homepage Welcome to WebmasterWorld Guest from 54.197.110.151
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 31 message thread spans 2 pages: 31 ( [1] 2 > >     
U.S. Lays Down New Rules For Border Search Of Laptops
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3981236 posted 1:29 pm on Aug 31, 2009 (gmt 0)

U.S. Lays Down New Rules For Border Search Of Laptops [uk.reuters.com]
The rules permit searches of such devices without a person's consent. The review is to be done in the presence of the owner, unless there are national security or law enforcement reasons to conduct it elsewhere.

Immigration and customs officers can also hold the devices or the data, which may be copied without the knowledge of the owner for further review, according to the rules.


 

BeeDeeDubbleU

WebmasterWorld Senior Member beedeedubbleu us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 1:41 pm on Aug 31, 2009 (gmt 0)

Bad stuff this!

engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3981236 posted 1:45 pm on Aug 31, 2009 (gmt 0)

It's interesing to note:

Between October 1, 2008 and August 11, 2009, 221 million travelers were processed at U.S. borders and about 1,000 searches of laptop computers were conducted, of which 46 were in-depth examinations, the agency said.

That's not many at all. Chances are you're unlikely to have hassle. Previously, it could have happened, but, at least the rules are now clearer.

BeeDeeDubbleU

WebmasterWorld Senior Member beedeedubbleu us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 1:58 pm on Aug 31, 2009 (gmt 0)

I wonder what would happen if they ruled that people's business information, briefcases and personal diaries could also be searched without your consent?

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 2:34 pm on Aug 31, 2009 (gmt 0)

And what are they going to do if they find you have your business details on an encrypted drive ..?
the UK would like to tell you hand over the encryption key or face two years jail ..

the USA position is ?

Samizdata

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981236 posted 3:06 pm on Aug 31, 2009 (gmt 0)

I wonder what would happen if they ruled that people's business information, briefcases and personal diaries could also be searched without your consent?

I think it is likely that every country on the planet reserves the right to do that - and more - to anyone crossing their borders without diplomatic immunity.

That they don't go to extremes very often is simply pragmatic common sense.

Start worrying when they put on the latex gloves.

...

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 3:21 pm on Aug 31, 2009 (gmt 0)

I really have a problem with this, with the amount of confidential client data I have on my laptop I wouldn't want anyone copying it.

There have been a lot of posts going around that have ways to protect your data when crossing the border.

One such way is to take all private client data and put it on an SD card. Then put that card in your camera. It is less likely that they will copy your camera card data.

I have seen suggestions of sending your laptop by Fed-Ex to your hotel.

I would like to see the day that some bank official or some major corp official tries to cross the border with corporate secrets on their laptop and they want to copy it.

I am sure Haliburton execs would love that.

Imagine an Apple exec has the latest unreleased iPhone OS source and a custom official tells him they need to make a copy of all his data..... Based on the last guy that lost a prototype I don't think that is something he would be willing to allow.

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 3:30 pm on Aug 31, 2009 (gmt 0)

Medical or lawyers data on laptops would also be an interesting one ..especially if on machines belonging to MD's or lawyers involved in cases against the USA govt ..

Which ammendment(s) would those "gimme your laptop" from a border official breach ..

LifeinAsia

WebmasterWorld Administrator lifeinasia us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3981236 posted 4:34 pm on Aug 31, 2009 (gmt 0)

In general, anyone carrying around a laptop with sensitive information not immediately needed for that specific business trip is just asking for trouble. How many articles have we seen about thousands of credit card numbers or other sensitive material being on a laptop that was stolen? Most of that time, that information had no business being on a laptop in the first place.

I like Demaestro's suggestion of putting sensitive information on an SD card (encrypted, of course :) ). But in many cases, most of that information should be left at the office.

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 5:00 pm on Aug 31, 2009 (gmt 0)

take all private client data and put it on an SD card. Then put that card in your camera

And how do you think the customs service would react if they find out that you were dissimulating data in this way?

Confidential information should not be stored on a laptop, encrypted or otherwise, they are far too much of a theft-magnet, and theft is a far more common problem than a few searches by border guards.

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 5:01 pm on Aug 31, 2009 (gmt 0)

The easiest way to defeat this almost for 100%:

- Only take cleanly installed for the trip laptops with NO data on them
- Have back home a VPN with servers behind them
- DO NOT have access to the VPN while crossing the border (disabled account)
- If they take the laptop out of your control or connect anything to it in any way: wipe it and reinstall from trusted media only
- Once you're in the country you're visiting call home (phone), authenticate, give the secret handshake to inform them you're not being forced to do this, and only then have them enable the VPN account.
(if it takes too long between the touchdown of the aircraft and the phone call: build in a "will not open the VPN anymore" policy so the one passing the border can't be coerced into giving the secret handshake all to easily)
(add a duress signal: it looks like you authenticate to have it enabled, but you inform the folks back home you're being coerced into doing it and they only give you what looks like access and it only leads to phony data)
- While in the foreign country: only have access to what you absolutely need to have access to, nothing else should be accessible. Authentication and encryption should be the best achievable.
- Before leaving the country: securely wipe the laptop and phone home to disable the VPN again, without a way for you to enable it again. This should be scheduled to automatically be done based on expected time of departure for optimum result.

That way they can try to decrypt anything on it for as long as they care to waste CPU cycles on it / demand your password as long as they want, and you can give them full access for as long as they care to annoy you.

There are commercial companies out in Europe who consider the US government to be hostile and in league with their competitors (e.g. Boeing's competitor).
But most won't need to fear this nor go to these extreme measures, but if you're paranoid this is easily enough defeated.

The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets (but that's not uncommon with overreacting border measures ever since 9/11). So that leaves the real reason:
- either a show of force to both scare the general population and show them "we the politicians do take care of you, give us more power"
- either they are after other targets that don't take the needed precautions and do pass through border carrying data
- (insert your conspiracy theory)

BeeDeeDubbleU

WebmasterWorld Senior Member beedeedubbleu us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 6:13 pm on Aug 31, 2009 (gmt 0)

Much too complex - I think I'll just stay at home. ;)

The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets

Exactly, and these are the same people who leave their own computer systems exposed to simple hacking like that done by Gary McKinnon.

jimji

10+ Year Member



 
Msg#: 3981236 posted 1:58 pm on Sep 11, 2009 (gmt 0)

...

I'm getting the impression that when crossing an international border in most parts of the world absolutely nothing is private, right? Except that which is actually stored in your head.

So, ah, when do you suppose the law enforcement and law making types will start working on that "in your head" loophole?

...

LifeinAsia

WebmasterWorld Administrator lifeinasia us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3981236 posted 3:24 pm on Sep 11, 2009 (gmt 0)

So, ah, when do you suppose the law enforcement and law making types will start working on that "in your head" loophole?

According to the "Johnny Mnemonic" movie [imdb.com], by 2021. Another option is to use carrier pigeons [webmasterworld.com] for your data. :)

graeme_p

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981236 posted 9:27 pm on Sep 12, 2009 (gmt 0)

Imagine an Apple exec has the latest unreleased iPhone OS source and a custom official tells him they need to make a copy of all his data

What is a rival bribes a customs official to demand the data? People carry some valuable info around these days.

claus

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3981236 posted 9:36 pm on Sep 12, 2009 (gmt 0)

I have personally decided to boycot any and all travel to USA. I will not visit your beautiful country until all this madness stops. I find this anti-terror harassment deeply violating of my personal integrity, my human rights and my sense of righteousness. Before all this nonsense started, flying was the most secure mode of transportation. It still is.

jimji

10+ Year Member



 
Msg#: 3981236 posted 1:59 pm on Sep 16, 2009 (gmt 0)

...
Sorry, an edit: I found this on the Justice Department website at [cybercrime.gov ], so that business below about it not being released to the public is not correct. Moderators, this is not illegally placed here on this website.

I've been thinking too much about this thread over the past few days and finally came to the conclusion when I return to the United States I am going to have some copies in my possession of some parts of this manual for Federal prosecutors put out by the United States Justice Department, Computer Crime and Intellectual Property Section, Criminal Division titled "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations"

[cybercrime.gov ]

Published by Office of Legal Education Executive Office for United States Attorneys

The Office of Legal Education intends that this book be used by Federal prosecutors for training and law enforcement purposes and makes no public release of it. Individuals receiving the book in training are reminded to treat it confidentially.

The contents of this book provide internal suggestions to Department of Justice attorneys. Nothing in it is intended to create any substantive or procedural rights, privileges, or benefits enforceable in any administrative, civil, or criminal matter by any prospective or actual witnesses or parties. See United States v. Caceres, 440 U.S. 741 (1979).

This requires a lot of time to read, but from what I have had time to study there are about ten pages that I would have ready -- multiple copies so I can hand them around to the various law enforcement types that may be bothering me.

You folks may find this to be particularly interesting, and it is given special note in the manual with a little index finger pointing at it.

To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed container and examining its contents in the same situation.

It is my understanding that this manual was recently updated by the Justice Department, so how the law enforcement types at the borders or airports could conduct searches that contravened the guidelines set for Federal prosecuters is a question I will explore when I have more time.

For now, I thought we might get this discussion on solid grounds with a document that is supposed to contain facts.

...

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 2:26 pm on Sep 16, 2009 (gmt 0)

And how do you think the customs service would react if they find out that you were dissimulating data in this way?

Who cares, it is my right to put data on a data card and put that data in whatever card slot I choose. I mean honestly you could wear the SD card up your rectum if you really felt it was warranted.

Confidential information should not be stored on a laptop, encrypted or otherwise

While I agree for the most part, sometimes that is just how it goes. I would much rather prep any data I needed on a server then access it remotely like I usually do, but sometime that isn't always viable.

In a perfect world no you shouldn't store sensitive data on any mobile device. But this world is hardly perfect, so if you do have to bring sensitive data with you there are some good and safe ways to do it.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3981236 posted 3:27 pm on Sep 16, 2009 (gmt 0)

The Fourth Amendment ...

doesn't apply to border crossing situations.

LifeinAsia

WebmasterWorld Administrator lifeinasia us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3981236 posted 3:35 pm on Sep 16, 2009 (gmt 0)

Individuals receiving the book in training are reminded to treat it confidentially.

Yet it's published on a public web site. Love it!

To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed container and examining its contents in the same situation.

And Customs officials would NEVER open a briefcase. You may have noticed that the officials (at least in my experience) ask your permission before they open your cases (or more commonly, ask you to open them). Once you give permission, or do it yourself, there's no hiding behind the 4th Amendment. I've never refused permission, but my guess is that they would pull you from the line and make you wait several hours while they got a judge to issue a warrant to search your briefcase.

It would be interesting to hear of any court challenges (won or lost) over the issue.

jimji

10+ Year Member



 
Msg#: 3981236 posted 5:55 pm on Sep 16, 2009 (gmt 0)

...

About the Fourth Amendment and it not applying at a border, if I am a United States citizen and I am on United States soil, the airport, my Fourth Ammendment rights had better be in play. Suspending a citizen's constitutional rights, no matter the nation, is a very serious business.

I'm certainly no Supreme Court Justice, nor a constitutional lawyer, but I thought that suspending a citizen's constitutional rights was frowned upon in that fine nation of democratic principles.

Over the past few years I have been getting this very odd feeling that I have been away from my country too long. I am beginning to suspect my country needs me more now than when they sent me to that far-off land to fight for the well-being of the country. It's been sounding lately like the country hasn't been so well.

And we thought things were bad back then.

It's been over three decades since I last set foot within the 50 states, so you can bet your sweet bippy any border guard type is going to run up against a real tyrant if I hear he/she doesn't think my constitutional rights are in play as they go about doing their job to keep the country safe.

I have no problem whatsoever with these border checks and whatever else it is they do, as long as they are not stepping on my rights. I haven't done any harm to my country, so I don't expect my country to do any harm to me.

How did that fella put it? "That's all I have to say about that."

Run, jimji, RUN!

...

LifeinAsia

WebmasterWorld Administrator lifeinasia us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3981236 posted 6:05 pm on Sep 16, 2009 (gmt 0)

Oh, a quick search points out that border crossing are specifically exempt from the 4th Amendment warrant requirement.

And regarding relevant court cases, the Ninth Circuit Court of Appeals agreed with the government's position and held that "reasonable suspicion is not needed for customs officials to search a laptop or other electronic device at the international border."

jimji

10+ Year Member



 
Msg#: 3981236 posted 6:41 pm on Sep 16, 2009 (gmt 0)

...

Oh boy, you are most definitely scaring the bejesus out of me! What's an old country boy supposed to do? My, my! I think I need a drink. And it's a quarter to four in the morning!

...

purplecape

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981236 posted 8:57 pm on Sep 16, 2009 (gmt 0)

swa66, you said: "The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets"

Really? We haven't exactly seen a lot of sophistication about the use of computers out of Al-Qaida. My sense is that their equivalent of an IT department doesn't know (for example) what a VPN is... Just from your post, I'd say you could run rings around them. Fortune 500 companies are better equipped to circumvent this than AQ and similar groups.

And claus, I'd be really surprised if the EU doesn't have similar regulations on their books.

henry0

WebmasterWorld Senior Member henry0 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 12:04 pm on Sep 17, 2009 (gmt 0)

Way too many info/tips for the bad guys to read!

Swanny007

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981236 posted 9:18 pm on Sep 17, 2009 (gmt 0)

The US has horrible policies on personal privacy, even for it's citizens. I, for one, will never take my laptop with me when traveling to the US (I go on average twice a year). It's just not worth the risk. I have nothing to hide but I can't stand their "We can do whatever we want" attitude (US govt/border service).

lawman

WebmasterWorld Administrator lawman us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 9:32 pm on Sep 17, 2009 (gmt 0)

No way they could search all devices. I wonder what the criteria are for who will be searched.

LifeinAsia

WebmasterWorld Administrator lifeinasia us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3981236 posted 9:41 pm on Sep 17, 2009 (gmt 0)

I wonder what the criteria are for who will be searched.

Here comes a supervisor. Quick! Find someone with a laptop to search so we can look busy!

lgn1

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3981236 posted 3:39 pm on Sep 23, 2009 (gmt 0)

And what are they going to do if they find you have your business details on an encrypted drive ..?
the UK would like to tell you hand over the encryption key or face two years jail ..
the USA position is ?

They would probably ship the drive to the NSA. Your encrptytion would be broken in very short order.

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981236 posted 5:19 pm on Sep 23, 2009 (gmt 0)

And in the meantime they would do what with you ..and under which laws ..
The proposed law in the UK is you'd get 2 years ( starting next morning ) just for saying NO to " give us the key" ..and then they'd try to break your encryption while you served your time ..( having found that maybe all you had was your companies R and D and some patent ideas and sites under dev you'd still have to serve out the time )..because saying No was the offence .

This 31 message thread spans 2 pages: 31 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved