Hacker News new | comments | show | ask | jobs | submit login
New DHS policy on demands for passwords to travelers’ electronic devices (papersplease.org)
365 points by tehwebguy 9 months ago | hide | past | web | favorite | 278 comments

"In other words, CBP is now claiming the authority to confiscate your cellphones, laptops, memory cards, and any other electronic devices if you won’t tell CBP your passwords, and to retain the passwords you give them as well as the contents of those devices.

Yes, this applies to U.S. citizens and permanent residents as well as visitors."

That is just insane and unacceptable.

People need to push back. I know there's risk, but if you take this shit, they just keep pushing.

I will be traveling with throwaway, obviously tailored devices with insulting passwords, lock-screens and documents and a huge pile of encrypted chaff. Let them document me as a troublemaker.

Better, let them document hundreds of thousands of us as troublemakers. CBP and ICE have been drifting towards authoritarian-shitheaddom for a long time and really needs a serious pruning/lobotomy. It won't stop until there's noise about it.

I'm happy to say that I do everything to make Border Control life miserable. I have big clients in US and while I generate for them big profits, I cannot accept payments due to my ethics. So I complained to legal divisions of my clients and asked to funnel money there. Every time I cross US border I refuse to show any data and insist on contact with my lawyers. And by my lawyers I always have big co legal divisions in mind. At average I spend 6 hours per border entry but I feel good about myself. I believe that Border Services still had worse that day.

Ah, so you are the reason I got an invasive cavity search.

Sure you are the big hero, but you upset the people with the power to make everyone else’s lives miserable.

Good to see that the rich still get things their way.

Thank you. Seriously. You are the real hero.

I understand your desire to push back. Having "opted out" at TSA checkpoints for a year, I can tell you that the righteous feeling does little to counteract annoyance from fellow travelers (especially those in my own party). Yes, en masse it would be effective, but until then it's not worth the individual effort IMO. Anyway, governments can't tolerate explicit affronts to their authority.

The better course of action is for us to work together toto make it

1. trivial for everyone to hide their data, and

2. trivial for everyone to maintain vanilla data for plausible deniability.

The end result is still a victory for privacy, but with far less friction with government at the individual level.

>I can tell you that the righteous feeling does little to counteract annoyance from fellow travelers (especially those in my own party).

Phuu.. then tell them up front you'll meet them at the gate.

I great excuse (I have read this somewhere) is that you've heard they keep screwing the calibration of the of the ray-machine and over zapping people and don't want to trust your life to some min wager who really don't care if you lose 10 years or not.

I've always opted out.

This is an argument against representative democracy and assumes that we are already essentially at war with our government. Civil disobedience has a long and successful history in this country. The rule of law still stands. Establishing privacy measures as tool of criminals operating outside the law does no good.

TSA/DHS needs to be lobotomized/euthanized. Vote.

It's just an argument in favor of a private sector solution. ;)

War with our government is rather hyperbolic. Only nation-states can go to war—citizens are just traitors and terrorists.

- The rule of law is only as good as the people's ability to hold each other accountable. Secret rulings and operations violate that contract.

- Nobody's talking about doing anything criminal. Law enforcement operated just fine before encryption, and they'll keep us safe even when everyone has secure private communications (again).

As for voting, - As a politician, voting for "security" over privacy bothers a few constituents and just annoys the rest. Voting the other way has a non-zero chance to ending your career when the next terrorist attack happens.

- The national security agencies (and contractors) have a strong incentive to acquire power (funding/authority), which increases their ability to seek more power. The privacy charities seek to remove that power, which does not increase their ability to seek more power. In a fight between a self-reinforcing loop and a self-balancing one, I expect the former to win.

- J Edgar Hoover wasn't a unique phenomenon. Power corrupts.

But really, if everyone had unsearchable data, what's the worst that could happen (that couldn't already)?

I'm all for privacy protections and private sector solutions. I think that's just a good idea in general even in the absence of government surveillance. The network is compromised, etc.

I don't think we should throw up our arms and say that it is a waste of time to try and change the way DHS and TSA conduct themselves. If we do not protect our rights we will lose them. There is nothing new here. You seem to believe that citizens of the United States have no power to influence their government. I reject this belief.

Not that we can't influence, but that we just have one lever when modern society calls for a whole control panel.

I generally agree with you. Didn't mean to come off so pessimistic. :)

The main problem for this is the vast majority of the population is totally okay with these procedures, so one cannot even argue against it nit being representative or it being repressive because if you put it to popular vote, you will not get the result you wish for.

That's not how representative democracy works. We don't put every single issue up to a popular vote, we elect people to advance issues that we care about as voters. If you care about an issue then it's up to you to promote it in the public eye and work with your elected representatives to pass legislation. That may sound idealistic but it is the system we have and it does work.

Vote. Support the ACLU. Support EFF.

Hopefully more U.S. citizens stand up and push back against this bullshit. As for me, a foreigner living in the U.S., there's really nothing I could do other than complying, since they can just kick me out at any time.

> As for me, a foreigner living in the U.S., there's really nothing I could do other > than complying, since they can just kick me out at any time.

Be care.. on HN "there's really nothing I could" sounds a bit defeatist.. :P

Some ideas..

One could use this as an opportunity to learn about how to still do work without using your predominate computer. Assuming if you lost your computer it would be a PITA to reset it? Not a good position to be in. But it's a solvable problem.

Can your project be dockerized? Before you leave can can you have a AWS instance primed for you to hit it rather than localhost. Don't know about docker.. great opportunity.

Do you have crazy configs/environ-files stored on your computer? Stick them in github with scripts that set them up from a clean machine.

Is this all a pain? yeah of course.. but I'll bet you that you'll gain a whole bunch of new skills.

The general thoughts here (AFAIK) is to bring a clean burner phone and a clean machine (such as chromeos with maybe a clean ubuntu crouton on it).

Good luck... I'll look forward to your how-to post.. I'll sure there will be many HN'ers that will too. :)

Unfortunately the recommended behavior is to be "difficult". Trying to somehow state your own rights, demand that officers perform searches in accordance with law etc. - which is "being difficult". If you are on your way to a great holiday, important meeting etc, you aren't going to risk it. Because anyone "being difficult" will be detained or rejected. So I'll just fold and give them my password. And they know this.

The only time I'd even hesitate to trade my precious time for my integrity is if I actually had something to hide, unfortunately. Which just reinforces their assumption that anyone not immediately unlocking their device to let them read your business docs or see your kid photos - must be hiding something.

Wanting to preserve my privacy is very different from having something to hide.

I don't want border officers looking into my personal pictures that might have nudes from my girlfriend, fiddling around conversations with friends with jokes about drugs, conversations with my girlfriend about her mental health, same with some other close friends.

Those are private things, not necessarily harmful or criminal but things I surely don't want to be sharing with random people making decisions about entering a country.

Unfortunately the effect on me is a full deterrent: I have the money, time and desire to visit more parts of the US. I have been to San Francisco, Los Angeles and New York for vacations once and would love to go back to the West Coast and check out national parks like Redwood or Yosemite but I really can't be arsed to be "digitally frisked" around, the world is huge and I can afford to go to other places.

> Wanting to preserve my privacy is very different from having something to hide.

Absolutely agreee. But as long as the only people who argue their privacy actually are those that have something to hide, the two will eventually be conflated. And the way they implement this is by giving a lot of wiggle room for border staff to implement these terrible laws.

> I don't want border officers looking into my personal pictures that might have nudes from my girlfriend, fiddling around conversations with friends with jokes about drugs, conversations with my girlfriend about her mental health, same with some other close friends.

I don't want that either. I don't think anyone wants this.

The bottom line is: all you can do, at least as non-citizen, is a) don't visit or b) comply with whatever stupid laws there are, including complying with officers that don't follow the law. Because if you want to enter you do as they say.

This. Being "difficult" might be an option for US citizens, but if you're a visitor you're really only going to have a choice between cooperating and being refused entry. If you're refused entry you'll have a much harder job returning.

that's what they want you to belive. and it saddens me that they are achieving their goals.

as an immigrant, I have always opted out of the scanner with undocumented effectiveness and undocumented health effects with no consequences other than a pat down.

I (think I) get the point you're making and I broadly agree, but in the immigration case (on the way in to the country, rather than the way out) it's more than what they want you to believe: it's what they can and do enforce. For good or ill. And there's very little that you can do about it other than decide to not travel to the USA.

This link[0] is admittedly an advert for legal services, but there are a couple of interesting snippets in there such as:

> ... if you have been refused entry into the United States at any point in the past, even for an expired passport, the previous denial is reasoning enough for future denial.

IANAL but my understanding is that for non-residents there's no legal obligation to admit you outside of maybe some of the international refugee conventions (which are unlikely to apply). The law is deliberately discretionary. A refusal to admit can be based purely on "suspicion". You can imagine a CBP officer finding you suspicious (rightly or wrongly) because you refuse to hand over your passwords even if they don't have a legal right to force you to hand them over. They can simply offer you a choice of handing them over or going home.

To be clear: I'm not advocating for this state of affairs, but it does appear to be the case.

