
I’ll never bring my phone on an international flight again. Neither should you - mooreds
https://medium.freecodecamp.com/ill-never-bring-my-phone-on-an-international-flight-again-neither-should-you-e9289cde0e5f
======
henrik_w
Previous discussion:
[https://news.ycombinator.com/item?id=13645825](https://news.ycombinator.com/item?id=13645825)

~~~
mooreds
Ack! I wonder if it would hurt HN to remove any anchor tabs so we can avoid
duplicate submissions.

------
schoen
This article says

"It’s totally legal for a US Customs and Border Patrol officer to ask you to
unlock your phone and hand it over to them. And they can detain you
indefinitely if you don’t. Even if you’re a American citizen. [...] Barring
the use of “excessive force,” agents can do whatever they want to you."

and

"[I]t’s illegal in most countries to profile individual travelers"

I don't think any of these things is accurate. Although courts have been
extraordinarily deferential to customs authorities, they've also ruled that
_many_ things done in the name of border enforcement were unreasonable!

Fortunately I'm working with some lawyers on a new version of a border search
guide, so hopefully we can get some informed legal information out there.

~~~
colmvp
It's not that I don't believe you but there are numerous examples of Canadians
who have been denied entry to the United States because they refused to allow
CBP to access digital devices or they allowed it but had 'incriminating
evidence' like Muslim prayer videos or photos taken from areas in conflict as
part of photojournalist work.

Also afaik, the ACLU has lost cases pertaining to defending liberties at the
border

~~~
schoen
The border situation is _very_ difficult. (If you do have "numerous examples"
of that, please let me know, because it's relevant to our writing and legal
analysis. I care a lot about this, but I don't want anyone to get the wrong
intuition about how frequent or infrequent a particular scenario or, as the
lawyers say, fact pattern is. Maybe in the second case you're thinking
specifically of Laura Poitras's experiences, or do you have some other cases
in mind?)

I also agree that some border and immigration challenges are lost in court and
that it's a legally difficult context in which to defend individual rights,
and I was responding to the article's claim that the _only_ court-recognized
limit is "excessive force", which is unnecessarily pessimistic.

------
koolba
From the article (emphasis mine):

> This may upset Customs and Border Patrol agents, who are probably smart
> enough to realize that 85% of Americans now have smart phones, and probably
> 100% of the Americans who travel internationally have smart phones. They may
> choose to detain you anyway, and force you to give them passwords to various
> accounts manually. _But there’s no easy way for them to know which services
> you use and which services you don’t use, or whether you have multiple
> accounts._

You can be damn sure the government has a list of possible email addresses
associated to individuals. That'd be be the first thing any modern SIGINT
program would compose so as to link accounts. Assuming they have that ( _which
again I 'm assuming they do_) it's trivially easy for them to go from " _John
Q. Citizen / SSN: 123-45-6789 / Podunk, USA_" to a set of emails to cross
reference against service providers.

Add five minutes in a dark room with piece of hose and... well you know the
rest.

~~~
Mahn
You can always claim that you don't know the password because you use an
offline password manager that you don't have with you. Also, use 2 factor
authentication of course.

~~~
donald123
One can refuse whatever way they want, but he/she can be detained and the
device forfeited. And for non-citizens, they can be denied entry to US.

~~~
mertevinski
It is so easy for the 'bad guys' to carry a burner phone with fake google,
Facebook, twitter, etc, accounts and log into them when requested. That way
they don't have to refuse anything and there is nothing suspicious. This
policy harms law abiding citizens and travelers but is completely ineffective
when it comes to stopping criminals.

~~~
MichaelGG
The majority of "criminals" CBP deals with each day are people coming in on
the wrong visa. Saying tourist but having no plans to leave, or planning to
work, for example. This system will be very effective there: Turn on phone,
see text "baby can't wait for you, we're finally gonna be living together",
question why their boyfriend is writing them that and why they didn't mention
it, deny entry.

I don't think anyone really believes it'll catch a ton of "good to have you
here, the bomb is ready"\- or "whew so nervous carrying these 50 pounds of
contraband!"-bad guys.

Also I'd slightly question the ease of creating burner accounts. Facebook will
show your sign up date, and something too recent will be suspicious. Other
things like "why don't you have pictures of your FB friends on your phone" and
on and on could be clues to a fake account. Not saying it's really hard, but
it's not something you'll whip together a week before your trip.

~~~
maxerickson
We have ~40 million foreign arrivals each year:

[http://travel.trade.gov/view/m-2016-I-001/table1.asp](http://travel.trade.gov/view/m-2016-I-001/table1.asp)

And apparently ~500,000 Visa overstays.

How many of the 40 million should we put off traveling here to catch a
fraction of the 500,000? What ratio of turned away violators to hassled
travelers is "very effective"?

------
WWKong
I'm thinking not bringing the phone or deleting all apps before landing won't
help much if they ask you to login into your accounts on a computer (or stay
detained for hours if you refuse or claim that you don't use facebook/email,
your pick).

~~~
eridius
Can they even ask you to do that? My understanding was searching your phone is
allowed because that's treated similarly to searching your luggage. But you're
not carrying your facebook or email accounts with you, so I don't see why
they'd have any right whatsoever to demand to "search" your facebook/email.

Or is this something they've already started doing? And if so, what makes it
legal?

~~~
greenhatman
Yea, why would they need to. Can't they just get a subpoena to make Facebook
and Google give them your info?

------
AlexB138
I wonder how possible it would be to create a jailed environment on Android or
iOS that can not access any of the data on your phone and could be entered by
putting in a false password. That would allow you to enter your "password" on-
demand and then only present a jailed process to those seeking to violate your
privacy. It could appear to be a full experience, but not actually contain any
personal data, or contain false data.

I imagine it would be illegal, but there may be a market for it.

~~~
wry_discontent
Why would it be illegal? They told you to put in your password, and you put in
one of your passwords. If they want to fuck with technology and they're too
stupid to understand it, that's their loss.

~~~
jdbernard
They aren't all too stupid to understand it, which would be why it would
eventually be illegal to use such technology to deceive border patrol or other
agents of the lawful government.

~~~
vkou
It's already to lie to border agents (And unlocking only one of your hidden
partitions, when requested to, is a lie.)

Whether or not they will find out about your lie is a different question.

------
kbody
"I'll never carry my phone when entering the US from abroad again. Neither
should you"

~~~
goda90
He mentioned other countries moving towards this kind of thing, and if you
look around then that wouldn't be surprising for places like the UK as well.

~~~
achamayou
But that's completely speculative, there is no documented instance of another
country doing the same at the moment.

~~~
sbarre
Canada has done it (it's even linked in the article).

~~~
ue_
Canada also makes it illegal to import various pornographic materials
depicting drawings of fictional characters, and certain sex dolls. An American
had his laptop searched at ths Canadian border, and was detained, for example.

------
caconym_
We're really talking about access to accounts (e.g. gmail), not the devices
themselves (or the former is of more interest, anyway). What's to stop these
agents from simply demanding you turn over your email/facebook/whatever
credentials, regardless of whether you're carrying electronics on your person?

IIRC they're actually already demanding Facebook credentials from certain
travelers.

Unless you literally have no internet accounts, or what you do use is obscure
enough to give you plausible deniability, it seems like you're fucked either
way.

~~~
superkuh
Well, you've stated the solution. Don't have a gmail account. Don't have a
facebook account. Don't use centralized services. It's not that hard once you
start.

------
alextheparrot
Can someone clarify how if I can be compelled to unlock my password protected
phone, they can't do the same with my social media, email, and other accounts?
I feel like this author advocates for a stop-gap that may not even help in the
long-run.

~~~
koolba
They can hold you indefinitely for effectively whatever reason they'd like (or
really no reason).

If they say they're not letting you go until you unlock your phone, you get to
decide if you want to stay there in the interests of your privacy.

~~~
alextheparrot
Sorry, my question was can they do that for my account information as well?
Could they setup kiosks for me to sign into Facebook? The author in the post
advocated uploading my data into the cloud and factory resetting my phone,
though I don't believe this will work if they can just ask me for my Facebook.

~~~
thehoff
If you have 2FA then some of those accounts may not be accessible without your
phone. For instance, if I didn't bring my phone with me (which I use to
authenticate) I wouldn't even be able to log in to my email.

Or, taken a little further, I don't even know my email password anyways. Its
locked in a password manager which requires 2FA. I would myself be locked out
of almost all of my accounts if I didn't bring my phone.

~~~
xemoka
And that makes resetting it a non-starter too doesn't it?

~~~
thehoff
Sure does, though my post was leaning towards leaving it at home so not
resetting it (and thus not being able to login to at a kiosk).

But this also raises the question of them believing me that I can't login
because I don't know my password.

------
jlund3
Supposing all this is true, and you leave your phone/laptop at home, what
stops the the border control agent from demanding that you log in to your
email and social media accounts on a device they provide before allowing
entry?

~~~
phicoh
Change the password to something you cannot recall. A long randomly generated
password that you leave at home.

Works best if you are a citizen of the country you try to enter.

------
dyukqu
It looks like it is going to be a new norm in the name of "security" \- across
the globe, not just US (or UK, or Canada...). Doesn't it point to something
much more troublesome than what it seems? Thinking about the real motive, the
root cause of all this kind of stuff (mass surveillance, security issues,
privacy wars, encryption need, etc.), I could see no other reason than a
flawed nature of human - the greed of power and sustaining it. You can do many
kinds of tricks like wiping your devices, using multiple (fake) accounts,
leaving your electronic devices at home while travelling and etc. But what if
the using a smart phone, having a FB account become a mandatory thing by law
in a couple years? That doesn't sound irrelevant now. It's a passing game
between security forces, government(s) and wealthy people - they watch for
each other's interests. I don't know if it sounds senseful to you. If it is,
how do we fight that?

------
marcuskaz
You most likely will need your phone when you're traveling, an easier solution
is to remove all apps and data on the phone and then reinstall when you get to
where you want.

~~~
INTPenis
My thought was actually to shut it off and pack it in my luggage so it's not
with me through security. I won't see it until I reach the baggage claim.

~~~
goda90
Customs inspect checked luggage.

~~~
Cd00d
FedEx. You're without phone for a day, but still easier than being without a
phone for an entire (possibly business related) trip.

------
67726e
The article claims that they can hold you indefinitely if you do not turn over
your password. What could happen if I smashed my phone?

~~~
marcuskaz
If you don't cooperate, they don't have to let you into the country. They can
simply tell you to turn around and go somewhere else.

~~~
67726e
As a US citizen with no other nationality, where do I go exactly?

~~~
tajen
To a free country? The US has lost so many cogs of its democracy... How far is
the day when some US citizen (journalists, intellectuals) start begging for
political asylum in countries that don't pride themselves for being free (like
Russia, Iran, Thailand or just even Europe)?

------
lispm
After one had to give a phone to the US customs and border patrols for
'inspections', best to throw it away afterwards.

------
sliken
Really? Seems like a pretty silly conclusion. If you have important stuff on
your phone, you should back it up. If you back it up it's not a deal to wipe
it.

Wipe it, restore after crossing the border, it's not really a big deal.

------
evo_9
Wouldn't it be equally weird to not have a phone on you on a flight or an
international flight? Meaning merely suggesting that you don't have a phone
with you I think would cause more/similar trouble.

~~~
baddox
Ideally you would have a separate phone that isn't logged into any of your
important accounts.

------
gnopgnip
There is a lot of misinformation and jumping to conclusions in the article.
The US border is not outside of US jurisdiction. A search warrant is not
needed to search either a citizen or non citizen from entering the US. They
can take your phone, but they cannot deny entry to a US citizen for refusing
to unlock a phone. They can deny entry to a non US citizen for any reason at
all, including failing to unlock a phone or provide a password.

------
wfh
>"The border is technically outside of US jurisdiction"

IANAL but reading other articles on this topic I don't think this is true - I
think it's just that the 4th amendment rights that all searches and seizes
have to be with done with warrant or probable cause are suspended at border
due to doctrine of "border search exception".

------
erdojo
One other important point: who knows what they might _install_ during those
brief minutes. Encryption backdoor?

DO NOT BE COMPLACENT.

------
fauigerzigerk
_" They may choose to detain you anyway, and force you to give them passwords
to various accounts manually. But there’s no easy way for them to know which
services you use and which services you don’t use, or whether you have
multiple accounts."_

So next year that's what they will know.

------
thehoff
I also wonder if this will have an impact on the camera market as I'm sure
there are more like me who no longer own a separate photo/video camera.

~~~
iamatworknow
Hah, I do, and I'm actually going up to Canada tomorrow with both phone and
camera. I've never had an issue at the border where they've gone through my
digital devices, however.

------
tn13
I have always followed this rule for phone but I have found it impossible to
do with laptop. Generally my phone would be a subset of my laptop data.

------
merraksh
Imagine everyone starts doing this. Would they start to ask for your FB/Gmail
login credentials?

~~~
alainv
I don't think you've been paying attention:
[https://www.eff.org/deeplinks/2017/01/fear-materialized-
bord...](https://www.eff.org/deeplinks/2017/01/fear-materialized-border-
agents-demand-social-media-data-americans)

------
ww520
With so many used phones, just bring an old phone with all data wiped.

------
jankotek
> _But before we do, take a moment to think about all the apps you have on
> your phone. Email? Facebook? Dropbox? Your browser? Signal? The history of
> everything you’ve ever done — everything you’ve ever searched, and
> everything you’ve ever said to anyone — is right there in those apps._

If you personally do not care about your privacy, why should someone else
care?

~~~
dredmorbius
Privacy is a right afforded others.

Your particular risk model may or may not include CBP, both others' might.
Immigration lawyers (for whom attorney-client privilege should hold),
immigration NGO workers (for whom it almost certainly doesn't), journalists,
asylees, among others.

The protections which apply to you also apply to them, and aren't granted
conditionally. Which is why, if you believe in civil liberties, liberal
democracy, and freedom, you should fight like motherfucking hell for them.

Unless, of course, you don't.

~~~
drusepth
I mean, this whole thing sucks, but I can't think of any apps that I'd
actually go through the inconvenience of uninstalling just so someone at
border patrol can't see them, including "treasure troves" like Gmail/Drive.
I'll just unlock my phone, let them look for whatever they're looking for, and
carry on with my life.

It's an invasion of privacy (to what extent is debatable, but I'd rather not
make a stance there), but so is going through my luggage, x-rays, etc. I
understand why they're there, and I have a tiny twinge of "what if they find
something weird" every time I go through the airport, but I also trust the
system (again, to some extent) and recognize why these processes exist.

Fun fact: I've accidentally tried to go through security post-9/11 with a
half-dozen hunting knives in my carry-on (after a camping trip) and they were
very concerned at first, but just asked some questions, told me to throw them
out, and let me through.

Saying "if you've got nothing to hide, why worry?" is a trope by now, but I'm
clearly not the person they're looking for and I'm not too worried about a
mild, temporary inconvenience if they mistake me for a Bad Guy.

~~~
dredmorbius
The privacy you're divulging is far more than your own:

[https://ello.co/dredmorbius/post/vv0bq6oia_06z_yjnmjwzw](https://ello.co/dredmorbius/post/vv0bq6oia_06z_yjnmjwzw)

~~~
switchbak
Very interesting read. Shocking how G+ moves from "hey, you don't need to
manage 100 logins" to "Hey shady people, come siphon data from people that
don't understand privacy".

The Android ecosystem had already gone down that rabbit hole years ago. I
think we're at the stage where it doesn't seem like a commercial identity
provider is going to look out for our privacy at all. Definitely a challenging
space, but one where we can wrestle back a lot of privacy we've lost.

