
1Password Travel Mode: Protect your data when crossing borders - nthitz
https://blog.agilebits.com/2017/05/18/introducing-travel-mode-protect-your-data-when-crossing-borders/
======
chx
"May I search your laptop?" "Certainly." "But... this is practically empty."
"Yes sir. I FedEx'd my SSD to the destination."

I have a small SSD in the primary disk in my T420s, it has just enough to get
me through the flight. I keep the primary in the UltraBay with a simple
adapter, takes one reboot and no tools to put it back in place. Done. Happy
searching! I can't log into anything even if I wanted to because I physically
do not have my password store
[https://www.passwordstore.org/](https://www.passwordstore.org/) with me.
([https://github.com/chx/ykgodot](https://github.com/chx/ykgodot) I wrote this
trivial script to automate yubikey neo with pass)

Alternative: encode the entire primary disk
[https://github.com/cornelinux/yubikey-
luks](https://github.com/cornelinux/yubikey-luks) and FedEx the yubikey.
Yanking the disk is better, though.

~~~
veidr
It's a practical approach, and my comment here isn't necessarily aimed at you,
chx (since I don't know your citizenship status), but I would add this
entreaty to American citizens like me:

If you ever get asked that question at the US border, please don't acquiesce
to that request. They have the right to ask, and they even have the power to
search it regardless of your permission, but despite an alarming drift towards
a total surveillance, they have _not_ established the right to force you to
unlock/decrypt anything.

I'm flying into SFO tomorrow, and I am taking similar precautions as chx so
that my laptop doesn't contain any meaningful data[1].

However, if asked to unlock my laptop, I plan to say "No, of course I cannot
do that; it violates the most basic security practices and I could and should
be fired if I exposed sensitive company data in that manner." And then just
sticking with it. It will be inconvenient, especially if they seize my laptop
and detain me, but as citizens it is up to us to resist the normalization of
behaviors that push the nation further towards the precipice of idiotism.

[1]: As an American citizen, I have routinely done this when traveling to
authoritarian nations like China; it's hard to express how outraged I am that
my own country has degenerated to the point where sound security practices now
require these kinds of procedures when traveling to the USA.

~~~
was_boring
Is the goal to resist normalization of the behavior or is to get through the
security theater?

~~~
mcv
Both, but for non-Americans, getting through the security theater is not
guaranteed, so they have to focus on that. For Americans, their rights are
clearer and they are guaranteed to get through the security theater, so they
can afford to fight the normalization of this.

------
alexpw
If you are refusing to enter the password, access to the device, or to disable
travel mode, then good luck to you. IANAL, but the border agent doesn't care
if the data is technically in the cloud, rather than on the device, because it
restores when you unlock it.

In addition to removing the data from the device, cheers, don't you also need
to be able to honestly say you can not provide access to it?

Ways to honestly answer, "not possible", and mean it:

\- schedule a time period where no password is accepted. \- enable
whitelist/blacklist zones via geolocation. \- set a new password that you give
to a trusted friend/coworker/spouse that you must contact to retrieve.

Some combination of the above for ease-of-use, and ploys like emailing
yourself the new password after a period of time for redundancy/safety.

~~~
URSpider94
If you read the article, there is no "tell" that 1Password is in Travel Mode.
The only impact is that most of your passwords are missing from the password
vault, but the agent would have no way of knowing what's missing. It's not
like it pops up a big "Travel Mode" banner.

~~~
cm2187
Customs read these articles just like us. What if they ask you if travel mode
is turned on? Will you lie?

~~~
ENGNR
I was thinking this (and no I wouldn't lie to customs), but the second half of
the article details how to let a remote administrator enforce these policies,
ie blame your employer for wanting to secure their data from unauthorised
access.

Of course the real answer is to avoid the business hostile USA (or at least
the border)

~~~
michel-slm
The definition of "border" is surprisingly vast too -- if you're within 100
miles of any "external boundary". Two thirds (!) of Americans live within this
"border" area.

[https://www.aclu.org/other/constitution-100-mile-border-
zone](https://www.aclu.org/other/constitution-100-mile-border-zone)

~~~
URSpider94
This is a bit of an exaggeration, which has frequently been de-bunked. In
brief, if you didn't recently cross a border, then immigration officials have
no special powers within this zone.

There is, however, a "functional equivalent" of the border in every
international airport that grants ICE these powers over arriving citizens
(which makes sense).

[https://constitutioncenter.org/blog/does-a-constitution-
free...](https://constitutioncenter.org/blog/does-a-constitution-free-zone-
really-exist-in-america)

------
gruez
Counter: the border agent asks "are you hiding any information from us?".
answer yes, and they get you to disable travel mode. answer no, and you just
committed a felony.

~~~
rosser
As a general comment to so many of the follow-ups to this post:

You _really, really_ don't want to get into a rules-lawyering match with
_Federal fucking prosecutors_ over whether "clever technological solution"
counts as "hiding" something or not. They have _all of the guns_ in this
situation, and you have a demonstrably inaccurate understanding of the
relevant statute.

You WILL lose.

~~~
sethev
If the question is "are you hiding any information" then the obvious (and
true) answer is no. If the question is "did you use travel mode for 1password"
then that's a very different question. Unless you can point out a statute that
requires you to travel with certain information on your device it's hard for
me to see the problem.

Your position seems to be that if you were carrying your checkbook (as an
American) and then decided against it because you were worried someone might
get your bank account number then you somehow risk getting into a debate over
technicalities with a border agent. I would strongly recommend not getting
into that debate as well by not bringing it up.

~~~
xg15
I don't think searches of accounts are in any way excusable either, but for
the purpose of rules-lawyering:

You have deliberately chosen to make certain information not available during
the search period and are planning to make it available again once the search
is over. I can absolutely see how that counts as "hiding".

~~~
chii
Therefore, if you had a device to withdraw money remotely that required
entering your pin, and if the security agent asked you for your pin, would you
provide it?

What if my laptop had similar capabilities?

~~~
pbhjpbhj
The bank PIN isn't really comparable as government agents can access bank info
(in UK at least); the only purpose of the PIN is money withdrawal - surely
there is no situation where a border agent would be legally asking for that
PIN?

If it's going to bother you why not just use a dumb device and a VPN to access
your sensitive data?

------
edanm
I'm struggling to understand all the comments here, but it feels like I'm
living in an alternate universe. All of these questions like "but do the
customs agents search for hidden partitions", etc...

Who is it that is running into all these scenarios with border control? I've
gone on international flights, including to the us, dozens of times, and have
seen around me thousands upon thousands of travelers, and I've _never_ seen
anyone asked to open their laptop, no to mention being grilled on hidden
partitions.

Not that I'm doubting this _ever_ happens. But from these comments, someone
would get the feeling that this is _routine_ , rather than a 1-in-an-X
occurence for a probably very high X.

~~~
schoen
According to a CBP press release from April, "in the first six months of FY17,
CBP searched the electronic devices of 14,993 arriving international
travelers, affecting 0.008 percent of the approximately 189.6 million
travelers arriving to the United States."

The release goes on to show that this is nearly twice as frequent as the
equivalent period last year.

~~~
24gttghh
The press release in question:

[https://www.cbp.gov/newsroom/national-media-release/cbp-
rele...](https://www.cbp.gov/newsroom/national-media-release/cbp-releases-
statistics-electronic-device-searches-0)

~~~
schoen
Thanks very much, I had been e-mailed a copy and didn't have the link handy.

------
mholt
The implementation looks sound, and it's easy to use. Props to Agile Bits for
making this feature a priority.

So this is great! -- I think. My only concern is that if the authorities are
already suspicious of you, and find no password vaults (or practically nothing
in your password vault), they may just detain you until you reveal what you
haven't disclosed to them.

There's clearly a technical solution to the problem of protecting data across
borders but they do not work so well under duress. Is there any technical way
to convince an adversary you are not hiding anything else or did not delete
something?

~~~
whalesalad
Social engineering. Confidence. At some point technology needs to be abandoned
and you need to be a human being during those scenarios.

Or simply don't have anything to hide. If you have a guilty conscience that is
going to manifest itself in your body language and mannerisms.

~~~
robschia
> Or simply don't have anything to hide. If you have a guilty conscience that
> is going to manifest itself in your body language and mannerisms.

What if I am an anxious guy?

What if I carry some business secrets?

What if I don't want some TSA agent look at my SO pics I have on my
devices/social media?

~~~
whalesalad
Being anxious is something you can work on. Business secrets are perfectly
legal to carry across a border. Not wanting the TSA to look at your shit is
something I can understand.

I'd basically tell them to fuck off (in a more diplomatic sense) until it
reached the point of being either blocked entirely from traveling or
detainment. At that point you gotta ask yourself if the juice is worth the
squeeze and turn back or play their game.

Also this is more than just an issue with the Trump administration and the
TSA... I don't travel to Canada any longer due to the treatment I have
received at the border there.

~~~
Kpourdeilami
Just out of curiosity, how's the treatment at the border in Canada?

~~~
chrisdun
10 years ago I was working in Canada; couple of friends and I (Australian,
British and Québécois) decided to go and ski in Montana for a few days. We had
a few beers on the way down and stopped just before customs to drop off open
cans before we crossed the border. Being 11pm, we were the only people at the
crossing. As we circled round they decided something wasn't right (probably
justified although not in their jurisdiction) - 4 hours later we were allowed
into the US having been fingerprinted and our car searched on a ramp for what
I assume was explosives or drugs. 3 days later we returned to the border
travelling the other direction - the CBSA officer looked at the cover of all
three different nations' passports before saying "I'm sure there's a visa in
there somewhere, have a nice day."

------
jzl
This is a nice feature, but ultimately if you are concerned with border agents
requiring a phone search then you should just backup and install a fresh OS
before traveling, then restore when you get back. Log into the minimal number
of apps after you've entered the destination country, and optionally
delete/logout of said apps prior to return travel if the return border
crossing is also a concern. Admittedly if you use a password manager you might
need still want to make use of a feature such as the one in this article, or
install the password manager app after entering the country, or just write
down the passwords that you will need and hide them somewhere unfindable with
your stuff.

On iOS about the only thing you would lose is your message history during the
trip. It might be an annoyance if you wanted to play games that had non-cloud-
based saved player state, but I can't think of too many other issues with
doing this.

~~~
ben_jones
Can't they order you to sign into iCloud or equivalent and then just sync
whatever they want, photos, texts, emails, apps (and then order you to sign
into those apps like Facebook, Whatsapp, Gmail)? Bottom line is they can get
you _AND_ everything you have access to. And it you try to circumvent it by
i.e. temporarily encrypting everything for 24hr boom you just committed a
felony. This is my understanding at least.

~~~
rpedroso
IANAL and I don't have an answer to this, but I would be deeply alarmed if
this were the case. I can understand them making the case that anything on
your personal is searchable (though I disagree that this should be allowed).

By asking you to sign in and sync, they're not just requesting access to
information on your person -- that's an enormous expansion of their search
powers.

~~~
mtgx
I mean, aren't they forcing you to give Facebook passwords now?

[https://www.cnet.com/news/us-border-agents-facebook-
twitter-...](https://www.cnet.com/news/us-border-agents-facebook-twitter-
password/)

------
MatthewWilkes
This feature really should ask you to commit to your duration of travel
beforehand. It's no use if you can be compelled to readd the data.

~~~
javajosh
That doesn't solve the problem, because you could be detained until the data
is accessible again.

~~~
IcyPickle
No you can't be detained indefinitely (unless they have evidence to charge you
with a crime). You could have your devices confiscated, and as a non-citizen,
you could be denied entry.

~~~
javajosh
I believe you can be detained indefinitely, and without probable cause, by
border agents.

------
IcyPickle
I'm a little sad that this would require me to use the 1Password cloud-
service. I would never want my 1Password vault to be on any server outside of
my control. While I completely trust agilebit's intentions, I feel that their
cloud service adds a very major attack surface. Someone like the NSA would
certainly be able to obtain copies of the encrypted vaults, which means that
_everyone 's_ vaults are just one bug/backdoor in the cryptographic stack
(remember Debian RNG bug?) away from being exposed.

Hence, I only use WiFi sync for 1Password. It would be nice if 1Password added
a sync option through my own WebDAV server. I'd then be happy to pay for a
1Password cloud account just for the TravelMode feature, as long as the vault
data itself wasn't stored anywhere outside of my control. Having my own server
would mean the the NSA (or whoever) would have to do a targeted attack on me
personally, which is a whole different ballgame from everybody's encrypted
vaults sitting on agilebit's servers.

In the meantime, if I had to cross the US border (as a non-citizien!), I would
probably delete the whole 1Password app from my phone before crossing, and
then restore the entire phone from backup afterwards.

------
Sophira
I think this is an incredibly worrisome move on 1Password's part. Coming from
the right motives, but ultimately it'll end up being used against us.

Look at it from the perspective of the government. By bringing information
from elsewhere into the US, you're importing it. It just so happens that the
import security is tight in airports. So you use 1Password to delay importing
this data until you can reach it through an alternative import method which is
much harder to regulate - the Internet.

What's going to happen is that they'll spend much more effort on tightening up
the "import security" from the Internet. Things like SSL/TLS MITMing and deep
packet inspection will be used to enforce compliance.

Don't get me wrong. The ability to be able to do this is incredibly important.
If they had marketed this as anything other than a travel mode specifically,
and let users work it out themselves, it'd probably be better. But as it is,
they've created something which is basically publicly stating that it exists
to break import security, and as a result it's going to get a lot of attention
from the wrong people. I worry that the existence of this mode this is going
to be used by the government as an excuse to have a "Great Firewall of
America".

~~~
rawfan
The difference is: with physical access, "they" are in control (during
import). Importing over the internet, the user is in control (by using proper
encryption).

If they beat encryption, everything is over anyway.

------
misnome
Isn't the counter simple; they ask for your logins to the 1Password vault? I
guess this just adds an extra layer of obfuscation.

The most secure way I can think of is to either encrypt your drive (or wipe
for travel and online restore once arriving) and physically mail the new
password (or hand over to a trusted friend/store location) to the destination.
Then there is no way of restoring at the airport.

Of course, then they can just detain you indefinitely for not revealing the
password you don't know...

~~~
xiphias
,,even if you’re asked to unlock 1Password by someone at the border, there’s
no way for them to tell that Travel Mode is even enabled.''

It looks similar to hidden partition in TrueCrypt

~~~
mcgrath_sh
Any subscription-based 1Password can be accessed from the web. Couldn't they
just demand those credentials?

~~~
eridius
Only if you know them. I don't know about you, but I don't have my long random
account key memorized (only my master password). You can't log into the
website without that account key.

Of course, you do need to be able to log in to turn travel mode back on, so if
I were to use this I'd probably do something like set up a service to securely
send me my account key after I'm expected to have finished crossing the
border, or maybe just store it on a remote server that I have access to under
the expectation that the TSA can't demand that I SSH into a remote server
(especially one they don't even know about). Though if I'm traveling alone
(instead of with my wife) I'd probably just call her and ask her to turn
travel mode off for me.

~~~
confounded
That's a great solution if you're a US citizen and want to enjoy showing off
to a border guard before being guaranteed entry, but for migrants (who are
most affected by this), this kind of 'gotcha' logic would likely be considered
insubordinate grandstanding, and get them denied entry.

~~~
eridius
> _this kind of 'gotcha' logic would likely be considered insubordinate
> grandstanding_

I'm not sure what you mean. I don't think it's unreasonable for anyone,
migrants included, to tell CBP "I don't feel safe traveling with sensitive
data, so I don't have any of that data on my computer". What's the 'gotcha'
here? CBP isn't the only reason to want to have Travel Mode, there's also the
increased risk of having your laptop stolen or misplaced.

~~~
confounded
In your original post, I took

> _Only if you know them. ... You can 't log into the website without that
> account key._

To mean that you'd openly have access to information in front of the guard,
and then let them know that you can't access it at this time because of your
elaborate scheme (e.g. tell them that it exists, but that they can't have it).

That's quite different to just not travelling with the data (or evidence of it
existing) at all.

> _CBP isn 't the only reason to want to have Travel Mode_

No, but it's the only 'reason' that's likely to use serious, life-altering
coercion to make you to disable it, if they detect that it exists. It may be
better to have no data that suggests capabilities, than openly posses
partially disabled capabilities.

There's no way for a border agent to tell if you're refusing to disable travel
mode because you won't or you can't (and little reason for them to care).

------
davidgaw
It's a clever idea, but how long before border authorities simply order
travelers to log on to 1Password and turn off travel mode, or be denied entry?
I'm guessing not very.

~~~
aoeusnth1
:-/

What we really need is plausible deniability - if they don't know you use
1password, they don't know to ask for it.

~~~
Whitestrake
Is plausible deniability the right term here? Usually that's about the ability
to deny having known about or authorised something after it's already been
discovered.

I'm not really sure how you'd refer to the concept "they don't know I have it,
so they don't know to ask". Security through ignorance?

~~~
aoeusnth1
I guess it's a type of steganography then.

------
petepete
Is travelling with confidential data really necessary? Wouldn't it make more
sense for me to have a 'empty' notebook and store my data out of harm's way
(but accessible via a VPN).

~~~
confounded
I've come to the conclusion that this is the only reasonable technical
solution.

Don't travel with sensitive data, and openly explain that you don't do so.

The frustrating part is the UX, and the fuss when you land.

I've found that this works:

\- Burner android (burner account explicitly for travel) for music, podcasts,
light browsing, etc.

\- Cheap ThinkPad for headscratching / hacking (work over SSH, keys on a
Yubikey, IP in your head. YubiKey as second factor for password manager as
browser extension (uninstall before the border))

~~~
jaskerr
Any recommendations for a "burner android" phone?

~~~
confounded
I'd just go to your local phone repair kiosk and see what they have lying
around for cheap.

------
netgusto
Wouldn't an alternative "destroy everything" password be a good idea also ?

Would work like this : When forced to enter / give the password to your vault,
you enter/give this one, and everything the vault contains is wiped out before
the vault is unlocked.

~~~
matt_wulfeck
Once again we drum up technical "solutions" to what ultimately is a policy
issue.

A better idea is to change our laws so that our constitutional rights are
respected. If that's not possible then the next solution is to change our
elected officials.

~~~
djsumdog
> change our elected officials

In America, who you vote in has very little effect on public policy, and by
very little I mean a near zero/statically insignificant amount (unless you're
part of the top 10% of income earners):

[http://fightthefuture.org/videos/does-voting-make-a-
differen...](http://fightthefuture.org/videos/does-voting-make-a-difference/)

~~~
specialist
Eeyore / South Park style cyncism actively forments apathy. Self-fulfiling
prophesy.

Counterpoint: My friends and associates do amazing things. Marriage equality,
marijuana legalization, DREAM Act, etc, etc. I (a yeoman) also do what I can.

Maybe think of politics, society, culture like thermodynamics:

Organization requires continuous effort, to mitigate entropy.

~~~
djsumdog
Keep in mind Marriage Equality in America came via the supreme court, not
legislation (unlike New Zealand, Canada, et. al.)

I'm not saying people shouldn't be active. Groups like The Anti-Corruption Act
([https://www.youtube.com/watch?v=lhe286ky-9A](https://www.youtube.com/watch?v=lhe286ky-9A))
are doing a lot, not to mention the group that pushed Maine's ranked voting
amendment.

But the vote itself is not very useful. There are other forms of activism that
are more worthwhile; those that seek to slowly and fundamentally change the
system. Focusing on the left right paradigm will ultimately lead people to
being angry at two parties that are essentially the same.

~~~
Udo_Schmitz
> Keep in mind Marriage Equality in America came via the supreme court, not
> legislation […] But the vote itself is not very useful.

Liberal supreme court judges do not materialize out of thin air, do they?

------
vit05
One thing that I have always thought about is why Emails doesn't have
disposable passwords. For example, you make 1 new password that you can use
just one time.

That way if you need to use unsafe PC from a hostel, you can log in with that
password.

~~~
robbyking
Or why we have passwords at all. Sites like Medium have moved to a
passwordless model, where you're sent a login link to access your account
rather than forcing you to remember or retrieve a password.

[https://blog.medium.com/signing-in-to-medium-by-email-
aacc21...](https://blog.medium.com/signing-in-to-medium-by-email-aacc21134fcd)

~~~
pavel_lishin
Where would you send a link to log into your email?

~~~
c0wb0yc0d3r
I was thinking it would be super cool if you could use something like
[https://krypt.co/](https://krypt.co/) and use public key private key.

Sure, you would need that ssh daemon running on the computer, but I bet it
could it could be retrofitted to use qr codes or something.

------
faragon
TL;DR: Just avoid traveling to the USA.

P.S. I love the USA, don't get me wrong. I hope some day the madness on the
borders gets less paranoid.

~~~
lacampbell
And the UK. And New Zealand. And I believe Canada. And...

~~~
staticelf
And definately Australia and China.

~~~
aldanor
Which makes Ireland the only English-speaking country where you don't expect
stuff like this to happen?

~~~
staticelf
I don't understand why the language would matter? In Sweden we don't have this
control and we speak better english than many americans.

~~~
lacampbell
No, you don't.

------
teekert
I use Linux. I'm convinced that if I put a small Windows partition up (or
another Linux install) and make grub boot into it automatically (with little
delay) no one would ever notice. Does any one know if they check for multiple
partitions at all?

And Android can have multiple users, can you set up a new user and boot into
that one automatically?

~~~
safeharbourio
well, with some experience, border guards will learn to spot a non-ntfs
partition, that windows dutyfully reports as unformated/blablah space, so that
will eventually be caught, dont rely on this to actually protect you, its more
of a sleigh of hand that may be easily spotted by the right guard.

~~~
netsharc
Time to write one's own filesystem driver, that either hides this info or
shows the disk as fully partitioned but empty NTFS partition, and when
something tries to write onto it, throws a failure (so you can have e.g. 10 MB
at the very front of the partition free, and the rest looks empty, but
actually contains your Linux system)

Another hack would be one's own BIOS, that lies to Windows saying "This disk
is 100 GB", but given the correct unlock signal, will admit to the OS "this
disk is 500 GB big".

~~~
lloeki
What about dumping the partition table before simply removing the partition
that matters? Just restore the partition table later. You could even grow the
remaining partition without growing the actual filesystem, and hack something
so that the FS layer reports the whole size. Or have both GPT and MBR that
differ, offering two different views of the disk. If you're using lvm or btrfs
you could also make a snapshot before removing all data then revert to the
snapshot, and/or apply clever subvolume tricks like btrfs-convert does to keep
the ext filesystem around [0].

[0]:
[https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3](https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3)

------
gtirloni
Mandatory "No Linux client" comment :|

Does anyone have any insight if this is a pure business decision or there's
something holding them back technically?

~~~
mockindignant
They can't even ship version of their Windows client with the ability to
create/edit/delete local vaults.

I think they are focusing on money before all else. They do still make a good
product, but the direction they are moving towards eliminates their support
for many threat levels that they had previously.

Now you have to have a cloud account and you have to store your stuff there
because their supposed "cross-platform" client cannot work on their own vault
format on Windows.

They might respond saying the version 4 of the windows client supports working
with these vaults, but version 4 does not support OTPs so if you want to use
the modern features without relying on their cloud storage...they don't care.

If you go to their forums and read the response from the community about
windows not supporting creating or editing of local vaults you will see they
are by and large dismissive. So I think it's really about money and resources.

------
codelitt
Excellent effort. I do wonder though, what is to prevent authorities from
forcing you to just turn off travel mode? Is there a timer that you set?
Deadman's switch? Geolocating? (The last 2 are not good solutions, but you get
the idea)

Edit: I missed this bit below:

> even if you’re asked to unlock 1Password by someone at the border, there’s
> no way for them to tell that Travel Mode is even enabled.

However, it won't take very long for authorities to wise up, know that
1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I
missing something?

~~~
blacksmith_tb
My instinct is that if you have anything stored on your device, you're at risk
crossing borders. So in my case, I would likely remove both the Dropbox app
and KeePass, and then reinstall them on arrival. I suppose that would leave
detectable traces, which could argue for using a burner phone, and then
installing those two on arrival on it.

------
brokenmachine
Although it's a great option, what's to stop them for asking for your
1Password account credentials?

I believe they already ask for your social media accounts, don't they? That is
ridiculous in itself. Why not ask for my bank logins while you're at it?

~~~
bobwaycott
> _Why not ask for my bank logins while you 're at it?_

One step at a time.

------
simonCGN
It is very sad that it had to come that far

------
YeGoblynQueenne
Could we have something like time-delay passwords? Like the time-delayed
vaults they (allegedly) have in banks?

Then you could say: "Even if I agreed to give you my password, you wouldn't be
able to unlock my device with it for another 24 hours".

~~~
chrismorgan
That’s just _begging_ them to detain you for a day.

Time delays only work for the entity in power. The bank has your money, you’ll
just have to wait to get it. But the border people have power, not you; they
can make you wait if they want.

~~~
YeGoblynQueenne
I understand that even in the USA, to detain someone for 24 hours you need
something like a warrant or some kind of special permission from the
judiciary. I mean, if it's got to the point where the border force (?) can
just detain you on a whim, I have a much better way to keep my data safe: by
not flying to the USA.

------
kevindong
Or: just delete the app before you get to customs and redownload after you
pass customs. Simple, elegant, and fool proof.

~~~
rosser
If CBP knows you're a 1P user (which they hypothetically could since the NSA
has read 1P's emails to you, a foreign user of that service), but you don't
have the app installed when you attempt to enter, what makes you think they'll
respond differently than they _currently do_ to people whom they know have
Facebook accounts, but delete the app from their device before attempting to
enter the country, rather than allow the immigrations agent access to their
feed?

~~~
mazamats
"I forgot my password"

~~~
rosser
That will get you a cell in the UK, true or not.

In the US, it will probably get you denied entry, possibly permanently, for
"lying to a customs officer" (if a non-citizen), or the device possibly being
confiscated if you're a citizen, (and a note in a file somewhere that says
you've probably lied to a federal agent — particularly if they happen to catch
any security camera footage of you stupidly using your device shortly after
exiting the international arrivals area).

------
seanhandley
They can only legally view the data you bring into the country on physical
media in your possession as you pass through customs.

Though it's not difficult to remove the app/vault and then reinstate it after
customs...

------
benologist
I have some ideas I think will improve our security in this direction. Apple
seeks to make it technically impossible to extract iPhone data and I've been
wondering how we can do the same with using someone's credentials to enter the
systems we build.

One idea is to allow users to define how many concurrent sessions they can
have so they can manage those slots and require something sign out before
their credentials can sign in again.

The other is to allow users to configure a schedule when their credentials
work so you can block most of the world and probably most of most days too.

------
jackjeff
In a true democracy this would be a pointless feature.

~~~
tlrobinson
Why? What prevents a "true democracy" from enacting strict border controls?

~~~
jackjeff
A democracy is not just a system of governance. The fact that a law was voted
by congress means it is a republic, or a parliamentary monarchy.

To be considered a democracy a country needs to provide its citizens more than
the ability to elect a legislative body. There needs to be some basic freedoms
and guarantees as well, like strong protections against unlawful detentions
(habeas corpus) and unlawful seizures.

Border control agents are provided exceptions to the normal rules. They can
check your luggage for weapons or illicit goods without any probably cause.
The logic behind these exceptions is that it has a deterrence effect on
criminals that would like to bring in illegal goods.

But going through your digital information makes no sense in that regard. If
you were "up to no good" you would be able to send that information digitally
without stepping foot in the country. Going through someone's private
information is not about ensuring the safety of the country. It is an invasion
of privacy and an intimidation tactic. The deterrence effect is not against
criminals. The government uses this power to intimate people they do not like.
For instance Loira Poitras and Glenn Greenwald are routinely subjected to
this, for political reasons. Many muslims are subjected to this, simply
because they are muslims.

These are the tactics of non democratic regimes. It is sad to see them
becoming more and more widespread in the US.

------
tormeh
If you travel for work, wouldn't it be better to just let your employer hold
the password? When border security asks for data you truly cannot provide it.

I think the only way to get around this shit is to have another person hold at
least part of the key. Border security can't force you to lie to your employer
on the phone, so they're not getting access.

------
rukuu001
Crazy question: is it more effective to have your laptop couriered to you
after you've arrived and cleared customs?

~~~
brown9-2
Your laptop has to clear customs too, and it won't be in your possession with
this plan.

~~~
nictrix
If the laptop is not in your possession when it has to clear customs wouldn't
this mean they cannot ask you for the password and such, then this would limit
what they could do? Though they could still seize it, but at least without the
knowledge of passwords and social media.

------
marenkay
I'm kind of wondering how this all works in general when getting to the US.

Considering my usual work contracts, complying with letting border control
look into my fully encrypted work laptop would actually be a breach of my work
contract.

How do you guys handle this?

~~~
Cthulhu_
Refuse to go to the US unless provided with a safe / separate laptop that
contains nothing that would cause a breach.

I'd make it your employer's responsibility. If you have to go to the US on
business, it's your employer's responsibility to help. Or to not send you to
the US.

------
nihonium
I don't understand. Is this really a thing? I'm from the UK and never heard
such a thing. Is this common in US? What are they looking for? Do they just
pick someone randomly, login to the laptop and check emails and stuff?

~~~
dflock
As I understand it, they generally don't just aimlessly scroll through your
email/facebook in front of you, then give your device back (although they can,
if they feel like it) - they get you to surrender your credentials, then save
these in their database; the contents of the accounts will then be downloaded
automatically.

Same for devices - they have you unlock the device, then take it away, plug it
into a PC/whatever, which sucks down a complete image of the device. Then they
give it back, if they feel like it.

Obviously, if they do this with your email & facebook, they're also sucking in
all your connections - your social graph: everyone you've ever emailed or has
emailed you, everyone you're connected to on facebook.

~~~
nihonium
Thanks for the details? Is it a common procedure? Are they doing that to
everyone coming to US?

~~~
dflock
I think the answers to those are probably: No one really knows, and No, not
yet - although they do now (optionally) ask for your facebook/twitter
usernames when applying for an ETSA.

------
alexc05
I thought the trick was to back up the phone on one side of the border,
factory reset / wipe, restore the phone on the other side of the border.

Obviously that doesn't work for laptops - but for a phone it is in the realm
of possible.

------
firebird84
Would it be equivalent if my (for example with LastPass) vault required a 2FA
token to access, and I simply left the 2FA token at my house? I would in that
case similarly be incapable of complying.

------
jstoiko
I don't get how this would prevent border agents from asking to unlock / turn
off travel mode.

Why not make this feature tied to a geo-location? Like the hotel or the
conference centre I will be attending.

~~~
tehabe
AFAIK you can only deactivate the travel mode on the web profile. Of course it
would be much more effective when you use it in the team mode. So that someone
else has to deactivate the mode for you.

------
bisRepetita
One other way: change your password to a temporary one, give it to a trusted
friend who changes it. You don't know the password, you can tell the truth to
the border agent.

Once you're out of their hands, ask for it back and change it again.

Even if the friend is in the US, they cannot compell her/him to release it
easily, US laws apply.

There must be a way to also encrypt the new temporary password with 2 keys so
that the trusted friend cannot access your encryped content without your own
key.

~~~
timedoctor
I don't see how any of these solutions help. At the US border agents routinely
ask you to log into your email account and search your emails. If you refuse
to comply it is much more likely they will not let you into the country.

So they don't just search your laptop they try and search online accounts
also.

------
throw2016
Its great that they have at least thought about this and developed something,
but this just sidesteps the issue.

Only dissidents in despotic regimes need to resort to these kind of
workarounds for lack of other options. Why should citizens of a democratic
country have to workaround anything?

The solution to privacy, surveillance and overreach issues in democratic
countries has to be political, and not technical.

------
webninja
I am a U.S. citizen and I flew last year from America > Qatar > India and from
India > Qatar > America on a business trip. I was carrying two laptops.
Neither laptop was searched, but they were put in separate trays under the
x-rays to make sure they didn't contain physical explosives or hinder the
x-raying of the food and clothes in my backpack.

------
rafael859
Tangentially relevant, I made a pam authentication module for Linux a while
ago, that addresses this issue. It allows for the creation of duress
passwords. Here is the repository:
[https://github.com/rafket/pam_duress](https://github.com/rafket/pam_duress)

~~~
nictrix
That is neat! I would think using it at a border crossing would constitute
hiding something...right?

------
stickfigure
The right solution to this problem is, when traveling, always answer "no" to
"may I search your laptop?"

It sucks, and it many mean a lot of hassle ranging from confiscated equipment
to being held at the border to being refused entry, but this is just one of
the new risks of travel. Border security only gets away with this because
people say yes.

Companies need to make clear to their employees (and the public) that sharing
passwords is a terminable policy violation. You should be able to say,
honestly and credibly, "I won't unlock my laptop because I don't want to get
fired."

~~~
rosser
Do you _honestly_ think customs agents _care_ whether you'll get fired or not?
US immigrations will permanently sever families that have been together for
years or even decades with utter disregard for the emotional trauma they're
inflicting.

Your job matters exactly fuck-all to a CPB agent.

~~~
ForrestN
It completely depends if you are white or not. If you are white, and speak
politely, the agent will care deeply about your concerns, including potential
firing as an example. If you are not white, and especially if you appear
black, Latino or Arab, then your comment will definitely hold true.

~~~
TallGuyShort
Recently delayed by the TSA to the point of missing my turn to board. Was
subjected to additional searching. Upon finding nothing, I discovered the
extra searching was what they do when you fail the hand swab test. I had not
had the test administered. So they administered the test. I passed. They then
searched my things again and I was questioned regarding the quantity of
business cards I was carrying.

Oh also I'm white.

~~~
schoen
TSA is not the same agency as CBP. They don't receive the same training,
encounter travelers in the same situations, enforce the same laws, or execute
the same authority.

~~~
TallGuyShort
I've had similar experiences with CBP too. It's still a pretty silly
unqualified comment. They tend to be on power trips any chance they get, brown
or black or white.

~~~
schoen
I didn't mean to comment on the use of racial profiling; I've just noticed
that there's a lot of confusion about the difference between TSA and CBP.

------
avaer
When the features start rolling out, the market entrenches the status quo.
Props to 1Password though; this is a symptom and they are not the cause.

I guess the reasonable next step, when all the outrage has fizzled, is pre-
screening. Pay for the government to have all of your passwords all the time,
and save yourself the hassle.

~~~
brokenmachine
_> I guess the reasonable next step, when all the outrage has fizzled, is pre-
screening. Pay for the government to have all of your passwords all the time,
and save yourself the hassle._

Lol, on what planet is that the "reasonable next step"?? Do they want to see
my dick pics and login to my bank accounts as well? My poetry or whatever
rambling I may write? Am I not entitled to any privacy at all?

The actual reasonable next step is not to go to, or deal with, the US at all.

~~~
lawl
I assume that was meant as "it's reasonable to expect this as the next step".

~~~
brokenmachine
Ah, ok. I get it now. I read it incorrectly.

------
betimsl
I've had this idea for so many years now: your gmail account has - let's call
it - a master password and a throwaway password. Say you need to print
something from a public PC, you just use that password that works only once,
even if somebody key-logs it, you're safe.

~~~
teekert
2FA is basically an ever changing 2nd password used 1 time. I use it
everywhere it is supported. More info:
[https://www.google.com/landing/2step/](https://www.google.com/landing/2step/)

~~~
proaralyst
Additionally Google will give you a set of (longer) `recovery codes' that can
be used as one-time second factor passcodes.

------
ElDji
Bin Laden has obviously succeeded removing freedom that american citizens were
enjoying not so long ago.

------
speleding
A travel mode like this for Dropbox would be even more useful. Being able to
mark certain directories as confidential so they can easily be removed and re-
synced would be much better than deleting and re-installing the entire app.

------
cyphunk
because... seriously:

> the border agent asks "are you hiding any information from us?"

Answer yes, always, because: I have client data I'm most certainly hiding from
you on my computer because they'd in general be worried if it i didn't, also I
have passcodes to friends mail servers I manager for them I'm hiding from you,
also I'm hiding from you all the emails I've sent to my parents, I'm also
hiding from you all the pics of my gonads I sent to my lover. So yes, I'm
hiding information from you. What country is this anyway? <asks the person
arriving to the US from Germany>

------
SurrealSoul
Shame it has to come to this

------
neillyons
I'm surprised this is even a thing. Do folks get asked for passwords at
airports? What is the reason for this feature?

Hope this comment didn't come across as negative. I'm a big 1password fan.

------
m3kw9
The video/onboard tried too cute to make the Travel mode = off a confusing
ambiguity by making just gray. If you don't want to waste people's time make
things explicit.

------
beached_whale
It would be interesting if service providers like Google, Microsoft, Apple,
and Facebook started taking governments to court for unauthorised access to
their systems.

~~~
Havoc
It's OK. The NSA already has access to their data. No biggie.

~~~
beached_whale
That is the other half isn't it. How can one trust that non-security experts
can safely store your passwords in clear text on a networked system when no
one else can do it safely

------
kestal
Do you really trust cloud password storage services?

------
ubikretail
This might be troublesome in airports like Tel Aviv (personal experience). I'd
rather encrypt and send my data through regular mail.

------
theprop
I know many who buy an old laptop and ONLY use the Epic Privacy Browser or the
TOR browser on it when traveling.

------
fapjacks
LINUX SUPPORT PLEASE. Seriously, please.

------
mm4
maybe instead of developing all these bend over backwards solutions to deny
these data rapists from getting any pleasure out of it, maybe change the law
to make them stop doing it in the first place... they are acting on the rules
set in the system so change them.

------
partycoder
A more accurate reality: [https://xkcd.com/538/](https://xkcd.com/538/)

~~~
mikestew
At, say, the US/Canadian border? No, not accurate nor realistic at all.

~~~
lb1lf
Then again, you don't even need a $5 attitude readjustment tool when you can
just shrug and say "Whatever. You are detained until you cough up what we
want." \- and are able to do just that...

~~~
int_19h
They can't detain you indefinitely without articulating a good reason, even as
a non-citizen. What they can do is deny you entry. For citizens, not even
that.

~~~
easilyBored
* What they can do is deny you entry. For citizens, not even that.*

Job lost. Father died without you seeing him. Thousands of dollars gone in
lost ticket, reservations. That's more than enough for 99% of people. The
other 1% don't even try to enter USA

------
stefek99
Arms race in post-Snowdown era.

I would never imagine world in 2017 to look like this.

"Black Mirror"

------
edejong
I don't understand. Why would people not just change their passwords by
someone they know, travel, plausibly deny kniwlege of the password, and call
the relative to unlock once crossed the border?

~~~
dflock
Because they don't want to get detained, be denied entry, have to travel home
at their own expense, and be refused/blacklisted entry in the future,
probably?

If you're not a US citizen, there's no plausible deniability, due process or
rights at the US Border; CBP agents can deny entry to whoever, for any reason
at all - they have _very_ wide latitude and there is no appeal.

Legal details vary by country, but this is pretty much the case at all
borders, afaik.

------
tehwebguy
Detect CBP IP address?

> There are 0 passwords in your vault.

------
specialist
I'm a very happy 1Password customer.

Repeating my #1 feature request here, dovetailing this thread, please forgive.

Problem: My logins keep breaking as websites evolve, change their forms, etc.

Suggestion: Online catalog of login config/scripts.

a) Pre-populate with "official" scripts for top 50 websites. Also serve as
examples to show everyone how its done.

b) Permit users to submit new scripts.

c) Version these scripts. Use some kind of repo.

d) Keep track of success rate, a la bugmenot, retailmenot, etc. Anonymize
feedback, of course.

------
tiatia
Upload an encrypted image of your OS (Linux in my case) SSD on your server.
Install an older legit version of windows (which was likely provided to you
when you bought your computer).

Add some nasty gay porn and you are all set for the border.

------
mtgx
I wish Android and iOS also had a more incognito/hidden "travel mode" than the
current account profiles.

------
chronic940
I said I wanted to avoid terrorist attacks, not be near them.

~~~
dang
We detached this subthread from
[https://news.ycombinator.com/item?id=14405388](https://news.ycombinator.com/item?id=14405388)
and marked it off-topic.

