
Encrypted Chat Developer Detained, Interrogated at US Border - mindstab
http://www.zeropaid.com/news/101174/claim-encrypted-chat-developer-detained-interrogated-at-us-border/
======
jayro
Unfortunately, this is not an isolated incident.

"The filmmaker: Laura Poitras is an Academy Award-nominated documentary
filmmaker, whose recent films include “My Country, My Country,” about the U.S.
occupation of Iraq, and “The Oath,” which was filmed in Yemen. Since 2006,
Poitras has been detained and questioned at airports at least 40 times. She
has had her computer and reporter’s notebooks confiscated and presumably
copied, without a warrant. The most recent time, April 5, she took notes
during her detention. The agents told her to stop, as they considered her pen
a weapon."

...

"He [Jacob Appelbaum - a computer security researcher for the nonprofit
organization the Tor Project (torproject.org)] has been detained at least a
dozen times at airports: “I was put into a special room, where they frisked
me, put me up against the wall. ... Another one held my wrists. ... They
implied that if I didn’t make a deal with them, that I’d be sexually assaulted
in prison. ... They took my cellphones, they took my laptop. They wanted,
essentially, to ask me questions about the Iraq War, the Afghan War, what I
thought politically.”

[http://www.democracynow.org/blog/2012/4/26/the_nsa_is_watchi...](http://www.democracynow.org/blog/2012/4/26/the_nsa_is_watching_you)

* Detained in the U.S.: Filmmaker Laura Poitras Held, Questioned Some 40 Times at U.S. Airports [Video w/ Transcript] [http://www.democracynow.org/2012/4/20/detained_in_the_us_fil...](http://www.democracynow.org/2012/4/20/detained_in_the_us_filmmaker_laura)

* "We Don’t Live in a Free Country": Jacob Appelbaum on Being Target of Widespread Gov’t Surveillance [Video w/ Transcript] <http://www.democracynow.org/2012/4/20/we_do_not_live_in_a>

* Whistleblower: The NSA is Lying–U.S. Government Has Copies of Most of Your Emails [Video w/ Transcript] [http://www.democracynow.org/2012/4/20/whistleblower_the_nsa_...](http://www.democracynow.org/2012/4/20/whistleblower_the_nsa_is_lying_us)

------
mindstab
I love the inherent schizophrenia in the US political system. They are so in
love with anti censorship technologies when employed against countries they
don't like, like in China or Arab Spring, even going so far as to help develop
the tech (tor) or ask the maintainers for special considerations (the US gov
asked twitter to alter its maintenance schedule for Arab spring). But when the
software could be used closer to home, they target developers like they are
one step away from terrorists. The hypocrisy is... challenging

~~~
gavinlynch
"But when the software could be used closer to home, they target developers
like they are one step away from terrorists. The hypocrisy is... challenging"

So you see this border interrogation as part of a systematic policy to
intimidate developers entering the United States with expertise in
cryptographic dev? Gotta be honest, that seems like a wild and illogical
extrapolation to me based on this anecdotal story. So the end game of the
United States government is what exactly, in this effort? To keep people with
cryptographic talent outside of the US?

1) Why? I presume your point is that the government is attempting in a very,
very, very round-about way to stifle free speech? Please inform me if this is
not your point, I don't want to put words in your mouth.

2) What would that accomplish. We live in an era of instant communication and
transportation of software. Developers can work on products from anywhere in
the globe. If this man was denied entry to the United States, what is stopping
him from simply working for his company from abroad? The answer: nothing.

It would serve pretty much zero purpose to run a campaign of intimidation
against an incredibly small subset of the developer population... Programmers
with cryptographic expertise who frequently travel in and outside of the
United States... I don't get it. What about all of those with crypto
experience who are already in the US and don't travel. Aren't they a threat?
Are they being targeted? Where are their stories?

Doesn't the government, when they are looking to either break or make these
same crypto software, draw from the same talent pool as private industry here
in America? Why would they run that talent out of town?

If the US government wanted to suppress cryptographic research or otherwise
circumvent it in an effort to subvert Free Speech, don't you think there are
more precise and non-haphazard-and-idiotic ways of doing it?

This goes against the general sentiment of comments I've seen in this article,
but I just have to say it. I think the idea is ridiculous and above all,
completely inefficient for the goals everyone is ascribing to the border
agents and the government here.

Logic doesn't really back this up. I can't imagine the point of this. I am not
naive enough to think the government doesn't do some shady stuff, but I simply
don't see the point and don't see this as an effective tool in whatever their
war on developers is supposed to be.

~~~
halvsjur
From the Wikipedia page on Jacob Appelbaum:

> He has worked for Greenpeace and has volunteered for the Ruckus Society and
> the Rainforest Action Network

> Appelbaum is known for representing Wikileaks at the 2010 Hope conference.

The US government has a long and well documented history of systematically
harassing political dissidents.

Edit: my bad, skimmed the article and thought it was Appelbaum who was
detained.

~~~
beedogs
Well, he has been, too.

------
ChuckMcM
To use the vernacular, this story doesn't 'scan'.

The comment "It’s an open source encrypted, private alternative to other
services such as Facebook chat." and then the comment from an alleged
interrogator, “The interrogator (who claimed 22 years of computer experience)
asked me which algorithms Cryptocat used and about its censorship resistance.”
really set off some bells.

If it's open source, then git/svn/cvs pull a copy of the repo and read the
code. No need to interrogate the guy. And second the DHS doesn't have any
history of going after folks simply because they write some open source
software.

Now could the guy be detained for other reasons? Sure. But this feels more
like a troll to generate buzz for his app which seems to be on a few warez
sites. My quick look at Github and Sourceforge didn't find it there.

~~~
CodeMage
_If it's open source, then git/svn/cvs pull a copy of the repo and read the
code. No need to interrogate the guy._

While I understand what you're saying here, I can't help but think of how many
times my co-workers asked me something they could have easily looked up via
Google. I can easily extrapolate that to a border guard, especially if there's
an added benefit of harassing a guy you don't like.

~~~
ChuckMcM
Oh I definitely get that. I've got a friend whose french daughter is often
harassed coming into the US by immigration thinking she is an undercover nanny
or something. I have no love whatsoever for the TSA (and the DHS for that
matter)

My BS detector was pinging though that they even knew this guy had an open
source project. If they were hassling him because of that, they had pre-
knowledge of it and would know the answer to that question. If on the other
hand they just pulled him out of the line and started giving him the 3rd
degree because he 'looked like the type' and then got this 'crypto thing' and
then tried to exploit that for some other reason, well that would be more like
typical TSA protocol.

~~~
ebrenes
Even if they do have this knowledge, and even if they could just as easily
find it through Google or some other publicly available mechanism, they are
most likely just seeing if you'll incriminate yourself. Why do they ask me
what I'm doing when entering a country or where I'm staying when I've already
given this information to the airline before boarding the plane?

There's a whole line of reasoning behind their questioning tactics that
extends beyond getting to the facts. That's why the best legal advice is
simply to not say anything, because they are not in any way shape or form on
"a quest for the truth".

------
sashahart
If you travel frequently across borders, you will often be taken aside and
asked questions. It is mind-numbingly common, it has happened to me in
Schiphol (EU) several times. Very annoying, but not at all the same as people
being beaten and censored and put into gulags for mild civil forms of
political dissent.

Let's not trivialize real totalitarianism in our haste to condemn stupid
airport security theatre.

~~~
panarky
This is different from routine security nonsense. This developer was
specifically questioned about his open-source projects.

If DHS is targeting people when they travel just because they work on
information security, that's pretty chilling.

~~~
aggronn
We don't really know what questions he asked. For all we know, the developer
has a bone to pick and is grossly exaggerating his claims.

Guard: "What do you do for a living?" Dev: "Software developer on a secure
chat app"

Dev later claims he was interrogated about his work.

In regards to the specific question about the algorithm and the interrogator
knowing something about computers, isn't it possible that he was personally
interested in and asked while he had the chance to talk to someone who was
familiar with that stuff?

~~~
cldrope
While I'm generally the tin hat wearer in my circles, it's perfectly logical
that he was just curious.

If he had computer science experience he may have had a legitimate interest in
it. That said, he may not have been a programmer, thus the open source part
eluding him.

If it was the government they could just...look at the source.

------
mtgx
This is not the first time I'm noticing how US is checking every passenger
against some database with everything he said online. This makes me a lot less
likely to ever visit the US, and if awareness about cases like these grows,
I'm sure others will think the same way.

~~~
rdtsc
This makes me more scared living in the US. I am approaching the level of fear
of the government that is close to what I remember having from the older
Soviet Union (note: I never living the harsher political times there, mostly
during the mid 80s when stuff was thawing out).

It is not a fear that legally I can't talk or do things. It is fear again
irrationality and against bureaucratic mistakes. You pissed off one police
officer or one border patrol agent and now you are on some kind of secret
database or black list for life.

~~~
mtgx
Someone who has lived in communist countries understands the danger of this
trend a lot better than Americans do, it seems. There is Reddit in other sites
that raise awareness about situations like these, but I don't think there's a
critical mass yet to turn things around. The vast majority of Americans is
probably still more afraid about terrorists than they are of this trend in
Government, therefore the trend will continue.

~~~
gavinlynch
"The vast majority of Americans is probably still more afraid about terrorists
than they are of this trend in Government, therefore the trend will continue."

Government border checks are a bigger problem than religious terrorists?

~~~
ta12121
No, intrusive government government checks combined with government databases
of citizens' online activities are a bigger problem than religious terrorists.

And the answer is yes.

~~~
gavinlynch
If you don't want it known, don't put it into the public sphere. You call the
checks intrusive, I don't quite mind the idea that we are attempting to figure
out who exactly the people are that are coming across American borders into
this country. I'm sure you disagree.

And my answer would simply be no. In no way do I see monitoring the flow of
humans into our country as a bigger problem than religious terrorists whose
sole intent is to murder and maim as many innocent people as they can.
_shrugs_

~~~
gavinlynch
Very disappointed to hear that most people view a simple border check as more
dangerous than a fanatical religious terrorist. Again, I know this is not a
popular view, and will surely get more downvotes. Just kind of sad to me, to
be honest.

~~~
rdtsc
> most people view a simple border check as more dangerous than a fanatical
> religious terrorist.

Which terrorist?

So by your logic, because there was a fanatical religious terrorist at some
point in time, it is perfectly ok for this country to start prying into
everyone's (public and private) accounts, infer who knows what from what they
read there ("You write on twitter you are going to have a _blast_!? in Boston"
"Ok, step over here please"), and then proceed to interrogate people at the
border.

It seems like the guy was added to some black database somewhere. Are you in
that database too? Can you check who is in there? Do you know how one gets
added or removed from it?

Are you prepared to justify all the groping, and x-raying going in airports
because because of a religious terrorist. What else are you willing to
sacrifice because of this religious terrorist.

I am, for one, also very disappointed to see that you and others have drunk
the cool-aid that has been flowing from Washington D.C. (This is a War on
Terror, Be Afraid, Be Prepared for More Attacks, We Must Invade etc. etc.)

------
fijal
Ok. Maybe people leaving in the US don't know about that, but spending time
with US border officials is absolutely normal on the entry to the US. I travel
to the US about once a year, and my times spent on the border look roughly
like this (sorted, in hours) - 0, 0, 1, 1, 3.

------
milesskorpen
While I think the US has some absurd border policies, this sounds overblown --
only 1 hour?

I regularly hear about people detained for far more than that, and it wouldn't
be difficult for Border Control to hold him far long than that.

------
melvinmt
> If what you develop online or what you say online as it relates to Internet
> freedom could impact how you are treated at the Canada, US border, it
> certainly would make me think twice about coming in to the US.

Come on, don't be so naive. Everybody knows that the border guards google your
name when you're taken aside. That's probably how the guy with an "Arabic
sounding name" ended up on the first page of results with his encrypted chat
pet project and therefore got "interrogated" by border patrol by asking one
question.

The 1-hour extended interview with border patrol is not detaining someone,
it's just common practice. Happened to me several times.

------
vparat
I'm wondering after reading the article if I should be worried with the app I
wrote, <http://www.selinked.com> to learn nodejs and mongodb. It's a dead drop
sort of thing with chatting, all encrypted on the frontend so nothing get's
transmitted in the clear. It's not open source per se but all of the magic
happens on the front end so you can see the code. Backend just manages sockets
and stores encrypted data. When writing it it did cross mind that governments
could have an issue with it but after seeing that I was not the first one to
do this I figured I was ok. Now I'm starting to reconsider this position, I
already get enough shit at the airports due to the fact I'm a green card
holder and treated as a third rate citizen, don't need more.

------
drone
Given that we'll only ever get one side of the story, and that side of the
story being interpreted a certain way would certainly bring favor to the
author, how can we actually presume that the few tweets he made really gives
us the whole picture?

I mean, this is a guy who is, by what appears to be his own admissions on
twitter, a "internet freedom activitist," who just got done talking at a
conference about his software. This would be a great PR icing on the cake. I'm
not saying it's manufactured, but I have just as much evidence for that as I
do to the contrary based on the information presented.

------
soupboy
I know this is almost impossible, but can it be that the interrogator with 22
years of computer experience asked him those questions out of professional
curiosity. Again, even I think it highly unlikely to have been the case. But
were I to end up in some other profession after 22 years of computer
experience, even I would be interested in knowing which algorithms were used
and what the philosophical implications are for such a program.

~~~
jcoder
The claim is that they detained him and confiscated his passport.

~~~
aggronn
that alone is not something worth fussing over. it happens a lot, and to
people much less and more interesting than this guy.

------
tnash
Could it be related to this:
[http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_U...](http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States)

I remember in my college security class our prof recommended that if we left
the country we didn't bring any sort of cryptography work with us. I'm not a
lawyer so I don't quite understand the legal ramifications.

------
Paul_S
It's like someone going for a stroll at night in a shady part of town and then
complaining they got mugged. What the hell did they expect would happen? Same
goes for the US. Start paying attention to the news. It's been widely reported
for the past decade, yet people still go there.

------
thatusertwo
I'm curious as to how they know he is a developer on the project? Is he vocal
about his participation?

------
sebsauvage
With my client-side encrypted pastebin & discussion board, I'm not going to
the USA anytime soon. ( <http://sebsauvage.net/wiki/doku.php?id=php:zerobin> )

------
liamondrop
a _perhaps_ over-embellished encounter as a means to get publicity for his
app.

------
sneak
If they NSL his Gmail, now they have the email addresses and frequency graphs
of everyone with whom he communicates.

------
X-Istence
I wonder if I will subjected to the same sort of questioning ... I am
developing crypto software for my day job.

~~~
mfer
Crypto software is subject to export controls for many countries. If you are
going to distribute it as open source (or across borders from where it was
developed) you should become familiar with the laws and regulations for your
circumstance.

For the US there is a wikipedia post at
[https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_...](https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States)

~~~
Nrsolis
I've worked in INFOSEC (of a sort) before and now I generally work on routing
platforms. One thing that I've been schooled in pretty carefully is the law as
is pertains to import/export of cryptographic technology.

Some folks here might not be familiar with the plight of Phil Zimmerman, who
had the bright idea to invent PGP when there was a real chance that ALL crypto
in the US would be fiercely regulated by the federal government.

For his trouble, he was under indictment for something like 3 years while the
federales were deciding if he had broken any laws or not. His supposed crime:
someone managed to get PGP _out_ of the US. Not him...someone else. I guess
they thought he helped them.

SO this sort of thing isn't new; it's been going on for a while and there are
lots of stories around about folks who decided to write books about secret
crypto-loving agencies in the US and almost got arrested for doing so.

To ignore the reality of the government's position/actions on this is to
invite trouble. Your best answers to an agent of the government are always the
ones that provide a true but ultimately useless answer. Never lie.

I'm an US citizen, served in the military, and middle aged. On my last trip
back from Toronto, I got flack from the border agent because my flight out was
from LaGuardia but I was connecting through Philadelphia on my return. Border
agent gets all inquisitive and asks how I'm supposed to get from PHL to LGA as
if I'm trying to be subversive about it. I roll my eyes and show him my ticket
from PHL to LGA and all of a sudden he realizes he's an idiot. Bear in mind,
NONE OF THIS MATTERS. I'm a goddamn US citizen and I can enter anywhere I damn
where please. Of course, I didn't ARGUE with him, I just showed him and went
along my way.

The less upset/indignant you act when being questioned, the less suspicious
you look. That goes even if you've done nothing wrong and are completely
within your rights.

------
antidoh
How long until foreign businesses and governments prohibit key people from
visiting or transiting the US?

------
illamint
Link is blocked via Websense at work. Is there an alternate source?

~~~
cldrope
You can find the story without useless "journalistic context" on his twitter
feed, where it came from:
<https://twitter.com/kaepora/status/210366514442932224>

Or I pastebin'd the article for you or anyone else curious:

<http://pastebin.com/hKkLBMFp>

------
bobowzki
Which algorithm it's using... why don't they just read the code?

------
horsehead
_Where_ in the hell in that article is there any attempt to get the border
agents' side of the story? For all we know, this is entirely fabricated.

While it very well may be true, this is shoddy journalism at its finest. Take
this sentence, for example: "Apparently, a trip to the US now allegedly
features a frightening round of intense interrogation by American border
guards."

Apparently? Apparently!?! Are you kidding me.

Do some real journalism and stop quoting twitter.

------
planetguy
The impression I get is that if the US _actually_ wants to ask you about
something then they'll do it for more than an hour. They'll fly in someone
from the NSA to meet you at the border, he'll probably make you comfortable
and have a nice little chat with you and it will become a _big deal_.

Getting stuck at the border for an hour is a sufficiently short time, in the
bureaucratic system, that we can assume they didn't really care. In all
probability it was just some random border guard who really _did_ have a CS
background and was excited to get a chance to use it.

~~~
eridius
Someone with "22 years of computer experience" and knows about encryption
algorithms doesn't become a border guard.

~~~
rdl
Why not?

Work in the military for 20 years (ok, 22) in a communications or IT capacity,
retire, collect pension. 20 years of military computer experience doesn't
necessarily make you an expert or even employable, sadly.

You then get preferential hiring for other positions in the government,
especially law enforcement. Working for ICE/CBP wouldn't be a horrible job (if
you could do it for a few days a month, I think it would be fun -- you're
basically the first contact a visitor has with the US, and you get to meet
lots of interesting people from around the world. In most countries, this is a
particularly well respected job, a whole lot better than being deep in the
bowels of government bureaucracy.)

------
phene
If it's open source, why would the agents be asking what algorithms it uses?
I'm calling bullshit on this article and the tweets.

~~~
sashahart
If it is like the interrogation I have gotten from developed countries outside
the US, they are asking questions about what you do and what brings you to
their country, and the questioning can be somewhat adversarial. Which nobody
likes.

------
rorrr
He needs to sue the government.

------
xxiao
we do live in a hypocrisy world, esp in US, just embrace that to make life
easier.

I am wondering, they have a database that connects your name with the OSS
project you're on(or any projects for that matter)? and it pops out once they
input your passport number? quite surprised.

