequent flights had major disk issues. Thier brand new laptops suddenly started to fail at the same time as older issued laptops. This made us BOFH types think outside the box.
After running disk analysis software we determined (we wrote the software to do PM on disk clusters) that the xray machines were fragging the disks.
We had the first few laptops replaced under warranty but after the first ten or so the supplier would no longer provide machines under full warranty - "flight warrany" terms reduced warranty period from two years to six months.
Basically some of the antique luggage hardware at US airports will end up trashing your kit, as cheaper and dirtier sources mean cheaper detectors/displays.
P.s. we tried sending a couple of ROM/EEPROMS through the airports - they were trashed after six months of bi-weekly travel - so your lovely Nikon you take to on that trip to disneyworld is being slighlty trashed every time you go on holiday
IMHO You may as well take a hammer to any electronic equipment in your luggage - the cheap ass holiday destination airport kit will fry it for you anyway.
God bless America...
Killing the tourism and international travel businesses since Sept 2001.
Very well thought out article.
Slow (sorry), but well worth the read. Very well thought out. :)
old fashioned thinking
so a government needs to think you're suspicious before it can search your laptop. OK - what's more suspicious than refusing a request of "can I juist have a look at your laptop, sir?" They've got you both ways: damned if you do, damned if you don't.
So far as being searched on your way into a "secure" facility. Maybe unreasonable, but what IS reasonable is having all your data scanned on the way out. If you can't think of a reason why, I'd have to ask what you're doing reading an IT forum.
Now while I agree that software won't blow up a plane, and that a self-respecting ponographer will have any dubious material stored safely away in an online backup facility - or stored on micro SD cards that will simply not get found (even if you don't swallow them), or recognised for what they are. However, we have to realise that governments feel a paranoid, driven, imperative to make sure that no-one has any dodgy stuff on them. They've got us used to submitting to degrading enough investigations of our person and our property, it's not too far to expect them to go after our data. They'd want a brain-dump if they had the technology.
The old-fashioned thinking is that they'll find anything. As I said, any decent terrorist will have their data squirreled away where it won't be found - but this new act of security theatre will make the grannies feel a little easier about flying - until of course they're found in possession of some data they didn't know they had.
how to search a laptop
If you want to search a laptop in the same way you search a piece of luggage, or indeed the fuel ('gas') tank of your car: You get out a screwdriver and you disassemble it.... but you better fix it afterwards!
You are looking for physical objects - objects with can be used to cause harm on an airplane.
If you want to examine the digital contents of my computer (or my ipod, or my phone, or any of the CDs I have with me), then get an expert in the field and a court order.
(dead vulture, because our liberties are being killed off)
From the article:
"And some searches, seizures, and copying of computers are just flat out unreasonable. For example, reading attorney-client or priest-penitent privileged and personal files."
So, I'm a minister and my laptop contains e-mails and other private communications from my congregation, Our Lady of the Encrypted File System.
Why we have border controls
The justification of a border search is twofold - the first is prevent you transporting prohibited goods accross international borders (hence the right to search your suitcase) and the second is to filter out undesirable people and stop them entering the country (hence the need for a passport).
By this reasoning, the border control guards should be entitled to search a laptop for child porn just as they would be entitled to search a suitcase for photographs twenty years ago. Likewise, they should be able to confiscate illegal music just as they would if you had a bunch of pirated CDs in your luggage.
The thing is, whilst carrying a laptop or mobile phone with memory card is pretty much unavoidable for some people, there is no need to store anything suspicious on these devices. If you are crossing the US national border you are just as foolish to take illegally downloaded music on your phone as if you tried to bring cannabis into the United Arab Emirates. If you have a file on your computer called 'how to blow up airplanes' then you should expect to be in as much trouble as if you were carrying a hard copy of the same in your jacket pocket.
We are going through a social readjustment stage at the moment. Just as record companies must accept that digital music is profoundly different to physical copies of music, so citizens have to learn that a computer full of data in your luggage at an airport is not the same as a safety deposit box in your study at home. It is not the nature of the information that matters - it is the fact that your home is your personal space, but that an airport is the government's personal space. The rule is simple; if you don't want the border guards to see it, don't take it with you.
I think the real reason behind this understandable (if not justifiable) resentment of laptop searches is the growing lack of trust we US and UK citizens have in our governments (both independently and as a joing force). If our governments were honestly concerned only with child porn, large quantities of pirated music and genuine terrorist suspects then this wouldn't be an issue. However, it seems that we are currently in the middle of a Mccarthy type witch-hunt against anyone who could be considered antisocial. It feels like everyone is under suspicion and that the autorities consider us all to be worthy of continual surveilence. At the moment the phrase 'if you have nothing to hide, you have nothing to fear' just doesn't ring true - many of us in America and Britain are growing increasingly afraid of our own governments! However, we knew this at our last elections yet voted the incumbant parties back in. A country gets the government it desreves (either that, or democracy is massively over-rated).
"Land of the free" My arse!
I have not set foot in that Police State in over 10 years, and will be quite happy to never visit again.
but you better fix it afterwards!
Erm, I've been told that Customs & Excise are under no obligation to hand back working or intact property after a search. One of the scarey aspects of them is they can literally rip your suitcase apart looking for contraband, and you have no recourse for compensation. Likewise, I would expect they would feel quite justified in handing you a bag of parts - that used to be youyr laptop ...... or car!
Court order? we don't need no steenkin' court order!
If you don't want to show your digital data when requested in a border search, simple, don't travel or don't take bring it with you. Seems obvious.
If they think you have something to hide, if you are being a smart ass, if they find you uncooperative, refuse to unencrypt your data or whatever they'll find plenty of ways of making you f*ing miserable.
BTW, this true for crossing borders pretty much world wide, so don't be naive.
Madison stood somewhat at odds with most of the framers of the US constitution in believing that the government should by necessity control the governed. This is a flawed premise to start from, as it assumes that the government allows the governed to remain at its behest, when the opposite is and should be the case. The majority of the US founding fathers were of the opinion that the government should be subservient to the people, who would exert the necessary control over that government, removing the need for the government to control itself. This attitude works as long as your government is composed of people who believe that the government should serve the governed rather than control them.
The last century has seen a progressive move toward the Madison way of seeing things, placing the governed in a subservient position to the government. The end result is that people go into government believing they have the right to do whatever they want, and the consequence is Dubya (whom I once supported unconditionally), Clinton, Nixon, Blair, Brown, the EU... Stalin hitler pol pot mao the japanese empire and god knows what else.
Start from the correct premise, that the government stands and falls only by the will of the governed, STICK to that premise, and you will have a truly representative and just government. The mistake came in listening to people like Madison rather than reading the words of the US declaration of independence:
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed"
A government should make no assumption of an implicit right to control the governed. The reason we're facing all these intrusions into our private life is precisely because people listened to people like Madison and his assumption that the government should have that control.
Quite what do they expect to find?
Well if i was a terrorist intent on smuggeling some sort of digital contraband (a strange idea in itself as .jpegs dont explode) I wouldnt bother taking it on a laptop, or a mobile phone, or an ipod or any other device.
Since the value of the US currency has plummeted it would be easier and cheaper to just buy a laptop once i got to america.
Then go and have a coffee in starbucks and scp all my illegal filez from my terrorist file server at home courtesy of the free wi-fi (or grab it from the attachments in gmail that i sent myself if you dont have handy access to a terrorist file server).
Then once i have planted my exploding jpegs i can easily wipe the drive of evil, take it back to the UK, lie and say it wasnt bought in the US to avoid tax (if you planting exploding pictures whats tax evasion added to the list) and ebay it once i get home.
And all the while customs are trying to pwnz your every file I bet they arent looking out for jamjars full of mould.
Could you imagine the effect a terrorist sucessfully introducing ug99 wheat stem rust to the US could have?
There are bigger threats to worry about that a laptop full of pirate mp3's and porn.
Anonymous cause I dont want the blame when ug99 makes its way to the US through natural dispersal :)
Maybe I'm being naive, but AFAIK copyright law applies, even at border controls.
So they can look at your data, but they cannot make copies of it.
Inlicensed iPod Songs @ Border --> Jail?
The author is confusing criminal and civil crimes. The US government doesn't prosecute copyright violations, people are sued by the rights holders.
Child pornography, on the other hand, is a criminal offense, for which the government does prosecute.
Dismiss this article as unfounded babbling. Besides the retelling of a story at the beginning, much of the article's inaccuracy has already been exposed in these comments.
So, does your laptop constitute a diplomatic bag? If you carry a little black book of phone numbers though border security, they can look though that. So why not your contacts on your email program? What's the difference? The amount of data you can carry? Or that the data can be quickly, and perfectly (sort of) copied? Maybe thats the rub.
Ultimately, its only diplomats, who have the right to bring things into country without It being searched.
Maybe this is wrong. Maybe they should require a search warrant. But then it would rather defeat the purpose of Border security...
4GB Mini-SD card
Easy enough to hide, how much 'confidential' data could you store on that ?
Just to add some frivolity
The famous movie where Marilyn's dress is blown is "The seven year itch"
Very nice article
nicely written piece.
I agree with the tone of the article too. Americans want security in all things, and from all perspectives. We don't want anyone bombing us, and we don't government sticking their fingers into our things.
This is invariably a very difficult thing to do.
Nothing to hide
“… they could compel you to provide them with the encryption key.”
It's not the encryption key which they need ‒ it's the decryption key and the passphrase, and that I would flat out refuse to tell them. Anything which they want decrypted they'd have to get me to decrypt.
If the computer's been out of my sight while in their possession for more than a second or two, that opens up the possibility of copying of private keys or installation of, shall we say, unwanted software; I would therefore consider, as a minimum, any keys present on it to be compromised. The same goes if they've booted it up from any media which they provide.
missing the point
Some of you folks are missing the fact the courts said no. The courts said you need a court order.
Where to start?
The article baldly states that we all have passwords on our laptops. Not this geezer, unless you count the encrypted ones in my shadow password file, or maybe the one in .ssh that lets me pick up some of my email, _after_ I supply another password to the server.
Several comments to the effect "can they do that?". Yes, they can. At the very least, they can do pretty much anything if you consent, and despite the bravado of the aptly named "Anonymous Coward" who claims that he would "flat out refuse to tell them", I submit that nearly all of us would consent if the alternative were to be rotting in gitmo while our families wonder where we are. Or being waterboarded (Hey, even McCain has agreed it's not torture anymore). Or maybe a good old fashioned cage full of rats strapped to your face by MiniTrue.
Yes, there are technological "solutions", but all of them have the unfortunate side-effect of making the thugs even more determined to do you harm, if (when) they find out. The only actual solution is to vote the scoundrels out, if you happen to live in a country where they actually still have reasonably legitimate elections. Let me know if you find one, as I might like to move there. Too bad I only speak English.
@ kain preacher
Hmmm, now why is the whole thing an issue then? One must oh just wonder... *snickers*
Hide your data?
I think we're all reading into this a little too much here guys. I seem to remember reading an article about US customs not allowing a gentleman to travel with his Macbook Air because they couldnt believe it was a laptop... and you think encryption would stop them...? you could just hide the files and they'd probably be none the wiser, Hell you could probably moce any file youd like to hide into a system directory... Sod it just change the file type so it wont open... come on be imaginitive, its not like they're genius'.
Roughly 3,9GB of "confidential" data.
Oh and don't forget....
The US border is not just at the line on the map that divides this country from the civilized world. From previous Supreme Court rulings, the "border zone" extends up to 100 miles from the border itself.
As I understand it, people are not worried about the poor sods who have to go through your mom's dirty laundry upon return for idle packets of marching powder finding whatever is hidden on your disc straight away. It is the copying of all content once they do not like your nose, or the simple confiscation of hardware that is ... ah... bothersome. Because you do not know what will happen to it, and because it is stored forever ever after, with your name on it, auto-scanned and looked at by people knowing that there's only 10 kinds of people and stuff, you know...
Different worldwide laws
Some content legally available in the US is banned in the UK (e.g. sexually violent videos) and you could end up in jail. There is no law protecting freedom of an individual to publish in the UK (no First Amendment) - e.g. if you have visited sites with information on bomb making and the data is cached, you could face time in jail. Kiddie porn is one area these seems to be universal agreement (and for good reason - it leads to more horrendous acts as demand for more material are generated).
Contrary to the article, for content corresponding to traditional published media (e.g. photos, books) you should regard your PC / Hard disk / flash card as a briefcase. Expect it to be searched by an incompetent boarder guard. I'm sure if you renamed a jpeg file with the suffix .txt they would not view it. They would not know encryption if it was explicit (e.g. "Encrypted Volume"). Only if they had a warrant and the PC was seized and passed on to Forensic IT specialists would encryption be futile (e.g. if the NSA can decrypt foreign "military grade" encryption, most of the public products will be able to be broken in a matter of days/weeks).
In the UK, you are not required to provide the encryption key, just to provide unencrypted the data. Software like TrueCrypt allows you to encrypt a file with another container - if this works no one will know if you've decrypted everything on your PC.
Lots of comments about not wanting to visit the US any more. "The land of the free" produced a constitution with important amendments to protect its citizens from tyrannical rule (as they experienced under British rule) - freedom of speech/the press/petition (1st amendment), the ability to form armed militias (2nd amendment), protection against searches without probable cause (4th amendment). It seems these safeguards are being negated and a home grown tyrannical Federal government is gradually taking power away from the free States. What a shame, it will only get worse when citizens of that once great country elect a right wing Republican in just under a year. What has amazed me is the presidential right to veto legislation (I'm no historian) which the democratically elected houses (sometimes both) have voted for; it seems worse than the UK anomaly with the Lords.
What kind of idiot ...
... would think to themselves: "I need to move a couple of gig of data across into the US. I think I'll stick it on my laptop and carry it through customs."
> Are they going to log on as? If I create a new user (no admin rights) and log on as that then its not going to give them much at all is it?
No logon is required at all to examine any disk physically.
Entertaining article - and it would have been a good one too if you'd managed to stay away from the hysteria.
"They could copy the entire contents of your computer" "They could ....... create a database of your friends and associates"
Well, no, no-one's claiming they could do that (except, of course, you). The border agencies can look - just as they can look in your diary or address book if you're carrying such ancient things. They have no mandate to copy your diary or address book but, if they find incriminating evidence in your diary or address book, they can confiscate those things and use them as evidence in criminal proceedings against you.
Must do better. Excise hyperbole and rewrite.
I guess I had better start.
Collecting all the viri and malware and really bad idea links into one encrypted file.
The password will be YoullBeSorry!.
Just in case I ever need to go somewhere.
It's totally your choice.
At many Canadian airports, you will see signs that say something similar to: "Passengers are free to decline security inspections by choosing not to fly".
In other words, you cross the border knowing full well what you are doing, with the expectation of being inspected.
If you believe anything different, and take risks at the border, you will get what you deserve.
When crossing international borders, there is NO difference between the contents of your laptop and the contents of your luggage. The same search and seizure rules should apply. If security is not allowed to compile a database from a paper list of friends, then they are not allowed to do so from your laptop ... but if they are, it's your fault if they do. If you disagree, I bet you also foolishly don't believe in copyrights or intellectual property as an excuse to protect your other crimes.
The author of the article can't even define a clear line of what he thinks is reasonable, stating a laptop should only be inspected for drugs and explosives, that the data is not security's business, then on the last page the author states that it's totally reasonable for some random searches of laptops without suspicion.
He must really mean: Go ahead search everyone elses, but it's wrong to search mine.
The real problem regarding Americans and Security is how fast you let George Bush destroy your constitution in the name of 911. You ignored your constitutional responsibility to overthrow Bush for taking away your rights. Having done so, you have nothing to complain about when crossing the border.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip
- Leaked pics show EMBIGGENED iPhone 6 screen
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs