Hacker News new | comments | show | ask | jobs | submit login
1Password Travel Mode: Protect your data when crossing borders (agilebits.com)
1004 points by nthitz 10 months ago | hide | past | web | favorite | 521 comments

"May I search your laptop?" "Certainly." "But... this is practically empty." "Yes sir. I FedEx'd my SSD to the destination."

I have a small SSD in the primary disk in my T420s, it has just enough to get me through the flight. I keep the primary in the UltraBay with a simple adapter, takes one reboot and no tools to put it back in place. Done. Happy searching! I can't log into anything even if I wanted to because I physically do not have my password store https://www.passwordstore.org/ with me. (https://github.com/chx/ykgodot I wrote this trivial script to automate yubikey neo with pass)

Alternative: encode the entire primary disk https://github.com/cornelinux/yubikey-luks and FedEx the yubikey. Yanking the disk is better, though.

It's a practical approach, and my comment here isn't necessarily aimed at you, chx (since I don't know your citizenship status), but I would add this entreaty to American citizens like me:

If you ever get asked that question at the US border, please don't acquiesce to that request. They have the right to ask, and they even have the power to search it regardless of your permission, but despite an alarming drift towards a total surveillance, they have not established the right to force you to unlock/decrypt anything.

I'm flying into SFO tomorrow, and I am taking similar precautions as chx so that my laptop doesn't contain any meaningful data[1].

However, if asked to unlock my laptop, I plan to say "No, of course I cannot do that; it violates the most basic security practices and I could and should be fired if I exposed sensitive company data in that manner." And then just sticking with it. It will be inconvenient, especially if they seize my laptop and detain me, but as citizens it is up to us to resist the normalization of behaviors that push the nation further towards the precipice of idiotism.

[1]: As an American citizen, I have routinely done this when traveling to authoritarian nations like China; it's hard to express how outraged I am that my own country has degenerated to the point where sound security practices now require these kinds of procedures when traveling to the USA.

> If you[, a citizen of the United States,] ever get asked that question at the US border, please don't acquiesce to that request.

Absolutely agreed. I will do this[0]. I'm a U.S. citizen with the unequivocal right to enter the country once my citizenship has been established. U.S. citizens are the only ones who can stand up to this madness--either at the border or by influencing and electing people who can change the written law and how it is enforced--and it's our responsibility to do so.

I've entered the country several times and have never gotten more than a "passport, please" request (except, oddly, when driving south from Canada; they're rather surly at the Peace Arch, in my experience), which I recognize is very lucky of me. When I travel, I'm enough of a worry-wart that I build in a lot of spare time to get to and from my destination. "Do you want to fly today" and "you'll be screened for four additional hours" are threats that hold no weight with me, thankfully. I'm in no hurry.

I'm the ideal test case. I have oodles of paid vacation time, a family full of lawyers, and a ornery streak a kilometer wide. Bring it.

0 - I can't say "I have done this" because it's never come up but I'm resolute. "No" is my answer, if it ever does, and I'm sticking with it.

I have been that guy. All of 2009-2013 or so.

After being locked in secondary with no comms, food, or water for hours on hours enough times, one gives up. CBP once kicked me out of a border control point in northern Vermont, in a snowstorm, in February. I had to hitchhike simply to not freeze (my sim didn't work, so no way to call a cab, and they had sent the bus on without me, hours earlier).

I've been searched, both well and also simply as intimidation, more times than I can remember. Most searches are not thorough in any capacity, but simple displays of power and dominance.

My foreign partners have been repeatedly groped by these pigs. Vacations have been ruined simply by traveling together - they deny foreigners entry.

The file still haunts me. Every time I enter, secondary - with associated 30-500 minutes of delay.

There's no recourse.

I cringe every time I exit the US, for the 2-10 hours I will lose upon my next re-entry.

Their capacity to waste your time is infinite. Your time is finite.

PS: they can also take all your devices for imaging and keep them for 48 hours - but you will likely have to sue them to get them back after that time. Crossing in can be a >$10k/entry affair if they wish it to be, for you.

This sounds like the reprisals citizens of the totalitarian states in the Warsaw Pact had to endure. Heads up for pushing against it.

Out of curiosity, do you know if there are any people trying to challenge these rulings/treatment they receive in court?

At least in those - and I'm sure this still happens - you could bribe the officials.

Actually is that possible in the US or do the border officials still have a stick up their arse? I mean if you work for a big multinational IT company, surely they can provide a few hundred bucks to bribe someone to skip security. Bribing the police is normal in a lot of countries.

Yeah. My father described the experience of crossing borders between East Germany/Poland/Belarus/Ukraine in the 80s early 90s as the exact same theatre -

" -sir, we have to strip your car to search it for contraband.

-Ok, how long it's going to take?

- About 24-48 hours, but it might take longer if we see anything suspicious

- ok, what do I do in the meantime?

- you can sit on the bench there

- for 48 hours?

- that's correct

- I happen to have this nice bottle of vodka, would you like it as a thank you for your hard service?

- hmmmm I have to check with my superior [ comes back 5 minutes later] - that's fine, we don't need to check your car today, have a safe journey"

Nowadays I'm being told that this practice has been eradicated almost everywhere, but it basically relied on border control agents making your life as miserable as physically possible in hope that you will pay up. If you decided not to, they would eventually let you go, but you're wasting only your own time, they had infinite amount of it and perfect justification for everything they did.

You can get a 10 year prison sentence or so for bribery. In any country in the world, you can be prosecuted there, or in the US or Europe. You will probably also be fired.

> You will probably also be fired.

Please elaborate on that.

Any large company has an ethics code. Bribing government employees is usually a rather big no-no in that code.

Any large company also makes allowances for differences in local laws and customs when applying their ethics code.

Yeah... no. (The FCA[4] makes that fairly hard)

Amazon: "Employees may not bribe anyone for any reason, whether in dealings with governments or the private sector. " [3]

Apple: "Apple does not offer or accept bribes or kickbacks in any form, and we do not tolerate corruption in connection with any of our business dealings." [2]

Google: "The rule for us at Google is simple – don’t bribe anybody, anytime, for any reason."[1]

[1] https://abc.xyz/investor/other/google-code-of-conduct.html [2] http://files.shareholder.com/downloads/AAPL/0x0x803576/DAFD8... [3] http://phx.corporate-ir.net/phoenix.zhtml?c=97664&p=irol-gov... [4] https://en.wikipedia.org/wiki/Foreign_Corrupt_Practices_Act

Thank you for sharing your experiences.

For future, for the rest of us, I'm wondering what civil disobedience would look like. Something akin to malicious compliance, work to rule, or...? Actions (or inactions) that we can take to make the whole process infeasible.

For example... Whenever a telemarketer cold calls me, I try to take up as much of their time as possible. Increase their costs, reduce their conversion rate.

I also try to lie as much as possible for forms, surveys, etc. Muddy the data. Increase their costs.

> PS: they can also take all your devices for imaging and keep them for 48 hours - but you will likely have to sue them to get them back after that time.

You don't really want them back, anyway. So you just don't carry anything valuable, in any sense.

If only running three companies afforded me the ability to be without a computer, phone, or tablet for 24-48h while they are shipped/replaced.

That's called a vacation.

What you describe is simply impractical for a person in my line of work.

If you're running three companies, you can carry throwaway devices.

You misunderstand me; it is not the issue of the cost of the device, but the 2-4h on each side of imaging and restoring (for mobiles) or the 4-8h on each side for computers.

Employees can handle imaging and restoring. You can send an employee in advance, who will have devices ready for you on arrival. So all that gets handled while you're in transit.

When you can't even trust your own Blood Boy [1] not to get stoned, eat twinkies, and write a tell-all expose about you, how are you supposed to hire an employee trustworthy enough to handle all of your most sensitive keys and information? (Let alone three of them, one for each company.)

[1] https://www.theverge.com/2017/5/22/15676696/hbo-silicon-vall...

If you have any methods for hiring employees trustworthy enough to backup and reimage my most secure computing device with the most sensitive data, and somehow do so on notice given only via ESP, at several major world airports, please do let me know.

I guess I could get a fourth phone, the one I use only for talking to my Airport Phone Guy, who would somehow be incorruptible enough to not hijack my bitcoin wallet or take copies of my camera roll (which, if used strategically, could alternately make or ruin entire careers or companies).

I'll be over here in the Real World.

I don't know smartphones. But for machines with SSDs or HDDs, imaging and restoring software FDE volumes doesn't involve decryption. I don't know about hardware-based FDE, however. I use Linux VMs, and you can just copy LUKS-encrypted VDI files. If you're paranoid, you can backup and wipe the LUKS header, and send it separately.

Thanks, but my phones and tablet are my primary systems and even just resyncing breadwallet alone takes a half hour or more. You have no idea what you are talking about.

Can you just keep your devices stateless? This works for me.

Any idea why this happens to you? Your story suggests some targeting.

I was once on a list that got me secondary searching every single time I flew in the USA, for several years.

This was back in the 1990s, when asking for your password wasn't a thing I've ever heard of them doing, but also when me bringing 128-bit encryption software (aka the US version of Netscape Navigator) to Japan, where I was a foreign student, was a serious crime akin to arms smuggling.

Of course, I never found out for sure why I was on that list, and eventually I apparently wasn't on it anymore. But during that time I did read a fascinating article in some magazine, by Nathan Myhrvold (the now-infamous patent troll scumbag). Apparently, he was on the same list, despite being a super rich fat white guy from Microsoft.

His theory was that he got on the list by buying one-way plane tickets in cash. That resonated with me, because I often did the same thing back then… I just never really knew when I wanted to come back, and I didn't have much credit on my one credit card.

That's obviously both circumstantial and anecdotal, however I don't think it really takes too much to get on one of these secret (and very probably unlawful, but effectively un-challengeable) lists.

> he was on the same list, despite being a super rich fat white guy from Microsoft.

What could the "fat" part of that possibly have to do with anything related to targeting, other than as a cheap excuse for you to denigrate Myhrvold?

Well, I really just meant it more in the sense of him being a typical/normal/mainstream/not-unusual American.

But also, yeah: fuck Nathan Myhrvold. He's a smarmy piece of shit whose parasitical exploitation of America's societal weaknesses and dysfunction far outweighs all the modest contributions he's ever made. I hope he trips and falls face-first into one of his large sous-vide contraptions.

(That time, I was denigrating him on purpose.)

Thank you for this.

Probably means he looked more "safe" and "complacent" and that didn't stop them.

Myhrvold is a scumbag now, but back in the 90's he pulled off a heroic fuck you to NSA.

NSA didn't want to allow Microsoft to build RSA into Windows and export it. Even though the cat was out of the bag and foreign OEMs and vendors were already selling RSA. NSA wanted Microsoft to not give users more than 40 bits of encryption keys.

So Myhrvold, as President of Microsoft, flippantly offered to pad the keys generated by Windows with NSA's public RSA key. Win Win. Users can export more than 40 bits, and NSA gets a backdoor.

Microsoft won and was allowed to export software using RSA. No doubt that little stunt put Myhrvold on some Watchlist for Life.

It's too bad he became evil after he became a billionaire and started only caring about money and Yachts and hob knobbing with other 1% elites.

For five years or so, I (a US citizen) politely but firmly refused to answer a single question put to me whilst re-entering the United States, as is my human right.

Not even "Was your trip business or pleasure?"

Border guards have the power to prevent you from entering the country if they believe your business is unlawful, and asking those questions is one of the ways they decide. We can question whether border guards ought to exist, but, given that they do, refusing to answer their questions seems like a ticket to a back room for hours.

You really never answered their questions on every entry?

The fifth amendment does not go away suddenly at the border (4A notwithstanding).

If exercising my human rights is "a ticket to a back room for hours", then something is fundamentally broken in our society. You should try it; without doing so you actually have no data about the practical perimeter of your basic rights. This stuff isn't printed in the newspaper.

Yes, I really never answered their questions, except the ones about citizenship and nationality and place of birth—which I answered by presenting my passport.

"Business or pleasure?" is a vague, leading question designed to get you to volunteer as much information as possible. Sometimes I replied "no" or "yes" to that one, with an occasional "On advice of my attorney I decline to answer questions from police except in writing and via counsel" thrown in to break up the monotony.

Never talk to the police.

> Border guards have the power to prevent you from entering the country if they believe your business is unlawful

No. The USA can never deny entry to citizens (nor any other country). They may arrest you on the spot, but can't deny you entry.

Green card holders is a different story, they have no right to enter and are at the discretion of the authorities.

I don't believe they can prevent US citizens from entering the US.

Is the goal to resist normalization of the behavior or is to get through the security theater?

Both, but for non-Americans, getting through the security theater is not guaranteed, so they have to focus on that. For Americans, their rights are clearer and they are guaranteed to get through the security theater, so they can afford to fight the normalization of this.

It depends. Sometimes, it's really important, and you have to make it through quicky even if that means sacrificing other principles.

You have to balance your civic duty as a citizen with whatever else is going on. But hopefully our default mode is to emphasize our responsibility as democratic citizens to lead by example, and to resist degenerate behavior whenever we can...

Obviously veidr's goal is to resist normalization of the behavior.

I am a dual Canadian-Hungarian citizen, residing in Vancouver, BC, Canada. I work remotely for a USA client. Avoiding the USA is hard / impossible.

> "May I search your laptop?" "Certainly." "But... this is practically empty." "Yes sir. I FedEx'd my SSD to the destination."

Scratch that last bit. There is no need to reveal that, and it could sound suspicious (like you are trying to hide something specific by circumventing their checks, and trying to look clever (and/or make them look dim) by doing so to boot).

Just be honest without giving extra information: "yes sir, this is a travel machine and it just contains what I'm going to need while I'm between locations" if they ask why you would do that then "in case the laptop gets stolen, the less that is on it the less of a worry that could be" strikes me as a perfectly valid reason to be careful. Or perhaps "all the other data and programs I'm going to need are already with the clients/suppliers/other I'm visiting" (which it is as you've posted it, but you don't have to say the thing that might unnecessarily raise suspicion).

> I FedEx'd my SSD to the destination.

Are there any examples of laptops / ssds being searched in international mail?

If you take the time to FedEx your SSD to avoid customs you certainly made sure the disk was encrypted...

NSA can probably modify the firmware to create some sort of backdoor, if you actually look like that would be worthwhile?

Maybe the NSA can, maybe the NSA can't - but even if they could, I guarantee that customs/postal workers won't have access to it. Unless the NSA is specifically intercepting your particular SSD (in which case you have much bigger problems), standard enterprise-grade encryption will be good enough for shipping purposes.

This goes back to the level of protection you need/want, from whom, and whether you're a target of opportunity or a specific target.

Are you protecting against "drive-bys", the casually curious, motivated low-resource targeted attacks (e.g. disgruntled former employees, hated neighbors), "small" resource targeted attacks (<$50k?), high-resource attacks or state entities?

That would take a lot more work than just "searching through someone's private stuff on an airport" though;

I mean many "average" people get searched on airports, but i don't see why they would intercept an average guys Fedex shipped harddisk and do some voodoo on it. Unless of course you know you're being targeted for some specific reason.

If this is in your threat model, you shouldn't be taking advice from a forum thread.


Snowden leaks already show NSA has badbios-style firmware viruses targeting every manufacturer, every model, going back a decade. Imagine what they have today. Why not mass infect all hard drives at the factory? Targeting individuals or "thematic warrants" are still too clunk and doesn't scale.

All these folks who say "I'll out smart them, I'll encrypt my SSD and Fedex it" are "Not Even Wrong."


As most encryption takes place at the software level, not the hardware level, wouldn't it be difficult to infect all hard drives with some virus targeting encryption?

Also, not to mention most of my hard drives are made by China, whom seem not to like the NSA very much. This leads me to believe that they may struggle with the mass infection part.

You forgot the end of the story:

"I'm denying you the ability to enter the country. Next time you let me see everything instead of being a wise guy."

If you are an American citizen, can they prevent you from entering the country? I understand they can delay you, but I don't think it can be indefinite.

^ This right here.

They can deny foreigners, but I've always read that they cannot deny Americans in unless their citizenship gets revoked, I guess.

Not even that. Your right to enter the country, as a US citizen, is "Absolute, Unconditional, and Irrevocable."

"Why did you FedEx your SSD to the destination? Do you have something to hide? You're gonna have to follow us."

"everybody's got something to hide! I've got nothing hidden that's illegal."

If they find even one pirated song on your drive, they've got you on a felony. "Lying to federal officials" is a great catchall they regularly use to force a deal.

That's now.

The future is simply interdiction of every device.

Actually, every device will just be bugged with a thousand backdoors. The end.

Cory Doctorow - general computing is the enemy of governments.

If you are refusing to enter the password, access to the device, or to disable travel mode, then good luck to you. IANAL, but the border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.

In addition to removing the data from the device, cheers, don't you also need to be able to honestly say you can not provide access to it?

Ways to honestly answer, "not possible", and mean it:

- schedule a time period where no password is accepted. - enable whitelist/blacklist zones via geolocation. - set a new password that you give to a trusted friend/coworker/spouse that you must contact to retrieve.

Some combination of the above for ease-of-use, and ploys like emailing yourself the new password after a period of time for redundancy/safety.

If you read the article, there is no "tell" that 1Password is in Travel Mode. The only impact is that most of your passwords are missing from the password vault, but the agent would have no way of knowing what's missing. It's not like it pops up a big "Travel Mode" banner.

Customs read these articles just like us. What if they ask you if travel mode is turned on? Will you lie?

I was thinking this (and no I wouldn't lie to customs), but the second half of the article details how to let a remote administrator enforce these policies, ie blame your employer for wanting to secure their data from unauthorised access.

Of course the real answer is to avoid the business hostile USA (or at least the border)

The definition of "border" is surprisingly vast too -- if you're within 100 miles of any "external boundary". Two thirds (!) of Americans live within this "border" area.


This is a bit of an exaggeration, which has frequently been de-bunked. In brief, if you didn't recently cross a border, then immigration officials have no special powers within this zone.

There is, however, a "functional equivalent" of the border in every international airport that grants ICE these powers over arriving citizens (which makes sense).


Does it matter? Just say "yes", and your employer / the account manager should be the only one that should be able to disable it.

Yes, how can they prove anything?

At a guess, subpoena 1password for account and timestamp info on use of travel mode to catch someone in lying to a federal agent.

That's the part I didn't get thought. If there is no way to tell then how exactly do you turn it off? (At some point, you want to turn it off after all)

If there is any kind of setting that lets you control travel mode, border control could just make it standard procedure to change that setting.

In the article, the author mentions that you enable/disable travel mode online. Sadly, it doesn't look like this applies to those of us who have 1Password without a monthly subscription.

So, if they're already in the business of demanding your passwords (otherwise this whole thing is irrelevant), why don't they just ask you to log into your 1Password account and see if you're in travel mode there?

They could, which is why I'd recommend not having your 1Password password with you. Disable travel mode once you return home.

It doesn't really matter. If you're an American citizen, you can just refuse and they have to let you enter. They might confiscate your device, but they can't turn you away from the border.

And if you're not a US citizen, "I'm not physically able to unlock the account right now" doesn't buy you anything. There's no obligation that says if you do all you can physically do to accommodate their wishes, that you get to enter. If they want access, you either grant access or you get back on a plane. The only thing not having your 1Password credentials with you does is remove the choice of which you want to do.

You can only change that setting by logging into their website. The setting is not available in the app itself.

Well, they might have sigint indicating that you have Gmail account, a Facebook account and a WhatsApp account, for example.

For this to really work, you need to also prove to a border agent that you can't access it.

In that sense, Travel Mode sort of defeats the purpose -- all the border agent needs to know is that Travel Mode exists, and then ask you to turn it off.

There is no sign in the app that you are in Travel Mode. I suppose if you are well and truly targeted and they have a really knowledgeable specialist on-hand, they could know that Travel Mode exists and ask you to disable it. But, I think that's going beyond the boundaries of a border search, which is limited to searching things that you are actually carrying across the border.

"Are you using travel mode?"


You just lied to someone at border control. Which is an offense.

Yep. Civil disobedience, unsurprisingly, includes breaking the law.

Yes. If you are a US citizen. If you are not, this can mean waiting for the next pane back in handcuffs and being banned from entering the US for life.

Why go there in the first place? Doesn't sound very appealing.

I live in Canada working in medical/tech industry.

Every vendors main business is in the USA. 95% of our clients are not in Canada.

If I want to avoid the USA, I would have to change industries... Which isn't gonna happen hopefully anytime soon.

I have to goto states 3x times a year and hate the traveling aspect going through customs (I have a trip in a few weeks, already dreading it).. but once I pass through the border, it is rather nice.

To live the American nightmare and be in the land of the caged. lol!

Civil disobedience does not need you to be a citizen of America..

"Are you using travel mode?"


"Disable it"

"I can't. I left my password at home, and the account is tied to an email address I do not have access to."

I suppose they tell you to go home at that point. Such a sad state of affairs.

Yeah, but you have to login to a cloud service to turn it off, which they can't necessarily force you to do supposedly.

> the border agent doesn't care if the data is technically in the cloud

In reality, they do. They are not asking you for every password you know and access to all the remote systems you have access to, and any that you can get access to if you ask someone, etc, etc.

>don't you also need to be able to honestly say you can not provide access to it?

It's been said further down, but they can't possibly have carte blanche to compel that you reveal all data you have access to anywhere, which is what this would require.

Of course they have that carte blanche, at least if you are not a citizen (and since you are travelling internationally, I'd assume that you're not a citizen on at least one of the legs). Normally, they can ask whatever the eff they like to decide whether to grant you entry or not.

The logical conclusion here, is to decide, what is more important: Gaining entry, or keeping your data. In the first case you're just fucked. If you get searched, you have to give up your stuff (even if you can claim you can't; they can then just not let you in). In the second, just encrypt your shit, rescind your request for entry when it looks like they might be interested in you and don't give up your password.

HN makes this much too complicated, again. And forgets that this is a legal and social problem, not a technical one.

> Normally, they can ask whatever the eff they like to decide whether to grant you entry or not.

Yep. There's this tendency to say "I beat their rules, so they have to let me go!" The CBP aren't fairies, they aren't bound to stay within some narrow precommitment. At least if you're not a US citizen, these things are almost totally discretionary. Not only can they bar you for not unlocking Facebook, they can bar your for genuinely not having Facebook if they decide you're lying. When even simple truth isn't a defense, clever tech tricks don't count for anything.

In my cynical moments, this outlook strikes me as a disease caused by excess programming - living in a world of contracts and invariants blinds people to how much of the world runs on "screw you, you know what I mean."

> The TSA aren't fairies, they aren't bound to stay within some narrow precommitment. At least if you're not a US citizen, these things are almost totally discretionary.

I think you are confusing TSA with CBP here.

Thanks, fixed that.

>enable whitelist/blacklist zones via geolocation

This is exactly the approach I took with my password vault application (android only, far less well-known than 1password). I added a location-lock feature that allows the user to store a number of "safe locations" outside of which the vault simply will not decrypt, even if the correct password is entered.

The app also makes it very clear that location lock is enabled and that the user is outside of all "safe zones" and therefore will not unlock. The only way a border agent is getting access is to figure out the GPS coordinate encryption method and adding a new set into the sqlite db or physically driving to one of the safe locations and unlocking it there.

>border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.

Do they provide wifi for that? I doubt it.

Counter: the border agent asks "are you hiding any information from us?". answer yes, and they get you to disable travel mode. answer no, and you just committed a felony.

Answer no, and it's just as valid as if you had a hand-written notebook full of work-related records that you left in your office back home before traveling. There aren't any reasonable justifications for requiring you to bring all information you physically have access to you with you when traveling, regardless of the format it's stored in.

Not bringing something with you is inherently different from hiding it.

> There aren't any reasonable justifications for requiring you to bring all information you physically have access to you with you when traveling... regardless of the format it's stored in.

I think many of us would equally argue there isn't any 'reasonable justification' for forcing phone unlocks on random strangers in airports, but that still happens. I think you are asking for a reasoned distinction from people incapable of drawing them, and that while what you say makes sense, we are not dealing with a sensible system.

I can absolutely envisage some asshole airport security staff member causing grief over these kind of features should they grow in popularity - the existing interactions over phone unlocks are already in a weird constitution-free legal grey area in the US, even for US citizens. For foreigners the situation is worse still - basically zero options but compliance, or feel free to go home and never be granted entry ever again.

Exactly. People are already forced to log into social media accounts and such. So it appears anything you're able to access online is considered fair game.

It's not really the same thing at all. Something you leave in your office is something you won't have access to at your destination - so it's logical that it wouldn't be subject to customs. Something online, regardless of physical storage location, is something you will have access to at your destination, so it should be subject to customs.

So if you travel without your phone, they still have the right to demand access to your email account? How does that make any sense?

I don't know whether or not they have the right - do they have the right to read some sealed-up documents in your briefcase? Whatever your answer to that question is, it should probably be the same answer to the e-mail question. All these trick arguments about "oh but the e-mail's not actually on my phone, it's in the cloud!" don't hold water for me; it's information you're bringing into the country. Either it's subject to search or it isn't.

But how are you "bringing your email into the country" any more than you would be if you just sent an email?

If they can't access my sent email when I send it from abroad without a warrant, then how does me entering the country without a phone or computer allow them access to my email?

Lying to a federal employee is a felony; if you know you are answering untruthfully and the USG can prove it then you are probably going to prison.

What lie has been told?

From what I understand, it removes everything but ones marked as safe therefore you're not hiding anything.

It's like moving your private files from a device before travelling, you're not hiding anything you just didn't bring it.

That's how I understand it. It is the physical presence of data that allows the warrantless search in the first place. Leaving data off of your device would be treated no different than leaving your device at home entirely.

So how does the whole "show us Facebook" thing work then? They're interested in your Facebook bits stored on the internet, not the bits on your device.

Right. And there is absolutely no legal justification for requesting you go fetch those bits from a data center hundreds of miles away and show them to the CBP employee.

However, they are hoping that people don't know that and do it anyway, even though they don't have to. Also, a lot of CBP employees probably don't understand that distinction anyway. It feels like it's all "on the phone".

Of course that distinction between data in your possession on your device and data that's hundreds or thousands of miles away might not matter if enough precedent accumulates to support forcing people to go fetch things when they're at the border. So we need to stand up for freedom from government intrusion now!

>And there is absolutely no legal justification for requesting you go fetch those bits from a data center hundreds of miles away and show them to the CBP employee.

Except they are allowed to deny your entry if you don't satisfy their whims.

I don't think lie detection using ultrasonography is very reliable...

I think we need a lawyer here, but this seems totally wrong. You're only committing a crime if you lie under oath, either to a court or congress. Cops lie to people all the time.

You should use your right to be silent rather than answer any questions of course, but that right disappears at the border.

Still, lying to a customs agent isn't a felony (at least not in the US). (If so, please cite the law). If you're not a citizen of the country you are entering, the most they can do is refuse entry. If you are a citizen, well there is where it can get complicated.

> You're only committing a crime if you lie under oath, either to a court or congress.

False: the relevant statute, 18 USC § 1001, doesn't mention the word "oath" once, and applies to "any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States".

> You're only committing a crime if you lie under oath, either to a court or congress.

This is unfortunately far from the truth. See this recent post: http://www.wisenberglaw.com/Articles/How-to-Avoid-Going-to-J...

Very much not true. Counter to the way we think America should work perhaps, but many people have gone to prison for lying to federal officials while not under oath. Martha Stewart being one of the most famous. Your best strategy when confronted with uncomfortable questions by federal officials in the US is to say "I wish to consult with my attorney before answering any questions." The result might be a lot of unpleasantness and delay, but they cannot throw you in prison for saying those words.

I think you are thinking of "Perjury" - https://www.merriam-webster.com/dictionary/perjury

Other forms of lying can also be illegal, however.

> Not bringing something with you is inherently different from hiding it.

But you don't have access to your notebook once in the country. The 1Password travel mode is not for while you're in the country, but specifically just for the border crossing.

Travel mode, especially on a Team plan though, is essentially asking one of your co-workers to scan and e-mail the notebook to you after having crossed the border.

As a general comment to so many of the follow-ups to this post:

You really, really don't want to get into a rules-lawyering match with Federal fucking prosecutors over whether "clever technological solution" counts as "hiding" something or not. They have all of the guns in this situation, and you have a demonstrably inaccurate understanding of the relevant statute.

You WILL lose.

If the question is "are you hiding any information" then the obvious (and true) answer is no. If the question is "did you use travel mode for 1password" then that's a very different question. Unless you can point out a statute that requires you to travel with certain information on your device it's hard for me to see the problem.

Your position seems to be that if you were carrying your checkbook (as an American) and then decided against it because you were worried someone might get your bank account number then you somehow risk getting into a debate over technicalities with a border agent. I would strongly recommend not getting into that debate as well by not bringing it up.

I don't think searches of accounts are in any way excusable either, but for the purpose of rules-lawyering:

You have deliberately chosen to make certain information not available during the search period and are planning to make it available again once the search is over. I can absolutely see how that counts as "hiding".

And crucially, "can see how" is all that matters here. If the argument isn't prima facie absurd, then you get to go to court with the government, where you won't win and will face horrible harms even if you somehow do. "But I'm technically right!" doesn't count here, only "but there's reason to dispute that".

Therefore, if you had a device to withdraw money remotely that required entering your pin, and if the security agent asked you for your pin, would you provide it?

What if my laptop had similar capabilities?

The bank PIN isn't really comparable as government agents can access bank info (in UK at least); the only purpose of the PIN is money withdrawal - surely there is no situation where a border agent would be legally asking for that PIN?

If it's going to bother you why not just use a dumb device and a VPN to access your sensitive data?

More than that, everyone is getting up on the wording of the particular hypothetical question posed above. It could easily be replaced with "Did you remove any data from your device so that we wouldn't be able to see it?", or "Did you enable Travel Mode in 1Password?", or even "Please sign this form affirming that you have not hidden anything from us or employed anything from this list of loopholes thought up by cheeky engineers."

Your adversary here is a group of humans. Not a Bash script.

> Your adversary here is a group of humans. Not a Bash script.

This is an awfully good summary. There are a thousand different questions that would invalidate this, and the idea that maybe-possibly-sort-of outwitting one question solves the problem is insane. Any reasonable plan has to be prepared for a question that can't be invaded - whether that means "yes, here's the data", or "yes, but I can't get the data", or "no comment, I want a lawyer".

Looks like there is a business opportunity for an airport located on-demand lawyer practice.

It honestly sounds like it would be irresponsible to travel to the US without a lawyer with you. In fact, sometimes the US sounds like you need a lawyer on hand at all times.

It's a pretty good rule of thumb.

This is especially true if you allow them to frame the action as "hiding". L

First you must ask them to not use loaded terminology like "hiding" when dealing with information you own and don't feel like accessing. Don't answer "yes" or "no" to whether you're hiding something. If you use their words then they have a huge advantage.

I'm gonna bet that trying to "language-lawyer" how your CBP agent phrases their questions is a one-way ticket to a private interview, because that's not suspicious at all.

You don't have to explain yourself to them. They don't know the legalities involved, they are grunts. Just tell them simply that you will only answer the question a single time, and the answer is no, and you will ignore future questions about the matter. And ask for your lawyer. If you aren't going to allow access into your personal devices to begin with, you're probably getting that interview regardless.

This whole saga just makes make me want to not visit the US for any reason whatsoever.

If I had to go there for work from Australia, I'd request a laptop and new credentials to be provided to me at the destination. For emergency comms during travels I'd wipe my mobile device and use a new prepaid mobile/cell service SIM card in it, from a different carrier, leaving the original one behind.

As such I'd not be bringing any 2FA that'd let me access my Lastpass which has just about all my stuff, and I'd be able to honestly state as much.

Same here. It's ridiculous when it's getting to a point where I'd take at least as many precautions travelling into the US as China.

Based on this wording, it sounds like a team admin might be able to enforce travel mode such that the user can't disable it.

>If you’re a team administrator, you have total control over which secrets your employees can travel with. You can turn Travel Mode on and off for your team members, so you can ensure that company information stays safe at all times.

In which case, you as a user literally can't access the information without communicating with an admin at your organization. If CBP ever starts requiring that you call a third party to retrieve confidential information, well... I hope we never get to that point.

> If CBP ever starts requiring that you call a third party to retrieve confidential information

What would they do, do you think, if said third party was a foreign citizen—of a country with no deportation treaty with the US—and upon getting the person you have in hand to call them (presumably under duress), they just said "I don't negotiate with hostile governments" and hung up?

>of a country with no deportation treaty with the US

I'm not sure what this means, afaik there's no such thing as a "deportation treaty" (perhaps you're thinking of extradition?). If you aren't a citizen, you can be deported, no treaty necessary. Furthermore, if you're at the border you're not even being deported, you're just being denied entry - you get to not pass customs at all and sleep in the airport lounge until you can secure a flight back to your home country, if the CBP decides to turn you away for any reason they choose. As a non-citizen outside the border, you really have no rights at all, and no recourse against any decision the CBP chooses to make.

Yes, that's the one I was going for, extradition treaty—I was referring to the fact that CBP can't just lean on the other country to send them the person they actually want to interview (i.e. extradite them for a crime they've been implicated in by the testimony of the person they just interviewed), so they really are stuck with just getting the detained person to call them up and negotiate.

If US CBP catches a low-level gang member from the UK, they can use their testimony to get an extradition order for higher-ranking gang members—so CBP are incentivized to detain low-level gang members and grill them to see what they know, even if they haven't done anything. But if it's e.g. a low-level Russian or Chinese or Iranian gang member, then the "extradite" part of the "use testimony as evidence to extradite higher-level members" plan doesn't work, so there's relatively little point to grilling such people.

So are you required to have all the data that's ever been on your device at the time that you cross an international border? Are you required to copy passwords that were never in 1password onto your device before you travel?

EDIT: Another way to put this: Is there an expectation that a border agent could, for example, ask for the password to my bank account? If not, how would there be an expectation that if that used to be on my iPhone it should still be there when I travel?

Are you a citizen? Because if not, the answer to all of this is "whatever the hell border patrol wants". As far as I know, you absolutely could be asked for your bank account password. You wouldn't be, because any agent asking would probably be fired to avoid a media circus, but it's not actually against any rule. Border patrol discretion for non-citizens is almost absolute.

If you are a citizen, it's not clear that anything at all can be demanded, even logging into an account already on the device. It just hasn't been put to an unambiguous court challenge.

This issue seems to be a bit of a geek trap. Yes, border agents have a fair amount of authority. No, you're not required to twist your mind into a pretzel trying to decide whether what you choose to put on your device constitutes hiding the things you left off. If an agent is asking you something as specific as "did you enable travel mode in 1password" you've probably already triggered some suspicion.

Some of the responses on this thread make it sound like there are people who would actually start explaining travel mode unprompted because they arrived at it by some twisted logic about what 'hiding' means.

The point of travel mode isn't to dodge border control policies or questioning; the point is to prevent the exposure of credentials when travelling, even if the exposure is to a border agency.

If a border agent asks you directly, "Did you remove information from this device to prevent us or others from seeing it when entering or within this country?" the only truthful answer is "Yes", but travel mode has still achieved its goal. Even if they confiscate your device, they can't access the credentials. You may have other issues entering the country but your data is kept secure and private.

At some point, you're going to have to have a separate device for international travel. Then they'd have to ask: "Do you have another device back home that you didn't bring because it contains sensitive information?"

Even back in the 90s, I knew people who would bring a separate travel laptop that would just have the basic set of apps and a VPN client. So, once you got to your destination, you'd login via VPN and download what you needed. This was at Nortel, so it's not like it was a very high security company, just moderately secure. Not everybody did that, but certainly enough people did. The department kept a couple spare laptops for just this purpose that would get wiped and restored to their default config after the travel.

Literally removing your access to data isn't the same thing as hiding it. Having a TrueCrypt partition on your drive that you can still unlock if you know it's there is hiding it. Securely erasing that partition is not.

Is there any difference between securely erasing a TrueCrypt partition vs forgetting the password?

Yeah, in the former the information is truly gone, but in the latter, you're trying to convince people that you forgot something you used to know, and they may not believe you.

Don't most secure erase tools just write a stream (over several passes) of pseudo-random noise? If so, then it should be indistinguishable from a TrueCrypt partition.

This is closer to the former than the latter. You aren't erasing the data that's protected under the vaults. You're just temporarily removing the vaults from local storage, disabling access and obscuring its presence. It's trivial to re-enable that access, so you are hiding, not destroying.

Nice mental gymnastics, though. I'm genuinely curious whether the first Federal judge to see this argument laughs or issues a contempt citation first.

Can the border patrol ask you to sign into any online service? Because that's essentially what this is.

The data isn't on the computer they are searching, it's on a server thousands of miles away. The data was erased from the device. If they can force you to sign into that service, they could also force you to sign into your bank, github, etc.

> Can the border patrol ask you to sign into any online service?

If you're a non-citizen attempting to enter the US under a visa waiver program, from certain countries, yes, they can.

a border officer searched for me on fucking facebook when i was going into the us in march. she said "i just want to know who you are and why you are coming".

i don't have a facebook account. she said this was really suspicious.

oh and she also found suspicious that i had two us entry stamps within a week of each other and didn't accept my explanation that i had gone through the us to go to england with my wife (even after i pointed to the GB entry stamp).

i hate going through the us border control.

Actually they ask for social media accounts when applying for a visa waiver now, e.g. ESTA.

I bet they'll mark you as suspicious if you travel without any electronics too, because that has become uncommon.

> she said "i just want to know who you are and why you are coming".

Isn't that what passport and visa are for?

Then you can just turn around and be deported. Non-citizens don't have many rights at the border.

The big questions is for Americans, who also have fewer rights at the border (4th amendment for example). Can they force you to sign into external services at the airport if you're a citizen? Everyone should refuse to do this.

I'm not a lawyer, and I hate having to preface that. But Hell No they can't. They can ask. They can threaten. But once they know you're a US citizen, they either detain you or they let you go (on to customs).

They can confiscate your belongings though.

I don't understand your logic. Facts matter. Either you have the data on your laptop or you don't. If it's been removed, you don't.

Yes, they can ask you if you've deleted things, or if you have things elsewhere, but that's not generally what they ask or look for, or the issue at hand.

The data is still on the device. Only the password "vaults" have been wiped, obscuring the presence of the data and removing its access.

Look, you can twist the words however you want. At the end of the day, if a CBP agent or Federal prosecutor clues to the fact that you're using this functionality, their interpretation is almost certainly going to be "'late2part is hiding something!", and they will bring their (considerable) powers to bear in response to that, in order to figure out what that is.

Your indignation about or lack of understanding of that reality aren't going to change it.

The vaults are the data. I'm not sure what data besides the vaults you're referring to that's still on the device. The fact that the data is still on a server somewhere is irrelevant for searching the device. However if they ask to login to your 1Password account that's a different matter.

Does "travel mode" remove all the cookies, local storage, and any other indications that you're a user of the site(s) in the removed vault?

Remember: if you're this far down the rabbit hole at immigration, the machine is out of your bag, open, and unlocked. They can take it, while in this state, and image it. If there is evidence that you've been even unintentionally untruthful with the CBP folks, you're screwed. Not only have you lied, but you may have handed over evidence of obstruction of justice/tampering with evidence.

Federal charges like that stack up quickly. If they want to fuck with you, they will.

I would say this is more like a local git repository than what you said. When you add passwords to a vault, then it gets saved to your local copy and then synced to the server. When changes are made elsewhere, it downloads the changes and syncs your local repository.

Now "travel mode" simply removes the local git repository. The data still exists in the cloud, but you have to actively go out and log in to their service to retrieve it. Are you "hiding something" because you deleted a local copy of something from your device? There isn't something on your device that is somehow hidden. It's not there.

Seems like it's a tough argument though, I never have all my email on my phone, or all my dropbox files, etc. If I choose to not sync certain GMAP labels to IMAP, does that mean I am 'hiding' them?

Have you kept the data off your phone specifically for the purpose of not letting them see it, intending to sync back up afterwards?

What if I don't sync the data back to my phone until I return home? Is that concealing? Is it any different than leaving sensitive items from my wallet (say social security card) at home while I travel?

You literally don't have the data on you so you're not concealing anything. Just because you can download it later seems like flimsy reasoning.

Otherwise, they could get your for "traveling with more than $X" because you have more than $X in a bank account somewhere that you could get via ATM.

You're not hiding anything, you're creating a legal barrier to someone accessing it. This is the privacy vs secrecy conversation.

"Are you hiding any drugs from us?" "Oh yeah, I've got lots in my apartment in $ANOTHER_COUNTRY"

Why should the actual answer be any different with data than it would be with the drugs?

Have you set things up so the drugs will be available to you once you have gone through security?

If you're a citizen you don't have to answer any question until you've been accused of a crime and have a lawyer present.

Also, the case law is iffy on whether a one-word answer of 'no' can be used in an obstruction charge. (read about 'exculpatory no doctrine').

...can you clarify this?

Looking up 'exculpatory no' implies that the matter was clearly settled in 1998 by the Supreme Court, which decided the doctrine is wholly invalid and the obstruction charge can be applied.

If there's iffy case law here, I'm not finding it successfully.

I'm not a lawyer so don't trust my take on what's safe to say to the cops.

I feel like I saw a recent exception to this, but even if I didn't:

1998 is pre-9/11, pre-TSA, pre- the large riots of the 2000s and 2010s like ferguson and occupy. It's pre-snowden, pre-aaron swartz. It's pre-iphone which means its pre every case about recording cops in public. It's pre stop and frisk.

Criminal justice has changed a lot since 1998.

I don't know, I think the border is a no-man's land. They can pretty much keep you in limbo as long as they want.

Edit: Yes, US citizens are allowed to ask for a lawyer (at the U.S. Border). But, the 4th Amendment is mostly out the window.

That's not really true. As a US Citizen, on basic legal principle, I believe that once Immigration has established you are a US Citizen, they have to let you leave unless they suspect you of a crime.

Customs is sort of a different issue, they can go through your physical and digital belongings and search you.

They have to let you in, but they can confiscate everything you have with you at the border crossing.

Answer "There is no hidden information on this computer, or any of my other devices".

How is setting software to "travel mode" hiding anything?

It's not the software set to travel mode, it's the account.

> the border agent asks "are you hiding any information from us?"

Answer yes, always, because: I have client data I'm most certainly hiding from you on my computer because they'd in general be worried if it i didn't, also I have passcodes to friends mail servers I manager for them I'm hiding from you, also I'm hiding from you all the emails I've sent to my parents, I'm also hiding from you all the pics of my gonads I sent to my lover. So yes, I'm hiding information from you. What country is this anyway? <asks the person arriving to the US from Germany>

The data is actually removed from your device so you aren't hiding anything. Like someone else said it would be ridiculous if you were forced to have all your data on your device when you travel.

At first, I thought the same thing. But if they ask that question, then no, I'm not hiding it from the border agent. I'm disabling a feature while I travel so that nobody has the potential to get to it.

Edit: Besides, if I ever travel out of country with my work phone, if anyone wants access to it they'll need to call my work's legal office as I'm not allowed to let anyone access that phone without their permission.

you can't disable it from the app

I'm struggling to understand all the comments here, but it feels like I'm living in an alternate universe. All of these questions like "but do the customs agents search for hidden partitions", etc...

Who is it that is running into all these scenarios with border control? I've gone on international flights, including to the us, dozens of times, and have seen around me thousands upon thousands of travelers, and I've never seen anyone asked to open their laptop, no to mention being grilled on hidden partitions.

Not that I'm doubting this ever happens. But from these comments, someone would get the feeling that this is routine, rather than a 1-in-an-X occurence for a probably very high X.

According to a CBP press release from April, "in the first six months of FY17, CBP searched the electronic devices of 14,993 arriving international travelers, affecting 0.008 percent of the approximately 189.6 million travelers arriving to the United States."

The release goes on to show that this is nearly twice as frequent as the equivalent period last year.

Thanks very much, I had been e-mailed a copy and didn't have the link handy.

The implementation looks sound, and it's easy to use. Props to Agile Bits for making this feature a priority.

So this is great! -- I think. My only concern is that if the authorities are already suspicious of you, and find no password vaults (or practically nothing in your password vault), they may just detain you until you reveal what you haven't disclosed to them.

There's clearly a technical solution to the problem of protecting data across borders but they do not work so well under duress. Is there any technical way to convince an adversary you are not hiding anything else or did not delete something?

Could they try to go with the truecrypt method?

Instead of removing the password data off the device, replace it with "junk" data.

"Low security" accounts that you wouldn't mind the "adversaries" having, sacrificial accounts, or even just a randomly generated selection of fake passwords for a selection of accounts, etc...

It still won't fully protect you (obviously a "targeted" adversary would know that you have an account at "X" with "Y" username and the password in your vault doesn't work for that so tie him up!), but being able to hand over something when being questioned might be better than nothing for some.

Definitely not great. It would create much more suspicion to have 1Password installed and not to have any data on it. Just uninstall 1Password before travel and re install it back after customs. Travel mode is a way worse solution.

The article says you can choose which vaults to have available in Travel Mode. So you could just leave some vaults you don't care about in there.

Empty/useless vaults aren't any better. Even if you went to the lengths of creating fake social profiles and adding their passwords to your fake vault, that's not any better either.

Social engineering. Confidence. At some point technology needs to be abandoned and you need to be a human being during those scenarios.

Or simply don't have anything to hide. If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

> If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

More than once, the customs officer has asked me "you don't look people in the eye, do you?" I just say, "no, I don't." (They're apparently happy with that answer.)

So you can be questioned without having a guilty conscience; I just look down a lot.

> Or simply don't have anything to hide. If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

What if I am an anxious guy?

What if I carry some business secrets?

What if I don't want some TSA agent look at my SO pics I have on my devices/social media?

Being anxious is something you can work on. Business secrets are perfectly legal to carry across a border. Not wanting the TSA to look at your shit is something I can understand.

I'd basically tell them to fuck off (in a more diplomatic sense) until it reached the point of being either blocked entirely from traveling or detainment. At that point you gotta ask yourself if the juice is worth the squeeze and turn back or play their game.

Also this is more than just an issue with the Trump administration and the TSA... I don't travel to Canada any longer due to the treatment I have received at the border there.

Just out of curiosity, how's the treatment at the border in Canada?

10 years ago I was working in Canada; couple of friends and I (Australian, British and Québécois) decided to go and ski in Montana for a few days. We had a few beers on the way down and stopped just before customs to drop off open cans before we crossed the border. Being 11pm, we were the only people at the crossing. As we circled round they decided something wasn't right (probably justified although not in their jurisdiction) - 4 hours later we were allowed into the US having been fingerprinted and our car searched on a ramp for what I assume was explosives or drugs. 3 days later we returned to the border travelling the other direction - the CBSA officer looked at the cover of all three different nations' passports before saying "I'm sure there's a visa in there somewhere, have a nice day."

As the above comment states, confidence. Confidence is everything. It's hard to detect a confident liar without serious equipment and verification.

If it's hard, make up an appropriate story beforehand and rehearse it until it is second nature and you believe it yourself.

Best to avoid the USA, basically.

This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling, then restore when you get back. Log into the minimal number of apps after you've entered the destination country, and optionally delete/logout of said apps prior to return travel if the return border crossing is also a concern. Admittedly if you use a password manager you might need still want to make use of a feature such as the one in this article, or install the password manager app after entering the country, or just write down the passwords that you will need and hide them somewhere unfindable with your stuff.

On iOS about the only thing you would lose is your message history during the trip. It might be an annoyance if you wanted to play games that had non-cloud-based saved player state, but I can't think of too many other issues with doing this.

That may be a solution, but I'm never going to have the time to do that personally.

But are you concerned with border agents searching your phone? If you are then any time spent on this is time well spent. Although protecting your password manager is obviously of vital importance, there's a lot more to be concerned about sitting around on your phone if they can get in.

There's also the general concern -- although I don't know if it's ever been proven to have happened anywhere -- of border agents installing tracking software / malware. They often take the phone out of sight for a while. This is probably more of an issue with Android phones but again if you are a journalist or human rights activist or anyone with legitimate reasons to be concerned, I would absolutely want to wipe the phone as soon as possible after a border crossing if agents had forced me to hand it over for inspection.

Then it's a burner phone for you. Can't afford that? According to the security state, then you pay by risking your information.

I agree with both you and the parent poster. It's sad that we're paying a privacy tax on something that should be constitutionally protected.

Can't they order you to sign into iCloud or equivalent and then just sync whatever they want, photos, texts, emails, apps (and then order you to sign into those apps like Facebook, Whatsapp, Gmail)? Bottom line is they can get you AND everything you have access to. And it you try to circumvent it by i.e. temporarily encrypting everything for 24hr boom you just committed a felony. This is my understanding at least.

You know what's strange? I just can't remember my password to this account.

Real talk, if you play games they will find a way to fuck you up, and even if it is not strictly legal, even if you with some kind of relief later (not likely a nice settlement), you will still have to deal with getting fucked pretty bad at the time. Not a great outcome.

Yeah, no shit. "Oh, you can't remember your password? That's OK, we have a nice place here for you to sit until you do."

IANAL and I don't have an answer to this, but I would be deeply alarmed if this were the case. I can understand them making the case that anything on your personal is searchable (though I disagree that this should be allowed).

By asking you to sign in and sync, they're not just requesting access to information on your person -- that's an enormous expansion of their search powers.

I mean, aren't they forcing you to give Facebook passwords now?


Isn't it established that they'll ask for social media credentials which sync old data automatically?

"And it you try to circumvent it by i.e. temporarily encrypting everything for 24hr boom you just committed a felony"

This isn't true. Encrypting your device is not illegal, and they do not have the legal authority to compel you to unencrypt it or make you sign in to anything. They can make your life miserable, but the constitution still applies.

>This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling

This is just another version of the "why do you need privacy unless you have something to hide" argument.

This feature really should ask you to commit to your duration of travel beforehand. It's no use if you can be compelled to readd the data.

Yes, THIS. THIS. Lying to a federal agent brings a world of hurt (obligatory disclaimer: I am a law professor but I am not YOUR lawyer...). Right now any customs agent with a brain can just ask "do you have that travel mode turned on? Ok, turn it off," and most courts will allow them to force compliance with that order. It would be really useful to be able to honestly say "I can't."

It's true, if they really want to make someone give up the info, they can arguably detain that person until the timer expires. But that move is much more costly to the government, as well as subject to all kinds of interesting potential legal challenges. So a timer makes the data strictly more secure, even if not perfectly secure.

Better, the feature should _always_ show both "Enable Travel Mode" and "Disable Travel Mode" buttons so that it's not possible to tell whether or not it's enabled. Disabling travel mode should prompt for a password, then return a message like "all vaults protected with this password are now enabled" no matter what the result of the operation is.

So if you're in Travel Mode and you don't want them to know, you'd intentionally put in the wrong password to unlock? I agree that sounds like the best option. It's a lot like TrueCrypt's concept of having an encrypted drive with one password, and another, hidden encrypted drive in the same file with a different password. No-one can prove you have the second hidden one.

Yes, exactly. It would be impossible to tell whether you even had any Travel-Mode-hidden vaults without exhaustively testing every possible password.

That doesn't solve the problem, because you could be detained until the data is accessible again.

I admit, my threat model doesn't include indefinite detention at a border, but that is a valid concern depending in where you are going. Unfortunately, it's common not to believe people that say they don't know their password, otherwise the solution would be to just change your password and leave it at home without learning it.

For me, the time lockout changes the claim you can make to an official from "I don't know the passwords, I have a record that I didn't bring with me, but can retrieve online" to "I don't know the passwords and have no ability to retrieve them while here". For me, that distinction is valuable and the benefits outweigh the risks. But everyone has different requirements and risk sensitivity.

It's beyond disturbing that we have reached the point where we are discussing this as a potential feature, and not a plot element of a dystopian scifi.

No you can't be detained indefinitely (unless they have evidence to charge you with a crime). You could have your devices confiscated, and as a non-citizen, you could be denied entry.

I believe you can be detained indefinitely, and without probable cause, by border agents.

Setting GPS locations where the vault can be readded to your device and disallowing it everywhere else would be good.

GPS location can easily be spoofed, and your ID has an address on it.

Came here to make the same suggestion, and strongly agree. I should not be able to re-add the vault if I am not in my house.

I thought about mentioning this too, as well as things like IP addresses and 2FA. The problem with GPS is proving that the location or request isn't spoofed. Ultimately, the phone is trusted when it supplies coordinates, so a determined adversary can easily circumvent it (for example, a SDR running a GPS spoofer). That's not to say it's a bad idea, as it certainly inproves security, but we are talking about state level targeting here.

The other options, like IP and 2FA are more likely to result in failure demand by non-expert users. It's really tricky to get the balance right, as it's hard to justify to yourself a full wipe when going to a relatively low but nonzero risk country.

I'm a little sad that this would require me to use the 1Password cloud-service. I would never want my 1Password vault to be on any server outside of my control. While I completely trust agilebit's intentions, I feel that their cloud service adds a very major attack surface. Someone like the NSA would certainly be able to obtain copies of the encrypted vaults, which means that everyone's vaults are just one bug/backdoor in the cryptographic stack (remember Debian RNG bug?) away from being exposed.

Hence, I only use WiFi sync for 1Password. It would be nice if 1Password added a sync option through my own WebDAV server. I'd then be happy to pay for a 1Password cloud account just for the TravelMode feature, as long as the vault data itself wasn't stored anywhere outside of my control. Having my own server would mean the the NSA (or whoever) would have to do a targeted attack on me personally, which is a whole different ballgame from everybody's encrypted vaults sitting on agilebit's servers.

In the meantime, if I had to cross the US border (as a non-citizien!), I would probably delete the whole 1Password app from my phone before crossing, and then restore the entire phone from backup afterwards.

I think this is an incredibly worrisome move on 1Password's part. Coming from the right motives, but ultimately it'll end up being used against us.

Look at it from the perspective of the government. By bringing information from elsewhere into the US, you're importing it. It just so happens that the import security is tight in airports. So you use 1Password to delay importing this data until you can reach it through an alternative import method which is much harder to regulate - the Internet.

What's going to happen is that they'll spend much more effort on tightening up the "import security" from the Internet. Things like SSL/TLS MITMing and deep packet inspection will be used to enforce compliance.

Don't get me wrong. The ability to be able to do this is incredibly important. If they had marketed this as anything other than a travel mode specifically, and let users work it out themselves, it'd probably be better. But as it is, they've created something which is basically publicly stating that it exists to break import security, and as a result it's going to get a lot of attention from the wrong people. I worry that the existence of this mode this is going to be used by the government as an excuse to have a "Great Firewall of America".

The difference is: with physical access, "they" are in control (during import). Importing over the internet, the user is in control (by using proper encryption).

If they beat encryption, everything is over anyway.

Isn't the counter simple; they ask for your logins to the 1Password vault? I guess this just adds an extra layer of obfuscation.

The most secure way I can think of is to either encrypt your drive (or wipe for travel and online restore once arriving) and physically mail the new password (or hand over to a trusted friend/store location) to the destination. Then there is no way of restoring at the airport.

Of course, then they can just detain you indefinitely for not revealing the password you don't know...

They can ask for logins for the vaults they see on your device. But those vaults are the ones you've marked "travel-safe", so you're accepting the risk of these being breached by invasive governmental searches.

However, non-travel-safe vaults a) won't show up on your devices, so they can't ask for what they don't know the existence of, and more importantly b) there is no evidence on the device of "hidden" vaults, or that you're in travel mode, so they doubly don't know the existence of those vaults.

How is the web interface handled? Essentially, where do you turn this on and off? Wouldn't it become standard ptotocol to just demand web credentials for 1Password? This feature is only for subscription based 1Password accounts, so it would seem to me it would just be easiest to delete the app and re-download after crossing?

Demanding web logins rather than local logins for anything is a step beyond the fuzzy legal authority currently given to the TSA.

If you're a resident, they eventually have to let you in. But if you aren't, they can reject you for any reason. This isn't something you can solve with tech. Those of us who are citizens of the US need to vote for politicians who make privacy a priority, and be more politically active in general. I feel like you could even make the play that it's bad for business, because it's impeding business travel. You could even point to this very post as evidence that many companies consider it a Big Deal - the idea that they have to explicitly hide their company secrets in this way because border agents are out of control.

Not CBP though, which is the relevant institution for international border crossings.

web login is likely the same as app login credentials. I don't use 1password, but that's the generate case with LastPass (at least last time i used its mobile app).

So, if they take the actual password, as opposed to having you log in for them, then they can easily go to 1password's web interface.

I'm not sure if there is a legal barrier to taking that step, but there is no real barrier there if the credentials are the same.

Perhaps if there were also travel credentials, that would be useful. With the travel creds there would be no indication that you were in travel mode and no access to additional data.

There is an additional key/identifier that you don’t have to carry with you that would prevent them from logging in even if you had to give them your vault password.

They already ask for social media account logins.

One option is to lock out the passwords for some amount of time, or to do geolocation.

Both can be defeated (they can detain you at the airport for a whole day, or they can spoof GPS) but neither of these mechanisms holds up to mass surveillance: you can't detain everyone who goes through the airport, or even all people with 1Password, for a day, nor can you spoof GPS at the security checkpoint because it'll probably leak to airplanes. You have to pick individual travellers and put them in a Faraday cage with a Stingray and an internet connection.

I'm not sure what the threat model really is, but it's possible that this will require enough time and resources to disincentivize asking for even more passwords when there's not a very specific suspicion, which might be good enough.

There are competing reports, but the maximum detention time for US citizens crossing the US border is about four hours.

If you are a foreign citizen, you are looking at about twenty four hours, and then refusal of admittance.

This information is the case for keeping a cheap back up device(s).

I thought that, according to the NDAA Obama signed, that the military can detain Americans indefinitely without reason.

"Then there is no way of restoring at the airport."

IIRC, the border agent has the power to turn you back, visa or no visa. So there might be a price to pay for getting too cute. They want what they want and trying to avoid that might make them angrier.

If you are a US citizen they can make you wait in a room for a few hours and maybe add your name to the "make his life miserable every time he flies" list.

,,even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.''

It looks similar to hidden partition in TrueCrypt

Any subscription-based 1Password can be accessed from the web. Couldn't they just demand those credentials?

Only if you know them. I don't know about you, but I don't have my long random account key memorized (only my master password). You can't log into the website without that account key.

Of course, you do need to be able to log in to turn travel mode back on, so if I were to use this I'd probably do something like set up a service to securely send me my account key after I'm expected to have finished crossing the border, or maybe just store it on a remote server that I have access to under the expectation that the TSA can't demand that I SSH into a remote server (especially one they don't even know about). Though if I'm traveling alone (instead of with my wife) I'd probably just call her and ask her to turn travel mode off for me.

That's a great solution if you're a US citizen and want to enjoy showing off to a border guard before being guaranteed entry, but for migrants (who are most affected by this), this kind of 'gotcha' logic would likely be considered insubordinate grandstanding, and get them denied entry.

> this kind of 'gotcha' logic would likely be considered insubordinate grandstanding

I'm not sure what you mean. I don't think it's unreasonable for anyone, migrants included, to tell CBP "I don't feel safe traveling with sensitive data, so I don't have any of that data on my computer". What's the 'gotcha' here? CBP isn't the only reason to want to have Travel Mode, there's also the increased risk of having your laptop stolen or misplaced.

In your original post, I took

> Only if you know them. ... You can't log into the website without that account key.

To mean that you'd openly have access to information in front of the guard, and then let them know that you can't access it at this time because of your elaborate scheme (e.g. tell them that it exists, but that they can't have it).

That's quite different to just not travelling with the data (or evidence of it existing) at all.

> CBP isn't the only reason to want to have Travel Mode

No, but it's the only 'reason' that's likely to use serious, life-altering coercion to make you to disable it, if they detect that it exists. It may be better to have no data that suggests capabilities, than openly posses partially disabled capabilities.

There's no way for a border agent to tell if you're refusing to disable travel mode because you won't or you can't (and little reason for them to care).

Of course it's not unreasonable, but 'reasonable' is not the relevant criterion here.

Yes, it does. And you provide them to the password for the local vault. Since you activated travel mode, they'll be able to see your "travel safe" passwords, but no indication that there are other passwords that were recently removed from the vault, and no indication that you entered travel mode.

> physically mail the new password

Nobody will ever do this.

Just travel with a dedicated traveling phone and have your main phone mailed to your destination.

It's a clever idea, but how long before border authorities simply order travelers to log on to 1Password and turn off travel mode, or be denied entry? I'm guessing not very.


What we really need is plausible deniability - if they don't know you use 1password, they don't know to ask for it.

Is plausible deniability the right term here? Usually that's about the ability to deny having known about or authorised something after it's already been discovered.

I'm not really sure how you'd refer to the concept "they don't know I have it, so they don't know to ask". Security through ignorance?

I guess it's a type of steganography then.

This is a good point in my opinion.

My thought on this whole situation is to simply not take my phone or laptop. I don't live nor work in the US, however, so I don't have the issues being faced by people in this thread.

A solution, and what I first thought this did from the headline is to lock you out of your account for, say 4 hours

sounds like a great way to get detained for 4 hours

Is travelling with confidential data really necessary? Wouldn't it make more sense for me to have a 'empty' notebook and store my data out of harm's way (but accessible via a VPN).

>Is travelling with confidential data really necessary?


The whole travel with a clean laptop isn't feasible beyond a simple "access data remotely via VPN" scenario.

Company laptops are often so full of custom software (bootloaders & up) that it's impossible to replicate/reinstall a working environment over VPN.

They're crazy sensitive: e.g. On ours if you go too long away from the core network it freaks out and locks everything down. And recovering from that...well:

I've literally had IT tell me that my options are 1) Fly to the nearest office and connect to core network 2) They fedex me a fresh laptop that has recently been connected to the core.

I've come to the conclusion that this is the only reasonable technical solution.

Don't travel with sensitive data, and openly explain that you don't do so.

The frustrating part is the UX, and the fuss when you land.

I've found that this works:

- Burner android (burner account explicitly for travel) for music, podcasts, light browsing, etc.

- Cheap ThinkPad for headscratching / hacking (work over SSH, keys on a Yubikey, IP in your head. YubiKey as second factor for password manager as browser extension (uninstall before the border))

Any recommendations for a "burner android" phone?

I'd just go to your local phone repair kiosk and see what they have lying around for cheap.

I'd just go on Amazon and find some cheapo phone like the BLU R1 HD. Just find one that is compatible with your provider.

If you're a company this is easy to manage. Give people laptops with nothing on them. Don't credential them until they phone your help desk from their hotel.

What's to stop them just asking the password for your VPN? I mean if they can already ask for facebook passwords, what's the difference?

Wouldn't an alternative "destroy everything" password be a good idea also ?

Would work like this : When forced to enter / give the password to your vault, you enter/give this one, and everything the vault contains is wiped out before the vault is unlocked.

Once again we drum up technical "solutions" to what ultimately is a policy issue.

A better idea is to change our laws so that our constitutional rights are respected. If that's not possible then the next solution is to change our elected officials.

While it is a policy issue at its core, changing law and policy moves at a glacial pace, and it's not even a certainty that it'll get changed at all (the "nothing to hide" defense gets brought up a lot on these matters, and it's a pretty persuasive argument to those that can't recognize the fallacy). Technical solutions have the benefit of being much quicker to enact, albeit in a flawed way that is, if highly successful, a band-aid on a bullet wound.

> change our elected officials

In America, who you vote in has very little effect on public policy, and by very little I mean a near zero/statically insignificant amount (unless you're part of the top 10% of income earners):


Eeyore / South Park style cyncism actively forments apathy. Self-fulfiling prophesy.

Counterpoint: My friends and associates do amazing things. Marriage equality, marijuana legalization, DREAM Act, etc, etc. I (a yeoman) also do what I can.

Maybe think of politics, society, culture like thermodynamics:

Organization requires continuous effort, to mitigate entropy.

Keep in mind Marriage Equality in America came via the supreme court, not legislation (unlike New Zealand, Canada, et. al.)

I'm not saying people shouldn't be active. Groups like The Anti-Corruption Act (https://www.youtube.com/watch?v=lhe286ky-9A) are doing a lot, not to mention the group that pushed Maine's ranked voting amendment.

But the vote itself is not very useful. There are other forms of activism that are more worthwhile; those that seek to slowly and fundamentally change the system. Focusing on the left right paradigm will ultimately lead people to being angry at two parties that are essentially the same.

> Keep in mind Marriage Equality in America came via the supreme court, not legislation […] But the vote itself is not very useful.

Liberal supreme court judges do not materialize out of thin air, do they?

> A better idea is to change our laws...

Oooookay, sure. We'll get right on that one. In the mean time, I'll take a technical solution.

Have you called your congressional representatives and made it known to them how important these issues are? I find that many people who despair about our political climate can't even name their representative.

Start there and work your way out.

Blow up Sovereign Immunity ffs. If someone gets detained they have no recourse or compensation to mitigate it being used as a threat.

Nothing wrong with using technical "solutions" to prove the point of needing policy changes.

It's a matter of practicality.

genious idea though

That's basically the definition of spoliation of evidence, if things were to ever escalate to civil or criminal proceedings.

This qualifies already.

18 U.S. Code § 1519 defines it as "Whoever knowingly...conceals...with the intent to impede...the proper administration of any matter within the jurisdiction of any department or agency of the United States"

So technically, entering travel mode for the purpose of hiding your stuff from border agents could be interpreted as a violation of that statute, regardless of whether there was an active investigation or legal proceeding.

Of course, it would trigger a massive backlash if a federal prosecutor went after people for this. But it's there...

I think there is a line to be drawn somewhere, and I don't know where — but taking this further, if I erase my laptop before going to the US and then restore it from a backup online, isn't this the same thing as „knowingly concealing with the intent to impede”?

And what if I don't take the laptop at all? Am I „concealing” anything? Theoretically — yes.

There has to be a limit to how far one can take the application of that law.

If you aren't aware of a matter concerning your data you can't intend to impede that matter by choosing not to transport your data on your person.

Entering travel mode is literally deleting the data off your computer. It's not concealing anything. I think a federal prosecutor would have a hell of a time arguing that people aren't allowed to erase data from their computer before traveling.

In the law, intent matters. You're deleting the data with the intent to hide it from border agents. A federal prosecutor absolutely could argue that, if they wished.

You're deleting the data because you don't want to travel with that data. You're not hiding it. You literally just don't want to have access to it while you're traveling. In that sense it's no different than, say, leaving a hard drive with all your data behind (plugged into an internet-enabled computer that you can SSH in to and transfer your files back to yourself after you've crossed the border).

Read rosser's comment above. If push came to shove, your clever wordplay would amount to getting into a rules-lawyering contest with Federal prosecutors, and I promise you that is a contest you would lose.

I don't think it's rules lawyering to say that literally not having the data is different than hiding it. There's nothing illegal about choosing to not bring stuff with you when you travel. And as long as the CBP's authority is limited to searching your devices and not forcing you to log into websites, then simply not carrying the data on your device seems perfectly reasonable.

Furthermore, I don't think there's anything productive at all about making the argument that federal prosecutors will get you no matter what you do. That's just shutting down the discussion entirely.

> Furthermore, I don't think there's anything productive at all about making the argument that federal prosecutors will get you no matter what you do. That's just shutting down the discussion entirely.

Well, it is true that if the government wants to come after you- as in, you specifically- then it is basically true that they will get you no matter what you do. But that's not the point I was making in my previous posts, so let's drop it.

The point I was trying to make was that this 1Password feature will not help you, legally, if CBP realizes you're using it and they want to make a fuss. Maybe if you rolled your own PW manager and decided not to sync the incriminating data, you'd have a case. But this feature is literally advertised as "protect your data from unwarranted searches [clearly implying, searches by the government] when you travel". The technical implementation (your "deleting" vs. "not having" distinction) does not matter: the intent is clear.

> The point I was trying to make was that this 1Password feature will not help you, legally, if CBP realizes you're using it and they want to make a fuss. Maybe if you rolled your own PW manager and decided not to sync the incriminating data, you'd have a case. But this feature is literally advertised as "protect your data from unwarranted searches [clearly implying, searches by the government] when you travel". The technical implementation (your "deleting" vs. "not having" distinction) does not matter: the intent is clear.

We are hinging on the subtle difference between deletion and non action. If I choose not to bring my phone with me to the border, and an agent remarks on the suspiciousness of that fact, if I were to reply, "I didn't bring it because I didn't want to travel with it," did you commit a crime?

Even if you were arrested for that statement, dor a prosecutor to convince a jury that you didn't bring data with you because you didn't want it to be inspected at the border vs you didn't bring it because you didn't want it to get stolen/whatever does not seem likely, but that is just my opinion.

> If I choose not to bring my phone with me to the border, and an agent remarks on the suspiciousness of that fact, if I were to reply, "I didn't bring it because I didn't want to travel with it," did you commit a crime?

Probably not.

> We are hinging on the subtle difference between deletion and non action.

I agree, and my argument is that "activating Travel Mode" is clearly the former, regardless of its technical implementation, because it requires positive action.

I don't see why the distinction matters. Deleting data because you don't want to travel with it should be no different than leaving your phone at home because you don't want to travel with it.

I think I would feel reasonably comfortable telling a border agent that I didn't bring a phone / specific data because I felt uncomfortable about the idea of having it searched at the border. There's certainly nothing wrong with that, and I doubt it would get you denied entry (unless they pulled you out for a non-routine reason anyway). You're certainly not required to bring anything across a border.

This is starting to head down the road into absurdities, though.

If I have a laptop and phone with sensitive work information on them, and simply choose not to take them with me on a trip, would you argue that's a crime? After all, the reason I chose not to take them with me was to "conceal... with the intent to impede" CBP's ability to access all that data.

What if someone just refuses to travel to the US as long as policy allows this type of search? Would they need to be extradited for their act of concealment?

And I could argue that my intent was to protect myself from identity theft, should my device be stolen. It's a reasonable explanation for having deleted the data.

I'd also argue that I could've purchased a completely new device immediately prior to travel and brought that along, with the intention of being able to say that the device had never contained information that I was trying to hide.

I think that part of the point is that they'd have to prove intent. It's easiest to prove if you refuse to unlock the device, harder to prove if you provide a destrutive password, harder still if you remove your passwords and keys before leaving, and essentially impossible if you have a device that never contained sensitive data in any form.

> [proving intent is] essentially impossible if you have a device that never contained sensitive data in any form.

I'd like to see a short story based on this premise: man is arrested and tried for crossing the border with a brand new phone, having left his usual phone at home. The prosecution argues that since he presumably usually keeps sensitive information on his phone, not copying that data to the phone he was carrying proves his intent to hide information from border police.

I think it's a race already, between the story being written and it actually happening to someone.

> he presumably usually keeps sensitive information

Wouldn't they have to argue that he was a person of interest for some time now. That they have records of him traveling two and from countries of interest. That he is on a watch list?

For the average Joe. I don't think this would get very far.

My response would be. "What sensitive information are you looking for?"

I was proposing a short fictional piece based on this premise -- not sure if you meant to respond to that specifically. In any case, it's speculative fiction: we put the story in a not-too-distant dystopian future where the laws and norms have changed just enough to make this plausible. I think it's more fun too if the protagonist actually doesn't have anything to hide, and is not suspected of any criminal activity before, during, or after his attempted border crossing.

Or literally anyone else in the country to which I'm travelling. Perhaps I feel I'm at an increased likelihood to either lose or have my phone stolen? Saving my passwords from a potential thief (who may or may not have tools to break into the device assuming I secured it) is a reasonable precaution.

No, you're deleting it because you don't want to transport it across the border. You're just not bringing it, and border control can't inspect what you don't bring.

I'd be entering travel mode with the intent of removing the ability to access the data from the device. I would be surprised if travel mode deleted my data.

There would be no backlash unless the person was well-known, all they would have to do is show an unflattering picture of the victim and accuse them of 'possessing hacking tools' and 'hiding information from law enforcement.' Both would be true, the latter being actually true and the former applying to anyone using a terminal with black background and green text.

The "matter within the jurisdiction" of border control is to inspect anything being brought across the border. You're not impeding that. You're simply not bringing something across the border. This is different from e.g. hiding drugs in your suitcase (or even data on a device): there you're impeding their ability to inspect those drugs.

No. That's only a good idea if the criminal sentence for destruction of evidence is less than the criminal sentence you'd receive for possessing whatever data it is you just destroyed.

Perhaps not wiped out, but your normal password could unlock your normal store, while a "duress" password would unlock a store of dummy information.

You'd want to make sure it erased the data while making it seem like the data set was empty. You'd even need that special password to remove traces of itself and how it erased the encrypted data, as anything left over could be evidence for destroying evidence.

I think using it would be tampering with evidence in the USA. So probably a bad idea.

Not clear you're destroying evidence -- is it evidence if there's no probable cause for the search? If a crime hasn't been committed?

Hard to apply ordinary statutes & case law here because the 4th amendment doesn't seem to apply to border agents.

Is it evidence at the point where, say, a CBP agent asks you to show him your data? I mean, they're not a judge, and it's not a trial, or even an investigation into some crime.

Do you want to go to prison?

One thing that I have always thought about is why Emails doesn't have disposable passwords. For example, you make 1 new password that you can use just one time.

That way if you need to use unsafe PC from a hostel, you can log in with that password.

Or why we have passwords at all. Sites like Medium have moved to a passwordless model, where you're sent a login link to access your account rather than forcing you to remember or retrieve a password.


Where would you send a link to log into your email?

I was thinking it would be super cool if you could use something like https://krypt.co/ and use public key private key.

Sure, you would need that ssh daemon running on the computer, but I bet it could it could be retrofitted to use qr codes or something.

... so a link sent over a protocol that is considered "insecure" by any sane security expert allows account access? Not to mention you still have to "secure" a password to your e-mail account.

I'm sorry, what in the world is Medium thinking? This is a step backwards from a user/password model.

They cover this in the article: "reset my password" emails are already the norm, so it's not any riskier than your existing online banking or social media accounts.

Resetting via link alone is yet another bad thing, because as you pointed out it leads to the exact situation you just described. Password resetting should involve some type of challenge/response, and accounts should be secured with 2FA on top of all that.

Medium still isn't winning any security points here.

> Medium still isn't winning any security points here.

Sure they are. Removing a credential—in this case, passwords—is strictly more secure. It's the same rationale as to why 2FA with just a TOTP app is more secure than TOTP app + SMS backup. And the emailed links are analogous to password reset links so there's no erosion of security there, provided they're properly secured (one time use, time bounded, etc.).

Also, realistically, if they used passwords, many of their users would probably re-use the same email,password pair at other sites. If any of those other sites use bad password hashing hygiene AND get hacked, then the users' account security is busted.

Someone posted something like this 1-2 years ago here. They used a Yubikey (?) with TOTP to give one-time read-only (?) access to their email while traveling. They posted the project on github, I believe it was a Show HN but I cannot seem to work out the search-fu to find it.

EDIT: Ok, TOTP was wrong in my recollection. They use pregenerated one-time passwords:


Yeah, it is a little different if it is pre-generated. And if you face a situation where you need access your email from an unsafe computer, it is probably because you can´t use your smartphone.

So, two steps authentication is not a great option. And from my experience traveling, this kind of situation happens a lot.

Edit: Apparently LastPass has this option: https://helpdesk.lastpass.com/your-lastpass-icon/loggin-in/o...

You're basically describing two factor authentication, when you have not authorized the particular computing device in question to skip it.

Backup codes are exactly that, though they're more in case you don't have access to your 2FA device.


TL;DR: Just avoid traveling to the USA.

P.S. I love the USA, don't get me wrong. I hope some day the madness on the borders gets less paranoid.

And the UK. And New Zealand. And I believe Canada. And...

And definately Australia and China.

Which makes Ireland the only English-speaking country where you don't expect stuff like this to happen?

I don't understand why the language would matter? In Sweden we don't have this control and we speak better english than many americans.

No, you don't.

I use Linux. I'm convinced that if I put a small Windows partition up (or another Linux install) and make grub boot into it automatically (with little delay) no one would ever notice. Does any one know if they check for multiple partitions at all?

And Android can have multiple users, can you set up a new user and boot into that one automatically?

well, with some experience, border guards will learn to spot a non-ntfs partition, that windows dutyfully reports as unformated/blablah space, so that will eventually be caught, dont rely on this to actually protect you, its more of a sleigh of hand that may be easily spotted by the right guard.

Time to write one's own filesystem driver, that either hides this info or shows the disk as fully partitioned but empty NTFS partition, and when something tries to write onto it, throws a failure (so you can have e.g. 10 MB at the very front of the partition free, and the rest looks empty, but actually contains your Linux system)

Another hack would be one's own BIOS, that lies to Windows saying "This disk is 100 GB", but given the correct unlock signal, will admit to the OS "this disk is 500 GB big".

What about dumping the partition table before simply removing the partition that matters? Just restore the partition table later. You could even grow the remaining partition without growing the actual filesystem, and hack something so that the FS layer reports the whole size. Or have both GPT and MBR that differ, offering two different views of the disk. If you're using lvm or btrfs you could also make a snapshot before removing all data then revert to the snapshot, and/or apply clever subvolume tricks like btrfs-convert does to keep the ext filesystem around [0].

[0]: https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3

Doesn't really work if your operating system doesn't support the partition format (such as ext3/ext4). From my experience, the only way this works is with TrueCrypt/VeraCrypt-encrypted non-system partitions.

Mandatory "No Linux client" comment :|

Does anyone have any insight if this is a pure business decision or there's something holding them back technically?

They can't even ship version of their Windows client with the ability to create/edit/delete local vaults.

I think they are focusing on money before all else. They do still make a good product, but the direction they are moving towards eliminates their support for many threat levels that they had previously.

Now you have to have a cloud account and you have to store your stuff there because their supposed "cross-platform" client cannot work on their own vault format on Windows.

They might respond saying the version 4 of the windows client supports working with these vaults, but version 4 does not support OTPs so if you want to use the modern features without relying on their cloud storage...they don't care.

If you go to their forums and read the response from the community about windows not supporting creating or editing of local vaults you will see they are by and large dismissive. So I think it's really about money and resources.

Excellent effort. I do wonder though, what is to prevent authorities from forcing you to just turn off travel mode? Is there a timer that you set? Deadman's switch? Geolocating? (The last 2 are not good solutions, but you get the idea)

Edit: I missed this bit below:

> even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.

However, it won't take very long for authorities to wise up, know that 1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I missing something?

My instinct is that if you have anything stored on your device, you're at risk crossing borders. So in my case, I would likely remove both the Dropbox app and KeePass, and then reinstall them on arrival. I suppose that would leave detectable traces, which could argue for using a burner phone, and then installing those two on arrival on it.

Although it's a great option, what's to stop them for asking for your 1Password account credentials?

I believe they already ask for your social media accounts, don't they? That is ridiculous in itself. Why not ask for my bank logins while you're at it?

> Why not ask for my bank logins while you're at it?

One step at a time.

It is very sad that it had to come that far

Could we have something like time-delay passwords? Like the time-delayed vaults they (allegedly) have in banks?

Then you could say: "Even if I agreed to give you my password, you wouldn't be able to unlock my device with it for another 24 hours".

That’s just begging them to detain you for a day.

Time delays only work for the entity in power. The bank has your money, you’ll just have to wait to get it. But the border people have power, not you; they can make you wait if they want.

I understand that even in the USA, to detain someone for 24 hours you need something like a warrant or some kind of special permission from the judiciary. I mean, if it's got to the point where the border force (?) can just detain you on a whim, I have a much better way to keep my data safe: by not flying to the USA.

Sure. If you want to sit in a holding cell for 24 hours.

Or: just delete the app before you get to customs and redownload after you pass customs. Simple, elegant, and fool proof.

If CBP knows you're a 1P user (which they hypothetically could since the NSA has read 1P's emails to you, a foreign user of that service), but you don't have the app installed when you attempt to enter, what makes you think they'll respond differently than they currently do to people whom they know have Facebook accounts, but delete the app from their device before attempting to enter the country, rather than allow the immigrations agent access to their feed?

You're absolutely correct that there's nothing stopping your proposed scenario from happening. That being said, it's extremely unlikely they'll do that because in order to do so, they would have to:

1) Intercept your emails 2) Store the fact that you're a 1P user 3) Match up your email address to you, as a person at the border 4) Stop you at the border for questioning 5) Force you to unlock your phone 6) Recognize that your phone does not have the 1P app installed 7) Force you to install the app + unlock it

For certain people, they may do that. But for the vast majority of people, they will not.

1P does not enjoy the popularity that Facebook is at. In the western world, one can reasonably expect any random given person to have a Facebook profile. The same cannot be said for 1P.

"I forgot my password"

That will get you a cell in the UK, true or not.

In the US, it will probably get you denied entry, possibly permanently, for "lying to a customs officer" (if a non-citizen), or the device possibly being confiscated if you're a citizen, (and a note in a file somewhere that says you've probably lied to a federal agent — particularly if they happen to catch any security camera footage of you stupidly using your device shortly after exiting the international arrivals area).

They can only legally view the data you bring into the country on physical media in your possession as you pass through customs.

Though it's not difficult to remove the app/vault and then reinstate it after customs...

I have some ideas I think will improve our security in this direction. Apple seeks to make it technically impossible to extract iPhone data and I've been wondering how we can do the same with using someone's credentials to enter the systems we build.

One idea is to allow users to define how many concurrent sessions they can have so they can manage those slots and require something sign out before their credentials can sign in again.

The other is to allow users to configure a schedule when their credentials work so you can block most of the world and probably most of most days too.

In a true democracy this would be a pointless feature.

How the law was created has nothing to do with it. I suspect that most of us would be surprised with how many US citizens support this idea.

The world is bigger than one country. It's not for traveling to democracies, it's for traveling to totalitarian regimes. Sadly, that's where the US seems to be heading now. But it will also be useful for travel to China or North Korea.

Why? What prevents a "true democracy" from enacting strict border controls?

A democracy is not just a system of governance. The fact that a law was voted by congress means it is a republic, or a parliamentary monarchy.

To be considered a democracy a country needs to provide its citizens more than the ability to elect a legislative body. There needs to be some basic freedoms and guarantees as well, like strong protections against unlawful detentions (habeas corpus) and unlawful seizures.

Border control agents are provided exceptions to the normal rules. They can check your luggage for weapons or illicit goods without any probably cause. The logic behind these exceptions is that it has a deterrence effect on criminals that would like to bring in illegal goods.

But going through your digital information makes no sense in that regard. If you were "up to no good" you would be able to send that information digitally without stepping foot in the country. Going through someone's private information is not about ensuring the safety of the country. It is an invasion of privacy and an intimidation tactic. The deterrence effect is not against criminals. The government uses this power to intimate people they do not like. For instance Loira Poitras and Glenn Greenwald are routinely subjected to this, for political reasons. Many muslims are subjected to this, simply because they are muslims.

These are the tactics of non democratic regimes. It is sad to see them becoming more and more widespread in the US.

If you travel for work, wouldn't it be better to just let your employer hold the password? When border security asks for data you truly cannot provide it.

I think the only way to get around this shit is to have another person hold at least part of the key. Border security can't force you to lie to your employer on the phone, so they're not getting access.

Crazy question: is it more effective to have your laptop couriered to you after you've arrived and cleared customs?

I like the idea of shipping your devices, but what if you need your device during the trip up to customs? One thought comes to mind is ship a one-time passcode to your final destination and only that can unlock it at customs? It may appear you are actively hiding something from them and you end up in a lot of trouble. Or during the questioning, you don't hide anything and provide the address the one-time passcode is stored, which will use up valuable resources to go retrieve it. Maybe that would be too much trouble for them and let you go or you just added 8 more hours and expenses you have to pay to retrieve it.

Less chance of loss, theft, and breakage (depending on courier). So, probably.

Your laptop has to clear customs too, and it won't be in your possession with this plan.

If the laptop is not in your possession when it has to clear customs wouldn't this mean they cannot ask you for the password and such, then this would limit what they could do? Though they could still seize it, but at least without the knowledge of passwords and social media.

I'm kind of wondering how this all works in general when getting to the US.

Considering my usual work contracts, complying with letting border control look into my fully encrypted work laptop would actually be a breach of my work contract.

How do you guys handle this?

Refuse to go to the US unless provided with a safe / separate laptop that contains nothing that would cause a breach.

I'd make it your employer's responsibility. If you have to go to the US on business, it's your employer's responsibility to help. Or to not send you to the US.

I don't understand. Is this really a thing? I'm from the UK and never heard such a thing. Is this common in US? What are they looking for? Do they just pick someone randomly, login to the laptop and check emails and stuff?

As I understand it, they generally don't just aimlessly scroll through your email/facebook in front of you, then give your device back (although they can, if they feel like it) - they get you to surrender your credentials, then save these in their database; the contents of the accounts will then be downloaded automatically.

Same for devices - they have you unlock the device, then take it away, plug it into a PC/whatever, which sucks down a complete image of the device. Then they give it back, if they feel like it.

Obviously, if they do this with your email & facebook, they're also sucking in all your connections - your social graph: everyone you've ever emailed or has emailed you, everyone you're connected to on facebook.

Thanks for the details? Is it a common procedure? Are they doing that to everyone coming to US?

I think the answers to those are probably: No one really knows, and No, not yet - although they do now (optionally) ask for your facebook/twitter usernames when applying for an ETSA.

I thought the trick was to back up the phone on one side of the border, factory reset / wipe, restore the phone on the other side of the border.

Obviously that doesn't work for laptops - but for a phone it is in the realm of possible.

Would it be equivalent if my (for example with LastPass) vault required a 2FA token to access, and I simply left the 2FA token at my house? I would in that case similarly be incapable of complying.

I don't get how this would prevent border agents from asking to unlock / turn off travel mode.

Why not make this feature tied to a geo-location? Like the hotel or the conference centre I will be attending.

AFAIK you can only deactivate the travel mode on the web profile. Of course it would be much more effective when you use it in the team mode. So that someone else has to deactivate the mode for you.

One other way: change your password to a temporary one, give it to a trusted friend who changes it. You don't know the password, you can tell the truth to the border agent.

Once you're out of their hands, ask for it back and change it again.

Even if the friend is in the US, they cannot compell her/him to release it easily, US laws apply.

There must be a way to also encrypt the new temporary password with 2 keys so that the trusted friend cannot access your encryped content without your own key.

I don't see how any of these solutions help. At the US border agents routinely ask you to log into your email account and search your emails. If you refuse to comply it is much more likely they will not let you into the country.

So they don't just search your laptop they try and search online accounts also.

Its great that they have at least thought about this and developed something, but this just sidesteps the issue.

Only dissidents in despotic regimes need to resort to these kind of workarounds for lack of other options. Why should citizens of a democratic country have to workaround anything?

The solution to privacy, surveillance and overreach issues in democratic countries has to be political, and not technical.

I am a U.S. citizen and I flew last year from America > Qatar > India and from India > Qatar > America on a business trip. I was carrying two laptops. Neither laptop was searched, but they were put in separate trays under the x-rays to make sure they didn't contain physical explosives or hinder the x-raying of the food and clothes in my backpack.

Tangentially relevant, I made a pam authentication module for Linux a while ago, that addresses this issue. It allows for the creation of duress passwords. Here is the repository: https://github.com/rafket/pam_duress

That is neat! I would think using it at a border crossing would constitute hiding something...right?

The right solution to this problem is, when traveling, always answer "no" to "may I search your laptop?"

It sucks, and it many mean a lot of hassle ranging from confiscated equipment to being held at the border to being refused entry, but this is just one of the new risks of travel. Border security only gets away with this because people say yes.

Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation. You should be able to say, honestly and credibly, "I won't unlock my laptop because I don't want to get fired."

> always answer "no" to "may I search your laptop?"

in my case, that would mean deportation due to not being american. i either get deported and lose all the traveling plans or i get searched.

Correct. We'd have to comply.

US citizens, however, can choose to deny them and go through any hassle that CBP may want to put them through, but they cannot deny them entry.

I think in this case the correct technical term is "denied entry". You haven't passed immigration to the country.

Deportation is the expulsion of someone who's actually in the country, past the border, and resident or visiting.

Potato/potahto, really. Good luck getting a visa next time if you've ever been "denied entry".

Really, for non-Americans the best advice is just don't go in the first place. Second best advice is just comply with border security personnel.

Any tricks like leaving the battery empty, bringing a burner, not bringing a laptop and getting a loaner when you get there etc, they do nothing but raise suspicions.

Not bringing a laptop is probably not as suspicious as you'd expect, particularly given recent discussions of banning carry on laptops on flights from a large chunk of the world.

> Any tricks like leaving the battery empty, bringing a burner, not bringing a laptop and getting a loaner when you get there etc, they do nothing but raise suspicions.

as i said on another comment, even not having social media is suspicious. which is insane, because it means you cannot have privacy if you want to go to another country.

And I happen to not have social media, for real. Whoops. I need to go through U.S. Customs at least once a year. :(

i usually plan to travel to the us once a year for tourism. that's basically ending this year because of the way cbp treats foreigners.

i know at least another 5 people that are not going to the us because of that.

  > Good luck getting a visa next time if you've ever been
  > "denied entry".
I would not want neither visa nor "next time" after this. If they want their walls, let them have them.

> they do nothing but raise suspicions

Oh god, no. Technical measures - of course - do work. So does erasing data from phones, laptops, hard drives, etc.

Do not let the security theater scare you into obedience.

Again, this is not valid advice for non-citizens. If you're a citizen, sure, feel free to go through with an empty or password-protected device. Maybe you'll be detained for a while, inconvenienced, given a stern talking to, etc.

If you're not a citizen? You can be denied for literally anything the agent feels like. They feel you're suspicious because you claim (falsely or not) you don't have a facebook account? You're not coming in. Visa denied.

yup. cbp officers can deny your entry if they think blond hair is ugly.

> Visa denied.

you know what's shitty? i have a b1/b2 visa. cost me 100 usd and two working days. i also visited the us ~6 times, never overstayed by an hour. but even then, i'm suspicious because i'm brazilian (that's a theory, of course. i have no proof other than brazilian friends also having problems with cbp).

What you are describing is not the result of yourself protecting your privacy but the result of being found to be suspicious.

Not appearing suspicious is an important part of protecting your privacy. While it's true that acting stupid or careless can bring you in trouble this is not sufficient to deny the utility of privacy enhancing behavior.

Hey, look, a citizen (or non-USian) commenting on immigration matters. Without any clue what this means for non-citizens who live in the US. If you're e.g. an H1B visa holder your friendly ICE officer might decide "no" is reason enough to eject you out of the country.

Just one of the new risks of travel. (Well, not new that they can send you back, but a new reason for the little tinpot dictators who revel in their power)

>always answer "no" to "may I search your laptop?"

Good luck with that when faced with a border nazi & zero rights.

I just leave my personal laptop behind when travelling to countries with dubious personal freedom policies...like the US.

Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation

So which is a better option? Losing a job (or) refused entry/detention/harassment after 24+ hours on the plane/getting treated like a criminal....? (not that criminals need to be treated badly)

The right solution to this problem is saner laws and educating the public about privacy and related topics

And the possibility of not being able to go to the US ever again, meaning something that will get in the way when searching other employment.

It's one thing to decide not to go to the US, it is quite another to be force to it in order to defend my employer shareholders interest on a trip mandated by them. If you send me to the US, you implicitly agree the company is fine with US borders to do whatever they want with the company data.

It is 2016, I can rebuild a whole laptop from scratch with my whole data anywhere in the world. There are affordable ways to work around the problem: provisioning a VDI and even buying a laptop on site is a fraction of the cost of flight and accommodation.

The right solution to this problem is saner laws

Considering the history of the civil rights movement in the US, we're not going to get saner laws without a little civil disobedience. It sucks to bear the brunt of this harassment, but saying "yes" only enables the system to harass everyone more efficiently.

I opted out for years and made fun of TSA agents during the pat down. It turns out you're not allowed to requests pat downs from specific agents. Who knew? ;)

But now I don't even opt out.

Instead I tell them that I can't raise my arms above my head. They direct me around the scanner (sometimes the metal detector too), swab my hands, and call it done. I often skip 10-15 people in the process. If they ask why, I tell them I have a medical condition and they're not allowed to ask further so I don't explain.

Hopefully the bad guys never figure it out!

Does that count as lying to federal government agents? (Title 18, United States Code, Section 1001)

Not if its true. We don't know if it is or not, unless you know this person in real life.

Who said I'm lying? I'm not going to disclose private medical issues to rent-a-cops.

Or on Hacker News, for that matter...

wow this is a great idea especially considering i have real shoulder issues. thanks for the tip!

After you leave make sure you don't accidentally do a "yes!" arm in the air gesture!

One time I might have said "I can't raise my arms like this" :D

Will try this. How many times has it worked / not worked?

If NASA engineers aren't allowed to refuse to unlock their work devices containing confidential NASA information, what hop is there for us?

There's always hop

Double IPA level of hop

The solution to this problem is to not visit US.

Then Europe is going to do the same, and the solution will be to not visit Europe, and so. Eventually we won't be able to leave our country without giving up our privacy.

The real solution is that people from the country protest when such an abusive policy is introduced.

Only the UK is doing the same, in France civil rights still do exist. No worries. Even if they are at war right now, and abolished civil rights for a few years.

This is the solution my company chose for a milestone trip we will undertake in half a year.

The plan was to go to NYC, now the plan is either Paris or Tokyo instead for the 70+ employees.

It's always Americans who can, at worst, get their laptops and phones seized that have this stupid ill-informed opinion.

If you enter the United States as a non-citizen and don't submit you will be denied entry for 5 years or life, still have your devices seized, and any visas or permanent residency can be cancelled. Possibly be jailed.

> Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation. You should be able to say, honestly and credibly, "I won't unlock my laptop because I don't want to get fired."

The USG has shown that it is perfectly happy to kneecap entire domestic industries (aerospace, semiconductor) for the sake of "national security" via ITAR. You really think they give a shit about one person's job?

> Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation.

Companies cannot tell their employees to not comply with lawful request of a federal officer, and some companies specifically underline that in a company policy.

Many US workers are not citizens. Your solution would mean losing both their job and home if they were stopped on their way back into the US.

A better solution is to not allow people to travel with anything that would be catastrophic if lost. My former employer would give employees loaner devices for travel to certain countries.

I think part of the point is that employers also can't lose all employees, so they are encouraged to fight back with their economic blight, in part by lobbying.

I can tell you most of the corporate policy says comply with all law enforcement requests when asked while traveling and report it to corporate security/legal.

Have you done this in practice? Have you been asked and answered "no"?

If not, it is probably way to easy to make such a statement.

Most large companies I worked for ask me to unlock my corporate laptop shall CPB agents ask me to do so (and tell the corporate security afterwards for obvious reasons). I don't think an American company will fire you for complying with the law enforcement.

Do you honestly think customs agents care whether you'll get fired or not? US immigrations will permanently sever families that have been together for years or even decades with utter disregard for the emotional trauma they're inflicting.

Your job matters exactly fuck-all to a CPB agent.

That border agent is a real person, who is "only doing their job". So are you. It works both ways. If enough people say no, then after a hellish but hopefully short adjustment period, the policy will change.

That job they're "just doing" is, as it's drilled into their minds, to act as a barrier against anything that even might be a threat in some form or fashion to their country. They have pretty broad authority toward that end.

You (the notional you) aren't even from here. If you say no, you've identified yourself as a potential threat, and can just sit in a room by yourself for as long as it takes to put you on the next flight back to wherever you came from, at your expense. And you probably won't be allowed to return.

If you're a citizen and say no, they might confiscate the device, and might make you wait around long enough to miss your connecting flight (and maybe even the next couple, if they're feeling particularly peevish), but that's about all they can do.

That job they're "just doing" is, as it's drilled into their minds, to act as a barrier against anything that even might be a threat in some form or fashion to their country.

They may get that drilled into their skulls, but I think it's more that they just don't want their boss to yell at them.

No police officer arrests a DUI and says "but I'm just doing my job." It's only when the other person (the traveler in this case) has an entirely legitimate reason to resist them that "I'm just doing my job" comes out, with an implied threat that the authority they're appealing to (that they themselves don't have) will come down on everyone involved, and they don't want that.

Also, they don't have any personal liability for anything that goes wrong in this process, except perhaps that the company they work for will lose the contract (unlikely here). Again, "boss will yell at me."

These people are better thought of as clerks than cops. And yes, they can inconvenience you, but that's not the same thing as compliance.

> the policy will change.

The policy might change to include cells at the borders where people are detained until they hand over login details or voluntarily decide not to enter.

Should the slope become that slippery we'll have a much better reason to stand outside a legislator's office with pointy sticks than "I was mildly inconvenienced by the TSA."

If what is already happening across the country is not a good enough reason already, I doubt anything will be.

Yep. Quite simply, the 0.1% of the US population here on HN does not care about privacy nor protesting nor writing to their local or state government.

HN needs to stop living in a bubble. Only 1/3 of the US even bothered voting in the Trump v Clinton presidential election. I'll let you think about that for a moment. Now think about border searches. Has your phone been searched? Neither has mine. I'll go back to my company catered lunch now.

59% of eligible voters voted (http://www.electproject.org/2016g). Not great, but much more than 1/3.

In our busy and overwhelming lives it is easy to procrastinate about civic responsibilities while still caring about living in a just and fair world.

My phone has not been searched, either, but the issue here is to stand up for your rights. If you have never been wronged by a person or organization in position of authority in US government then consider yourself lucky. I and most people I know living in the US have.

Where did you get the 1/3 from? It's been 55% of eligble voters. Counting non-eligibles wouldn't really make sense in your argument

Source: https://www.google.de/amp/s/amp.cnn.com/cnn/2016/11/11/polit...

Actually you should count all Adults not just "eligible" for a few reasons

1. No one once reaching the age of majority should have their voting rights taken, for any reason including criminality

2. The figures also do not include people of age who are ineligible to vote or have not registered. The "Have not registered" is a key part because many stated in the last 2 election cycles have been passing a number of laws to disenfranchises segments of the populations making it harder and harder to register

3. The concept of our nation is "Consent of the people", that is all people, not just those voting. the majority of PEOPLE reject the 2 candidates put forth buy the corrupted and unethical political parties then the government can not claim to have the consent of THE PEOPLE...

Many many many Americans feel complete disenfranchised by the political systems that gives them 2 Choices that are equally terrible and corrupt. Forcing a defensive vote that is mainly against the person you do not want to win instead of voting for a qualified person you actually want to be in office.

As a life long Libertarian, I have no interest in voting for either a Republican or Democrat

None of these reasons you list make sense in this context.

If the 55% is from people registered to vote, it makes perfect sense.

Seriously? You need to register to have the privelige of voting in your country? That is beyond fucked up.

Obviously, if you don't plan on voting, you won't bother to register.

If you really care about the issue, why abstain just because someone else doesn't want to count your vote?

Border guards were doing this stuff long before Trump was elected, and it was never a significant campaign issue one way or the other. Stop trying to make everything about Trump.

Yup. The correct solution is to stop traveling to the US. Stop sending your employees to the US as well. If the rest of the world starts insisting that US companies always come to them because of how US border agents act, that shit will bubble up to the lobbyists real fast.


Why would anyone want to go through that on their vacation? Unless you enjoy that sort of thing, go somewhere pleasant instead. (And if you enjoy that sort of thing, there are far easier ways...)

I say this as a US citizen who will be sad if it comes to pass, but this bullshit won't stop unless the rest of the world refuses to put up with it. Your average US citizen doesn't travel internationally (only about 10% of the population has a passport), so they don't notice unless it hits their wallets.

Please force us to stop.

> Why would anyone want to go through that on their vacation?

honestly? the us is a beautiful country, with amazing people. i love visiting and love going to weird towns to meet different people. (also, my sister is married to an american citizen, and i want to meet her every once in a while).

but at the same time, it's really fucking awful to be treated as a criminal every time you try to go to the country.

I'm in Australia. I like a lot of things about the US and lots of the people in/from the US as well. I went there about 15 years ago and had an awesome holiday.

I would never go there now that a dangerous buffoon like Trump is in office, also for a long time now it's been known that outsiders will be treated like a criminal at the border for no reason. And I mean literally no reason because I could easily not have all my masses of terrorist information on the laptop and just download it from the terrorist servers when I get there. So there is literally zero reason to be searching my digital property, and I'm not about to take the gamble that I could be prevented entry or delayed enough to possibly cause thousands of dollars personal cost for no good reason. The security theatre is ridiculous.

Outsiders are obviously not welcome so I'm not coming.

There are plenty of sane countries around the world to go to, why would I go to the US?

I hope the American people can find the motivation to vote and pressure their representatives to actually do something about their own freedoms. Not only border patrol but your militarised and outrageously unaccountable police force.

Sorry but that's just, like, my opinion, man.

Put up with what? I go through Houston Customs almost every month and they rarely search anyone. It's like a river of people walking right out the airport doors after a cursory glance at the customs declaration. I have never once seen a person with an open laptop in the search areas. That doesn't mean it doesn't happen but good grief, what's the actual percentage? I am willing to bet a minuscule percentage gets their devices searched.

I don't believe the data on that is available; at least, I haven't been able to find it[1]. I'd love to be wrong, if someone else has information.

I'm glad your frequent travels are eased through customs to the point where you don't see what happens. But allow me to suggest that a frequent traveler through one port once a month is an insufficient data set from which to draw conclusions?

If nothing else, you have available the fact that a software vendor sees sufficient demand to invest in this feature, to go along with your google skills to find counterexamples to your experience. I don't know if that's sufficient to get you past your blithe dismissal of others' concerns and lived experience and on to a skeptical but open view or not.

[1] Which would be typical; one of the easiest tactics to steer public discussion is to pick and choose what data to collect and release. The US has a long history of this tactic, especially with issues that touch on law enforcement. The lack of decent data on killings committed by police is well-known; categorical refusal to allow studies on various drugs is too. But this is a frequent problem; hammering on killer cops with video is provoking grudging, slow change on the first and incremental legalization of pot is changing the second. But there are lots of issues over which this happens.

The US will not provide foreigners with a visa unless they submit to be fingerprinted like a criminal:


I'm not a criminal, and I will not be fingerprinted.

It's amazing how disparate the experience is in Europe. The first time I flew to CDG a year ago I honestly thought I somehow skipped customs accidentally. Heathrow, on the other hand, feels like a dystopian experience straight out of Minority Report. 20 questions and having your photo taken at every turn for simply connecting through the UK.

I think the authoritarianism is a Anglo Saxon phenomenon. At least in more recent history.

As a foreigner married to a citizen, I'm not too satisfied with this suggestion.

It's just that easy.

No, it's not. That's similar to saying just stay away from bullies, or leave if you don't like your job/school/whatever. It is easy if you view the issue in isolation, but for a lot of people it is more complicated, such as how will you see your loved ones / do your job / travel freely? In this case, the ones most dependent on being able to travel have little choice if they can't take on almost unlimited (potentially, but still) risk to their livelyhood.

Come and see us in Europe, it's nice here !

No thanks!

If hurts people with money, something will change.

If you, as an innocent person, don't refuse to have your belongings inspected, you participate in making belonging-inspection-refusal into a great heuristic for determining guilt.

This is a form of "citizen duty".

It completely depends if you are white or not. If you are white, and speak politely, the agent will care deeply about your concerns, including potential firing as an example. If you are not white, and especially if you appear black, Latino or Arab, then your comment will definitely hold true.

Recently delayed by the TSA to the point of missing my turn to board. Was subjected to additional searching. Upon finding nothing, I discovered the extra searching was what they do when you fail the hand swab test. I had not had the test administered. So they administered the test. I passed. They then searched my things again and I was questioned regarding the quantity of business cards I was carrying.

Oh also I'm white.

TSA is not the same agency as CBP. They don't receive the same training, encounter travelers in the same situations, enforce the same laws, or execute the same authority.

I've had similar experiences with CBP too. It's still a pretty silly unqualified comment. They tend to be on power trips any chance they get, brown or black or white.

I didn't mean to comment on the use of racial profiling; I've just noticed that there's a lot of confusion about the difference between TSA and CBP.

Pretty sure parent was just saying that it's way more likely to happen to you if you're not white, not that 100% of white people will pass through unaccosted.

Well given that parent used phrases like "entirely depends" and "definitely", I didn't get that at all. And given my own experience of being consistently delayed in most locations and being white, I think there are clearly more factors. And if true, those factors affect more people and amplify the effect of racially motivated factors.

[citation needed]


By calling the border police racist?

skyrw 10 months ago [flagged]

You are absolutely the worst kind of person.

We've banned this account. No one is allowed to post like this here.



All: upvoting such blatant violations of the site guidelines also causes accounts to lose voting privileges on HN.

> You are absolutely the worst kind of person.

What? I'm not sure I believe the grandparent's post, and it would be nice if it were sourced or clarified as opinion rather than stated as fact (as briandear (https://news.ycombinator.com/item?id=14406689) and Banthum (https://news.ycombinator.com/item?id=14407293) urged), but your reaction seems grossly hostile and unconstructive.

Wow, quite an accusation!

Is there any actual data source on this, or is it just a narrative you prefer?

I've witnessed US border agents mocking someone for hours in the waiting area before summarily sending him back to where he came in from.

I assume you're referring to illegal immigration, in which case there is at least a legal (if possibly not moral) basis for screwing people over.

The story with stealing citizens' personal information is entirely different; there is almost certainly no legitimate legal basis to fuck over US citizens for excercizing the basic rights explicitly protected by the 4th and 5th amendments, just because they happen to be at a border area.


The Supreme Court has actually weighed in on this and granted it a legitimate legal basis.

But what about non-Americans? As a Canadian, I can have a very valid reason to go to the States, and even refusing a search once could cause me issues any time I try to go to the US.

Does customs anywhere else the world care more? Explain your refusal to allow a search to a Chinese, Korean or UK customs official.

Just saying "no" will work in very few countries.

I think this is bad advice. Protect your sensitive data with plausible deniability, that's what the pros do. The travel feature is just that, as well as truecrypt decoy partitions. Showing you have nothing to hide is a lot more pragmatic and versatile than the cryptonerd fantasy alternative https://xkcd.com/538/ .

Ill tell the TSA no if you buy me a new laptop/phone when it happens.

good luck with that.

He can tell them whatever he wants. Doesn't mean they will care.

When the features start rolling out, the market entrenches the status quo. Props to 1Password though; this is a symptom and they are not the cause.

I guess the reasonable next step, when all the outrage has fizzled, is pre-screening. Pay for the government to have all of your passwords all the time, and save yourself the hassle.

>I guess the reasonable next step, when all the outrage has fizzled, is pre-screening. Pay for the government to have all of your passwords all the time, and save yourself the hassle.

Lol, on what planet is that the "reasonable next step"?? Do they want to see my dick pics and login to my bank accounts as well? My poetry or whatever rambling I may write? Am I not entitled to any privacy at all?

The actual reasonable next step is not to go to, or deal with, the US at all.

I assume that was meant as "it's reasonable to expect this as the next step".

Ah, ok. I get it now. I read it incorrectly.

I've had this idea for so many years now: your gmail account has - let's call it - a master password and a throwaway password. Say you need to print something from a public PC, you just use that password that works only once, even if somebody key-logs it, you're safe.

2FA is basically an ever changing 2nd password used 1 time. I use it everywhere it is supported. More info: https://www.google.com/landing/2step/

Additionally Google will give you a set of (longer) `recovery codes' that can be used as one-time second factor passcodes.

Bin Laden has obviously succeeded removing freedom that american citizens were enjoying not so long ago.

A travel mode like this for Dropbox would be even more useful. Being able to mark certain directories as confidential so they can easily be removed and re-synced would be much better than deleting and re-installing the entire app.

because... seriously:

> the border agent asks "are you hiding any information from us?"

Answer yes, always, because: I have client data I'm most certainly hiding from you on my computer because they'd in general be worried if it i didn't, also I have passcodes to friends mail servers I manager for them I'm hiding from you, also I'm hiding from you all the emails I've sent to my parents, I'm also hiding from you all the pics of my gonads I sent to my lover. So yes, I'm hiding information from you. What country is this anyway? <asks the person arriving to the US from Germany>

Shame it has to come to this

I'm surprised this is even a thing. Do folks get asked for passwords at airports? What is the reason for this feature?

Hope this comment didn't come across as negative. I'm a big 1password fan.

The video/onboard tried too cute to make the Travel mode = off a confusing ambiguity by making just gray. If you don't want to waste people's time make things explicit.

It would be interesting if service providers like Google, Microsoft, Apple, and Facebook started taking governments to court for unauthorised access to their systems.

It's OK. The NSA already has access to their data. No biggie.

That is the other half isn't it. How can one trust that non-security experts can safely store your passwords in clear text on a networked system when no one else can do it safely

Do you really trust cloud password storage services?

This might be troublesome in airports like Tel Aviv (personal experience). I'd rather encrypt and send my data through regular mail.

I wish Android and iOS also had a more incognito/hidden "travel mode" than the current account profiles.

I know many who buy an old laptop and ONLY use the Epic Privacy Browser or the TOR browser on it when traveling.


Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact