Hacker News new | past | comments | ask | show | jobs | submit login
New Zealand travellers refusing digital search now face $5k Customs fine (radionz.co.nz)
658 points by petethomas on Oct 1, 2018 | hide | past | favorite | 621 comments

This happened to me driving from the US into Canada with my significant other on a short vacation. After some routine questioning, the agent asked for our phones and passwords. Naturally, I hesitated and wanted to know why he needed to go through our phones. He didn't give a reason, but said if I refuse they'd hold us until their forensics team cracks the phone password anyway. I wanted to make a bigger deal about it but didn't want to ruin our vacation so I complied. They took the phones in the back for about 45 min, who knows what information they downloaded or uploaded during that time, then gave it back to me while interrogating me like I was a drug lord because there was a text message from a year earlier about a friend's girlfriend doing cocaine.

It was extremely unnerving, they went through all our private pictures, messages, dropbox files, email, notes, dating apps, etc. It ruined the vacation for me, and I've stopped visiting Canada because of how disgusted I felt afterwards. I know Canada is not the only country doing that, so from now on when I cross an international border I wipe my phone (after backing up) and just have a few pictures and messages on there. Incidentally though, that's the only time it's happened to me.

>>It ruined the vacation for me, and I've stopped visiting Canada because of how disgusted I felt afterwards.

I don't blame you for this at all, but I will say this is bi-directional; as a Canadian, when I travel to the US, I get the same bullshit questioning and phone snooping on occasion. The current controversy on border crossing is that, despite marijuana becoming legalized in Canada shortly, if you admit to smoking it when asked, you'll be barred from entering the US. So seems to me that both countries just love love love the opportunity to flex their power against people who have no recourse. If you want to see what cops do when they don't have to follow any rules on unreasonable searches, probable cause, reasonable suspicion, etc. then just look to our borders.

I wish our governments could get together and sort this junk out, but that would mean both agencies would have to lose some of their power to "secure the border" so it'll never go anywhere.

Now I want to go to Canada repeatedly just to get them to try to decrypt my phone. "You know, I don't recall the darn password. I'll just go have a seat while you do your thing."

I'd be interested to know if they could!

They won't. They'll just keep the phone and send you on your way. You might be lucky if you get it back in 4 months likely never.

In civilized countries stealing is against the law...

Civilized countries just call it something else, like "civil forfeiture", and then make it the "law".


It might be fun to include some variety . Hotel reservations all stored on Minidisc. Family photos on zip drives.

A 5¼ inch floppy disk has gotta be pretty good "security" at the border in 2018.

Make sure the zip disk has the click of death.

Best case result of this is you sitting there for several hours, and then them deciding to seize the device anyways.

It would be interesting. However those people can vindictive and if you fall in their crosshairs they can ruin your life. I wouldn't mess with them just because at least.

My experience is that entering Canada is a little less of a problem and that it's only become more of a problem due to pressure on the Canadians from the US to beef up their border security or else. The more strict checks seem to apply both to Canadians and non-Canadians. And entering Canada, the law is not actually suspended at the border and its vicinity .. unlike some other places.

That said I've travelled dozens of times in a multitude of ports of entries and the vast majority of people have no problem, they're not searched, they're not detained. I haven't seen anyone standing in front of me in line have a problem either. You can avoid 99% of the problem by being polite, answering questions truthfully, and treating the border guards with respect. Yeah, it sucks if they have a bad day and they're rude to you or they ask you invasive questions, just play along and be nice. You'll be fine. If you are suspicious or if you piss them off they will potentially make your day very very bad.

All that said, I think the land border between the US and Canada should just be open.

By the way, you can also go on vacation without a phone ;) disconnecting will make your vacation better!

I don't know about that. They were a royal pain in the 90's if you had a bus of high school students. I remember them grabbing a couple of girls (didn't even talk to them first) and taking them away while not allowing the adult counselors to be with them. That lasted about an hour and the girls were crying when they returned. They also kept a group of buses their for multiple hours. I'm not even sure what they were looking for.

The US side would nod their heads and says there was nothing to be done about it.

I entered Canada a couple of times in the 90s and it was basically cursory look at my passport + have a nice a day. Something like 5 seconds. Today I am a Canadian citizen and overall the experience is much worse than it used to be in the 90s or even 10 years ago.

Which border crossing had those incidents? So those girls were on the bus with you, they came back crying, and you have no idea why? Is there more context here?

Just sort of to tie this in to current events, some guy just drove into Canada without stopping the other day: https://vancouversun.com/news/local-news/driver-who-skipped-...

Now by luck police spotted the vehicle in Vancouver and tried to pull it over.

If someone tried this sort of stunt going the other direction what do you think would happen?

> And entering Canada, the law is not actually suspended at the border and its vicinity

So police in Canada can demand your unlocked phone at any point, not just at the border?

Well, possibly. My point is that in Canada, at least on paper "Everyone has the right to be secure against unreasonable search or seizure.". Now obviously this is always work in progress and there are situations where asserting your rights is a problem, but people should follow up on these incidents and they do have recourse. Unlike some other places.


"The context of the search, and the activity that brings a person into contact with the state, can have an impact on the person’s reasonable expectation of privacy."


"The degree of personal privacy expected at borders, where travellers expect to be searched, is lower than in other enforcement situations (R. v. Simmons, [1988] 2 S.C.R. 495 at page 528; Monney at paragraph 34; R. v. Jacques, [1996] 3 S.C.R. 312 at paragraph 18).

The expectation of privacy is reduced in the school setting in relation to the responsibility of teachers and other school authorities to provide a safe environment and maintain order and discipline in the school (M.(M.R.)).

Prisons carry a decreased expectation of privacy (Weatherall; R. v. Conway, [1989] 1 S.C.R. 1659). However, the lowered expectation of privacy within a prison does not allow the seizure without a warrant of bodily samples taken as part of a medical examination (R. v. Dorfer (1996), 104 C.C.C. (3d) 528 (B.C.C.A.))."

I drove from Detroit to Toronto via Windsor, and was subjected to a vehicle search and questioning. I pulled up my hotel reservation at the agents' request, and he snatched my phone out of my hands and started going through my emails. He couldn't wrap his head around why anyone would want to take a roadtrip to toronto for an extended weekend, other than to run drugs. I've also been interrogated when flying into Canada for work. Canadian border security is notorious for this kind of stuff.

I'm Canadian. I get searched all the time by both sides. Canadian side has been worse for me, so far.

I really like going to other countries, their customs tend to be reasonable. coming back home is always a nerve racking experience.

I haven't been asked for my phone yet, but have been asked for my camera.

I'm being drawn more and more to paying for online storage/sync solutions and clearing my phone and laptop before traveling to the USA or Canada. actually more worried about Canada.

That's what I do. Anything that I think would cause me problems coming back into Canada gets pushed to the cloud while I'm still out of country, then deleted from my devices. Next, I log out/disconnect from my cloud services and uninstall their apps. Once I've cleared customs, I take a few minutes to reinstall and reconnect everything.

It's a hell of a lot better than dealing with the bullshit that is CBSA.

If you have a reasonable internet connection at home this might be the moment to get your own server. Next to online storage (Nextcloud/Owncloud, Seafile) it can host your mail (postfix/exim w/dovecot + spamassassin + sieve), source repo (gogs/gitea), miscellaneous web things you might want to host, media streaming server (airsonic, ampache, etc), personal VPN (openVPN) and more. This gives you far more flexibility (and storage) than commercial online storage/sync solutions for the price of some work to set it up and the electricity to power the thing.

> he snatched my phone out of my hands and started going through my emails

Is it not illegal - the "snatching" part?

It doesn't matter whether or not it is. While you are there they are your gods and after you leave they're untouchable. If the border security is rude or downright abusive your only recourse is just not going to the country in question.

Try being a Canadian and going the other way!

As a Canadian who has gone both ways dozens of times, I’ve definitely gotten a much tougher treatment by the Canadian side.

I had to bite my tongue to not say “I’m a citizen, you have to let me in.”

this comment made me sad. i am a south asian national, i do have a canadian tourist visa and was hoping to go watch F1 in 2019 in Montreal. reading all of this is probably going to change that plan :/

I'm a Canadian permanent resident and the dozen or so times I've crossed the border into Canada I've never had a negative experience. I've always found the Canadian border agents to be polite and courteous. I cannot say the same for their US counterparts. Not doubting the negative experiences described above just that my personal random sample has been different.

Ditto. The Canadians were pretty easy to deal with.

The US is always a PITA, esp. after long international flights. One time they flagged me for "smuggling halogen headlights" or something and searched ALL of my stuff. Missed my LA-DC flight because of it. And I'm a white, clean-cut US citizen.

Keep in mind that people who cross the border without any incidents don't usually bother posting about it. I wouldn't alter your plans just based on a few comments here at least.

I'm a Canadian, and the most nerve wracking question I was ever asked (that I can recall) was:

    Do you bring back any food ?
(I had a undeclared box of cereal in my backpack)

This is terrifying, I had no idea this kind of practice is already in place! In Asia, so far I never got asked for my phone and equipment, but now I wonder what the best way is to handle this. Killing my phone and restoring after entering is one way, but for a laptop that's more annoying unless you live in the cloud. Might still be a good practice to have your devices in a state where you could easily wipe and restore them in no time.

If I randomly got asked to do that, to be honest, I would rather turn around and go back instead of taking the risk that they maybe find something out of my past that can get me intro troubles.

Don't travel with your primary devices or any devices with sensitive or even personal information on them - to any country ruled by totalitarian regimes, like China, Iran, Turkey, New Zealand, Canada, or the US...


Or the UK, and probably a long list of other countries.

Five eyes, nine eyes, fourteen eyes. Most probably 195 eyes, although perhaps they'll be split 3 or 4 ways instead of one unilateral bloc of pervasive government overreach consisting of every country on earth...

New Zealand is a "Totalitarian Regime"? Thoise words must mean something different here

Sure, somewhat hyperbolic, but a reference to this new law that went into force this week and the parent post:

"Travellers who refuse to hand over their phone or laptop passwords to Customs officials can now be slapped with a $5000 fine."


I'm gonna have to treat that as a "hostile border", and treat it the same as the Chinese border...

If you watch the show "Border Security: Canada's Front Line" you will see how often this is the norm. It's on Netflix as well.

I really think these are dangerous times and for some reason I only ever expected this from the US but never from Canada or New Zealand.

I suspect it has something to do with the five eyes network. They all adopt similar security measures.

Exactly. Why do you think Canada is exempt from a number of US border requirements (e.g. ETSA). It’s not out of the US goodness of their heart. It’s because the US and Canada freely share information.

This happened to my friend in Canada (who was born in and retains citizenship in Canada). They also told use they would use a spectrogram to determine if we had cannabis with us. I think it was an attempt to scare us, assuming we had very little knowledge. Turns out, their definition of spectrogram is tearing our entire car apart. Mostly the interior panels. Thought that was pretty interesting :-)

I had this happen at the Canadian border once, and of course I never used that phone again; who knows what they did to it.

You have no right to privacy when crossing an international border. The solution is simple - don't carry any data you don't want to give to the country you're entering.

There should be for citizens of the United States re-entering the United States.

It says so in the Constitution. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

That is not how it is in practice, but the Constitution is quite clear on the subject.

Attorney here! (Not providing legal advice.)

The power to conduct border searches, even without probable cause, is considered well-settled under the law as not contravening the Constitution. See, e.g., U.S. v. Ramsey, 431 U.S. 606 (1977).

Entirely agreed that precedent accords Customs their present powers.

From the case's dissent: "If the Government is allowed to exercise he power it claims, the door will be open to the wholesale, secret examination of all incoming international letter mail. No notice would be necessary either before or after the search."

Viewed from a post-Snowden perspective, it sounds predictive.

Segregation, too, was once considered well-settled. That didn't make it right nor consistent with the Constitution, which has not changed its language on the subject since 1868.

This is 100% the right solution, and there's a pretty easy way to accomplish this, with iPhones at least:

   Back up to iCloud
   Wipe your phone
   Cross the border
   Restore from iCloud
And yes, this may fail visiting China, because who knows what the Great Firewall will block.

Do note that restoring your phone can be a massive pain, even on a fast network it took me a couple of hours to fully restore it. There's also certain things you'll need to set up again; Apple Pay, mail passwords, ... So it's really not as simple as you make it out to be.

I wish I could

- backup essentials to iCloud

- and backup pretty much everything (whatever I want) to iTunes so that I could do a full restore from a local backup.

I'm genuinely curious; why is cloud storage considered to be a solution here?

When I put my 'megalomania cap' on, one of the first things I do is figure that people will use the cloud, which actually makes me happy. I won't have to worry about notifications, in-person confrontations and/or low-level employee error.

Same for people opting to ship their devices abroad via FedEx and the like to avoid the hassle of wiping and/or being searched.

As far as I can tell (from reading history and living), companies, no matter how beneficent they claim to be, acquiesce to "gov't" demands because the penalty of not doing so is death. Recent case in point, Google in the PRC.

But again, I fully admit that I may be wrong here. So, if I am, I hope someone will take the time to explain why. Thanks.

I'm sure you won't get any extra attention if you show them a freshly wiped phone, totally normal.

Unfortunately I think you'd have to have the phone activated with a different Apple account. But if they ask you questions (like "do you have any other icloud accounts") don't lie, it never makes it better. Just say that this is your travel account. This is now quite standard practice for execs when travelling to e.g. China.

This is good advice but practitioners should be advised that iOS data backed up to iCloud can be decrypted by Apple and, as a result, is subject to subpoena by the authorities.

Attorney here! (Not giving legal advice.)

The good news is that, at least in the U.S., a warrant (not a subpoena, that’s for civil matters) needs to be issued by a judge and can issue only if probable cause is provided. That’s a much higher standard than a border search, where no such limitations apply.

Let’s be real. The law allows them sufficient room to detain people that they’ll just threaten to make life hard for you if you don’t do things the easy way.

The law is a post-facto thing which you can use to sue if you want to lose some years of your life. It never actually helps prevent a bad situation. And to make it worse you’ll probably effectively be banned from traveling for being a troublemaker.

This can be made easier with a secondary discardable-grade phone with the same O/S as your primary phone.

Do factory reset and cross the border. Then just sign in to your travel phone just like you did when you bought it and switched on for the first time, and it pulls all apps/messages/passwords from the cloud. You'll get at least 95% of your real phone synced to the travel phone.

Back at home, your real phone is untouched and you can just switch back to it without having to set up anything, or losing any local settings. Then stash the travel phone until the next trip.

I've got an old iPhone 5 burner I use for international travel. It's a slight hassle but I'd rather that than someone going through all my texts, emails and pics etc.

> He didn't give a reason, but said if I refuse they'd hold us until their forensics team cracks the phone password anyway

Is that realistic? Would they actually be able to "crack" the encryption of a modern iPhone or Android phone?

I too am incredulous of that claim. Most likely it was meant to scare the uninformed (and also the informed, since they do not want to waste the time).

Depends on when it happened. There have been times when there have been workable exploits that have been used by law enforcement agencies.

There's a fairly high-profile Israeli company that specializes in finding or buying zero-day exploits and reselling them in script-kiddie form to law enforcement agencies at high prices.

I wonder if random power tripping border security goons get to use zero day exploits just for kicks?

The exploits come in a nice box (physical box with phone connectors), and sadly, the answer could be yes at the bigger checkpoints (depends on whether they shelled out $$$ for the box).

Odays often have a finite lifetime. Once you have bought an exploit you may as well use it. Cellebrite and Greycode produce reliable and surprisingly functional gear. Apple and other vendors obviously try to discover what exploit is being used, and exploit vendors try to hide the technique. I suspect this is why sometimes the device is never returned.

Generally I wouldn't characterise the customs people as goons. Like most LE jobs they see some nasty stuff. I'm talking paedophilia and violent pornography. They also deal with some really sketchy characters and if you trigger that detection you are definitely getting extra scrutiny.

It'll be built into the forensic analysis software they're using.

>...didn't want to ruin our vacation so I complied.

>It ruined the vacation for me...

So what was the lesson?

Border agents are terrible vanguards of a country tourism board.

Is there one?

Are you looking for:

* Don't leave the country?

* Refuse and have the phone cracked anyway?

* Refuse letting go of the phone and get arrested?

I would say "don't go to Canada", but I'm not sure how common this is across the world. Does anyone have a sense of how common this draconian approach is? I have a US passport and have been to about 25 countries on six continents and have never experienced this, but borders see such mind bogglingly high numbers pass through that I wouldn't say I have a robust set of data points.

I would say "don't go to Canada", but I'm not sure how common this is across the world.

The more you travel, the more common it is.

The phone thing is somewhat new, ever since certain companies started selling devices to governments that let them crack, examine, and archive your phone.

But being hassled at the border has always been a risk. Before it was terrorism, it was drugs, or just the change in culture.

I've had problems getting into Japan because of my heart medication.

I've read that if you have stamps in your passport from certain Middle Eastern countries, you can't get into some other Middle Eastern countries.

I've also read quite extensively recently that it's become very difficult for Indians to get into Georgia. Entire families, and even planeloads of people have been turned away, if you believe what you read on TripAdvisor.

> being hassled at the border has always been a risk. Before it was terrorism, it was drugs, or just the change in culture.

Right, I'm aware of this, and borders in general suck. I've had a fair few bizarre experiences at borders, some of them funny (like the Lebanese border guard who insisted on speaking Spanish to me) and some quite shitty (lookin at you, Israel). But to me, the above story is quite the outlier in terms of sheer hostility, from a country that I didn't think of as being particularly draconian at the border.

> I've read that if you have stamps in your passport from certain Middle Eastern countries, you can't get into some other Middle Eastern countries.

Normally you can get two/three passports for that reason.

Really? I've not heard of countries issuing multiple simultaneous passports unless you have official or diplomatic status.

Previously the Israelis stapled a piece of paper with a stamp on it, you take it out before you go to the GCC. Now its not even stapled. (They photograph your passport & stamp pages though...) https://www.touristisrael.com/the-israeli-passport-stamp/974...

Several of my colleagues have multiple passports, simply because they travel often. They can travel with one passport, while the other is sent to the embassy for the next trip's visa.

Two of them are British, as am I. I looked into the process, but then changed the focus of my work and didn't need to travel so intensely. Essentially, I would have sent in a normal passport renewal form, and attached a letter saying "I'm going to X countries in the last Y months, so need a second passport". "I'm going to X as well as Y" is an equally valid reason.

> Really? I've not heard of countries issuing multiple simultaneous passports unless you have official or diplomatic status.

