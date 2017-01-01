Hacker News new | comments | show | ask | jobs | submit login
I’ll never bring my phone on an international flight again (freecodecamp.com)
83 points by quincyla 57 minutes ago | hide | past | web | 74 comments | favorite





I suggest mentioning in the title that it concerns the US-border, I travelled across a lot of international borders, that didn't care. Only some international borders are a problem, one of these, the US one.

It's always a risk.

We're fortunate to live in a timeframe where this sort of bullshit has been unusual up until now for most people.

Ask a US citizen of Pakisanti descent about travel to India sometime. International conflict gets taken out on poor saps trying to travel all of the time. Sometimes it's petty chickenshit, sometimes real.

I wish Apple would have a duress password that when entered would wipe the phone.

My current plan is to wipe my phone before travel and restore it on destination. Nothing to unlock because there's no phone there.

Forcing you to restore your entire account is a whole 'nother level beyond simple forcing you to unlock your phone.

How do you do that with an Android phone? With iOS this seems pretty easy

They may choose to detain you anyway, and force you to give them passwords to various accounts manually. But there’s no easy way for them to know which services you use and which services you don’t use, or whether you have multiple accounts.

This would seem to imply lying, or at least deceiving, a federal agent. IANAL, but https://en.m.wikipedia.org/wiki/Making_false_statements

Well ... two can play that game "any matter within the jurisdiction" of the federal government of the United States and since you are not in that jurisdiction this does not seem to appply :)

Phones should load different profiles based on the password provided, with some activity logged across profiles so none of them appear stale.

You're implying that people should behave in a manner that is a serious felony in the United States and likely other places.

Honest question: How is that a felony? I have multiple profiles on my home machine. Does that make me a felon?

I'm assuming they're referring to the serious felony of lying to border police that you've fully unlocked your phone as requested when in reality you're presenting an artificially limited profile.

The parent poster was talking out their rear. There is no way utilizing such a tool, if it were available, is felonious in nature whatsoever.

Having multiple profiles per device and accessible in this manner would be preferable for a number of reasons. Least of which is not wanting anyone else access to your own sensitive information that they have no business looking at to begin with.

If you are asked to produce the contents of your property and provide access to a subset of that property, that will be interpreted as either hindering official action or lying to a federal agent. Lying to a federal agent is a felony.

From the customs agent and legal point of view, there is no distinction between hiding a secret compartment in your luggage and a device.

I'm guessing it is under some blanket "intent to deceive border protection official" bullcrap.

Immigration has very broad powers, but even then this sort of case would be difficult to make IMHO.

   that is a serious felony in the United States
How so?

What is the felony exactly?

I have a prepaid plan that only works in the US anyway.

I never bring my US phone on international travel, because it just won't work. Instead, I carry a cheap Chinese GSM phone that's wiped before every trip and preloaded with some music and entertainment videos (TV Shows, etc.)

I buy the sim-card at my destination and throw it away when I go back to the States.

I'm not sure this solves anything, but then again, I don't work for a company that makes me required to be able to access sensitive data from any point in the world. YMMV.

> Since most of our private data is stored in the cloud — and not on individual devices — you could also reset your phone to its factory settings [...] Then if you’re asked to hand it over, there won’t be any personal data on your phone

This makes me wonder: is it true? Is the data truly unrecoverable if you factory-reset your phone? I doubt so. But maybe there's some special tool to truly wipe a device (say like the equivalent of DBAN)

At least on an iPhone, erased is erased. On android some versions use full disk encryption but many do not, it's a guess.

It's not a "guess". The last Android release that lacked support for block-device-level encryption was KitKat, which shipped in 2013. Any device being advertised with the "Android" trademark (to be fair: AOSP-based clone OSes like Amazon's have been slower to evolve) over the last two years has that support.

Please don't hijack an important security discussion to engage in meaningless platform flamage. Users with Android phones have this available and they should enable it, not be told that they need to "guess".

Fun fact - the "border zone" in which your 4th amendment rights are suspended and you are subject to search, is 100 miles wide and overlaps where the majority of Americans live and work

https://www.aclu.org/other/constitution-100-mile-border-zone

Every time I see this map (which, AFAIK, is a visualization by the ACLU and not based on an official government publication) I wonder why Chicago and the coastline of Lake Michigan is included. The border with Canada runs diagonally down the length of Lake Superior, clears the Straits of Mackinac by at least 40 miles, and then continues southeast along Lake Huron to Sarnia and Detroit.

The entirety of Lake Michigan is within the borders of the US, so while this entire "100-mile border zone" business is bizarre enough as it is, it's truly disingenuous to include the lower Lake Michigan coastline. It makes me wonder if this is an interpretational liberty taken solely by the ACLU, or if the government's demonstrated behavior truly justifies what is shown on the map.

If you can't change the constitution/law, redefine the meanings of words and you get the same tyranny.

Until you're detained for not having a phone to turn over. I'm only half joking.

I recommend having a few $5 Androids on ya, they are both fun to play with, handy, and will throw inquisitive 3 letter agencies for a loop.

Intelligence agencies aren't stupid. Evidence of attempts to thwart or subvert intelligence gathering is itself suspicious. If the feds seize what looks to them like a burner phone, that may be grounds for them to detain you without trial indefinitely; and may itself become a crime.

That's highly unlikely. How are you ever going to prove that the person just doesn't want to lose their main phone or risk having their information stolen by thieves? It's virtually impossible to get a conviction on circumstantial evidence. Now if you already have a reputation as a suspicious character in your own right, then being found with a burner phone might exacerbate that, but your argument basically depends on the judicial system as we know it ceasing to exist.

"Is this the phone you use on a day to day basis"- felony if you lie.

What is the felony charge? I keep seeing the word "felony" bandied about in this thread. I get it, it's a scary, attention-getting word. Is it really a charge with a minimum 1-year sentence?

It is a felony to lie to a federal agent.


"No, officer, its the phone I carry when I travel. I worry about it getting stolen."

Option 1: "No, I left my phone at home."

Option 2: If you're at the US border and a US citizen, "Sir, I'm an American citizen and just want want to get home" -- citizens can't be blocked from re-entering at the border.

Citizens may, indeed, not be barred from re-entering, but there's absolutely nothing, anywhere that says we can't be made to wait unconscionably long before entry, or that we can be allowed to re-enter without their devices.

That constitutes de facto detention and yes, there's absolutely something that governs it.

Unfortunately ICE/CBP has policies [1] in place to require the phone's password that they believe are legitimate per 8 USC § 1357(a) (3). It's likely that only a court ruling weighing the policy regarding this statute against the bill of rights would make them change.

[1] https://www.dhs.gov/xlibrary/assets/ice_border_search_electr...


Define "blocked". Because Sidd Bikkannavar's recent experience tells a different story[0].

"The document given to Bikkannavar listed a series of consequences for failure to offer information that would allow CBP to copy the contents of the device. “I didn’t really want to explore all those consequences,” he says. “It mentioned detention and seizure.”"

[0] - http://www.theverge.com/2017/2/12/14583124/nasa-sidd-bikkann...

Do you think this is the document he was handed?

https://www.cbp.gov/sites/default/files/documents/inspection...

A few highlights:

You may be subject to an inspection for a variety of reasons, some of which include: [...] you have been selected for a random search."

You’re receiving this sheet because your electronic device(s) has been detained for further examination, which may include copying.

CBP may retain documents or information relating to immigration, customs, and other enforcement matters only if such retention is consistent with the privacy and data protection standards of the system in which such information is retained. Otherwise, if after reviewing the information, there exists no probable cause to seize it, CBP will not retain any copies.

Option 1, why did you bring decoys? You should probably sit here in this cell for a bit while we work out what the fuck you're doing.

Option 2, they can't stop you from entering but they can make you enter directly into a jail cell, or generally make your life miserable. See the owner of cock.li, who had all of his electronics seized twice.

reply


>citizens can't be blocked from re-entering at the border.

Well, sort of. They have to let you in, but you can be held more or less indefinitely if you're suspected of committing a crime, or not complying with the border agent.

Result of option 2: "Okay sir, please come this way for an inspection of your rectum"

reply


reply


Nope. So what?

Which will only make you more of a suspect, probably resulting in a deeper investigation or even being denied entry.

I don't think it's all that suspicious. For example one might reasonably say something like this:

"My regular phone is SIM locked and my plan doesn't have international roaming, so it's useless to carry it. I bought a cheap unlocked phone so I could get a SIM card at my destination, because I only use it when traveling."

Where does one find an android phone for $5? I must be misunderstanding?

My supermarket had a sale a few weeks where some shitbox Android was $5.99. I think they normally retail <$30

Try 'I am a born in America citizen on american soil, I want to talk to my lawyer, no i'm not giving you my password. No I won't tell you why.'

I'm interested to see how Apple will react to this, given their history with the FBI. Right now, you can connect your iPhone to a computer and get all the information off it - doesn't matter if you are iTunes or Cellebrite. It'd be good to have a permanent way to disable this ability in the future, so that your phone data cannot be siphoned out, even if you provide the PIN. Of course, that's not the only way for data to be extracted, but all other options would be considerably slower and less practical.

I had same strange situation a week ago when passing Ukraine border. Whats purpose of this?

reply


reply


“Land of the free.”

It would be nice if there were a feature built in to phones to facilitate this. Like, on the lock screen, an emergency wipe button that runs a procedure you specify (log you out of everything, obfuscate which services you subscribe to, etc) and this way as you're going through customs, you can gauge your risk and at any point you feel uncomfortable, you discreetly click your button before smoothly handing over your phone and password with a warm smile.

This suggestion comes up in every single thread. Consider that when such an obvious gambit seems to exist you're almost certainly not the first person to have come up with it, and there's a reason it hasn't already taken off.

The area you are frog marched into is strictly no devices allowed, if they see you with any electronics in your hand you will be pounced upon. This is very obviously because people try to destroy evidence they have on their devices once they discover they are screwed.

They claim to be device free, but yet everyone has their phones out texting and doing email as they wait in line. I've never seen a border agent even say anything, much less march someone away.

As long as you aren't taking pictures of the procedures they don't really care.

The waiting line for immigration/customs is not the area I'm talking about, this area is where you go once you fail the initial screening. In some international airports like Sydney you will receive a $300 on the spot fine if you have your phone in your hand, they're serious about it.

Exactly. With and without Global Entry, I've always had my phone in my hand through passport check and customs.

Nah, I'm sayin the area leading up to passport control or in the baggage claim area. I realize once you're sure something sketchy is happening, there's no actions left to take anymore. I pretty much have my phone out and in my left hand 100% of the time I'm in airports/planes, so nothing suspicious about right as someone's coming up to you or right as you walk up to a CBP officer you just tap a button.

The factory reset seems more practical to me than leaving your phone at home.

Also, carry multiple phones of the same model. I've been throwing my main phone anywhere besides in plain view and carrying a couple $5 Androids in my pockets instead when going thru TSA, better they try to search one of them than my main phone buried in my bag next to 2 others that look just like it.

Keep in mind that it's a felony to lie to a customs & border patrol officer. "Is this your main phone?" How will you answer that?

> "Is this your main phone?"

This is my main phone I use when crossing constitution-free zones.

> it's a felony to lie to a customs & border patrol officer

That makes me livid: "Oh, sorry, the constitutional laws (that apply to us) don't apply here, see it's not technically the US because reasons." [lies to officer] "FELONY!".

No it's my backup I use when I travel because my main phone is expensive and I don't want to risk breaking it.

"My main phone is SIM locked and I don't have international roaming on my plan, so there was no reason to carry it. I had to get a cheap phone so I could buy a SIM when traveling."

Given multiple phones, how do you legally establish which one is "main"?

"No, this is a cheap backup phone that I intend to throw away if it leaves my possession."

"Talk to my lawyer."

Reply: "Ask the judge in six months."

That's a great way to never get into the country.

"Please hand over your personal phone, not any replacements you carry as decoys"

on a scale of 0-9, I'd put factory reset at about a 5. I'd wager there's still software out there that could do a raw read of the SD storage device's blocks. Unless Apple and friends have the device reset go to extra measures that tell the drive (at the chip-level, not the OS) "report all zeros" when read from, I think to increase your safety to "level 9" you should overwrite the disk by copying a large file several times until all the free space is consumed. Even then, flash drives have more physical storage than they report, but accessing those blocks would be pressing the edge of whats practical except in the most exigent situations.

All Apple devices are AES encrypted with a combination of a key on flash in the CPU, and a unique static key in the CPU core. "Erasing" the phone just removes the key, rendering the bulk flash storage completely useless. There's never any data stored which is not encrypted.

reply


reply


True, but I meant my post as a one-size-fits-all rule. I'm sure there are many smart phones that don't use disk encryption.

