
New DHS policy on demands for passwords to travelers’ electronic devices - tehwebguy
https://papersplease.org/wp/2018/01/05/new-dhs-policy-on-demands-for-passwords-to-travelers-electronic-devices/
======
benevol
_" In other words, CBP is now claiming the authority to confiscate your
cellphones, laptops, memory cards, and any other electronic devices if you
won’t tell CBP your passwords, and to retain the passwords you give them as
well as the contents of those devices.

Yes, this applies to U.S. citizens and permanent residents as well as
visitors."_

That is just insane and unacceptable.

~~~
_jal
People need to push back. I know there's risk, but if you take this shit, they
just keep pushing.

I will be traveling with throwaway, obviously tailored devices with insulting
passwords, lock-screens and documents and a huge pile of encrypted chaff. Let
them document me as a troublemaker.

Better, let them document hundreds of thousands of us as troublemakers. CBP
and ICE have been drifting towards authoritarian-shitheaddom for a long time
and really needs a serious pruning/lobotomy. It won't stop until there's noise
about it.

~~~
throwUsVisitor
I'm happy to say that I do everything to make Border Control life miserable. I
have big clients in US and while I generate for them big profits, I cannot
accept payments due to my ethics. So I complained to legal divisions of my
clients and asked to funnel money there. Every time I cross US border I refuse
to show any data and insist on contact with my lawyers. And by my lawyers I
always have big co legal divisions in mind. At average I spend 6 hours per
border entry but I feel good about myself. I believe that Border Services
still had worse that day.

~~~
manicdee
Ah, so you are the reason I got an invasive cavity search.

Sure you are the big hero, but you upset the people with the power to make
everyone else’s lives miserable.

Good to see that the rich still get things their way.

------
alkonaut
Unfortunately the recommended behavior is to be "difficult". Trying to somehow
state your own rights, demand that officers perform searches in accordance
with law etc. - which is "being difficult". If you are on your way to a great
holiday, important meeting etc, you aren't going to risk it. Because anyone
"being difficult" will be detained or rejected. So I'll just fold and give
them my password. And they _know_ this.

The only time I'd even hesitate to trade my precious time for my integrity is
if I actually had something to hide, unfortunately. Which just reinforces
their assumption that anyone not immediately unlocking their device to let
them read your business docs or see your kid photos - must be hiding
something.

~~~
batmenace
Theres another case, though. Some people have no choice but to be "difficult".
Consider, for example, a lawyer from an international firm travelling with
company devices, which have on them privileged information that can under no
circumstances be disclosed. These kinds of people have no choice but to be
"difficult".

~~~
alkonaut
> These kinds of people have no choice but to be "difficult"

Then they don't get in. Things like company secrets or client-lawyer
confidentiality just doesn't apply here. You have a choice to give all that up
and enter, or just return.

The solution as others pointed out is not to travel with the data, but that's
just cumbersome. You can always just use whatever cloud service you want, and
delete the local copies, downloading the encrypted info again when you have
entered the country.

~~~
NoGravitas
They may well ask for your passwords to the common cloud services; they
already ask for your social media passwords.

~~~
alkonaut
Luckily most places have 2FA so giving them the password to Facebook or Gmail
is "only" equivalent to logging in so they can look around then and there.
They can't look around once you have passed the border, and they can't
sabotage you by setting a new password unless they keep your device or
actually change the 2FA settings. I think that's pretty rare.

I honestly don't think they need/use/keep passwords after I pass through. They
may want to look in rare cases, but I actually think it's more of a "control
question". If you don't have a normal set of social media accounts you are not
normal or you are hiding something. If you aren't willing to show it, you are
hiding something. What you are hiding doesn't matter. They use it as a "tell"
to see if you need to be investigated further.

These questions have always existed. They ask you what your business is
entering the country etc, but they are as interested in whether you are
sweating as they are in what you respond. Same here. They don't need to see
your family photos they need to see you give up your privacy like a "normal
person"

------
tehlike
This should serve as a reminder to everyone to donate/support EFF and ACLU, as
two of the very few organizations that watches for our rights.

It is also a reminder that as we get more numb to issues like this, it gets
worse.

It is probably time to call your representatives and raise your voice.

~~~
saguro
Because calling paid-for representatives has such a strong record of success
over the last decade of human rights erosion.

Talking to your representative is roughly as useful in curbing these things,
as doing nothing at all. What's the _real_ solution?

~~~
JumpCrisscross
> _Talking to your representative is roughly as useful in curbing these
> things, as doing nothing at all_

Have you ever called your representatives?

~~~
saguro
www.google.com/search?q=i+contacted+my+representative+site%3Areddit.com

Knock yourself out.

Spoiler alert: almost everyone reports getting a cookie-cutter email or
scripted response about why the rep will stay the course. They clearly have an
established strategy of how to handle the 'contact your rep' crowd and channel
their efforts to /dev/null.

~~~
JumpCrisscross
> _almost everyone reports getting a cookie-cutter email or scripted response
> about why the rep will stay the course_

Who is “almost everyone”? Any personal experience?

Mine involves getting a personal e-mail from my state Assemblyman, being
patched in to the senior legislative aide to my U.S. Congresswoman who spoke
to me at length about the issue, getting follow-up by e-mail to calls after
the points I raised were discussed with my U.S. Senator, and being reached out
to by my state Senator’s office for input on a draft bill. I also know that
for my tech-savvy Manhattan Congressional district I am usually one of a small
handful voters regularly calling in about digital privacy.

I’m fine with voters being busy or lazy. But don’t brag about it.

~~~
saguro
You're suggesting that your n=1 anecdote weighs more than those thousands of
reddit stories? Or that my position is invalid because instead of engaging in
another n=1 anecdote I aggregated the outcome of many?

For your one story, you can click the top few links of that search to see
detailed accounts and full documented histories from representatives who are
clearly systemically stonewalling this kind of activism. And judging by those
counts, they are the majority.

~~~
JumpCrisscross
> _thousands of reddit stories_

Many of “thousand of Reddit stories” are just like your comment. Repeating a
meme, nothing more.

Will your representatives always be responsive? No. Some are worse than
others. On some issues, the political tea leaves are too obvious to merit
discussion.

By and large, however, representatives and their staff care about their
constituents. When you call (better than form responses on websites), you show
you care about an issue. Their offices want to know if you represent a budding
movement they can attach to.

You’ve cast aside a core civic right and, in my opinion, duty, based on
anonymous forum comments. It would take you thirty minutes to call yourself,
but that’s too much of a hassle. Fine, that’s your right. It’s also mine to
call out your comments as emotional self-indulgence more than anything
substantive.

~~~
saguro
> Many of “thousand of Reddit stories” are just like your comment. Repeating a
> meme, nothing more.

Demonstrably, provably, completely, wrong.

[https://www.reddit.com/r/netneutrality/comments/7kzblu/i_con...](https://www.reddit.com/r/netneutrality/comments/7kzblu/i_contacted_my_representative_and_senator_this/)
\- 4 page account of comms

[https://www.reddit.com/r/Firearms/comments/75yjkd/the_offici...](https://www.reddit.com/r/Firearms/comments/75yjkd/the_official_i_contacted_my_representative_about/)
\- photos showing redditor attended in person instead of making a phone call.
Was told their concerns would be 'passed along'

[https://www.reddit.com/r/pcmasterrace/comments/6dm169/i_also...](https://www.reddit.com/r/pcmasterrace/comments/6dm169/i_also_contacted_my_representative_about_net/)
\- full account of comms. Again cookie cutter response.

Maybe this is biased because it's the top results. Let's jump to page 4.

[https://www.reddit.com/r/SaltLakeCity/comments/7dtlyr/i_just...](https://www.reddit.com/r/SaltLakeCity/comments/7dtlyr/i_just_tried_to_call_rep_chris_stewart_his/)
\- rep's voice mail is full and has been for months. No response

[https://www.reddit.com/r/Connecticut/comments/7gwins/this_is...](https://www.reddit.com/r/Connecticut/comments/7gwins/this_is_my_representative_joe_courtney_he_did_not/)
\- representative actually stands up for the interests of constituents. Yay,
we got one!

No memes here, just detailed accounts which overwhelmingly demonstrate that
paid-for representatives have a strategy to deal with this. As for civic
duties, you do not have a civic duty to uphold a process which is a textbook
example of regulatory capture. If you get success by doing it, great. But
statistically, for the majority of Americans, talking to their rep is worse
than doing nothing. It's spending their time and effort on a process which is
designed to ignore them, so they don't spend that same effort searching for an
alternative process which might actually work.

This process _used_ to be effective; before it was circumvented by lobbying
activity. You can't cling to it today just because it worked yesterday. You
also can't get jobs by just turning up to places and handing out your CV.
Times change.

~~~
gamblor956
You need to actually read your cites. Many of your link actually support what
we've been saying. Their concerns were passed along to the representatives and
they were _pleased_ with the responses they got.

------
teraflop
> “What is the password to this device?” is a verbal collection of
> information, which is prohibited by the Paperwork Reduction Act (PRA) unless
> it has been approved in advance by the Office of Management and Budget
> (OMB), a “control number” has been assigned by OMB, and individuals from
> whom information is to be collected are given notice of this.

I find this extremely implausible. If it were true, wouldn't it also imply
that customs and immigration officers aren't allowed to ask any questions that
don't appear on the customs form? I thought it was generally accepted that
they had a wide latitude to conduct an interview and use the results to
determine admissibility.

The Paperwork Reduction Act is primarily designed to regulate exactly what it
sounds like -- standardized forms for data collection. It specifically
excludes "A request for facts or opinions addressed to a single person".
([https://www.ecfr.gov/cgi-bin/text-
idx?c=ecfr&rgn=div5&view=t...](https://www.ecfr.gov/cgi-bin/text-
idx?c=ecfr&rgn=div5&view=text&node=5:3.0.2.3.9&idno=5#se5.3.1320_13))

~~~
JoshTriplett
I'm not an expert in the applicability of that law, but if they're
_systematically_ asking people for passwords, that's not necessarily
"addressed to a single person".

~~~
freeone3000
Paperwork Reduction Act is an attempt to reduce paperwork. Customs and
immigration questions are not paperwork, despite how systematic they are.
Consider if they have an OMB number for "Citizenship? Duration of stay?
Purpose of visit?", the questions nearly every traveller gets asked. They
don't. Of course they don't. They don't need one.

~~~
UncleEntity
From the bottom of the Customs Declaration form:

PAPERWORK REDUCTION ACT STATEMENT: An agency may not conduct or sponsor an
information collection and a person is not required to respond to this
information unless it displays a current valid OMB control number.

------
jimnotgym
I don't know if it worries my American chums, but I won't visit the USA. As a
foreign tourist bringing money into your economy I feel there is a very real
risk to my privacy and increasingly my person. I am beginning to favour goods
and services from EU where human rights still mean something.

Perhaps it doesn't matter to you how the US is perceived overseas, perhaps you
don't want my money. Perhaps you don't mind being poorer. To me it has become
the land of the police-state and the home of the Trump-Chumps.

~~~
3131s
I am an American living outside the US for ~5 years. It's become very
difficult to plan for the future now that I am in a permanent relationship
with a non-US citizen (we would be married already if not for the various
complications associated with being different nationalities). Especially since
she is from a so-called "shithole" country, one of the poorest on earth, we
have doubts about whether it's even worth ever trying to go back to the US
longterm. What if we do everything right, go through the green card process,
and then suddenly green cards just no longer exist? That statement might have
sounded crazy 10 years ago, but can anybody really assure me otherwise now?

I know 10+ people who are educated, hard-working, and have every qualification
yet are denied a simple tourist visa to the US for whatever reason. The
process is lengthy, costs a decent amount of money, consists of filling out
ridiculous forms on antiquated websites and attaining sponsors from the US,
and then results in a 5 minute interview where some prick essentially makes a
snap judgement about the candidate. We got lucky once with the tourist visa
process, but that was pre-Trump.

The US is an utter embarrassment, and if it weren't for my family still being
there, I wouldn't really care much about never going back.

~~~
tumblen
I went through this process in 2015-2016 after my fiancee was turned away
while we were entering the US in PHL (they said she had already spent too much
time with me there). We went back to Spain where she's from and started the 4+
month long process of getting her a K-1 fiancee visa.

It is a lot of reading, a lot of forms, and nerve-wracking interviews so I
understand where you're coming from. But now she has a green card and it's a
huge weight off our chests, great to be able to live a normal life. No one is
coming for legal permanent residents, especially by marriage.

Almost everyone we interacted with along the way (except for the border
control at PHL) was pretty friendly and just doing their job. No one seemed to
have an axe to grind against immigrants.

The best resource I found was VisaJourney which has guides, timelines, useful
forums, crowd-sourced processing times, etc.

I'm sure you'll find other users there from your partner's country so you can
get a feel for what the process is like from a relevant perspective.

Here is the process/timeline for a fiancee visa:
[http://www.visajourney.com/content/k1flow](http://www.visajourney.com/content/k1flow)

Happy to help if you have any questions

~~~
CWuestefeld
The immigration system is horribly broken. My wife, too, is an immigrant, and
our experience is vastly different from yours.

For example, they scheduled her for an interview on a date that was impossible
for her to make (iirc, that was her first day of a new job). She went to the
INS offices to ask to have it rescheduled, and the person at the desk just
gave her a flat "no, we do not reschedule interviews". My wife asked to speak
to a manager - something that's eminently reasonable, if maybe slightly
annoying, at any business - at which point the INS employee bushed a button
that summoned to burly guards to physically remove her from the premises,
stating that she was a threat to the office's security.

~~~
debaserab2
Wouldn’t an immigration interview trump any other reaponsibility a person has?
I’d explain to my boss the situation and see if I can get my day switched way
before I’d expect any government agency to shuffle things around for my work
schedule (especially any agency that’s immigration related).

~~~
Zak
I'm sure it would if the conflict cannot be resolved, i.e. both the
immigration officials and the boss are unwilling to accommodate the other
requirement. Missing one's first day of work generally looks bad though, and
trying to avoid that if possible is reasonable.

Attempting to reschedule an immigration interview doesn't strike me as
unreasonable, nor does escalating to a supervisor if you don't like the answer
you got. The employee calling security, on the other hand strikes me as
abusive. I think that employee should be fired and probably not given a
position of authority where they can mistreat others that way again in the
future.

~~~
debaserab2
I agree that the latter part sounds very excessive, but I still can't
understand how protecting one's legal status in the country they are in
wouldn't far and away be the most important thing on their calendar.

Given how long everything takes when dealing with immigration, it's not
exactly surprising that they aren't able to accommodate people's schedules.

~~~
Zak
Attempting to schedule something in a way that minimizes conflicts doesn't
necessarily imply that it's not the most important thing on the schedule.

> _Given how long everything takes when dealing with immigration, it 's not
> exactly surprising that they aren't able to accommodate people's schedules._

If things take a long time, it shouldn't make much difference to them whether
they do an interview this week or next. It's surprising that everything takes
a long time though, from a certain point of view anyway.

------
tunareter
For those who aren't US citizens, the advice in that article is absolutely
terrible.

Refuse to cooperate and you'll be on the next flight to whatever CBP deem is
your home, and good luck ever getting an ESTA or Visa in future.

~~~
rimliu

      > and good luck ever getting an ESTA or Visa in future
    

Would you want one after this anyway?

~~~
tunareter
Maybe your employer has offices there.

Maybe you have relatives there.

Maybe you have clients there.

Or conferences, or other professional events.

Maybe you are even resident there.

~~~
dbbk
Maybe you just want to go to Disneyland.

~~~
letsgetphysITal
Whether Disney World is worth paying for with your dignity and privacy is a
decision each person must make. Further, Disney now harvest biometrics for
their ticketing. Noooooooope.

~~~
sokoloff
Disney has an opt-out process for the fingerprint scan. (I'm not saying that
to excuse their default stance, which I do find uncomfortable.)

------
chx
After the arrest of Marcus Hutchins I have already resolved not to set foot in
the USA (unless badly necessary for business :/ ). It is surprising how little
international outrage that arrest sparked: if the reasoning of the USA in this
case were solid then international travel would halt. You would need to review
everything you've done online (the last few years at least but possibly ever)
and compare it to the laws of the country you are entering. If the USA
believes Hutchins committed a crime according to US laws then they should ask
the UK to arrest and extradite him. Let me emphasize: it doesn't matter, at
all, what Hutchins have done.

And this was not the first time this was done: Sklyarov was arrested for
violating the DMCA while outside the USA as well. That case was one of the
primary reasons I excluded the USA as my immigration target and landed in
Canada instead (back in 2006 I was in a position where I could choose).

This policy just makes my resolve stronger.

~~~
zeveb
> You would need to review everything you've done online (the last few years
> at least but possibly ever) and compare it to the laws of the country you
> are entering.

Yes, that's what you must do any time you enter a country. Any country is free
to arrest you for past violations of its laws when it has the physical ability
to do so. Once you're physically present in a country, it no longer needs to
demand your extradition: you've extradited yourself.

~~~
Thiez
In general people expect the laws of a country to apply to them only while are
actually inside that country. In the UK you have to drive on the left side of
the road, would you expect to be arrested on arrival for having driven on the
right side of the road while in another country? Being refused entry is
understandable, but being arrested? Isn't a country's jurisdiction supposed to
be restricted to its borders?

~~~
chx
_Obviously_ every UN member state have their own jurisdiction. Henry Kissinger
argued this aspect of sovereignty even applies to the highest crimes (crimes
against humanity etc) while others claim universal jurisdiction over these.
Noone, ever, tried to claim universal jurisdiction over circumventing copy
protection. The US just does it.

------
crispyambulance
It seems to me that few people are talking about what actually happens to
phones/laptops when they're unlocked by a password given by the passenger.

There's a HUGE difference between...

A) A derpy mall-cop DHS agent casually browsing through your laptop/phone for
a minute or two, looking at emails, pictures etc.

B) The contents of hard-drive/flash/phone being copied to a government server,
stored in perpetuity, and subject to n-th degree content searches forever.

A is just annoying, B is vastly more concerning.

~~~
eximius
And you don't know, can't know which it is since they can remove the device
from your presence. So you have to assume the latter.

~~~
crispyambulance
Yeah, I would make that assumption if they confiscated the device and said
"we'll send it back to you whenever."

But why do I feel that "derpy DHS agent browses computer for a few minutes" is
far, far more likely in a scenario where the device is taken to a back room?

Is it really impossible to know anything about what is done with devices in
the back room?

~~~
eximius
Let's say they had your device for 15 minutes. Thats enough to disassemble and
copy a bunch of data and reassemble. Unless you have whole drive encryption
they only need to copy the user folders (typically).

Or your machine might have been in a queue and only looked at for 2 minutes.

Or they might have not looked at it at all.

Now pick a few different timeframes and you tell me how hard it is to know?

~~~
cryptonector
15m seems like too little unless the traveler is a high-priority target. CBP
is often crushed.

------
clarkevans
Let's not see this as simply a national policy issue. It's a global problem
where peoples lose control to the levers of their governments. Sometimes, it's
about a population that is deliberately misguided by propaganda. Often, it's a
problem with the concentration of wealth and transnational entities who escape
any reasonable form of governance. The solutions to this won't be found by
ostracizing any nation's citizens, but, to join in solidarity to solve the
economic and governance issues that are at its core.

Cooperative structures could offer an approach to these problems. Cooperatives
are a way for a group of people to collectively own shared resources and make
decisions about them democratically. Importantly, they are not governmental
(i.e., they lack force of the police/military) yet can use the same legal
environment that for-profit corporations enjoy. Cooperatives fall in the
middle of the political spectrum: to liberals, they are about economic self-
determinism; to conservatives, they are about smaller government and
corporations. Cooperatives could be used to peel away economic activities from
unaccountable entities.

As leaders and doers, we should start thinking about what activities we
perform should be governmental, which should be proprietary (privately
controlled) and which should be cooperative yet economically participatory.
For example, regional water systems are often operated as cooperatives rather
than for-profit entities or as a department in a municipal government. This
distributes economic and political power. We could build upon this
organizational pattern in other industries. We need more tools, research, and
investment into how cooperatives could help us form global democratic networks
that are small, distributed, financially sustainable, and accountable.

We need global, bottom-up, fractal governance and economic markets that
distribute political and financial power.

------
chrisper
[https://webcache.googleusercontent.com/search?q=cache:wNbL8w...](https://webcache.googleusercontent.com/search?q=cache:wNbL8wBpo0YJ:https://papersplease.org/wp/2018/01/05/new-
dhs-policy-on-demands-for-passwords-to-travelers-electronic-
devices/+&cd=1&hl=en&ct=clnk&gl=ch)

------
dang
The submitted title broke the site guidelines by editorializing. Accounts that
do this eventually lose submission privileges on HN, so please read
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)
and don't do this.

------
snowpanda
This is, of course, very upsetting for the obvious reasons. However, there's a
second aspect to this that is (IMO) equally infuriating. Which is that even
when the Supreme Court rules on something, which (credit where credit is due)
has always done its best in making rulings as clear as possible for future
similar cases, that politicians (of any party really) will still find a way
around it. In 1868 (Crandall v. Nevada) the Supreme court ruled that: "a state
cannot inhibit people from leaving the state by taxing them."

Sure, maybe the word "tax" can be up for debate (although IMO taking someone's
personal information is a tax). But if you look at point 8 at this link:

[https://supreme.justia.com/cases/federal/us/73/35/](https://supreme.justia.com/cases/federal/us/73/35/)

It states that during the ruling, The Supreme Court ruled that: "8\. The
citizens of the United States have the correlative right to approach the great
departments of the government, the ports of entry through which commerce is
conducted, and the various federal offices in the states."

The "tax" inhibit this right.

It is now 2018 (150 years later) and we have simply replaced the word "tax"
with a different obstacle, which functions in the same way: inhibiting the
freedom of movement for those who don't (or can't) comply.

------
netsharc
I remember reading a traveller's guide to the Soviet Union, and talking about
precautions you need to take while using your camera. It was written for the
1980s, I wonder if people back then would've thought, that 40 years later...

~~~
DaiPlusPlus
What kind of precautions did they recommend?

~~~
davidgh
I’m not sure of the guide referenced, but I traveled in Russia extensively not
long after the fall of the Soviet Union. Based on the advice we received,
don’t do stuff like take pictures of government facilities, bridges, airports,
etc. Don’t attempt to be discreet in your photo taking when you do take photos
- hold your camera in plain view as to not appear you’re attempting to hide
your activities. Don’t take pictures of things that might have the possibility
to show the country negatively such as a dilapidated buildings, street
beggars, etc.

Also, not directly related but be incredibly careful around military
installations, and be aware that many strategic military installations are not
clearly identified with signs (if you’re walking in a forest and hit a chain
link fence don’t climb it).

Stuff like that.

------
mkarliner
It would seem to me the answer is to factory reset your phone before travel
and reinstate it after landing. However, the UK is not much better, given
recent legislation. Until the average voter gets concerned enough about this
to make it an election issue, our lives will be more and more constrained.

~~~
DougWebb
I wouldn't recommend this. You want your device to look innocuous and
_normal_. Nobody carries around an unused phone, so having one would be a red
flag. Your phone will be examined for hidden partitions, and you'll be
detained for further scrutiny.

~~~
cr0sh
If it's been factory reset and wiped, there's not going to be much that they
can do about it.

They could detain you - but for what reason? Because you have a blank phone?

What if you don't have any social media presence? What if you simply don't
remember your passwords (because they are stored on your browser at home, or
you have some kind of device like a yubikey, and that's at home too)?

So they detain you, because...why? "Innocuous and normal"? So anyone who
decides to forgo any electronic devices while traveling and doesn't have a
social media presence (or maybe even an internet presence!) is considered
"suspect"?

The more I hear and read about stuff like this, the more I just want to log
off, move to the middle of nowhere, and switch back to coding on my old 8-bit
microcomputer from the 1980s - this world and my country has gone insane.

------
rtpg
Have there been any court rulings that limit searches at the border at all?
Are there any lines at all upon which we can rely on?

Even a tiny exception to the "4th ammendment exception" might allow for
crafting safer transit.

~~~
IronBacon
I think the borders are technically not US soil so they are covered by a
different set of rules/authorities. I could be wrong, not an US citizen, I
seldom cross borders, feel free to correct me... ^__^;

~~~
GCU-Empiricist
Your right entry into the border is held as a plenipotentiary setting by
SCOTUS, meaning the laws don't apply until you admitted into the border.

------
FidelCashflow
We should resist this by wasting as much time as humanly possible. How about
carrying multiple data devices with brute force able encryption for
meaningless data? Encrypted linux ISOs, 8051 datasheets, trivial C programs,
etc. There's clearly a file structure in place, it's clearly not easily
readable, the person who was carrying it will not (or maybe cannot because
they genuinely don't know) divulge how to read it. All this just to waste
their time and resources dealing with piles of this shit.

Anybody remember that USB stick that kills whatever it's plugged into? I could
throw 2-3 of those into my luggage and forget about them.

~~~
antihero
This seems like a good plan if you enjoy sitting in a holding cell for hours
or days.

------
Teichopsia
Is this only for people entering the country or does it also apply to those in
transit?

~~~
collyw
The US is the only country that I have passed though where they feel the need
to poke around with your baggage that is in transit. (Its on my list of
"shithole" countries).

~~~
Teichopsia
I understand that one needs to go through customs & immigration, even if one
is only in transit. But the idea that one needs to hand over one's "diary" is
beyond me.

------
ezoe
No US visit for me then.

------
eganist
Hmm can this be filed as an insurance claim if they keep the device?

~~~
fyfy18
Most travel insurance policies have an exclusion for this, something along the
lines of the following (taken from an AXA UK policy):

    
    
      Your policy does not cover you for any claim directly or indirectly resulting from any of the following:  
      ...  
      8) Confiscation or destruction of property by any customs, government or other authority of any country

------
cosban
I've been working on an app/program that could be of use for this kind of
situation. It's in way to early of a state to be released though. For the sake
of giving it a name, we can call it Dead Man's Pass.

Effectively, for phones or laptops, you would have your standard password as
well as a secondary password. If you use your fingerprint to open your phone,
you would be able to register a different print as your secondary print.

Using your regular password/fingerprint would unlock the device normally.
Using the secondary (dead man's pass) would either wipe the device, or open it
to a honeypot state.

I think this would be useful for phones and perhaps laptops. If a memory card
is confiscated, perhaps it could be encrypted with a program that follows the
same concept. Either way, it allows people like DHS to demand a password, and
have one given to them while also solving the problem of not wanting to show
them private information.

~~~
cryptonector
Might as well just travel with wiped devices.

If you're a U.S. person the worst case scenario is they keep them anyways.

BUT! if you're NOT a U.S. person do keep in mind that CBP takes wiped devices
(and lack of devices) as suspicious in itself, and may deny you entry.

~~~
cosban
Under this concern, perhaps the if being used in "honeypot" mode, it could act
as a reverse vault. Rather than setting up what you don't want people to see,
you would instead set what you do want them to see.

Regardless, implementation details would probably be better for a different
topic.

~~~
cryptonector
Well, yes, CBP will be seeing a lot of what they don't care about (boring
stuff), no doubt.

------
kqr
Is it an option to just feign ignorance and claim not to know the password?
Sure, they might confiscate it but I guess then you'll have to find a cheap
alternative to restore your backups to until/if you get it back.

~~~
robinwassen
I think a cheaper alternative is to only allow access to non-sensitive
information when initially logging into the device, then hide any substantial
information behind another layer.

Don't think the average customs officer has time or skills to dig out files
containing encrypted volumes on your device.

~~~
zbentley
The average customs officer will not do that. But they _will_ potentially take
an image of the hard drive (possibly by removing it and connecting it to an
imaging computer) and store it, after which people/programs with both the time
and skills can find your hidden data.

~~~
zeveb
If that data is encrypted properly, then finding it after you've already left
the country can't help you.

------
bogomipz
So the DHS in the US began deploying facial recognition scan without any
authorization and now they have gone and decided to implement collecting
travelers passwords.

So the DHS requesting you passwords in order to enter and the DHS collecting
your facial scan in order to exit will effectively bookend the experience of
visiting the USA.

This agency seems to increasingly act with complete autonomy and impunity. The
culture there seems to be one of arrogance and disregard. This is evident all
the way down to the clowns at the airport who berate and harass regular folks
who are just trying to get somewhere.

------
itissid
I always thought that immigrants always get the sharper end of the stick and I
wondered when has immigration ever been easy without these kind of issues. But
this is truly appalling. Two things I know to be true:

1\. The current gene pool that will rule this country will be no different
from the last and it will impose similar measures on the next pool.

2\. What's sad about this is the long term damage done to trust and a raft of
the rights of people, all for some short term security.

The only thing that can fix this is a return to thinking of consequences on a
larger time scale and stop being afraid.

------
userbinator
Good thing
[https://en.wikipedia.org/wiki/Deniable_encryption](https://en.wikipedia.org/wiki/Deniable_encryption)
exists.

~~~
xxs
What would likely happen: detained at the border regardless your claims, send
back on the next flight, denied Visa next time.

------
cryptonector
I would note that DHS/CBP can't do too much of this. It's very time-consuming
even to set aside a passenger and demand their devices and passwords, and CBP
has large plane loads to process quickly. So obviously they must only bother
with this policy when they think they have reason to -- because you're on some
list, or perhaps because someone with the same name as you is on a list
(scary!). There are some natural limits to this policy.

------
ashildr
German here, in his 40s, earning quite an above average income in IT as does
my partner. Double income no kids as they say. We travel a lot, just not to
the US anymore.

------
vlod
Reminder: pay your yearly contribution to your lawyer.

i.e. Write checks to ACLU and EFF.

ACLU: [https://action.aclu.org/donate-aclu?redirect=donate/join-
ren...](https://action.aclu.org/donate-aclu?redirect=donate/join-renew-give)

EFF: [https://supporters.eff.org/donate](https://supporters.eff.org/donate)

------
Zak
Yes, officer, the password is "Orwell1984".

Where's the data? What data? The only thing on there is an app called "Secure
erase free space". No, you can't have the encryption key to that flash drive
there, but I'll surrender it under protest.

------
u801e
I think the only option now until the policy changes is to just carry a phone
with no data on it and a laptop without any hard drives/secondary storage
(which you boot with a live usb).

------
ttul
Basically, don’t carry data with you. Leave it all in the cloud. You can’t be
compelled to provide the password for a service which contains data that is
not on the device.

~~~
jccc
Really? For how long?

[https://www.theguardian.com/technology/2016/jun/28/us-
custom...](https://www.theguardian.com/technology/2016/jun/28/us-customs-
border-protection-social-media-accounts-facebook-twitter)

[http://www.businessinsider.com/john-kelly-travel-ban-
social-...](http://www.businessinsider.com/john-kelly-travel-ban-social-media-
password-2017-2)

[https://privacysos.org/blog/social-media-privacy-at-the-
bord...](https://privacysos.org/blog/social-media-privacy-at-the-border/)

[https://www.eff.org/deeplinks/2017/01/fear-materialized-
bord...](https://www.eff.org/deeplinks/2017/01/fear-materialized-border-
agents-demand-social-media-data-americans)

------
Cort3z
Chromebooks will be flying off the shelves after this. They are only allowed
to view content on the device itself, not access any cloud-stored data.

~~~
rando444
the device still has a cache... plus unlocking a device with your google
account and then handing it over to a border guard is the last thing I would
want to do.

~~~
dmitrygr
Why?

DefinitelynotfakedmitrygrLOL@gmail.com password: fucktheDHS

Log in works. Chromebook shows apps. Emails. Etc.

------
cryptonector
If you are a U.S. person they cannot deny you entry for not giving them your
passwords, though they can keep your devices for some time.

~~~
JustSomeNobody
I think I remember reading that they can still detain you "indefinitely" even
if you're a US Citizen. Is that not correct?

~~~
gamblor956
They can detain you indefinitely even if you're a US Citizen, but afterwards
they will be sending you a rather sizable check to settle the lawsuit you file
for getting your civil rights violated.

Unless you commit a crime crossing the border (like getting caught with
drugs), CBP does not have the authority to detain a US citizen without
probable cause. Refusing to provide a password is not probable cause.

~~~
cryptonector
Correct. But they can retain your devices and all your stuff.

------
ComodoHacker
An obvious solution is to upload your data to a cloud service before passing
the border and download them later.

Will that be declared a contraband soon?

~~~
danjoc
I trust my country more than I trust Google/iCloud/Dropbox/etc. I'll take my
chances.

~~~
ComodoHacker
What you really should trust is strong encryption with keys managed by
yourself.

------
paulie_a
Great. I am planning a trip to Cuba in the near future and now my costs
include a burner phone

------
b6
Absolutely not. Having lived outside the US for two years (so far), I halfway
expect to encounter suspicion when I return. I absolutely will not stand for
this. I will not cooperate and I will resist as much as possible, short of
violence.

~~~
tallanvor
As someone who has been living overseas for over 11 years, I can honestly say
that US border control and TSA have the most unprofessional and disrespectful
employees I've encountered in my travels. It's unlikely they'll ask to check
your electronics unless they suspect you've been someplace like Syria, Iraq,
etc., but nevertheless they'll look for any reason at all to question you as
if you're a criminal.

If foreign visitors get treated even half as poorly as I've been treated, and
I'm sure they do, it's an embarrassment. I wish more Americans traveled
overseas because if they experienced the difference between how we treat
people vs how others do, they'd be properly outraged.

I stopped bothering even being polite to them after getting repeatedly
questioned about my travels when I trying to get back home before my mother
died. I'll be the first to admit that I often have trouble showing empathy,
but these people make me look like a saint.

~~~
scalesolved
I'm missing my right hand, on my first visit to the US since 1994 (as a child)
I was asked to scan my hand. I politely tried to tell the agent that I'd have
to scan my left hand and he started shouting at me without looking at me.

Each time I uttered anything he'd just randomly shout for me to comply, after
about the fourth time he looked up and ordered me to use my left hand.

Absolutely bizarre experience.

------
MentallyRetired
[https://xkcd.com/538/](https://xkcd.com/538/)

~~~
ilaksh
Except they don't have to drug or hit you. They just "confiscate" it if you
don't tell them your password.

The last time I went to the airport, I was really tired and it was apparent I
hadn't slept. I guess being exhausted and ugly made me suspicious. They way
they interrogated me like a criminal and forced me to provide personal details
made me seriously consider emigrating.

------
cjslep
I feel sorry for the bloke whose legitimate password is

    
    
          thisisjustadecoypasswordthatwillblowupthebombibroughtloljk

~~~
tomalpha
Going through immigration and customs is definitely _not_ the time to try
develop a sense of humour ;-)

------
SheinhardtWigCo
Is this the United States of America or Nazi Germany circa 1930? Anyone with
malicious or criminal intent can simply not carry data that implicates them
over the border, so just what is the point of this?

~~~
dang
Would you please not post ideological rants to HN, regardless of how correct
the underlying position? Doing that is against the site guidelines, and we'd
appreciate it if you'd read those and take the spirit of this site to heart:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html).

~~~
SheinhardtWigCo
Thanks for the reminder. I edited my comment.

------
djfm
Also, commenters to this thread won't be let through.

------
tzahola
use truecrypt

~~~
snag
> use truecrypt

be coerced to give away your truecrypt password.

~~~
DaiPlusPlus
Truecrypt has deniable encryption and duress passwords.

~~~
cryptonector
No such thing.

CBP aren't stupid. If they see you have something like Truecrypt installed,
then they will assume you have "deniable" stuff stored and _will_ demand to
see it. And if you don't actually have it? Too bad for you.

Cryptography cannot help you defeat a government's rubber host cryptanalysis.

~~~
tzahola
You haven’t used Truecrypt, have you?

------
alerighi
And you still call your country a democracy!

If this doesn't change, I will never consider to move or even go on vacation
to the USA, I might live in a state that has a lot of problems (Italy), but at
least I have the right of privacy, and I can take a plane without having
agents searching through my sensitive information on my devices.

~~~
danesparza
It's not (nor has it ever been) a democracy. It's a Federal Republic. More
info:
[https://en.wikipedia.org/wiki/United_States](https://en.wikipedia.org/wiki/United_States)

~~~
welterde
Democracy and federal republic are not mutually exclusive (in modern usage
anyway). Far from it - being a federal republic is just one of many variants
of democracies.

The USA - like other countries, such as Germany or Mexico - are both a
(representative) democracy and a federal republic.

------
edanm
I understand the anger, and I understand people wanting to protest.

But why on earth would most people here feel the need to travel with a wiped,
or factory-defaulted device? I mean, if you have something to hide, or
sensitive information, sure, I guess. But it's not like they stop and ask for
a password from everyone. This probably applies to 1 in thousands, if not tens
of thousands of passengers. What on earth do you gain by going through the
elaborate precaution of wiping all your devices, for a 1 in 10k chance of
someone bothering to look at them, especially when they wouldn't find
anything?

It is ok to be both angry, even outraged at a policy, but also not let it
impact you in a totally crazy way which doesn't make any sense.

~~~
jnagro
"Arguing that you don't care about the right to privacy because you have
nothing to hide is no different than saying you don't care about free speech
because you have nothing to say." \- Edward Snowden

~~~
kaybe
It's also naive. Most of the things I have to hide are other people's secrets.
Closeted people's sexual orientations, secret pregnancies and cheating, porn
fetisches _.. sure, none of these things are a huge problem (though illegal in
some countries..), but they are vulnerabilities of the people that shared them
with me, and they are not mine to disclose.

Currently that probably means to never even mention these things in
combination with anything internet (unless it has strong encryption, maybe).

edit: _mental health issues, drug use, compromising pictures and situations,
...

