
Court Rules No Suspicion Needed for Laptop Searches at Border - frostmatthew
https://www.aclu.org/national-security-technology-and-liberty/court-rules-no-suspicion-needed-laptop-searches-border
======
ck2
Here's the hidden worst part about this they don't mention.

You think border means at the point you cross into another country.

That's not what it means. Government can now do this behavior a HUNDRED miles
inland from a border. You could be just driving across town, to or from work,
and they can use this border search law because you are a hundred miles from
the border.

Oh and the border also includes the ocean, doesn't have to be another country.

[https://d320ze5h7gg57a.cloudfront.net/sites/default/files/we...](https://d320ze5h7gg57a.cloudfront.net/sites/default/files/webroot/privacy/spying/cfz_map/Image-
Map.gif)

100% of NY, NJ, Florida and half of Texas is subject to these searches as
their state is blanketed by the hundred mile limit.

 _edited to correct hundred instead of hundreds, bad memory_

~~~
tptacek
That's not true. The USG tried to make this case in the 70s and was rejected
at SCOTUS. I believe the confusion here is between the notion of a 100 mile
wide Constitution-free stripe of the country (which does not exist) and the
presence of specific, preordained customs checkpoints fixed within 100 miles
of a border (which do).

From 'rayiner's post, here's the 3-part test suggested by CRS:

* You have to recently have crossed the actual border

* "an agent should know that the object of a search hasn’t changed"

* Reasonable suspicion must exist

The first bullet here torpedoes the idea of a "100 mile wide Constitution free
zone". But: that's also just CRS's interpretation; CRS is simply a
Congressionally-funded think-tank. Without digging up the SCOTUS cite, I'll
suggest that the judicial branch restrictions on these searches are even more
severe.

One way to think of the "100 mile" concept is that the USG probably has the
authority to put a border control check _that would have applied to someone
crossing the border anyways_ as many as 100 miles from the border, rather than
at the border itself.

~~~
ck2
Here's someone who was stopped and (refused) search at an far inland
checkpoint who had not "crossed the actual border".

[http://www.youtube.com/embed/WVMZUgmrJrk](http://www.youtube.com/embed/WVMZUgmrJrk)

Ended very badly for them. Very badly.

So cite all the SCOTUS you want, police are doing whatever the hell they want
in that 100 mile zone including false triggers by dogs that are proven wrong
most of the time.

~~~
fencepost
Watching the video and looking at some other info, my take on this is that he
was A) well aware that arguing points of law with officers on the street is a
bad idea (argue them in court later) and B) quite willing to do so anyway.
It's not so much that he refused search as that he refused to _even get out of
the car_ when told to do so by an officer after a dog alerted on the car. I'm
not sure if he was tied in with conspiracy theorist Alex Jones before this or
only after the fact, but if it was before then I'd have no real problem
considering him an agent provocateur looking for trouble to get into.

I'm well aware that dog alerts are very questionable and are (arguably)
regularly used as a pretext for illegal searches, but what you do in these
situations is comply with ALL lawful orders (including GET OUT OF THE CAR) but
decline to consent to searches. If you're not sure whether an order is lawful,
you comply and let the lawyers and judges sort it out later.

Or put differently, "idiot."

~~~
bhickey
Among other things, you seem confused about the meaning of 'agent
provocateur'.

An agent provocateur a law enforcement agent who infiltrates a group. Once
there, they get violent in order to justify reprisals against the group.

~~~
fencepost
Is being an agent of law enforcement actually a part of the definition? Still,
I agree that I probably should have found a better term.

------
bazzargh
A quote from the ruling that bugs me: "[The detention of David Miranda] is
enough to suggest that it would be foolish, if not irresponsible, for
plaintiffs to store truly private or confidential information on electronic
devices that are carried and used overseas"

(p23,
[https://www.nyed.uscourts.gov/sites/default/files/opinions/1...](https://www.nyed.uscourts.gov/sites/default/files/opinions/10cv4059mo12312013.pdf))

This is in the middle of a discussion of carrying lawyer-client privileged
documents over the border; the judge says you should have no expectation of
privacy because other countries may conduct invasive searches too. As advice,
it's hard to disagree, that's where we are now; but surely two wrongs don't
make a right?

It would be obviously wrong for police to confiscate your money because you
were walking towards a rough part of town where you might be robbed. Yet that
is the kind of logic the judge applies here; he relaxes the responsibilities
of the US govt by invoking hypothetical actions by others. The example he
cites was not even a normal border shakedown, but a specific action that was
signed off by a government minister; do unusual acts like this change
expectations of privacy in the normal course of events?

------
zaroth
Amazing, this is literally the first paragraph in the ruling:

"Since the founding of the republic, the federal government has held broad
authority to conduct searches at the border to prevent the entry of dangerous
people and goods. In the 21st century, the most dangerous contraband is often
contained in laptop computers or other electronic devices, not on paper. This
includes terrorist materials and despicable images of child pornography."

Judge Korman is quoting Michael Chertoff, Searches Are Legal, Essential, USA
Today, July 16, 2008, at A10.

~~~
salient
Child porn? So they are worried people are bringing child porn _into the
country_ through laptops? What the hell? I mean I'm not saying it's never
going to happen, but what a ridiculous compromise to make.

It seems to me judges are starting to be co-opted by the corrupt power in US,
too, lately. It's probably because many of them are starting to be given
positions by corrupt administrations that are in favor of the surveillance
state. This is also why I'm terrified about Obama naming any Supreme Court
Justices by the time he leaves Office. The current Supreme Court is definitely
not perfect, but I think so far they've erred on the side of privacy. I worry
that balance will change if Obama gets to name 1 or 2 Justices.

As an example, ACLU had a talk at 30C3 where they mention Valerie Caproni,
FBI's top lawyer until 2011, and how she was very focused on increasing
surveillance capabilities for the FBI through "legal backdoors". And then she
was recently named a _federal judge_ in New York. I wouldn't be surprised if
this was her giving this ruling, but just goes to show how good judges are
starting to be replaced by bad ones, in favor of the surveillance and police
state.

[http://www.youtube.com/watch?v=txRdOjgokQ4&feature=youtu.be&...](http://www.youtube.com/watch?v=txRdOjgokQ4&feature=youtu.be&t=20m30s)

~~~
dfraser992
"Drug Warriors and Their Prey" examines the process by which the WoSD started
to corrode civil liberties and how those tactics paralleled those used in the
rise of the Nazis. Co-opting the judiciary to ensure those with the
appropriate mindset or judicial philosophy was a key tactic - thus judges were
able to make rulings supporting the bad policies of the executive branch, and
so it all snowballs. Terrorists are only a revamp of "drug lord"; it's as if
the WoSD could only take the authoritarians so far, so they switched to a new
bogeyman. Given the advances in legalizing marijuana, the WoSD seems to be
ending, but when will the war on terror ever end? It's going to be
generations, because every innocent person killed by drones in the Middle East
will be remembered by their family for generations - and they will never stop
hating the US government.

[http://www.amazon.co.uk/Drug-Warriors-Their-Prey-
Police/dp/0...](http://www.amazon.co.uk/Drug-Warriors-Their-Prey-
Police/dp/0275950425)

Everything this book discusses is going on now, under the guise of combating
terrorism. It is like there is a general blueprint for creating an
authoritarian state, and it doesn't require a grand conspiracy, only the
repeated short sighted actions of corrupt people with the same flawed
worldview. It's like an unconscious conspiracy.

------
rl3
Interdicting data at borders seems to me as the height of stupidity,
considering said data can flow freely across borders anyways, via the
internet.

These policies have no legitimate reason to exist, and can perhaps only be
explained by a combination of paranoia, ignorance, and incompetence. It would
stand to reason that any terrorists or criminals foiled by these methods would
tend to be of the exceedingly dumb variety.

~~~
tzs
Not everyone who goes into illegal endeavors is the criminal mastermind you
fancy that you would be if you turned to the dark side.

Hell, there are plenty of people dumb enough to video themselves or friends
breaking and entering, beating up people and stabbing people, stealing cars,
and the like and POST THESE VIDEOS TO YOUTUBE OR ON SOCIAL NETWORKS.

People do in fact cross borders with ridiculously incriminating things on
their laptops and phones, such as photos of the kiddie sex tourism, email or
logs of chats from the person who talked them into carrying drugs, and things
like that.

~~~
StavrosK
Clearly, if anything, we should have more random stops and searches, maybe
even in the streets. That would catch more of these dumb criminals.

~~~
tzs
Why did you post this as a response to my comment? It has nothing to do with
any point I was making (namely, correction of factual errors in rl3's
comment).

~~~
StavrosK
Hmm, I read it as justification of the policies. If you didn't mean it as
that, I retract it.

~~~
tzs
I took rl3's comment as basically saying that since it is so easy to send data
across the border using the internet, only someone so extremely stupid that
such people are unlikely to even exist would actually try to cross the border
with a laptop or phone that contains evidence of a crime. The implication is
then that it is fruitless to look at phones and laptops at the border to try
to find criminals.

My response was trying to say that he's way off in his understanding of what
people of average intelligence do when they do criminal things. There are
plenty of arguments one can use to make a plausible case against widespread
border searches. The argument that basically no one is dumb enough to carry a
phone or laptop with incriminating data across the border is not one of them.

~~~
3825
Should we randomly go into people's homes and demand people to open up their
houses and kick them out pending investigation? Clearly, we can do that now if
they are 100 miles from the border if we can confiscate laptops and hold it
then we can confiscate homes and cars and hold them for investigation as well.

~~~
tptacek
The same logic suggests that all customs searches are unreasonable; after all,
they could also take place in your home.

~~~
StavrosK
Not exactly. You aren't considering that there's a threshold to overcome. All
customs searches would be unreasonable if there were a trivial way to send
items without going through customs.

Invading everyone's privacy to catch a few dumb criminals (because all non-
dumb criminals would have just sent their data through the internet) is a
really really bad tradeoff, because the cost:benefit ratio is too high.

------
joshfraser
I travel abroad a lot and am pretty sure I'm on a special NSA list at this
point or will be soon. Besides all my anti-NSA tweets and emails, I've donated
money to support Snowden, Lavabit, ACLU, EFF and Ron Paul. I guess it's time
to pick up some cheap laptops that I'm okay losing to the border thieves.

~~~
Theodores
To add to the fun...

Buy a QIC tape cartridge, as used on workstations and servers in the 1990's.
Get a dyslexic child to label it with 'Snowden Docs' in faux Cyrillic and then
carry that with you, in the top of your luggage.

The tape need not have anything on it, although, should you find a QIC drive,
you could go for some ASCII art porn that only reveals itself if you pipe the
output of dd into od. Obviously, before writing this to the drive, put some
adjustments on the tape head so that a correctly calibrated drive won't read
it too well.

To make sure they don't accidentally miss the tape, deliberately contaminate
it with a substance of interest. A bag of fertiliser should suffice. Before
you head off on your travels pop the tape in the fertiliser and give it a good
rummage so that it gets suitably covered with a fine dust of known-bad-stuff.

The outcome of carrying the tape can go one of two ways. Either they give you
untold hassle for 'just carrying a QIC tape' (as the headline in Slashdot
screams) or they completely ignore the tape, in which case you have 'proven'
the way to thwart the TSA is to carry secret documents on a legacy format.

~~~
lostlogin
Is it breaking any laws to have a few rather infectious viruses on something
you know will be searched? Presumably they allow for this though..

------
girvo
The issues arise with the fact that every countries border is inherently leaky
anyway: the internet makes sure of that. So, searching your computer and
confiscating your device because you're not a fan of some not-even-a-cop going
through your stuff will just push those that they _want_ to catch to
transferring files somewhere to retrieve when they're in the country.

I'm an Aussie. I have nothing to hide in terms of data on my computer, as far
as I know. If I was flying to USA (as an example) tomorrow, I'd wipe my laptop
and phone clean, put images on my server, and access them via SSH once I'm
through the border... Why the hell do I need to do that?

~~~
lostlogin
Given the way US allies behave, I'm not sure your data is any more safe at
home. New Zealander here. Amusingly, I know of several people here who cc our
prime minister every time they send an email, to save him the effort of
signing any request to spy on a citizen. His mailbox must be something awful.

~~~
girvo
Yeah I know, five eyes is alive and well, hence why all local stuff I have is
encrypted, despite it being annoying to do so. Sad state of affairs.

------
thematt
Does anybody know what they're looking for? Border Patrol/TSA/Homeland
Security agents aren't the sharpest tools in the shed and I can't imagine
they're very computer literate. Are they just poking around the filesystem? Do
they have automated tools that search for stuff?

~~~
bonestamp2
I actually had my laptop searched once.

First of all, if you won't enter your password, they confiscate your computer.

Since I wanted to keep my computer, they opened windows explorer and searched
for all JPGs and GIFs. Then they asked me, "What kind of photos am I going to
find on here?" It was a female agent, and the conclusion I came to is that
they're looking for kiddie porn.

I had no exciting photos on my computer, but I did have a shit-ton of boring
photos so it wasted 30 minutes of my time and made me think that they think I
look like a perv.

~~~
marvin
That would be a quite interesting scenario. I have a certain amount of home-
made kinky porn on my hard drive. I would love to see the border agents try to
not get uncomfortable as they look on pictures of me and my sex partners in
very compromising positions. It's obviously very disturbing that I would have
to put up with that when entering the USA, but I'm quite sure that the "female
agent" would be more freaked out than I would.

Still, this is a bad policy which you guys should try to get repealed. If they
do this regularly, they must obviously stumble across home-made porn all the
time. None of my sex partners have ever consented to have their naked bodies
examined by some high-school dropout border guard somewhere.

~~~
JoeAltmaier
Border guards are federal agents, not TSA agents, right? I'm thinking the
education requirements are greater.

------
rdl
Best current practice for crossing "hostile" borders remains wiping all data
off the devices, traveling with them in close to factory state, then bringing
them back to your baseline once inside the country. It's a little tricky and a
bit of a pain, especially if you have a lot of stuff you want to download (for
me, I usually work with VM images, so I need to download many many gigabytes,
and hotels often have bad Internet). It also makes "getting any work done on
the plane" a real pain.

(There's also the "travel loaner laptop pool" concept, and the restricted
access for remote people. Works a lot better for an organization than for
individuals; this would be kind of an interesting appliance or service for
individual professionals and for SMBs.)

~~~
salient
By the way, I hear you can't really "wipe" data on SSD drives. I don't
remember why exactly though. Probably some fault-tolerant mechanism. Or maybe
it's what NSA has been asking HDD OEMs to make from the beginning.

~~~
raverbashing
Hummm not really

Just write data up to its size. Multiple times, just to be sure

Read it from /dev/urandom

~~~
rdl
Unfortunately this isn't adequate. Drives contain "extra" storage space above
rated capacity, as well as reduce delivered capacity, which gets periodically
unmapped by wear leveling, or due to errors, etc. This is a bigger deal on SSD
than on spinning-rust, but even with rust, it was an issue (esp with 4K
sectors, or when worried about things like keys).

It's certainly better than nothing, but not sufficient practice in a business
or high-security-professional environment.

An attacker is willing to load custom firmware onto the drive, or to move the
chips into a new device, or otherwise read it out raw, and will have access to
more material than your dd can write.

The standard should be "can I prove this will work reliably, given all the
layers beneath me", and for that, the only adequate answer is physical
destruction. You could possibly design a drive where you're guaranteed to know
if everything is fully deleted, and as long as you trusted the
design/implementation/current-status, you could rely on it, but then you'd
have a $100k 100GB SSD. So much easier just to replace old drives, or to
guarantee that nothing interesting every touched the disk unencrypted, or
ideally both.

~~~
raverbashing
"Drives contain "extra" storage space above rated capacity, as well as reduce
delivered capacity, which gets periodically unmapped by wear leveling, or due
to errors, etc."

Yes, that's why you fill it multiple times. But yes, you can have information
leaking in a sector that went bad and was remapped

But the good thing about SSDs as well is that they're much easier to destroy,
just microwave it, or provide an excess voltage to it (may need more work than
simply connect the power input to wires coming from the wall)

~~~
rdl
I believe (but can't find offhand) there are drives which have physical-
destroy as a normal interface-accessible command. i.e. "set off the thermite".

A lot of SIGINT/COMINT gear designed for field use had magic destructo-
capability designed in, too. I think after the USS Pueblo, especially.

------
GigabyteCoin
Here's an idea.

Leave everything up and running on a desktop safely inside your own home and
connected to the internet 24/7.

Bring your own barebones laptop with nothing installed on it to
COUNTRY_PARANOID_OF_EVERYTHING.

Using X11 forwarding, one must only remember the password to their home
desktop in order to gain full access to it and all of it's graphical programs.

[https://wiki.archlinux.org/index.php/Secure_Shell#X11_forwar...](https://wiki.archlinux.org/index.php/Secure_Shell#X11_forwarding)

~~~
znowi
Here's another novel idea. How about to fucking riot and repel this policy?

So far, the reaction on intrusion of privacy by the government from the people
was to circumvent it, go underground. A reaction commonly expected from a
country like Soviet Union where people had zero say on the rulings and had to
be creative to avoid surveillance.

I'm saddened to see a similar attitude in the US.

~~~
philwelch
We tried electing a civil libertarian constitution scholar for President. What
exactly are we supposed to try next?

~~~
_cipher_
Do not act like sheep perhaps?

NSA/etc has been fucking with people's rights for so long and I'm surprised
that their main building is not yet burned down.

Someone one time said "[..] by the people, for the people [..]".

If you think that your responsibility begins and ends with a simple vote,
you're far away from reality. ;)

~~~
philwelch
> NSA/etc has been fucking with people's rights for so long and I'm surprised
> that their main building is not yet burned down.

The last time someone attacked a federal office building it did not end well.

------
Natsu
There are a lot of courts out there, so to save others the trouble, this
ruling is from the US District Court of the Eastern District of New York.

~~~
neoyagami
So it wont apply if im going to other places of eeuu?

~~~
Natsu
It's more a matter of how high up the decision was made--as far as I know,
they're doing hunch-based searches at all borders (or close enough to make it
seem that way). This is only the first step of the inevitable appeals. If
memory serves, and it has been a long time since I studied court procedure,
the next step is the district court of appeals, then perhaps an en banc
review, then the Supreme Court. I'm going on memory here, though, so
corrections/clarification from actual lawyers would be welcome.

------
dobbsbob
Or phones, the first thing customs does here is demand your phone and then
start going through emails while you are waiting in front of them. If you have
Mobiflauge installed this is no problem. Let them snoop the decoy all they
want and then load up your hidden evil android install when you pass through

~~~
Crito
So what options do I have without rooting my phone?

Would it be worth stashing my phone in my underwear in my luggage in my trunk,
then handing them a dumb old flip phone when they ask for my phone? They
_probably_ won't search all of my stuff and find the other phone, right?

I don't have anything on my phone that would get myself or others arrested,
but I nevertheless want privacy. Would it be best to just give up on bringing
a phone with access to any of my real data across the border?

~~~
ps4fanboy
This. The first time I traveled to USA I was super nervous about customs going
through all my emails, not because I have anything to hide but I want privacy.
From what I have seen/heard/read TSA is pretty much a minimum wage job and
they arent the pinnacle of professionalism. It is only a matter of time before
this kind of mass searching is used to blackmail and extort people.

~~~
saryant
Point of clarification: TSA is not involved in border searches, that's the
realm of Customs and Border Patrol. CBP and TSA both fall under DHS but they
are not the same agency and there are some very important differences. TSA
aren't law enforcement for one.

~~~
ericcumbee
Not yet, but DHS has been pushing to make TSA agents have the same broad
authority that Federal agents like FBI and CBP have.

------
plg
How does this work with Chromebooks? For example if I disable all local
storage? What is the distinction between what's "on my device" and what's not,
if the simple act of "logging into my device" actually involves connecting to
the cloud and automatically accessing stuff?

~~~
gress
Just pray your chromebook doesn't have a cellular modem.

~~~
rcthompson
Or remove the SIM card before crossing the border. And maybe if you're rooted,
make a nandroid backup and then install a completely stock, uncustomized
Cyanogenmod that isn't connected to your accounts and doesn't have any
wireless settings installed. Just install Angry Birds and tell them that's
what you use it for.

~~~
DanBC
Lying to border agents is probably a bad idea. Even when they're doing evil
stupid things like this.

~~~
rcthompson
Well, you can just tell them that it's not connected to your email, which
would be the truth.

------
hrktb
To recap, people think search of physical devices is stupid because we now
have internet. And (other?) people are also thinking that connecting things to
the internet is not a good idea because of NSA/backdoors/security problems.
And by the way standard 'just push the button' encryption softwares might have
been built in weaknesses.

It seems the only way now to keep secret data is :

\- to be a top expert in security, be able to assess provenly secure software,
have a whole chain of them and constantly keep track of what might have been
compromised

\- keep the data in a safe, never fly it, never come near a border, never
connect to the internet

What would be the next step to make it worse now ?

------
kzrdude
How do big corporations that take their information security seriously (and
have industrial secrets to protect) look upon this? Do they have routines for
travel?

~~~
saryant
At least one of the major oil firms uses a pool of laptops requisitioned and
distributed outside the US. Leave your company laptop + phone at home, fly to
your destination outside the US and the local office will provide you with
temporary equipment.

The company in question doesn't use this policy for all countries, typically
just China, Russia and some of the more questionable nations they do business
in (Nigeria, Kazakhstan, etc). They don't bother for travel to, say, London.

~~~
aquadrop
What questions do you want to ask those nations?

------
jaynos
The worst part is the judges reasoning. From the NY Times article [1]:

>In his opinion, Judge Edward R. Korman of the Federal District Court for the
Eastern District of New York found that the plaintiffs did not have standing
for their lawsuit because such searches occur so rarely that “there is not a
substantial risk that their electronic devices will be subject to a search or
seizure without reasonable suspicion.”

>Even if the plaintiffs did have standing, Judge Korman found that they would
lose on the merits of the case, ruling that the government does not need
reasonable suspicion to examine or confiscate a traveler’s laptop, cellphone
or other device at the border.

[1] [http://www.nytimes.com/2014/01/01/business/judge-upholds-
us-...](http://www.nytimes.com/2014/01/01/business/judge-upholds-us-right-to-
search-devices-at-border.html)

edit: I find this reasoning quite similar to the recent ruling in NSA
surveillance of "[You wouldn't have known about it without the Snowden leak,
so you don't have standing since Congress did not intent for you to know about
surveillance]".

------
no_one_believes
Basically, our judges and elected leaders don't believe in the Constitution
they are supposed to uphold.

------
ericd
This is why I have a monthly recurring donation to the ACLU set up - they're
constantly pushing back on stuff like this. If this kind of thing sickens you,
consider doing the same. As a bonus, I believe it's tax deductible.

------
chimeracoder
This report is unclear: did they ask Abidor for the password to his laptop (if
it was password-protected)?

IANAL, but it makes me wonder if it is sufficient protection to have a
password protected/encrypted device.

~~~
travisp
I believe being forced to hand over your passwords is still a murky gray area.
But, even if it "protects" you, there's probably a chance that you may not get
your device back for a long time.

~~~
rdl
Also, if you get your device back, especially if you had encrypted data on it,
please don't just naively keep using the device. (You may be able to sell it
to a security researcher!)

------
Roritharr
Well I know to which country I wont travel with my notebook anymore. As an
European Startup we've given up the idea of doing business with the US, it's
just too costly and the rest of our business would be affected by risking to
expose our European Customers Data to American Goverment Agencies.

------
ffrryuu
Our very own banana republic

------
ballard
Encrypt and tamper-protect laptops and smartphones.

The news from CCC shows the tip of the iceberg of capabilities including
injection-molding hidden radios, JTAG, i2c and hd firmware.

I would also desolder and epoxy over any ports that aren't necessary.

This year, I would expect to see tools to check for hardware tampering (HIDS
for hardware) that can checksum firmware and other non-user data areas. I've
forked O-S Tripwire (mostly C++) in case anyone wants to take a crack at it.

------
xacaxulu
They hate us for our freedoms.

------
Turing_Machine
As far as I know, _every_ country reserves the right to thoroughly inspect
_anything_ that crosses their border.

Are there actually exceptions to this?

~~~
cm127
It hinders international business. How can you negotiate with your cards on
the table?

------
zacinbusiness
Here's a question. Do the TSA people know about Bootcamp? If my laptop boots
to OSX automagically, will they even know to control boot into Windows?

~~~
MiWDesktopHack
they plug their magic box into your firewire port and dump your memory and
image your disks. They don't care about what OS you are running. they grab it
all.

------
belluchan
Bring a chromebook and they can then use Google.com to search its contents.

~~~
StavrosK
And then you get arrested for the illegal stuff that Google finds online.

------
ditojim
i use a chromebook. problem solved.

~~~
gress
Nope. Problem worsened. Now they can just demand access to your google
account.

