Hacker News new | past | comments | ask | show | jobs | submit login

It's worse than that in some cases. I used to work for a big 4 consulting firm and they had some horror stories about border device searches.

The company policy for travel outside the EU was simple... Your own laptop would go into a server room and become a remote desktop host, you'd be given a blank laptop. When you got to your destination safely you'd call up IT who'd tell you where to download the VPN software and provide you login details. If asked why you laptop was blank by border agents you were instructed to give them a copy of the company IT policy.

Which is all well and good border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop. It happened on multiple occasions in several countries and in most cases the employee was deported after refusing to comply.

It might've been better to respond with the fact that you had only just received that laptop from the company, which was the truth.

A new clean laptop is in itself suspicious, especially if you are on a business trip.

I think the expensive legal brains the company employs decided it is better to simply admit that they do it this way to stop border inspections. Better a deportation of a single employee rather than risk compromising their IT systems and data.

> border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop

empty laptop or no, that brings up a general issue - border agent asks you to VPN into your corp network and to give them access into it (which beside a slew of corporate policies may also violate a bunch of laws like GDPR, HIPAA, SOX, EPA Clean Water and PCI compliance, etc - IANAL, so who knows what laws can be violated, all those corporate compliance and business conducts emails are so scary). Me being a little guy doing as i told/ordered to by the ones with authority, I'd just call corp IT security, some bozo high up the chain, and let them do their job - sort it out and make the decision. Sucks though for small companies without that fat and important corp IT security and all those C[compliance|information|customer privacy|security|sustainability|etc.]Os around.

The solution could be for the company to give the VPN password to the employee by phone some time after they arrive at the destination. Then the employee literally has no way to access the VPN when detained.

Then the employee may be subject to indefinite detention? That would be an absolutely unthinkably bad policy.

Why did the big 4 consulting firm think that it was so important to hide the laptop data from the government during the border search?

Many companies have policies, especially when visiting China, to send in users with blank devices and wipe the devices on return.

The big 4 consulting firms aren't single entities. Each country has its own independent branch that shares a global brand, set if principles and objectives.

The Irish branch has to comply with EU and Irish law. Think GDPR and various other laws relating to keeping financial data secure. Plus they would also have very strict contracts with their bigger clients guaranteeing the security and privacy of their super sensitive commercial data.

You would be unwise to assume that the data retrieved through a customs search of your laptop or phone wouldn't end up in your rivals possession.

Because otherwise any information on the laptop would have to be considered compromised.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact