Ex-Mozilla CTO: I was grilled for three hours at US airport by border cops
theregister.co.ukSome discussion from yesterday: https://news.ycombinator.com/item?id=19558161
See also Andreas Gal's blog post https://medium.com/@andreasgal/no-one-should-have-to-travel-... , the ACLU's press release https://www.aclunc.org/news/aclu-files-complaint-department-... , and the ACLU's formal complaint https://www.aclunc.org/docs/ACLU-NC_2019-03-28_Letter_re._El... .
Quick reminder: US citizens have an absolute right to reenter the country. Customs can temporarily detain you, but they cannot refuse entry. Any threat, whether implied or stated, that they will hold you until you unlock your device is not real. They can hold your stuff indefinitely, so be prepared to lose it if you go this route, but never unlock your device based on the idea that it’s the only way to go free.
Non-citizens are in a totally different boat. You can be denied entry for any reason whatsoever. Tread carefully....
Quick reminder: Non US citizens only go to conferences outside the US. There is no excuse we should put up with this. Canada and EU are much better locations for this reason alone.
Not much better in Canada: https://nationalpost.com/news/canada/guilty-plea-ends-case-t...
And also Australia and the UK:
https://www.abc.net.au/news/2018-10-08/if-a-border-agent-dem...
https://techcrunch.com/2017/09/25/traveler-who-refused-to-gi...
It seems to be mostly a Five Eyes thing.
It scares me the number of people who think that the US is in some uniquely bad place for some issue, not because of "whataboutism" but because of the blindness it can entail and skewed perceptions of all sides. No, it's not a dystopia in the US, but a wonderland paradise everywhere else. There's plenty of places that treat various people badly.
Agreed. I'm European and it astonishes me how a wall at the border is so divisive, with some even calling it un-American, and in the EU there are essentially no legal ways for refugees to enter at all (we've made it practically impossible to fly) and children die by the boat loads in the Mediterranean, yet we Europeans think we are in a position to judge the US.
Astonishing is the word.
Countries often have reciprocal arrangements regarding how they treat each other's citizens. If your country treats country X's citizens like crap, odds are country X will start treating your country's citizens like crap too.
Because of this, it's likely that the world will likely spiral to worse and worse treatment of everyone. As the saying goes, an eye for an eye and soon the whole world is blind.
This is why Brazil now fingerprints travellers from the USA and not from anywhere else.
Yup! Not sure why Canada gets to slip under the radar on things like this. They are demanding access to devices as well.
“On the other hand, we’ve got very recent case law from the Supreme Court of Canada, starting in about 2010, that says you’ve got an intense amount of privacy in your electronic devices."
If he went all the way up to the supreme court instead of taking the plea deal, the story might have gone the other way.
Well if CBSA continues with this practice I hope it ends up with a lawsuit and gets shut down by the supreme court.
Or New Zealand: https://www.washingtonpost.com/news/morning-mix/wp/2018/10/0...
Given their reported membership in the Five Eyes, I don't see NZ as a place to be. https://en.wikipedia.org/wiki/Five_Eyes
In the past several years, I’ve entered 6 countries as a US citizen. Only Canada has demanded access to my phone.
Another anecdotal point, in the past few years I've entered the US a dozen times, China, SA, Australia, Canada and some European countries outside my native France, and I've never been asked to unlock my phone once. I always get the fingerprint treatment at LAX though.
Getting fingerprint is supposed to be a standard procedure.
I was asked to unlock my phone trying to get to Canada as a US citizen too.
What are they even trying to find on your phone?
Evidence that you're coming to Canada to stay and perhaps work, rather than visit temporarily.
Interesting. When they ask my occupation I say that I’m a small business owner in the software industry. Is that a high risk occupation for unauthorized work in Canada?
Are these kinda searches that common?
Also, don't fly through the US to get to that conference in Canada.
Is it a risk if you stay in the airport, in the secure zone? (Whatever it's called...I've flown rarely over the past couple of decades.)
Yes, on a flight to and from New Zealand with a refuel/crew change in LA I was fingerprinted, retina scanned and asked about my personal business despite being held in the "secure" zone.
This was 2005 so they didn't have such a hard-on for electronic devices back then. Seeing as the US has upped its game quite a bit since then, the likelihood of me ever visiting the US is now zero. Sorry my fellow US HN'rs.
And you know it's such a shame because I had a trip to Boston in November 2002, and even with it being only just over a year since 9/11, my passage through customs was friction-less and the staff were delighted that we'd come to visit the US. No fingerprints, no eyeball scanning, no interrogation, just a friendly "business or pleasure, and enjoy your stay".
If you're not being hassled in EU airports, it's because they already have your information. Not whataboutism, but most EU states and all the powerful ones have active, conservative intelligence and police that work closely with the United States and give them any information they want. Stay safe.
It's not just 5 countries: https://en.wikipedia.org/wiki/Five_Eyes
All flights that stop in the USA require all passengers to clear customs before continuing their journey.
I had no idea, thank you.
This is often called "sterile transit" (the ability to depart the airport without passing through immigration), and the U.S. and Mexico (and apparently Canada) don't allow this, while generally European and Asian countries do.
https://wikitravel.org/en/Avoiding_a_transit_of_the_United_S...
No EU airport allows this for flights from outside the EU/Schengen zone. Every international airport has dedicated "EU internal" and "all other" terminal pathways for this reason.
Yes, they do. Unless I misinterpreted your comment, connection flights from outside EU to US/Canada don’t require the Schengen visa as passengers don’t leave the “clean” zone.
I've had to go through security and immigration when flying through Dublin and Seoul. So I don't think you can exempt Europe and Asia from the list.
Were you flying to or from somewhere else in Europe in the Dublin case? A subtlety about this which has just come up elsewhere in this thread is that the whole Schengen Area is treated as a single "country" for immigration purposes, so if you have an intra-European flight, you have to enter or exit "Europe" in the course of a transfer to or from an external flight.
But I think if you fly, for example, from New York to Paris and then on to Tunis, you don't have to go through immigration controls in Paris.
I was flying from Seattle to Rome with a connecting flight in Dublin. In both Rome and Dublin I had to go through immigration (that is, present my passport) and in Dublin I had my carry on X-rayed again. Upon arrival in Rome, after clearing immigration I had to go through customs, which is to say I walked out the "Nothing to Declare" portal.
Oh, I just remembered that Ireland isn't in the Schengen Area (due to the Common Travel Area with the UK). So you wouldn't have a domestic-style flight from Ireland to Italy. But your experience then does seem to confirm that Dublin doesn't offer sterile transit at all, which is a bit of a surprise to me.
The US forces you to clear customs regardless of your final destination (transfers included).
There is no transit visa to the US. Everyone landing goes through customs and immigration regardless of whether you are connecting to another flight.
Yes the secure zone is even more risky in my opinion.
Canada is not exactly welcoming to visitor. Particularly visitors that may have a mark on their background check from any number of years ago. Good luck getting in at all -- its becoming a common mention in hip hop lyrics even.
>Canada is not exactly welcoming to visitor. Particularly visitors that may have a mark on their background check from any number of years ago.
Not a bug, working as intended. Entering a country that you aren't a citizen of isn't some inalienable human right, especially if you're a convicted criminal.
By that same token there is no reason to complain about how difficult it can be to enter the U.S. for certain individuals -- or working as intended as you call it. I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
>By that same token there is no reason to complain about how difficult it can be to enter the U.S. for certain individuals
Well, yeah, entering the US as a non-citizen is a privilege granted at the discretion of the US federal government. Border control is an essential function of a sovereign state.
>I also find it a bit disturbing how easily you apply law & order in the name of a country that was not involved in deciding the validity of that decision or the circumstances behind it.
It's disturbing to not want criminal elements freely entering your country? If they're a not refugee and they can't follow the law in their country of origin, why should any other country be obligated to let them in?
Let me put things into perspective for you. Cops raided the wrong house (battering ram and everything) which happened to be where I lived. They ripped up floor boards and broken holes in the wall -- they found $300 worth of personal weed. So they confiscated everything I own because it could possibly be related to drug money. I'm also incarcerated without the ability to post bail (because cops just took everything). I wasn't granted personal recognizance bond, it was $50,000 -- my family takes this as a sign that I must be guilty of whatever they say so I have no access to money for bail or for a lawyer. So I did my own case work while I sat in jail for 3 months, got a different judge to finally give me a personal recognizance bond, pick apart the prosecutor and detective at later hearings/motions, and finally leading up to the day before a jury trial (for two felony charges). I was offered a better plea and took it -- everything leading up to this point was so fucking asinine that despite all the headway I made I could not trust I would not spend years in prison. Its quite clear they did not want to look like idiots after getting a warrant and executing it in force based entirely on some 17 year old kid told them while being interrogated himself.
I'm only a criminal to someone like you.
You can't plead guilty to (what sounds like) a trafficking charge and then claim to be innocent and expect to be freely admitted to other countries. Canada has no way of knowing you're innocent so your logic is that they should just let you in anyways? I think countries have very good reasons to keep people with drug convictions from entering regardless of whether or not you believe drugs should be decriminalized or legal.
It's expensive and risky to go to trial, even if you're innocent.
https://www.theatlantic.com/magazine/archive/2017/09/innocen... https://abovethelaw.com/2018/11/plea-bargaining-a-necessary-...
> I think countries have very good reasons to keep people with drug convictions from entering regardless of whether or not you believe drugs should be decriminalized or legal.
What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering. People that are well off would/do not have the same legal outcomes, and thus your measurement of law-abiding is not reasonable.
>What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering.
Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
Canada has a generous welfare system and social safety net that that would likely be unsustainable if it let in sufficient number of people unable to support their own benefits. Even if you hold the view that drug use ought to be a public health matter and not a criminal matter, there's a limited amount of immigration that can be sustained without overburdening these services and why let in a drug user when you can let in a doctor or engineer?
In the case of tourism, it's just about limiting risk of someone overstaying their visa.
> Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?
I make well into six figures as an engineer and cannot make legitimate business trips to Canada even when the company lawyer has appealed for my entry, complete with compiling a report with ample evidence of merit. It is a naive view to think that entry is merit based when I'm being denied entry based solely on the fact that I was once a teenager that was discovered to be around weed once.
> In the case of tourism, it's just about limiting risk of someone overstaying their visa.
Then why do so many performance artists have to cancel Canadian stops when they are not allowed entry? Are they really scared a platinum artist is going to become a drain on their society? That quite obviously has nothing to do with it.
Pretty much any country does this. Unless you're a citizen of that country, you have no right to enter it and should be on your best behavior at all times, and they can decline you for any reason they feel like, justified or not.
I've been all across the world. I've been turned away from Canada twice (every occasion) over some weed 15 years ago. No other country cares unless you are applying for a long term visa or something. I even tried applying for the right to visit and was turned down (again, over weed).
Americans who have concealed carry permits on their person when entering Canada will have their vehicle searched with a fine toothed comb.
That’s actually pretty reasonable. I don’t think anyone reasonable thinks Canada doesn’t have the right to enforce their firearm laws at their border.
I agree that no one who is reasonable thinks that Americans who travel to Canada get to exercise the rights they hold as Americans in America. But is having a concealed carry permit in your wallet a reasonable indication that you have a gun on your person or in your vehicle? Statistically, in the US, CC permit holders are the most law abiding group in the country.
Let’s imagine, hypothetically, that a visitor came to the US and had a permit from their country of origin allowing them to own and travel with slaves. Would border patrol be justified in giving them extra scrutiny to see if they might have one with them?
Well, no?
Assuming by default that somebody would break the law, just because you politically disagree with them, is not justified. As said above, CC holders are among the most law-abiding citizens (this is true in my country too). They're aware of the laws governing their permit and assuming by default that they'd break other countries' laws is preposterous. You don't just forget that you're carrying when you travel abroad or by airplane. And you sure as hell don't do something as idiotic as that, with the accompanying consequences, intentionally.
It’s not about political disagreement. It’s about having a permit for something that’s not allowed to transit the border. Assuming nefarious intent by default is, for better or worse, how border controls operate almost everywhere for almost everyone. You have to demonstrate that you’re OK to enter, they don’t have to demonstrate that you’re not.
As far as forgetting that you’re carrying, numerous examples say otherwise. Random data point: the TSA confiscated over 4,000 guns last year, of which I imagine approximately 100% were inadvertently packed by innocent people. Whether it’s intentional is immaterial; Canada doesn’t want guns crossing the border, and they couldn’t care less if you’re doing it by accident.
But having a CC permit is an announcement that you own firearms, and you’re in the habit of carrying them on your person. It makes sense to check this person for firearms, even if to make sure they didn’t accidentally bring one out of habit.
> Americans who have concealed carry permits on their person when entering Canada will have their vehicle searched with a fine toothed comb.
If the Canadian border authorities are searching your person, such that they are likely to notice something like a concealed carry permit, your border crossing has already gone south.
Alternatively, prefer to avoid bringing your own devices with you when you fly. Leave your laptop and smartphone at home, and rent temporary ones after you cross.
Better, have a secure server at home and ansible playbooks to set up laptops (including getting any minor secrets that you need onto that laptop. Restrict more important stuff to just ssh).
If your threat model doesn't include physical tampering/rootkits, just wipe your devices pre-travel and set it up when you get where you're going. If it does and you can afford to mitigate that risk, arrange to have cheap new devices at your destination and travel with nothing.
If you're going that route, why not just create a disk image and scp it from your server? Certainly a lot easier than trying to rebuild everything from scratch.
actually I'd find running my ansible playbook much, much easier than transferring GB of disk image about. I maintain the playbook so that I can keep work laptop and personal laptop in sync. Although I am looking at Nixos as a possible replacement.
An ansible playbook gives you much more flexibility to get to the same place. The one I run takes a mere 3-5 minutes to run (typically) regardless of where I am in the world.
Would work if you trusted that the devices weren't tampered during inspection. Why would I put my keys on something which might've been wiretapped? If you really need to compute whilst traveling or through the states, just buy something cheap whilst you're there.
I literally suggested that if you read my comment.
Nah , just backup and then wipe all your devices and then restore them after customs. (Kevin mitnick does this).
Or, perhaps he says that but has two passwords, one that decrypts and runs an OS and one that presents as if no OS is installed?
They can seize your stuff so your workaround won’t work when they pass it to their tech team for forensics. Also, if they find something now they have you lying to customs.
It seems (ha!) possible to design the logic for such a system with deniability, like the system has to use the second/third/fourth password to attempt decryption before you know if the padding is encrypted or random noise [if the specific encryption has a signature then each install could encrypt the empty space with a few keys taken from urandom].
First password accesses clean files, second one accesses dummy [legal!] fetish porn collection ... do border guards hold you to get a third password?
An analogue analogue might be: I have a book full of "random alphanum text", I have two (or more) one-time pads for decryption of portions of the book, I also know the page/line the actual cyphertext starts at. The rest of the text in the book is random quotations encrypted using a selection of further random one-time pads. Can forensics find that there is a "hidden" n+1 plaintext when I give them the n pads and starting points? Seems impossible??
You still are now attempting to deceive a government official. Also, you are assuming that the technician assigned to you wouldn't be able to figure this out.
Also, sweating you out in holding is probably more effective than you realize.
How do you find a rented laptop trustworthy?
Although it may not be morally ok, one could just buy a laptop for a conference etc, and then return it after a week if the store has a return policy. I've seen stores take back laptops no questions asked for up to 60 days.
If you are in a pinch.
If not you can just sell it (there or at home) and take the loss as a rental fee.
Why wouldn't a rented laptop be trustworthy?
Because it's someone else's hardware, someone else's software, and someone else's firmware.
To be pedantic, unless you flashed coreboot it's not your own firmware and if you aren't using an open hardware laptop then it's not really your hardware either.
But you can have a bit more trust in the supply chain to get to you than that it hasn't been tampered with afterwards.
Could you give us a set of countries whose customs agencies cannot refuse entry to non-residents, for any reason whatsoever, including no reason?
I have a feeling that is an empty set.
Under the terms of the UN Treaty there are actually certain non-residents that the US cannot refuse visas and entrance to.
I don’t think this so great for non us citizens working in the USA because they have to go in and out and can just as well be denied entry. For someone like that who made his life in the USA and has family here, going to conferences outside the USA is potentially much worse and riskier than say a German resident and citizen getting denied travel into the USA for a number of years.
This is not remotely unique to the U.S.
No it's not but this kind of issue tends to happen more frequently in the US.
Honest question: do you know where I can find the data to support that?
There's not going to be any data, border agencies are as non-transparent as you can get.
Anecdotally?
Yes, or as we used to call it back in the day "empirically".
Plus, it doesn't matter if it happens as much or more in some backwater third world country.
It's already enough of a problem that among first world countries the US is quite a pain in the ass airport control.
Heck, it's enough of a problem that it feels like a pain in the ass. It wont be less of a problem if per capita e.g. Belgium or Albania are worse...
There isn't data on this. This incident likely wasn't logged in any way. CBP is a rogue agency and the least transparent. They don't respond to FOIA anymore either.
Quick reminder: Without a true Bill of Rights, your rights, as much you might think they are secure, are virtual at best.
The same is true with a Bill of Rights.
The government does what the government wants. If you're lucky, later a different part of the government will apologize.
A bill of rights may reduce the odds that those enumerated rights are denied to you, but it cannot prevent it.
Maybe they're just trying to make flying so annoying people don't do it, to help with global warming. Just video conference, easier, faster, better for not drowning.
> but never unlock your device based on the idea that it’s the only way to go free.
Best to enter the customs zone with the phone powered off, your device's security is likely better in this state, less likely to be circumvented while you surrender it.
Good advice!
Things like mobile boarding passes and the "Mobile Passport" app encourage and train people to hand their devices over to TSA and CBP personnel. In that later case, unlocked and with an app CBP/DHS controls already installed (with a lengthy ToS no one ever reads).
On a related note, car rental places now email me the contract and rental documents by default, I receive no paperwork unless I remember to ask. The problem didn't register with me right away (It was so similar to what hotels do when you travel, all paperless now) but the last time I returned the car I asked them what I was supposed to do if I was stopped for a traffic violation. "You can open the email from us on your phone and give it to the officer" they suggested. I recommend everyone ask for a printed contract instead.
As an aside, on iOS, the airline apps I have used work like the Wallet app and are visible on the lock-screen, the device must be powered on but remains locked when you display your boarding pass, etc.
I’ve been using mobile boarding passes exclusively for the past few years and it doesn’t even remotely work in the way you describe (within the US, at least; cannot comment on CBP).
1. There is no special app you need for mobile boarding passes. It has always been either a PDF or a PNG file emailed to you.
2. I was never asked to hand over my phone to TSA agents at any point. They just ask you to put your phone with the boarding pass QR code displayed over a QR scanner. At no point the phone leaves your hands.
Mobile Passport is different, and _does_ require a special app.
Also probably a good idea to delete all your 2FA entries you may have in Goog Authenticator on the phone. Or they may want to look into those accounts too.
Best to just wipe any device and restore from backup.
> They can hold your stuff indefinitely, so be prepared to lose it if you go this route
CBP do need reasonable suspicion to hold you belongings or do a forensic search of your computer (Cotterman 2013) - they can't just randomly take things on a whim. The longer they hold it, the higher standard required.
I strongly suspect that CBP's "strong suspicion" is equivalent to a HN poster's "whim." I'm not insulting either party, however when anything similar to this debate plays out, parties talk past each other on this sort of disagreement.
Reasonable suspicion is a legal standard that requires articulable facts, not a whim. Courts regularly hold that officers didn't obtain it.
For more: https://en.wikipedia.org/wiki/Reasonable_suspicion
I agree -- and apologies, I might not have made my point very well.
A different way to phrase it might be: The officers and the suspects disagree about what a reasonable suspicion might entail. Given the incentives, I don't think this is surprising.
I'll admit, my point in no way addresses yours -- how often are officers adhering the the specific legal standard?
For sure, I agree
I'm really not sure how often officers violate the standard; it wouldn't shock me if it were frequent
But when they do, courts will suppress the evidence, and anything that's obtained from knowledge gained in that search ("fruit of the poisoned tree").
I trust that mechanism. And think it's likely better held in the US than literally any other country (v open to evidence to the contrary though)
> But when they do, courts will suppress the evidence
Not if the violation was done in “good faith”:
https://www.law.cornell.edu/wex/good_faith_exception_to_excl...
Yes, thanks for the reference
"Reasonable suspicion" is a legal term. In this context, a CBP officer would need to have evidence that would lead a reasonable person to believe the item to be searched is illegal to bring into the country, or contains something that is illegal to bring into the country. A hunch is not sufficient; it requires objective evidence.
Reasonable suspicion is not required for every search at a border crossing, and the Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing. The 9th circuit has jurisdiction in this case, and has ruled that it is required.
That only applies if the case goes to trial though. Border guards frequently assume that they have near unlimited power regardless of what the law says.
The fundamental problem is that there are rarely consequences for border guards exceeding or misusing their power. The incentives support them trying to exceed legal limits on their authority.
> Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing
Did Cotterman 2013 clear this up? How does are circuit courts split yet the 9th assumed jurisdiction?
The 9th circuit has jurisdiction in this case because it happened in California. US v. Cotterman is the relevant case, and the 4th circuit made a similar ruling in US v. Kolsuz, but the 11th circuit held differently in US v. Touset.
So in some parts of the US, reasonable suspicion is required. In some parts, it isn't. In some parts, there is no binding precedent on the issue. It's likely that the supreme court will hear a case on the issue eventually.
Exept borders (and anything within 100 miles from it) are basically a zone where US Constitution does not apply. You can be detained and sent to Guantanamo for made up "terrirst threat" and there's no really a legal recourse.
Laws and precedent are one thing, but "law enforcement" behavior is another. You might indeed get your stuff back, but they can make it unreasonably difficult, expensive (in legal fees), or time consuming if they want.
Yes. The courts will suppress any evidence that's not gathered legally, but aside from that, officers' qualified immunity protects them from all but the most obvious infringements
Does refusing to unlock your devices trigger a reasonable suspicion?
(In Cotterman, it sounds like the Ninth Circuit said reasonable suspicion was required, but also decided on its own - despite it not being argued by the government - that an alert from a CBP database about Cotterman's previous conviction justified a search. Which seems reasonable to me, as a layperson, I thin.)
Officers need articulable facts for reasonable suspicion. Not consenting to a search is explicitly not grounds for reasonable suspicion here or in any other context
>Cotterman's previous conviction justified a search
...and there you have it: He's done something wrong in the past, so - of course - he must be doing something bad now - forever and always!
They can still take it, illegally, and then you have to spend thousands and weeks (and have to stay in the US for those weeks) suing them to get it back.
Or else? They get some slap of the wrist?
I don't think that will discourage them to call any whim "reasonable suspicion".
>Customs can temporarily detain you, but they cannot refuse entry
What's the definition of "temporarily" in this case?
"Justice delayed is justice denied." It's unlikely that it could exceed 24 hours and if it exceeded a couple of hours you could get a preliminary injunction (unfortunately of course you'd need counsel to know about the detention in order to act on your behalf).
As a practical matter, more senior officials at CBP should hopefully know about their limitations and if you request counsel and stay silent then they'd likely release you.
I would like to know too. I thought Obama's NDAA allowed indefinite detentions?
I can’t find a definitive answer (and one may not exist until an appropriate court case happens) but from what I do find, it’s some hours.
At least 15 years[0]
Paracha's detention might be unjust but it's only indirectly related to this thread. He is not a US citizen.
Not a US citizen, so not relevant.
mikeash was talking about US citizens; Paracha is Pakistani.
He's not a US citizen.
I am a US citizen. For many years I tried exercising this right while remaining silent.
I’ve been kicked out of a border control point in northern Vermont in February in a snowstorm after a four hour interrogation. (They sent the bus without me.)
I’ve been arrested and locked in a room for twelve hours with no food or water or medication.
I’ve been endlessly harassed and interrogated on other entries even when not exercising 5th amendment rights to silence.
In all cases they eventually let me go without charges.
They have to let you enter, but they don’t have to do it quickly or humanely.
What line of work are you in that makes this such a issue for you when you travel?
Makes what such an issue?
I also wouldn't answer any questions. If you're being detained and questioned by law enforcement, you have a right to have an attorney present. And to be charged with a crime within a certain timeframe, for that matter. If there's none of that, hey by golly you must not be under arrest and this isn't a legal proceeding. Answer every question by reminding them you're a US citizen. Maybe repeat your social security number dramatically as if you're a POW in the hands of a foreign power. (Certainly you're in the hands of some traitors against the USA, so it's not a huge stretch.)
Oh, and for non-citizens: I entered the US with a partner that was canadian, we both refused to unlock our phones. She was denied entry, but they strip searched and physically groped both of our genitals before being released. Simply not wanting to enter the US was insufficient; the only way we could leave the building was by letting the cops handle our genitals.
They will use every option available to them to punish you for disobeying their commands to unlock, even if you are not legally obligated to do so.
>Any threat, whether implied or stated, that they will hold you until you unlock your device is not real
Except the threat to put you on a "mess up with every time they fly" list.
I don’t understand why you’d quote me saying one type of threat isn’t real, then reply with “except...” and describe a totally different threat.
To point that while the threat that they'll hold you might not be real, they can still fuck you over in some ways...
> US citizens have an absolute right to reenter the country
Going to a prison somewhere in the US is 'reentry' I suppose.
Yes, but the rule of law in the US is mostly intact, so refusing to provide information or actively facilitate a search will not have that result. Lying to the officer can.
Yes, if they actually find probable cause to charge you with a crime, then they’ll let you enter but arrest you and put you in jail. Refusing to unlock your devices does not qualify, though.
Sure, but without a criminal charge there's the right of habeas corpus. (Provided you have someone who will get the legal process started for you, I guess.)
OP was talking about being forced to unlock devices.
Is there evidence of US citizens going to prison for the act of refusing to unlock a device at the border?
No, none that has been presented.
Isn't the device lock easily defeatable on the computer?
Hold shift or some other key combination when you boot and it boots into the 'real' machine, the other OS is just a dummy with generic search history and data.
I would advise against this. It might work but there’s no guarantee, and by lying to customs you’ve transformed your situation from one where you might have to buy a new computer to one where you might be convicted of a crime.
> They can hold your stuff indefinitely, so be prepared to lose it if you go this route, but never unlock your device based on the idea that it’s the only way to go free.
Wonder if you can sue them after for your property back.
Can they deny entry to a non citizen and hold their stuff?
I don't think there's any country in the world that doesn't reserve the right to deny entry to non-citizens for any reason they choose.
Perhaps I was unclear, I was asking if they can confiscate your stuff and send you back without it.
I'd think any such confiscation would be for a finite time only, but "finite" possibly encompassing a good portion of the useful life of an electronic device. The US can confiscate your kids and send you back without them. I doubt they'd draw the line at confiscating a phone.
> Customs can temporarily detain you, but they cannot refuse entry
Legal / Official Source please.
Nguyen v. I.N.S. stated that citizens are entitled “to the absolute right to enter its borders....” Some more info and references to cases here: https://fas.org/sgp/crs/misc/home.pdf
"...he clammed up, taking the Fifth, and citing constitutional rights against unwarranted searches.
...border agents told him he had no constitutional nor any legal protections, and threatened him with criminal charges should he not concede to the search.
...he was eventually allowed to leave with his belongings, the devices still locked, and no charges were pressed."
My goodness! I guess those protections did exit after all! :)
Guidelines:
-Goons can lie to you all they want. Never budge.
-Politely refuse, and remain cordial. Stay strong mentally.
-Make sure your devices are turned off prior to even leaving for the airport.
This is the sick reality we live in.
Border agents may lie about your rights? Is there no Miranda equivalent for this type of detainment?
There is not.
Customs and Border Patrol operate under a special set of circumstances within ports of entry. You do not have the right to have an attorney present during the interrogation, you can have your personal belongings confiscated, you can be held without charge for up to four hours for any "reasonable" suspicion.
These same rules apply within one hundred miles of the United States border. So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
You forgot "any international airport" on your list of ports of entry used to determine the 100-mile constitution-free zone.
> [100-mile] border zone is home to 65.3 percent of the entire U.S. population, and around 75 percent of the U.S. Hispanic population
this ACLU article shows exactly this https://www.aclu.org/other/constitution-100-mile-border-zone
Or an international airport. Sorry Denver!
> So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.
Interesting. You'd think that "real America" was just a turn of phrase - turns out that it isn't, that there is a Real America and that it does care far more about protecting individual rights.
> there is a Real America and that it does care far more about protecting individual rights
No, there isn't. Civil rights get trampled regularly outside the 100 mile Constitution-free zone too, just under different pretexts.
The border agents are in fact correct. The Supreme court has ruled that US citizens have no constitutional protections against search and seizure or basically anything else on the border of the US: https://www.aclu.org/other/constitution-100-mile-border-zone
Also police are allowed to lie about anything they want during interrogations.
I feel like there's a difference between "lying about the facts of an investigation, including what they know or don't know, during questioning" and "misrepresenting the rights of the accused."
The latter feels like a serious problem that should get rectified.
He was detained, not arrested. Miranda was unnecessary in this case.
> Make sure your devices are turned off prior to even leaving for the airport.
Security may ask you to turn them back on, not to search them, but to verify that they are actual working devices, and not a bomb.
Very good point. The key here is to make sure your devices are all fully encrypted. Feel free to turn them on to prove they are real.
But never decrypt. If this results in you missing your flight, so be it.
> But never decrypt. If this results in you missing your flight, so be it.
Why? Is that more important to stay locked than miss granma's funeral, or more positively, 75th birthday?
That’s what makes this all the more malicious. No one wants to miss a flight, and sometimes the consequences are irreparable. Time is the one resource you can’t recover.
Ultimately it is up to each individual to make this call. As for myself, this is a principle I hold above all else.
That's certainly a problem. My grandfather was a man who was tasked with killing spies, knew three languages, and out of all of this, I cannot even get him to talk about privacy or security. It appears even he was taught just to shut down on it and say nothing; even on your practices. All the while he taught child soldiers to become child assassin's for the US military.
If you're a security person, I suspect his recommendation would be - even though he doesn't understand IT and tech - to say you don't even understand how SSH works or can't tell the difference between encryption and hashing.
Turning them on doesn't reduce the security. The issue is unlocking them.
As far as the security of the data on the device is concerned, a powered-off device is equivalent to a powered-on device that hasn't been unlocked since it was powered on.
Pro tip: on newer iPhones with either Face ID or Touch ID, holding the sleep/wake button and the volume down button for some time puts the device in a mode where Touch/Face ID are disabled, the phone is locked, and the device passcode is required to unlock.
Touch/Face ID are also disabled when you boot the phone, so turning it off is sufficient.
Traveling internationally with encrypted data you don't want to disclose to border officials is not a good plan these days. Much safer to transfer securely via network connection.
It's easy to single out the US but the reality is that most countries have pretty far reaching rules these days. E.g. the UK and Australia are hardly any safer. And forget about China, Russia, or indeed most countries with even less democratic regimes.
The bottom line is that if you are not willing to unlock your device at any of the security checkpoints you will pass on your journey, you should leave it at home or just wipe it preemptively and restore over a secure connection after you arrive. In case it does get unlocked or taken from you, consider the device burned. It may come back to you with all sorts of malware. The people doing this are not thinking you are a terrorist or a child pornographer: you are being targeted and under attack by a hostile entity. Assuming otherwise would be a mistake. Wipe it, sell it on e-bay, never use it again.
Transfering via network is only secure, if you believe that forward security exists for network traffic, which is very likely untrue.
The point being: if your encrypted network traffic is captured and retained, maybe it can still be brute forced at liesure, and deduplicated for deltas only. Thus, volume is only a temporary issue, and everyone still gets to see everything eventually, and full retrospective records are still enriched, so maybe that's fine for some things, and not for others.
This is true regardless of whether you travel internationally. The converse is true as well: traveling internationally does not make it less secure to exchange information. Either way, we are well into tin foil hat territory here but if you do believe this, stop using (networked) computers.
Couldn't you just generate new keys each session and keep forward security?
Interestingly, Russia doesn't do this at all, at least for now.
Maybe they do lead pipe crypto analysis or make an offer you cannot refuse?
Is there a list of all the countries and their practices somewhere?
This assumes that he was not picked by random but instead there is some sort of list of people to check at airports that you can be put on because of your work within IT-security.
That would be a big story if that is the case.
I will offer a counter-narrative which is more in line with my own experience (from other places than the US):
The people who work at border control in particular in airports are bored.
They are also overstaffed and given extreme discretion over the people they patrol; most of whom are non-citizen and thus have basically no rights at all.
This leads to them doing work for the sake of showing they work, overreacting to the least of resistance and maybe even some games of entertainment.
They're likely not stupid enough to have a "list". They have a set of factors and probably tally up some sort of score and search everyone above X. It just so happens that anyone they wanted to put on the list will score X or above. Doing IT security probably gets you a pretty high score just by itself. Add in the fact that he was originally from Eastern Europe and there you are.
I will definitely agree bored cops looking for stuff to do cause a lot of problems.
They literally have a list [0]
[0] https://www.nbcnews.com/politics/immigration/u-s-officials-m...
I don't disagree with you. I just don't think they have detailed information on your profession to the extend that they distinguish a software engineer from a software engineer doing security work.
I think it is obvious that they profile on overall looks, race, citizen status, place of birth, travel patterns.
When I was returning from Hong Kong a few weeks ago, the agent asked what city I was born in (fine) what hospital I was born in (I remember where it used to be, but I can't remember the name) and what the "number" of the county was I grew up in.
What he meant was the prefix for the license plate. Luckily I remembered it. I suspect he grew up in the area, but it was super weird; also, he was probably fairly bored.
>what hospital I was born in
people are expected to know this?
He expected me to, so yes, I guess?
Um, this is definitely the case. DHS has an advanced record keeping system. They have tons of information on every person arriving in the US. Yes they even know what you ordered on your in flight meal.
well, one CBP officer almost sent me to secondary checks because i had two US entry stamps within a week and a half of each other. why? because i went to europe from my own country and both flights (to and from) had layovers in the US.
she said it was absolutely not common (which i doubt very much) and she was concerned i was coming and going because i want to stay (?!?!?!).
Moreover, its interesting that he believes that he was targeted because he said anti-Trump statements. Yet, it doesn't seem to occur to him that: This is what you get when you advocate for "big government".
The downside of having big government is that it winds up being staffed with mad-with-power bureaucrats, who will mess your life up just because.
I miss the time when most techies believed in civil liberties and were wary of government. Chickens coming home to roost and all that...
I was once randomly selected for screening at Chicago Midway, that quickly became shockingly specific: "Do you know that professor at DePaul that teaches Python?" "Do you mean Massimo Di Pierro?" "Yeah, I think that was his name." "I've met him a few times..." At this point it all seems very surreal. "He was through here a few weeks ago and had stickers on his laptop that were like yours." Ooooh...
Haha that is a name I have not seen in a while! I was a student of his at DePaul. Great guy! Massimo is awesome!
I'm hoping that manufactures will start building a plausible deniability user profile you can log into while leaving your actual profile encrypted, appearing to be slack space.
This kind of thuggery seems to be getting more common.
Keep data off your devices during travel, and download it once you're safe. If corporate, require external activation by someone from the company before the contents of your device are restored. That way you cannot be forced to divulge any company trade secrets, because you simply don't have access to them while you're crossing the border.
Even that is not sufficient short of a full factory reset. It can be very difficult to impossible to clear all caches and logs, or even know about them.
Once the agent has your password and takes the device into their back room for an hour, you have to assume that all data has been offloaded and the device has had an undetectable rootkit added.
This gentleman's expertise is in security and encryption and now he works for Apple, a company that makes products that the US government can't always crack. He was clearly targeted in his encounter because of his current position, based on the questions they were asking. Surreptitious access to his devices is highly desirable to US intelligence services.
Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
> Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.
Seems unwise to destroy evidence. Find the rootkit, or have your employer or security researcher do so, prove it's existence, and sue the Government.
But yes, definitely get a new laptop.
I don't think that will go anywhere. How do you prove the government did it and that it wasn't on there before the encounter?
Why do you need proof? Show it to the internet, there should be other examples too.
It's way easier and less legally ambiguous to make people THINK you are rooting their devices than to actually do it and leave actual evidence to be found. They could even be looking for OTHER rootkits instead of installing them.
I suspect there's a lot of availability bias going on here as well - how many travelers go through the US per year versus how many of them are famous ex-CTOs that get reposted on HN?
image the device prior and after; compare images
Some companies issue "China" Laptops to their executives that they must discard after visiting China. Now I believe we all need throw away laptops and cell phones and Facebook accounts for any sort of international travel.
I know that at least one big German chemical company is doing exactly the same for US trips, because they have evidence of industrial espionage attempts against then. Executives that have to go to any non-European country get a clean laptop, with nothing but the VPN client installed and access is only enabled after the traveler has reached the destination and has called and given a verbal "all good". On return the laptop is not connected to the internal network, but wiped clean.
The last company I worked for (quasi-government) would issue special temporary laptops and blackberries for international travel. You were not allowed to take company devices outside the US. At one point they brought someone in from the CIA to basically scare us with stories of how your devices will be targeted at the border, or even by someone breaking into your room when you are not there.
Most countries aren't that invasive, but it's pretty clear that a visit to the US justifies issuing a special "US" laptop now.
I'm actually wondering what happens if I'm ever asked about Facebook credentials when travelling to the US.
Fact is: I don't do Facebook, nor any other Facebook product, so I'm really not able to hand over any such credentials.
Like you I don't do Facebook and I have every Facebook domain blocked. No one except my immediate family believes I don't use Facebook and considers it an affront when I say I don't use it in response to their request "What's your Facebook?" Many people can't imagine anyone doesn't have a Facebook account. Anyone who says they don't is presumed a liar who is socially rejecting them by refusing to connect.
With TSA/Customs you need to be truthful. If you don't have an account say so. If you have one and say you don't that's a felony.
2019 appears to have lots of students who, although always on their phone, a good bunch don't have Facebook and consider it outdated. Instagram is the new Facebook.
Instagram is still Facebook.
As others have mentioned, lying to the agents is illegal. This isn't:
The password to this freshly wiped device is "Orwell1984". Feel free to have a look, but all you'll find is an app called "Secure Erase Free Space". This SD card I'm carrying separately? No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
>No, you can't have the password to that. Yes, I know, you can hold it indefinitely.
I have a hard time believing that an audience that finds buying a car stressful (as is often stated in Tesla threads) is going to demonstrate assertiveness to a real authority...
People on Hacker News are also pretty likely to back ups. Getting your work laptop confiscated by agents will probably only earn you points at work.
There's also a good argument to be made that the search is illegal, it's important that everyone stand up for that, even if its stressful.
https://www.eff.org/deeplinks/2017/04/bill-rights-border-fou...
The audience here is not uniform. Andreas Gal is definitely in the target audience for HN and was able to stand up to the border agents.
Of course there's a relevant xkcd for that: https://xkcd.com/538/
But that's why relying on a trusted external party, like the company you work for, to control your access to your data, is a much more effective strategy. TSA/Chinese police can threaten and bully you, but not your co-worker in a different country following company policy.
So what if you are asked if your device is in its normal state or whether you deleted any data from your device before travelling?
Lying in that situation would seem like a very bad idea (I'm not a US national) - I've had a few uncomfortable experiences over the years entering the US and I certainly wouldn't want to do anything that would give cause to escalate things on their side.
What do they do if you say no in this situation though? Escort you home and inspect your desktop computer there? If I were to tell them that I carry a travel laptop/phone with no information on, there's little they'd be able to do about it unless that in itself was somehow made a crime.
You can be as honest as you like. Or just say you don't take data with you when you travel. For security reasons. If it's work related, this is trivial to justify: company policy, trade secrets shouldn't fall in the wrong hands, etc. And even if private, phone theft and identity theft are serious concerns.
OK and engaging full blown paranoia mode: What if they ask me to log into gmail and Office 365 (I use both) so they can see what I was trying to hide?
> OK and engaging full blown paranoia mode: What if they ask me to log into gmail and Office 365 ...
Doesn't sound that paranoid to me: wasn't there talk already a year ago about trying to force people to log into social media accounts when crossing the border?
Have a password you can't remember, so it's in your password safe which is not on this device. According to another comment, 1password has a special travel mode that supports this.
I would hope that admitting to deleting data is not admitting to a crime. I delete data all the time (old emails, texts, pictures, etc...)
Say, "yes I wiped it in case it got lost whilst I was travelling"?
yes, I'm not importing that data to the USA?
For anyone who has 1Password, they have built-in support for doing this https://support.1password.com/travel-mode/
Won't this basically end up in the same situation as the one here? You will be detained for a few hours and then released?
He wasn't FORCED to unlock his computer, he was just detained for three hours because he wasn't. Adding technical restrictions won't stop that.
If you show that you cooperate yet you can't provide access to anything (because your phone is empty for example) they may treat you better or - if you're a foreigner - not deny you entry.
A "powerwashed" chromebook functions somewhat like this...
Can they ask for online logins?
Maybe, but you can also hand those over to a trusted party. Would be nice if email services lets you lock your email account until a trusted party unlocks it again.
Why does this make me think of Harry Potter, the Fidelius Charm, and the secret keeper. Is this really what things have to come to?
For a lot of websites (like Facebook), that's a violation of their ToS and I'm not sure they can ask you to break a contract.
What possible interest would the government have in such a rule, and how could government agents possibly be able to know what contracts you've signed? They haven't read the Facebook ToS any more than you or I have.
There was a case recently of a NASA scientist being hassled at the border for his phone. He initially refused on the basis that handing it over would compromise his obligations to his employer. It did not work.
https://www.theverge.com/2017/2/12/14583124/nasa-sidd-bikkan...
> I'm not sure they can ask you to break a contract.
Are allowed to? Maybe, maybe not. Will do anyway? Probably yes.
I'm certain they're allowed to. If the SEC thinks your employer is committing fraud, and asks you to inform on them, do they care that you have an NDA? Not a chance.
In the US, an NDA can't be used to conceal a crime.
This seems like a good idea, but it may land you in even more trouble. If it can be shown that you intentionally misled officers about content on your device, not merely denied questioning, you risk an obstruction of justice charge.
How about enforcing this by contract to shift the responsibility towards the employer, which presumably has more teeth to defend itself from abuses? Say a clause in every IT worker contract stating that when a LEO asks to unlock any device, a predefined user account must be used to log in. In the OP case, I'd hardly believe they'd send SWAT teams to Cupertino to raid Apple offices.
Contracts, or at least clauses within contracts, which require a party to break the law are not valid.
Yay for getting protection from your local Lord or Knight against the King. Sad if it’s come to this.
At least with iOS, you can do a factory reset before you leave, and restore it after passing through customs, and for legit reasons - you're paranoid about having your device taken from you while travelling, and you don't want thieves to be able to access your contacts, pictures, whatever.
You don't have to specify that you consider customs agents thieves, that's just up to you if you wanna put that lil' spin on it.
(But for real, this seems to me to be a bulletproof way to both make sure TSA can't access data on your device AND make sure you get pulled aside "randomly" for an extra-long questioning session.)
> I'm hoping that manufactures will start building a plausible deniability user profile
Deniable encryption can actually be very dangerous for people who are detained in places where torture is used. Even if you unlock your device, law enforcement have no proof that you have unlocked your real profile[0]. This is relevant to countries where people can be detained for not unlocking their devices, like Australia.
[0]: https://en.wikipedia.org/wiki/Deniable_encryption#Drawbacks
Hence why it needs to be the default. The some sort of problem kinda exists with encryption. If nobody encrypted their phones, having one immediately makes you a suspect. However, if everyone had an encrypted phone (default on ios/android), nobody would bat an eye.
TrueCrypt had hidden volumes with plausible deniability.
Aside: don't use TrueCrypt anymore for other reasons.
Btw, who picked up after TrueCrypt left? VeraCrypt?
You could on Android add a dummy, unprivileged account under your name and rename your real account "Guest" or something. Not that this stops a motivated person, but it may placate a border officer who really just wants to thumb through your photos and downloads folder.
Couldn't you just login to the guess account on a mac? I'm assuming guess accounts cant read any data from the other existing accounts
That will do more harm than good. In order to build such a device the feature would need to be advertised, which TSA can see just like everyone else. Then when they see such a device, it becomes incumbent on you to prove you’re not using the feature, even when you’re not using it. So you can never prove you’re not using it and therefor could be detained. You might think you have more rights if you’re in the US, but there are many regimes where you don’t have them.
Also: https://xkcd.com/538/
Also, such a mechanism necessarily involves lying to law enforcement, which is generally considered a bad idea.
>TSA
Common mix up, but the agency in question is CBP, not TSA.
> Gal said the agents did take away his Global Entry pass, which allows express entry through customs, as punishment for not complying with their demands.
I wonder about the legality of the CBP punitively confiscating his Global Entry pass.
In addition to that, I also wonder what punishments they can mete out to people who happen to not be high-level Apple employees with a network of powerful people who can advocate on his behalf.
Or more likely, the success rate of threats. I suspect it's high.
The message it sends to me is, never visit America. I appreciate horrible things likely happen in my own country, but this is just disgusting.
That's my take as well and has been for a while. Even if I'm not of a segment of people that gets selected for "random searches" I don't trust them to believe I have no facebook account etc when they ask for the password.
The risk of travelling there is simply too high now.
I think you mean "never visit Anywhere", since the UK (where you say you're from) does this exact same type of search and seizure, even to UK citizens. You could be subject to it when returning home from any trip abroad, not just the US.
> I appreciate horrible things likely happen in my own country
Yes, I know (as stated above). By no means am I saying it couldn't. Still, it doesn't excuse Americas practices in any way.
> the message it sends to me is, never visit America
Message? So you read one story and a bunch of HN comments and that is how you decide?
It's not just one story though - there have been plenty stories and comments on HN, as well as other places.
I'd be surprised if anyone who regularly travels to the US hasn't found it to be extremely unpleasant at times. A while back I spent 6 months or so going back and forth from the UK to Houston or Atlanta, and every time I absolutely hated going through immigration. I've travelled to dozens of countries, and literally everywhere I've found the border guards to be friendly - except the US. Every time they behaved like power-hungry bullies, or I saw them behaving that way towards others. One time I travelled with a female colleague who was basically harassed by ridiculous questions from a very angry and loud border guard for no reason at all. He wasn't satisfied until she was in tears.
Another time there was a really long queue after getting off a flight (think it took over an hour to get to the desk), and there was a pregnant woman in the queue who seemed unwell and wanted to sit down - a guard shouted at her to stay in line, refused to get her a chair, and refused to let her jump forward in the queue (despite prompting from willing fellow passengers).
So the reason people don't want to travel to the US? Because it's a fucking horrible experience.
> there have been plenty stories and comments on HN, as well as other places.
We have ZERO data on the probability of this happening to someone. What we do know is that when it happens to certain people and they have some kind of notoriety or the ability to get noticed we hear about it. That means there is a non rational reaction from people which makes it seem like any one person stands a large chance of having the same experience. Obviously they have not the time or resources to doing this on any widespread basis. Hence it's a small risk. Ditto for that matter to letting them see what is on your phone. Don't want to sound like the 'if you have nothing to hide' guy (Eric Schmidt) but honestly is it such a big deal? [1]
[1] By that token I have no clue why people would allow complete and total strangers access to where they live (or drive them) which to me seems like a much greater risk. (Not saying the OP did this).
I agree that it would be nice to get 'real' number on this, rather than relying solely on empirical evidence. But given the nature of it, I don't see how that's possible.
When I mentioned other stories and comments, I wasn't only referring to those by people with "notoriety or the ability to get noticed" - indeed, I was mainly referring to randoms (such as myself, and BTW I have no notoriety and am an introvert).
I'm a US citizen, and my worst experience has been with Canadian border patrol (I'm not saying this is general, just my experience).
OP didn't say it was a decision, just the message perceived. If you live outside the US, hearing stories or reading what happens to others is enough to know these things happen, anyway.
Reading a story like this, which is based entirely upon the information provided by Gal, and drawing any widespread conclusion about travel into the US is utterly irrational. From this story there is zero ability to determine if it really happened, or assuming it happened, you have no idea what the actual interactions were like between Gal and CBP agents.
Some of the facts presented don't even make sense. You don't take the fifth when refusing a search. You're relying on the fourth amendment and refusing to consent to a search. Searches like this having nothing to do with self incrimination.
No, honestly, the rest of the world has been getting this message from the US since 9/11.
Or simply just leave yours at home, buy a burner phone on arrival.
I'd rather save my money and just not visit. I don't see anything that could out balance all the negatives. Many millions of Americans are lovely people who I'd donate a kidney to. I'd just not want to put myself through all that for so little gain.
I used to say that until I started doing sports competitions and had to travel there repeatedly. I was admittedly worried because of my ethnicity but it went fine (a Canadian passport and NEXUS membership might've helped...you also wouldn't find much on my phone other than sports memes, as much as I care about my privacy).
Similarly in the game development community, lots of people complain about customs but then go to GDC every year.
I guess my point is that as long as America continues being a pillar of the world, people (like myself!) will continue putting their principles aside and comply, and the system will have no reason to change.
I hope you'll last longer than I did. :)
Edit for clarifications.
There's a cost to doing that. I guess it depends just how badly you need to travel to the US, but as a Canadian citizen, I see no reason to endanger myself or my family by traveling there at the current time. Walt Disney World will still be there in 2021.
> Walt Disney World will still be there in 2021
Border policy won't change by 2021 either, at least not for the better.
Hey we could still see a sea change at the US federal level of either progressive or adherent libertarian representatives that curtail the fear / police / surveillance state in the 2020 election.
Its about as likely as bitcoin taking over the world economy, but hey we all have to cling to false hope sometimes.
> Walt Disney World will still be there in 2021.
I think you'll have to wait awhile. These policy tools have been under both parties starting with GWB far as the initial PATRIOT Act (I think?). Right now, we're at a point where the USA might, but unlikely, go back to an isolationist policy far as borders.
At a meta level, this is a debate around internationalism vs globalism. Currently, Earth is in an era of internationalism. There is a desire by lots of people to move towards Globalism.
Even if a Democratic regime takes over in 2021 I promise you it will be no different. One of the largest expanses of the surveillance state was a consequence of the previous President, and there is no reason to believe that won’t continue into the foreseeable future.
The other thing to consider is that a burner phone will look quite suspicious.
Say that you take a burner when traveling abroad because you don't trust foreign governments to accord you the same civil rights protections against unreasonable searches that the United States does.
They are just cheap smartphones these days. Do they really profile people because their smartphones look too cheap?
Sometimes? If I see a person in their 20s or 30s that have other status items (expensive clothes/accessories) but a $50 smartphone I assume something isn't quite right.
Hold fast for now, and watch for when the trends of our enforcement change.
America is awesome, I appreciate and know how lucky we are to be here.
I appreciate the fact I'm British, but not out of any patriotism. I certainly don't think my country is awesome. Considering life is a lottery, all things considered I've been incredibly lucky to be born in a 'developed' wealthy nation.
> America is awesome, I appreciate and know how lucky we are to be here.
In which regard? Compared to which place?
He asked, on a US website, using US invested technology, on a US written application.
Please let's not kid ourselves, the US rocks!
The process is the punishment, and they know it. The current state is as exactly predicted by those of us who were against creating the TSA in the first place.
Seriously. When traveling with my pregnant wife we realized that we weren't sure the scanners were safe for pregnant women, so we asked for a pat down.
She was in tears by the end of the experience.
We have both received many pat downs in Chinese airports that didn't bother either of us.
I'll never forget how I was strip searched coming back from Costa Rica. They went through every photo in my digital camera, ripped open all of my packaged food items, made little snide remarks to me, and ultimately made me miss my connecting flight. The whole time I was fully cooperative.
Only explanation I have for the level of examination is maybe because I was a young minority returning from a random latin american country solo(?)
Even as a US citizen, at this point, it is my policy to never leave the country with a device & set of data that I wouldn't mind losing at customs.
Even though I have an essentially absolute right to re-enter the country, my hardware apparently does not, at least without potentially being detained for an extended period.
So, burner phone and pre-wiped laptop if I need it, all powered down. If I need any files while away, store them in a secure Box or other account before crossing borders.
At this point, it seems like just a necessary evil extra expense in time and money, and a good idea for other countries, although it sadly seems that the US is now the fast follower of Russia, China, etc, in terms of repressive practices.
If you're being investigated, and they have emails sent to a domain you own (for example), then search your device, but you've given them a burner device with no reference to that email account, would that be considered 'hiding' evidence?
It was my understanding that 5-th amendment protections against unreasonable searches are suspended at the border. That would certainly include customs at the airport.
So, in a strict legal sense, demanding to unlock a device does not violate the 5th.
the ACLU complaint is based on the 4th amendment right against unreasonable search. He demanded to speak to his lawyer and was thereafter allowed to leave, so his 5th amendment rights were not actually abridged. That's how the 5th amendment works, and it worked at the border.
https://www.aclunc.org/docs/ACLU-NC_2019-03-28_Letter_re._El...
> CBP must ensure that its officers comply with the U.S. Constitution. Even at the border, the search of an electronic device is governed by the Fourth Amendment. To satisfy Ninth Circuit and Supreme Court law concerning electronic searches, any such search should be based on a warrant and be limited in scope to information relevant to the agency’s legitimate purpose in conducting the search. The attempted unconstitutional search of Dr. Gal’s devices illustrates that CBP’s policies do not in fact include the requirements necessary to safeguard the constitutional rights of people at the border
Right, he meant to say that 4th amendment protections are suspended at the border, and, while you might quibble with that wording, it's a valid point: border searches usually don't require a warrant, owing to the border search exception, which has precedent going all the way back to the founders.
As a non-American, can someone explain to me why the entire constitution wouldn't be applicable upon entering your own country? This makes no sense to me, but it seems to be the way it is?
It's called the "border search exception." It's not exactly that the constitution does not apply, but that certain searches are- in the context of the border- considered "reasonable", that would not be in the interior. The 4th amendment is not an absolute right- a search just has to be "reasonable;" context is a big factor into whether a search is reasonable.
https://en.wikipedia.org/wiki/Border_search_exception
> This balance at international borders means that routine searches are "reasonable" there, and therefore do not violate the Fourth Amendment's proscription against "unreasonable searches and seizures".
According to Wikipedia, there is currently a circuit split* on whether phone searches at the border require individualized suspicion, or can be conducted routinely, without falling foul of the 4th amendment.
* (two sets of appeals courts have ruled in contradictory ways; these splits can be resolved by SCOTUS if they choose)
And if a US citizen refuses to unlock a device, what do you think the consequences could be?
It sure shouldn’t be. Can you point to a law (it would have to be an amendment to the Constitution) that codifies this? As far as I know, it’s only practically a “constitutional exclusion zone”, not legally.
The fourth amendment has been interpreted by SCOTUS in such a way that certain things are "reasonable" near the border that would not be further away from it.
https://en.wikipedia.org/wiki/United_States_v._Martinez-Fuer...
SCOTUS is, for good and ill, the last word on what's Constitutional, until it changes its mind.
> It was my understanding that 5-th amendment protections against unreasonable searches are suspended at the border. That would certainly include customs at the airport.
This isn't true and has never been backed up by a court ruling, including at the Supreme Court. Currently there is no legal foundation to the premise that any rights for US citizens are suspended just because you're at the border (typically people refer to the premise as also including N miles inside of the border, eg 100 or 300 miles).
Right now what you have is a few government agencies attempting to write over the Constitution, without anything to actually support their doing so. They go out of their way to avoid an actual court confrontation with their fake / invented 'laws,' knowing that they'll lose.
Something relevant from the creator of cock.li https://vc.gg/blog/so-its-been-a-while.html
Abuse of power, indeed -- but he should have let Apple's lawyers sort out the proprietary device access issue after the fact. Pretty sure as Google employees the advice to us is to cooperate fully and then make sure lawyers know about it later. It's not worth compromising your own security and freedom on behalf of a corporation.
FWIW, that's exactly what Apple tells us:
> If a Customs agent asks you to power up the laptop and access content with your passwords, please comply with this request. [...] Travelers should notify their supervisor and corporate security at their first opportunity.
speaking as an american, even on domestic flights it doesnt get any easier. I was once detained 45 minutes by the TSA for a laptop with a missing DVD drive. i bought it without the drive from a pawn shop to learn Arch linux on, and kept it because it was fast. I refused to unlock it.
since the RealID act was passed, and im too lazy to wait at the DMV for a compliant license, I just take my passport with me for ID on domestic flights. This once cost me 30 minutes with the TSA, again, explaining why I was using a passport for a domestic flight. I refused search, refused to cooperate, and was let on the plane.
security theater was fun 15 years ago but this shit show has gotten a little old. the oxycodone epidemic kills more americans than terrorism. Hell, lightning kills more americans than Al Qaeda.
shoes and belts off, shuffling through the checkpoints like juden at dachau, is degrading.
Original source: https://medium.com/@andreasgal/no-one-should-have-to-travel-...
If another country were plan well, they could create opportunities that would attract and welcome the smart people from the US and elsewhere. If they made it economically attractive to tech businesses, they could set themselves up as a dominant leader of the world within 20-30 years, regardless of their current size.
I don't know enough about Estonia to suggest they would try this, but they do seem progressive in this regard. I would vote for Netherlands, Belgium, or Portugal just because I like being in those countries.
That's not actually realistic, for the exact same reason why China is such a juggernaut in tech while having almost no human rights. If it worked the way you're implying, China wouldn't be able to do what it's doing in tech at all.
Things like this don't even remotely threaten US dominance in tech, because: 1) the US allows a lot of legal immigration; 2) US tech wages are far beyond anything you can make in those other locations 3) the US as a singular integrated market that is the world's largest economy, makes it impossible to compete with unless you're China, due to inherent scaling benefits 4) nowhere other than China has the capital markets to support competing with the US start-up scene properly and 5) the actual context - Andreas was let go after three hours, with his devices - isn't close to being bad enough to matter, in fact it barely registers these days (increasingly the era of domestic surveillence and censorship all around the world, from the UK to South Korea) as a very mild inconvenience on human rights, and doesn't impact ~99.999% of travelers to the US.
US dominance in tech - outside of China - has only increased since 9/11, not decreased. That's despite non-stop issues of this sort, the Patriot Act, NSA spying, and so on. A rogue border search, or a hundred of them, won't dent that. That's the reality.
This is why i'm so excited for the Librem smartphone. If i'm in complete control of the operating system, I can put measures in place to combat this. For example, a function that requires a password whenever the phone leaves a certain location (so if the police confiscate my phone, i'm sure it's locked).
Or maybe a function that you can activate that makes the phone appear bricked until the power button is pushed 20 times in a row. You could activate this before going through customs.
Of course, they are entirely within their right to just take your phone, and then never give it back. You "officially" have legal recourse to get it back, but in reality, you plain won't.
If you _really_ care about this, travel without your phone, and travel with a minimal-account wiped laptop that runs, has some apps, and has zero work or personal data on it. Stick some steam games on it at most. Then get a burner phone once you're in the country you need to be in, let people you need to talk to know what your new temporary number is, and restore your data from a secure source that you can access using your laptop. Then when you leave, "burn" the phone and properly wipe your laptop again.
Lying to law enforcement is illegal, so subterfuges like that are perilous in their own way.
Would it perilous if you just plead the fifth? If you knowingly state that you don't know how to turn the phone back on, then it's a lie, but if you just plead the 5th?
Also, why is it legal for them to lie to me when I can't lie to them?
It's not that it's legal, is that you have no way to hold them to account when they do.
"It's not that it's legal" Unless this somehow escapes qualified immunity, it's legal for them to lie.
https://en.wikipedia.org/wiki/Qualified_immunity
Also you may have no way to gather your own evidence anyway.
Lets say he was flagged because of being vocal against the current administration; how do you think the incentive structure works for something like this to be executed? The president says I don’t like my critics. The person heading the CBP thinks they can get promoted if they show results on harassing critics. So they push that down as a goal...and somewhere a few weeks later agents on the ground actually take this up as a task to execute. Is that a realistic understanding?
It would be nice if phone and laptops had removable batteries, so we literally could not turn them on until we got to our destination and buy a new battery.
I would worry the resources of the US government may extend to spare batteries
Forcing you to unlock a laptop or phone that doesnt have a battery would fall under a different legal precedent.
A forensic search would require reasonable suspicion. I'm not aware of any legal weight attached to batteries - what's the legal precedent you're thinking of?
Having a third party install anything new (i.e. battery) to the device that wasn't present when it was confiscated would put into question the integrity of anything found on the device.
Maybe just plug it...
Purchased with a hot check.
Batteries activated by the device itself could work. Like giving agreement to use/charge/manage, only when device is unlocked of course;)
If most people told their boss exactly what they thought, they'd get a much worse punishment than a few measly hours of interrogation... At least this guy can go cry in his Mercedes Benz afterwards. It may not be fair but it's not a problem that deserves news coverage IMO. I bet that much worse things have happened today which deserve more attention.
You need to change your job. There are better places to work where your boss won't "punish" you.
Also your second argument could be applied to absolutely anything. You can always find something that deserves more attention.
Knowing what we know it astonishes me that people take devices with anything of value over an international border.
Save everything to the cloud, or use a burner device like a It’s not worth the hassle.
(And yes, I’ve read that this antagonizes border security to a certain extent, if they believe you’ve done just this.)
In my country just refusing to unlock your phone instantly labels you as a terrorist (coup organiser)
We did got past all of those (!)
Ps. I live in Turkey
Thanks for the reminder that it can always be worse :)
How do multi-account devices fare under these rules? What if I only have access to account A and not account B?
What if unlocking the device requires a security key that I do not have with me?
My intuition is that they'd still treat that as though I was impeding their search, but I wonder legally if it changes anything.
This is a good time to review the guide provided by the EFF:
They are also cancelling ESTA for security professionals without warning and the resulting visa application gets stuck in administrative processing for months due to a security flag.
I think this would be a good opportunity for Apple's legal department to do something. Maybe help the ACLU with it's case against the Department of Homeland security.
Perhaps this is very cynical, but shouldn't they also be able to use airport security camera footage to figure out passwords?
Honestly this is one of the best use cases for multiple profiles on a device.
They want entrance, just grant it to a sandboxed environment.
Chilling, and Kafka-esque. As it happens I'm not convinced that the reason for his being detained had anything to do with him being a Trump critic and Democrat donor, contrary to his claims in the article, but more likely it's some lifeless bureaucrat/computer program or both putting a red flag on his file for some esoteric reason, very possibly connected to his work and writings on online privacy.
The lack of transparency on the reasons for detention are the real problem. Josef K never found out the charge made against him either.
(edit -spelling)
Hmmm it's almost as if the land of the free has some sort of social credit score program?
I prefer increased crime over dealing with shit like this.
I love the creative writing and entitlement that comes through when someone has been wronged.
> Ex-Mozilla CTO
Has no more or less rights than anyone else.
> Techie says he was grilled for three hours
Clearly click bait 'grilled for three hours'. Not questioned but 'grilled'.
> "There I quickly found myself surrounded by three armed agents wearing bullet proof vests."
So what? Of course they were armed. Of course they had bullet proof vests. The sole purpose of using words like that (by a writer) is to get the goat of anyone reading and have them all up in arms about INJUSTICE of one type or another.
> They started to question me aggressively regarding my trip, my current employment, and my past work for Mozilla
What do you think? They should act like the concierge at the Four Seasons? Of course they are going to be aggressive. That's law enforcement attitude and there is a purpose for doing so.
> Given the devices were emblazoned with big red stickers reading "PROPERTY OF APPLE. PROPRIETARY," and he had signed confidentially agreements with Cupertino, Gal said he asked for permission to call his bosses and/or a lawyer to see if he would get into trouble by handing over access.
This is total BS. You don't need your bosses agreement when a request is made from Law Enforcement at least not because you signed some NDA etc. Fine that he attempted and asked. But the reason is weak.
> and threatened him with criminal charges should he not concede to the search
Cops are allowed to lie. Not sure what the story is with border agents but possibly the same. That is how they often get info.
> "My past work on encryption and online privacy is well documented, and so is my disapproval of the Trump administration and my history of significant campaign contributions to Democratic candidates,"
He is living in fantasy land here if he thinks there is some list of people that are being targeted for that reason. Not that it could happen but highly unlikely. It would take an entire Nixonian operation to pull that off. I think more likely since he came from a former communist state his thinking goes to this type of paranoia.
> Now, Gal has enlisted the help of the ACLU to probe into the brouhaha, and determine whether his civil rights were violated.
Yes everyone is looking either for more internet fame or a payout. Not sure why he needs to save the world and belabor the issue. Just move on and don't waste time.
> "Furthermore, CBP’s policies lack protections for First Amendment rights by allowing interrogation and device searches that may be based on a traveler’s political beliefs, activism, nation of origin, or identity."
Sounds like typical ACLU behavior for more publicity to aid fund raising (story on 60 Minutes):
https://www.cbs.com/shows/60_minutes/video/cm_lFZDERHcELSPw2...
ACLU got into high gear over Trump and sends out letters literally trying to raise money (I received one) clearly mentioning in so many words to take Trump down. Not the same organization that it used to be. On the 60 Minutes story iirc a former head of ACLU was interviewed and bothered by the current behavior.
He would have been arrested in many other countries, including Canada, NZ, Australia, UK, not to mention the slew of non-democratic countries.
I don't think most of those countries need a reasonable suspicion to demand password nor to do track how often they do it. https://www.newstatesman.com/law/2013/08/welcome-britain-bor...
So really,
"Apple employee gets mildly harassed at airport because of proprietary confidentially agreements" with
"A terrible, terrible tragedy, non US-citizen travellers agree" as a byline.
The main thing of interest here would be that maybe Mozilla should employ better hiring practices.
Care to explain what you are trying to say?
As you phrased your comment, it is entirely opaque to me what you intend to convey.
There seems to be a lot of concern and disdain in this thread about the treatment of a US citizen. The truth however is that non US citizens in the same circumstances can be, for all intents and purposes, "disappeared". If something concerns you as a US citizen, it should be that, not comical mishaps in the security circus happening to semi-famous people.
Also, Gal didn't make any sort of moral stand, he was simply defending his proprietary employer's interest. It's not the most sympathetic story.
So, in the end, the article only left me wondering how people who climb the ladder inside Mozilla, ostensibly an open and free environment, can easily end up at Apple, which revels in closed and proprietary environments. Maybe Mozilla should introduce some of the values they claim to hold into the hiring and promotion process.
Sorry for any confusion.