Hacker News new | past | comments | ask | show | jobs | submit login
Canada Border Services seizes lawyer's phone, laptop for not sharing passwords (cbc.ca)
950 points by cpncrunch 11 months ago | hide | past | web | favorite | 457 comments

>Wright refused, telling the officer both devices contained confidential information protected by solicitor-client privilege.

>He said the officer then confiscated his phone and laptop, and told him the items would be sent to a government lab which would try to crack his passwords and search his files.

Can this be used to get whatever case(es) he was defending thrown out because solicitor-client privilege was violated or parallel construction was used?

This and related edge cases are something that I've always wondered about e.g. where compliance would be illegal. There are a number of scenarios where one can have content on devices that it is expressly illegal to disclose to random border police. Even within a single country, there is a conflict of authority here.

When I was a grad student I worried about this, since I was required to keep study participant data and student data confidential.

Sounds like this lawyer arrived at the same plan I did:

Refuse the request, file a lawsuit, and contact the media when released to shame the government that saw fit to violate my rights.

Encrypt the data (probably easiest way is to use encrypted 7z archive), memorize the password, upload the encrypted data into any cloud storage (e.g. Google Drive) and don't care about disclosing anything on your devices.

For work data such as the lawyer in the article I would recommend go one step further and not having the password in the first place. You can achieve this by for example having the server admin at work remotely unlock the device at request, have hardware tokens at trusted locations, or software that provide similar effect. No amount of $5 wrench or legal threats can change the situation as it not in your hand to give them access, and you can helpfully give the path forward for the officers to follow. Even better if you have a written company policy with you which spells out that employees don't have capability to unlock devices during travel.

For confidential work data, unless there is a reason it needs to be used disconnected from the internet, it would be better if it was simply never on the laptop at all. The workplace could just use virtual desktops that never leave the company’s IT infrastructure, but are remotely logged on to from whatever device users need to work from.

How 5 dollar wrench won't work in this case? Isn't administrator going to follow his order, so he can made to call the administrator and reset keys etc..?

The value of the trick is just in pushing access control outside the situation.

Border services generally have extensive but constrained powers - in the US, they're limited in how far from a border they can exercise authority. So they don't get to arrest the administrator directly, or go and confiscate an access key sitting in Edmonton. They can still demand that whoever is at the border arrange for unlocking, and can probably seize the device if they're refused. But the threat "we'll lock you up until you open the device" is potentially legal, while "we'll lock you up because as a hostage until somebody else opens this" has far less merit. (Obviously, none of this applies if you go someplace where actual hostage takings might happen.)

If the administrator says "I need physical access to unlock that" or "our firm's policy says I can only open devices once they're at one of our offices being used for billable hours", there's no one handy to apply the wrench to. At that point, confiscate-and-image is as much access as anyone can hope to get.

This assumes you can get the wrench close enough to the admin. If they are in another country, one that is outside of your jurisdiction you'll have a hard time applying your wrench.

The wrench need only be applied to whomever tells the admin to unlock the archive. In a manner that the admin is likely to accept the request.

This is where duress codes can be useful.


Drill those, though.

Under stress, people fall back on learned patterns.

The usefulness of this "trick" relies on not having the _data_.

They aren't going to hit me with a wrench for the decryption password to a cloud-stored blob that's not on the device (and ideally, one they don't know about. Remember the password and the location of the data. Remember to secure-delete it from your device though. There should be an easy "prep for border crossing" checklist that includes this.)

Like, leave a private key at home and encrypt your drive with the public key before crossing the border? Yeah, at that point you are powerless to do anything until you are at home.

But what's the difference? The end result is the same: your device(s) are confiscated and they attempt to brute force the password. Telling an officer that you cannot give them the password because you did some techno-mumbo-jumbo is just going to piss them off and make them assume you have "something to hide" because "no honest person would go to those lengths".

Yes. This thread is full of people proposing inventive technical solutions to genuinely prohibit your own access to the device while you're going through customs, as if border patrol a) knows the difference and b) gives a damn. These are all functionally equivalent to "Um, I forgot my password." (Or, if you wish for a more plausible but equally ineffective excuse, "This is actually my mother's laptop; I'm bringing it to her and I don't know the password.")

If an LEO (claims to) need access to something and you give him a dead end, it's his job to assume you're lying and find the next legal option available to him.

The real question you should be asking yourselves isn't "How would you outsmart the caveman cop in this situation?" Rather, it's "What can/will you do, as a citizen, to resist the erosion of our civil liberties?" Sadly, I have no easy answers here.

> it's his job to assume you're lying and find the next legal option available to him.

Not sure where you live, but in the US it's actually his first and foremost responsibility to uphold a constitution that says that people are free from unreasonable searches and seizures.

Well, in a country with a for-profit, for-"performance" law enforcement system, where prosecutors are paid by how many people they put in jail and cops are paid by how many traffic tickets they write, do you really think some paper from 1787 is going to have much influence on a TSA agent if their paycheck depends on sorting out as many "bad guys" as possible?

The Canadian constitution (specifically the part of it called the Charter of Rights and Freedoms) guarantees the same right, however, constitutional rights in Canada are granted only up to "reasonable limits". Those limits are determined by the Supreme Court.

> people are free from unreasonable searches and seizures

I want to say "clearly you have never used US customs", though I suppose it's possible you have and you are just very lucky.

Oh you should try that at US border. Let us know how well it worked out...

Spoiler alert: If not cooperating, then BPO not friendly; Else, please proceed.

better solution access stuff via ssh graphically another desktop machine for all work and browsing...last access remove the ssh key

than when CBP ask for password give it and watch them search the laptop..

You full filled your legal obligation to follow their orders despite the illegality its now their problem they cannot find anything

Note...all social public stuff is searchable on google..tweets facebook postings etc..

CBP never needs a password they are searching with that password for other reasons than the ones they GIVE

You're right. I missed an important part of the comment I was replying to: you need to say something about "company policy" or "company lawyers", now you're playing in the both the social and technical realm.

Nothing justifies an honest person going to great lengths to do some weird thing quite like "company policy".

Nothing makes officers think twice like the mention of lawyers backed by Apple / Google levels of money.

This only works if you trust egress border crossing more than ingress. Otherwise you might as well not bring your laptop along in the first place as it'd be an encrypted deadweight.

As a casual traveller without multiple devices for different forms of travel, the idea of neutering 90% of my data temporarily actually appeals to me.

Not a great idea. You have no reason to believe deleted and cached copies aren’t lingering on you disk unprotected.

If you're THAT worried, then securely reformat disk and reinstall OS just before travel.

This action can be flagged as suspicious as well, triggering a deeper investigation into the traveler.

It's not always feasible, but the most secure way to protect clients'/employers' data is to encrypt the laptop and phone and ship to your destination via standard shipping services, then ship them back the same way before leaving for home. Carry a well used but non-critical burner laptop ($50 Chromebook off Craigslist) and/or phone ($20 Walmart smartphone) with you that won't wreck your world if it's confiscated and searched. If it is seized, take your receipt and go on about your business. When you get to your destination your actual devices will be waiting for you. You can safely forget about the burner devices.

Your advice to mail ahead your secure computer is not good. Mailed electronics are just as susceptible to search, if not more so, as what you keep with you.

I think the reality we have to grapple with, regardless of rights violated, is that if you want to cross a nation border, it's best to assume that all nations involved will end up with a copy of all the data (hopefully encrypted) you move across that border. In the face of that scenario, how do we proceed?

Unless you are under an active investigation, the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border.

Still, if you are paranoid enough you can mitigate the danger of your data falling into unsecured hands (at the border or by mail intercept) by using an encrypted shadow volume:


> the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border

Isn't "mailing a laptop" now counted as sending dangerous goods, due to the battery?[0]

If so, the chances of it being subject to interception and/or search might well be far higher than someone just carrying a laptop in hand luggage across an international border.

[0] https://www.dhl.com/en/express/shipping/shipping_advice/lith...

How do you think the manufacturer ships them, one by one, to the purchasers?

I've just had a look on my favourite parcel shipping site and found this wording in their terms:

> RESTRICTED ITEMS The following items are deemed unsuitable for shipment by our services, and are therefore restricted. Any of these items being sent may result in surcharges, delays or confiscation by authorities where appropriate. No damage cover is available with these items:

> [a long list of stuff, including laptops]

So, who here would be happy to ship their laptop internationally without damage cover?

It's much easier for a policeman to demand the password to decrypt data when he has you in custody at customs than when it is searched by the mailman.

You're confusing "not perfect" with "not good". There's an old saying: when outrunning a bear, you don't have to be the fastest guy, you just have to be faster than the slowest guy.

> It's much easier for a policeman to demand the password to decrypt data when he has you in custody at customs than when it is searched by the mailman.

is that really true? I would expect that they can just perform hardware tampering when you're not present when searching in mailed items, but given that customs might use racial profiling to target you at airport, you may be better off mailing the computer securely, such as using tamper-proof or tamper-evident stickers/bags.

Dragnet demanding your password at the border is something we know they do - there are loads of witnesses saying they were asked for passwords at borders. Dragnet hardware tampering of electronics in the mail is not something we know they do.

I've only seen two articles claiming evidence of physical tampering - like a hoax about Dell from 2005 [1] and Bloomberg's dodgy story about spy chips from last year [2] - neither of which seems truthy, and neither of which involved mail interdiction.

(Of course, it's widely suspected mailed hardware can be tampered with, but most of the claims/speculation I've read has been about targeted tampering, not dragnet)

[1] https://www.snopes.com/fact-check/keyboard-loggers/ [2] https://techcrunch.com/2018/10/04/bloomberg-spy-chip-murky-w...

>I would expect that they can just perform hardware tampering when you're not present

On what legal authority?

The border search exemption is about searching, not tampering.

The issue is more that border agents are taking advantage of a law written before the age of computers to use powers the founders probably never intended.

I seriously doubt that there's any legal basis to bug a computer just because it was shipped internationally.

So if the threat model is being asked for your password, not being present when the device crosses is a good mitigation.

(If you've done enough bad things they government is targeting you specifically, YMMV)

> Unless you are under an active investigation, the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border.

Inbound international mail is also subject to search by customs, that doesn't just happen to stuff the owner carries across the border.

Just send it like most other things in this situation are sent: in pieces.

> most secure way ... encrypt the laptop and phone and ship to your destination via standard shipping services

Absolutely not. Any time your hardware is physically out of your control is a time when someone could install a hardware keylogger or replace your ethernet card with one that exfiltrates data or whatever.

The most secure option is to travel with an encrypted hdd/phone on you with no way to decrypt them, and separately acquire the private key (e.g. via shipping a secure hardware token which is made to be tamper resistant to a trusted friend at your destination).

If the devices leave your control for more than a few minutes, consider the hardware compromised and never unlock them again.

Laptops simply are not made to be highly resistant to an attacker with physical access, whereas hardware keys are, so it's not a good idea to ship them.

If you do ship them, you'll have to do a physical examination for suspicious hardware at your destination, (as you presumably did when you first received them if you're that paranoid), and it's damn hard to find a good lab for that in some countries.

Your advice is good as a way that's secure for most people's threat models, but it is a far cry from being the most secure solution, and I'd argue it's much less secure than simply carrying them with you.

Carry a computer with encrypted data but don't use it; remove the hard drive to copy the data to another computer in order to decrypt the data with the separate key. Discard the old hard drive and old computer afterward.

Do not use a single key; require several keys that are with different people, combined only in the way that you know how. Ensure the people are present to notice if the police try to come in.

By paraphrasing my comment as you did, you avoided the point I was making. What I proposed is the easiest and most secure way for a normal traveler not already under suspicion to avoid losing/exposing potential client and employer data to a foreign government during a border confiscation. By no means is it 100% foolproof and I never claimed it was. As I said elsewhere in the thread, if you're already the subject of an investigation your mailed package will be intercepted, but that's an entirely different conversation.

In short, the scope of my comment was avoiding a border seizure during travel, not 100% securing your devices from being compromised, which is an impossible goal short of just not using any devices, period.

> This action can be flagged as suspicious as well, triggering a deeper investigation into the traveler.

More and more people are probably doing this so this is going to stop being suspicious.

>This action can be flagged as suspicious as well, triggering a deeper investigation into the traveler.

Whenever I travel internationally on business and need a laptop, I'm required by company policy to bring a laptop freshly wiped by IT instead of my normal laptop.

That's sensible. So is this becoming the norm?

Yes, that’s something we can do as HN readers, but good luck explaining that to the average lawyer or paralegal.

Instructing then how to power wash their chrome book and then simply login with their you okey again is achievable

Or just set up a rental service for overseas computing. Good thing about non-programmers is they don’t need three days to get 300 pieces of software installed and configured on a new machine.

If you are going to bother you might as well do something that will be effective.

Can't you just use a tool like 'shred' to securely delete the file(s) ?

The problem here is knowing where all the files are. Are you sure you could list all the places eg ms word stores cached copies of your document? And that you’d be able to overwrite the data from copies that have since been unlinked from the filesystem?

Encryption is a better solution, always. It’s easier to forget a passphrase and render the key useless, especially if you’re using a SSD where the controller has no obligation to actually overwrite a cell that you’re trying to shred.

My understanding is that shred hasn't been reliable for many years now due to smarter and less predictable firmware in modern storage devices. Basically, you can't trust that your SSD deleted the data it said it did, or that it writes data to the place you told it.

Even with spinning rust, a sector remap would keep the old data in the old spot

So far as I know, wiping free space is a feature that has been available for many years in free utility suites and even recovery software (CCleaner, etc). I believe it's also directly available in Windows' Disk Cleanup utility; on Linux you call just use dd to fill the disk. This isn't as secure as a multiple wipe, but it can also be done multiple times; on Linux you can alternately use tr or some such to tell dd to write ones instead of /dev/zero.

Wiping free space doesn’t wipe the original location of a remapped sector. AFAIK, nothing will short of low level format, which you can’t do these days.

I'm not sure if it's feature of all modern SSD or Samsung ones, but I know that those SSD use AES internally for all data (not for encryption specifically, but because they need random bits for better storage and encryption is just a bonus). User usually does not deal with it, as it's handled in firmware, but BIOS have the option to securely erase the disk which just generates new key instantly and then, obviously, it's not possible to recover any data from old sectors.

Discover that your password has ended up in a swap file one day and hasn't been overwritten, and chrome left you logged into Google drive. I wouldn't trust this approach not to fail by accident.

Let the computer you used for encryption and uploading at home.. Take an empty/new notebook/smartphone with you to show at the border?

edit: place a big random data file, which looks like encrypted data on your alibi notebook. Refuse to give password and let the government lab try to find the password..

> Let the computer you used for encryption and uploading at home.. Take an empty/new notebook/smartphone with you to show at the border?

This is certainly safer, though maybe not possible on the return trip (where you're returning from someplace where you only have access to your laptop). If you need to be this careful, maybe it's best to do your work after livebooting into tails or something like that.

> edit: place a big random data file, which looks like encrypted data on your alibi notebook. Refuse to give password and let the government lab try to find the password..

Funny, but unnecessarily risky if you ask me.

Am realizing that not so long ago, saying that entering a democratic nation was riskyer if, just a few seconds before customs, you had entered in a command line:

   head -c 1000000000 /dev/urandom | openssl enc -aes-256-cbc -a > risky.1Giga.file
would have been considered tin-foil-hatty, and now we're just getting use to it

I think someone was imprisoned in UK for refusal of giving password. Don't joke with government.

> don't care about disclosing anything on your devices.

I'm not sure this is good advice. I think it's almost certainly better to have an unblemished record of assertion than a mixed record of assertion and acquiescence. Surely the latter appears far more suspicious.

I don't know about the US, but here in The Netherlands the technical cops are aware of cold boot attack. As a lawyer crossing a border you should use a device with a secure enclave, and have the device off. Or better: don't cross the border with your device.

Wouldn't it just make more sense to keep all the data encrypted on a cloud service and not travel with any of the data physically? One step further would be to not travel with any devices at all, and just purchase something after crossing the border.

That’s the idea behind 1password’s travel mode. Ostensibly you could do that for an entire device, but the easier you make it for yourself, the easier it is to write legislation saying you have to undo what you did. (Depends on the various jurisdictional constitutionalities of that kind of provision, but still.)

Rather than an encrypted archive, would an encrypted, hidden partition not work better? Anything sensitive goes on there, have it unmounted and invisible, leave the rest of the system as is let 'em login and search what they see.

Full drive encryption and then using spideroak for cloud storage is a better and easier solution

Full disk encryption doesn't help if you share the password that decrypts the disk.

Unless that disk had a low-level factory wipe afterward, some amount of that data will still be on the disk somewhere, and law enforcement has all the tools needed to recover it.

7zip uses a vulnerable RNG. It was posted here a while ago.

Why not reemove the drive and replace it with something basic with a plain os installed? It's quite simple even with MacBooks.

Recent Macbook Pro's (I think all of the touchbar models) have the SSD soldered to the motherboard, so it's not simple to remove the hard drive.

Good reason not to buy then :)

Or use Veracrypt with AES25 and a 30+ character password. Good luck NSA trying to break that.

Methinks the NSA could break AES-25 just fine :)

It's easy to break your encryption. Trust me, if you live in a country that has crap laws, they will actually extract the password from you:


Edit I'm not saying it's a bad idea to encrypt your drives, just that it doesn't save you from someone determined..

This post is about western countries. The vast majority of western countries will not literally torture you to death, in order to get rando citizen's phone passwords.

Encryption works great for this usecase, that almost everyone in this thread will be using it for.

People being tortured for their personal phone password by a rando border guard in basically any country, just isn't something that happens, despite what the internet memes would lead you to believe.

Even in supposedly bad countries, I really doubt that this "attack vector" is something that happens frequently.

How long can you be detained? And under what conditions? More than a few hours will get the vast majority of people cooperating. I suspect they could detain you for 24 hours, or even several days, but I don't know what the legal limit is for detaining a citizen at the border of their own country.

And for quite a lot of other people, even not being personally detained, but having to acquire new devices is inconvenient enough to compel cooperation. Who wants to buy new devices? Who has a need for two sets? It'd only be a cost of business for someone who does a decent amount of traveling and has confidential information to protect.

But then, that's a trap too because why should people need a reason? Why are only people with business/legal confidential information a protected class?

> How long can you be detained? And under what conditions

The answer is not very long. I'd call "a couple days" to be not a big deal, and not at all equivalent to being tortured to death, like the person I was responding to was implying would happen.

So yes, encryption does work, and all that will happen to you is that you could be moderately inconvenienced.

But even that I would expect to be rare. Most border security would just look at your computer, or whatever, not find anything on it (because the thing you show them just looks like an empty computer), and move on their way.

The narrative that I was responding to was this idea that technology solutions can always be bypassed, by torture or something, therefore technology solutions are worthless. And that's just not true.

An extremely effective technology solutions to an incompetent border guard that is interrogating you is for all your devices to just appear like there isn't anything on them, like a new factory default computer that you just bought.

A guard will just look at that, not see anything, and then move on to the rest of his crappy job.

I gather it could be indefinite detention. Say 5 hour detention then they ask again. Then detention again. Repeat.

I think a couple days is good enough because people will miss holidays, work, plans etc. That's Western nations "torture" equivalent of a wrench

> . Say 5 hour detention then they ask again. Then detention again. Repeat.

Ok, and does this happen in real life?

The answer is no. It does not. In almost any western country in the world, the low paid border security guards are not detaining people in mass for days on end.

This stuff just isn't really happening to any large degree.

You can go to jail for years in the UK for refusing to disclose a password to law enforcement.[0]

[0] https://nakedsecurity.sophos.com/2018/09/04/how-refusing-to-...

And how often does that happen, in real life?

The answer is "not that often".

The example you gave was of someone who was suspected of murder.

The amount of people who are in the population of "people suspected of murder, and are jailed for not giving up their password", is a very small population size.

So as long as the government makes a pinky promise to never use their power elsewhere it's okay? Think at least a little about the future. They might be doing it now for a good cause, but how long is that going to last? There's nothing stopping them from jailing anybody who refuses to give up their password, because what's jailable is the act of not giving up your password.

> So as long as the government makes a pinky promise to never use their power elsewhere it's okay?

I never made any claims about what is or it is not OK.

The only claim that I am making is that this whole "XKCD wrench meme" is dumb, and that encryption actually works really well for the vast majority of people in the vast majority of usecases.

That's all. Encryption works, and you are not going to be tortured, or locked up forever, because you refused the order of a low paid border guard.

Such situations are extremely rare, and it is annoying that people keep bringing them up when they basically don't happen to anyone.

the parent isn't saying to encrypt your drives, they're saying to encrypt your data and store it separately from your computer - essentially treat any devices you're carrying across the border as compromised before you even reach the border.

If I'm understanding vbezhenar correctly, the implied step after uploading the encrypted file to a cloud storage service is to securely delete it from the computer you're carrying. Then, the authorities won't know that there is anything to beat out of you with their $5 wrench.

Yeah, but you still get beat with the $5 wrench. And if it was going to work in compelling you to give the password, it will still be pretty effective getting you to provide access to the cloud storage and the encryption password to it.

A couple of people would get beaten with the wrench the first few times it happened, but after a few weeks and a few high profile cases from Fortune 500 employees of "my CIO is the only one with the key", they'd move on to other targets or other methods.

How does the low paid border security drone even know you have a cloud storage account?

What country do you live in that has to worry about people being tortured to death on a frequent basis?

This stuff just doesn't happen often, despite what a silly XKCD comic would lead you to believe.

Encryption actually works pretty damn well, for basically all usecases that a normal person would come across.

The world is not a James Bond spy move.

You're not going to be tortured to death, but there are quite a few things that the government can do to make your life miserable.

The $5 wrench isn’t what most people have to worry about; it’s the 5-hour detention without charge.

5 hour detention is nothing - expensed vacation :)

Extraordinary rendition to the Guantanamo Bay is what concerns me.

Maybe also have some relatively uninteresting encrypted files which you can hand over in this situation?

I'm not saying any of this is likely. But, as the topic was raised, if they break you and you start talking, you will volunteer the information. They don't need to know before hand.

That said, the most practical scenario here is to keep your important files secured somewhere else, cloud or elsewhere, and when they ask you to unlock your phone or laptop you say "Sure!" Because there's nothing to find and you're compliant and helpful so they quickly let you go after a proforma search.

> The world is not a James Bond spy move.

Yeah, there is no James Bond outside the books and screen. But thermorectal cryptanalysis is out there and still beats most of cyphers with ease. And it's not letal!

But it will not work if you do not know the password. (It can also be time locked with false data; they don't know whether or not it is the real data.)

Or log into a guest account and let the dude search all he wants, lol.

If someone is travelling from country X through country Y with documents destined for country Z, and the government of X wants the documents to reach Z unobserved, this is the usual use-case for a government-of-X diplomatic pouch. (Or, if it’s the Z embassy sending to Z, a government-of-Z diplomatic pouch.)

I wonder if you could make the case here that the US government should be ensuring the functioning of its judicial system by issuing lawyers who leave the country a “loopback” diplomatic pouch—one issued by X, destined for X, protected during travels to all not-X.

(This could currently be achieved by X-gov issuing a pouch destined for X-embassy in transit country Y, which the traveller must visit to have their documents re-wrapped in a pouch from X-embassy back to X-gov. The change would just simplify things by making the visit to X-embassy unnecessary.)

Lawyers are not diplomats. A diplomat is an official representative of their country.

Broadly speaking, I agree with you, but, FYI, diplomatic status is not just for "diplomats." US government lawyers travel on diplomatic passports for official business (eg depositions in other countries). And all lawyers are "officers of the court" and can be, for example, forced to take random cases pro bono if some judge goes a little kooky and demands it. So it's not as far-fetched as it might sound to give all lawyers diplomatic passports for travel.

It is a non-goal of mine to solve this problem only for lawyer citizens of my country.

A solution is to just not cross borders with things you can't disclose.

There's more to it than potentially thrown out.

Could he be censured for failing to secure information about clients? IANAL, but I'm pretty sure that over-sharing about clients can be a poor career move.

And what if this had been a US lawyer, who was representing someone who'd received a US NSL? Would he have violated the NSL? Who would the US go after, him or Canada Border Services?

> Could he be censured for failing to secure information about clients?

If this were a US attorney at a US border, almost certainly not. ABA rules permit attorneys to disclose client information (among other reasons) "to comply with other law or a court order."

Even as far as a US attorney receiving orders from another country, or a blatantly illegal instruction within the US, they should be alright. The lawyer didn't actually disclose client information, they just lost control of it. The ABA only requires "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information" about clients. Offering up the password might not have been a reasonable effort, especially in the absence of consequences for refusing, but having the device imaged and cracked seems to clearly exceed reasonable efforts to prevent unauthorized access.

As for NSLs, what a mess. I'm not sure anyone can answer this for you. They already push the established bounds of compelled speech, so general precedent wouldn't be a trustworthy guide. And any NSL-specific precedent was almost certainly set in closed, confidential hearings, so the people only people familiar with it wouldn't be able to discuss it.

You will never be able to prove parallel construction happened.

who has the burden of proof though?

You do since the courts assume the parties behave honorably (I.e. they assume there is no parallel construction)

Sadly this is an incredibly cogent concept. We saw this with Lavabit and when courts accept patently false LE testimony.

The system works when corruption and deceit aren't present or tolerated - when they are the institutions become suspect.

I don’t have much problems with assuming parties are honorable. In fact I don’t know how a justice system would work otherwise.

My problem is that our prosecutors are often dishonorable!

There is corruption and deceit in every system, which is why we must demand total transparency, checks and balances on all of our institutions.

edit: wrote comment about Herring v. United States but this is a Canadian case.

This is about a Canadian case. There is no such thing as a precedent from an American court.

In theory, any ruling in any Common Law country could be cited as precedent in any other Common Law country.

As the US has the 4th amendment, most US search-and-seizure cases rest on it. If anyone were ever so bold as to argue a positive right to privacy for all humans--rather than the weaker but easier to prove prohibition against US governments committing privacy-violating acts--and the case was decided on it, that case could be used as precedent everywhere.

Judges are generally careful about not doing that, for obvious reasons. If a lawyer tried to make the case about a right to privacy, the judge might decide the outcome of the case base on that, but the opinion would certainly say that the litigant won or lost because of some other reason.

Statutory law is generally robust enough that judges can almost always decide based on it rather than on discovered law. So it's not that Canadian courts couldn't accept American precedent, it's just that American courts make special efforts to not set any Common Law precedent that a Canadian court can use. If it ever happens, it's likely to be in civil equity cases between two or more non-government parties.

Why do people feel a need to post laws and such which are not relevent to the discussion?

This is hosted on CBC (Canada broadcasting corp) and clearly this is about the "Canada Border Services Agency (CBSA)"

what does US laws have to do with this?

Sometimes when there is a lack of local jurisprudence, courts will look at other jurisdictions for guidance. But it’s more common for a colony to do that when the motherland has more case law.

In Canada technically it would be Whoever v. The Crown (Queen Elizabeth).

In British practice my understanding is that it would be A v. R.; the website of the Supreme Court has judgements the form R. v. A and A v. Her Majesty The Queen. Whence your usage?

If it can, sounds like a loophole to get a case you're working on thrown out. If it cannot, sounds like a convenient way to gain extra leverage.

And all it takes is to bribe an officer.

Even an attempt at Bribing a law enforcement officer is a felony.

Yet it happens all the time.

There are various linguistic constructions you can use for plausible deniability (e.g. "at home I can just pay a fee to get into a different priority group: do you have the same system here? I think I have enough cash to cover it.")

I actually once did pay a speeding ticket to an arresting officer (in Montana or Wyoming or one of the Dakotas IIRC -- it was decades ago) an it was very clear how the officer handled it that he was not pocketing the money (e.g. he held an envelope I placed the check into, I licked and sealed it, and his boy never came in contact with my check, though cash was also an option).

Maybe set up a VM on AWS and bring a new laptop over the border. Or leave your laptop at home and VM into it. Or ship your laptop to where ever you're staying and bring a burner phone over the border. Doesn't seem like a difficult problem to solve.

So because you personally can hide your private data, that makes this an acceptable form of security for 'everyone else'?

Pardon me while I humbly disagree.

Everything you just said is a massive inconvenience.

Why? I am literally working like that all day long and it is super easy to achieve. Maybe takes 15 minutes to setup everything.

As opposed to having your laptop seized for multiple weeks?

> Can this be used to get whatever case(es) he was defending thrown out

Along the same lines a case could be made for legal malpractice if it was reasonable for the attorney to know that there could be a search (and it is he is an attorney and the assumption is he is familiar with the law). It is similar to putting his phone unlocked in a car and the phone or the car is stolen. There is a reasonable expectation that the attorney will safeguard client materials (is what I would argue). (Paper files in the office and not giving the proper protection the same).

Bottom line is the fact that he is an attorney does not magically in itself also mean he doesn't have to take prudent steps to prevent the release of information (with regards to malpractice).

Unlike the stolen phone, in this case it would be the same entity that's stealing confidential data, and holding him responsible for the data getting stolen - the government.

Probably only if the seized information was provably "used" for something.

IANAL, but I think it might. Bot sure though.

>> Can this be used to get whatever case(es) he was defending thrown out because solicitor-client privilege was violated or parallel construction was used?

That isn't what this is about. Nobody is talking about what this is really about and it isn't anything to do with him being a lawyer. This guy (1) was traveling alone (2) to a distant (3) and poor (4) country without preexisting business ties (5). Those are all red flags for sex tourism.

I cannot say this strongly enough: I would never say this guy is a sex tourist, nor would boarder services. But they do run a program that targets people who meet certain criteria, criteria that this guy seems to have fallen into. Most famously, a bishop returning from Thailand had his laptop "randomly" searched by this program. (https://en.wikipedia.org/wiki/Raymond_Lahey) There have been other less-pubic successes too. The program is controversial but within the bounds of Canadian law.

So before everyone goes nuts about terrorism and attorney-client privilege, realize that this innocent person was caught up in a program that has nothing to do with those things. Canadians are polite, especially when dealing with sensitive matters. Canadian cops don't shout things from rooftops. Because of the nature of what they are looking for, boarder services isn't going to give any public explanations. They will hold the electronics for some time, as is their right, but they likely regret "randomly" selecting this particular person. In the future they will probably add "not a lawyer" to the criteria.

Guatemala is well known as a drug transport point. Plenty of the politicians there were caught being directly involved. Which, along with other contraband, accounts for the majority of the customs actual work and far more likely to be the concern with any traveller from there:



http://latinalista.com/columns/globalviews/venezuela-no-1-tr... (see the chart, plenty of flights stop in Guatemala).

Still, it's no excuse to search Canadian citizen's phones or laptops. Either find probable cause (ie, some actual evidence which indicates a crime besides abstract "red flags" about travelling which could apply to thousands of innocent people) and get a warrant or don't do it. Otherwise it's open for tons of abuse and unnecessary invasions of privacy.

Don't use american definitions of "probably cause". Canada is a different country and defines probably cause very differently. Canada has a different relationship with its boarders than America. The physical scale is are different. Sovereignty is different. Canada's "charter rights" are different than american "constitutional" rights. Canada placed greater trust in individual enforcement officers and, generally, doesn't play the legal dances that are common in the US in relation to searches. Canadian boarder services agents may have greater power than their US counterparts but they are still a billion times easier to deal with than that TSA. Ask canadians if they want to adopt US-style rules and plenty would say no on principal alone.

Notice that this guy is now free and able to tell his story. He wasn't detained in handcuffs for days. He wasn't transported to a remote jail for interrogation. He wasn't charged with some trumped-up excuse to hold him. He wasn't subjected to a body cavity search. He wasn't added to some terror list. There is no allegation of racism. They seem to have politely explained the situation and let him on his way. Canada does things differently.

[edited for clarity, for those who require simple literality].

Probable cause is a core part of the Canadian charter:

> 3) based on reasonable and probable grounds to believe that an offence has been committed and there is evidence to be found at the place to be search.


This is not some unique American concept. Otherwise I don't see what point you're trying to make...

Though Canada's constitution has this weird ability to suspend fundamental rights.


Yes, both countries have a concept of probable cause, but they have different definitions of what constitutes it—of which only a little is what is spelled out in the charter/amendment; most of the effective criteria come from case law.

In other words, just because this kind of profiling wouldn’t constitute probable cause in the US, doesn’t mean that it doesn’t constitute probable cause in Canada. (I’m not sure that it does constitute probable cause in Canada; I just don’t know for sure that it doesn’t.)

Canada does things differently.

As a Canadian, I would say “not really”. Plenty of examples of people’s rights being violated by Canadian officials. Those events don’t get the scrutiny that US events do, but they certainly happen.

And the Canadian courts are far more likely to say the infringement was acceptable, either in that court, or under an appeal if the government loses.

Which is terribly unfortunate, and makes me value my Canadian citizenship less and less.

I don't think he was specifically referring to the american or canadian or australian or <insert country X here> definition of probable cause, but rather the concept itself.

I don't know why you're trying to make a point about Canada vs US and how one is better than the other. Just because he's free to tell his story and wasn't prosecuted doesn't mean that the CBS is off the hook for seizing upon his electronic devices - without reason - and even threatening that they would be sent to a lab to be cracked.

I'm neither an American or Canadian citizen, but when I do travel to these countries I would expect that my privacy not be breached, especially not without reason and when I've already cooperated and consented to my bags and other personal items to be searched.

Now the next time you travel, and the CBS or US CBP decides to seize your devices, are you going to just surrender your devices, given that they've explained everything nicely and will let you go on your way?

> Canadian boarder services agents may have greater power than their US counterparts but they are still a billion times easier to deal with than that TSA

I think you mean US Customs and Border Protection, not the TSA.

What is wrong with sex tourism?

In most parts of the world, sex workers don't exactly have strong human rights protections. In a poor country, it's generally worse.

A relatively wealthy, privileged person going someplace poor for sex is probably doing it because it facilitates doing rather nasty things in a way that is comfortable for them. They don't need to be ugly about it. Someone else will be ugly about it on their behalf while making them feel great about spreading their money around.

This often means they are raping children or otherwise indulging sexual predilections too unseemly for sex workers in more well-heeled parts of the world.

So sex tourism is generally understood to be a polite term for exceedingly depraved behavior with a veneer of civility.

Are you saying that single men who travel to Thailand specifically to have easy access to prostitutes are often in it for the child sex and degrading sex acts? Isn't that like saying people that go to mosques are often terrorists? Sorry if I'm misinterpreting your comment, but as worded it sounds like you believe the majority of sex tourists are pedophiles. In my experience, having spent several years in Thailand, most of them are there to have lots of consensual sex with adult sex workers because there is no legal prostitution where they live. The notion that more than a fraction of a percent of them are kiddy fiddlers is pretty out there. I also disagree with your claim that the term sex tourism is used as a euphemism for sexual exploitation. I've never heard it used that way, at least. A sex tourist is someone who travels to a location for the express purpose of having sex with prostitutes.

This. Anyone who thinks they are targeting people visiting Amsterdam's red light district, or Nevada's bunny ranch, needs to read more. This is about people seeking underage sex in countries where it is more accessible than in Canada. Thailand, Vietnam, all of south america ... a single male with no family ties, returning alone from such countries should expect some attention at the Canadian boarder. They are looking for the pictures, the possession of which is a serious crime in Canada.


Not in my case. I'm for the decriminalization of sex work, among other things. I'm just against raping children and generally mistreating poor people because you think you can get away with it.

Keep it among genuinely consenting adults, and I don't care how many, what genders are involved, how you folks agree to get your freak on and yadda.

Just one easily findable prior comment by me:


Terrorism, children, drugs, or sex; all excuses used for attacking individual liberty. Let's get real here, stuff like this is about control, not about security, and certainly Nota about morality...

That's just how politicians package it so the people swallow the poison pill.

That said, I feel like people vastly overestimate the similarity of governments of the US and the UKs vassal states like Canada, and that false expectation is part of why people get outraged. Once one understands this the authoritarian approach of the "Commonwealth" nations things make much more sense.

I answered a question about what is so bad about sex tourism and also responded to accusations that being against child rape amounts to puritanism.

If you want to narrowly define Puritanism as against child rape, okay, I will proudly accept that label.

Beyond that, I think you are barking up the wrong tree. I'm not here to discuss politics. I have very little to do with politics. If you think explaining the term sex tourism is some sort of political agenda, agreeing with a particular policy, etc, you are reading in a whole boat load of stuff that isn't there.

I'm a private citizen, not a politician. I'm engaging in discussion on a forum. That's the extent of that.

The post is about politics though.

>I'm a private citizen, not a politician.

You mean citizens don't bear responsibility for politics? Does it mean that politics is disconnected from society?

Please don't post flamebait like this again. It's flamebait because it's both inflammatory and unsubstantive. It's like spending your last dollar to buy spoiled milk.



> Terrorism, children, drugs, or sex; all excuses used for attacking individual liberty.

You've provided no basis for this claim.

> Let's get real here, stuff like this is about control, not about security, and certainly Nota about morality...

You've provided no basis for this claim.

> That's just how politicians package it so the people swallow the poison pill.

I take this as an expression rather than a claim, but still it doesn't teach us anything.

You haven't tied your point about sovereignty to the topic of discussion, and when commenters don't do that we get taken off into generic tangents.

This is not about holding controversial opinions. It's about failing to meet the standards of discourse here, and meeting them is a rather mechanical thing which all commenters are capable of.



You're failing to meet the bar of discourse here in this thread. Please review the guidelines and start following them or we'll ban the account.

> Be kind. Don't be snarky. Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.


> A relatively wealthy, privileged person going someplace poor for sex is probably doing it because it facilitates doing rather nasty things in a way that is comfortable for them

Or simply because it's easier because prostitution is not (as) criminal and/or it's well organised (e.g. red light zones), and not forgetting it's likely to be much cheaper. To assume their choice of destination for something as nasty as raping children is quite a jump.

It's not an assumption. That's based on reading about the topic.

It may not be universally true, but the fact that it is fairly often true is why the term has such negative meaning for most people.

What kind of percentage are you talking about? "Fairly often" covers a, erm, multitude of sins.

I've gone back and reread my initial comment. It has plenty of qualifiers. I think it is adequately clear and stands on its own just fine, without further clarification.

I have no idea why you are nit picking this. I'm not going to discuss it further with you.

It was a sincere question. You say you've read up on this. I haven't, though I have lived in Thailand and travelled around the region, and from my personal experience (not as a consumer, but I don't need to be a smoker to have some idea (anecdotally) of the level of smoking around me) the vast majority of foreign men that were consumers were not involved in anything to do with children or any such thing.

Hence, I was interested in actual data. That's all. Enjoy the rest of your day.

You may think I mean straight up pedopholia involving elementary school aged children. That can happen certainly.

But a 17 year old is legally still a child in many jurisdictions. A lot of men in their twenties see nothing wrong with getting involved with a 17 year old.

If you are talking a dating situation, my views on that get a lot more complicated. If you are talking prostitution, a 17 year old sex worker is highly unlikely to be there by choice.

At that point, it is, in fact, child rape, even if you aren't comfortable with the terminology and wish nicer language were used to describe it.

I don't feel compelled to try make it sound nicer given how damaging it can be to the child in question.

Statutory rape doesn't have to be violent. The minor may even have nominally agreed. But the law says they can't actually meaningfully consent as a minor.

If they are a minor and a sex worker, they are likely being trafficked. That's where this gets really nasty. The guy paying for the service may be blissfully oblivious to just how much she is being pressured, has no real choice, etc.

I covered that in my original comment. That's a large part of why this is an ugly thing.

You (the general "you", not you in specific) hand wave away that she's 17 instead of 18 because it's only a few months and he may not have actually known her age etc.

It's a slippery slope that basically says if you can fudge on enough "little" details, it's totes fine to rape children. Traveling to a foreign country for your cheap sex is a very handy way to gloss over those details and pretend it was all above board and nice when it probably wasn't.

How about we avoid that slippery slope entirely, by using a very expansive definition lumps in sex with anyone under 21 as going in the 'depraved or otherwise a problem' category.

Now will you please consider giving some data or some kind of percentage or explain why you said "probably"?

No one is trying to claim this kind of horrible behavior doesn't exist. But I want to understand the scale of the problem. Trying to figure out if it's 10% or 90% is not nitpicking!

Thailand’s Health System Research Institute reports that children in prostitution make up 40% of prostitutes in Thailand. In Cambodia, it has been estimated that about a third of all prostitutes are under 18.


There are many readily available articles on the topic just a Google away if you really want to know more.

The reference on Wikipedia is from a report[1] by the "UNITED NATIONS INTERREGIONAL CRIME AND JUSTICE RESEARCH INSTITUTE", which is a "desk review" that cites and reviews other research. The quote Wikipedia uses is from a paragraph on page 18:

> Thailand’s Health System Research Institute reports that children in prostitution make up 40 percent of sex workers in Thailand.

I can't find this report even though I've been using the HSRI's own searchable database[2] and search engines (you'll need Google Translate unless you can read Thai). I did, however, see see numerous other reports reusing the same quote in the searches returned by an engine, so it's well used.

If we continue the same paragraph:

> At the other end of this debate many NGOs estimate the number of CSEC victims to be in the hundreds of thousands. Other reports estimate the number of child victims of prostitution to be at least 80,000 but likely to be in the hundreds of thousands (ECPAT International; The Protection Project, 2002: 539).

I can't find any Protection Project report about Thailand in their publications[3], nor do they include Thailand in their list of country reports[4]. I also cannot be sure that either of the reports[5][6] I found on ECPAT's site are the one cited. The larger one, which was published in 2011 (but is the 2nd edition so perhaps it is from 2002) does not include the figure. It does however have this:

> Prostitution is technically illegal in Thailand, but sexual services are sold openly with an estimated 60,000 children under age 18 involved in prostitution.15

This is note 15: > U.S. Department of State, 2009 Country Report on Human Rights Practice, Thailand. Accessed on 13 July 2010 from: http://www.state.gov/g/drl/rls/ hrrpt/2009/index.htm

This is the statement in the report[7]:

> In 2007 the government, university researchers, and NGOs estimated that there were as many as 60,000 prostitutes under age 18.

No note for that one, it's a dead end.

This doesn't mean the figure is wrong, of course, but it does support the idea that people should be able to question figures, and when challenged, claims should be backed up by something better that circular references, missing reports, and dead ends.

[0] https://web.archive.org/web/20070712223227if_/http://www.uni...

[2] http://kb.hsri.or.th/dspace/

[3] http://www.protectionproject.org/publications/

[4] http://www.protectionproject.org/country-reports/

[5] https://www.ecpat.org/wp-content/uploads/legacy/Factsheet_Th...

[6] https://www.ecpat.org/wp-content/uploads/legacy/a4a_v2_eap_t...

[7] http://www.state.gov/g/drl/rls/hrrpt/2009/index.htm

Edit: formatting, a little bit of javascript wouldn't go amiss for the comment boxes!

It's nice that you made the clear distinction with the general "you" but it'd be good if you worked a bit harder to cut out the other insinuations. For example:

> At that point, it is, in fact, child rape, even if you aren't comfortable with the terminology and wish nicer language were used to describe it.

- Where did I say or imply that it wasn't child rape? - Where did I say or imply I wasn't comfortable with that terminology? - Where did I say or imply I was wishing nicer language were used to describe it?

I'm not sure how you hope to have an adult discussion on a sensitive topic if you're going to insinuate that asking you a question is tantamount to defending child rape.

I for my part have tried to find out more from someone who says they know more. I'm reading the research from one of the Wikipedia references you gave and questioning some of my assumptions while trying to remain sceptical and clear headed enough to analyse it.

> I don't feel compelled to try make it sound nicer given how damaging it can be to the child in question.

I think it's unlikely that most people in this discussion are condoning or defending this behaviour (or maybe they are but they should still get a chance to give their point and be challenged). Since we know most people will say they're for the protection of children wouldn't it be better to take them at their word, play the numbers and realise the majority here will be the same, and, if not tone down the description, tone down the attitude?

It's Hacker News, not Twitter.

>If you are talking prostitution, a 17 year old sex worker is highly unlikely to be there by choice.

That's true for most workers of all ages.

The fact that some adult sex workers are also victims in no way makes child sex trafficking somehow more acceptable or justifiable to me.

From what I have read, even sex workers generally agree that most adult sex workers "made a choice" if they remain in the life and "it's different if they are underaged."

Among other things, I've read a few biographies by sex workers.

I would love to see sex work generally see an improved track record of human rights protections. In developed countries, child labor is generally deemed to be a bad thing, even when the work in question isn't inherently exploitative.

I stand by "raping children is a bad thing" and "underaged sex workers are victims of child rape."

"Sex tourism" is usually implied to mean sex with people who are either underage or somehow unwilling.

Travelling abroad as a tourist for sex, with willing and legal participants, is obviously fine.

Really? I think you know. I'm not going to spell it out.

Edit: fine. I guess some people here need the talk. This is about the phenomena of men traveling from rich countries to poor countries to engage in sex with children. Not this guy, but it does happen. These men often return with digital images stored on laptops and cellphones. Possession of such images is illegal in canada and so Canadian boarder services targets men who fit the profile of a potential "sex tourist". The term is a polite euphemism for a darker profile, not a literal reference to having sex while being a tourist.

That's not a useful reply. People travel to countries where prostitution is legal for that purpose, and so someone who doesn't necessarily know the extra connotations that phrase carries for you.

I for one did not immediately equate sex tourism with child slavery or pedophilia until I saw your sibling comment.

They may be referring to the legal aspect, that it does not mean they are a criminal. It is more of a rightly so frowned upon moral issue, but legally is usually okay.

Yikes. In case you're serious, it's the slavery, and children.

I think you’re thinking of sex trafficking. The John being a tourist is orthogonal to the prostitute being a victim of trafficking. Many sex tourists visit Germany, for example, where prostitution is a safe, unionized profession.

Yeah, I'm not talking about Germany. We're talking about why border patrol might investigate something.

Highly naive picture of germanys pragmatic situation - basically nobody is registered much less unionized and trafficking is everywhere.

It's still a dragnet. They're not SWATing a semiautomatic rifle up your nose - nobody's claiming they're not polite - but the fact remains.

Police generally have access to full-automatic machine guns. They’re not limited to the semi-automatic models sometimes available to civilians (e.g. in the US).

US cops. Canadian cops dont carry full auto often, and when they do it is never used. It goes against rcmp training. I cannot think of any canadian examples of cops using full auto.

Dragnets tend to catch more people. This is less than 1% of 1% of travelers. It is a very limited program.

> other less-pubic successes

Freudian slip right there if I've ever seen one

I have asked this question before, but never really got a satisfiable answer: why do governments (not just USA/canada) spend these resources to check data physically at a border?

It's not like you need to 'smuggle' any form of data physically.

I mean, any data considered to be dangerous (like terrorist attack plans, atomic bomb designs or political inside information) can be accessed across borders via the internet. You don't need to have those on any of your devices.

And even if you had the data on a laptop, how does border patrol even know what they are looking at?

There is actually a Canadian Border Patrol TV show you can watch, and they don't even try and hide that they do this. They very openly show when they check someones phone and laptop. I have seen it on the show, and they have shown them "catching" people. They'll usually use it to check if people are intending to stay and work in Canada, such as seeing in their texts or emails that they were arranging work and/or places to live.

They have shown this very thing on the show where they found on their device that they were making these arrangements. It seemed very invasive and disturbing. They got their password and were looking at their phone and laptop in a backroom. The traveller didn't even get to see what they are doing or anything.

I don't have anything to hide, but I would never feel comfortable with ANYONE having free reign over my unlocked devices, especially not a government border agent doing it behind closed doors.

Even if I agreed with customs officers rifling through my devices, I would only ever want them to have read-only access. Like, you'd hope they're not malicious, but can you really trust some in-a-hurry agent with little to no training in this area to not accidently wipe half your hard drive?

> I don't have anything to hide

that’s not for you to decide (unfortunately)

It's often just security theatre meant to please the law & order voter base more than anything else. They might catch some minor criminals but as you said, if you really want to "move" data across a border, there are plenty of ways to do so without physically carrying a device.

For some goals it can actually be useful, though I'm not sure if this is done during regular border checks or just in the context of asylum requests or similar: Accessing location histories, picture metadata or social media profiles on your device can be a fairly easy way to check that you're not giving them false information about where you're coming from or where you've been. This can be done automatically, so the officer doesn't need to figure out themself what they're looking at.

This might partially answer your question...

I had my laptop searched at the border once. It was my work laptop. They told me the same thing, if I didn't share the password they would confiscate my computer.

It felt wrong that they should be able to search my computer, but I also felt bullied because I was going to need my computer the next day if I wanted to work and I think most people, including my boss at the time, would not see a problem with the search, so I let them search.

All they did was open up Windows Explorer and do a search for *.jpg. Then she looked up at me and said, "What kind of images am I going to find on your computer today?"

I don't remember what I said, but basically it took about 30 minutes for Windows to display all the results. She looked through them all and then I was free to go. I got the impression that they were looking for child pornography, but I don't know that for sure.

Either way, it was a pretty innocuous search, but this was also about 10 years ago. From what I understand, they now pull all the files off your computer and index the contents. They likely have a list of keywords that it searches against immediately and then it's indexed for when they add more keywords later.

When I was working for $Big$Corp, I was explicitly instructed to 1) always shut down the devices with full-disk encryption 2) never give up passwords 3) surrender devices without opposition or bargaining (cooperate) and 4) call company lawyers as soon as possible

Never have faced any search, but interesting stance there.

>it was a pretty innocuous search

You and I disagree wholeheartedly there, that's an extremely invasive search.

In particular, a perfectly reasonable answer to the question "what am I going to find on this computer?" might be "Naked pictures of me/my spouse" if it's a non-work laptop.

It's extremely invasive for some random civil servant to execute an unexpected search on a device that most reasonable people assume is private.

As far as searching my work laptop, it was not harmful or offensive to me. It was strictly used for work purposes and there was truly nothing on the computer that they could do any harm with (to me or the company).

That said, under nearly any other context, I agree that it would be harmful and offensive.

Why do you think they did this kind of invasive search? It's very weird to me that border patrol would randomly search all the images on someone's computer. This doesn't even seem like an efficient way to catch criminals. Power trip?

No joke, I was sent to secondary search because I was holding a piece of cake in a go box from my lunch that I hadn't eaten and I didn't declare the piece of cake (technically, they are correct, I should have declared the slice of cake). Once you go to secondary search, they search all your stuff, including your computer. They didn't search the cake for some reason though.

Maybe just "a randomized search". Sounds very inefficient.

I think they are just looking for crimes like drug mules, people coming to work with tourist visa etc. Everyone here talks about nuclear plans but I doubt.. probably bully too but against simple minded criminals it can work. Texts of arranging work or when is the package going to arrive etc.

Right, but parent comment said they just searched all images (or jpgs). Hard to think of any motivation beyond finding child pornography, no? But that doesn't seem like something you'd reasonably become suspicious of during a short interaction.

>Power trip?

It saddens me that we think of federal governments as benign protectors of our rights. The States did not need and did not want a federal government. We feared they couldn't protect our interests. We had to be persuaded through the Bill of Rights to accept their "protection." The feds have some idealistic people within their organizations, but their stance is to utilize state-level resources for their own needs, such as international warfare wealth accumulation. This includes domination of individuals. We have only our states and the Bill of Rights to protects us from the feds.

Computers represent a very real threat to federal power. People could use them to rise up against federal governments and make their lives very uncomfortable, which is to say, much like our own. These dreams of small groups contacting one another and creating world peace beginning through networked communication were made explicit in the 90s and early 2000s. The maintain its dominion, international governments from around the world simply have to assert themselves in every aspect of our lives. With state protections, one of the key places feds can insert themselves is at borders, where reaching out to people from other nation-states happens.

Efficiency is for little people, like you and me. Federal governments print the paychecks for the border patrol, tax they money the pay them, then tax the people the border patrol buys all their worldly possessions. They care about efficiency less than google cares about disk space. I know I sound like a paranoid libertarian here, but I'm actually only a slightly-light-of-center person trying to bring a little reality and clarity to the situation. We are essentially pets.

You've got some interesting points here, but it definitely reads more like conspiratorial thinking. What realistic difference is there between "The States" and the federal government? In the end you're still going to have a government enforcing these things, unless you depart radically from our current societal structure.

It sounds like you're just skeptical of a powerful centralized state, and it's coming out through the lens of historical American federation/republicanism. That isn't wrong, but it's as much a history of competing factions as it is an strong intellectual basis.

You're not the only one skeptical of a powerful, centralized state. Try reading Kropotkin or Luxemburg. You might find the ideas resonate with you. Those authors have a coherent ideological basis, and suggest paths to decentralized democracy that has been realized in various forms in recent history, but is radically different to the current American government.

> What realistic difference is there between "The States" and the federal government?

It's huge! The power to drive international trade and warfare, for starters! Also, the ability to create laws that don't reflect people in your area/community.

Also wrt this thread, states don't (generally) enforce searches at their borders, because states aren't fighting for domination with nation-states. States are only trying to control their geographic area.

Thank you for the references, I'll check them out.

So basically, if I ever travel to the US or Canada, I should wipe my device first and then have about 20000 copies of gotse.jpg (but each with a unique name) on the device to force the agent to look at each picture.

This exact thing happened to my brother once. They took his laptop and did Windows Explorer searches for image extensions as well as the words "boy" and "girl", so your (and his) hunch that they were searching for child porn is probably correct. This was maybe 5 years ago.

Did they look for any other file extensions or was that literally it?

That was literally it. I was standing there. They only searched for images. Again, this was about 10 years ago though. From what I understand, they now pull everything for future analysis.

Sounds like it might be fun to load one's devices with infinite zips labelled with tempting filenames, like "red light district itinerary.zip". https://research.swtch.com/zip

It's basically be because the natural tendency of government is acquire and centralize as much power as possible. Now some forms of government take longer but without constant review and concern by citizens in a democracy it will gradually move towards a despotic regime. In some countries like China it has already happened because individual freedom isn't that valuable to the general citizenry, in the USA and Europe it is moving in that direction. Citizens need to become more active and vote for parties that advocate for more freedom rather than less.

I have been asking this question myself. To a technologically nerdy person like myself it makes absolutely no sense. There is no reason whatsoever to physically transfer any dangerous or delicate information across a border. Anyone actually with the possession of such information would obviously never bring any of it near the border control.

However, I think the answer is that I'm way too optimistic. There must be lots of people who voluntarily do carry incriminating information with them across borders because they either don't care or they're just stupid. Others have mentioned emails or text about a job when you're not travelling with a work visa.

If this is true then I think border control is also just being merely pragmatic.

With a bit of questioning and informal profiling they can spot people whose story doesn't ring true: next they just need a way to figure out what's false with that one particular person. A success rate of 38% for electronics searches was quoted: that is very high and certainly makes mobile/laptop search to the top of the list of what to look at when you bring the traveller in and start investigating. I think they'd do it even for a 10% success rate: checking a few emails and messages is fast and apparently a low-hanging fruit.

That's pretty much what I would do if my job was to figure out what's wrong with a person's story.

It's akin to starting debugging by enabling asserts and running the binary in a debugger to catch any obvious issues live with a stacktrace, or something similar. Won't help with most of the trickier bugs but sometimes it points right at the culprit and it's a cheap test to run.

They wouldn't find the folder containing your blueprints for that bomb but they'll see you'll be meeting some people next week in a place that is very, very far from where you said you'd be vacationing.

I would guess part of the reason is because they aren't rational - they are upset that things changed and interfered with their snooping even though it has been irrelevant since radio and code books have existed. If I say "Aunt Bertha had a baby." without context you have no idea if I am being literal or signaling something sinister.

A far harsher and less charitable theory is that border control is where paranoids, xenophobes, and authoritarians accumulate and the point is control and punishing "the other" instead of actual effectiveness.

They probably just want to take advantage of old laws and/or not precise enough that allows them to search everything (according to their interpretation, including virtual things) on anybody -- without even any probable cause.

Most government can't do that (in theory...) when you are a citizen or maybe even just a resident, except when you cross the border. So if they want to watch you politically, they do that (at least) at the border.

The 38% true positive rate makes me think that either border customs violations are incredibly broad and common, or there is some kind of parallel construction happening here where they have a good idea of what they hope to find when they seize these devices from extralegal sources.

Edit: given the source, the 38% could also be inflated (perhaps by not counting certain false positives) since it comes from the department looking to justify their work.

Because things like SMS history and call history are far more valuable. They can download your entire SMS, call and contacts list, get the text from that, and then create a social graph based on who you know and who you are in contact with. Then it becomes very easy to trace people and who they are affiliated with. Plus going through SMS history is a great way to find reasons to throw someone in jail. My friend coming from Canada to the US was denied entry for 10 years even though she lived in the US most of her life because of jokes she had in her texts about marrying her ex-boyfriend for a green card. It's very real and it happens.

If you arrive at the US border and you say you're coming into the country for a short vacation and your text messages/email is full of conversations about employment in Seattle and your browser history is full of apartments for rent in Seattle, then they use that information to deny your entry into the country. It's mostly looking for "story checks out" kinda stuff like that.

There's TV shows that follow border agents for various countries during their day-to-day work.

I was coming here to ask this exact question. There's no reason it makes sense to search electronic records at a border crossing. As you point out, the point of the search is to control customs and ensure there's no smuggling going on. But electronic records are not smuggled physically. There is zero reason to do so.

So the actual reason customs agencies perform these searches is that they are allowed to do so because of the way the laws are written and precedent is set.

>It's not like you need to 'smuggle' any form of data physically.

The data may be a by-product of using the device. I suspect they are primarly looking for communications data that is bound to be on every device that is actively used to communicate.

The more end-to-end encryption is used the more interesting the ends become.

>And even if you had the data on a laptop, how does border patrol even know what they are looking at?

Maybe they just copy everything for later analysis in case communications data hints at this being a person of interest.

>The more end-to-end encryption is used the more interesting the ends become.

That is such a great line that encompasses about why more and more the ends of the end-to-end encryption are being attacked.

> It's not like you need to 'smuggle' any form of data physically.

Because most people don't have the technical know how, or desire to spend the effort to ensure that the data they _are_ bringing across the border is safe to disclose.

Even elsewhere in the comments here is a long debate about the "safe" way to deliver data across borders, some of which are actually terrible ideas.

Yes, theoretically, people could avoid bringing any sensitive data physically across the border, but most do anyways and I bet you do too.

>some of which are actually terrible ideas

Which ones?

Assuming the goal is "Get through security without losing your laptop or your data" I would say the following are terrible ideas:

"Prank them with an undecryptable random file" https://news.ycombinator.com/item?id=19834934 and "prank them with 20,000 goatse images" https://news.ycombinator.com/item?id=19837896 as they can get you back by seizing your electronics. Of course, those sound like jokes not serious suggestions.

"Have it remotely locked by an administrator" https://news.ycombinator.com/item?id=19835097 as they won't understand that technical mumbo-jumbo and will just seize the laptop.

"Have a hidden dual-boot system" https://news.ycombinator.com/item?id=19836135 as if they take a disk image and spot it, they'll be particularly suspicious of you.

Some posters also think "Send your encrypted laptop by mail" https://news.ycombinator.com/item?id=19835019 is not good advice.

Because they don't have enough evidence for a warrant and it's an easy way to get data

Canada is successful 38% of the time when checking electronics. Common scenarios are seeing text messages showing someone has accepted a new job and will be working while on a visa waiver/tourist stay, or planning to get married while on a work visa.

However, in this case, they're checking the electronics of a Canadian citizen who has every right to be in the country.

But they don't stop people coming into the country or seizing their property. They are temporarily withholding the devices and copy the data. That's why you use full disk encryption - is they want to copy and store pseudo random data, let them.

I think the goal is to get people who have incriminating evidence on their phone, however unlikely that might be for sensitive information.

1) Security theater

2) The people who make these decisions (politicians) don't really understand how any of this works (aka luddites)

> Officers uncovered a customs-related offence during 38 per cent of those searches, said the agency.

I really want to understand what kind of digital data is considered a customs-related offence.

I'm more surprised at the 38% true positive rate. If you consider false positives, it would mean that they are shockingly good at profiling and most criminals are dumb enough to leave obvious evidence on their phone, or an overwhelming majority of people have committed a "customs-related offence" so that you could pick anyone and they would be guilty.

I would think most offenses are for improper entry, visa, etc. If you were entering to work on a tourism visa I think it would be very easy to find proof in a simple email, text or document.

The issue here is that if most people aren't intending on staying illegally, you need to be really accurate, otherwise all the false positives are going to drown out your true positives.


Plus it isn't hard to pick out people crossing consistently for work.

I mean what counts as work and where it occurs are becoming very difficult to manage? What happens if you have to do work while on a real holiday, should you be deported for this? Is it valid to allow these searches for these sort of offences, it seems like at some point everyone will be guilty of doing these things.

I wonder this myself. There is a difference between traveling for the purposes of work, and working while traveling. I have a 100% remote position. I normally do my work in the US. I've considered flying to Europe for a few weeks, where due to time zone differences I could do touristy stuff during the day and then work my US 9-5 shift in the EU evening. This would allow me to travel but to not take vacation time. Would this require a work visa?

Generally speaking, there isn't a difference between traveling for the purpose of work and working while traveling for other reasons. If you are physically in one country while performing work it is considered working in that country and requires appropriate permission. Many countries do have a business visitor category that allows for some form of work (attending meetings, and the like, things that wouldn't be stealing the job of a resident).

I actually learned this the hard way, I was in your shoes, 100% remote job, for a US company, US clients, and went to Europe and thought I might work while traveling. I was detained at the border, interviewed, and very nearly denied entry. I was let after a couple fairly lengthy interviews (I was detained for about 16hours) and proving I had funds to support myself without working. I was given a "visitor record" and a firm exit by date, not sure what all the record entails but I get questioned every time I enter now.

Anyway, point being, legally speaking what generally matters is where you are located when performing the work, and that's really the only way that makes sense to judge where the work takes place.

With all that said, in reality being caught is extremely unlikely and plenty of people get away with it and I don't think there are many countries actively trying to crack down on that sort of short term work while being a tourist. If you want to be above the board though, unless your work counts as what a business visitor can do, you would need a visa to perform any work. There is generally no distinction between traveling for the purpose of working, and working while traveling for other reasons.

I'm not a lawyer though but I've spent a fair bit of time actually looking at the restrictions on the tourism and business visitor visas to stay legal while traveling long-term and working remotely.

I’m not a lawyer, but tend to travel a lot and had lots of conversations with border agents as a result :) My impression is that it’s primarily a question of payment - if you travel to say Belgium to get paid by a Belgian company, then it’s work. If you’re there and your work is not really related to Belgium in any way, you are on a salary paid by a US company, then your purpose isn’t really work. The shades of gray start when your employer is being paid by the local company for your work. Many countries will allow you to attend meetings for a week or two, run demos, provide some on-site support, but staying for six months and working on site likely require a business visa.

FWIW, I did this for 2.5 years while dating my now wife. As long as i had proof that I would only be in the country for less then 90 days and always told them I was working for an American company and that my American company was consulting for American clients, they were ok with it. Traveling with a recent bank statement also helped to show i had enough funds to cover my stay even if I was on "vacation"

I basically had my mornings free every day until I ate lunch then i would sit down and start work for the day.

Or they are lying with statistics (i.e. using the smallest excuse to justify inclusion as a positive).

it would mean that they are shockingly good at profiling and most criminals are dumb enough to leave obvious evidence on their phone

Your use of the word obvious is not well supported by your argument. Do you have an unstated premise that Border Services only detect "obvious" offenses?

That's precision, not true positive rate.

There are cases at the Canadian border in which the investigators search for "boy" or "girl" using the Windows search tools to see if there is child pornography on your device. In other circumstances, they uncover hentai[0] showing characters that appear to be underage - and bringing that into Canada is illegal (in fact, much like Australia and New Zealand, any sexual depiction of fictional minors is illegal, and that can include stories or other text). There are anecdotal and well-documented cases for the latter[1]. One Reddit user claimed that the investigators at the border found browser-cached thumbnails of such material (since it used to be permitted on Redddit) and he was jailed for a day or something like that.

Not to suggest that all of the 38% count for that, but with the popularity of drawn pornography I'd wager it makes up a sizable chunk.

[0] Hentai refers to anime-style drawings of fictional characters.

[1] https://www.google.com/search?client=firefox-b-d&q=canadian+...

Is there an exception for religious texts? There are Is more than one common religions whose holy texts depict sexual activity with minors.

Also, if I have a copy of Nabokov “Lolita” on my kindle, will I get in trouble? Stephen King’s It? An apt pupil?

“Also, if I have a copy of Nabokov “Lolita” “

Enforcement is selective.

It's sickening to think that, despite the ban in Canada, countless innocent anime girls are being abused in Japan every day - many of them children! The UN should apply pressure to get Japan to stop this vile abuse, and import of cartoons into Japan should be banned, as their safety cannot be guaranteed there.

Fictional child pornography does not directly harm children, but it is likely that it does so indirectly by creating demand for actual CP. To me, it seems totally reasonable to make all sexualized depictions of children illegal for this reason.

That's one way to look at it. But there's evidence that access to porn reduces the amount of rape [1]. In light of that, it seems reasonable to ask - how many children are we willing to allow to be raped, to protect our precious anime girls?

[1] https://www.psychologytoday.com/us/blog/all-about-sex/201601...

>but it is likely that it does so indirectly by creating demand for actual CP

Until there is evidence of that, it seems strange to say that's a conclusion at all, or that it's likely. In fact, Patrick Galbraith's work on how users of fictional CP actually interact with their materials suggests exactly the opposite: they have developed a form of sexuality for the representations themselves - the more fictional, the more real to them. To add to that, the research I've read shows that pornography is not associated with increased rates of sexual assault or rape. If the link isn't even there for regular porn, what would make you say it's "likely" there for cartoon representations?

Furthermore, do we apply this standard elsewhere in society? If there were no research on the link between video games and violence, would you conclude that it is "likely" it indirectly creates a demand for videos of real violence? Is the fact that someone might be spurred on to do a different act sufficient to illegalize the original act which spurred them? I would say not, unless we were to illegalize drugs (for example) because those who partake are likely to be violent? Should we prosecute cannabis users because they create demand for drug cartel products which finance murder? Apple users because they create demand for the appalling treatment of Chinese workers?

Most researchers on the philosophy of law in this area (e.g Suzanne Ost) while obviously opposed to actual child pornography find no philosophical basis in the harm principle to illegalize fictional representations. As such, it's not reasonable at all. You need to justify why you think it's "likely" and just what that standard means. If it cannot be justified, then we may say that any likelihood is sufficient to illegalize any material, but I doubt that's a conclusion you'd want to follow to its extreme.

Finally there's the issue of penalties - isn't punishing someone for something they might do (access real CP) unjust? This seems shockingly close to the notion of pre-crime. To avoid that, you'd want to look more at punishing the creators of the material rather than those who have consumed it and harmed nobody (other than themselves perhaps).

If there is no cultural understanding of the real people themselves, how they read the text and how they interpret it, any law is based merely on speculation and I must stand firmly against such speculative laws.

Perhaps what you suggest is true. I don't pretend that I have done tons of research on this; I only say that it is not inconceivable to me that fictional CP increases demand for real CP.

> do we apply this standard elsewhere in society?

If there is a demonstrable link between them, sure. The same way real CP is illegal because it creates demand, which causes more CP to be made. Remember, owning CP does not directly harm anyone.

> If there were no research on the link between video games and violence, would you conclude that it is "likely" it indirectly creates a demand for videos of real violence?

No, because video games and videos are completely different things. People who play violent video games don't do it because they like watching violence, they do it because they like playing video games.

> isn't punishing someone for something they might do (access real CP) unjust?

They're not being punished for something they might do, but that they did do. If fictional CP is illegal and someone is in possession of it, then they've committed a crime.

> The same way real CP is illegal because it creates demand, which causes more CP to be made. Remember, owning CP does not directly harm anyone.

The possession of real CP in most places isn't illegal because it creates demand, but because in order for its creation it required the actual abuse of children, and it's a violation of their privacy. Arguments against possession nowadays rely on two factors: the risk of harm (which is frequently not justified) and the violation of privacy. The second is a direct harm. CP is more often than not accessed for free in ways where the original uploaders have no way of knowing how many people consume the material - in the same way that Usenet posts circulate, and in an even more opaque way to BitTorrent. You can't see how many seeders you have on CP sharing sites. Paying for it is dangerous, so most consumers tend to coast on what they can find for free.

>No, because video games and videos are completely different things. People who play violent video games don't do it because they like watching violence, they do it because they like playing video games.

They are different, but the argument could also be made that comic books (in which lolicon hentai is most often published) are different to videos, and Japanese visual novels (which are branded and appreciated as games in their own right) which contain virtual CP are different to videos too. Yet we also would suppose that most people who play violent video games select violent video games for a reason over other non-violent games. The violence is an allure just as much as playing the video game is. For what reason, I don't know - perhaps to experience the limitless world of the imagination, or a break from life. Either way, people who read underage hentai don't do it because they like the idea of children being abuse, they do it because they can find a way to engage their erotic desires in a fictional world - but again, they must also have some reason to select lolicon over other content, and that's accounted for in the history of the status of women in Japan and the concept of moe. We can abstract away from video games and violence too; what do you think about movies that show violence, comic books that show disgusting levels of violence and pain, anime that shows violence...

>They're not being punished for something they might do, but that they did do.

Then the law is unjust - we would be punishing a victimless crime if we outlaw possession of things which cause no harm. Evidently the crime itself can't be located in the mere fact of the violation, since presumably it's a crime for other reasons. If it's a crime because "the viewer might do x, y, z" then it's punishing someone for something they might do through the creation of a law which punishes something they did do. It's simply adding another layer of explanation and indirection to the process, it doesn't automatically add any more justification. That's how the concept of pre-crime works, the pre-crime itself is made into a crime that can be prosecuted. I'm not suggesting that due process is being abandoned here, I'm saying that the rules in deciding what should and shouldn't be crime are being abandoned in favor of speculation.

> I only say that it is not inconceivable to me that fictional CP increases demand for real CP.

On the same token with the same amount of conviction (i.e none) I can say that it's not inconceivable that fictional CP lowers (or doesn't affect) demand for real CP. Now I don't really believe that's true, but I have as much reason to believe that as you do to believe the opposite. Perhaps posting on HN increases the demand for brutal startup founders who abuse their employees.

> To me, it seems totally reasonable to make all sexualized depictions of children illegal for this reason.

Among a huge number of intractable problems with fictional works, this also would make it illegal for many abuse victims to talk about what happened to them.

I disagree. Texts and fictional drawings should not be made illegal, regardless of their content. (I am not so sure that even actual child pornography should be illegal, although maybe it should be illegal to buy and sell actual child pornography, and also illegal to take photographs of them without their permission (even if it isn't for money).)

Doesn’t that make Season 1 of Californication illegal since David Duchovny’s character has sex with a portrayed 16 year old girl (with full frontal nudity)?

The representation has to be pornographic; I should have clarified. That said, "borderline" pornography, including a "chibi" (characters drawn with no definition or detail, no genitalia visible) parody of a famous Japanese print, were prosecuted in Canada[0]. If I could I would link the image in question if you wanted to see just how ridiculous this prosecution was.

[0] https://www.cbr.com/canadian-court-drops-criminal-charges-in...

> any sexual depiction of fictional minors is illegal, and that can include stories or other text

So the bible and the quran cannot be imported legally into these countries?

OK so that search is NSFW

There’s a reality tv show that follows the Canadian border patrol, in the couple episodes I’ve seen the agents have found emails about the person crossing actually going for work when they say for tourism or visiting family.

I watch that show too much and it seems there is nothing they can't search or if they can't get access to they'll confiscate and send the device to some lab in Ottawa. If the intent of the show is to portray them as *ssholes then mission accomplished.

US Customs has the same power, within 100 miles of all borders. It's rarely used, but this means they have nearly unlimited search abilities over about 65% of the population.


I mean, to be honest, that's probably illegal, but I have never liked trading freedom for security.

People love trading other people's freedom for security. Especially if it has to do with immigration.

Yep - that is why many love profiling - security theater that doesn't even inconvenience them because they are the "right people". Plus it focuses on "the bad people".

Even though it has a trivial workaround of not looking the part. The Lod Airport Massacre "terrorism swap" with Japanese Red Army Terrorists and Popular Front for the Liberation of Palestine-External Operations in 1972 shows just how useless it is as a measure.

I'm not sure why you're being downvoted, it seems entirely correct, given the prevailing political climate.

And unfortunately this is often how they get away with doing stuff like this. People scream "my privacy!", government replies "but illegal immigrants?!?!", and people are like "ah all good then, I've got nothing to hide!".

It's just so dumb, and I've heard a lot of older people especially who will say the common "Why is it a problem if you've got nothing to hide?". I think some people fail to understand the kind of data people can have stored, and how much of some people's lives are part of their digital devices. I'm sure they wouldn't want police coming into their house and searching it.

Immigration : the government's favorite scape goat.

Let's be clear, it's not just the government but a large chunk of media and voters using immigrants as a scapegoat.

As much as they may like to, I've yet to have armed agents of CNN et al demand to search my electronics.

I watch that show as well. But I don't remember if they simply asked the person if they could search or demanded that they be able to search. Anyone who watches reality tv (for example 'Live PD') knows there are many cases where the police officer simply gains consent from the suspect for a search without any particular legal reason or right to do so. Now if they suspect they can (from watching) bring in a canine and if the canine smells something they then have probable cause (I believe) w/o getting a warrant (this is from memory and not a legal opinion that I have researched).

>Now if they suspect they can (from watching) bring in a canine and if the canine smells something they then have probable cause (I believe) w/o getting a warrant

They can't extend the traffic stop to bring in the dogs unless they have reasonable suspicion. https://en.wikipedia.org/wiki/Rodriguez_v._United_States

>I really want to understand what kind of digital data is considered a customs-related offence.

Photo of someone smoking a joint in a legally (at the state level) operated dispensary. A pirated MP3 or video file.

There's all sorts of minor "customs violations" that would come into view looking through a device that frankly, aren't serious enough to warrant the violation of privacy.

> A pirated MP3 or video file

In the first place, piracy is not illegal in Canada. Provisions surrounding copyright violations fall under bill C11, and that's a civil juncture, not a criminal one. So CBSA agents wouldn't be looking for that in the first place, nor would they have any grounds to do anything about it, since they aren't the rightsholders.

And even if they did, they have an interesting burden of proof in proving a given file was obtained via piracy. And what would they do? Detain you indefinitely because they want to "have a discussion" about some pirated Katy Perry song? I would agree that photos of doing drugs could be met with refusal at the border, but be reasonable.

They are looking for what is called "objectionable material". I don't know about Canada but in Australia it would be importing porn, any CP-like looking things (say porn with young Asian females that look like children and they have no means to check their age) and so on. I don't know full definition but basically they can add and remove stuff to this "objectionably material" list. Possessing data listed there is a crime. Recently, in New Zealand the shooter video go onto that list.

Cardinal Richelieu only needed six lines. Imagine what he could do with 500 GB.

"what kind of digital data is considered a customs-related offence"

It's not the data, it's what the data reveals.

Like an SMS with 'I put $100K in your panama account'.

Obviously a bad example but you get the idea.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact