What this means is that any element of surprise which may have occasionally caught out criminals will be lost. Instead, it will simply violate the privacy of normal citizens on a grand scale.
If they were smart, they would use such powers sparingly and on those who appear to be a genuine threat. In fact, I really cannot understand their strategy. It makes no sense unless mass data collection from normal citizens is the goal.
Mass intimidation is the goal. Fascism 101: the point of the boot is not to actually achieve order, but to ensure that those below know it is on their neck and that those above know they wear the boot.
Remember there are people out there who think that increased border searches, walls, etc, are a good thing. This is for them.
Actually, my theory about why we need to take our belts out, shoes off, and give away water bottles, at the airport security, is all about humiliation, intimidation and control.
I'm just guessing, but based on experiences with my family and the people they know in Texas, the people who most support this kind of behavior are also the people who see little reason to travel outside the US.
Thus, they never personally experience the pain or inconvenience of their policies. Furthermore, since outsiders (_immigrants_) are considered to be bad or dangerous, any policy that dissuades them from even coming the the US is supported.
Some may think my observations are ridiculous, but come spend some time in rural or southern US. Sit with the locals while they watch Fox news and echo what they hear.
> I'm just guessing, but based on experiences with my family and the people they know in Texas, the people who most support this kind of behavior are also the people who see little reason to travel outside the US.
I've observed the same from people living in New York City. They see absolutely no reason to ever leave the country, don't have passports, etc.
>Some may think my observations are ridiculous, but come spend some time in rural or southern US. Sit with the locals while they watch Fox news and echo what they hear.
Your observations are ridiculous.
I've been there and done that. It's not any worse than having your ears bleed when overhearing the equally "well informed" urban equivalents talk politics to each other on the subway.
People who support Orwellian government are unfortunately abundant pretty much everywhere and on both sides of the isle. The only significant difference is which groups of people they conveniently craft their policy positions to not oppress and which laws they want enforced with an iron fist.
> People ... who support Orwellian government are unfortunately abundant pretty much everywhere and on both sides of the isle.
That may be true but these are his personal observations. He hadn't observed the other side with his own eyes - he can't comment on that, he's commenting on what he has observed.
FYI, observations can be "incredible" but not "incredulous". "Incredulous" describes the emotion people feel when you tell them your incredible observations.
or more sinister ssl and other privacy key/certs for other shaddy actions..ie instead of their powers assigned under US Congress law expansion into NSa things
What advice do you feel is missing? I read both and the pocket guide seems a fair high level summary to me. Given the nature of the problem all one can arguably do is point out consequences and provide a channel for reporting to the eff; real practical choices are thin on the ground for travellers today beyond travelling with wiped devices and restoring at destination.
I think the issue is maybe that today, there are no good options for travellers to the US concerned about data security, and that any form of non-compliance is likely going to ruin your day. Doubly so for non-citizens. The border agents have enormous amount of discretion today.
Perhaps Google, Apple or others have a product opportunity here: build a pre-border crossing full phone archive process. You pump literally everything personal to the cloud before you go, leaving a limited core of anonymous functions working, and then when you're back on a network in the arrival county the phone recovers the content.
It's not that much of a leap beyond current capabilities as switching to a new phone is quite like this when most of your files are cloud based, it would just need to take all the local files/settings and figure a reliable secure way to ensure only you got access to restore the content (preferably in a way that you can't easily be forced to apply at the border, so maybe a geo fenced reactivation element to it?) Keeping certain large files as "home country only" and not restoring them when "in country" could mitigate the volume of data needed to transfer.
Obviously is not going to appeal to people who don't trust those companies either but would be less easily abused than an in-person search of your phone by a dodgy border guard.
Until a few years ago I was using Blackberry OS 10, which allowed for getting a backup image of the phone through USB (backing up literally everything). It also had "securely wipe device" functionality (or something along those lines) to make sure restoring files after a whipe was impossible/harder.
I'm still blown away by the fact that (unrooted) Android does not offer such basic functionality. Even many years later. And by the fact that Android is spyware by design, but thats another discussion.
According to another comment here Iphone also has similar backup features to BBOS10.
Conclusion: don't buy an Android phone and do as describe in parent post?
I already do this. Wipe my iPhone just before landing. Hand over the phone at customs. When they see the welcome/configuration screen they know that there isn't anything on the phone so they don't have to investigate. When I arrive at the hotel I connect to WiFi and restore an iCloud backup.
Don’t do that. Just wipe it and restore it properly. “Faking” the welcome screen first of all means your data is accessible if they do decide to look closer. And secondly it’ll probably lead to some additional questions meaning that more of your time is wasted at the airport.
Cloud is unnecessary with the kind of hardware backed crypto being used now. Apple's setup with iOS in particular given the strong app-based containerization and granularity of keys would be well suited to allowing users to define conditionals for decryption that go beyond passwords, like GPS, time, network connections, or any other data input. Coercion inputs could also fit into this (both biometric and alternate codes). I'd love it if they allowed the creation of "views" where only certain apps (and associated data) could be accessed, cryptographically enforced. But the data would still be there on the phone, so it'd work fine with no cellular and be instant and in turn convenient.
It would usefully have applications far beyond mere border privacy (usefully because it wouldn't just be a "border check evasion" thing at all). It would just plain be good for security period first of all, if sensitive applications just autovanished while traveling it'd further reduce the risk of a device being stolen or someone being held up and coerced. But also important, and related to growing concerns about overuse of devices, it would allow device owners to reduce mental load, clutter and temptation by recreating the lines between various parts of our lives that have been blurred. I'd love to be able to have "views" for work, working out, travel, and home (even times of day at home) where some stuff vanishes and thus isn't tempting. Work apps could vanish off hours, news apps and games except for limited times of day, etc.
While I think it’s a valid idea personally, I think the political fallout of marketing a feature designed specifically to circumvent border security would politically go down like a cup of cold sick today, and would likely invite some very unwanted attention from legislators.
Again not saying I agree, but can see many reasons why a product management team might shoot the idea down.
Besides, for those who care about this, I’m assuming existing options for wiping and restoring a cellphone probably achieve the same thing in practice.
"Pumping to the cloud" is not compatible with my idea of not wanting state or other nefarious actors to ever have any access to my data, ever, whether I'm crossing a border into a hostile state or otherwise.
I'd rather see some kind of application which takes my data and replaces it with pictures of kittens and other harmless things, using steganography. If the fascists want to see what I'm doing with my own property, they're going to have to look at some pussy.
Yes. I don't like having to give my fingerprint data, which no doubt will be stolen from their databases especially now that they intend to unify them and allow all sorts of agencies to have access to it, just to be allowed to travel in what's supposed to be a an almost border-free region.
Not saying its right, but they have so many fingerprints of non-criminals. Anyone who has served in the US military has their biometrics and fingerprints on file. Jobs with children (teachers, daycare workers, church child care people) can and do require fingerprint-based background checks. Gun carry licensees in most states also require a fingerprint-based FBI background check as part of the National Instant Criminal Background Check System pre-screen.
Considering how poor infosec is in most organizations (and countries), it's safe to assume that parties other than just your country have access to your data.
Mem Fox is a world renow children's author* who has travelled to the US 116 times previously, without incident.
Australian author Mem Fox has received a written apology from the United States after what she said was a traumatic detention by immigration officials at Los Angeles Airport.
Fox, who was questioned by Customs and Border Protection officers for two hours earlier this month as she was on her way to Milwaukee to address a conference, said she collapsed and sobbed at her hotel after she was released.
She said the border agents appeared to have been given "turbocharged power" by an executive order signed by President Donald Trump to "humiliate and insult" a room full of people they detained to check visas.
"I have never in my life been spoken to with such insolence, treated with such disdain, with so many insults and with so much gratuitous impoliteness," Fox said.
"I felt like I had been physically assaulted which is why, when I got to my hotel room, I completely collapsed and sobbed like a baby, and I'm 70 years old."
Fox, whose books include classics such as Possum Magic and Ten Little Fingers and Ten Little Toes, said she was questioned about her visa status, even though she had travelled to the United States 116 times previously without incident.
"My heart was pounding so hard as I was waiting to be interviewed, because I was observing what was happening to everybody else in the room," she said.
"They accused me of coming in on the wrong visa and they were totally wrong about that.
"The person who interviewed me was heavy with weaponry, was totally dressed in black with the word 'police' in hand-sized letters across his chest."
The author said she was unlikely to visit the United States again despite the friendliness of ordinary Americans.
"At the moment I'm in so much shock about it, I can't imagine going back to the states," she said.
"I'd hate not to go back to the states because it's been so good to me and Americans in general are not [like] the border police at LA airport."
"I thought: 'How can human beings treat other vulnerable human beings in this fashion, in public, in full view of everybody?'
>How can human beings treat other vulnerable human beings in this fashion, in public, in full view of everybody?
Either the people are innately monsters (i.e. some groups of people can have innate differences from other groups) or the environment breeds monstrosity (i.e. monsters arise wherever policy creates a place like LA). The debate never seems to rise to acknowledging this essential contradiction.
My company already issues burner devices to executives when they travel to certain parts of the world, maybe its time we start lumping the USA in with China in this regard....
If you have any data that might be of interest from the point of view of industrial espionage (i.e. you work for a company that competes with big US corporations that are donating to political parties), that's a very good idea.
Industrial espionage is the only goal of this program. After Snowden revealed that the CIA was eavesdropping on allied political leaders like Angela Merkel, stuff like this is the new normal. Assume the worst and don't carry anything through airport security that you are not comfortable with sharing with foreign governments and your competitors.
This is not about child pornography or terrorism. Honestly, who is stupid enough to engage in that kind of stuff and walk through airport security with incriminating evidence. This is not a thing and hasn't been for decades. Anybody that stupid would be effectively harmless owing to the fact that they would be complete morons.
Might be a good idea to have a throwaway SIM and a phone for travelling, not logged in into any cloud or social network services, and not tied to your main google account. Maybe just a couple of chat apps to stay in touch with your friends/relatives. Switch SIM back to your main number and reset phone once you're beyond the border... It seems exactly what EFF recommends by the way. With a laptop it's more complicated.
10 years ago I was attending a US college with a Student Visa. The few times I was returning from my home country I would bring only a backpack with barely anything inside it (all the clothes I needed were already in my dorm). This was cause for suspicion and further questioning each time.
Just be honest: “whenever I travel, for security reasons, I always wipe my laptop and phone of any personal data as I’m extremely concerned about it being stolen while traveling.”
To be clear. I don’t support this policy. What I’m suggesting is that by misleading/lying to an agent you might make it worse.
This sucks and is stupid, all forms of dragnet type operations are.
In this particular context, you could specifically discard 2fa tokens, etc., such that a password isn’t enough to login to these accounts. Now this might mean that your entry will be denied, but you will be incapable of giving them access to what they’re asking for.
"Lost everything in a hard drive crash literally two days ago, pretty busy getting ready to travel and just had time to reinstall before I jumped on the plane."
From what I gather, they're primarily interested in chats and photos. So they can browse those through pretty quickly on a phone, and then they can just image your laptop and store it forever.
Always use Encryption. This news is disturbing but understandable since Americans hardly batted an Eye when it was revealed to them they were being spied on.
Just like the Chinese government's Integrated Joint Operations Platform surveillance software. "Not using a smartphone" is one of the 36 data points which mark you out as having "suspicious behaviour":
That used to be true. Poor people can often afford a smartphone now, even in really poor countries like Ethiopia, not just the US. It may be a crappy old or limited model, but it doesn't have to be a feature phone.
You can trivially make a partition so that it shows some data when you enter one password and some other data when using another password, next. i did it when i travelled to the US in 2018 but they didn't bother checking att
I used veracrypt btw, no way to tell that there is a hidden nested partition without in depth crypto analysis of the harddrive(in which case you're probably screwed anyways)
Were there a perception by someone that you were possibly giving a false statement or violating some other rule (or just disrespecting them), consider how much misery and expenses you might incur, long before lawyers finished debating the question.
Minimize travel through problematic places, minimize sensitive data and access that you expose when traveling through problematic places, minimize being clever.
what perception? most interactions go thusly-
"Please unlock your phone/laptop and submit it for processing->i enter the -clean- password/log into my carefully normal looking user on my android phone by using the -clean- pattern" <they do something, mostly just look it over themselves> "ok fine you're free to go"
there is LITERALLY no way for them to tell that i've done anything to the data without carefully analyzing the partition(which they wouldn't know existed because i'm using boot level encryption). obviously if i had REALLY sensitive data i wouldn't carry it with me and just get it from "cloud of choice" but this is just a case of privacy(i don't want them looking at my private texts/photos/notes/media collection). And they won't.
It's difficult to talk responsibly about some kinds of security practices. One reason is that you don't want to tip off bad people who don't already know. Another reason is that you don't want to inadvertently give mistaken advice to good people.
The problem is that us here on HN can probably take the gamble on it and bypass it either by using burner devices, bringing devices which have been wiped and then restoring them from the cloud, or using plausible deniability encryption like you have. But 99.9999% of travellers to the US don't have the knowledge or access to these methods, so it's completely insignificant in standing up to the surveillance state that US is enforcing. It feels good to say "yeah but I know a way around it" - but the problem still exists.
Well the war is already lost imo, customs gets to run roughshod over every right in the name of "national security". all we can do is protect ourselves at this point.
The tech big companies don't care to make an issue out of it and the issue is too complex(seemingly) for the every man so no progress is going to be made in the short term(5-10 years) until more tech literate people get elected. All we can do is campaign and mitigate
Is there any basis in the Immigration and Nationality Act for deporting you for refusing to provide you password? From what I understand, it could make it practically impossible to ever return. I’m wondering if not giving your password is a basis for something as serious as this. Does this have any lawful basis?
I'm not convinced lawful basis matters in the average persons situation where they're being detained for questioning without access to legal representation, then sent back.
That sounds like a way to get things fixed best sadly. Do it to big business clients who in face of millions to billions of liability go and tell them to fuck off and let their clients know why they couldn't show up. They aren't doing anything wrong following security policies if the policies weren't already a work around.
If it causes an international incident all the better to humiliate them. Sad that the system is so oligarchic but bullies learn only through force.
Wouldn't "big business clients" be TSA pre-checked, have global-entry and all the magic keys "big business clients" use to not have to suffer through the same awful things regular peons have to stomach?
International incident with whom exactly? What was the fallout of the "incident" when the world found out that the US was spying on NATO allies and heads of state?
But what exactly are you going to do about it? If you have a lot of money maybe you can pay lawyers to go to court to demand you be allowed to enter, but there's a good chance the court will be persuaded that since you're not there there's nothing to discuss. And why aren't you there? Because they never allowed you to enter the country.
The "No fly" list allows them to make it essentially impossible to enter without even the inconvenience of actually turning you away at the border.
Unlike Nature's laws, our laws are not facts. Writing that "We hold these truths to be self-evident" did not make them so, Americans are free only if and to the extent that all Americans make them free, and in the modern era I'm afraid there's precious little sign of that.
For all the other shenanigans that they’ve done, can you come up with even one case where an American citizen has been detained indefinitely at the border?
Also, you’re already across once you meet the border people. You’re not in no-man’s-land; the border is infinitely thin and you are already in the US at the checkpoint. This is the simplest habeas corpus petition ever.
There have been several cases where legal American Citizens have been put into deportation proceedings or formally deported. All it takes is for a border agent to choose not to believe the documents you’re handing over. There is no rule at the federal level that entitles noncitizens to trials. So a border agent declaring you a noncitizen without court oversight strips you of your constitutional rights. One US citizen was detained by ICE for 3 years, other reports exist of 1-year detentions. It all really depends on how poor you are and how backed up (by design) the system is.
Anyway, a citizen being turned away, shipped back, or put into deportation at the airport isn’t a far reach from any of this.
Do you have a link to any of these stories? I have heard of US citizens being detained and bullied at the border, but they were always eventually admitted into the country after a few hours of "purgatory".
Where would you even try to deport a US citizen? "Here, Spain, we don't think this guy is a US citizen, his passport doesn't look legit enough, can you take him?"
Thanks for sharing. I guess the difference is that none of these stories involves crossing the border (or maybe I missed some details, that was a lot to read :). Still positively frightening that the system could so badly fail.
Unless you have the financial and time resources to fight back, “they” can do whatever they want. Just like cops “can’t” abuse their power, the power dynamics are so asymmetrically against most people that you simply have to hope everything goes well. Or know a senator who will go to bat for you.
I wonder how long until such unilateralism provokes nasty consequences - the law is to protect them from grudges as well. The solution to diffuse it is obvious yet sadly difficult - accountability.
Being "immune to justice" leads to taking matters into their own hands which is never pretty. It has a very long history - terrorists and insurgent can be called the descendents of Sicarii style attacks - original Zealot Hebrew fundamentalists knifing Romans and vanishing into crowd.
Crazy is the new good sense and visa versa unfortunately. If you suggest that we shift money from counterterrorism into opiate abuse, car accident, and obesity reduction measures since they actually kill far more people you are barking mad because it goes against their sensibilities.
Blather on about totally unworkable ideas and you get coverage and broad agreement despite the obvious and glaring flaws such as literally having no idea how to implement it.
They have special software that crawls through your phone looking for specific things they are interested in. They probably will - at least - check all your contacts and build a network on who you are connected to, scan all your e-mails and text messages for certain keywords and take a full backup image for further scanning.
This continues to make no sense. If hypothetically a device could contain something harmful, that content could be downloaded after crossing the border. Even planes have WiFi. There is quite simply no possible way to prevent anything with a device search so why the hell are they doing it!?
Apple should let a user disable physical backups / exports of data from a phone. If you hand over a device and there is no way to image it, is there really a problem?
This doesn’t solve the “this is messed up and shouldn’t happen at all” issue, but does give you a way out. Realistically this will happen more frequently in other jurisdictions as it stands.
If they were smart, they would use such powers sparingly and on those who appear to be a genuine threat. In fact, I really cannot understand their strategy. It makes no sense unless mass data collection from normal citizens is the goal.