Here's the hidden worst part about this they don't mention.
You think border means at the point you cross into another country.
That's not what it means. Government can now do this behavior a HUNDRED miles inland from a border. You could be just driving across town, to or from work, and they can use this border search law because you are a hundred miles from the border.
Oh and the border also includes the ocean, doesn't have to be another country.
That's not true. The USG tried to make this case in the 70s and was rejected at SCOTUS. I believe the confusion here is between the notion of a 100 mile wide Constitution-free stripe of the country (which does not exist) and the presence of specific, preordained customs checkpoints fixed within 100 miles of a border (which do).
From 'rayiner's post, here's the 3-part test suggested by CRS:
* You have to recently have crossed the actual border
* "an agent should know that the object of a search hasn’t changed"
* Reasonable suspicion must exist
The first bullet here torpedoes the idea of a "100 mile wide Constitution free zone". But: that's also just CRS's interpretation; CRS is simply a Congressionally-funded think-tank. Without digging up the SCOTUS cite, I'll suggest that the judicial branch restrictions on these searches are even more severe.
One way to think of the "100 mile" concept is that the USG probably has the authority to put a border control check that would have applied to someone crossing the border anyways as many as 100 miles from the border, rather than at the border itself.
But the search of the petitioner's automobile by a roving patrol, on a California road that lies at all points at least 20 miles north of the Mexican border,[5] was of a wholly different sort. In the absence of probable cause or consent, that search violated the petitioner's Fourth Amendment right to be free of "unreasonable searches and seizures."
Edit: Reading through the decision, sections (pages?) 280-285 briefly summarize some of the conditions under which warrantless searches are permissible. This is very interesting reading, thanks for the heads up!
Ah, it's Thomas Ptacek, who as usual, doesn't have the slightest fucking idea of what he's talking about but nevertheless feels free to lecture others.
There are dozens of immigration/law enforcement checkpoints routinely deployed around the U.S. They stop all persons and feel free to check them for suspected illegal immigration, drugs, and so on, with absolutely no reason to believe the searchees have ever crossed the border.
For instance, the Border Patrol runs a check near Camp Pendleton, California, about 70 miles north of the Mexican border. You can even check in with Foursquare:
All cars on the interstate are stopped, any time they feel like it, and searched or not as the Border Patrol desires. No suspicion exists or need exist. Most of those stopped have not crossed the Mexican border in years, or ever. And no, none of it is illegal in any way.
Or compare, if you like, the EXIT searches that Customs is now doing at many border crossings - people who are attempting to (but have not yet) exited the United States. By definition, they aren't entering the U.S. and haven't crossed any border, but again, they're being searched, entirely legally, every day, and woe to you if you attempt to resist, as author (and now convicted felon) Peter Watts will be happy to tell you.
Simple rule of thumb: if tptacek says it, you can ignore it.
Peter Watts is a traveller who was searched by U.S. Customs in the United States, just prior to crossing out of the United States, and Canada had nothing to do with it. All travellers exiting the U.S. are subject to exit inspections if desired by Customs. Or indeed, which is the subject of this thread, subject to search even if they have no intent of crossing any border and have never done so in their lives, as long as they are within 100 miles of the border.
I don't understand how someone being subjected to a border search while crossing the actual border has to do with the supposed "100 mile wide Constitution-free zone" that is the topic of this thread.
The last sentence in your comment is simply incorrect.
So cite all the SCOTUS you want, police are doing whatever the hell they want in that 100 mile zone including false triggers by dogs that are proven wrong most of the time.
Once again: CBP tried to charge this guy, and had those charges dismissed with prejudice when the judge could not be convinced that the search was legal; the guy is now a plaintiff in a civil suit. Also, a dog told CBP it was OK to search, which is a different problem.
I'm not arguing that CBP doesn't abuse the law, but the notion that there is a "100 mile wide Constitution-free strip" of the US is harmful to citizens, who could be misled into believing that (a) they are required to consent to searches and (b) that they won't be able to fight the government if they are searched illegally. It is important that people know their rights, whether or not those rights are invariably respected.
Watching the video and looking at some other info, my take on this is that he was A) well aware that arguing points of law with officers on the street is a bad idea (argue them in court later) and B) quite willing to do so anyway. It's not so much that he refused search as that he refused to even get out of the car when told to do so by an officer after a dog alerted on the car. I'm not sure if he was tied in with conspiracy theorist Alex Jones before this or only after the fact, but if it was before then I'd have no real problem considering him an agent provocateur looking for trouble to get into.
I'm well aware that dog alerts are very questionable and are (arguably) regularly used as a pretext for illegal searches, but what you do in these situations is comply with ALL lawful orders (including GET OUT OF THE CAR) but decline to consent to searches. If you're not sure whether an order is lawful, you comply and let the lawyers and judges sort it out later.
He indeed was the victim of an assault, which IMHO is not mutually exclusive with his behavior being idiotic.
There is a good argument to be made for this being civil disobedience in that he was refusing the orders of law enforcement officials, but in this particular case the evidence later showed that (roughly) A) the officers ordering him out of the car had no legal authority to do so and B) the officers who did have the legal authority to do so didn't actually order him out before breaking in, tasing, etc. At his later trial he was found not guilty of all the charges against him based on this - I don't know if civil disobedience was even brought up but I doubt it.
That kind of behavior is referred to and might be permitted by the SCOTUS decision 'tptacek cied above. Relevant paragraph:
Whatever the permissible scope of intrusiveness of a routine border search might be, searches of this kind may in certain circumstances take place not only at the border itself, but at its functional equivalents as well. For 273273 example, searches at an established station near the border, at a point marking the confluence of two or more roads that extend from the border, might be functional equivalents of border searches. For another example, a search of the passengers and cargo of an airplane arriving at a St. Louis airport after a nonstop flight from Mexico City would clearly be the functional equivalent of a border search.[4]*
There are certainly important differences: the court gives the example of a search of passengers that definitively crossed a border and who are searched where they disembark.
That being said, since NY is a major international travel hub, the searches described in that article might qualify as "functionally equivalent" to border searches. In any case, I think it's a stretch to say that DHS treats everything 100 miles from the border as a "Constitution-free zone". Have we seen equivalent searches being performed in Georgia or Virginia?
The reason I singled out the train as a particular case is that it's clearly domestic travel, not international. If there are foreigners on board, they'd have to come through some other border crossing before getting on the train. You can't get to Penn Station from outside the country without going through customs somewhere else, most likely an airport. Which means that this is not equivalent to a border crossing, unless you adopt a meaning of those terms so vague that anything within 100 miles of the border is the functional equivalent of a border crossing, which seems to be what the border patrol is doing.
And yes, it is possible to find places in the country, even in the 100-mile zone, where DHS is not engaged in abusive activity. That's cold comfort to folks who have to deal with them when they are.
ETA: if you're wondering about international train travel, like from Canada, I've taken one of those trains, from Montreal to New York. (Very scenic route, right down the shore of Lake Champlain.) The border-crossing inspection happened in Vermont, outside St. Albans, within minutes of where the train crossed the border. That's what "functionally equivalent to a border crossing" means, if it means anything at all.
I cited the examples of Georgia and Virginia to emphasize that known cases of these Border Patrol operations seem to cluster in areas that are frequently points of disembarkation for international travel.
I don't disagree with you that DHS operations are often abusive, and I have even suggested that the examples cited by that article might not be justified as "functionally equivalent". I do think, however, that the idea of a "Constitution-free zone" isn't a useful concept for describing DHS practices.
Well NYC is an embarkation point for international travelers to the USA, is it not? I'm not sure that searching a passenger on a train from NYC is inherently more infringing on liberties than searching a passenger on a van from the Mexican border, as both "start points" for travel are very much borders of the U.S.
The "Constitution-Free Zone" extends 100 miles from the border or coast, not "HUNDREDS". I find it as abhorrent as you do, but there's no need to exaggerate or FUD.
Jump on highway 77 in Texas coming from Houston to South Padre... you will be stopped. Pretty sure they take pictures of license plates, dogs sniff cars, and they ask for your identification.
It's basically a check point. The line to get through it can take a while and some vehicles are heavily searched. I've never had that opportunity fortunately.
Have you ever seen the videos of the people refusing to comply with these checkpoints?
For CBP to search you under the aegis of border security, you must have recently crossed the actual US border. The law doesn't require CBP searches to occur at the actual border; for instance, there may be so many possible crossing points at e.g. the Canadian border that, logistically, search only makes sense at some chokepoint 20-30 miles from the border. But they can't search people at random. The CRS says so, and, 30 years before that, so did SCOTUS.
Traveling home from upstate NY, I've been stopped (having never left the USA) at a border patrol checkpoint well inside NY, we were within 100 miles of Canada.
They didn't ask to check my laptop or anything, but did want ID etc.
Can't talk to the legality of it all but they do exist.
You can probably be stopped by any law enforcement agency in the US and have ID demanded of you, and while ID is not mandatory in the US, you can be inconvenienced for not having it. That's a result of Hiibel v. Nevada. It sucks a lot, but we're still better off than most of Europe in that regard.
But if CBP could not convince a judge or jury that you'd crossed the Canadian border, and demanded a search of your vehicle and found e.g. an eighth of weed, that evidence could probably be tossed in court; CBP needs both the fact of your crossing of the actual border and a reasonable suspicion to search you.
> It sucks a lot, but we're still better off than most of Europe in that regard.
Having lived in both Europe in the US for large part of my life, I can tell you that this completely misses the mark.
Yes, you can be ID'd, but what law enforcement can get away with in the US would be inconceivable in most of Western Europe. I was never afraid of the cops before I came to the states.
I have the opposite experience; from my (few) visits to Continental Europe, my impression is that foreigners are searched at random in arbitrary locations more or less at the whim of police. I've actually never had a bag searched in the US, but can't say that about Europe.
I've had related experiences in Germany. The police stop cars with no suspicion nor any explanation other than "police control". I told several German friends that this would be quite illegal in the US, and they were all shocked; it seemed normal and routine to them.
Denying the Holocaust and using Nazi symbols is illegal in Germany, but "papers please" is normal? I think they learned the wrong lesson.
Yes, it seems normal to me, unless it happens regularly.
I am now 32 years old. I have been in a police stop when driving my car only twice (and one of those was a mistake, I thought they wanted me to stop, but they actually meant another car).
I have never been controlled or ID checked by the police in any way when not travelling by car. Exceptions are border controls, of course. And private entities wishing to check my age: discos, liquor stores and so on.
On another note: I'm really tired about all this attitude we get from Americans regarding Nazi symbols and free speech. Maybe take a minute to contemplate why we have those laws?
"Because of Holocaust" is correct, but not what I'm getting at. We have those, because Americans (together with the other Allied Powers) forced us to after the war.
Unfortunately Americans have this tendency to think that their system is the very best and can't imagine why anyone could or should have another system, despite the fact that everywhere they were involved in nation-building they actively promoted other systems.
Not sure you are correct on the first point. Border Patrol are law enforcement officers. Though they are primarily focused on border enforcement, I don't believe they are confined to that. A Border Patrol agent could probably give you a speeding ticket regardless of whether you had recently crossed the border, if he observed you speeding (guessing few would do so however).
If you're saying that absent any other reason, you would have to have recently crossed a border for the initial stop to be legal, maybe you're right. But random checkpoints for intoxicated drivers happen everywhere, and are legal.
> If you're saying that absent any other reason, you would have to have recently crossed a border for the initial stop to be legal, maybe you're right. But random checkpoints for intoxicated drivers happen everywhere, and are legal.
As you point out, Border Patrol are fully sworn law enforcement officers and can therefore enforce other laws besides mere border protection statutes.
However the legal requirements to perform a search of a vehicle (incl. the need to have crossed the border) are different from the requirements to stop a vehicle to interview the driver (which any LE can do incl. Border Patrol), which is one of the reasons that DUI checkpoints are legal in some circumstances.
I wouldn't be surprised if you're right, but how do you know that's what this means? I would think the ACLU would be all over that and would have at least mentioned it in the press release.
The only videos I've seen are of people refusing to comply and being waved through. In one of those videos, the driver was asked for proof of citizenship, and spent 4 minutes attempting to demand proof of citizenship from the agent before they finally waved him through. It's pretty great.
Also: be careful that we're talking about the same thing. There are CBP searches that protect border integrity and search for contraband, and then there are ICE checkpoints that aim to catch illegal immigrants. In practice, ICE's authority is nothing like CBP's: CBP's is much more potent, and CBP is what this article is talking about.
CBP attempted to have this guy charged as a result of this incident. A judge dismissed all those charges with prejudice, in part because CBP couldn't show that the search was legal. He's now a plaintiff in a civil suit, where that dismissal will presumably be damning evidence.
Additional wrinkle in this case: a dog authorized the search.
A quote from the ruling that bugs me: "[The detention of David Miranda] is enough to suggest that it would be foolish, if not irresponsible, for plaintiffs to store truly private or confidential information on electronic devices that are carried and used overseas"
This is in the middle of a discussion of carrying lawyer-client privileged documents over the border; the judge says you should have no expectation of privacy because other countries may conduct invasive searches too. As advice, it's hard to disagree, that's where we are now; but surely two wrongs don't make a right?
It would be obviously wrong for police to confiscate your money because you were walking towards a rough part of town where you might be robbed. Yet that is the kind of logic the judge applies here; he relaxes the responsibilities of the US govt by invoking hypothetical actions by others. The example he cites was not even a normal border shakedown, but a specific action that was signed off by a government minister; do unusual acts like this change expectations of privacy in the normal course of events?
Amazing, this is literally the first paragraph in the ruling:
"Since the founding of the republic, the federal government has held broad authority to conduct searches at the border to prevent the entry of dangerous people and goods. In the 21st century, the most dangerous contraband is often contained in laptop computers or other electronic devices, not on paper. This includes terrorist materials and despicable images of child pornography."
Judge Korman is quoting Michael Chertoff, Searches Are Legal, Essential, USA Today, July 16, 2008, at A10.
Child porn? So they are worried people are bringing child porn into the country through laptops? What the hell? I mean I'm not saying it's never going to happen, but what a ridiculous compromise to make.
It seems to me judges are starting to be co-opted by the corrupt power in US, too, lately. It's probably because many of them are starting to be given positions by corrupt administrations that are in favor of the surveillance state. This is also why I'm terrified about Obama naming any Supreme Court Justices by the time he leaves Office. The current Supreme Court is definitely not perfect, but I think so far they've erred on the side of privacy. I worry that balance will change if Obama gets to name 1 or 2 Justices.
As an example, ACLU had a talk at 30C3 where they mention Valerie Caproni, FBI's top lawyer until 2011, and how she was very focused on increasing surveillance capabilities for the FBI through "legal backdoors". And then she was recently named a federal judge in New York. I wouldn't be surprised if this was her giving this ruling, but just goes to show how good judges are starting to be replaced by bad ones, in favor of the surveillance and police state.
"Drug Warriors and Their Prey" examines the process by which the WoSD started to corrode civil liberties and how those tactics paralleled those used in the rise of the Nazis. Co-opting the judiciary to ensure those with the appropriate mindset or judicial philosophy was a key tactic - thus judges were able to make rulings supporting the bad policies of the executive branch, and so it all snowballs. Terrorists are only a revamp of "drug lord"; it's as if the WoSD could only take the authoritarians so far, so they switched to a new bogeyman. Given the advances in legalizing marijuana, the WoSD seems to be ending, but when will the war on terror ever end? It's going to be generations, because every innocent person killed by drones in the Middle East will be remembered by their family for generations - and they will never stop hating the US government.
Everything this book discusses is going on now, under the guise of combating terrorism. It is like there is a general blueprint for creating an authoritarian state, and it doesn't require a grand conspiracy, only the repeated short sighted actions of corrupt people with the same flawed worldview. It's like an unconscious conspiracy.
If one wished to bring digital contraband into the US, why oh tell me why would anyone ever bring it physically over the border on a machine?!?
We invented a network of networks that makes this rather easier to securely do quite some years ago. :@ why would anyone think that contraband-based searches make sense here?
Nobody concerned cares about your use of drugs, though. Exceptions are made if they need money for a program that Congress refuses to fund, though, when they'll make sure that their man's shipments of drugs will get into the country safely.
I would have thought that this fairly obvious counterpoint would have been brought up by someone somewhere along the line before this decision was released, though.
Even more stupid is that the 1789 law all this is based on talks about the need to search ships to ensure no goods requiring tariffs sneak into the country. How that got bootstrapped into dangerous bits on a laptop is ridiculous.
Interdicting data at borders seems to me as the height of stupidity, considering said data can flow freely across borders anyways, via the internet.
These policies have no legitimate reason to exist, and can perhaps only be explained by a combination of paranoia, ignorance, and incompetence. It would stand to reason that any terrorists or criminals foiled by these methods would tend to be of the exceedingly dumb variety.
Not everyone who goes into illegal endeavors is the criminal mastermind you fancy that you would be if you turned to the dark side.
Hell, there are plenty of people dumb enough to video themselves or friends breaking and entering, beating up people and stabbing people, stealing cars, and the like and POST THESE VIDEOS TO YOUTUBE OR ON SOCIAL NETWORKS.
People do in fact cross borders with ridiculously incriminating things on their laptops and phones, such as photos of the kiddie sex tourism, email or logs of chats from the person who talked them into carrying drugs, and things like that.
Why did you post this as a response to my comment? It has nothing to do with any point I was making (namely, correction of factual errors in rl3's comment).
I took rl3's comment as basically saying that since it is so easy to send data across the border using the internet, only someone so extremely stupid that such people are unlikely to even exist would actually try to cross the border with a laptop or phone that contains evidence of a crime. The implication is then that it is fruitless to look at phones and laptops at the border to try to find criminals.
My response was trying to say that he's way off in his understanding of what people of average intelligence do when they do criminal things. There are plenty of arguments one can use to make a plausible case against widespread border searches. The argument that basically no one is dumb enough to carry a phone or laptop with incriminating data across the border is not one of them.
Should we randomly go into people's homes and demand people to open up their houses and kick them out pending investigation? Clearly, we can do that now if they are 100 miles from the border if we can confiscate laptops and hold it then we can confiscate homes and cars and hold them for investigation as well.
Not exactly. You aren't considering that there's a threshold to overcome. All customs searches would be unreasonable if there were a trivial way to send items without going through customs.
Invading everyone's privacy to catch a few dumb criminals (because all non-dumb criminals would have just sent their data through the internet) is a really really bad tradeoff, because the cost:benefit ratio is too high.
I wasn't implying dumb or incompetent criminals don't exist. As you said, they do exist, and they do sometimes cross borders with ridiculously incriminating data in their possession.
My point was, I fail to see why such people can't be brought to justice via methods that don't involve shredding travelers' personal freedoms, the vast majority of whom are completely innocent.
Policies often have to strike a balance between positive and negative effects. When the negative greatly exceeds the positive, then the legitimacy of the policy should be called into question, even if the policy is effective at achieving its stated goal.
Data can be an extremely personal thing, and rummaging through it or storing it indefinitely, without any cause whatsoever, should be an embarrassment to any Western democracy that engages in the practice.
I travel abroad a lot and am pretty sure I'm on a special NSA list at this point or will be soon. Besides all my anti-NSA tweets and emails, I've donated money to support Snowden, Lavabit, ACLU, EFF and Ron Paul. I guess it's time to pick up some cheap laptops that I'm okay losing to the border thieves.
Buy a QIC tape cartridge, as used on workstations and servers in the 1990's. Get a dyslexic child to label it with 'Snowden Docs' in faux Cyrillic and then carry that with you, in the top of your luggage.
The tape need not have anything on it, although, should you find a QIC drive, you could go for some ASCII art porn that only reveals itself if you pipe the output of dd into od. Obviously, before writing this to the drive, put some adjustments on the tape head so that a correctly calibrated drive won't read it too well.
To make sure they don't accidentally miss the tape, deliberately contaminate it with a substance of interest. A bag of fertiliser should suffice. Before you head off on your travels pop the tape in the fertiliser and give it a good rummage so that it gets suitably covered with a fine dust of known-bad-stuff.
The outcome of carrying the tape can go one of two ways. Either they give you untold hassle for 'just carrying a QIC tape' (as the headline in Slashdot screams) or they completely ignore the tape, in which case you have 'proven' the way to thwart the TSA is to carry secret documents on a legacy format.
Exactly what makes you think that there's a "special NSA list"? There are anti-NSA activists who are routinely harassed at borders, but those people are actually implicated in the leaks themselves.
The USG does not give a shit if you donate to ACLU or Ron Paul.
When you're setting up an authoritarian state, one of the first things you do is try to silence dissenters. If/when this will start happening on a large scale in the US I don't know, but there's no denying the ground work has been laid. Easily accessible records of everyone who has privately or publicly expressed anti-government sentiment? Check. A constitution-free zone at the border? Check. Indefinite detention of US citizens without trial? Check. A militarized local police force. Check. A general population that has become desensitized to their loss of liberty like a frog slowly boiled to death. Check.
It's becoming more and more clear that the USG didn't set up all this infrastructure to fight terrorism. Forgive me for assuming the worst. I'm just connecting the dots.
The issues arise with the fact that every countries border is inherently leaky anyway: the internet makes sure of that. So, searching your computer and confiscating your device because you're not a fan of some not-even-a-cop going through your stuff will just push those that they want to catch to transferring files somewhere to retrieve when they're in the country.
I'm an Aussie. I have nothing to hide in terms of data on my computer, as far as I know. If I was flying to USA (as an example) tomorrow, I'd wipe my laptop and phone clean, put images on my server, and access them via SSH once I'm through the border... Why the hell do I need to do that?
Given the way US allies behave, I'm not sure your data is any more safe at home. New Zealander here. Amusingly, I know of several people here who cc our prime minister every time they send an email, to save him the effort of signing any request to spy on a citizen. His mailbox must be something awful.
Does anybody know what they're looking for? Border Patrol/TSA/Homeland Security agents aren't the sharpest tools in the shed and I can't imagine they're very computer literate. Are they just poking around the filesystem? Do they have automated tools that search for stuff?
First of all, if you won't enter your password, they confiscate your computer.
Since I wanted to keep my computer, they opened windows explorer and searched for all JPGs and GIFs. Then they asked me, "What kind of photos am I going to find on here?" It was a female agent, and the conclusion I came to is that they're looking for kiddie porn.
I had no exciting photos on my computer, but I did have a shit-ton of boring photos so it wasted 30 minutes of my time and made me think that they think I look like a perv.
What would happen if you have a non-standard setup? For example, on my computer, I could show them `locate *.jpg`, but I doubt they would take my word for what that does. I think I have Gnome and Unity installed, which probably have GUI searches. Of course, I could always arrow down to my Windows installation at the grub boot screen, but than they would never know about all of the pictures I don't have on my main installation. Thats not even counting the encrypted loopback file I have, or the "/ram" directory I have which is hidden by the tmpfs filesystem mounted on top of it.
Of course, these are all without me trying to hide anything (the encrypted loopback is mostly a matter of principle, I don't actually have anything stored in it).
That would be a quite interesting scenario. I have a certain amount of home-made kinky porn on my hard drive. I would love to see the border agents try to not get uncomfortable as they look on pictures of me and my sex partners in very compromising positions. It's obviously very disturbing that I would have to put up with that when entering the USA, but I'm quite sure that the "female agent" would be more freaked out than I would.
Still, this is a bad policy which you guys should try to get repealed. If they do this regularly, they must obviously stumble across home-made porn all the time. None of my sex partners have ever consented to have their naked bodies examined by some high-school dropout border guard somewhere.
I reckon a way of getting through this, if you are up to no good (well, I say no good, I mean no good in their terms, so like Snowden), is to look a bit like a perv, and have a few iffy pics and vids on the laptop. Maybe a bit of perv browsing history and what not. That way, you look shify, they pull you in, search, find the pics, reaslise why you look shifty, also realise the pics are actually legal, and send you on your way. Humans being human are likely to stop searching as soon as they find the smut, and miss what you might be really hiding.
All you need is a bad connecting flight through Dubai and you're in the poop.
For this kind of scenario, I have a 2011ish MB Air that is too small to do anything (4gb RAM) and gets re-puppeted fairly frequently to test the system. When I worked in China, I took my iPad, Bluetooth keyboard, and strongvpn account.
They're looking for a file on your desktop named "location_of_smuggled_drugs.txt".
In all seriousness, I don't think there's anything in particular they're looking for. They're just looking for anything that gives them suspicion, which gives them an excuse to question and investigate you further.
Does anybody know how they tend to react when they are greeted by nothing but a getty on a tty? Should I install GNOME to make border guards feel comfortable?
I haven't crossed the border in the past decade, but may need to semi-frequently in the near future.
One of the nice things about my Lenovo T430 is that it has both an SSD and a hard drive. You can pop into the BIOS and set the boot order so if you want the 'windows xx' thing to boot for the security theatre you can set it that way when you travel.
Still it is outrageous that a court feels this is not a violation of your 4th, 5th, and 14th amendment rights.
You don't need multiple hard drives to do this. If you have a configurable boot loader (such as grub), you can specify what you want to boot into and skip the menu entirely.
Is it that the court is basically applying the same border search exceptions that apply to boxes, paper notebooks, and film cameras to laptops and phones that you find outrageous? Or is it the border search exceptions themselves you find outrageous?
Like you say, there is little a spot check could easily and quickly find. Therefor, IMHO there must be another reason. So, what if they are not looking for anything? What if its just to put people under pressure in the hope of having the "suspect" give away signs of guilt? That would be my rational.
Oh, another thing, checking to see that it is actually a laptop and not a banned fruit.
That's actually an idea. Put pornographic images of your "girlfriend" in some thinly-veiled location ("BUSINESS REPORTS" under your Pictures folder). Border patrol will never make it past that folder in their search.
Your concept of the typical Border Patrol agent as a barely-functioning imbecile shows no understanding at all of what the job entails, nor what the recruitment and screening and training process is. Hint: high-school dropouts need not apply.
Best current practice for crossing "hostile" borders remains wiping all data off the devices, traveling with them in close to factory state, then bringing them back to your baseline once inside the country. It's a little tricky and a bit of a pain, especially if you have a lot of stuff you want to download (for me, I usually work with VM images, so I need to download many many gigabytes, and hotels often have bad Internet). It also makes "getting any work done on the plane" a real pain.
(There's also the "travel loaner laptop pool" concept, and the restricted access for remote people. Works a lot better for an organization than for individuals; this would be kind of an interesting appliance or service for individual professionals and for SMBs.)
By the way, I hear you can't really "wipe" data on SSD drives. I don't remember why exactly though. Probably some fault-tolerant mechanism. Or maybe it's what NSA has been asking HDD OEMs to make from the beginning.
Most new SSD drives, e.g. Samsung's or Intel's, have transparent encryption (no matter if you set it up or not,) and you are able to "format" your drive by wiping the container with the encryption key, effectively making all data on the drive appear as random noise as long as the encryption algorithm, e.g. AES-256, isn't broken.
The mechanism of SSD storage has limited writes before it breaks, to make the disk workable the controller takes the write instruction and behind the scenes, puts it somewhere on storage which isn't wearing out.
This means your attempt to write the same address 7 times actually goes to 7 different storage locations and the original data might still be stored wherever it first landed.
In reality there is no sufficiently-safe way to wipe drives today. If you really care, you destroy the drive. With AES-NI, there's little excuse for not doing disk-crypto-by-default, so if the drive never saw unencrypted data, and your data is only slightly to moderately sensitive, you could probably get away with logical deletion and then a precautionary drive-level or multi-pass overwrite, but if it's something genuinely high security, no sane policy allows drives to leave in any form but dust.
(Within an organization at the same security level, deletion and then wipe is enough to re-issue a laptop, but not going from top researcher to intern, and certainly not from inside to outside.)
The issue with a traditional erase: ie write random bytes to the disk 7 times. Is writes to SSDs wear them out a bit. If you erase disks a lot its going to wear out sooner.
There are tools called "Secure Erase" that use special functions on the disk to wipe it without wearing it out.
Unfortunately this isn't adequate. Drives contain "extra" storage space above rated capacity, as well as reduce delivered capacity, which gets periodically unmapped by wear leveling, or due to errors, etc. This is a bigger deal on SSD than on spinning-rust, but even with rust, it was an issue (esp with 4K sectors, or when worried about things like keys).
It's certainly better than nothing, but not sufficient practice in a business or high-security-professional environment.
An attacker is willing to load custom firmware onto the drive, or to move the chips into a new device, or otherwise read it out raw, and will have access to more material than your dd can write.
The standard should be "can I prove this will work reliably, given all the layers beneath me", and for that, the only adequate answer is physical destruction. You could possibly design a drive where you're guaranteed to know if everything is fully deleted, and as long as you trusted the design/implementation/current-status, you could rely on it, but then you'd have a $100k 100GB SSD. So much easier just to replace old drives, or to guarantee that nothing interesting every touched the disk unencrypted, or ideally both.
"Drives contain "extra" storage space above rated capacity, as well as reduce delivered capacity, which gets periodically unmapped by wear leveling, or due to errors, etc."
Yes, that's why you fill it multiple times. But yes, you can have information leaking in a sector that went bad and was remapped
But the good thing about SSDs as well is that they're much easier to destroy, just microwave it, or provide an excess voltage to it (may need more work than simply connect the power input to wires coming from the wall)
Here's another novel idea. How about to fucking riot and repel this policy?
So far, the reaction on intrusion of privacy by the government from the people was to circumvent it, go underground. A reaction commonly expected from a country like Soviet Union where people had zero say on the rulings and had to be creative to avoid surveillance.
Obama? I think the reasons he got elected have more to do with being young, charismatic, kind of hip, and "not as bad as the other guy."
I mean, I agree with the idea that if a Constitutional law professor allows this stuff to happen on his watch, we're sunk. But I wouldn't describe it as "we tried electing a civil libertarian constitution scholar." We elected a "rock star" politician who happens to have taught Constitutional law in a past life, and paid lip service to liberty for his biggest supporters.
There's more than that though--he actually had a record on civil liberties dating back to the Illinois State Senate, where he pushed through legislation to videotape police interrogations.
Fair enough. I don't know if he really has enough of a record as a politician to judge by, but that's a different issue. I guess his academic credentials, career history, and whatever amount of legislative work for civil rights is good enough for this point. Thanks.
~50% of people have already determined that voting isn't worth their time - wise up and get with the program. The jury box has been thoroughly pwned as well. Traditionally, the remaining step is the ammo box. But that lacks popular support because people are well fed, so we might as well try to turn things around this new fangled computational b0x before that stops being the case.
I think the only answer is to keep trying. I think there will come a point where even the non-technical masses will understand just how backwards everything has become. And upon this growing understanding a future libertarian / constitution scholar will run, and run successfully.
Here is another idea - they follow the constitution.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
'Sir, have you been giving advice that could potentially aid terrorists in some site called "Hacker News"? And by the way, does that mean you are hacker? One of those who like to break online banking and stuff?'
Why? Why not just put any data you are worried about on a very small storage medium? Hide that and smuggle it through. Concealing a small SD card must be a lot easier than buggering about with elaborate, and there for suspicious, schemes. Let the TSA do what they like with the laptop.
Oh, and whats this assumption about running a safe PC from home? You have read the Snowden stuff, right? And even if you cant go with all that, if you are at the US border, while your PC is in , er, Berlin, who says that as you stand there spooks are at your house raiding all the data they like? You know, if you are of that much interest to the authorities. And if you are not, SD card type thing.
Lastly, if one is all doom and gloom (maybe a bit foil hat) about this stuff, like me, I'd assume the buggers had the data I was worried about anyway, if I at some point it had been on an electronic device with communications capabilities.
Smuggling data across borders as you suggested could land you in a much larger world of hurt than bringing across a clean laptop, I would imagine.
If your desktop was on 24/7 and you're the one who set it up, it would be trivial to determine if somebody other than yourself had physically accessed it. Applebaum's computer equipment was turned off when he left Berlin from what I understand.
> Oh, and whats this assumption about running a safe PC from home? You have read the Snowden stuff, right? And even if you cant go with all that, if you are at the US border, while your PC is in , er, Berlin, who says that as you stand there spooks are at your house raiding all the data they like? You know, if you are of that much interest to the authorities. And if you are not, SD card type thing.
-------------------------
Encrypt files with a suitably long pass-phrase, upload to some random server somewhere, set home computer to keep over-writing its HD & memory/whatever data-destroying activity you favour.
Travel to other country, buy a laptop from a store selected by fair dice throw, download file and decrypt it.
For the ultra paranoid I would suggest learning what Tails is comprised of, how to build your own arch linux system, and then re-creating your own flavour of Tails.
It's more a matter of how high up the decision was made--as far as I know, they're doing hunch-based searches at all borders (or close enough to make it seem that way). This is only the first step of the inevitable appeals. If memory serves, and it has been a long time since I studied court procedure, the next step is the district court of appeals, then perhaps an en banc review, then the Supreme Court. I'm going on memory here, though, so corrections/clarification from actual lawyers would be welcome.
Or phones, the first thing customs does here is demand your phone and then start going through emails while you are waiting in front of them. If you have Mobiflauge installed this is no problem. Let them snoop the decoy all they want and then load up your hidden evil android install when you pass through
So what options do I have without rooting my phone?
Would it be worth stashing my phone in my underwear in my luggage in my trunk, then handing them a dumb old flip phone when they ask for my phone? They probably won't search all of my stuff and find the other phone, right?
I don't have anything on my phone that would get myself or others arrested, but I nevertheless want privacy. Would it be best to just give up on bringing a phone with access to any of my real data across the border?
This. The first time I traveled to USA I was super nervous about customs going through all my emails, not because I have anything to hide but I want privacy. From what I have seen/heard/read TSA is pretty much a minimum wage job and they arent the pinnacle of professionalism. It is only a matter of time before this kind of mass searching is used to blackmail and extort people.
Point of clarification: TSA is not involved in border searches, that's the realm of Customs and Border Patrol. CBP and TSA both fall under DHS but they are not the same agency and there are some very important differences. TSA aren't law enforcement for one.
How does this work with Chromebooks? For example if I disable all local storage? What is the distinction between what's "on my device" and what's not, if the simple act of "logging into my device" actually involves connecting to the cloud and automatically accessing stuff?
I guess what I mean is, does the government have the right to demand that I log into internet accounts, and let them browse the info, if I'm within 100 miles from the border? Or do they only have the right to access information that's physically located on the physical devices on my person?
Or remove the SIM card before crossing the border. And maybe if you're rooted, make a nandroid backup and then install a completely stock, uncustomized Cyanogenmod that isn't connected to your accounts and doesn't have any wireless settings installed. Just install Angry Birds and tell them that's what you use it for.
To recap, people think search of physical devices is stupid because we now have internet. And (other?) people are also thinking that connecting things to the internet is not a good idea because of NSA/backdoors/security problems. And by the way standard 'just push the button' encryption softwares might have been built in weaknesses.
It seems the only way now to keep secret data is :
- to be a top expert in security, be able to assess provenly secure software, have a whole chain of them and constantly keep track of what might have been compromised
- keep the data in a safe, never fly it, never come near a border, never connect to the internet
What would be the next step to make it worse now ?
How do big corporations that take their information security seriously (and have industrial secrets to protect) look upon this? Do they have routines for travel?
At least one of the major oil firms uses a pool of laptops requisitioned and distributed outside the US. Leave your company laptop + phone at home, fly to your destination outside the US and the local office will provide you with temporary equipment.
The company in question doesn't use this policy for all countries, typically just China, Russia and some of the more questionable nations they do business in (Nigeria, Kazakhstan, etc). They don't bother for travel to, say, London.
The worst part is the judges reasoning. From the NY Times article [1]:
>In his opinion, Judge Edward R. Korman of the Federal District Court for the Eastern District of New York found that the plaintiffs did not have standing for their lawsuit because such searches occur so rarely that “there is not a substantial risk that their electronic devices will be subject to a search or seizure without reasonable suspicion.”
>Even if the plaintiffs did have standing, Judge Korman found that they would lose on the merits of the case, ruling that the government does not need reasonable suspicion to examine or confiscate a traveler’s laptop, cellphone or other device at the border.
edit: I find this reasoning quite similar to the recent ruling in NSA surveillance of "[You wouldn't have known about it without the Snowden leak, so you don't have standing since Congress did not intent for you to know about surveillance]".
This is why I have a monthly recurring donation to the ACLU set up - they're constantly pushing back on stuff like this. If this kind of thing sickens you, consider doing the same. As a bonus, I believe it's tax deductible.
I believe being forced to hand over your passwords is still a murky gray area. But, even if it "protects" you, there's probably a chance that you may not get your device back for a long time.
Also, if you get your device back, especially if you had encrypted data on it, please don't just naively keep using the device. (You may be able to sell it to a security researcher!)
Yes, they did (and he gave it). They even asked him to write it on the computer so that they could continue to use the password when they took the laptop from him.
Well I know to which country I wont travel with my notebook anymore. As an European Startup we've given up the idea of doing business with the US, it's just too costly and the rest of our business would be affected by risking to expose our European Customers Data to American Goverment Agencies.
Encrypt and tamper-protect laptops and smartphones.
The news from CCC shows the tip of the iceberg of capabilities including injection-molding hidden radios, JTAG, i2c and hd firmware.
I would also desolder and epoxy over any ports that aren't necessary.
This year, I would expect to see tools to check for hardware tampering (HIDS for hardware) that can checksum firmware and other non-user data areas. I've forked O-S Tripwire (mostly C++) in case anyone wants to take a crack at it.
they plug their magic box into your firewire port and dump your memory and image your disks. They don't care about what OS you are running. they grab it all.
You think border means at the point you cross into another country.
That's not what it means. Government can now do this behavior a HUNDRED miles inland from a border. You could be just driving across town, to or from work, and they can use this border search law because you are a hundred miles from the border.
Oh and the border also includes the ocean, doesn't have to be another country.
https://d320ze5h7gg57a.cloudfront.net/sites/default/files/we...
100% of NY, NJ, Florida and half of Texas is subject to these searches as their state is blanketed by the hundred mile limit.
edited to correct hundred instead of hundreds, bad memory