[0] https://www.visaplace.com/blog-immigration-law/denied-entry-...

Are Airport Body Scanners Safe? (Time, 2017) [http://time.com/4909615/airport-body-scanners-safe/]

the article have one person who agrees it is insecure and another who claims it to be safe without absolutely no information whatsoever.

specially nice is the quotes: "and something you experience so infrequently, even if you’re a regular flyer—that you don’t have much to worry about."

such a glorious logical falacy. or they dont know what infrequent and/or regular means.

and yet, the author saw it proper to publish twelve quotes from that person with unbased, uncontested positive remarks. great journalism.

Personally I'm just gonna skip the USA altogether for holidays and work - the world is pretty huge and full of interesting places. I know it's not an option for US citizens and it's a shame for the rest of us but I've decided it's not worth it.

US citizen here. Haven't visited the US in years. Myriad reasons why, but the CBP policy is part of it. Just don't like the idea of people demanding I let them go through my stuff, but also don't like the idea of sitting around for 8 or 9 hours or having my machine confiscated if I won't give up the password, either.

I should also note that at least as a US citizen, having traveled through some 40 or so different countries, US customs is the third most unfriendly customs I have traveled through. Only ones worse for me have been Canada (last trip to Canada was likely the last I will make after my last customs experience there) and Czech. I feel much more comfortable visiting supposedly authoritarian countries than I do the United States.

I’ve heard Canada was bad from a few different people, that’s so surprising!

Czech Republic is an odd one, I’ve not had any problems personally and I’ve flown in and out of Brno and Prague a few times (though I prefer Vienna). Mind sharing what happened, purely to satisfy my curiosity? I had a weird issue when one customs guy was trying to tell me that I reported my passport missing a year prior, and he got extremely frustrated that I couldn’t understand what everything was saying. Nothing came of it, it was just a few confusing minutes with an obviously flustered person who was refusing to believe my Czech was as terrible as it was.

As a Canadian: what's bad about Canadian customs/border crossings?

Can't say I've ever had a problem, but then I'm also a citizen, which may make things different.

I haven't been, so I can't say. From what I've read the tricky things are just the same as the USA - arbitrary stoppages for weird lengths of time (causing missed flights) by surprisingly rude or invasive people. Again it's just what I've read, but it stuck in my mind as unexpected because it flies in the face of the Canadian stereotypes.

Theres another case, though. Some people have no choice but to be "difficult". Consider, for example, a lawyer from an international firm travelling with company devices, which have on them privileged information that can under no circumstances be disclosed. These kinds of people have no choice but to be "difficult".

When I worked for a large company and had to cross an international border that was considered risky (e.g. China) we were issued a special phone and laptop just for that trip. They were wiped after each use. If one was especially paranoid it doesn't seem unreasonable to destroy the devices after use.

This way we could consent to search because the devices were blank. It's highly inconvenient and I hope the US doesn't turn into a high risk border.

> These kinds of people have no choice but to be "difficult"

Then they don't get in. Things like company secrets or client-lawyer confidentiality just doesn't apply here. You have a choice to give all that up and enter, or just return.

The solution as others pointed out is not to travel with the data, but that's just cumbersome. You can always just use whatever cloud service you want, and delete the local copies, downloading the encrypted info again when you have entered the country.

They may well ask for your passwords to the common cloud services; they already ask for your social media passwords.

Luckily most places have 2FA so giving them the password to Facebook or Gmail is "only" equivalent to logging in so they can look around then and there. They can't look around once you have passed the border, and they can't sabotage you by setting a new password unless they keep your device or actually change the 2FA settings. I think that's pretty rare.

I honestly don't think they need/use/keep passwords after I pass through. They may want to look in rare cases, but I actually think it's more of a "control question". If you don't have a normal set of social media accounts you are not normal or you are hiding something. If you aren't willing to show it, you are hiding something. What you are hiding doesn't matter. They use it as a "tell" to see if you need to be investigated further.

These questions have always existed. They ask you what your business is entering the country etc, but they are as interested in whether you are sweating as they are in what you respond. Same here. They don't need to see your family photos they need to see you give up your privacy like a "normal person"

A process that I've heard some financial people developing (highly secret/proprietary/potentially valuable) software use when traveling is:

1. Store confidential data on company servers or a secure/trusted/audited cloud service.

2. Protect that data with two factor authentication, ideally with an ephemeral/rotating factor.

3. Incorporate a duress code into one of the auth factors (e.g. "add one to the google authenticator result when logging in or you get fake data/get permanently locked out until you human-authenticate to regain access"), ideally both.

This is far from perfect, but reasonably secure and not terribly inconvenient in practice. Additional layers of protection can be added to the duress process, like defaulting to under-duress behavior until a certain timeframe (i.e. you're being searched at the airport and not during your appointment time slot), or when from an unrecognized network location. Like all duress-code-based responses, it is vulnerable to humanity (e.g. torture/intimidation).

I'm not trying to be facetious but what if they do ask and you say "sorry I don't have any cloud services" or more realistic "what are cloud services?"

I'm no digital security expert and I haven't ever, and don't ever want to, travel to the US but if I was to travel there any devices I took would be blank. All data I needed would be in the cloud. How are they going to know?

Those people don't carry that data with them, if they're competent or have competent IT staff. They have already configured VPNs with 2FA, burner laptops and mobile devices, or simply mail the devices via registered post to the hotel and have them picked up there. Device moving through the mail system don't get seen by the border grunts.

> Those people don't carry that data with them

You've made a great point here.

What criminal is also going to carry their incriminating data with them? This isn't an effective policy. What problem does it actually solve?

Most people, I think, don’t follow strict digital security/hygiene policies, nor understand them. That includes me, even though I try to be good. (I will not give specific details because two of my three memorable errors are currently covered by NDAs, and the third is personal).

Right, but they don't need to investigate most people. They need to investigate people who are motivated enough to... well, I'm not sure what. Cross borders while possessing illegal data? But anyway, the people who are motivated enough to do it can easily circumvent it. The only people harmed are innocents.

“Need” for what end? If there is political will to be “tough on crime”, or to reduce immigration and get away with it by saying you’re really only being tough on crime, you can probably find something on anyone simply because laws are too broad. Likewise if you care about performing economic espionage, you don’t need to worry that you’re mostly getting low-hanging fruit.

These are checks you can perform on everyone, after all.

Many effective police strategies are based on criminals doing stupid things. If criminals were smart most of them would just make a honest living.

Then, bluntly, you have made your choice. Those unwilling to stand up for themselves can't expect anyone else to stand up for them.

Exactly. I can't afford to stand up for my ideals at the border. I expect people (including myself) to stand up for these things, just not at the border.

My main way of disagreeing with policies like this is to simply skip any travel to the US. I can't vote, but I can vote with my wallet.

But basically saying that people should either accept that their expensive holiday (or job) might go down the toilet, or they have no principles - is a bit much to expect I think.

> people should either accept that their expensive holiday (or job) might go down the toilet, or they have no principles

That is exactly the situation and there is no easy way out. There are solutions, but they are long-term and often unfeasible.

Wouldn't a clean burner phone and clean computer work for you?

There are always ways.

I’m not so sure. The point was to stand up for my principles and integrity by refusing to give up my password.

If you do that then whether the phone is empty makes no difference. You’d be detained or deported.

Show them a completely empty phone and an empty Facebook account and you’ll be asked tough questions too.

You basically need to fabricate a whole new persona on social media.

Of course.. if it's "clean-clean"

> You basically need to fabricate a whole new persona on social media.

o-k-a-y. not rocket science. you're not james bond.. it doesn't have to be super crazy.

1) create a new gmail account, sign up for some tech newsletters. 2) create a twitter accounts, sign up for recommended people. 3) do a google search for 'cats and dogs' and download some pics


I wouldn't be surprised if someone's hasn't created a bash script to do something like this.

I'm not talking about your (or anyone else's) principles. I can't see into anyone's heart or mind.

I'm talking about revealed preference, more than anything else. Yes, fighting is risky and unpleasant. It always is. You make your choice and live with the result.

The choice for a non-citizen isn’t made at the border. I decide whether to go and comply, or to stay home which is the only way to not comply.

Flying over to make trouble at the border is just wasting $1k+ on a plane ticket. I’m sure if I really wanted I could make more difference to legislation by just donating that money to the ACLU or similar.

That sounds pretty judgmental, especially since I suspect there are human rights threats around the world that you (and everyone else) are not fighting either.

You can take it how you like. I'm simply stating the obvious.

But this particular variation "you're a hypocrite for spending energy on X when there's so much Y in the world" argument was weak when it was first trotted out and hasn't aged well. Worse, the argument is an irrelevant red-herring when talking about choices an individual makes about their own reactions to their own rights being encroached in day to day life. Nobody complains that someone who fights back at being mugged isn't also fighting spousal abuse in $far_away_land.

I don’t know if you realized, but America is the far-away land in this context. And I was actually saying that you’re a hypocrite for blaming the guy who lets his mugger take his wallet for not fighting back, if that’s the analogy you want to use.

> The only time I'd even hesitate to trade my precious time for my integrity is if I actually had something to hide

I honestly can't tell if you are trolling, I missed the irony, or you are really as dense as a badly trained racist border office (which thankfully is not all of them)

Completely not trolling, nor ironic.

Now: I’ll be very clear that I don’t agree with these policies. They are terrible.

And obviously if I had anything sensitive I wouldn’t travel with it in the first place! But if I landed in Miami tomorrow for a holiday and someone asked me to unlock my phone so they could look around - would I? Yes! Because I know that not doing it leads to somewhere worse.

The point I was trying to make was that I don’t have the luxury of standing up for principles at the US border. Best case it will take a few hours of me being difficult while my family waits. Worse case I’m on a plane home again.

So the end result is that if I’m reluctant to show device data at the border, it’s because I realized that something on my device would be found a more serious issue than my refusal to show it.

Do not take my previous post as me subscribing to some form of “it’s no problem if you have nothing to hide”. That’s not what I was saying. It is a problem, and I just don’t have a choice.

Well put. Consider also the situation of people who are traveling to the US for business, and for whom it is a requirement that they travel there. Not only would being difficult subject them to a potentially-huge short-term monetary loss (lost sales contract, for example), but it might also wreak long-term financial and reputational havoc on them if they lose their job or are blackballed by their company for being someone who "can't travel without getting law enforcement involved".

That, again, is what the people authoring and enforcing these policies count on. The power dynamic is almost entirely against travelers. All the solutions are so radical as to be unfeasible in the short term (remodel international transit authorities; move business out of the US; remodel businesses to not require travel, etc.).

As the saying goes, I don't have "anything to hide", and kind of don't care being searched.

However I would never give my password to anyone. As a matter of principle, giving out your password is like betraying yourself.

Granted, I've never been asked, so I'm not sure what amount of pressure / threats I can withstand. I hope it's a lot, because asking someone for his password is insane and despicable.

This should serve as a reminder to everyone to donate/support EFF and ACLU, as two of the very few organizations that watches for our rights.

It is also a reminder that as we get more numb to issues like this, it gets worse.

It is probably time to call your representatives and raise your voice.

Because calling paid-for representatives has such a strong record of success over the last decade of human rights erosion.

Talking to your representative is roughly as useful in curbing these things, as doing nothing at all. What's the real solution?

The real solution is changing lobbying, but i am not educated enough about us politics to tell how.

Also supporting EFF & ACLU and their efforts to use the laws seems to be somewhat effective.

It also comes back to the individual convenience vs collective action. If everybody obeys the orders of border agents, police, etc without exercising their rights because they have nothing to hide, this gets easier by the day.

This is not about hiding something, this is about harrasment of an individual's privacy.

> Talking to your representative is roughly as useful in curbing these things, as doing nothing at all

Have you ever called your representatives?


Knock yourself out.

Spoiler alert: almost everyone reports getting a cookie-cutter email or scripted response about why the rep will stay the course. They clearly have an established strategy of how to handle the 'contact your rep' crowd and channel their efforts to /dev/null.

> almost everyone reports getting a cookie-cutter email or scripted response about why the rep will stay the course

Who is “almost everyone”? Any personal experience?

Mine involves getting a personal e-mail from my state Assemblyman, being patched in to the senior legislative aide to my U.S. Congresswoman who spoke to me at length about the issue, getting follow-up by e-mail to calls after the points I raised were discussed with my U.S. Senator, and being reached out to by my state Senator’s office for input on a draft bill. I also know that for my tech-savvy Manhattan Congressional district I am usually one of a small handful voters regularly calling in about digital privacy.

I’m fine with voters being busy or lazy. But don’t brag about it.

You're suggesting that your n=1 anecdote weighs more than those thousands of reddit stories? Or that my position is invalid because instead of engaging in another n=1 anecdote I aggregated the outcome of many?

For your one story, you can click the top few links of that search to see detailed accounts and full documented histories from representatives who are clearly systemically stonewalling this kind of activism. And judging by those counts, they are the majority.

> thousands of reddit stories

Many of “thousand of Reddit stories” are just like your comment. Repeating a meme, nothing more.

Will your representatives always be responsive? No. Some are worse than others. On some issues, the political tea leaves are too obvious to merit discussion.

By and large, however, representatives and their staff care about their constituents. When you call (better than form responses on websites), you show you care about an issue. Their offices want to know if you represent a budding movement they can attach to.

You’ve cast aside a core civic right and, in my opinion, duty, based on anonymous forum comments. It would take you thirty minutes to call yourself, but that’s too much of a hassle. Fine, that’s your right. It’s also mine to call out your comments as emotional self-indulgence more than anything substantive.

> Many of “thousand of Reddit stories” are just like your comment. Repeating a meme, nothing more.

Demonstrably, provably, completely, wrong.

https://www.reddit.com/r/netneutrality/comments/7kzblu/i_con... - 4 page account of comms

https://www.reddit.com/r/Firearms/comments/75yjkd/the_offici... - photos showing redditor attended in person instead of making a phone call. Was told their concerns would be 'passed along'

https://www.reddit.com/r/pcmasterrace/comments/6dm169/i_also... - full account of comms. Again cookie cutter response.

Maybe this is biased because it's the top results. Let's jump to page 4.

https://www.reddit.com/r/SaltLakeCity/comments/7dtlyr/i_just... - rep's voice mail is full and has been for months. No response

https://www.reddit.com/r/Connecticut/comments/7gwins/this_is... - representative actually stands up for the interests of constituents. Yay, we got one!

No memes here, just detailed accounts which overwhelmingly demonstrate that paid-for representatives have a strategy to deal with this. As for civic duties, you do not have a civic duty to uphold a process which is a textbook example of regulatory capture. If you get success by doing it, great. But statistically, for the majority of Americans, talking to their rep is worse than doing nothing. It's spending their time and effort on a process which is designed to ignore them, so they don't spend that same effort searching for an alternative process which might actually work.

This process used to be effective; before it was circumvented by lobbying activity. You can't cling to it today just because it worked yesterday. You also can't get jobs by just turning up to places and handing out your CV. Times change.

You need to actually read your cites. Many of your link actually support what we've been saying. Their concerns were passed along to the representatives and they were pleased with the responses they got.

I suspect that they're suggesting that your apparent disillusionment with the call your representatives process, whom have over time, enabled in part what we see before us today == being busy or lazy and that you are bragging about being busy or lazy, as if change could only happen by picking up phone and sending emails telling another how upset you are or that even if you did do the aforementioned and were received favorably by such representatives, you would be placated and faith in the process overall will be restored even without the actual change you seek even occurring.

Onlookers are to make of that what they will.

Oh, reddit. Yeah... I'll believe everything I see there.

Yeah, some reps are bad and don't listen but I'm willing to bet most at least log down how many people complain about what. Having an attitude of contacting them does nothing only just makes things worse and has no potential upside. At least if you do "waste" your time contacting them you may have a change to do good.

I kind of have both experiences. I have frequently contacted my state and federal legislators, leaving messages with their staff, and have never gotten back any message other than a form letter or email stating that they are going to do exactly what they were planning on doing all along. But I'm also reasonably certain that their staff do keep a tally; just that there's plenty of stuff in their political calculus (demographics, gerrymandering, campaign contributions) that means they don't have to pay attention.

The biggest irony is that shortly after I contact any legislator telling them how I oppose their policy position, they start sending me mail asking for campaign contributions.

Every single one of those "contacts" was people emailing their representative. Emailing your representative isn't an effective means of communication. It takes no effort to write an email. Most political offices assume an email is a form letter drafted by some special interest.

Call your representative, or meet them in person when they're back in the district. If they know you're a real person, they will respond to you directly with something more than a scripted response.

Going to have to downvote you here since I've found that calling my representatives has been extremely effective.

Calling your rep, or meeting them in person, are the two most effective ways to communicate your concerns. Because people who take the time to call or meet in person are also the type of people who take the time to vote, and in the end that's what really matters.

Emigrate. Trust me, it works wonders.

We're really getting to the point where violence may be the path of least resistance here. I thought i'd never say that!

Doesn't matter how much you push the button at the crossing it shows the green light when it was programmed to, regardless of you.

If you want to cross you either need to wait until the appropriate time as dictated or you need to risk your well being and cross the road.

Wrong thread?

Also, it may be true where you are, but it's not universally true. I know the cycle and timing of the lights near my home, and I keep getting frustrated by people who don't press the button and now I need to press it, and wait an extra cycle.

> “What is the password to this device?” is a verbal collection of information, which is prohibited by the Paperwork Reduction Act (PRA) unless it has been approved in advance by the Office of Management and Budget (OMB), a “control number” has been assigned by OMB, and individuals from whom information is to be collected are given notice of this.

I find this extremely implausible. If it were true, wouldn't it also imply that customs and immigration officers aren't allowed to ask any questions that don't appear on the customs form? I thought it was generally accepted that they had a wide latitude to conduct an interview and use the results to determine admissibility.

