This WAS a UK website last time I checked.
A 38-year-old Canadian citizen has been arrested for refusing to hand over his smartphone's password to border agents. Alain Philippon, of Sainte-Anne-des-Plaines in Quebec, arrived at Halifax international airport in Canada from the Dominican Republic on Wednesday – and was selected by the Canada Border Services Agency for …
"...clear the way for a UK focused tech site?"
I'm American, but I thought the British took pride in.... https://twitter.com/DailyMailTech
BTW, Indian Jones might die...?
Where ya getting ya conversion rates, anyŵay…?! CDN$25,000 is (very roughly) $20,000 US.
At the minute to convert from $s (US) to £s, simply divide the amount by 3 and multiply by 2. There are, very roughly CDN$2 to the £.
Exact rates (to 3 sig figs):
£ to $ = $1.52
$ to £ = £0.66
£ to CDN$ = CDN$1.90
CDN$ to £ = £0.53
Now quit yer bellyaching.
SJ: Doing the hard work, so others can STFU and quit their whinin'! Shut yer pieholes!
Kieran, it stands to reason the Reg would have a larger North American readership - what's the population of North America compared to Blighty…?!
Yes, I'm grumpy coz it's early, and there's no fucking WAY I'm drinking Nescafé! Nestlé is the most evil company on Earth (did you hear that its president - whose name I can't remember - believes that water should be a chargeable commodity, and not a basic human right…? Cunt! He'll be saying that nobody is allowed to breathe, unless they're breathing Nestlaire, next! I wanted to have a rant on the coffee pod thread, coz someone admitted to owning a Nespresso machine. Luckily for him, News360 went screwy).
I don't like Nestlè very much.
@ Sarah Balfour Buy yourself some of these (available in Tesco) and calm down woman! PS. Instant coffee is vile and should only be used for people you don't like!
17 - To unlock your device, enter your passcode on the lock screen.
18 - To appear to unlock your device, enter the secondary passcode (3968 or "F YOU") on the lock screen. The device will minimally unlock, allow access to a limited list of harmless data-free apps and only genuine-looking sample data. This will satisfy any legal requirement for unlocking your device while not actually unlocking your private data.
Over to you Google and Apple.
Only trouble is some of the plods aren't stupid. They'll just turn around and go, "OK, now give us the other password. You know, the one that reveals where the REAL contraband is located." Which poses a problem if you're honestly NOT using a hidden volume.
Presumably they're looking for child porn (they seem to be preoccupied by that subject matter). So, i.a.w. The Art of War, we have yet another false passcode that opens up a stock collection of Granny porn (elderly ladies without clothing). Perfectly legal in most Western jurisdictions, and such an image collection would immediately terminate the border inspection proceedings and you'd be on your way. Hopefully it would also cause some gentle mental trauma to the border inspector to curb their future curiosity.
One good reason. Unlimited panic PINs means unlimited chances for the border patrol to use the rubber hose.
"What's the REAL password?"
"Now what's the REAL real password?"
"Now what's the REAL real real password?"
Remember, you're not technically IN the country until you pass the border patrol. And they don't run on a time limit.
"So, i.a.w. The Art of War, we have yet another false passcode that opens up a stock collection of Granny porn (elderly ladies without clothing)."
While legal, border agents may see it as a deliberate attempt to hide something illegal. And since they're not working with a time limit, they can just slam the lid, confiscate it for further review, and send you to the silent room while they call for the old veteran to take a crack at it (since the veteran is likely an old man himself so wouldn't be so repulsed by granny porn). Well, either him or an astigmatic or far-sighted man (meaning he's wearing glasses to read things up close and can take them off when needed to make everything look like a blur).
Burden of Proof is on them, not you.
And Innocent until proven guilty isn't the proper saying contrary to popular belief.
The correct grammar version is: Innocent unless proven guilty.
The former implies that you were guilty the whole time and it's only a matter of time until they convict you; maybe this is the reason why we have so many idiots that let the government do this in the first place. If we had an intelligent public, we'd wouldn't be in this mess at all.
"Nowadays if at first you cannot be found guilty, they'll just keep trying."
I'm still facepalming at the gullible stupid public for voting that PM in; easily the worst PM since Thatcher. (whom we hated for different reasons)
Now it seems that whoever we get is hell-bent on destroying whatever privacy we have left, and the worst of it is that joe public doesn't seem to care or even want to care; we're circling the drain, I'm just wondering when they'll wake up and kick the government out, hook or by crook.
Actually, because you're not technically IN the country yet, IIRC, international law applies, and that has no presumption one way or the other. The Border Patrol can simply deny you entry, so the ultimate burden of proof is on YOU because they're not REQUIRED to let you in.
> Actually, because you're not technically IN the country yet
I should point out that almost always, customs inspection points are in the country concerned¹ so you are already subject to their laws. I found out the hard way.
¹ There are some exceptions such as EU customs checkpoints in Morocco, but extra-territoriality does not apply to airports, contrary to common misconception.
"I should point out that almost always, customs inspection points are in the country concerned¹ so you are already subject to their laws. I found out the hard way."
Although they ARE, strictly speaking, IN the countries in question, as far as inbound people are concerned, you are in a legally-designated Port of Entry. These are subject to special rules which means you are NOT allowed certain protections under the law YET (that's covered by International Law regarding travel).
Although not terribly convenient, just perform a device reset before entering country then after you've passed through customs and out the other side just enter your cloud account details and re-sync. Upside is they get a blank device, downside is you need to spend ages in McDonalds or Starbucks.
"That's why things like TrueCrypt with hidden volumes were invented."
The point is you shouldn't need to hide it. Why should they be able to just look through whoever's personal files they feel like, without any reason. Of course it is keeping us safe from terrorphiles so it's ok.
Also what do they hope to achieve by doing so, and having a cursory browse of someone files. That the person will be travelling with an entry in their contacts for 'Terrorist Bob- Sleeper Cell Leader'. Or a file on their desktop called 'Secret Hijacking Plans'. Border security is ridiculous - airport security in particular.
Given that some twunt posted on Facebook he was about to make an armed raid on Tesco, someone may be that stupid.
To our cousins across the Pond, NO, I do not know your friend who works in 'a mall somewhere near London' - which was a genuine enquiry from a nice old dear when I was parking up somewhere west of Boston.
She was genuinely shocked when I pointed out that London (the important one) is actually quite large and a lot of people live there..
Btw I love the states....
It's all theatre designed to keep you in your place. There are a number of inherently stupid features of airport security. The absolutely rammed spaced just before security in particular. I would go further in my critique but it would probably be accidental mis-interpreted as something more sinister and my typing privileges would be revoked for some time.
Unlike files in a safe, the contents of an encrypted drive are entirely visible, just not understandable. A seized hard drive can have its contents examined right down the 1’s and 0’s of each bit, regardless of encryption.
Thus, turning over the password does not hand them new information, like papers out of safe. Instead, it interprets the data they already have, but do not understand.
It is precisely testifying against one’s self. It is the act of taking data the prosecution already has but does not understand and interpreting it for them so that they may use it against you.
A better analogy would be a diary written in code. The government, which already HAS the diary, can see its contents clearly, but without your cooperation, cannot understand it.
They are free to try and crack the diary code on their own [as they are free to try and brute-force your encryption] but to compel you to interpret it for them - to supply the meaning - is precisely the act of testifying against yourself.
In the US, the Courts have long held that you can't be compelled to recite the combination of a combination lock as that would violate your 4th Amendment rights, and the Courts have extended that to encryption passwords.
"In the US, the Courts have long held that you can't be compelled to recite the combination of a combination lock as that would violate your 4th Amendment rights, and the Courts have extended that to encryption passwords."
I thought the amendment in question was the 5th. The 4th allows them to seize the safe or drive or whatever, but being compelled to state the means to unlock or decrypt the data can result in an "I plea the 5th."
PS. I looked up In re Boucher and learned the point became moot because he'd already been caught with his hand in the cookie jar, so to speak. He couldn't plea the fifth because he'd already incriminated himself prior to being compelled further.
The trick at "border checks" is that you really don't have all the rights of being in the USA, yet.
They may or may not imprison you, but declining their questions can result in your deportation. This can happen even if you present a USA Passport.
Getting fresh at the border is a LOT trickier than getting fresh with police within the USA...
As it happens, it might be my netbook which runs Gentoo Linux (cannot run Windows), and is mainly used as a means of downloading photos off SD cards onto the internal hard disk. It features no GUI as I only need to use command line tools like cp/mv, or access an email client (mutt) over ssh.
So I boot the machine up, and turn the machine over. They are confronted by this:
This is zhouman.unknown_domain (Linux mips64 3.17.2-zhouman) 05:32:57
zhouman login: stuartl
stuartl@zhouman $ _
Okay mister border guard, what now?
Presumably you'll have to figure out how to prove that at the time you've been arrested for refusing to cooperate with the border guards and have been held for the maximum extent they could afford to keep lock you up for it you didn't actually have a GUI you could launch and thus no non-cooperation actually took place - if successful, you'll be warned against travelling with a laptop without a GUI ever again without any admission of any wrongdoing on the agent's part; if not successful, you'll also be charged with destruction of evidence seeing as how you obviously had a perfectly good GUI all along, you just got rid of it somehow along with the damning evidence - some fiendish self-destruct script, surely...
>Okay mister border guard, what now?
I've been stopped at security like that.
"Turn on your laptop"
Boots to a command prompt.
"No - turn it on."
It is on ?
"TURN ON THE COMPUTER"
Eventually worked out what they wanted, "startx" and wiggle the cursor
The world was once safe from terrorism and VMS.
For extra bonus points it should start a command prompt in klingon
If weasel, bison and bear are of interest, are moose and wolverine as well? Can we just send the live animals? You skin them. Send us back a movie of you trying to skin a live moose or wolverine.
How about different root (wheel, other) logins? Different logins set different locales. Login with a Klingon locale?
Here in NZ they want a blanket right to demand passwords even without reasonable cause:
But it's okay, they promise not to disclose any lawful content and we all know government agencies never abuse their powers.
Really, you don't already have a "guest" account with a blank password and no permissions or software for other people to use? Bad for security but so is physical access! Even Win7 keeps other users out of casually looking at the other accounts' files, even with administrator access.
The shitstorm has already commenced. The "If you've got nothing to hide you've got nothing to fear" crowd against the "Privacy is a basic human right" crowd.
But since NZ is a member of the 5 peepers, I'm sure whatever the US Govt decides is reasonable for us, we'll rush to implement.
A) Don't take your phone abroad. Life can and does go on without one. Specially when going on vacation.
B) Use dumb 1990's style cell phone that makes phone calls period when you travel by plane a.Flip phone will do nicely.
C) Get a local throw away , use it , send your data home , ditch phone when done and recup data once you're home.
For the rest there's pen ,paper envelopes and mail . They are more secure than your telephone.
Has no-one ever though of creating some sort of RAID like system with an intentionally removable member that causes it to break the partition until both parts are joined again?
By which I mean say a USB pen, that goes into a certain USB port and won't function correctly without it? Or if in the incorrect port will allow access but will cause items in a partition to no longer function correctly or just not decrypt the information?
Just a thought.
And yes I'll get my coat (the one in bright orange)
I'd be more interested in not leaving any potentially suspicious setup on my device. If I wanted privacy I'd keep my stuff elsewhere and accessible via VPN on the net. Access or download after I get across the boarder if needed.
That said, I really don't think means and methods are relevant to this story. This is about an important principle.
"I'd be more interested in not leaving any potentially suspicious setup on my device. If I wanted privacy I'd keep my stuff elsewhere and accessible via VPN on the net. Access or download after I get across the boarder if needed."
And if where you're going has a tight data cap?
It's already halfway there in Android - on my Galaxy Note I can move part of an application to a micro-SD card. Remove the card and the app won't start, reporting as not being installed.
Unfortunately they then let the side down in that the app can be reinstalled onto the device and it picks up the existing data - so you need to hide your porn stash using an app that can keep the data on the SD card also.
So you tell us about a Canadian, being stopped on entry to Canada, by Canadian Border Agency personnel. Why then is the bulk of the article about USA law?
Absolutely agree, especially when you consider that Canadian Law has far more in common with UK law than USA law. It would have made more sense to compare it with what happens in the UK or other commonwealth jurisdictions rather than with the USA.
Well we all know that the good old USA (or at least some of the people therein) think that Canada is a wholly owned subsidiary of the USA. Look we have this long "unguarded" border, we both use $$ as currency (which sometimes trades at parity), and we speak (almost) the same language.
The problem is that somehow the American Constitution doesn't seem to work in the "great white (hockey) north". Canada can enact lots of "tell me or jail" laws and they have to live with it. Then again, we have a big cheese who doesn't like it either, but that is a discussion for another (more political) web site.
As for the UK, it is a wonderful country Queen and all. After all they gave us Top Gear!
Long live countries that speak (some form of) English.
All of this reminds me of:
"If any member of your IMF gets caught or killed the secretary will disavow any knowledge of your actions" and "This recording will self destruct in 10 seconds". Now where is that thermite mixture?
Canada is effectively a wholly owned subsidiary of the USA.
The USA is by far Canada's #1 customer when it comes to exports (about 70%) and those exports are largely natural resources shipped raw or with little upgrading by American owned companies to American owned companies. Energy is Canada's largest export and the largest player in the Canadian energy system is the USA and companies owned by American or answering to American investors. Even the "Canadian" oil sands is not Canadian with American's owning more than 60%, even "Canadian" companies like Suncor are not Canadian owned and answer to American investors.
Acquire fake Hotmail and Gmail accounts, then wipe phone and set up with fake accounts, before crossing Canadian border. Say yes to the nice Border Agents and hope you're long gone by the time they realise the subject line of every email reads "These are not the droids you are looking for".
Surely anyone with anything serious to hide is going g to use the "one for them to find, o e to keep" rule and have all of their sensitive data on a micro sd card somewhere hidden in their luggage?
Or you know in "the cloud" so it doesn't matter what happens to that laptop.
Seems like this might be another rule that only catches fools or innocent people with privacy concerns.
I know there's nothing illegal on my phone, but I certinally don't want anyone looking at the embarasing pictures I took to send the wife for a laugh. #ToiletSelfie
If you suitcase is locked they will ask politely (demand) that you open it - What is the difference?
Don't carry anything through a border that you don't want to be subject to search - saying "electronic" is different is muddying the waters.
The more interesting case comes where if you are carrying a device that has encrypted material for which you do not hold the key (for example it's a corporate laptop used by multiple people one of which has received an encrypted file).
"Don't carry anything through a border that you don't want to be subject to search - saying "electronic" is different is muddying the waters."
Electronic is different. For starters, you can leave all your content at home, and still get it when you arrive at your destination. Try doing that with the pair of smart shoes you forgot to take*. Anyone transporting data, that they wouldn't want a border agent to see, has a serious case of thinking impairment**.
* Had a colleague turn up to a sales presentation in a smart suit and a pair of Nikes :-).
** The politically correct term for the very common condition known as Hard Of Thinking.
"You cannot leave any data "at home" if you can access it while traveling. It isn't just phone passwords you must supply, border guards believe you must supply any and all passwords if requested."
You can leave any data you want at home (or in the cloud). They're aren't psychic. What do you think they're going to ask for? "Oh, can you just give us the password to the account that isn't on this phone?"
To ask you for a password for something, I'm pretty sure they need to know that something exists in the first place.
@anon No they do not need to know it exists to ask for it. That is a large part of the problem. They, in this case border personnel, claim unlimited fishing rights and governments, in this case American governments are not saying or making clear that there are limits.
Should you find yourself in a sound proof holding cell and you decide to only give them passwords as they come up against them you could well find yourself charged with “hindering or preventing border officers from performing their role,” Even more so if they keep all your electronics and later find that hidden drive or file.
Sure you can win in court but even if you do, you still lose. That's a key part of the story, what are the limits? In practice there are few if any limits other than the mercy of the agents.
"@anon No they do not need to know it exists to ask for it. That is a large part of the problem. They, in this case border personnel, claim unlimited fishing rights and governments, in this case American governments are not saying or making clear that there are limits."
"sir, we'd like to take a look your phone."
"We see you have two accounts on here."
"Of course. Oh, and because I'm such an utter fucking idiot, would you like me to divulge the account names and passwords of all my other accounts that aren't on the phone? You know, the ones you didn't know anything about, before I just told you? "
Much more likely is the little metal window opening to your holding cell and a border agent quietly telling you.
"You failed to mention the hidden encrypted drive and the password you did supply was not for the email account we wanted. You will be charged, we will be keeping your electronics, and no you will not be entering today."
But your rose coloured world is, I agree, much nicer to live in.
Whatever the outcome, or the principle, at the end of the day the border agents will always have the last word. They can ask you nicely, or threaten you, but if those don't work they can just stamp your passport "entry denied" and send you home. If it's really a problem for you, don't go in the first place.
Of course, if you come from that country in the first place, as in this article, things get more complex but, hey, you can always leave if you don't like it there.
Electronic IS totally different. It's not a physical thing they are looking for that you might have in your briefcase, be it a weapon or drugs or whatever - it's all about data. I'd bet you be none to pleased if some jobsbody got your private diary out of your briefcase, brewed up a pot of coffee, pulled up a chair and started reading through your life for the next 12 hours. That sort of intrusion is the exact sort of thing you would expect would require a warrant.
I admit my total ignorance in the law on this (where such a thing may exist), but I'd hoped we were at least living in a world where most people would consider this sort of action as just fundamentally wrong!
Why is this even an issue? Let them have at your phone. This is the digital age after all. If you have stuff you want to keep away from prying eyes, whether it salacious or intellectual property, keep it on-line at home and access it remotely using https when you get wherever you are going. If the problem is that you can't help adding salacious material to your phone or laptop for the length of a flight or train journey you have more problems than facing a border agent.
Canada has and is in the process of "integrating" their border services with the USA.
This means the "Canadian" border services agent may not even be Canadian or administering Canadian made policies. Part of the agreement not only has USA law being enforced in Canada in many different ways, as well as having American enforcement agents and policies acting in Canada against Canadians it also includes giving American agents open access to Canadian databases, such as CPIC (police) and other government databases.
American agencies are carefully tracking the international travel of all Canadians and have made that very clear to some Canadians who regularly leave Canada. With the new found data they are promising tighter controls of Canadian travelers and are changing visa requirements for Canadians visiting the USA.
Which means the request for the search may not be Canadian in origin, and Canadians will not be able to find out either way. If Canadians asked they would be told it was random. As Snowden revealed there is effectively no Canadian border when it comes to American interests and actions, and the Canadian government has not hidden the "integration" of Canadian Border Services.
And if you think these are only the concerns of a ex-British Colony too afraid to be independent, look at what the USA has said about enforcing it's laws in your country.
When it comes to requests for passwords the border agents do not think their power stops at accessing your phone, as many seem to think. If they want and have the time they can search all your personal files and information, both in the phone or laptop you are traveling with and any information or accounts you have online, in the cloud or even at work. Of course they do not need you to be present for that.
That is what makes such cases important. Border services, which for Canada includes a foreign power, believe they have almost unlimited ability to snoop and ask questions of any traveler, even demand they testify against themselves and others and anyone challenging that will find their travel plans and itinerary open to adjustments from border agents.
If this case gets appealed to the top court the rulings, how and if they will be applied, will speak to the very idea of rights in a democracy.
There have been rumours for years about border agents taking electronic equipment from business men entering the US and later competitors have a mysterious edge.
It's just a pity that from the media laws like this seem to be used as a crutch by lazy and incompetent fishermen and a power like this is ripe for abuse. If someone is guilty of a crime that would warrant examining their hardware like this you'd hope the police would be able to piece something together without it or have the expertise to get through without it. There is a difference between secret and private.
"Next they'll ask for your PIN number and check your bank balance."
They will. One of the first things that they are interested in is if you have sufficient funds for an airline ticket to pay for your own trip home after being refused entry.
I recall from my two hour interrogation at Boston Logan in the 1990s. (because when I was filling in the old green visa waiver form on the flight I spilt a drink on my passport and they don't like wet passports)
What could possibly be on a smart-phone that a border agent needs to see? What's the scenario for which the only protection is searching a person's phone?
This is a serious question; I'm drawing a complete blank as to why a border agent would ever, under any circumstances, need to look at my phone's contents.
It would be best to have a border agent respond but I have heard some of the reasons and there are many.
For example, a person is returning from a country where drug use is common or legal. The border personnel want to know if they had any association with people in that industry so will ask to look at the phone to check calls made, txt msgs, emails, and social media accounts.
Similar checks are made to ensure no contact with known criminals or terrorists or people on watch lists. If they find such information further interrogation will follow.
If the person is visiting the country they may want to know if they have the correct visa, say a work visa. If the search of their data finds copies of resumes or reference to work they can charge them or send them back home.
And of course it can be a "completely" random search, though after Snowden we now know those are not as random as claimed.
The problem is the apparently unlimited power being claimed and used. Where is the limit?
I don't think the government should be able to casually satisfy their curiosity about my acquaintances just because I took a trip and came home. If I am a known or suspected threat, drug dealer, or whatever, then they can detain me and get a warrant to search the phone. Besides, they can get the same information by subpoenaing my phone records (or in my case as an American the NSA already has them) and they don't need your phone to do that, only your phone number.
A visitor to a country is different than a citizen returning (which was the case here) so different rules may apply, though I personally don't think their phones should be subject to warrantless searches either for pretty much the same reasons.
If you swapped in a local SIM, a common budget tactic, the US phone company will be clueless and the foreign one unreachable. Thus the only remaining possibility is the phone itself. Or if you just use WiFi-based tech while you're there, again the phone company's clueless.
As for the breadth of power, remember they're in fear of "The One That Got Away" that then goes on to commit 9/11 Part Two.
On finally catching up with the UK in terms of legislation surrounding phones.
We've always needed a warrant to examine data on a phone / laptop / camera unless:
A- Consent is given
B- I've applied for the data via Cycomms which is a rigorous and closely audited system which will provide me with all your data, texts, call logs, etc without even having to have your phone
C- You've left it unlocked and turned your back on me
I always assumed it was because they were trying to make sure there were no bombs or drugs in the electronic device, neverminding that someone could rig a laptop to show a boot screen and even a generic Windows desktop with little trouble (as always, security is there to catch the stupid ones).
But aside from the hidden truecrypt partitions etc, how about a login or PIN that while showing inocuous data also automatically/silently activates audio/video recording until owner-stopped or device powered off? It'd make me actually eager to turn it on and provide a login for the nice officer folk.
When going in/out of the country, you can be rather intensively searched (down to the seams of your clothes) and psychologically probed.
They will however a) be respectful and keep it civil all the time, and b) not go through any personal documents of yours (such as letters, notes, diaries, or nowadays phone/computer data).
Surely if it's good enough for them...
They will take your phone apart and it will never work again though. :-)
What's increasingly needed are encryption systems that include plausible deniability. TrueCrypt has/had this - you could set up a system with two passwords, one would unlock your actual data, the other would unlock an entirely different set of data that, presumably, would be innocuous or otherwise conceal your real data, while satisfying those forcing a password out of you that they had succeeded.
Without a valid EU warrant or the written permission of everybody identifiable in the data on my PC, I cannot show the data to a third party outside the EU, so showing DHS officials the contents of my laptop when I arrive at the US border opens me up to prosecution, not showing them my device opens me up to prosecution...
They can act within a 100-mile zone from any edge of the US, which encompasses just about every major city in America
It's true this is a major problem, and a gross offense against civil rights and personal liberty. But "just about every major city in America" (even if we allow "America" as shorthand for "the USA") is a wild exaggeration.
It's utter nonsense to claim that Atlanta isn't a "major city". Ditto Denver, Las Vegas, Phoenix, and Indianapolis. I think it's unreasonable to claim Cincinnati, Omaha, Oklahoma City, Louisville, Nashville, Memphis, Dallas / Ft Worth, Minneapolis / St Paul, Charlotte, Birmingham, and Albuquerque aren't "major cities". Cincinnati has roughly the same population as Newcastle or Nottingham, and in area is as large as the two combined, and it's the smallest in that list.
There are also smaller cities not within the zone-of-offense that are important because they're state capitals or primary cities: Salt Lake City, Little Rock, Boisie, Jackson, Topeka, etc.
Raising consciousness on issues like this isn't helped by telling a third of the US population that their homes aren't important.
Biting the hand that feeds IT © 1998–2019