An odd thing about these searches is that they really have no chance of catching anything nefarious carried by anyone halfway intelligent. An acquaintance of mine smuggled digital documentary video out of Iran just by opening up a laptop and loosening one of the two hard drives' connectors so it no longer registered as attached; the brief border search at the airport of course saw one hard drive with nothing particularly nefarious on it, and didn't go to the trouble of determining that this model of laptop should've had two drives. That's not foolproof, but it's going to foil 99%+ of these kinds of casual searches.
Of course if someone really suspects you personally and wants to scrutinize your machine in detail, that's another story, but just random dragnet-type searches of machines at borders are laughably easy to foil, with dozens of different methods, so the stopping-terrorism justification doesn't seem plausible.
That is why we call it "security theater" - because every informed person will realize it's a heap of bullshit that serves no purpose but to get people used to methods of a authoritarian police state. Terrorism is a retarded excuse, period, and anyone who uses it as their primary argument should be laughed out of the building.
I commend you for saying this out loud in a public forum. How things have changed in just a few years! Just after 9/11 you would have been laughed out of the building for pulling out the "security theater" card. It warms my heart to see so many people vocally & publicly calling out the bullshit governments are trying to pull on us, no matter if it's SOPA, PIPA, ACTA or whatever they will come up with next.
I've been thinking about this internet freedom movement quite a bit lately & I am convinced the single most powerful thing we can do is to come out of our anonymous hiding places & publicly declare our intentions. That's why I created my freedom.txt & hope others will do same: http://fr.anc.is/freedom.txt
Another good option is to take a 32-gig SD card, and re-label it as a 1 gig. Then fill the card with random output, reset the number of cylinders in Fdisk to match 1 gig, format a 1 gig partition and fill it with pictures of scenery. Put you encrypted data at some point after 1 gig on the raw device. To anyone looking at it casually, it will appear to be just a 1 gig card. Even if they see the empty space afterwards, with good encryption it should be indistinguishable from random noise.
Bonus points for modifying the firmware on the SD card so that it looks like 1 gig at the low level.
They don't use the forensic tools on everything that passes through, and an SD card full of landscape photos is a lot less likely to arouse suspicion than one full of unreadable encrypted data.
The core problem is, laws are not created result orientated.
When the people who are targeted, are the ones who avoid being caught, the result will be near zero.
We need intelligent accounting here.
For example, when the result of this law is: We spent 100 Million to catch 0 terrorists and 20 people for minor felonies.
Is it in the public interest to pay 5 Million for catching a person who downloaded an illegal movie?
The politicians should be accountable for these things, or they should say in advance "we try this for a month and if it doesn't work or is inefficient we stop it".
I also know that statistics are often manipulated, but that is another problem.
"The politicians should be accountable for these things, or they should say in advance 'we try this for a month and if it doesn't work or is inefficient we stop it'."
I think this goes back to how politicians are deathly afraid of ever, anywhere, being wrong. This seems to even preclude improving/changing their own positions on most things.
There is nothing wrong with realizing you were wrong and changing your opinion, rather there is something wrong with hanging onto a belief or opinion when the pile of evidence is not only against you but continues to grow.
Well given the fact I've had SD cards go through washing machines, dryers and even had a DS game get run over by a fully loaded truck and survived.
I guess you could literally eat a MicroSD card and deliver it safely and intact in another country. This would even make it better than smuggling something the old way (swallowing a condom) because an air bubble has the chance of showing up in an x-ray. A MicroSD card would likely be completely invisible. Any copper would obviously show up, but the amount is likely to be indistinguishable from the iron we digest and the iron in our blood that is concentrated around our intestinal walls.
- Use full-disk encryption.
- Secure it with a very long hard to guess password.
- Turn your computer off at least 10 minutes before going through customs.
- You don't legally have to tell anyone the password with out a court order.
- You don't have to give them any information to aid in their search.
- Secure delete everything before you travel.
Super important:
- DO NOT LIE.
- You can simply not answer a question. But never lie.
- Say, "I'm sorry, but I cannot answer that question."
Super super important:
- Plan!!!
- Decide what you will do *before* you get to customs.
- Don't stress out, just relax and don't answer questions you don't want to.
I've read some people here on HN (http://news.ycombinator.com/item?id=3496070), saying that they will start using TrueCrypt to hide their data. This is explicitly discouraged by EFF, stating:
Although TrueCrypt hidden volumes may have some practical applications, we think they are unlikely to be useful in the border search context because they are most helpful when lying to someone about whether there is additional hidden data on a disk. Lying to border agents is not advisable, because it can be a serious crime.
I'll add this here, so it can be read by someone reading your resume.
Title 18, United States Code, Section 1001 makes it a crime to: 1) knowingly and willfully; 2) make any materially false, fictitious or fraudulent statement or representation; 3) in any matter within the jurisdiction of the executive, legislative or judicial branch of the United States. Your lie does not even have to be made directly to an employee of the national government as long as it is "within the jurisdiction" of the ever expanding federal bureaucracy. Though the falsehood must be "material" this requirement is met if the statement has the "natural tendency to influence or [is] capable of influencing, the decision of the decisionmaking body to which it is addressed."
(Ironically, the government lies to us all the time, but there are apparently no penalties for that.)
That article gives a ton of good reasons to flat out refuse to talk about anything of substance to any agent, ever, without your attorney present.
I would highly recommend reading it. Even if you don't think you're personally the target of an investigation, the way these things go, anyone that they can catch in the net is a potential target, so you should be nervous - it always looks better to indict N+1 people than N, and if you talk to the investigators at all without a lawyer present, you greatly increase your chances of being that +1, even if you truly and honestly haven't done anything wrong.
As a non-citizen, I would not risk being labelled uncooperative by the border agents. Just because they cannot compell you to surrender your passphrase doesn't mean they couldn't hold it against you in the future (longer visa processing times, extra background checks).
As suggested in the pdf, a wiser approach is cross the border with an immaculate system and download your data afterwards.
Well, for what is worth there is absolutely no due process for being denied entry to the US as a non-citizen. I would really not try to be uncooperative and I'll heavily try to look very very dumb (I guess it's some sort of lying). As a non-citizen you have no rights at the border - the guy can send you back for no reason or for the reason he's a dick or detain you without due process.
Say, "I'm sorry, I don't feel comfortable answering that question."
And when they ask why say, "Because I believe that it is my right not to."
But nothing more. Just be short, to the point, and courteous. You're not guilty of anything for saying that, and they will understand that you understand your rights.
They may make your life a tiny bit harder because of it, but if your courteous and patient you can maintain your dignity and your privacy.
Two points here. First, don't answer specific questions about anything. This means refusing to answer questions about piracy, terrorism, etc.
Second, unless there is evidence you're breaking criminal distribution laws they're not going to care about the MP3s your friend gave you or the copy of Doom you downloaded from a BBS 15 years ago.
Considering I spend most of the year travelling around or living in East Asia, my best choice is just to avoid the US completely, including transit flights (as we now have our passports checked).
I know the chances of being asked anything, including, "have you bought pirated movies or software while in Asia?" Is pretty hard to refute if you've lived or traveled there for the last decade.
I don't think the agents are all that sophisticated, but if they notice you doing any funny business, you will get the third degree. So don't try anything.
If you're that concerned, make sure it contains nothing but Free (libre) software. Then you will be able to prove your innocence.
Let me say this a different way: having any media on your machine whatsoever is now "funny business". If you have movies ripped to your laptop for your kids to watch, as I do, then you can legally be held under suspicion of piracy, and your property can accordingly be confiscated. The burden is on you to satisfy whatever requirements the government may have for the media.
IANAL. You have 5th amendment rights against self incrimination. You don't have to answer. How do you word that? No idea, but that would be the route to take I think.
"You have 5th amendment rights against self incrimination."
My concern is while that is often stated, those people aren't sitting in the detention centre with you for hours while your digital devices and the material on them is being searched and you are being 'threatened' with further detention, likely bogus charges and pressured to admit guilt for using your laptop as a normal user does.
These are standard interrogation tactics that people need to be prepared for. If you really feel threatened, speak to a qualified layer before you make any decisions, say anything, or agree to anything you don't want to.
Standing up for your rights and privacy isn't always going to be easy. But sitting in detention for a little while is really a small price to pay for your liberty. Plus, you'll waste a lot of public money in the process.
As far as I know, constitutional rights apply equally to both citizens and non-citizens. Of course, if citizens aren't protected in this case, neither will non-citizens, but I think the distinction should not matter in constitutional matters.
I believe that current rulings indicate US Constitutional rights do not apply to non-citizens outside US borders.
Quote:
Citing Yick Wo v. Hopkins, the Court, in the case of Wong Wing v. US, further applied the citizenship-blind nature of the Constitution to the 5th and 6th amendments, stating ". . . it must be concluded that all persons within the territory of the United States are entitled to the protection guaranteed by those amendments,
(Note "within the territory of the United States")
This is ridiculous. Not what EFF is trying do do, but the extent to which people are going to have go to feel secure. Look at the doctor example. Akina the Japanese doctor is going to a wedding out of country. They recommend mailing a laptop to a relative at the wedding, then wiping it there and bringing it back across the border, all to protect the confidentiality of some emails. That is a completely and utterly ridiculous idea. But yet, there it is, seriously stated.
10 years of pacificity towards the erosion of rights and privacy, and here we are.
"That is a completely and utterly ridiculous idea. But yet, there it is, seriously stated"
Maybe to you, but not for me. I'm a doctor and a geek. I work on confidential patient data which I manipulate with custom software I write (some C, some perl... even some php at times :-).
But every devices this data goes into is encrypted.
To avoid any problem, when I travel I take my special "travel laptop" which has a brand new OS install from the night before. I take absolutely no data at all, unless I absolutely need to work on it during the trip - and in this case, this piece of data travels on an external media, in an encrypted form.
The macbook and the external media are disposable - should any agent want it, they can have it and keep it. I won't even complain.
What I care the most about is preserving the data confidentiality.
Why exactly wouldn't you want this kind of protection on your data from your doctor?
Hmm...either I wasn't clear enough, or you misunderstood. Maybe replace "idea" with "concept" or "requirement". What the doctor is doing/should do isn't ridiculous. It's the fact that the EFF had to write a 30 page document that instructs people on how to protect themselves from some neanderthal on a power trip who decides to comb through personal emails at the border. All in the name of fighting piracy. That's ridiculous.
If I had to fly to America these days, I would not take my laptop unless absolutely necessary. I would also do a fresh install of Cyanogenmod on my phone and configure it up only after crossing the border.
There was a time that I wanted to live and work in America. These days, I don't even want to visit for a holiday.
I only travel with encrypted data - both my laptop (linux with luks) and my phone (galaxy nexus) use full disk encryption.
Currently it seems that the worst that typically happens is that they take your hardware away from you. I don't care too much about that as all my data is securely backed up in the cloud (tarsnap). The value of the hardware is maybe something like 1000 euros alltogether. Given how unlikely it (currently) is that this happens this is an acceptable monetary loss for me.
The only thing that bothers with my setup is that encryption in Android 4 is absolutely braindead, as it forces you to use the same password for the encryption as for the screenlock, although the security requirements are completely different: You want to use a really strong password for the encryption, but for the screenlock a short password is sufficient. Hopefully that will be possible in either one of the next versions, or one of the inofficial forks.
Supposedly, if your hard drive is encrypted, customs agents can hold your computer indefinitely if you refuse to provide the password. The irony is that gigabytes of encrypted data cross national borders every second -- over the internet. So dump your important data in an encrypted file and put it on a file sharing web site, or a VPS, or whatever, and download it again when you get across the border. Nobody with "interesting" data (and half a brain) will be physically bringing it across a border. The searches are useless.
Nobody with "interesting" data (and half a brain) will be physically bringing it across a border.
What's super ironic about this legislation is that it makes local law enforcement's job of actually catching criminals harder. No one's going to get caught at the border with anything but parakeets shoved down their pants. And now criminals are forced to use full-disk encryption and secure delete for everything if they want to travel which will likely lead to more security at home and more obstacles for local law enforcement.
Unless you're traveling to or from a location that won't have a connection or won't have enough bandwidth to support your needs. See the example in the article about the film maker.
Every now and then you have to step back and look at your world.
When I was young, people having to take precautions like this were clicheed signs in a movie of someone oppressed by a totalitarian regime. Invariably the "good guys" were working to free people from it.
This happens in Canada, too. There was a thread on a popular storm chasing forum in 2007 in which a chaser driving from Florida to Canada was stopped by the Canadian border patrol and had his car randomly searched. The post is also here on the chaser's personal blog: http://sky-chaser.com/america.htm#WINDSOR . They grabbed his laptop that he was using for GPS mapping, brought it inside, then came back out and told him he was being detained in order to investigate the photos he had on his drive. Apparently they were concerned that some of his Asian nudie pics were of underage models. He was then arrested until some specialist could come in and interview him and review the photos to determine if they were underage. After waiting several hours in a cell, the investigator showed up, asked him a few questions, then released him. "You are good to go. We have insufficient evidence and cannot find anything related to the charges suspected, we are sorry for the inconvenience and I hope this does not prevent you from visiting Canada in the future."
This website is horrible to read, occupies about 12% of my screen and does not even support turning pages using keys! EFF, you can do better than that.
My concern with this US border search is the idea of confidentiality. One, we've all seen movies. Lots of them. And though we may laugh at how easily the antagonist acquired the needed information from the protagonist, it can't be said that it can not happen in real life. And this US border search is making that highly possible. Also, for doctors and lawyers, this confidentiality thing I'd like to believe, is sacred. So when another person sees that on their laptops or gadgets, would it be the same as doing a breach of contract or doing something against their oath?
I wonder if it would be possible to get the American Medical Association (and whatever the lawyers' equivalent is) to fight against this ridiculous policy. Or would they just shrug and say that doctors shouldn't put confidential data on portable computers?
Of course if someone really suspects you personally and wants to scrutinize your machine in detail, that's another story, but just random dragnet-type searches of machines at borders are laughably easy to foil, with dozens of different methods, so the stopping-terrorism justification doesn't seem plausible.