Airport searches of laptops, other devices intrusive

Re: Airport searches of laptops, other devices intrusive

If a person is so scary that you need to see his laptop and cell phone, why are we letting them in the country to begin with?!

Re: Airport searches of laptops, other devices intrusive


Bruce Schneir talks about such things quite often. We've moved to a CYA method of security (Cover your ass).

If there is a perceived threat, no matter how ridiculous, those in command have to be seen as doing something about it, no matter how useless. That way if something did happen, they can say that they tried, rather than getting hung out to dry as the scapegoat.

This is why we still cannot have liquids. That plot was completely debunked and technically unfeisable, however if something did occur, no matter how remotely related to the original percieved threat, that person would be drawn and quartered. The only security that matters to alot of people is job security.

This is also why they insist on checking laptops for bomb plans, kiddie porn, etc. They know that the only ones they will catch are the truly stupid but should some plot succeed somewhere and it turns out plans were on a laptop, at least they can say 'we were searching and causing inconveniences, but we can't search everything'. Usually enough of an excuse to save the jobs of some important person after an epic fail.

Its when we as a society accept that we cannot be perfectly safe and that to be free means accepting some risk at times, only then can we achieve some balance that makes everyone happy.

Re: Airport searches of laptops, other devices intrusive

I'm sure that your acquaintance is experiencing the frustration the a lot of cops have. Their jobs would be so much easier if those pesky Fourth and Fifth Amendments weren't there, and since they're only after real criminals, the general public has nothing to fear. It is an easy trap to fall into as a LEO. Unfortunately, it's wrong, and the Fourth and Fifth Amendments are designed to protect every US citizen from exactly that mindset in government officials.

While the Fourth and Fifth Amendments do protect criminals under many circumstances -and I'll tell you firsthand it can be frustrating as all fuck to see a criminal that you absolutely know is guilty walk on a legal technicality- people (especially gov't officials) need to keep in mind the bigger picture: The Constitution and the Bill of Rights are what keep us from turning into a police state. The 4th and the 5th have always been "a tool of the terrorists" (and drug cartels, and Organized Crime, and... well, you get the point), but the bottom line is that they protect every citizen from having to expose any and all details of their private lives to the the government at the whim of any public official who deems it in appropriate.

Re: Airport searches of laptops, other devices intrusive

Here's the thing that I don't get.

I understand that PCs can have data on them used in terroristic activities.

I also understand that these same PCs can be bought, NOT have the data on them at the time of entering the country and THEN be loaded with that said data at any internet cafe/hub/etc once safely in the borders via the internet and let's say....a zip file called 'stuff.zip' which would look pretty harmless to anyone who saw the file being transfered to the pc.

Hell, or someone could have it all on a flash drive inside their fake pen and hook it to their USB later. I have a USB jump drive that to the average person looks exactly like a pen. Stick that in a pack with a bunch of actual pens and no one would be the wiser.

So, maybe what I am asking in the end is....

Is the cost of taking our freedom of privacy in regards to our personal data worth the benefit of the slight chance they will catch some moron with their pants down who didn't take the time to plan it out?

Re: Airport searches of laptops, other devices intrusive

Funny this topic should be ongoing as I just got off the phone with an acquaintance that was a longtime LEO. He is of the "if you have nothing to hide, you have no problems giving up your privacy to the proper authorities" and "The 4th and 5th amendments have become a tool of the terrorists.. and you are either with the terrorists or against them.." mentality. My stance was the "take my constitutional rights from my cold dead hands" approach, but he did make a good point. You try that, you are getting fucked. No two ways about it, constitution be goddamned. You have to pick your battles, and unless you are willing to sacrifice most of what you have (job/income/privacy/freedom/etc) to make a point and be a martyr then you are better off with a minor civil disobedience approach. One could politely make it more of a pain in the arse to deal with you than it's worth... keep a couple pics of legal models or something and say you were "embarrassed to have pictures of women in bikini's on your laptop.. you don't want the wife/gf to find out!". Not flat-out refusing, not being rude, and NOT completely refusing. One could even be OVERLY polite to the point it is obnoxious. If everyone did that then the cost in time and effort becomes more than the whole idiotic process is worth. Not saying anyone should do such an act.. Civil Disobedience is Un-American.

Debate of the legalities of the searches aside, in this situation it is far easier to just bypass the whole damn issue by using crypto + stenography (truecrypt with hidden partitions, etc). That way even if you did have to give the password up to make the whole goddamn issue go away (showing the bikini pics, perhaps!), you can still keep your privacy and rights. I still find it amazing that DHS actually thinks they are going to catch anyone except a complete idiot by doing this. Anyone wanting to sneak around data is either going to use a ssh/vpn tunnel, a microSD card, etc.

Now... if I was the government and wanted to assist with industrial espionage, what a better way than to start grabbing data from business people entering the US from other countries... (/me puts on tinfoil hat)

Re: Airport searches of laptops, other devices intrusive

It's been making headlines here for the last couple of weeks, and it's interesting to see that it's starting to garner more attention.

While I'm no fan of letting criminals go on technicalities, a strong interpretation of the Fifth Amendment is a bigger benefit to everyone.

Let me preface this by stating the Feds have different rules, and as I previously said, border crossings have their own rules which have traditionally been more relaxed, and border officers almost everywhere tend to have very wide latitude in exercising their powers.

Generally, a LEO's hands are tied when dealing with this type of situation. Without probable cause, and only a vague suspicion that something might be illegal, they may be able to hold you for addition investigation for a short while, but they will have to let you go at some point.

Re: Airport searches of laptops, other devices intrusive

I'm pretty encouraged by this decision. We've been kicking around the notion of whether or not you could be compelled to produce passwords and keys as part of a criminal investigation for quite some time (I remember it coming up during Jennifer Granick's talk) and it's great to finally get some guidance.

While it's true that the LEO you're dealing with at the time may not like it if you do invoke the 5th, they may let you go unless they otherwise have probable cause to take you into custody. I'm sure Thorn is a much better authority on that particular subject.

Re: Airport searches of laptops, other devices intrusive

Let me recommend a methodology even more strict. If this were me, and I were concerned, I'd do the following:

o Travel with a clean, innocent install of WinXP or Vista, and it would NEVER have been used to read email, browse the web, or edit a file.
o Keep one or more of Knoppix or Live CD of your choice
o Keep files, encrypted, on a server, preferably at home, or other trusted location
o Say that the laptop is new to you, and that you haven't used it much. Try to believe what you are saying. Practice beforehand.
o If there is no safe server at home, try carrying media such as CDs or DVDs that can be inserted under a car tire or other object if destruction seems necessary

Sound like I'm paranoid and distrustful? I'd suggest looking around you.

Trust, but verify.

Re: Airport searches of laptops, other devices intrusive

There is actually only one "town" in Pennsylvania (Bloomsburg). Everything else is either a city or borough or township. Townships are typically subdivisions of a county outside of a city or borough. Townships are also often (but not always) the divisions between school districts. Villages are unofficial in nature (not officially incorporated).

The "county sheriff" in PA does not have the same clout as they do in other parts of the country. Police departments are typically organized by city, borough, or township. Sometimes townships pool together in regional departments. There are county deputies, they do have the same arrest powers, but traditionally they are not used in the same way as they are in other parts of the country.

Re: Airport searches of laptops, other devices intrusive

A former co-worker was from PA. He used to use the word "town" for a central commercial area, and "township"when referring to the larger geopolitical unit. He also used to talk about the "county." all of those things made his speech stand out. In the New England, a central area may be a "town" but is most often called a "village". The larger geopolitical limits are always either a "town" or a "city" (but only if chartered as a city.)

Because county governments are so insignificant to be almost non-existent in New England, and there are few unincorporated areas of land*, referring to the "county" in any context other than 'a collection of towns in a particular area' will mark you as a stranger.

*Unincorporated county areas are mistakes from times past when surveying and cartography were less accurate. Generally triangular in nature, these are called "gores."

Re: Airport searches of laptops, other devices intrusive

Yes, I'm just going by what Lou Dobbes keeps saying on CNN and have no experience crossing border with the exception of a few childhood trips.

Dam ;-), how did you know that. In PA, we have villages, towns, boro's, townships, counties and cities. Then of course the generic names people use for areas of the cities, like Mayfair, and K&A, ..etc which really aren't on any map.

If you were wondering yes it's get confusing even for GPS. Often an address is served by a post office that doesn't necessary sit in a towns USGS map coordinates. But I'm sure this happens every where.

xor

Re: Airport searches of laptops, other devices intrusive

Those "remote places" are well know to the Homeland Security types and those locations have remote cameras and other sensors. Crossing in a vehicle is almost impossible. Crossing on foot might be possible, although knowing about some of the arrests for illegal crossings, it is difficult.

As far as the local police not stopping you, if you "lf you appear to be an American citizen", you're wrong, and it's obvious you've never dealt with local law enforcement in those areas. First of all, there is no way to differentiate between a US Citizen and a Canadian in those areas. Things like clothing, speech patterns, and the like are very similar. However, in most of these remote places on the US Canadian border, you are dealing with a small towns* where the locals and their habits are all known. Strangers showing up within the town -especially at odd locations- are going to be suspect. Some of the biggest busts for cross-border smuggling have been initiated by the locals who noticed a stranger in the wrong place.

Secondly, the local cops can and do make stops for this type of thing all the time. If they suspect that a crossing violation has been made, they simply detain the person until the Border Partol can take of the case.

*Coming from Pennsylvania, you would probably call a town a "township." That is the type of thing that will get you noticed as a stanger.


If may make you more suspicous in their eyes, but "pleading the Fifth" just means that you don't want to say anything that is possibly self-incrimiating. It is not an admission of guilt. Considering that you don't know what they might be looking for, and that there seems to be no guidelines as to what files are being scrutinized, it would seem to be a prudent action at this time.

They may seize the laptop, but according to some news reports they may do that anyway.

After thinking this through further, the best bet may be to have backups of all important files that are remotely accessible and are synced to the laptop. Even if the laptop is seized, you could still make a VPN connection to your home server that crosses borders.

Re: Airport searches of laptops, other devices intrusive

much as you may disagree with it (and it makes my stomach turn) it's wholly and fully supported by the constitution and the rule of law. the US is (in theory) an island of liberty in the middle of an uncertain sea. while the laws and rights of people in other lands can fluctuate out of our hands, our own laws are (again, in theory) guarantees of our constitutional freedoms.

but border crossings are just that... places where we meet the edge of our own laws. just like a hospital surgery area or a microchip plant's clean rooms, the entrance and exit to a place of such extremely-maintained ideal conditions must be tightly controlled to ensure that no contamination or improper passage from one side to the other happens.

even the ACLU will tell you (in their great educational film "Busted" about knowing your rights against search and seizure. google or youtube it now if you've never heard of it) that you have no guarantees of freedom from intrusion when crossing international borders.

it's a shitty prospect, but the best way to exercise all your American freedoms to their maximum potential is to never leave the "safe" confines of this bubble of liberty we call our nation.


now, on to more practical matters... yes, crypto and use of the internet is the best policy overall. my laptop that travels with me has no home directory or work product saved on it. that computer can be stolen or invaded by any party and it will make no difference to me (aside from the financial ramifications) because everything I work on is contained in a crypto volume. That volume is saved on a removable device and (security through obscurity's flaws notwithstanding) disguised as something wholly innocuous. Beyond that, any essential work product that I produce when out of the country (or just photos that i take) I transfer back home via the internet before i leave on my return journey.

At the border i would be willing (in accordance with the law) to let people boot my laptop, etc etc. I wouldn't assist them at all in logging in but I would have no recourse to them using any utilities that they wish to forcibly gain access. I doubt that any encrypted drives would be on the radar, but if they were i would show similar behavior... allowing them to use any tools at their disposal to copy data, attempt to decipher, etc etc. I would likely, however, develop severe amnesia regarding any of my passphrases and (despite the massive headache that would likely ensue) opt to become a test case for the law if i was ordered to unlock anything myself.

it's an important question, you know... how someone would behave in these sorts of situations. what would you do?

Re: Airport searches of laptops, other devices intrusive

I'm sorry, sir, but what the fuck did you just say?

Re: Airport searches of laptops, other devices intrusive

I think renderman has an excellent point. Would be a LONG drawn out court process either way.