Germany and I think most other EU countries with heavy industries absolutely do this, because it is necessary to do business in the middle east.

What a practical solution. Deeper googling shows that this is possible for many countries (DE, AU, US, UK, FR at least), often called a concurrent or second passport. I wish I had known about this when various countries had been taking their sweet time about getting me a visa.

https://pointstobemade.boardingarea.com/2018/02/22/getting-a... https://www.passports.gov.au/using-your-passport/concurrent-... https://photos.state.gov/libraries/france/45994/pdf/second.p... https://www.service-public.fr/particuliers/vosdroits/F21517 https://www.rapidevisa.fr/actualites/174-comment-obtenir-off...

Learn something new on HN every day :-)

Your home country is pretty good at this stuff too. Had this happen to me in 2016 on a business trip, but I just had my work phone and laptop with me and didn't care too much. What was annoying were the comments I got when stating I'm a software dev and visiting for work (along the lines of "we have our own capable people so we don't need you taking our jobs"). I was at that time working for a US company's branch in Switzerland. Not too fond of visiting again. Luckily I'm not working there anymore.

> Your home country is pretty good at this stuff too.

Oh yea, I have no illusions about this, and I met more than a few people during my travels who deprioritize going to the US for tourism because of this, in the same way I'm discussing Canada here.

I didn't imagine that Canada was the _only_ country that did stuff like this, since I assumed we (and a couple other famous outliers like Israel) had similar stories. I was just wondering how common it was overall.

I've been to probably 60-70 countries on a UK passport. The only unpleasant border experiences I recall were in Israel, UK, France, and the USA. (Rude and intrusive).

What unpleasantness can happen to a British citizen at the UK border? (Or France, for that matter.)

Buy new phone, put random things there to look real and give them that phone instead.

Or wipe your phone, restore backup from cloud on arrival.

> Or wipe your phone, restore backup from cloud on arrival.

I'd wager the agents could legitimately (for some deranged, modern usage of that word) require that you either surrender your phone anyway or restore it immediately so they can review what you're clearly planning on bringing into the country.

By that logic they could demand live access to your bank/social/email account as well. It's one thing to search things that you physically bring into the country - this article was talking about NZ only search the phones in "Airplane" mode.

True, the way this law is apparently defined I think you could get away with it, but the distinction between what's on the device and what's in the cloud is getting fuzzier all the time, and I'm not sure other countries would feel so constrained.

Restore to what account? I have so many, I doubt they are aware of all my accounts

>Please provide a finite list of your accounts. Lying by omission is still lying.

It's easy to come up with new stasi operation techniques if there are no civil liberties.

Android supports multiple user profiles on the same device. Maybe being logged in to a stripped down dummy account when crossing the border would be enough? I'm guessing the storage is encrypted on a per user basis, so as long as the customs officer isn't aware of it it even a device clone should leave your actual data safe.

If it's a random officer on the side of the road, then this might work.

If it's at a border crossing, assume that they're using forensic tools to dump your entire phone, which will bypass any user-profile shenanigans you might try to do.

This would cause me to turn around at the border and cancel my reservations. I won’t be going to New Zealand either. And yes, I am aware the USA treats incoming visitors just as badly.

How can they possibly "crack" the phone password? Won't the phone get locked after a few failed tries?

It's border patrol speak for "keep your device indefinitely while refusing you entry and/or detaining you indefinitely". By attempting to cross the border you give them the right to do any of that.

Isn't border patrol (US, Canadian, pick a country, I'll wait) wonderful?


There are bad agents everywhere. Just a numbers game after a while. I've done that border tons of times with no issue. Though, I will say that I take protective measures before I travel anyway. It's pretty easy to log out of an iCloud account and there is nothing on my computer that I care about that isn't backed up somewhere.

It's not bad agents, it's bad laws.

It's both. See above about the agent commenting on a girl's tinder messages. They also are horribly racist to non English speakers.

It's a mix of both, like most things.

This is an important issue cryptographers and security minded people often overlook: the strongest cryptography is irrelevant if it opens you to such social harassment. What we need is practical cryptography.

I have found practical success by booting from an encrypted Linux partition that has absolutely nothing relevant on it, with a weak password I can always enter when requested by big guys with guns. Unbeknown to them on the same partition there sits another encrypted volume, at some offset from the outer's partition start. If I fail to enter the correct password for the outer partition, Ubuntu drops into the command line of the initrd, that is equiped with all the tools you need to mount the real, offset partition:

  cryptsetup -o 100000000 create boot /dev/sdc3
So instead of having a nice GUI into which you directly enter the uber-secret password, you press enter a few times in the GUI, drop to command line, issue a single command and only then enter the uber-secret password. A mild nuisance in your bootup process, once you get the hang of it.

It's impossible for any court forensic team, let alone an airport goon, to prove there is actually another partition inside the outer encrypted partition, unless you mount common volumes and cross-contaminate. An important caveat is to properly defragment the outer partition and fiddle with the offset and the size of the inner partition to prevent any conflicts, then avoid writing in the outer partition.

> It's impossible for any court forensic team, let alone an airport goon, to prove there is actually another partition inside the outer encrypted partition, unless you mount common volumes and cross-contaminate. An important caveat is to properly defragment the outer partition and fiddle with the offset and the size of the inner partition to avoid any conflicts, then avoid writing in the outer partition.

Customs staff typically don't know to prove there is, they just need reasonable suspicion to seize goods for further investigation. The fact you've booted into a 50GB partition on a 500GB disk may well be considered reasonable suspicion to seize the goods for the sake of further investigation.

You are correct. I've simplified a bit: I boot from a 50GB decoy root partition that also has a 450GB decoy data partition along side it, both encrypted with the same weak password. This is a standard configuration and the machine works perfectly fine, you can write inside the decoy root as much as you want, as Linux would do when it boots. The data partition is largely empty and you haven't written large files there for some time, but that should not be suspicious by itself.

In the free space of the large data partition there lives the sensitive hidden root. It's maybe 250GB, with a 100GB offset from the start of the decoy data, and 50GB guard space at the back, where ext4 writes all sorts of crap. So you get to use about 50% of your raw disk capacity inside the sensitive environment, as a single encrypted root.

There is a risk of them looking at the raw data of the drive and asking what all the random data at the end of it is.

The beatings will continue until you decrypt it. Hopefully you can and it's not actually just random data...

The outer volume is itself encrypted so if you correctly initialized it as recommended, the raw disk should be full of random bits. When read from within the encrypted outer volume, these decrypt to random data as well, so there should be no way to detect the inner volume, either by looking at the raw disk sectors or at the decrypted outer volume sectors. Most importantly, you have the plausible deniability that the disk looks exactly as it should per recommendations of security experts, that the boot-loader and initrd are the stock versions that exist on any other Ubuntu machine with encrypted volumes etc.

Another caveat here is that the inner volume must use the implicit encryption parameters of cryptsetup, or that the correct parameters are supplied in the command line. A LUKS header should absolutely not be used, as it will be plainly visible inside the partition, and would indicate, at the very least, that some other encrypted data was stored in the past on the disk leading to new questions about its password etc., killing plausible deniability.

See the cryptsetup FAQ 5.2 (https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAsk...):

"This means that if you have a large set of random-looking data, they can already lock you up."

In the UK, with RIPA legislation, there is a real risk of someone dropping a USB key full of random data on you, telling the cops there's child porn in it, then you get locked up for 5 years for failing to decrypt it.

I've read the FAQ item and I'm sorry to say that it seems written by somebody talking out of their behind, giving legal advice to boot.

Sure, once in the hands of the Russian FSB, Italian Mafia or Nicolas Maduro, any detectable amount of random data could result in torture - just to be on the safe side, maybe there is a hidden volume there after all.

But in any state where rule of law is observed, the prosecution must establish probable cause and, once in court, prove beyond reasonable doubt that the illegal act was indeed committed - in this case, failure to disclose the encryption key of a locked volume. So there must exist corroborating evidence that should exclude any reasonable accidental or normal situation that could produce the random data. For example, a border agent could testify that he saw illegal material on your device's screen and a random file could be found in your home directory. In your device history, traces to a missing volume or partition could remain etc. The defense can easily explain away a partition initialized to random, if that's what standard system tools produce in their normal configuration and no other corroborating evidence exits.

A LUKS header is a clear indication that another encryption configuration was/is used on the computer, so you would then be compelled to give explanation about it's presence, it's password, the provenance of the laptop etc. The explanations given in the FAQ (experiment, random swap) are unconvincing if they are not corroborated by other patterns, for example modification timestamps on /etc/fstab and /etc/crypttab and so on.

So the absence of the LUKS header really does fill a practical gap, and it happens that most legal systems today are squeezing harder and harder into that gap. Unlike the dubious claims in that FAQ entry, Truecrypt hidden volumes actually have established legal precedent.

TrueCrypt/VeraCrypt can do this for you with the intention that the existence of a hidden partition is plausibly deniable unless the correct key is provided. The only downside to this is gross inefficiency, you may only be able to get 20GB useful space out of a 500GB disc.

I think the parent comment is describing a scheme where the outer partition contains the inner one, so both are large. As the parent notes, this is dangerous, and you have to be careful not to overwrite inner data if you boot the outer os.

It is also Linux, so there are probably three different ways to make partitions appear to be a different size or reserve certain blocks in the partition.

That is the same approach used by TrueCrypt (RIP) for it's "hidden volume", to solve pretty much the same problem.


> TrueCrypt (RIP)

Continued by VeraCrypt: https://www.veracrypt.fr/

Love this. Isn't there also something for Android that presents a "safe" account when you type in a particular passcode?

This regulation is clearly made by people who don't understand the technology and capabilities of these devices. A waste of time and money; who is going to train customs officials to search through phones?

As cheap as burner phones are these days, it seems the easiest route is to buy a decoy Android and fill it with plausible-looking innocent data, and leave your real phone home when going on vacation.

I don't understand why you think there's a need to fill it with plausible-looking innocent data.

Why can't you just take a new phone and say, "it's empty because I got a new phone"?

> This regulation is clearly made by people who don't understand the technology and capabilities...

Staying ahead of them with a technological trick is only a partial, temporary solution, though. Eventually you can expect that there will be an attack, whether purchased (see GreyKey) or legislated, on the workaround. What should happen is that the whole arms race should be nipped in the bud by outlawing this kind of data collection coercion. But I don't have a lot of hope about getting that genie back into the bottle.

the end result will be any system which is not familiar to the officials who are doing the checks or compatible with their scanning technology will simply be confiscated upon entry.

the only safe harbor will be one you don't carry with you except as a device which can guarantee secure access to that remote information.

I recall a story from long ago: user is requested to boot their laptop by airline security.

They boot, which drops to a linux (bsd?) command line. Agent is not pleased. User sets PS1 so the prompt now looks like DOS. Agent is satisfied (they may just have been satisfied that the device worked, but this story dates from when a DOS prompt was a believable thing for someone to recognize as "computer" )

This story doesn't sound beleivable. As soon as the agent starts attempting commands, they'd see it's not DOS.

But they saw it was a working computer. Airline security don't care what operating system your computer runs, they care if the laptop has been hollowed out and filled with C4.

Of course these days you could have a Raspberry Pi in a corner of the laptop case and the rest of it filled with whatever contraband, and still present a "working" computer to the security screener.

Nobody would seriously claim that airport security is an effective way of stopping determined people. It is a deterrent that works to catch thoroughly stupid people and to make smart people dwell on the anxiety of getting caught.

Nowadays your laptop would go through an X-ray machine with improved explosives detection.

Yep. I've never had to demonstrate that my devices are real at the security checkpoints getting into airports, I just put them in the trays and the X-ray scanners tell the agents that they're safe.

Now, dealing with the customs/pre-clearance checkpoints, that's another matter.

To be very honest, I find the methodology very similar to what drug trafficker would do to hide their drugs. And I don't think this method will end well for all parties either way.

If it works, customs officers cannot find actual illegal contents, and criminals walk free through customs.

If customs officers somehow detects you are doing this, you risk obstructing security measures.

But that's true for all encryption and privacy technology, it has dual use. We as a society must find the right balance and say, ok, there's no reasonable justification for owning 1 pound of plutonium, but there is a legitimate case for high encryption and privacy.

This forum largely believes that the balance struck by New Zealand - that you don't have the right to data privacy when traveling - is completely unacceptable, and as technologists we try to find technical countermeasures.

Let me ask you this hypothetical question instead:

What if we have a "physical encryption" technology that allows encrypting physical objects so that X-ray scanners, drug detecting methods or metal detectors cannot see through them?

Would customs be allowed to ask for the decryption key? Or should the customs just ignore whatever encrypted inside?

Physically, there's constraint on what I am exposing. Digitally, it's my entire life. The bar for a search must be much higher to reflect that. Most people here are not used to dealing with a corrupt officer. Imagine a scenario where you own a property and the police officer next door desperately wants it and he finds a loop hole to block your access to the street (and does more horrible things to get you to vacate your house). Now imagine what he'll do if he had your phone and work backwards from there - even innocent things like a flirty message with someone can potentially ruin someone's life - it doesn't have to be illegal.

The justice system and separation of powers acts as checks and balances from anyone (good or bad) being harassed unless there's a strong reason why. Get a warrant with a limited scope and then do the search.


No need to imagine. There are innumerable cases over the years where cops have turned into stalkers backed by the power of the government when their girlfriends dump them. It happened to one of my ex-es, but I've seen it in newspapers dozens of times over the years.

The problem is that cops are still people. And people are often messy, emotional, irregular, obsessive, mean, or just have a bad day and need someone to take it out on.

Wetware will be wetware. All we can do is advocate for better training and smarter policies.

There's no need to go to such wild hypotheticals if what you want to say is that you support border data searches - it's your right to have that political position. I simply have the opposite position.

Given some hypothetical new technology with vast societal implications, I would be forced to carefully reconsider that position, but in this case I believe privacy is a basic human right that does not simply disappear at the borders.

Of course I respect your opinions. I am just giving a thought experiment to introduce a different perspective and way of thinking.

And I am more than happy to learn that you would re-consider your position given such hypothetical situation.

Let me ask you this hypothetical question instead: What if we have a "brain encryption" technology that allows encrypting your brain so that brain scanners, thought detecting methods or emotion detectors cannot see through it?

Would customs be allowed to ask for the decryption key? Or should the customs just ignore whatever is encrypted inside?

Of course they should be allowed to do so. That would eradicate drug trafficking and cross-border terrorism.

I would say the benefit is too good, weighing against privacy.

Actually, it would simply make terrorists avoid official border crossings. They could, for example, pay a human trafficker $2000 to get them over the border with Mexico.

Of course, you would then request for brain scanning technology to be more widely employed and that brain scanners be installed in the subway, on buses, gas stations and any other place drug dealers and terrorists could happen to go by. I think we all know what is the end for this line of reasoning.

You know I used to question why on earth would Trump want to "build a wall". But I think your comment (along with the previous comments) somehow made a good justification for it.

Anyway, it is quite apparent that we have fundamentally different views on these issues, so let's agree to disagree and call it a day.

Unfortunately your views are fundamentally opposed to what most people (at the very least here) would define as freedom and civil rights.

Judging from the negative scores, you are right.

Does that mean I am going to self-sensor my views to avoid losing karma? No. You have your rights to disagree, I have my rights to express my views.

>"I have my rights to express my views. "

Only if you don't mind the downvotes. For some odd reason, these 'imaginary points' end up causing me to self-censor anyways.

On further-thought, it makes me think it's just something built into us. We seek social/group approval, and it makes us regress to the mean when it comes to thought/opinion. However, I don't think it's the right way for our brains to be wired, especially with social media exposing us to the entire world.

And now with this border-search thing. If it means that the state end up having access to all your social media accounts, that now span decade+ timeframes, not even time and personal growth/regret can protect us.

I don't advocate for downvoting those whom I disagree with, if it were up to me you wouldn't be downvoted.

Yeah, it would be preferable if your comments weren't voted down here because of disagreement with the view you express, as long as it's expressed clearly and constructively (which it is).

> That would eradicate drug trafficking and cross-border terrorism.

No, it wouldn't. One key weakness of totalitarian systems (and that is what you are advocating for) is always that the massive power of the system attracts criminals and corruption into the system and has a major risk of the criminals ending up using the totalitarian power for themselves. If you think there is some sort of absolute solution to a social problem, you are ignoring that implementing the solution does itself build on society. If society isn't free of crime, your solution won't be free of crime either, and if society if free of crime, you don't need the solution. And if your solution isn't free of crime (so, you have corrupt police officers or judges or whatever), then you have thus given criminals the option to use a massively powerful weapon for themselves in some ways.

"the more corrupt the state, the more numerous the law."


It wouldn't stop those things though, there will always be a weak point. What it would do is erode the rights and freedoms of law abiding citizens (something that terrorists seem to want).

Furthermore, if you want to stop drug trafficking, legalize them.

> It wouldn't stop those things though, there will always be a weak point.

If that is your argument, then I don't think anyone can convince you.

> What it would do is erode the rights and freedoms of law abiding citizens (something that terrorists seem to want).

That's not how Wikipedia (and I myself) define terrorism:

> Terrorism is, in the broadest sense, the use of intentionally indiscriminate violence as a means to create terror among masses of people; or fear to achieve a financial, political, religious or ideological aim.

I can be convinced when the argument is good. I don't think a nebulous, "give up your privacy for some possible safety gains" is such an argument. I equate privacy with freedom, and I don't want to give up my freedom.

Digital objects are different in that they usually contain your private memories, pictures etc. and it's entirely possible to reconstruct a complete network of your friends, family, history, affairs, trade secrets etc. from a single phone search.

Physical objects usually don't reveal this much at once and require a warrant. With a border phone search, there's no due process at all. If you're so afraid of bad actors that you're willing to subject yourself to this, you're free, but the bad actors have won.

So what happens if you move from country A to country B and bring all your personal papers, address books, photo albums, diaries, business records, etc. across the border (in a moving van, for example)? I really don't know but I suspect that no one takes the takes the time to read all those documents or to copy them for later study at least at most borders. I don't even know what the applicable law is for someone moving to/from US/Canada, for example.

What happens if you use the postal service to deliver your phone across a border? Are the same authorities who claim the right to search your phone if it is on your person at the border also claiming the authority to confiscate and duplicate your phone if it shipped/mailed? Do you have to put your password on a sticky note on the the front of the phone? And if you ship the physical device but transfer the data separately does that change the expectations?

It is interesting that condensing information into a digital format that can be easily duplicated and searched (before or after duplication) seems to change the expectations for the authorities and I think for individuals.

I think this is another example of the modern digital world/economy has left the legal system in the dust.

Your thought experiment raises a good point, but I think your conclusions are still wrong.

The boundary between what should be allowed and what should not be allowed has nothing whatsoever to do with the state of technology.

Freedom is not possible without privacy. As soon as you are in danger of privacy violation, you change your behavior. This is also known as self-censoring. You can already see it here in the forum: people report that they have nothing to hide, but they still reset their phones and use fake accounts when crossing the border.

What is particularly insidious about border control is that there is no legal checks-and-balances system behind it. Police cannot search your home without a warrant issued by a judge. Border control can search everything without any warrant.

In the past, you could yourself 'balance' this by not taking very personal things (e.g., a diary) with you when traveling abroad. But with our digital lifes, this is not possible anymore. You cannot leave your photo album at home anymore.

What makes it so much worse is that criminals can so easily circumvent this issue. They anyway use throw-away phones. They don't need to carry notebooks with them, they can just buy a new one on arrival - if needed at all - and download encrypted files from the Cloud.

So we now have established that border control has an unprecedented and uncontrolled access to our privacy. Shouldn't they be forced to prove that this pays off for our society? Please show me the cases of successful prosecution after digital search of a phone. To me, there seem extremely few of them. So it seems a high price for a marginal benefit.

You can't blow a hole in an aeroplane's fuselage with somebody's mobile browser history.

Customs is way too late to be worrying about blowing a hole in an aeroplane, given you've already made it to the border by that point.

Good point but obviously the technology would still be a problem earlier in the process, and it would still be an equally bad analogy at that stage.

To make the analogy complete, it needs to include a global mail network that accepts these magic boxes and transports them almost instantaneously at almost no charge, so that you could trivially avoid any requirement to show customs what's inside by mailing your stuff to yourself after you get through.

Can we also download physical objects after we go through the checkpoint?

You can already "download guns".


I would be surprised if that's not possible for drugs or explosives in 5-10 years.

Edit: Looks like they are already possible or at least on the way:



You can "download" crappy, not very effective guns. And you still need to obtain the ammo (the actually lethal part) the old-fashioned way.

I would very much be surprised if it becomes possible for drugs or explosives any time within my lifetime. Chemistry and physics just don't work that way.

I thought so too, but then I googled "3d print drugs" and "3d print explosives".

I think google doesn't censor results based on location? So you should see the same results.

Edit: To save your time and avoid polluting your search history:



Thanks, that's quite interesting.

Still, you do need very specific input materials for both processes.

In the case of the latter, you basically need a spool of explosive string. You're not so much printing an explosive as you are shaping an explosive into a desired form. I'm sure it's still very useful, but I don't think it's a particularly big game changer in the "smuggling things into a country" field.

I have a hypothetical question for you. Lets say we develop brain scanning tech. Should it be mandatory to perform a brain download to cross the border?

If it works, customs officers cannot find actual illegal contents, and criminals walk free through customs.

"Illegal contents", as in what? Unflattering cartoons of the president? A spreadsheet marked "cocaine delivery schedule"? Why is this on the alleged criminal's phone while she's crossing the border? Has she never heard of the internet? No real criminal could be caught by any of this buffoonery. Lots of normal people whom the state would like to harass will be harassed, while wasting a great deal of money, which is the point.

Unflattering cartoons of the president?

In Thailand, both tourists and locals can be severely punished for making fun of the King.

(I'd Google some links, but I'm on a dialup-speed cellular connection right now. It shouldn't be hard to find, though.)


Just another example of the different way in which speech/information is treated in different countries.

Haha yeah Beard Man should have left his laptop at home. Still, they must have been pretty confident in the evidence they already had when they issued that arrest warrant.

Real criminals are caught by this all the time. A lot of these guys are scaping the bottom of the IQ barrel.

But a lot of the agents will have MAGA hats in their car, so I probably wouldn't have unflattering Trump cartoons on my phone. Though I would love it if EVERYONE had 'fuck trump' as their phone background.

To be very honest, I find the methodology very similar to what drug trafficker would do to hide their drugs.

It's a shame that people now have to guard their privacy like drugs.

it's a shame that people had to guard their drugs! and now their privacy!

Drug traffickers hide their drugs in an encrypted partition?

No sane criminal would bring illegal electronic data with him on a physical device... He'll just download it when he gets there.

No smart criminal would. There are lots of dumb criminals, though.

Yes, and am not willing to have my privacy violated for dumb criminals.

OMG. Just use two SSD's and turn off second in the BIOS.

Or use same technique as Chinese fakers are using to create fake flash cards or SSD's: just reduce size of drive directly in the controller.

... if your laptop has space for two SSDs

Hidden partition flag, then. Or just dual boot with a secondary system as default; either a live os image (linux) or installed on a vhd (windows).

You could probably just remove the partition's fstab entry to get past most border searches. Or store the data in what appears to be a swap partition.

> It’s impossible ... to prove

Not after they subpoena this HN comment. ;)

>Not after they subpoena this HN comment. ;)

Anyone subpoenaing this comment would discover I post on HN exclusively over Tor :)

I'm behind three proxies!

We know ;-)

As technically exciting as this is, i would probably just bring a burner laptop, installed with a a default Debian install on a properly initialized LUKS partition, and a weak password, and a USB drive with a Debian install.

Once inside customs, i'd verify the SHA1 sum of the USB drive image vs. the one on the Debian site, and reinstall the machine, setup a VPN back home, and pull the data i need onto the machine.

Repeat the "dummy" install when leaving the country.

Note that this requires using dm-crypt in plain mode, which allows only one passphrase, doesn't perform any passphrase mangling or salting, and performs no passphrase checking on decryption. It requires one to re-enter exact parameters, and an improper passphrase will happily give bunk data.

Secondly, high-entropy data is evident at even a courtesy glance - normal computer and filesystem operations do not produce high-entropy data on disk, therefore a large portion of high-entropy disk data is highly suspect. The author discusses this in detail in sections 2.4 and 5.2 of https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAsk...

True, but the default parameters of cryptsetup are quite secure with a high entropy password and they are seldom changed. A volume opened with the wrong password will fail to mount with no ill effects, you would just crypysetup delete and then re-create it again with the right password. I've addressed at length the other issues above, initializing an encrypted drive with random data is a widely recommended countermeasure against attacks that exploit the way the filesystem allocates sectors, VeraCrypt does it by default and many graphical setups for Linux offer the option for encrypted drives.

You should write a blog post explaining how to set this up in a little more detail.


I'd be interested in hearing more about this as well.

> cryptsetup -o 100000000 create boot /dev/sdc3

Be sure that doesn't get into your .bash_history

>It's impossible for any court forensic team, let alone an airport goon, to prove there is actually another partition inside the outer encrypted partition

booting into a 50 GB partition on a 512GB SSD isn't suspicious?

Nah both partitions are 500GB... it's just that you avoid writing (or filling up) the "outer" partition so the "inner" partition is never overwritten.

how do you ensure this? afaik ext4 scatters its allocations across the partition, so it's only a matter of time before an allocation for a syslog entry wipes your .ssh/id_rsa

Colocating both roots on the same partition spells disaster, you will absolutely clobber data when the outer system boots. I have detailed in another post that the correct way is to put the sensitive root inside a largely empty decoy data partition, and no longer write there (but you can update timestamps in place).

Needless to say, using these schemes for SSD drives requires special consideration in regard to trimming.

Until you run fstrim?

Find me a member of the TSA who can explain the significance of that sentence let alone catch it in practice then we can discus the viability of it.

It seems to me this would fix the larger problem most the time.

as someone else mentioned, the only reason it works now is that very few people does this. if this starts getting popular, i guarentee that TSA is going to check for hidden partitions, patched kernels, suspiciously clean OS, etc.

i guarentee that TSA is going to check for hidden partitions, patched kernels, suspiciously clean OS, etc.

How would they hire enough manpower smart enough to do that?

They'll just buy an eyewateringly expensive tool from Cellebrite (or their ilk), then let the minimum wage goons loose with it...

"Hey Hank, the machine says we've got another hidden encrypted partition, go get the rubber hose..."

The outer partition fills the entire SSD. It just happens to use a filesystem that packs its data from the beginning of the partition. So long as you don't ever use more than 50GB at a time, the inner partition is safe.

You can patch the kernel to report the full size, I guess.


Like we've asked before, could you please start commenting in the spirit of this site, which is to gratify our intellectual curiosity? Gratuitous inflammation doesn't belong and will get your account banned.


Since you are here already, maybe I know why is the author of this comment not given warning or ban for personal attacks?


We don't see nearly all comments, even if we post in a thread. If you notice such things the best thing to do is email us at hn@ycombinator.com so we'll be sure to see it.

"One has not only a legal but a moral responsibility to obey just laws. Conversely, one has a moral responsibility to disobey unjust laws." - some U.S. citizen. (MLK, Jr.)

> If you pull this stunt in the USA, I hope you enjoy your five-year sentence in federal pound-me-in-the-ass prison and the effect that the permanent felony conviction on your record will have on your employment prospects and the exercise of your civil rights. Misleading, or concealing information from, a federal agent is a felony.

If this is the line of the argument, then why is the search done at all? I am perfectly fine telling an agent of the state "No sir, I do not have any illegal data on this device" - fully knowing that a lie is conducive to imprisonment. What I object to is the search itself, which by the way, is unlawful under the US constitution.

you say nothing to that agent. not a word. you give them your password if the insist and that's it.

It's troubling to watch one of the most amazing places on earth transform itself into a totalitarian purgatory.

Access to physical phone/laptop is only the first step -- mark my words. Big Brother's bureaucrats are never satiated. Next, we will have demands for passwords and unrestricted access to : email, facebook, photo sharing, hacker news posts, social media, etc.

I see sudden spike in the market for burner phones. ANd a long-term opportunity for a company that can create a "burner" social media profile.

totalitarian purgatory

Nitpick: in Catholic dogma purgatory is a place of purification, those in purgatory know that they are there for a reason and only for a certain time, afterwards they enter heaven. Hell on the other hand, is for eternity and ugly. That's why the two are easily distinguished in their iconography, both involve imagery of flames, but souls in purgatory look joyful and those in hell look despondent.

Honestly, thank you for explaining that. It's nitpicking, but i don't think learning is ever a bad thing.

sounds almost exactly like going through customs at the border.

Which one, purgatory or hell?

They share a common border.

Thank you very much for the explanation,

Perhaps limbo would be more apposite.

For others saying something to the effect of "we let them search our X already, so the phone is a logical step and not a big deal," you've already given up your expectation of privacy, so you can't understand why others would want to keep it. This is the slow creep of the state with concomitant erosion of liberty.

In a few short years, you are the ones who will be justifying any of the following on grounds that "they already do the less-invasive thing, why not one step more?"

- Mandatory fingerprinting (USA does this for foreigners in some airports)

- Declare all cash, declare all crypto (with addresses / xpubs)

- Bank account logins

- Register electronic devices / install software trackers

- Hair sample for drug testing

- Cheek swab for DNA

- Blood draw to check for diseases / drugs / DNA

The Feds will already have most of this information now.

They've long had your bank account information (thanks to the PATRIOT Act). They probably have trackers installed on the chipsets of devices, but ignoring that, we know they are capable of intercepting most internet traffic.

Most people have their fingerprints taken, either as the result of a run-in with the law, legitimate or otherwise (clerical error). Or because they were incentivized in some manner (TSA Precheck). Federal IDs are rolling out now too.

    > I see sudden spike in the market for burner phones. ANd a long-term opportunity for a company that can create a "burner" social media profile.
I am sure that some folks will try those things and it may work for a while, but the way things are going, it's not going to matter whether you bring your device, a burner, or nothing at all. All it will take is one more 911-like crisis and inevitable fear-mongering.

Then, your online profile is going to get mined along with everyone else's, continuously, by multiple state-level organizations who cooperate with each other-- whether you've booked travel or not.

By the time folks get to a border it will just matter of diverting anyone with a "red X" next to their name.

I have spare factory-reset phones and laptops for family/friends who visit - in case they choose to travel without devices.

I was in Wellington during the GDPR protests. Instead of arrested and fining those who illegally searched and handed over Kim Dotcom's servers, they just changed the law to make it all retroactively legal; making spying legal on all citizens.

At least they banned software patents.

Lets not get too excited. There were about 40 million passengers transiting NZ airports last year, according to Wikipedia.[0] The article says roughly 540 devices were searched in the same time period. That's 0.00135% or basically a dozen people per million being searched.

That hardly seems like totalitarian overreach. In fact it seems quite restrained and pretty reasonable - and presumably must be intelligence led, since I rather doubt they are doing this at random...!

0. https://en.wikipedia.org/wiki/List_of_the_busiest_airports_i...

This only applies to those passing through international customs, under 4 million arrivals last year, half of them Australian, who bypass customs anyway.

Searching for the 540 figure it appears to be mobile phones only, there was another 300 computers. So ~840 searches for 2 million people.



I agree; your 1 in 2500 figure gives a slightly different picture of things... About 30x as many travelers being searched.

/* I guess adding mobile and computer searches is wrong though, since some sizable fraction of computer owners have a mobile and would thus have had both searched. So maybe 650-700 searches? Doesn't change the magnitude of the resulting figures much, I suppose. */

Umm, no, Australians don't get to bypass NZ customs. What if we had some seeds or dirt on our shoes? Or <shock> some fruit?

But yeah there wouldn't be many searches.

Wait until they get more efficient at it. This kind of thing can be highly automated with software that only has to within a tuned degree of certainty determine who else needs additional screening. You can tune this precisely on how many humans you have around at a given time and can facilitate the "Enhanced search" of the devices.

Has anyone taken a steganographic approach to this? Just have a bunch of pictures of cats (or something more believable, like porn) in a partition, then you overlay sensitive data (encrypted). So you don't have a mysterious partition that is easily found. Obviously you can't store a ton of data that way though. You could even take the same approach with the program itself, hide it inside something else. (I imagine it would still be detectable by someone sophisticated enough, but might make it more difficult)

As a "stupid thought experiment" that's a fun thing to consider. (Somewhere I've got a proof-of-concept perl script that steganographically embeds PGP encrypted messages into an image of the FBI logo and posts them to Twitter. I would not ever actually use it in anger... I still have the private key for all my test/gag posts, just in case I ever need them...)

But if you're _actually_ crossing a border into a country where there's internet access, why would you risk carrying any data that you wouldn't put on a postcard across that border? If you need it, download it after you've got there.

Right but there will be just be a law that specifies anyone trying to purposely circumvent the search will be accused of a felony. Of course the vast majority will agree because of "safety" and "if you have nothing to hide...".

The next step here is to ask Google to have an API that, when plugged in and password is entered - just downloads and "verifies" your data for compliance. Bit by bit all the freedoms will be eroded.

The step after is an "express pass" that has you download software that constantly monitors your usage and uploads it to TSA and related. Helpful widgets and dashboards will be available to see at what level of compliance you're at and used like a credit rating for participating in society.

"At first I did not say anything because they were only after ...."

While I know they have such imbecile laws, I just avoid visiting this country.

Sadly, if your username implies Australia instead of not-in-Kansas-anymore - we're almost certain to get even stupider laws than this fairly soon...

Sad but true... Mostly they sneak them in during Finals weeks or other distractions.



They are clearly clutching at straws using the story about the rapist as a reason to want no judicial oversight for the ability to spy on all citizens. Why can't they get the messages from the teenagers phones, if they know they were sent?

In other words, there is a 0.00135% chance you will be fined $5000.

...anybody wanna sell insurance?

On the other hand let's not get complacent.

At all.

Factory reset and wipe your device before travel, and restore when you get to your hotel. I’m a privacy nut and while this is a disturbing trend there exist straightforward work arounds.

EDIT: I do this all the time and it’s not even remotely difficult or a big deal.

>there exist straightforward workarounds Exactly and that’s why this a problem. This law will never catch anyone that actually is troubling for NZ because anyone who is shady, already uses some workaround.

Now it will only bother and waste time of people who are serious about their privacy to apply this workaround as well.

Nail on head! This does not increase real security and it is a real privacy violation. Dumb lose lose authoritarianism. Disappointed that smart Kiwis do something so dumb

While I don’t agree with this law, it’s not dumb. Security is about defence in depth. A determined attacker might have a way around this law, but perhaps not every criminal would know about this method, or think to use it.

It’s easy to scoff at blunt-tool laws because you can think of a way to undermine them. But law and society are built on a patchwork of imperfect systems which can individually be broken, undermined, manipulated or worked around. In aggregate, they do achieve some semblance of a result, because they are layered together - even if each one alone provides only a marginal element of security.

This will probably be another tool to catch unaware (and generally desperate and uneducated) drug mules. The ones some gang managed to convince to swallow a couple hundred baggies of cocaine.

I guess that helps the country's well being but hardly a violent target.

As long as you don't let them plug it into anything and it doesn't leave your sight, that should be fine. As soon as it leaves your sight or they plug in a hack-yo-phone box, you might as well throw the phone away. Who knows what zero-days they can stash on there.

Treat devices as volatile cache rather than permanent storage.

Yea, if I was a terrorist, that's exactly what I'd do. That's extraordinarily inconvenient for me as a regular tourist.

And how do you restore the phone? I assume you travel with a laptop? What happens when they want access to the laptop?

iPhone + Chromebook / other laptop, wipe everything to factory defaults before encountering customs. Use full disk encryption.

Login to a cloud server that has your backups / restores / setup scripts / data. Preferably encrypt those backups before you upload them to the cloud server.

Only reason why I don't do it more frequently is it's a pain in the ass. I've been fairly impressed with iOS's backup restoration system recently.

Only had to log in to a specific set of services for everything to be back to normal.

This system is definitely a great way to test your backup restores!

Also: Don't use email for any semblance of secure communications.

>Login to a cloud server that has your backups / restores / setup scripts / data. Preferably encrypt those backups before you upload them to the cloud server.

>Only reason why I don't do it more frequently is it's a pain in the ass. I've been fairly impressed with iOS's backup restoration system recently.

Interesting! My gripe is I haven't found a way to do a cloud backup of an iPhone w/o putting the data in iCloud, which I do not trust.

I'd prefer to make my own backup which I store/pull down manually... is that possible?

My assumption is that if a country is nosy enough to want access to a device, encryption is irrelevant since they'll just demand a PW, so ideally I'd like to wipe the device then pull a backup down later.

You can do an encrypted backup of your iPhone via iTunes, archive it and then move it to whatever you want to. You can also put that backup inside some sort of encrypted container before you upload. You might feel like its redundant to 'double encrypt' your backup, but iOS wont back up a bunch of stuff if you don't encrypt the backup, so you should still do it.

You can also use some sort of E2E backup software like arq or restic, dig through it's archives and download your iphone backup that way.


Do you always stay at places with high bandwidth available?

No I don't, so I might be not doing a full restore. If I'm on vacation, I might only install a few apps and risk my vacation photos being snooped on by customs coming back. Or I might pre-download installer packages and if I'm very paranoid verify their hash values online later.

Happened to my friend when we were crossing, freaked me out. He's actually a dual citizen of U.S. & Canada! I am an iOS user. My thought was to just buy an older iPhone with a cracked screen (anything that uses the same SIM style), use it with no data, and put the SIM back in your stowed-away primary phone after crossing.

How do you do this with an Android device without spending hours restoring it?

The only thing I can think of is to make a full backup of /system, /data (and /sdcard) with something like TWRP, move it to a small, encrypted usb drive (bonus points if the partition on the drive is hidden and there's a legit partition as a decoy). Then you just have to restore from your backup, which you would already have locally. Save the backup elsewhere before you leave home if you don't want to lose everything if the usb drive is lost.

That is all a major pain in the ass and, as others have pointed out here, those that want to do harm are likely already doing this. I wouldn't expect normal folks to be able to do this, nor should they have to in order to preserve privacy.

Or even iOS. Just downloading all the apps takes many hours on a fast connection. Restoring 2FA is also a PITA

And when I travel, I usually stay at hotels which means crappy internet.

I consider a few hours restoring from a backup while I sleep to be a pretty small price. To some people this might be a huge inconvenience, I suppose. I mean, think about it: Hours without access to Instagram. HOURS!!

When I arrive at the airport I use my phone for maps, my travel info, my contacts, my reservations, busses, trains, taxis, uber, messages with people I'm coordinating with, my travel notes, etc...

Or are you suggesting I should camp out in the airport for a few hours to restore my phone before I can figure out where I'm going and get ahold of my contacts?

Oh let me guess. Your solution so to print those contacts and maps (oh, no GPS to figure out where I am on that map) and use a pay phone (because I still need to re-install the apps I'd normally be using to contact people). Heck, I don't actually have phone numbers for > 90% of my friends. I just have them on Facebook, Line, WhatsApp. The only people I have phone numbers for are for people who've been friends longer than about 15 years, in other words before messaging

Maybe I’m just too old or unimaginative, but none of these objections seem like serious showstoppers to me. This is straying far from the original topic but now I’m curious: How would you survive if you were to accidentally lose your phone while traveling, or if it got stolen? One can (and should) be capable of being a functioning adult without a cell phone.

Why is this about survival? My commute to work is 20 miles. I drive because it's convenient, quick, and practical. I would survive without a car. I could walk for 6+ hours, work for 8 hours (snacking while I work), and then walk another 6+ hours back home. Or I could pitch a tent in my office parking lot and just live out of it during the week. It would be shitty survival, but doable, right?

It's absolutely possible traveling without a smartphone. I've done it plenty of times before smartphones became a thing. But smartphones make it so much easier.

This discussion is about taking a phone with you while travelling and be secure from border searches. Sure, you can leave the home but this is not the point of the discussion.

These are all problems you have created by over-dependance on a single point of failure.

It's honestly kind of lazy not to take precautions, particularly when it's that easy - you've already listed out exactly what I'd suggest, and it's how people muddled along for decades in the before-times, more or less successfully.

I would suggest learning how to read maps. It's really easy, especially in urban areas. Find the nearest intersection, and look where it is on the map. There you are.

What a condescending comment.

How about not having a stable connection? That's something I encounter a lot where I travel.

So it might take a little longer. Who cares? It’s a phone.

Requires root in my (limited) experience. TWRP + Titanium Backup does the trick pretty quickly.

I did that for a while. But it's still quite a bit of work to get the phone ready after it has been wiped.

Restoring an Android phone from N or later is very fast, if you've taken a moment to enable auto-fill. You still have to sign in to apps with the auto-filled credentials, but I prefer that to synced access tokens.

> How do you do this with an Android device without spending hours restoring it?

There are plenty of backup tools available on the internet, this isn't really a problem with Android. Personally that's what I do each time I travel abroad. Both because I might loose my phone/laptop and because on can never be sure what software/content is legal(or not) in this or that country.

Some people got jailed abroad for content/software that would be deemed legal in my home country, on their computer.

"There are plenty of backup tools available on the internet, this isn't really a problem with Android"

Name one and describe the process. So far everything I have tried takes hours and often loses a bunch of settings that need to be restored manually. It requires significant amounts of work. Also it seems most tools need a rooted phone

> Also it seems most tools need a rooted phone

A minor inconvenience given the legal risks. If you don't want to deal with that just get yourself cheap used gear dedicated to travel purposes.

You still haven't named a single tool or process.

A simple search on Google will yield plenty of results, if you are not willing to do that or even explain which solution you tried yourself and what failed, I'm not going to waste my time recommending an alternative solution to your problem either. In fact I just provided you with another solution which you didn't bother acknowledging.

I have done plenty of research and I couldn't find a solution to backup and restore an Android phone quickly without losing all kinds of data and settings.

I have used the built in backup to Google and noticed that restore takes many hours and a lot of apps lost data and settings. It took considerable effort to get back to normal. Definitely too much work to spend on my first day of vacation.

A burner phone may work but then you don't have access to all your data.

`adb backup`. All you have to do is turn on developer mode to enable adb, root is entirely unrequired. You might need to log into accounts again, I'm not sure. Do note that this can take a while, depending on whether you back up your sdcard and how much storage is in use. You can choose to backup individual apps, or everything, to use encryption, etc.

If you install TWRP recovery (root is only required for the installation, not the maintenance), you can do a full-phone backup.


The problem is that a full backup on Android requires root, which breaks a lot of security guarantees and isn't even always possible. As far as I'm aware, there is no possible way for me to backup my non-rooted phone, wipe it and restore is as if nothing happened.

In the UK and NZ they're already looking to stop people from buying burner phones with cash.

Bringing a blank phone with you isn't really a problem, but getting a local SIM can be.

> getting a local SIM can be.

I just picked up a new one for a work project at the local supermarket yesterday - $1NZD.

In Australia they have to record the details of the person buying the phone, but suffice it to say that relying on someone making minimum wage at a supermarket to enforce national security isn't particularly effective.

Just buying a phone at the supermarket doesn't make the SIM work.

When I registered my last SIM, I did it online and they wanted Drivers Licence number and a lot of other info that I felt was quite a lot just so I could use a phone.

Yeah they try to track when people have lots of phones registered to them. But last time I did it they were not able to correctly validate international passport numbers. Or you could just buy validated sim cards from poor people or international travellers.

Which provider? I noticed (too late) that the airport SIMs have special overpriced plans. I'm used to paying ~$10/GB for data in Australia, it seems to be about double that in NZ without going on a plan.

I bought a 2 degrees one, but I'm pretty sure they had Skinny and Spark as well at the local New World. Easy to setup with just a credit card, or could've used one of the voucher cards which I'm pretty sure can be bought with cash.

Both here and in the US, I've found that airports usually are not good places to get SIMs - there seems to be some agreement whereby the expensive ones aimed at tourists are all that's available. Supermarkets or department stores tend to be my go-to.

I went to NZ fairly recently and I went with Skinny Mobile. It was 10G for $46 - 28days (Ultra Combo). No idea if it's still available or not.

It automatically renews though, so I had to remember to cancel it when I left.

Come on... 2nd hand phone you can buy from gumtree for cash.

But you still need a connection. They practically want a blood sample when you try to register a SIM.

question: what countries on border entry can demand usernames/passwords to online services?

All countries can demand it. They are sovereign.

Are you asking which countries do demand it?

I think you should read that as: "Which countries have laws which allow border inspectors to demand usernames/passwords to online services?" Those which do demand it are a subset of those which can demand it.

Your sovereignty argument is such an extreme interpretation of the question that it's almost certainly not what plg had in mind - if plg did have it in mind, then I find it hard to believe that question would have been asked in the first place.

Consider the question "what countries on border entry can draw and quarter entering citizens?" Your viewpoint seems to be that the correct answer is "all of them", yes?

Laws are irrelevant.

What are you, the individual, going to do when a border agent takes your device and demands your password? “We’re just going to take this for a few minutes, what’s your password? Oh you won’t tell us? Sit in this room for 400hrs. Ok, thank you, you’re free to go, enjoy your stay.”

Nothing. There’s nothing you can do.

Lodging complaints after the fact doesn’t unviolate you.

You can be a renown children’s author and the best you can hope for is an apology.


And that from an ally. Not just any ally, Australia is the US’s best friend.

Depends on whether you consider the ICCPR and in particular articles 6-8 as superseding country sovereignty or not.


That would be hilarious:

Room Temperature IQ Goon (RTG): Give me your facebook password

Me: I don't know my facebook password

RTG: How do you login?

Me: I have a service to hold all my passwords

RTG: What is that service and what is the password

Me: Lastpass, but I don't have the second password

RTG: Second password?

Me: Yes, it requires me to use a U2F token to generate a second password

RTG: What is a U2F token and give it to me

Me: I leave it at home for security

RTG: Give me your phone

Me: Hands over 3310

RTG: Your real phone

Me: I don't travel internationally with a phone that have any data on it that I care about.

Of course the real solution is that I don't travel anywhere.

Your fantasy scenario (oh so satisfying) is very similar to this: https://xkcd.com/538/ Consider the truth therein.

> Of course the real solution is that I don't travel anywhere.

That is considerably more realistic, sadly.

Yes I was asking which countries are known to routinely demand login credentials for online services, and I don't mean who does it for a small number of persons-of-interest but I mean who does it routinely?

> All countries can demand it. They are sovereign.

"Sovereign" is a fancy word that boils down to, we have enough police- and/or military power at our disposal that we can force you to do it.

No; you are never forced to visit foreign countries. It's more along the lines of: you want to visit, you play by our rules.

Or in the case of a citizen of said country it’s, “you want to return home, play by our border rules, and btw you have no citizen rights because the border isn’t the country.”

Can a border agent refuse entry to a citizen of a country?

> It's more along the lines of: you want to visit, you play by our rules.

PoTAYto, poTAHto

The EFF might have some resources that answer your question.

Twenty years ago, Nicholas Negroponte pointed out the irony that when he passed through Singapore customs, they searched his atoms but not his bits.

Is being searched before you get on a plane or enter a customs checkpoint some kind of hideous infringement of your civil liberties? No!

There’s no problem with this in principle. The problem is that it’s silly, and it causes a privacy and security violation while not accomplishing anything.

Hey Tloewald, please don't pretend to speak for everyone when you say "being searched" isn't a problem in the first place.

It's not a problem for you, fine. I'd ask you to let me search you but that'd only be to prove a point, so by all means keep accepting it. But when you say it's not a problem, you do not speak for me.

It's pointless, degrading, and above all it's sad that you and many others accept it without questioning it.

The principle here is people can agree to surrender some of their privacy for safety. The problem isn’t that searching my bits is a greater violation than searching my atoms, but that it’s not useful. Right now there’s no pattern of bits I can carry with me to blow up a plane and in any event I could easily bypass the search.

I’m not thrilled by the social contract, but it’s a good deal more convenient than driving across country.

I'll sometimes surrender some privacy for some form of safety or convenience, but that safety/convenience has to exist, not be theoretical.

Positive example: I use Google Drive. I know full well Google could read and analyze all my shit if they wanted to. I surrender to that possibility in exchange for the very cheap and convenient online storage I get.

Negative example: Fuck the TSA and all its theatrics. Those aren't useful. Please do convince me they are; I don't see anyone even trying to pretend they are.

> Is being searched before you get on a plane or enter a customs checkpoint some kind of hideous infringement of your civil liberties? No!

Of course it is. We're simply used to it, because we're sheep and cowards. But it is. Searching everyone, without probable cause or reasonable suspicion of anything, is a violation of civil liberties, and of basic human decency. It's also pure theater and useless.

And because we have accepted this, other privacy agressions seem justified.

It is an infringement. I certainly don't think I should have to explain everything in my bag to little hitlers.

I'm willing to entertain arguments that it is a worthwhile trade-off, but we must acknowledge that it is an infringement on everyone's rights.

Every additional infringement should come with a justification, an analysis considering whether it will be effective, and a harm minimisation strategy.

Searching me for the means to harm people on the plane, bring it down etc is one thing.

Searching everything I've ever said or done online, my personal photos etc etc. is an entirely different proposition.

There are huge problems with this in principle!

> Is being searched before you get on a plane or enter a customs checkpoint some kind of hideous infringement of your civil liberties? No!

No. But they are looking for items that would make the flight unsafe, as well as controlled substances.

If they are searching your bits, they are not looking for either of these things, they are looking for thought crimes. Not only now, but in your past.

There is a big difference.

Riddle me this - what is the alternative? Don't look at a phone? Why do we look inside suitcases? Why have the concept of customs?

We search things across borders for things our country does not want. We don't want drugs. We don't want fresh fruit (which will trip up more people than drugs).

We don't want child porn. And if a phone is a container for that content, we want to be able to explore the container.

Of course, there's a million different ways around this. Get burner phones. Store content in the cloud. Have seven firewalls. Whatever. But that doesn't change the concept of inspecting things across a border to make sure things we don't want, don't come in.

And if that's a totalitarian purgatory, then name a country (or external border for the EU) that isn't a totalitarian purgatory.

I get your point....but a similar and more worrying thing is happening at the Canadian/US border right now.

Entry to the US can be denied (for life even) if the customs agent suspects the traveler has involvement with Cannabis.

That includes having investments in Cannabis companies.

So if the take my phone and find any information on it connected to Cannabis I could be barred FOR LIFE from entry into the US.

That means that I am leaving a country where that is legal, and entering into a state that it is also legal some border gaourd can ban me for life - even if all I did was search for "Cannibis legal in Canada".

Where does it end?

That objection seems orthogonal to the point though. The US could make it so that owning a blue shirt means you are barred from the US for life. They open up your suitcase and find a blue thread.

Ultimately it's the law itself rather than the enforcement of it that you're objecting to.

Cannabis use is considered a “crime of moral turpitude”. So it’s legality elsewhere is irrelevant to the US.

However your scenario is inaccurate. Just as having a google search about murder weapons won’t bar you for life neither will search history about cannabis. They may ask why your interested in it... But learning about a crime is not equivalent to commiting the crime.

Even just having investments in Cannabis stocks can cause a lifetime ban https://www.ctvnews.ca/canada/why-investing-in-pot-could-pos...

>Even though Znaimer didn’t admit to personally using pot, he was given a lifetime ban anyway because of his investments in U.S. marijuana companies, he said.

>In one case, Saunders said an Edmonton man received a lifetime ban from entering the U.S. simply because he was a part-owner in a Colorado building that leases space to a pot dispensary.

So what is stopping them from denying entry due to search history?

The rationale in the US law is that the crime is an equal moral failing to murder. That may be irrational to you and I, but that is the law.

Just as being an accessory to murder would be considered "very bad" so too would supporting cannabis use in any way. According to US law he is investing in a criminal enterprise, similar to funding a cartel in Mexico. The law doesn't match the common person's perception of severity, but the US border guards will enforce the law as written.

Again, none of this prevents you from merely learning about cannabis. It requires action of some sort to further the use of it.

By that logic, if you owned property that was rented by a murderer, you should be banned as an accessory to murder. It's absurd.

Its more like leasing a room knowing it was Dexters kill room. That said I'll go no further justifying US pot laws. But the failure is in the severity assigned to the "crime", everything that follows is rational if you accept the premise that it truly is akin to murder.

This is kind of thing is not new. Canada doesn't let people with DUIs enter the country. They also inspect electronics and have for a number of years.

And marijuana is not legal anywhere in the US at the moment. There are simply some states that don't have state level criminal laws associated with marijuana.

> We don't want child porn. And if a phone is a container for that content, we want to be able to explore the container.

I could be 100% wrong, but I feel like you could check every digital device entering the country all day with 100% accuracy and have less than a 1% impact on the amount of child porn (or any other digital contraband) being trafficked.

What about "probable cause" or "innocent until proven guilty"? Why would I have to accept being strip searched without a warrant?

Given the content of most people's phones, a file by file phone search should be considered at least equivalent to a strip search, maybe even a cavity search depending on how freaky the person gets with their selfies.

Worse still is it's a nonconsensual, uninformed strip search of any sexual partners that person has...

At a border, you have no rights.

But I wonder why. If I am a resident of a country, why is that my rights suddenly go away at the border? Why is it that I have rights when I step out of the airport but when I am in it, I have no rights.

I am not criticizing what you said, I am curious.

Because they can. Civilisation spent centuries building up rights and due process, and then the authorities suddenly decided none of it mattered in this specific context because we let them. We should be livid. It's an absolute disgrace and an embarrassment to post-enlightenment humanity.

I can't use the visa waiver program to travel to the US because I was arrested once. Not convicted of any crime, mind you, just arrested. In the rest of society it's a pretty strong principle that guilt is decided in courts, not by police officers. No matter: anything that makes you seem less than the lowest possible risk is enough to deny you something. No presumption of innocence, no visa waiver program for me.

My girlfriend's mother has applied for a family visa that would allow her to immigrate to my country (where her daughter lives) permanently. The application takes several years. In the meantime she applied for a tourist visa to visit us for Christmas later this year. It was denied. We can only speculate why, but of course I suspect that since she has demonstrated a desire to immigrate permanently, the authorities consider her at risk of overstaying the visa. A mother who has done nothing wrong can't visit her daughter for Christmas because of this, and it makes me furious. She has no intention of overstaying: if this is why they rejected the visa it is again an assumption of guilt instead of one of innocence.

I wonder if there is any way to make it an election issue in any country. Parties seem to be unanimous on the topic, and most people don't travel, so it's probably not much of a pull for votes. Influential people travel more though.

> Influential people travel more though.

And probably have sufficient influence to sidestep most such problems.

Clearly the U.S. political system isn't interested in anything that sounds like weakening border security. I think we're all going to be suffering indefinitely.

Which is something we should never have accepted in the the first place, and something that should change immediately.

That's not true in many countries.

Yes, that's the actual problem.

One of the problems with this is that it is trivial to evade for someone intent on serious wrongdoing. A person who manufactures child porn for money, for example probably won't use their phone to transport it across a border. They'll transfer it over the internet, most likely in a surveillance-resistant manner.

Instead, these kinds of searches catch people who don't know they're doing something illegal, or who the government finds undesirable due to their associations or business activities that are legal in their home jurisdiction. They may also be used to map out networks of contacts.

I do not want governments doing the things in the second paragraph.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact