The only motivation I can imagine is: They want these devices in checked luggage because checked luggage can be inspected without recourse by customs, and without an on-site confrontation. With care, it can be done without even notifying the people who are being checked.
And given the pushback on social media credential disclosure and the reveal that the CIA (and presumably FBI and other agencies) have physical access exploits (probably via USB or DisplayPort) for most of these devices, this seems like a move who's only logical motivation could be easier digital inspection.
Remember, it's the position of the TSA and CBP that non-citizens don't have rights of any kind until they're allowed through customs, and by simply inspecting devices they're interested in quickly and without publicity or confrontation they will certainly be more effective at it.
I'm going to start putting a USB nuke stick in my luggage in an envelope. Just for fun. Maybe I'll label the envelope something nonsensical like "12-16" just to make sure people know it's useless. And in case I (or someone investigating my luggage) needs to plug something into a USB slot.
It seems like we're getting closer and closer to being in a situation where people who can should avoid going to the US at all, and make their reasoning known. Ie, refuse to give talks, attend conferences, etc. in the US.
[10min audio] https://www.youtube.com/watch?v=MDYMw1p8s9M
Ex: "what shops are you planning to go to". It's fine to answer "I don't know yet". They're just testing behaviour. If you start being defensive or aggressive, pretend to know their jobs better than they, etc, it's suspicious. Although yes, in general, the US agents are really bad at doing behaviour testing.
Anecdotal: Last year, I crossed the border a few times by car, visiting a friend I met on Tinder. I completely got away with it, giving honest answers at the border. Recently met someone else (a girl) who was stopped and accused of prostitution for doing the exact same thing. :/
You may not understand quite how much most Americans hate CBP. I use "hate" here deliberately. It represents the worst part of our government and a codification of our racist laws and culture even at the best of times.
They find a way to weaponize ignorance and shame people who are different at every turn. They have tackled people and held them at gunpoint for LED shirts, they've publicly shamed women for having vibrators in their luggage, they've delayed flights because people speak Tolkien's elvish leaving comicon.
And their definition of sincere risk? Brown people or people who are different. They can detain Americans and non-Americans alike without due process and stories report they do just to make a point.
And the worst part? They are bad at their jobs. The FBI is a problematic institution as well, but at least they can point to data that suggests they're doing things here and there to actually foil people who genuinely want to cause domestic problems.
Even conservative Americans hate the TSA and CBP face to face. We're all scared of them, because we know they're stupid and bad at their jobs but terribly powerful.
No, because you didn't do anything wrong.
Border crossing is not a crime, last I checked, despite the best efforts of some to make it feel that way.
Contrast that to this (6min): https://www.youtube.com/watch?v=tV-wgZBGfCo
None of those stories are that important in and of themselves, it's the whole normalized atmosphere of fear, guilt and almost agony that I don't understand.
Of course there is going to be someone who reacts badly, but you would think that they have professionals at the border that know this, from what I've seen when disembarking in London there are people who know how to handle these things. I've seen the same situation being descalated in 10 seconds.
I'm guessing there is little pay and pride to be had for a border guard in the US, so little incentive for being anything else than a git.
However, Canada can be just as bad. Bottom line: know the law, be polite/calm, travel light, be honest but keep answers at a minimum. Unfortunately, since I travel often for business, that means I've spent way too much time at social events exchanging about travel tips, rather than actual productive conversation. It's also silly that we're adding barriers instead of removing them. What a waste :(
I just visited some of my friends in Japan, many of whom wanted to visit me in the US once their children got a bit older, and they all said they are straight up frightened of simply trying to enter the US. These are some of the most upstanding people you can meet with jobs like being teachers, government employees, etc. They are the last people who should be afraid of being found as suspicious persons, yet the reality is that based on what they see in the news, I can't blame them.
Popular culture likes to portray Japan as a weird outlier country- but that's only if you compare it to the US. If you include the aforementioned European countries in the comparison, the US is the weird country.
I have bit heard anything of the like in Japan, but as you say it could be because they don't have the same measures/report rate we have, or that I don't check Japanese statistics as much.
You may notice is less and less diversity, but it's already pretty low, and we're often not very good at noticing that.
When was the last time your laptop's USB controllers had a firmware upgrade for security hardening?
Now with airlines actually removing in flight entertainment, flying from the Middle East to New York can be quite a long trip: no laptop to watch a movie, no screen in front of you.
I guess the US will stop banning as soon as one of these policy-makers is on the same flight as a few bored kids ;-)
For me already well past that point, no way would I travel to the US for any reason, work or pleasure.
I'm from the UK and I'm seriously contemplating getting out of here while the going is good as well.
Frankly, it seems the US policing practices have been looking more and more USSR like. And i dont just mean since trump arrived to power.
how is that going to protect the US? [...] perpetrators
will not transport any digital devices with incriminating
1. Bad guys with imperfect opsec (I see in your unallocated space there's a deleted TAILS ISO... onto a watchlist with you!)
2. Friends and relatives of bad guys (I see your nephew e-mailed you holiday photos from cybercafes near two different suspected terrorist training camps... onto a watchlist with him!) a bit like social media companies' 'shadow profiles'
3. Non-terrorist targets, like good old corporate espionage and political blackmail (Oh, you're a journalist/oil industry exec/prostitute? Let me just take a copy of your contacts, records and reports)
I love the idea but I can't help but think that even with a completely airtight reason to be traveling with that item (e.g. you're a security researcher) you would be accused of terrorism. Somehow.
Unfortunately, Liberals have weakened the 2nd Amendment to mean "only if you have a good reason", and weakened the 1st Amendment to mean "as long as you don't offend someone", while Conservatives have weakened the 4th amendment to mean "we suspected it without good cause and it turns out we were right which made the whole search ok."
I think if we stop weakening the ammendments we'll stop seeing violations of our basic civil liberties. But when California passes laws that regulate firearms you can wrap a thumb around (yes, this is a real thing), and Arizona passes a law that allows police to stop you if they suspect you're an illegal immigrant, we'll be in a slow spiral with decreasing rights.
The desire to strengthen old laws is interesting. Why is it that they seem better than the laws we can create today, given our advancements in education and ethics? Pining for the past due to the absence of 'something better'. Why does that 'something better' not exist?
Rights are granted with the intent to increase power/wealth for those who grant rights. Based on results, those in power no longer believe that granting rights to commoners is in their best interest.
Average citizens have less impact on that now. The constitution and amendments come from a time when they applied to fewer, more powerful people. The erosion of those rights is to be expected unless you're living in an altruistic utopia.
Highly recommend you watch CGP Grey's Rules for Rulers for another perspective.
And your nuke device might be worthless if they install a firmware exploit that will work later.
They might not be able to force you but it seems that they can lock you up indefinitely for contempt of court in the US and for they definitely can give you five years in the UK because it is a specific offence there under RIPA.
See https://news.ycombinator.com/item?id=13919115 and https://news.ycombinator.com/item?id=6248902.
I don't see how that will be fun since the only way you would find out if "it worked" would be by getting pulled from your flight and detained.
Doesn't take a large stretch of the imagination for a CBP official to declare that a "detonation device". Now you're really screwed.
Arrive in country then restore backup remotely.
What if I actually bought a new cheap phone because I'm afraid of getting robbed abroad, and even tell the agent?
I ask because I would think that being afraid of losing your expensive phone on a leisure trip is common enough and harmless enough (and totally real reason) that it wouldn't provoke or trigger an agent.
Or am I being delusional?
Yes. Remember, they don't need proof of anything. You're not on trial. It's largely up to the judgment of the individual officer whether or not someone can enter the US as a visitor.
If they ask you why there's nothing on your phone, you'd better be able to convince them that it's for some other reason than "I don't want you to see it". Can you do that? Well, it depends on how persuasive you are and whether the officer is in a good mood that day.
I mean, I've been buying burner phones when crossing to the US since several years ago, just because I do am afraid of getting mugged and losing everything while traveling, and since every trip to the US has been for vacation, I really didn't need anything on my phone other than emergency contacts (insurance, etc) and my reservation numbers for whatever I was going to visit.
So hopefully if I ever travel to the US again, and they want to check my phone, I hope they really believe me when I Tell them the truth... but like you said, it will depend on the judgment of the agent so I guess I'm screwed anyways if they want me to be so.
This is just... wow.
CBP officers working in secondary inspection to this all day, every day, they know what they're looking for, they will lie to you if necessary and chances are that they have heard the same explanations many times already. Secondary inspection is not a pleasant experience at all and you don't want to make it worse by trying to outsmart people who do this for a living.
However I think my case still applies in the sense that I would expect a lot of people to also buy a burner phone for a vacation trip just as a way to avoid loss in the event of a robbery, instead of as a way to try to outsmart border agents, so I would hope I would not be alone in giving them this reason as to why my phone is clean.
You raise a good argument though. If I'm already in secondary inspection I guess anything you give them or fail to give them will in any case be used against me, basically depending on the mood of the agent at that time.
I guess an interesting statistic to know (not that government would publish it willingly...) would be how many people that went through secondary inspection where denied access and how many of them were not.
Out of the 375 million passengers processed in FY 2014, 34 million was referred to secondary inspection and about 223,000 was found inadmissible. Keep in mind that these numbers also include US citizens who cannot be found inadmissible, but could be referred to secondary inspection for other reasons.
So ~10% get secondary inspection, and of those ~0.65% where found inadmissible (non-citizen as you point out).
Not sure how to feel about it. On the one hand 10% sounds like "not so bad" in that it's actually a minority getting secondary inspections.
On the other hand... if I'm waiting for border agents to let me through and 1 in 10 will get secondary inspections, which by the looks of it would include access to your accounts and such, it sounds like a terribly high percentage.
Using a parcel-handling service, gov't or private, along with some tamper-indication of the package interior seems much safer, though not perfect by any means.
(HN thread: https://news.ycombinator.com/item?id=13702981)
Specifically, this part:
“A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.
When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.
“They went through my computer. They were looking through Word documents,” André says. “I had nude photos of myself on my phone, and they were questioning who this person was. It was really humiliating and embarrassing.”
“They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through. He said I’m a suspected escort. You can’t really argue with them because you’re trapped,” he says.”
He wasn’t necessarily declined solely because he wiped the phone (they already suspected him due to the previous encounter), but they made it pretty clear they don’t like it since they considered that reason enough to not let him through a second time despite all the supporting paperwork.
Have you ever used hotel wifi?
Give me a break.
What am I to do? Networks simply aren't fast enough to deal with my data sizes.
Label it "Very Bad USB" and put a bunch of noise in there. When you get detained tell them that you forgot the second part, "corrupts data"
Do you actually have one? I searched for a bit but it doesn't seem like they're sold.
My favorite is the USB-C one, because the USB-C spec supports 100W...
After huge demand, the USB Kill V3.0 comes in an anonymous version.
No branding - No logos - Generic Case. The anonymous version is perfect for penetration testers that require discretion.
There's no way this thing would be used in a pentest. It destroys computers. Generally pentesters try not to destroy the client's property.
Amusing way to frame it, though.
It does however force business travelers to rethink flying Emirates, Etihad, etc and fly United, etc instead. I'll be interested to see if these airlines sue.
A half gallon of petrol sitting inside your fake laptop in the hold is no biggie. A half gallon of petrol in the cabin is a whole different ballgame.