The Paperwork Reduction Act is primarily designed to regulate exactly what it sounds like -- standardized forms for data collection. It specifically excludes "A request for facts or opinions addressed to a single person". (https://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&rgn=div5&view=t...)

I'm not an expert in the applicability of that law, but if they're systematically asking people for passwords, that's not necessarily "addressed to a single person".

Paperwork Reduction Act is an attempt to reduce paperwork. Customs and immigration questions are not paperwork, despite how systematic they are. Consider if they have an OMB number for "Citizenship? Duration of stay? Purpose of visit?", the questions nearly every traveller gets asked. They don't. Of course they don't. They don't need one.

From the bottom of the Customs Declaration form:

PAPERWORK REDUCTION ACT STATEMENT: An agency may not conduct or sponsor an information collection and a person is not required to respond to this information unless it displays a current valid OMB control number.

These questions are present on customs form 6059B. Asking them again verbally probably isn't illegal. This form does have an OMB number: it's 1651-0009.

I don't know if it worries my American chums, but I won't visit the USA. As a foreign tourist bringing money into your economy I feel there is a very real risk to my privacy and increasingly my person. I am beginning to favour goods and services from EU where human rights still mean something.

Perhaps it doesn't matter to you how the US is perceived overseas, perhaps you don't want my money. Perhaps you don't mind being poorer. To me it has become the land of the police-state and the home of the Trump-Chumps.

I am an American living outside the US for ~5 years. It's become very difficult to plan for the future now that I am in a permanent relationship with a non-US citizen (we would be married already if not for the various complications associated with being different nationalities). Especially since she is from a so-called "shithole" country, one of the poorest on earth, we have doubts about whether it's even worth ever trying to go back to the US longterm. What if we do everything right, go through the green card process, and then suddenly green cards just no longer exist? That statement might have sounded crazy 10 years ago, but can anybody really assure me otherwise now?

I know 10+ people who are educated, hard-working, and have every qualification yet are denied a simple tourist visa to the US for whatever reason. The process is lengthy, costs a decent amount of money, consists of filling out ridiculous forms on antiquated websites and attaining sponsors from the US, and then results in a 5 minute interview where some prick essentially makes a snap judgement about the candidate. We got lucky once with the tourist visa process, but that was pre-Trump.

The US is an utter embarrassment, and if it weren't for my family still being there, I wouldn't really care much about never going back.

I went through this process in 2015-2016 after my fiancee was turned away while we were entering the US in PHL (they said she had already spent too much time with me there). We went back to Spain where she's from and started the 4+ month long process of getting her a K-1 fiancee visa.

It is a lot of reading, a lot of forms, and nerve-wracking interviews so I understand where you're coming from. But now she has a green card and it's a huge weight off our chests, great to be able to live a normal life. No one is coming for legal permanent residents, especially by marriage.

Almost everyone we interacted with along the way (except for the border control at PHL) was pretty friendly and just doing their job. No one seemed to have an axe to grind against immigrants.

The best resource I found was VisaJourney which has guides, timelines, useful forums, crowd-sourced processing times, etc.

I'm sure you'll find other users there from your partner's country so you can get a feel for what the process is like from a relevant perspective.

Here is the process/timeline for a fiancee visa: http://www.visajourney.com/content/k1flow

Happy to help if you have any questions

The immigration system is horribly broken. My wife, too, is an immigrant, and our experience is vastly different from yours.

For example, they scheduled her for an interview on a date that was impossible for her to make (iirc, that was her first day of a new job). She went to the INS offices to ask to have it rescheduled, and the person at the desk just gave her a flat "no, we do not reschedule interviews". My wife asked to speak to a manager - something that's eminently reasonable, if maybe slightly annoying, at any business - at which point the INS employee bushed a button that summoned to burly guards to physically remove her from the premises, stating that she was a threat to the office's security.

As an immigrant, I wouldn't expect them to make adjustments for my schedule. It's unfortunate that you went through this, but for most people priorities are different.

> As an immigrant, I wouldn't expect them to make adjustments for my schedule.

Your desire not to be a burden is laudable, but there's a more-important principle at stake here. Government officials should always make an effort to accommodate reasonable requests, or if that's not possible, to explain why — and moreover, those officials, as representatives of this country and its citizens (including me), should damned well be at least that welcoming and courteous to a visitor or new resident such as the GP's wife. Assuming that the GP was accurately telling the whole story, every American should be thoroughly embarrassed that the GP's wife was treated so abysmally, and the officials responsible should be disciplined.

> Your desire not to be a burden is laudable, ...

That's not what I said. I don't try not to be a burden, I just don't expect consular officials to give a shit about my schedule, and set my priorities based on that. Sure they should be welcoming and all, but it is what it is.

Wouldn’t an immigration interview trump any other reaponsibility a person has? I’d explain to my boss the situation and see if I can get my day switched way before I’d expect any government agency to shuffle things around for my work schedule (especially any agency that’s immigration related).

I'm sure it would if the conflict cannot be resolved, i.e. both the immigration officials and the boss are unwilling to accommodate the other requirement. Missing one's first day of work generally looks bad though, and trying to avoid that if possible is reasonable.

Attempting to reschedule an immigration interview doesn't strike me as unreasonable, nor does escalating to a supervisor if you don't like the answer you got. The employee calling security, on the other hand strikes me as abusive. I think that employee should be fired and probably not given a position of authority where they can mistreat others that way again in the future.

I agree that the latter part sounds very excessive, but I still can't understand how protecting one's legal status in the country they are in wouldn't far and away be the most important thing on their calendar.

Given how long everything takes when dealing with immigration, it's not exactly surprising that they aren't able to accommodate people's schedules.

Attempting to schedule something in a way that minimizes conflicts doesn't necessarily imply that it's not the most important thing on the schedule.

> Given how long everything takes when dealing with immigration, it's not exactly surprising that they aren't able to accommodate people's schedules.

If things take a long time, it shouldn't make much difference to them whether they do an interview this week or next. It's surprising that everything takes a long time though, from a certain point of view anyway.

I'm not sure why you'd think that the convenience of a government agency should outweigh any other concerns.

Because they are a government agency that’s notorious for having rigid rules and moving slowly. I’m not defending their behavior, but that is the way it is - it’s not exactly surprising or shocking that they weren’t willing to budge on that.

You should talk with your local US embassy or consulate. They can provide whatever help to clear up the process for your partner. If they are doing their job, they can greatly simplify everything. Please do not confuse the local state dept people with the shenanigans from the people at the White House...

The visa process is relative straightforward. Will the person who is given the visa come back to the country of origin? This is determined by money more often than not, and it's the harsh reality of the situation.

Since 9/11 the US is like a bull in a china shop, stung by a bee. I only go back once a year to visit my family now too.

Similar situation here, although I'm in country #2 (if you know the political-comedy reference).

The US has many natural wonders, and it has a lot of quite good people. But the political system is so out of whack that it makes me want to stay away for a very long time.

Furthermore, having to deal with US taxes while living and working abroad is really a hassle. True, one doesn't typically owe any US tax money if paying a higher rate elsewhere, but filing is still required. And filing can be messy if your life is not the standard simple permanent employment situation.

I have a friend who's a US citizen who was living in Venezuela for a while, and he got married to a Venezuelan gal there about 5 years ago. They'd been working on moving back to/to the US for most of that 5 years and finally got here about 2-3 months ago. I believe that both the US and Venezuelan governments gave them a bit of run-around, but it did all work out eventually.

Why wouldn't you sponsor her for a K visa?

If it's not too personal / I'm curious, where do you live?

Apropos of anything else, my arrival in the US from Australia (as a K-1) has cost over the years, at last count, coming up on $25,000...

Jesus, why? I think my K-1 (originally from Canada) cost something like $5,000, maybe $6,000 total. I guess plane fares and hotels might play into it, since I can cross by land.

I have a similar policy for my work at university. Not so much as a political statement but for mere convenience I have avoided going to US conferences during my scientific career so far, even though some of them were quite interesting. Too many border controls/visa requirements. It's not worth the hassle.

Luckily, it's not hard for us to get US researchers to our place for a visit, they tend to like sunny, peaceful places in Europe where you can stroll through the city by foot.

I sometimes have to go to the US for business purposes but from now on will only do so with a wiped computer with just enough installed to look like a normal user's data.

Just have multi-boot and before crossing set the auto-boot timeout at 0, then change it later. If you want to be safe, you can also copy and delete the boot details for your actual partition.

I leave a dummy partition with Windows, office and other shortcuts and a wallpaper of a cat during my US visits. I also have both a facebook and a gmail subscribed to all the spam you can get.

Not because I have any criminal activities but my customers deserve to have their information protected.

If authorities want to check my private and work data, they can ask nicely through a judge.

>> If authorities want to check my private and work data, they can ask nicely through a judge.

I am confused,surely non-citizens have no rights or recourse to the law at an airport?

In any case, I am concerned that your approach would be defeated if they took an image of your hard drive and threw some basic tools at it. They probably have this as a kit.

Non-citizens effectively have zero rights. Your rights increase as you go through different visa types and get to citizens. The appearance of actions like these can make you appear deceptive, or uncooperative at the very least. CBP can easily put you on a plane back after making things uncomfortable for a while.

And while you wait for a judge to decide, you sit in a room at the airport with no toilet, no windows, no communication to the outside world.

If your computer can boot from it, I can recommend using an SD card with a bootable partiion.

As the decoy, or as the main OS? I suppose disconnecting the SATA-cable would make the hdd/sdd invisible to the system...

> I suppose disconnecting the SATA-cable would make the hdd/sdd invisible to the system...

On a laptop? All laptops I've seen have the hard disk plugged directly into the motherboard, with no cables in between. Having a SATA cable is more of a desktop thing.

Weird, I do have exactly the opposite experience, incl. a bay for a second SDD (on a gaming laptop/workstation one). Ability to replace an old HDD with SDD on a 6y old laptop... and then replace the optical drive with another HDD (just for the storage)

Perhaps nowadays it's the norm to have it all soldered in but I'd just not buy such.

I think a minority of laptops have soldered-on HDs. More have them hard-attached now than a few years ago (when almost none did), and many recent laptops have "mSATA" connections, which is more like a RAM connection than a cable. You could achieve the same thing with an mSATA connection as you would with unplugging a cable by removing the mSATA drive/card, and applying a thin strip of something non-conductive over the pins, and plugging it back in. Just please don't use something adhesive; the residue after a few applications/removals can screw up connectivity when you want it to work.

That said, I'd imagine there's an economies-of-scale advantage to having soldered-on drives (to say nothing of the economic benefits of un-upgradability: sorry folks, but there aren't enough people to whom part-swap upgrades are important to sway the hardware industry at large on this issue, though a few small manufacturers/lines will probably target that market). As a result, I'd imagine that we'll see more and more of them in years to come, though I'd be happy to be wrong about that.

'course, I don't recommend bringing your data into a country you consider hostile regardless of whether you've set it up so a cursory search doesn't find it. If the country really is hostile to your interests, that won't stop them if they want your info.

On a macbook there's still a SATA ribbon cable between the HDD/SDD and the mainboard

On much older MacBooks that is true. MacBooks since around 2015 have had mSATA "RAM-style" connectors, and I've heard that some more recent models have soldered-on drives, though I haven't seen this myself.

If they plug it in their system, wouldn't you be afraid to bring back some kind of malware? I'd try to bring no electronics when crossing the border...

wait, so you're actually a spy? What kind of user are you if not a normal one?

This works the other way around you know.

I knew some programmers who worked for a EU company that had a military contract.

When they traveled to US (talking around 2005 here), their entire harddisk was encrypted and they got a short education on how to handle certain suspicious situations.

US is known to use intelligence data any way they want, including economical gain. So if your laptop contains any confidential data of any big European company, it's already a good idea to not make that data available.

The whole Edward Snowden debate was only an issue because US was collecting data of their own citizens. Let's be honest, nobody cared who they were spying on abroad.

It's really sad to see how "friendly" nations treat each other like that.

So to answer your initial comment: The one who has the confidential information is not the spy. The spy is the one who wants to get access to it.

The US border sounds so much like the Chinese one! :(

The wiped laptop certainly doesn't look like that of a normal user without adding stuff.

> normal user

The normal user browses the web and almost nothing else.

It always amazes me what a "normal user" collects on their device when all they really do is use it as an internet machine.

... but this laptop hasn't even been browsing the web, and so it will have no history and no cache and no saved passwords for websites and wifi hotspots ...

That's actually a good point. Might be a good idea for a software there: something that generates fake browsing history for the different browsers.

Isn't it the same with Canada, though? I admit, I only watched those Border Patrol Shows on Netflix and what not, but it always disturbed me how much they always wanted to check the whole phone.

Yes, Canada, the UK, and Australia all have policies to ask travelers for their passwords for laptops/cell phones, and you'll be sent back home (if you're a foreigner) or arrested (if you're a citizen, at least in Canada [1]) if you refuse.

1: http://www.cbc.ca/news/canada/nova-scotia/alain-philippon-to...

I had a friend get refused entry to Australia because they made him open his Facebook messenger, and they found out he was planning to work on a tourist visa.

They only did that though because he just finished a 3 month tourist visa, left the country for a week, and then came back with another 3 months.

Seems to me that's the digital equivalent of showing up on a tourist visa (or via the visa waiver program) with a bunch of resumes printed in your luggage.

UK citizen here. I'm not aware of any policy in the UK that forces travellers to hand over their device passwords - i.e. not in the same draconian way that's happening in the US. Border control in the UK is pretty well overstretched as it is. I don't think they've got the resources to perform this type of intrusion, even if they wanted to.

From 2013: http://www.telegraph.co.uk/technology/10177765/Travellers-mo...

Also a case in 2016 of a UK citizen being arrested for refusing to give his password to UK border police: https://www.theguardian.com/uk-news/2017/sep/25/campaign-gro...

Yeah, but I don't think it's a routine thing (I'll check with my pal who runs a borders team to be sure). I think you need to have been a specific target and person of interest for things to go that far.

That's pretty much the same "but it only happens to a small fraction of people so it's okay" deflection argument that you can say about the US policy as well, which you called "draconian".

I don't know if it depends on where you come from, but I went to Canada a couple years ago, by plane. No hassle at all, they just asked me if I had Malaria or knew anyone with Malaria, asked me what I was there for (Mozilla workweek, but not for work!), and they sent me on my merry way. Not even a baggage inspection, let alone a computer/cellphone inspection.

I think a lot also depends on which border guard you get and what their 'feel' for you is. I was in the US a few month ago and got waved through after 30 seconds and a couple of basic questions (might have helped that I was travelling with my wife and daughter). When I was in Canada a few years ago I got called into a separate room and asked a bunch of questions about what I do for a living, what my parents do for a living, how long I was planning to stay, how much money I had with me etc. etc.

I always felt the Canadian border questions were mostly targeted towards avoiding people coming in to take jobs that could go to Canadian locals.

This was the Canada / US border.

Yes. I’ve had my electronics thoroughly searched twice going to Canada.

Essentially every country in the world asserts the right to carry out a thorough inspection of anything crossing its border.

I'm not sure why people think electronics would be an exception to this general rule (which has been in effect, like, forever... the only exception that comes to mind is diplomatic pouches).

> I'm not sure why people think electronics would be an exception

I'll take a swing at this.. one reason is that modern electronics contain - both directly and through remote access to other systems via stored cookies, etc - far more private and/or commercially-sensitive information than almost any other widespread physical object that may cross a border. In the 1960s a (non-spy) traveler faced a search of some clothing, cash-on-hand, and perhaps some food/snacks and prescription drugs. Far different from facing a search of every photo you've ever taken, every private message you've written to your spouse, or the full IP of your successful software company, etc.

this is surprising to me. my experience with the Canadian border guard is that they are super chill

To be honest, I doubt the amount of money brought into the US by foreign tourists amounts to much in the big scheme of things. I respect your principled stand against the threats against your security and privacy by the US Government, but it won’t really make anyone here poorer.

World Travel & Tourism Council Travel & Tourism Economic Impact 2017 United States

"Visitor exports generated USD 212.3bn, 9.5% of total exports in 2016. This is forecast to fall by 0.6% in 2017, and grow by 3.9% pa, from 2017-2027, to USD 309.7bn in 2027, 9.3% of total." [0]

US GDP in 2016 was USD 18624bn. [1]

So I suppose it's only 1.1% of GDP.

What's USD 212.3bn between frenemies huh? ;-)

[0] https://www.wttc.org/-/media/files/reports/economic-impact-r...

[1] https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?location...

Exactly. The complete loss of international tourism (and realistically there wouldn’t ever be a complete loss unless we closed the border) would result in a 1% loss for the US GDP/economy. Not nothing, but certainly not devastating.

You do understand there's also a downward spiral for tourism, right?

Tourism generated 1% of the GDP but you don't know the impact on other industries, you haven't seen figures on lost of tax revenue from jobs lost, cost of retraining people to find new jobs, burden on society from unemployment, etc.

I don't think that tourism will cease in the US but any downturn on it has larger effects than just the GDP figure brought by the industry itself.

Of course, if you only care about numbers the dollar figure won't look much, if you care about the lives affected by idiotic policies then you have to look deeper.

I never understood why US airports never implemented the transit concept.

Theoretically it could be extremely convenient to use the US as a transit point if your final destination is, for example, a country in Latin America.

But when you connect via any US airport you need to deal with imigration, pick up your luggage, deal with customs hassle, re-check your luggage and proceed through the entire TSA song and dance.

Depending on the airport not even 3 hours may be sufficient to make the connection and the hassle you experience is just not worth it.

For comparison: Some European airports have legal connection times of 30 minutes (Vienna). Longer than 90 minutes is almost unheard of.

Just about any international airport gets that concept, even in massively underdeveloped countries. The US just doesn't seem to get it.

It must cost US carriers dozen -, if not hundreds of millions in yearly lost revenues.

Because statistically nobody transits through the US. Almost everyone ending up in the US is staying. A lengthy flight across the Atlantic/Pacific to then take another lengthy flight across the other ocean is just not something many people do.

