Hacker News new | past | comments | ask | show | jobs | submit login

Attempting to deceive CBP through hidden volumes and the like is not recommended.

https://www.eff.org/wp/digital-privacy-us-border-2017






It's worse than that in some cases. I used to work for a big 4 consulting firm and they had some horror stories about border device searches.

The company policy for travel outside the EU was simple... Your own laptop would go into a server room and become a remote desktop host, you'd be given a blank laptop. When you got to your destination safely you'd call up IT who'd tell you where to download the VPN software and provide you login details. If asked why you laptop was blank by border agents you were instructed to give them a copy of the company IT policy.

Which is all well and good border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop. It happened on multiple occasions in several countries and in most cases the employee was deported after refusing to comply.


It might've been better to respond with the fact that you had only just received that laptop from the company, which was the truth.

A new clean laptop is in itself suspicious, especially if you are on a business trip.

I think the expensive legal brains the company employs decided it is better to simply admit that they do it this way to stop border inspections. Better a deportation of a single employee rather than risk compromising their IT systems and data.


> border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop

empty laptop or no, that brings up a general issue - border agent asks you to VPN into your corp network and to give them access into it (which beside a slew of corporate policies may also violate a bunch of laws like GDPR, HIPAA, SOX, EPA Clean Water and PCI compliance, etc - IANAL, so who knows what laws can be violated, all those corporate compliance and business conducts emails are so scary). Me being a little guy doing as i told/ordered to by the ones with authority, I'd just call corp IT security, some bozo high up the chain, and let them do their job - sort it out and make the decision. Sucks though for small companies without that fat and important corp IT security and all those C[compliance|information|customer privacy|security|sustainability|etc.]Os around.


The solution could be for the company to give the VPN password to the employee by phone some time after they arrive at the destination. Then the employee literally has no way to access the VPN when detained.

Then the employee may be subject to indefinite detention? That would be an absolutely unthinkably bad policy.

Why did the big 4 consulting firm think that it was so important to hide the laptop data from the government during the border search?

Many companies have policies, especially when visiting China, to send in users with blank devices and wipe the devices on return.

The big 4 consulting firms aren't single entities. Each country has its own independent branch that shares a global brand, set if principles and objectives.

The Irish branch has to comply with EU and Irish law. Think GDPR and various other laws relating to keeping financial data secure. Plus they would also have very strict contracts with their bigger clients guaranteeing the security and privacy of their super sensitive commercial data.

You would be unwise to assume that the data retrieved through a customs search of your laptop or phone wouldn't end up in your rivals possession.


Because otherwise any information on the laptop would have to be considered compromised.

What about if I put an encrypted backup of my phone into some online storage and factory reset it? Probably not a workable solution for frequent travelers.

This probably would raise suspicion and CBP will detain you, as will bringing no phone at all.

This is the EFF's statement regarding wiped devides:

We don’t recommend disk wiping as a border crossing security measure for most travelers. It’s a less common data protection technique than the other ones highlighted in our guide, which include encryption and minimizing data that you carry. Wiping your computer will make it unusable to you. Also, it may draw the attention of border agents, since it is unusual for travelers to carry blank devices with them. This may be of particular concern to travelers who are not U.S. citizens, who may receive more scrutiny from border agents. Again, you should consider your risks and security needs carefully before deciding how best to secure your data for border crossings as everyone’s individual risk factors and data security needs are different.

https://www.eff.org/de/deeplinks/2017/07/crossing-us-border-...


That's basically using your own phone as a burner phone.

You could probably stick a few innocuous photos and messages on it and claim you'd just upgraded or something.


Can I claim that I don't like my laptops searched so I reinstalled it from the scratch? It's truth. Can they force me to reveal my gmail password or something like that?



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: