Yes, this applies to U.S. citizens and permanent residents as well as visitors."
That is just insane and unacceptable.
I will be traveling with throwaway, obviously tailored devices with insulting passwords, lock-screens and documents and a huge pile of encrypted chaff. Let them document me as a troublemaker.
Better, let them document hundreds of thousands of us as troublemakers. CBP and ICE have been drifting towards authoritarian-shitheaddom for a long time and really needs a serious pruning/lobotomy. It won't stop until there's noise about it.
Sure you are the big hero, but you upset the people with the power to make everyone else’s lives miserable.
Good to see that the rich still get things their way.
The better course of action is for us to work together toto make it
1. trivial for everyone to hide their data, and
2. trivial for everyone to maintain vanilla data for plausible deniability.
The end result is still a victory for privacy, but with far less friction with government at the individual level.
Phuu.. then tell them up front you'll meet them at the gate.
I great excuse (I have read this somewhere) is that you've heard they keep screwing the calibration of the of the ray-machine and over zapping people and don't want to trust your life to some min wager who really don't care if you lose 10 years or not.
I've always opted out.
TSA/DHS needs to be lobotomized/euthanized. Vote.
War with our government is rather hyperbolic. Only nation-states can go to war—citizens are just traitors and terrorists.
- The rule of law is only as good as the people's ability to hold each other accountable. Secret rulings and operations violate that contract.
- Nobody's talking about doing anything criminal. Law enforcement operated just fine before encryption, and they'll keep us safe even when everyone has secure private communications (again).
As for voting,
- As a politician, voting for "security" over privacy bothers a few constituents and just annoys the rest. Voting the other way has a non-zero chance to ending your career when the next terrorist attack happens.
- The national security agencies (and contractors) have a strong incentive to acquire power (funding/authority), which increases their ability to seek more power. The privacy charities seek to remove that power, which does not increase their ability to seek more power. In a fight between a self-reinforcing loop and a self-balancing one, I expect the former to win.
- J Edgar Hoover wasn't a unique phenomenon. Power corrupts.
But really, if everyone had unsearchable data, what's the worst that could happen (that couldn't already)?
I don't think we should throw up our arms and say that it is a waste of time to try and change the way DHS and TSA conduct themselves. If we do not protect our rights we will lose them. There is nothing new here. You seem to believe that citizens of the United States have no power to influence their government. I reject this belief.
I generally agree with you. Didn't mean to come off so pessimistic. :)
Vote. Support the ACLU. Support EFF.
Be care.. on HN "there's really nothing I could" sounds a bit defeatist.. :P
One could use this as an opportunity to learn about how to still do work without using your predominate computer. Assuming if you lost your computer it would be a PITA to reset it? Not a good position to be in. But it's a solvable problem.
Can your project be dockerized? Before you leave can can you have a AWS instance primed for you to hit it rather than localhost. Don't know about docker.. great opportunity.
Do you have crazy configs/environ-files stored on your computer? Stick them in github with scripts that set them up from a clean machine.
Is this all a pain? yeah of course.. but I'll bet you that you'll gain a whole bunch of new skills.
The general thoughts here (AFAIK) is to bring a clean burner phone and a clean machine (such as chromeos with maybe a clean ubuntu crouton on it).
Good luck... I'll look forward to your how-to post.. I'll sure there will be many HN'ers that will too. :)
The only time I'd even hesitate to trade my precious time for my integrity is if I actually had something to hide, unfortunately. Which just reinforces their assumption that anyone not immediately unlocking their device to let them read your business docs or see your kid photos - must be hiding something.
I don't want border officers looking into my personal pictures that might have nudes from my girlfriend, fiddling around conversations with friends with jokes about drugs, conversations with my girlfriend about her mental health, same with some other close friends.
Those are private things, not necessarily harmful or criminal but things I surely don't want to be sharing with random people making decisions about entering a country.
Unfortunately the effect on me is a full deterrent: I have the money, time and desire to visit more parts of the US. I have been to San Francisco, Los Angeles and New York for vacations once and would love to go back to the West Coast and check out national parks like Redwood or Yosemite but I really can't be arsed to be "digitally frisked" around, the world is huge and I can afford to go to other places.
Absolutely agreee. But as long as the only people who argue their privacy actually are those that have something to hide, the two will eventually be conflated. And the way they implement this is by giving a lot of wiggle room for border staff to implement these terrible laws.
> I don't want border officers looking into my personal pictures that might have nudes from my girlfriend, fiddling around conversations with friends with jokes about drugs, conversations with my girlfriend about her mental health, same with some other close friends.
I don't want that either. I don't think anyone wants this.
The bottom line is: all you can do, at least as non-citizen, is a) don't visit or b) comply with whatever stupid laws there are, including complying with officers that don't follow the law. Because if you want to enter you do as they say.
as an immigrant, I have always opted out of the scanner with undocumented effectiveness and undocumented health effects with no consequences other than a pat down.
This link is admittedly an advert for legal services, but there are a couple of interesting snippets in there such as:
> ... if you have been refused entry into the United States at any point in the past, even for an expired passport, the previous denial is reasoning enough for future denial.
IANAL but my understanding is that for non-residents there's no legal obligation to admit you outside of maybe some of the international refugee conventions (which are unlikely to apply). The law is deliberately discretionary. A refusal to admit can be based purely on "suspicion". You can imagine a CBP officer finding you suspicious (rightly or wrongly) because you refuse to hand over your passwords even if they don't have a legal right to force you to hand them over. They can simply offer you a choice of handing them over or going home.
To be clear: I'm not advocating for this state of affairs, but it does appear to be the case.
specially nice is the quotes: "and something you experience so infrequently, even if you’re a regular flyer—that you don’t have much to worry about."
such a glorious logical falacy. or they dont know what infrequent and/or regular means.
and yet, the author saw it proper to publish twelve quotes from that person with unbased, uncontested positive remarks. great journalism.
I should also note that at least as a US citizen, having traveled through some 40 or so different countries, US customs is the third most unfriendly customs I have traveled through. Only ones worse for me have been Canada (last trip to Canada was likely the last I will make after my last customs experience there) and Czech. I feel much more comfortable visiting supposedly authoritarian countries than I do the United States.
Czech Republic is an odd one, I’ve not had any problems personally and I’ve flown in and out of Brno and Prague a few times (though I prefer Vienna). Mind sharing what happened, purely to satisfy my curiosity? I had a weird issue when one customs guy was trying to tell me that I reported my passport missing a year prior, and he got extremely frustrated that I couldn’t understand what everything was saying. Nothing came of it, it was just a few confusing minutes with an obviously flustered person who was refusing to believe my Czech was as terrible as it was.
Can't say I've ever had a problem, but then I'm also a citizen, which may make things different.
This way we could consent to search because the devices were blank. It's highly inconvenient and I hope the US doesn't turn into a high risk border.
Then they don't get in. Things like company secrets or client-lawyer confidentiality just doesn't apply here. You have a choice to give all that up and enter, or just return.
The solution as others pointed out is not to travel with the data, but that's just cumbersome. You can always just use whatever cloud service you want, and delete the local copies, downloading the encrypted info again when you have entered the country.
I honestly don't think they need/use/keep passwords after I pass through. They may want to look in rare cases, but I actually think it's more of a "control question". If you don't have a normal set of social media accounts you are not normal or you are hiding something. If you aren't willing to show it, you are hiding something. What you are hiding doesn't matter. They use it as a "tell" to see if you need to be investigated further.
These questions have always existed. They ask you what your business is entering the country etc, but they are as interested in whether you are sweating as they are in what you respond. Same here. They don't need to see your family photos they need to see you give up your privacy like a "normal person"
1. Store confidential data on company servers or a secure/trusted/audited cloud service.
2. Protect that data with two factor authentication, ideally with an ephemeral/rotating factor.
3. Incorporate a duress code into one of the auth factors (e.g. "add one to the google authenticator result when logging in or you get fake data/get permanently locked out until you human-authenticate to regain access"), ideally both.
This is far from perfect, but reasonably secure and not terribly inconvenient in practice. Additional layers of protection can be added to the duress process, like defaulting to under-duress behavior until a certain timeframe (i.e. you're being searched at the airport and not during your appointment time slot), or when from an unrecognized network location. Like all duress-code-based responses, it is vulnerable to humanity (e.g. torture/intimidation).
I'm no digital security expert and I haven't ever, and don't ever want to, travel to the US but if I was to travel there any devices I took would be blank. All data I needed would be in the cloud. How are they going to know?
You've made a great point here.
What criminal is also going to carry their incriminating data with them? This isn't an effective policy. What problem does it actually solve?
These are checks you can perform on everyone, after all.
My main way of disagreeing with policies like this is to simply skip any travel to the US. I can't vote, but I can vote with my wallet.
But basically saying that people should either accept that their expensive holiday (or job) might go down the toilet, or they have no principles - is a bit much to expect I think.
That is exactly the situation and there is no easy way out. There are solutions, but they are long-term and often unfeasible.
There are always ways.
If you do that then whether the phone is empty makes no difference. You’d be detained or deported.
Show them a completely empty phone and an empty Facebook account and you’ll be asked tough questions too.
You basically need to fabricate a whole new persona on social media.
> You basically need to fabricate a whole new persona on social media.
o-k-a-y. not rocket science. you're not james bond.. it doesn't have to be super crazy.
1) create a new gmail account, sign up for some tech newsletters.
2) create a twitter accounts, sign up for recommended people.
3) do a google search for 'cats and dogs' and download some pics
I wouldn't be surprised if someone's hasn't created a bash script to do something like this.
I'm talking about revealed preference, more than anything else. Yes, fighting is risky and unpleasant. It always is. You make your choice and live with the result.
Flying over to make trouble at the border is just wasting $1k+ on a plane ticket. I’m sure if I really wanted I could make more difference to legislation by just donating that money to the ACLU or similar.
But this particular variation "you're a hypocrite for spending energy on X when there's so much Y in the world" argument was weak when it was first trotted out and hasn't aged well. Worse, the argument is an irrelevant red-herring when talking about choices an individual makes about their own reactions to their own rights being encroached in day to day life. Nobody complains that someone who fights back at being mugged isn't also fighting spousal abuse in $far_away_land.
I honestly can't tell if you are trolling, I missed the irony, or you are really as dense as a badly trained racist border office (which thankfully is not all of them)
Now: I’ll be very clear that I don’t agree with these policies. They are terrible.
And obviously if I had anything sensitive I wouldn’t travel with it in the first place! But if I landed in Miami tomorrow for a holiday and someone asked me to unlock my phone so they could look around - would I? Yes! Because I know that not doing it leads to somewhere worse.
The point I was trying to make was that I don’t have the luxury of standing up for principles at the US border. Best case it will take a few hours of me being difficult while my family waits. Worse case I’m on a plane home again.
So the end result is that if I’m reluctant to show device data at the border, it’s because I realized that something on my device would be found a more serious issue than my refusal to show it.
Do not take my previous post as me subscribing to some form of “it’s no problem if you have nothing to hide”. That’s not what I was saying. It is a problem, and I just don’t have a choice.
That, again, is what the people authoring and enforcing these policies count on. The power dynamic is almost entirely against travelers. All the solutions are so radical as to be unfeasible in the short term (remodel international transit authorities; move business out of the US; remodel businesses to not require travel, etc.).
However I would never give my password to anyone. As a matter of principle, giving out your password is like betraying yourself.
Granted, I've never been asked, so I'm not sure what amount of pressure / threats I can withstand. I hope it's a lot, because asking someone for his password is insane and despicable.
It is also a reminder that as we get more numb to issues like this, it gets worse.
It is probably time to call your representatives and raise your voice.
Talking to your representative is roughly as useful in curbing these things, as doing nothing at all. What's the real solution?
Also supporting EFF & ACLU and their efforts to use the laws seems to be somewhat effective.
It also comes back to the individual convenience vs collective action. If everybody obeys the orders of border agents, police, etc without exercising their rights because they have nothing to hide, this gets easier by the day.
This is not about hiding something, this is about harrasment of an individual's privacy.
Have you ever called your representatives?
Knock yourself out.
Spoiler alert: almost everyone reports getting a cookie-cutter email or scripted response about why the rep will stay the course. They clearly have an established strategy of how to handle the 'contact your rep' crowd and channel their efforts to /dev/null.
Who is “almost everyone”? Any personal experience?
Mine involves getting a personal e-mail from my state Assemblyman, being patched in to the senior legislative aide to my U.S. Congresswoman who spoke to me at length about the issue, getting follow-up by e-mail to calls after the points I raised were discussed with my U.S. Senator, and being reached out to by my state Senator’s office for input on a draft bill. I also know that for my tech-savvy Manhattan Congressional district I am usually one of a small handful voters regularly calling in about digital privacy.
I’m fine with voters being busy or lazy. But don’t brag about it.
For your one story, you can click the top few links of that search to see detailed accounts and full documented histories from representatives who are clearly systemically stonewalling this kind of activism. And judging by those counts, they are the majority.
Many of “thousand of Reddit stories” are just like your comment. Repeating a meme, nothing more.
Will your representatives always be responsive? No. Some are worse than others. On some issues, the political tea leaves are too obvious to merit discussion.
By and large, however, representatives and their staff care about their constituents. When you call (better than form responses on websites), you show you care about an issue. Their offices want to know if you represent a budding movement they can attach to.
You’ve cast aside a core civic right and, in my opinion, duty, based on anonymous forum comments. It would take you thirty minutes to call yourself, but that’s too much of a hassle. Fine, that’s your right. It’s also mine to call out your comments as emotional self-indulgence more than anything substantive.
Demonstrably, provably, completely, wrong.
https://www.reddit.com/r/netneutrality/comments/7kzblu/i_con... - 4 page account of comms
https://www.reddit.com/r/Firearms/comments/75yjkd/the_offici... - photos showing redditor attended in person instead of making a phone call. Was told their concerns would be 'passed along'
https://www.reddit.com/r/pcmasterrace/comments/6dm169/i_also... - full account of comms. Again cookie cutter response.
Maybe this is biased because it's the top results. Let's jump to page 4.
https://www.reddit.com/r/SaltLakeCity/comments/7dtlyr/i_just... - rep's voice mail is full and has been for months. No response
https://www.reddit.com/r/Connecticut/comments/7gwins/this_is... - representative actually stands up for the interests of constituents. Yay, we got one!
No memes here, just detailed accounts which overwhelmingly demonstrate that paid-for representatives have a strategy to deal with this.
As for civic duties, you do not have a civic duty to uphold a process which is a textbook example of regulatory capture. If you get success by doing it, great. But statistically, for the majority of Americans, talking to their rep is worse than doing nothing. It's spending their time and effort on a process which is designed to ignore them, so they don't spend that same effort searching for an alternative process which might actually work.
This process used to be effective; before it was circumvented by lobbying activity. You can't cling to it today just because it worked yesterday. You also can't get jobs by just turning up to places and handing out your CV. Times change.
Onlookers are to make of that what they will.
Yeah, some reps are bad and don't listen but I'm willing to bet most at least log down how many people complain about what. Having an attitude of contacting them does nothing only just makes things worse and has no potential upside. At least if you do "waste" your time contacting them you may have a change to do good.
The biggest irony is that shortly after I contact any legislator telling them how I oppose their policy position, they start sending me mail asking for campaign contributions.
Call your representative, or meet them in person when they're back in the district. If they know you're a real person, they will respond to you directly with something more than a scripted response.
Calling your rep, or meeting them in person, are the two most effective ways to communicate your concerns. Because people who take the time to call or meet in person are also the type of people who take the time to vote, and in the end that's what really matters.
If you want to cross you either need to wait until the appropriate time as dictated or you need to risk your well being and cross the road.
Also, it may be true where you are, but it's not universally true. I know the cycle and timing of the lights near my home, and I keep getting frustrated by people who don't press the button and now I need to press it, and wait an extra cycle.
I find this extremely implausible. If it were true, wouldn't it also imply that customs and immigration officers aren't allowed to ask any questions that don't appear on the customs form? I thought it was generally accepted that they had a wide latitude to conduct an interview and use the results to determine admissibility.
The Paperwork Reduction Act is primarily designed to regulate exactly what it sounds like -- standardized forms for data collection. It specifically excludes "A request for facts or opinions addressed to a single person". (https://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&rgn=div5&view=t...)
PAPERWORK REDUCTION ACT STATEMENT: An agency may not conduct or sponsor an information collection and a person is not required to respond to this information unless it displays a current valid OMB control number.
Perhaps it doesn't matter to you how the US is perceived overseas, perhaps you don't want my money. Perhaps you don't mind being poorer. To me it has become the land of the police-state and the home of the Trump-Chumps.
I know 10+ people who are educated, hard-working, and have every qualification yet are denied a simple tourist visa to the US for whatever reason. The process is lengthy, costs a decent amount of money, consists of filling out ridiculous forms on antiquated websites and attaining sponsors from the US, and then results in a 5 minute interview where some prick essentially makes a snap judgement about the candidate. We got lucky once with the tourist visa process, but that was pre-Trump.
The US is an utter embarrassment, and if it weren't for my family still being there, I wouldn't really care much about never going back.
It is a lot of reading, a lot of forms, and nerve-wracking interviews so I understand where you're coming from. But now she has a green card and it's a huge weight off our chests, great to be able to live a normal life. No one is coming for legal permanent residents, especially by marriage.
Almost everyone we interacted with along the way (except for the border control at PHL) was pretty friendly and just doing their job. No one seemed to have an axe to grind against immigrants.
The best resource I found was VisaJourney which has guides, timelines, useful forums, crowd-sourced processing times, etc.
I'm sure you'll find other users there from your partner's country so you can get a feel for what the process is like from a relevant perspective.
Here is the process/timeline for a fiancee visa: http://www.visajourney.com/content/k1flow
Happy to help if you have any questions
For example, they scheduled her for an interview on a date that was impossible for her to make (iirc, that was her first day of a new job). She went to the INS offices to ask to have it rescheduled, and the person at the desk just gave her a flat "no, we do not reschedule interviews". My wife asked to speak to a manager - something that's eminently reasonable, if maybe slightly annoying, at any business - at which point the INS employee bushed a button that summoned to burly guards to physically remove her from the premises, stating that she was a threat to the office's security.
Your desire not to be a burden is laudable, but there's a more-important principle at stake here. Government officials should always make an effort to accommodate reasonable requests, or if that's not possible, to explain why — and moreover, those officials, as representatives of this country and its citizens (including me), should damned well be at least that welcoming and courteous to a visitor or new resident such as the GP's wife. Assuming that the GP was accurately telling the whole story, every American should be thoroughly embarrassed that the GP's wife was treated so abysmally, and the officials responsible should be disciplined.
That's not what I said. I don't try not to be a burden, I just don't expect consular officials to give a shit about my schedule, and set my priorities based on that. Sure they should be welcoming and all, but it is what it is.
Attempting to reschedule an immigration interview doesn't strike me as unreasonable, nor does escalating to a supervisor if you don't like the answer you got. The employee calling security, on the other hand strikes me as abusive. I think that employee should be fired and probably not given a position of authority where they can mistreat others that way again in the future.
Given how long everything takes when dealing with immigration, it's not exactly surprising that they aren't able to accommodate people's schedules.
> Given how long everything takes when dealing with immigration, it's not exactly surprising that they aren't able to accommodate people's schedules.
If things take a long time, it shouldn't make much difference to them whether they do an interview this week or next. It's surprising that everything takes a long time though, from a certain point of view anyway.
The visa process is relative straightforward. Will the person who is given the visa come back to the country of origin? This is determined by money more often than not, and it's the harsh reality of the situation.
The US has many natural wonders, and it has a lot of quite good people. But the political system is so out of whack that it makes me want to stay away for a very long time.
Furthermore, having to deal with US taxes while living and working abroad is really a hassle. True, one doesn't typically owe any US tax money if paying a higher rate elsewhere, but filing is still required. And filing can be messy if your life is not the standard simple permanent employment situation.
If it's not too personal / I'm curious, where do you live?
Luckily, it's not hard for us to get US researchers to our place for a visit, they tend to like sunny, peaceful places in Europe where you can stroll through the city by foot.
I leave a dummy partition with Windows, office and other shortcuts and a wallpaper of a cat during my US visits.
I also have both a facebook and a gmail subscribed to all the spam you can get.
Not because I have any criminal activities but my customers deserve to have their information protected.
If authorities want to check my private and work data, they can ask nicely through a judge.
I am confused,surely non-citizens have no rights or recourse to the law at an airport?
In any case, I am concerned that your approach would be defeated if they took an image of your hard drive and threw some basic tools at it. They probably have this as a kit.
On a laptop? All laptops I've seen have the hard disk plugged directly into the motherboard, with no cables in between. Having a SATA cable is more of a desktop thing.
Perhaps nowadays it's the norm to have it all soldered in but I'd just not buy such.
That said, I'd imagine there's an economies-of-scale advantage to having soldered-on drives (to say nothing of the economic benefits of un-upgradability: sorry folks, but there aren't enough people to whom part-swap upgrades are important to sway the hardware industry at large on this issue, though a few small manufacturers/lines will probably target that market). As a result, I'd imagine that we'll see more and more of them in years to come, though I'd be happy to be wrong about that.
'course, I don't recommend bringing your data into a country you consider hostile regardless of whether you've set it up so a cursory search doesn't find it. If the country really is hostile to your interests, that won't stop them if they want your info.
I knew some programmers who worked for a EU company that had a military contract.
When they traveled to US (talking around 2005 here), their entire harddisk was encrypted and they got a short education on how to handle certain suspicious situations.
US is known to use intelligence data any way they want, including economical gain. So if your laptop contains any confidential data of any big European company, it's already a good idea to not make that data available.
The whole Edward Snowden debate was only an issue because US was collecting data of their own citizens. Let's be honest, nobody cared who they were spying on abroad.
It's really sad to see how "friendly" nations treat each other like that.
So to answer your initial comment: The one who has the confidential information is not the spy. The spy is the one who wants to get access to it.
The normal user browses the web and almost nothing else.
They only did that though because he just finished a 3 month tourist visa, left the country for a week, and then came back with another 3 months.
Also a case in 2016 of a UK citizen being arrested for refusing to give his password to UK border police: https://www.theguardian.com/uk-news/2017/sep/25/campaign-gro...
I'm not sure why people think electronics would be an exception to this general rule (which has been in effect, like, forever... the only exception that comes to mind is diplomatic pouches).
I'll take a swing at this.. one reason is that modern electronics contain - both directly and through remote access to other systems via stored cookies, etc - far more private and/or commercially-sensitive information than almost any other widespread physical object that may cross a border. In the 1960s a (non-spy) traveler faced a search of some clothing, cash-on-hand, and perhaps some food/snacks and prescription drugs. Far different from facing a search of every photo you've ever taken, every private message you've written to your spouse, or the full IP of your successful software company, etc.
"Visitor exports generated USD 212.3bn, 9.5% of total exports in 2016. This is forecast to fall by 0.6% in 2017, and grow by 3.9% pa, from 2017-2027, to USD 309.7bn in 2027, 9.3% of total." 
US GDP in 2016 was USD 18624bn. 
So I suppose it's only 1.1% of GDP.
What's USD 212.3bn between frenemies huh? ;-)
Tourism generated 1% of the GDP but you don't know the impact on other industries, you haven't seen figures on lost of tax revenue from jobs lost, cost of retraining people to find new jobs, burden on society from unemployment, etc.
I don't think that tourism will cease in the US but any downturn on it has larger effects than just the GDP figure brought by the industry itself.
Of course, if you only care about numbers the dollar figure won't look much, if you care about the lives affected by idiotic policies then you have to look deeper.
Theoretically it could be extremely convenient to use the US as a transit point if your final destination is, for example, a country in Latin America.
But when you connect via any US airport you need to deal with imigration, pick up your luggage, deal with customs hassle, re-check your luggage and proceed through the entire TSA song and dance.
Depending on the airport not even 3 hours may be sufficient to make the connection and the hassle you experience is just not worth it.
For comparison: Some European airports have legal connection times of 30 minutes (Vienna). Longer than 90 minutes is almost unheard of.
Just about any international airport gets that concept, even in massively underdeveloped countries. The US just doesn't seem to get it.
It must cost US carriers dozen -, if not hundreds of millions in yearly lost revenues.
The US is not the first empire. You might want to read up on how the others failed.
About 1.3% of US GDP - which is maybe not significant to the US economy as a whole but I suspect that spending is very localized in locations that probably would suffer if foreign tourists reduced in numbers.
EDIT: That was a knee-jerk reaction. Sorry about that.
The general population should be welcomed with open arms - retaliation on them achieves nothing. It's not their fault.
Last time I checked the US had elections, so yes, it pretty much is their fault.
The blame can not be placed on any recent administration or person. The problem is a systemic issue, deriving from the constantly increased demands of "increased security" from the population on both side of the political fence.
For sure, but the popular vote should be better represented by the district maps.
> I am still bitter about her ... successful interference in the DNC
I was a Bernie supporter, but I knew that the political machine wouldn't swing so far as to select him. He is too unorthodox, too progressive, too not-rich.
Unfortunately I don't think this will do what you expect - they'll probably happily hand over their password.
Refuse to cooperate and you'll be on the next flight to whatever CBP deem is your home, and good luck ever getting an ESTA or Visa in future.
If you are refused entry under the program for any reason you can't ever use it again and will have to apply for a visa proper.
So you can try and quote laws and rights and not hand over your password, but they're likely to simply refuse you entry. They might well keep the laptop/phone/device too.
> and good luck ever getting an ESTA or Visa in future
Maybe you have relatives there.
Maybe you have clients there.
Or conferences, or other professional events.
Maybe you are even resident there.
And this was not the first time this was done: Sklyarov was arrested for violating the DMCA while outside the USA as well. That case was one of the primary reasons I excluded the USA as my immigration target and landed in Canada instead (back in 2006 I was in a position where I could choose).
This policy just makes my resolve stronger.
>This policy just makes my resolve stronger.
Canada (and the UK and Australia) has this same "give me your password" policy , too. They've even arrested re-entering Canadian citizens for refusing .
So while your decision may have been "noble", I'm not sure Canada was the right choice.
"According to an agreed statement of facts, Philippon had $5,000, two phones and traces of cocaine on his bags when he arrived in Halifax."
Yes, that's what you must do any time you enter a country. Any country is free to arrest you for past violations of its laws when it has the physical ability to do so. Once you're physically present in a country, it no longer needs to demand your extradition: you've extradited yourself.
There's a HUGE difference between...
A) A derpy mall-cop DHS agent casually browsing through your laptop/phone for a minute or two, looking at emails, pictures etc.
B) The contents of hard-drive/flash/phone being copied to a government server, stored in perpetuity, and subject to n-th degree content searches forever.
A is just annoying, B is vastly more concerning.
But why do I feel that "derpy DHS agent browses computer for a few minutes" is far, far more likely in a scenario where the device is taken to a back room?
Is it really impossible to know anything about what is done with devices in the back room?
Or your machine might have been in a queue and only looked at for 2 minutes.
Or they might have not looked at it at all.
Now pick a few different timeframes and you tell me how hard it is to know?
Cooperative structures could offer an approach to these problems. Cooperatives are a way for a group of people to collectively own shared resources and make decisions about them democratically. Importantly, they are not governmental (i.e., they lack force of the police/military) yet can use the same legal environment that for-profit corporations enjoy. Cooperatives fall in the middle of the political spectrum: to liberals, they are about economic self-determinism; to conservatives, they are about smaller government and corporations. Cooperatives could be used to peel away economic activities from unaccountable entities.
As leaders and doers, we should start thinking about what activities we perform should be governmental, which should be proprietary (privately controlled) and which should be cooperative yet economically participatory. For example, regional water systems are often operated as cooperatives rather than for-profit entities or as a department in a municipal government. This distributes economic and political power. We could build upon this organizational pattern in other industries. We need more tools, research, and investment into how cooperatives could help us form global democratic networks that are small, distributed, financially sustainable, and accountable.
We need global, bottom-up, fractal governance and economic markets that distribute political and financial power.
Sure, maybe the word "tax" can be up for debate (although IMO taking someone's personal information is a tax). But if you look at point 8 at this link:
It states that during the ruling, The Supreme Court ruled that: "8. The citizens of the United States have the correlative right to approach the great departments of the government, the ports of entry through which commerce is conducted, and the various federal offices in the states."
The "tax" inhibit this right.
It is now 2018 (150 years later) and we have simply replaced the word "tax" with a different obstacle, which functions in the same way: inhibiting the freedom of movement for those who don't (or can't) comply.
Also, not directly related but be incredibly careful around military installations, and be aware that many strategic military installations are not clearly identified with signs (if you’re walking in a forest and hit a chain link fence don’t climb it).
Stuff like that.
They could detain you - but for what reason? Because you have a blank phone?
What if you don't have any social media presence? What if you simply don't remember your passwords (because they are stored on your browser at home, or you have some kind of device like a yubikey, and that's at home too)?
So they detain you, because...why? "Innocuous and normal"? So anyone who decides to forgo any electronic devices while traveling and doesn't have a social media presence (or maybe even an internet presence!) is considered "suspect"?
The more I hear and read about stuff like this, the more I just want to log off, move to the middle of nowhere, and switch back to coding on my old 8-bit microcomputer from the 1980s - this world and my country has gone insane.
Do a full backup. Wipe the phone, log in with child account.
You can now redownload a few key apps needed for the trip, as well as some normal apps: weather, TripIt/Uber/CityMapper, games, etc. Because it’s a family account, all the re-downloads are free.
Share essential data (that you don’t mind being taken) from your own account to this account the way you would to another family member. Use the iCloud “Family” calendar for your trip planning (useful anyway to share travel plans with partner etc), or subscribe this account to e.g. your TripIt/TripCase calendar. Invite this child account as a family member for your smart home etc., using child (parental controlled) config where available so it’s not an admin. Use secure Shared Notes from Apple Notes or Evernote to bridge travel lists. Subscribe to a shared iCloud Photos album so you can seamlessly post photos taken with this account back to your primary account (and that album will only contain photos you intend to be visible on this persona). Load in your business’s main contact info, your personal contact card with your business email and number, and then contacts for airlines, car rentals, hotels, and customer support numbers you use. If traveling with a partner, load their contact in as well, also using work info. Include a contact record for the ‘emergency contact’ you already disclosed on other forms (airline, customs). If the device is lost, searched, etc., revoke this child from everything you’d shared to it from.
If you need access to more while traveling, look into 1Password’s travel mode, and share a travel-safe vault from yourself to yourself:
When you are set up as you like, backup to iCloud. In the future, you can restore from this backup.
Caveat: On the parent ID, avoid applications that mark their data to exclude from iCloud backups unless they sync themselves to the cloud and auto-restore the data when restoring that Apple ID to a new device. For such apps, you will have to manually recreate their data, or use legacy iTunes wired backup and restore which defeats the purpose if you wish to restore at your trip destination. A common example might be Google Authenticator.
Pro-Tip: Restoring very large numbers of apps, as well as iCloud data such as files and photos, can take a very long time OTA. On a home Mac, set up iCloud Content Caching with a sufficient size to cache all apps, documents, and photo data, to radically improve restore times:
This will speed up app restore for the child account as well, though that shouldn’t be an issue as you’ll maintain a very small number of apps.
The device will be useful from home to destination, and info (notes, photos, etc.) on the go can be shared back to the parent. Depending on length of trip, you can restore to your primary ID at destination and then flip again for the trip home.
The device will be normal.
Even a tiny exception to the "4th ammendment exception" might allow for crafting safer transit.
Anybody remember that USB stick that kills whatever it's plugged into? I could throw 2-3 of those into my luggage and forget about them.
Quick google search brought me here:
LHR-LAX-AKL requires all passengers to get off but those not terminating in LAX stay in a transit area (although there's still an immigration check).
And IAH supports international transit for bags, but you as a person still need to immigrate the normal way.
Your policy does not cover you for any claim directly or indirectly resulting from any of the following:
8) Confiscation or destruction of property by any customs, government or other authority of any country
Effectively, for phones or laptops, you would have your standard password as well as a secondary password. If you use your fingerprint to open your phone, you would be able to register a different print as your secondary print.
Using your regular password/fingerprint would unlock the device normally. Using the secondary (dead man's pass) would either wipe the device, or open it to a honeypot state.
I think this would be useful for phones and perhaps laptops. If a memory card is confiscated, perhaps it could be encrypted with a program that follows the same concept. Either way, it allows people like DHS to demand a password, and have one given to them while also solving the problem of not wanting to show them private information.
If you're a U.S. person the worst case scenario is they keep them anyways.
BUT! if you're NOT a U.S. person do keep in mind that CBP takes wiped devices (and lack of devices) as suspicious in itself, and may deny you entry.
Regardless, implementation details would probably be better for a different topic.
So the DHS requesting you passwords in order to enter and the DHS collecting your facial scan in order to exit will effectively bookend the experience of visiting the USA.
This agency seems to increasingly act with complete autonomy and impunity. The culture there seems to be one of arrogance and disregard. This is evident all the way down to the clowns at the airport who berate and harass regular folks who are just trying to get somewhere.
Don't think the average customs officer has time or skills to dig out files containing encrypted volumes on your device.
More people standing up and saying no is one of the few things that might actually make a difference.
1. The current gene pool that will rule this country will be no different from the last and it will impose similar measures on the next pool.
2. What's sad about this is the long term damage done to trust and a raft of the rights of people, all for some short term security.
The only thing that can fix this is a return to thinking of consequences on a larger time scale and stop being afraid.
i.e. Write checks to ACLU and EFF.
Where's the data? What data? The only thing on there is an app called "Secure erase free space". No, you can't have the encryption key to that flash drive there, but I'll surrender it under protest.
1. Make sure it's a cloud service that you trust (i.e. audited, self-hosted and you know what you're doing etc.), since they'll probably keep the data on it forever, regardless of whether you delete it.
2. They will eventually ask for your password for that cloud service and download the data from it. For the truly paranoid (which is increasingly coming to resemble "people who care about security at all", sadly), use a cloud service with a duress code https://en.wikipedia.org/wiki/Duress_code. Returning fake data with a duress response can get you through security quickly if the people searching your data don't identify it as fake. Otherwise, the response of "I just gave a duress response and was permanently locked out until I personally visit the agency holding it in $my_country_of_origin and re-authenticate" may have a slightly higher success rate of getting you through security than refusing to surrender passwords. But then you don't get access to your data until you do that. There's always the "inconvenience" bluff-call option of "after I gave the duress response, I won't have access to my data for a week", but depending on how petty/suspicious the officers are that can be equivalent to asking for a week's detention.
DefinitelynotfakedmitrygrLOL@gmail.com password: fucktheDHS
Log in works. Chromebook shows apps. Emails. Etc.
Unless you commit a crime crossing the border (like getting caught with drugs), CBP does not have the authority to detain a US citizen without probable cause. Refusing to provide a password is not probable cause.
Will that be declared a contraband soon?
If foreign visitors get treated even half as poorly as I've been treated, and I'm sure they do, it's an embarrassment. I wish more Americans traveled overseas because if they experienced the difference between how we treat people vs how others do, they'd be properly outraged.
I stopped bothering even being polite to them after getting repeatedly questioned about my travels when I trying to get back home before my mother died. I'll be the first to admit that I often have trouble showing empathy, but these people make me look like a saint.
Each time I uttered anything he'd just randomly shout for me to comply, after about the fourth time he looked up and ordered me to use my left hand.
Absolutely bizarre experience.
Oddly enough, I had a raspberry pi with me (with no case or packaging), and I thought I'd get accused of making bombs like the girl at Logan airport. However, the kid searching my luggage said "cool, a raspberry pi! What projects do you do with it?"
Twelve years or so ago I was having serious doubts they were going to let me leave Amsterdam to travel back to the US (on a one way ticket) because I had a Iraqi customs stamp in my passport, they were quite concerned and inquisitive about it.
Previously on the same trip I was searched pretty thoroughly on the train because I just happened to be traveling between countries on the same day as the 2005 London bombings. I guess they figured anyone traveling around Eastern Europe with a ukulele probably isn't too much of a threat so they didn't hassle me too much.
That second one kind of surprised me because I thought they just let you travel within the eurozone without problem.
They really seem to be selecting for the biggest assholes they can find. I have had many weird or disrespectful encounters with them. Example: asking my American wife (I am German) " why did you not marry an American, but a foreigner". Who would ask such a question as the first thing?
The only effective resistance is to not cross the border. As soon as you move into the transit area you are devoid of rights, privileges and protections afforded anywhere else and completely at the mercy of the person in front of you. Give them a snarky remark and you'll spend just enough time in a small room while they run "additional checks" to miss your flight.
Time to go long Leidos Holdings, Booz Allen Hamilton, CSRA, SAIC, CACI International, end etc?
The last time I went to the airport, I was really tired and it was apparent I hadn't slept. I guess being exhausted and ugly made me suspicious. They way they interrogated me like a criminal and forced me to provide personal details made me seriously consider emigrating.
be coerced to give away your truecrypt password.
CBP aren't stupid. If they see you have something like Truecrypt installed, then they will assume you have "deniable" stuff stored and will demand to see it. And if you don't actually have it? Too bad for you.
Cryptography cannot help you defeat a government's rubber host cryptanalysis.
If this doesn't change, I will never consider to move or even go on vacation to the USA, I might live in a state that has a lot of problems (Italy), but at least I have the right of privacy, and I can take a plane without having agents searching through my sensitive information on my devices.
The Supreme Court, in Riley vs. California (https://en.wikipedia.org/wiki/Riley_v._California), unanimously held that warrantless searching of a cell phone is unconstitutional (violation of the 4th amendment). The ACLU and EFF have filed a case largely on this basis. (https://www.aclu.org/legal-document/alasaad-v-duke-complaint)
My armchair thoughts on this is that it looks like their case is very strong, and the likelihood of this policy being struck down at least for US citizens is pretty high. Wouldn't mind a lawyer opinion, but at first glance I don't see a huge difference between the circumstances of Riley vs. California, and the cases represented here.
There are unfortunately people in this nation (as everywhere else) who are authoritarian oriented in nature, but there are also many in this country who push back. For US citizens, the best way to react to this is less Internet outrage, but ensure that one supports the ACLU and EFF, two organizations that have been critical in pushing back against the erosion of the 4th Amendment.
The USA - like other countries, such as Germany or Mexico - are both a (representative) democracy and a federal republic.
But why on earth would most people here feel the need to travel with a wiped, or factory-defaulted device? I mean, if you have something to hide, or sensitive information, sure, I guess. But it's not like they stop and ask for a password from everyone. This probably applies to 1 in thousands, if not tens of thousands of passengers. What on earth do you gain by going through the elaborate precaution of wiping all your devices, for a 1 in 10k chance of someone bothering to look at them, especially when they wouldn't find anything?
It is ok to be both angry, even outraged at a policy, but also not let it impact you in a totally crazy way which doesn't make any sense.
Who'd believe a month before the election that Trump would be president? Be cavalier with your personal data, but in my country we say "guard your clothes so you at least have half of them".
I stand corrected.
Currently that probably means to never even mention these things in combination with anything internet (unless it has strong encryption, maybe).
edit: mental health issues, drug use, compromising pictures and situations, ...
Because it's wrong. Does there have to be another reason?
Maybe you've forgotten, but the constitution is a pretty cool and forward looking document. Although the 4th ammend. (for some crazy reason) doesn't apply at the border, it's a still a pretty ideal principal to protect you from your government.
Read it here: https://www.law.cornell.edu/constitution/fourth_amendment
CBP can probably demand your passwords for your devices. Can they demand your passwords for remote services? Probably not. "Sorry, my employer demands I not reveal my work passwords to anyone, but you can have the password to my laptop, and you can even keep it!"