OK, but what if I stopped buying US goods and US services? What if I pulled my investments from US equities? What if I added a tariff on services provided by US companies, because they had benefited from an un-competitively low corporation tax rate?

The US is not the first empire. You might want to read up on how the others failed.

"expenditures by international visitors in the United States totaled $244.7 billion in 2016"


About 1.3% of US GDP - which is maybe not significant to the US economy as a whole but I suspect that spending is very localized in locations that probably would suffer if foreign tourists reduced in numbers.

The US economy is really massive, $244.7 billion is more than the GDP of Finland.

According to the World Bank[1] the US took in $246b in 2015 from international tourism.

[1]: https://data.worldbank.org/indicator/ST.INT.RCPT.CD?location...

Many of these policies were put in place by the Obama administration. It wasn’t all fun and games.

Would you say the same of the citizenry of other states in similar positions, like Russia or Iran?

The rest of the world should retaliate. (...)

EDIT: That was a knee-jerk reaction. Sorry about that.

I think they should only retaliate on US officials (elected and who work for DHS). Ask them to reveal passwords to national secrets when they enter the country, then detain them for hours when they refuse.

The general population should be welcomed with open arms - retaliation on them achieves nothing. It's not their fault.

> The general population should be welcomed with open arms - retaliation on them achieves nothing. It's not their fault.

Last time I checked the US had elections, so yes, it pretty much is their fault.


No candidate since 2001 (or possible even before then) had a political platform which wanted to dismantle the practice of DHS. No politicians see the issue as a vote winner. Red or blue, the DHS funding and policy scope has been steadily increased by each administration.

The blame can not be placed on any recent administration or person. The problem is a systemic issue, deriving from the constantly increased demands of "increased security" from the population on both side of the political fence.

I will concede this is true, and I was going to say in the original post something along the lines of "not that she would have done anything to stymie this issue," but I felt that the comment was more on the fact that we don't have fairly drawn maps for our elected officials.

To be clear the general elections are very much rigged for the reasons you stated and many more. That said HRC lost because the popular vote is not what the candidates compete on. As an aside, I am still bitter about her attempted rigging of the election and successful interference in the DNC which left us in this current horrible predicament.

> That said HRC lost because the popular vote is not what the candidates compete on.

For sure, but the popular vote should be better represented by the district maps.

> I am still bitter about her ... successful interference in the DNC

I was a Bernie supporter, but I knew that the political machine wouldn't swing so far as to select him. He is too unorthodox, too progressive, too not-rich.

> I think they should only retaliate on US officials (elected and who work for DHS). Ask them to reveal passwords to national secrets when they enter the country, then detain them for hours when they refuse.

Unfortunately I don't think this will do what you expect - they'll probably happily hand over their password.

Retaliating against the US assumes that the rest of the world doesn't want the same powers that the DHS now has, which is unrealistic I think.

For those who aren't US citizens, the advice in that article is absolutely terrible.

Refuse to cooperate and you'll be on the next flight to whatever CBP deem is your home, and good luck ever getting an ESTA or Visa in future.

This is really worth emphasising. US CBP officers have wide latitude in denying you entry to the US if you're a visitor. This is especially true for visitors on the Visa Waiver/ESTA program as the reciprocal part of that waiver is you waiving any rights to appeal the decision of the CBP officer who makes the decision.

If you are refused entry under the program for any reason you can't ever use it again and will have to apply for a visa proper.

So you can try and quote laws and rights and not hand over your password, but they're likely to simply refuse you entry. They might well keep the laptop/phone/device too.

  > and good luck ever getting an ESTA or Visa in future
Would you want one after this anyway?

Maybe your employer has offices there.

Maybe you have relatives there.

Maybe you have clients there.

Or conferences, or other professional events.

Maybe you are even resident there.

Maybe you just want to go to Disneyland.

Whether Disney World is worth paying for with your dignity and privacy is a decision each person must make. Further, Disney now harvest biometrics for their ticketing. Noooooooope.

Disney has an opt-out process for the fingerprint scan. (I'm not saying that to excuse their default stance, which I do find uncomfortable.)

Even the Museum of Natural History in New York is a good attraction. There is no need to consider the US horrid or anything alike based on the ridiculous border policy.

After the arrest of Marcus Hutchins I have already resolved not to set foot in the USA (unless badly necessary for business :/ ). It is surprising how little international outrage that arrest sparked: if the reasoning of the USA in this case were solid then international travel would halt. You would need to review everything you've done online (the last few years at least but possibly ever) and compare it to the laws of the country you are entering. If the USA believes Hutchins committed a crime according to US laws then they should ask the UK to arrest and extradite him. Let me emphasize: it doesn't matter, at all, what Hutchins have done.

And this was not the first time this was done: Sklyarov was arrested for violating the DMCA while outside the USA as well. That case was one of the primary reasons I excluded the USA as my immigration target and landed in Canada instead (back in 2006 I was in a position where I could choose).

This policy just makes my resolve stronger.

>That case was one of the primary reasons I excluded the USA as my immigration target and landed in Canada instead (back in 2006 I was in a position where I could choose).

>This policy just makes my resolve stronger.

Canada (and the UK and Australia) has this same "give me your password" policy [1], too. They've even arrested re-entering Canadian citizens for refusing [2].

So while your decision may have been "noble", I'm not sure Canada was the right choice.

1: http://www.cbc.ca/news/technology/border-phone-laptop-search...

2: http://www.cbc.ca/news/canada/nova-scotia/alain-philippon-to...

Note for 2:

"According to an agreed statement of facts, Philippon had $5,000, two phones and traces of cocaine on his bags when he arrived in Halifax."

> You would need to review everything you've done online (the last few years at least but possibly ever) and compare it to the laws of the country you are entering.

Yes, that's what you must do any time you enter a country. Any country is free to arrest you for past violations of its laws when it has the physical ability to do so. Once you're physically present in a country, it no longer needs to demand your extradition: you've extradited yourself.

Here's a hypothetical: the country I was born in has a statute where the distribution of a sickle-hammer or the nazi swastika sign (and similar signs, listed in the law) is a minor offense, to be punished with a short jail sentence. Now the hypothetical: You land there, the border officer asks for your phone, browses through your Facebook posts and sees a Soviet joke you made (he doesn't understand it) but sees the icon you put besides. You spend the next sixty days behind bars. Are you OK with this?

In general people expect the laws of a country to apply to them only while are actually inside that country. In the UK you have to drive on the left side of the road, would you expect to be arrested on arrival for having driven on the right side of the road while in another country? Being refused entry is understandable, but being arrested? Isn't a country's jurisdiction supposed to be restricted to its borders?

Obviously every UN member state have their own jurisdiction. Henry Kissinger argued this aspect of sovereignty even applies to the highest crimes (crimes against humanity etc) while others claim universal jurisdiction over these. Noone, ever, tried to claim universal jurisdiction over circumventing copy protection. The US just does it.

It seems to me that few people are talking about what actually happens to phones/laptops when they're unlocked by a password given by the passenger.

There's a HUGE difference between...

A) A derpy mall-cop DHS agent casually browsing through your laptop/phone for a minute or two, looking at emails, pictures etc.

B) The contents of hard-drive/flash/phone being copied to a government server, stored in perpetuity, and subject to n-th degree content searches forever.

A is just annoying, B is vastly more concerning.

And you don't know, can't know which it is since they can remove the device from your presence. So you have to assume the latter.

Yeah, I would make that assumption if they confiscated the device and said "we'll send it back to you whenever."

But why do I feel that "derpy DHS agent browses computer for a few minutes" is far, far more likely in a scenario where the device is taken to a back room?

Is it really impossible to know anything about what is done with devices in the back room?

Let's say they had your device for 15 minutes. Thats enough to disassemble and copy a bunch of data and reassemble. Unless you have whole drive encryption they only need to copy the user folders (typically).

Or your machine might have been in a queue and only looked at for 2 minutes.

Or they might have not looked at it at all.

Now pick a few different timeframes and you tell me how hard it is to know?

15m seems like too little unless the traveler is a high-priority target. CBP is often crushed.

Let's not see this as simply a national policy issue. It's a global problem where peoples lose control to the levers of their governments. Sometimes, it's about a population that is deliberately misguided by propaganda. Often, it's a problem with the concentration of wealth and transnational entities who escape any reasonable form of governance. The solutions to this won't be found by ostracizing any nation's citizens, but, to join in solidarity to solve the economic and governance issues that are at its core.

Cooperative structures could offer an approach to these problems. Cooperatives are a way for a group of people to collectively own shared resources and make decisions about them democratically. Importantly, they are not governmental (i.e., they lack force of the police/military) yet can use the same legal environment that for-profit corporations enjoy. Cooperatives fall in the middle of the political spectrum: to liberals, they are about economic self-determinism; to conservatives, they are about smaller government and corporations. Cooperatives could be used to peel away economic activities from unaccountable entities.

As leaders and doers, we should start thinking about what activities we perform should be governmental, which should be proprietary (privately controlled) and which should be cooperative yet economically participatory. For example, regional water systems are often operated as cooperatives rather than for-profit entities or as a department in a municipal government. This distributes economic and political power. We could build upon this organizational pattern in other industries. We need more tools, research, and investment into how cooperatives could help us form global democratic networks that are small, distributed, financially sustainable, and accountable.

We need global, bottom-up, fractal governance and economic markets that distribute political and financial power.

The submitted title broke the site guidelines by editorializing. Accounts that do this eventually lose submission privileges on HN, so please read https://news.ycombinator.com/newsguidelines.html and don't do this.

This is, of course, very upsetting for the obvious reasons. However, there's a second aspect to this that is (IMO) equally infuriating. Which is that even when the Supreme Court rules on something, which (credit where credit is due) has always done its best in making rulings as clear as possible for future similar cases, that politicians (of any party really) will still find a way around it. In 1868 (Crandall v. Nevada) the Supreme court ruled that: "a state cannot inhibit people from leaving the state by taxing them."

Sure, maybe the word "tax" can be up for debate (although IMO taking someone's personal information is a tax). But if you look at point 8 at this link:


It states that during the ruling, The Supreme Court ruled that: "8. The citizens of the United States have the correlative right to approach the great departments of the government, the ports of entry through which commerce is conducted, and the various federal offices in the states."

The "tax" inhibit this right.

It is now 2018 (150 years later) and we have simply replaced the word "tax" with a different obstacle, which functions in the same way: inhibiting the freedom of movement for those who don't (or can't) comply.

I remember reading a traveller's guide to the Soviet Union, and talking about precautions you need to take while using your camera. It was written for the 1980s, I wonder if people back then would've thought, that 40 years later...

What kind of precautions did they recommend?

I’m not sure of the guide referenced, but I traveled in Russia extensively not long after the fall of the Soviet Union. Based on the advice we received, don’t do stuff like take pictures of government facilities, bridges, airports, etc. Don’t attempt to be discreet in your photo taking when you do take photos - hold your camera in plain view as to not appear you’re attempting to hide your activities. Don’t take pictures of things that might have the possibility to show the country negatively such as a dilapidated buildings, street beggars, etc.

Also, not directly related but be incredibly careful around military installations, and be aware that many strategic military installations are not clearly identified with signs (if you’re walking in a forest and hit a chain link fence don’t climb it).

Stuff like that.

It would seem to me the answer is to factory reset your phone before travel and reinstate it after landing. However, the UK is not much better, given recent legislation. Until the average voter gets concerned enough about this to make it an election issue, our lives will be more and more constrained.

I wouldn't recommend this. You want your device to look innocuous and normal. Nobody carries around an unused phone, so having one would be a red flag. Your phone will be examined for hidden partitions, and you'll be detained for further scrutiny.

If it's been factory reset and wiped, there's not going to be much that they can do about it.

They could detain you - but for what reason? Because you have a blank phone?

What if you don't have any social media presence? What if you simply don't remember your passwords (because they are stored on your browser at home, or you have some kind of device like a yubikey, and that's at home too)?

So they detain you, because...why? "Innocuous and normal"? So anyone who decides to forgo any electronic devices while traveling and doesn't have a social media presence (or maybe even an internet presence!) is considered "suspect"?

The more I hear and read about stuff like this, the more I just want to log off, move to the middle of nowhere, and switch back to coding on my old 8-bit microcomputer from the 1980s - this world and my country has gone insane.

It might make sense to have two images that you can switch between with TWRP or similar. One that is whatever you normally use, and one that is aggressively normal - factory reset, then add a secondary Google account, social media apps (with secondary accounts, maybe, depending), and casual games.

In iCloud ecosystem, create a family, with a child account AppleID.

Do a full backup. Wipe the phone, log in with child account.

You can now redownload a few key apps needed for the trip, as well as some normal apps: weather, TripIt/Uber/CityMapper, games, etc. Because it’s a family account, all the re-downloads are free.

Share essential data (that you don’t mind being taken) from your own account to this account the way you would to another family member. Use the iCloud “Family” calendar for your trip planning (useful anyway to share travel plans with partner etc), or subscribe this account to e.g. your TripIt/TripCase calendar. Invite this child account as a family member for your smart home etc., using child (parental controlled) config where available so it’s not an admin. Use secure Shared Notes from Apple Notes or Evernote to bridge travel lists. Subscribe to a shared iCloud Photos album so you can seamlessly post photos taken with this account back to your primary account (and that album will only contain photos you intend to be visible on this persona). Load in your business’s main contact info, your personal contact card with your business email and number, and then contacts for airlines, car rentals, hotels, and customer support numbers you use. If traveling with a partner, load their contact in as well, also using work info. Include a contact record for the ‘emergency contact’ you already disclosed on other forms (airline, customs). If the device is lost, searched, etc., revoke this child from everything you’d shared to it from.

If you need access to more while traveling, look into 1Password’s travel mode, and share a travel-safe vault from yourself to yourself:


When you are set up as you like, backup to iCloud. In the future, you can restore from this backup.

Caveat: On the parent ID, avoid applications that mark their data to exclude from iCloud backups unless they sync themselves to the cloud and auto-restore the data when restoring that Apple ID to a new device. For such apps, you will have to manually recreate their data, or use legacy iTunes wired backup and restore which defeats the purpose if you wish to restore at your trip destination. A common example might be Google Authenticator.

Pro-Tip: Restoring very large numbers of apps, as well as iCloud data such as files and photos, can take a very long time OTA. On a home Mac, set up iCloud Content Caching with a sufficient size to cache all apps, documents, and photo data, to radically improve restore times:


This will speed up app restore for the child account as well, though that shouldn’t be an issue as you’ll maintain a very small number of apps.

The device will be useful from home to destination, and info (notes, photos, etc.) on the go can be shared back to the parent. Depending on length of trip, you can restore to your primary ID at destination and then flip again for the trip home.

The device will be normal.

Have there been any court rulings that limit searches at the border at all? Are there any lines at all upon which we can rely on?

Even a tiny exception to the "4th ammendment exception" might allow for crafting safer transit.

I think the borders are technically not US soil so they are covered by a different set of rules/authorities. I could be wrong, not an US citizen, I seldom cross borders, feel free to correct me... ^__^;

Your right entry into the border is held as a plenipotentiary setting by SCOTUS, meaning the laws don't apply until you admitted into the border.

Not to my knowledge. One is subject to search within 100 miles of the border, not just at the border. You might want to search around Arstechnica for some of their past stories on this issue. They've been writing about this for years.

We should resist this by wasting as much time as humanly possible. How about carrying multiple data devices with brute force able encryption for meaningless data? Encrypted linux ISOs, 8051 datasheets, trivial C programs, etc. There's clearly a file structure in place, it's clearly not easily readable, the person who was carrying it will not (or maybe cannot because they genuinely don't know) divulge how to read it. All this just to waste their time and resources dealing with piles of this shit.

Anybody remember that USB stick that kills whatever it's plugged into? I could throw 2-3 of those into my luggage and forget about them.

This seems like a good plan if you enjoy sitting in a holding cell for hours or days.

If you have plenty of time sitting around while they work in your stuff and potentially being denied entry for the next few years you should absolutely do this.

Is this only for people entering the country or does it also apply to those in transit?

The US is the only country that I have passed though where they feel the need to poke around with your baggage that is in transit. (Its on my list of "shithole" countries).

I understand that one needs to go through customs & immigration, even if one is only in transit. But the idea that one needs to hand over one's "diary" is beyond me.

It's my understanding that a lot of US airports don't have an international-only terminal where people in transit wouldn't have to first go through customs & immigration.

Quick google search brought me here: https://www.tripadvisor.com/ShowTopic-g1-i10702-k10297825-Do...

No airport does; you are required to clear the US border to connect. There's not such thing as a transit passenger in the US.

Well, actually... There are.

LHR-LAX-AKL requires all passengers to get off but those not terminating in LAX stay in a transit area (although there's still an immigration check).

And IAH supports international transit for bags, but you as a person still need to immigrate the normal way.

No US visit for me then.

Hmm can this be filed as an insurance claim if they keep the device?

Most travel insurance policies have an exclusion for this, something along the lines of the following (taken from an AXA UK policy):

  Your policy does not cover you for any claim directly or indirectly resulting from any of the following:  
  8) Confiscation or destruction of property by any customs, government or other authority of any country

I've been working on an app/program that could be of use for this kind of situation. It's in way to early of a state to be released though. For the sake of giving it a name, we can call it Dead Man's Pass.

Effectively, for phones or laptops, you would have your standard password as well as a secondary password. If you use your fingerprint to open your phone, you would be able to register a different print as your secondary print.

Using your regular password/fingerprint would unlock the device normally. Using the secondary (dead man's pass) would either wipe the device, or open it to a honeypot state.

I think this would be useful for phones and perhaps laptops. If a memory card is confiscated, perhaps it could be encrypted with a program that follows the same concept. Either way, it allows people like DHS to demand a password, and have one given to them while also solving the problem of not wanting to show them private information.

Might as well just travel with wiped devices.

If you're a U.S. person the worst case scenario is they keep them anyways.

BUT! if you're NOT a U.S. person do keep in mind that CBP takes wiped devices (and lack of devices) as suspicious in itself, and may deny you entry.

Under this concern, perhaps the if being used in "honeypot" mode, it could act as a reverse vault. Rather than setting up what you don't want people to see, you would instead set what you do want them to see.

Regardless, implementation details would probably be better for a different topic.

Well, yes, CBP will be seeing a lot of what they don't care about (boring stuff), no doubt.

Is it an option to just feign ignorance and claim not to know the password? Sure, they might confiscate it but I guess then you'll have to find a cheap alternative to restore your backups to until/if you get it back.

I think a cheaper alternative is to only allow access to non-sensitive information when initially logging into the device, then hide any substantial information behind another layer.

Don't think the average customs officer has time or skills to dig out files containing encrypted volumes on your device.

The average customs officer will not do that. But they will potentially take an image of the hard drive (possibly by removing it and connecting it to an imaging computer) and store it, after which people/programs with both the time and skills can find your hidden data.

If that data is encrypted properly, then finding it after you've already left the country can't help you.

It wouldn't be too hard to assume they'd simply take that as a refusal (which it actually is). You might try to say that you've got some corporate policy going with your employer where someone else knows the password and you don't I suppose. I suspect that answer wouldn't go down well either though.

Why bother feigning ignorance? If you don't want them to have it, and you're willing to deal with the hassle, tell them that you won't give it to them.

More people standing up and saying no is one of the few things that might actually make a difference.

Plausible deniability in case of consequences for not revealing password.

So the DHS in the US began deploying facial recognition scan without any authorization and now they have gone and decided to implement collecting travelers passwords.

So the DHS requesting you passwords in order to enter and the DHS collecting your facial scan in order to exit will effectively bookend the experience of visiting the USA.

This agency seems to increasingly act with complete autonomy and impunity. The culture there seems to be one of arrogance and disregard. This is evident all the way down to the clowns at the airport who berate and harass regular folks who are just trying to get somewhere.

I always thought that immigrants always get the sharper end of the stick and I wondered when has immigration ever been easy without these kind of issues. But this is truly appalling. Two things I know to be true:

1. The current gene pool that will rule this country will be no different from the last and it will impose similar measures on the next pool.

2. What's sad about this is the long term damage done to trust and a raft of the rights of people, all for some short term security.

The only thing that can fix this is a return to thinking of consequences on a larger time scale and stop being afraid.

What would likely happen: detained at the border regardless your claims, send back on the next flight, denied Visa next time.

I would note that DHS/CBP can't do too much of this. It's very time-consuming even to set aside a passenger and demand their devices and passwords, and CBP has large plane loads to process quickly. So obviously they must only bother with this policy when they think they have reason to -- because you're on some list, or perhaps because someone with the same name as you is on a list (scary!). There are some natural limits to this policy.

German here, in his 40s, earning quite an above average income in IT as does my partner. Double income no kids as they say. We travel a lot, just not to the US anymore.

Reminder: pay your yearly contribution to your lawyer.

i.e. Write checks to ACLU and EFF.

ACLU: https://action.aclu.org/donate-aclu?redirect=donate/join-ren...

EFF: https://supporters.eff.org/donate

Yes, officer, the password is "Orwell1984".

Where's the data? What data? The only thing on there is an app called "Secure erase free space". No, you can't have the encryption key to that flash drive there, but I'll surrender it under protest.

I think the only option now until the policy changes is to just carry a phone with no data on it and a laptop without any hard drives/secondary storage (which you boot with a live usb).

Basically, don’t carry data with you. Leave it all in the cloud. You can’t be compelled to provide the password for a service which contains data that is not on the device.

I posted basically this elsewhere on this thread, but:

1. Make sure it's a cloud service that you trust (i.e. audited, self-hosted and you know what you're doing etc.), since they'll probably keep the data on it forever, regardless of whether you delete it.

2. They will eventually ask for your password for that cloud service and download the data from it. For the truly paranoid (which is increasingly coming to resemble "people who care about security at all", sadly), use a cloud service with a duress code https://en.wikipedia.org/wiki/Duress_code. Returning fake data with a duress response can get you through security quickly if the people searching your data don't identify it as fake. Otherwise, the response of "I just gave a duress response and was permanently locked out until I personally visit the agency holding it in $my_country_of_origin and re-authenticate" may have a slightly higher success rate of getting you through security than refusing to surrender passwords. But then you don't get access to your data until you do that. There's always the "inconvenience" bluff-call option of "after I gave the duress response, I won't have access to my data for a week", but depending on how petty/suspicious the officers are that can be equivalent to asking for a week's detention.

This is a terrible idea.

Chromebooks will be flying off the shelves after this. They are only allowed to view content on the device itself, not access any cloud-stored data.

the device still has a cache... plus unlocking a device with your google account and then handing it over to a border guard is the last thing I would want to do.


DefinitelynotfakedmitrygrLOL@gmail.com password: fucktheDHS

Log in works. Chromebook shows apps. Emails. Etc.

If you are a U.S. person they cannot deny you entry for not giving them your passwords, though they can keep your devices for some time.

I think I remember reading that they can still detain you "indefinitely" even if you're a US Citizen. Is that not correct?

They can detain you indefinitely even if you're a US Citizen, but afterwards they will be sending you a rather sizable check to settle the lawsuit you file for getting your civil rights violated.

Unless you commit a crime crossing the border (like getting caught with drugs), CBP does not have the authority to detain a US citizen without probable cause. Refusing to provide a password is not probable cause.

Correct. But they can retain your devices and all your stuff.

An obvious solution is to upload your data to a cloud service before passing the border and download them later.

Will that be declared a contraband soon?

I trust my country more than I trust Google/iCloud/Dropbox/etc. I'll take my chances.

What you really should trust is strong encryption with keys managed by yourself.

Great. I am planning a trip to Cuba in the near future and now my costs include a burner phone

Absolutely not. Having lived outside the US for two years (so far), I halfway expect to encounter suspicion when I return. I absolutely will not stand for this. I will not cooperate and I will resist as much as possible, short of violence.

As someone who has been living overseas for over 11 years, I can honestly say that US border control and TSA have the most unprofessional and disrespectful employees I've encountered in my travels. It's unlikely they'll ask to check your electronics unless they suspect you've been someplace like Syria, Iraq, etc., but nevertheless they'll look for any reason at all to question you as if you're a criminal.

If foreign visitors get treated even half as poorly as I've been treated, and I'm sure they do, it's an embarrassment. I wish more Americans traveled overseas because if they experienced the difference between how we treat people vs how others do, they'd be properly outraged.

I stopped bothering even being polite to them after getting repeatedly questioned about my travels when I trying to get back home before my mother died. I'll be the first to admit that I often have trouble showing empathy, but these people make me look like a saint.

I'm missing my right hand, on my first visit to the US since 1994 (as a child) I was asked to scan my hand. I politely tried to tell the agent that I'd have to scan my left hand and he started shouting at me without looking at me.

Each time I uttered anything he'd just randomly shout for me to comply, after about the fourth time he looked up and ordered me to use my left hand.

Absolutely bizarre experience.

I was suspected of going to Syria, and they did not search my electronics (or anything) at all. It wasn't until after all sorts of questioning that they searched me, and they didn't tell me the reasons for their questions until they were done either.

Oddly enough, I had a raspberry pi with me (with no case or packaging), and I thought I'd get accused of making bombs like the girl at Logan airport. However, the kid searching my luggage said "cool, a raspberry pi! What projects do you do with it?"

> I wish more Americans traveled overseas because if they experienced the difference between how we treat people vs how others do, they'd be properly outraged.

Twelve years or so ago I was having serious doubts they were going to let me leave Amsterdam to travel back to the US (on a one way ticket) because I had a Iraqi customs stamp in my passport, they were quite concerned and inquisitive about it.

Previously on the same trip I was searched pretty thoroughly on the train because I just happened to be traveling between countries on the same day as the 2005 London bombings. I guess they figured anyone traveling around Eastern Europe with a ukulele probably isn't too much of a threat so they didn't hassle me too much.

That second one kind of surprised me because I thought they just let you travel within the eurozone without problem.

"I can honestly say that US border control and TSA have the most unprofessional and disrespectful employees I've encountered in my travels"

They really seem to be selecting for the biggest assholes they can find. I have had many weird or disrespectful encounters with them. Example: asking my American wife (I am German) " why did you not marry an American, but a foreigner". Who would ask such a question as the first thing?

"An interesting game. The only winning move is not to play."

The only effective resistance is to not cross the border. As soon as you move into the transit area you are devoid of rights, privileges and protections afforded anywhere else and completely at the mercy of the person in front of you. Give them a snarky remark and you'll spend just enough time in a small room while they run "additional checks" to miss your flight.

I'm in the same position, but I suspect it will get much worse than this as it has since the start of The Global War On Terror™.

Time to go long Leidos Holdings, Booz Allen Hamilton, CSRA, SAIC, CACI International, end etc?


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact