Welcome to WebmasterWorld Guest from 174.129.96.175

Forum Moderators: incrediBILL & lawman

U.S. Lays Down New Rules For Border Search Of Laptops

   
1:29 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



U.S. Lays Down New Rules For Border Search Of Laptops [uk.reuters.com]
The rules permit searches of such devices without a person's consent. The review is to be done in the presence of the owner, unless there are national security or law enforcement reasons to conduct it elsewhere.

Immigration and customs officers can also hold the devices or the data, which may be copied without the knowledge of the owner for further review, according to the rules.

1:41 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Bad stuff this!
1:45 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It's interesing to note:

Between October 1, 2008 and August 11, 2009, 221 million travelers were processed at U.S. borders and about 1,000 searches of laptop computers were conducted, of which 46 were in-depth examinations, the agency said.

That's not many at all. Chances are you're unlikely to have hassle. Previously, it could have happened, but, at least the rules are now clearer.

1:58 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I wonder what would happen if they ruled that people's business information, briefcases and personal diaries could also be searched without your consent?
2:34 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



And what are they going to do if they find you have your business details on an encrypted drive ..?
the UK would like to tell you hand over the encryption key or face two years jail ..

the USA position is ?

3:06 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



I wonder what would happen if they ruled that people's business information, briefcases and personal diaries could also be searched without your consent?

I think it is likely that every country on the planet reserves the right to do that - and more - to anyone crossing their borders without diplomatic immunity.

That they don't go to extremes very often is simply pragmatic common sense.

Start worrying when they put on the latex gloves.

...

3:21 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I really have a problem with this, with the amount of confidential client data I have on my laptop I wouldn't want anyone copying it.

There have been a lot of posts going around that have ways to protect your data when crossing the border.

One such way is to take all private client data and put it on an SD card. Then put that card in your camera. It is less likely that they will copy your camera card data.

I have seen suggestions of sending your laptop by Fed-Ex to your hotel.

I would like to see the day that some bank official or some major corp official tries to cross the border with corporate secrets on their laptop and they want to copy it.

I am sure Haliburton execs would love that.

Imagine an Apple exec has the latest unreleased iPhone OS source and a custom official tells him they need to make a copy of all his data..... Based on the last guy that lost a prototype I don't think that is something he would be willing to allow.

3:30 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Medical or lawyers data on laptops would also be an interesting one ..especially if on machines belonging to MD's or lawyers involved in cases against the USA govt ..

Which ammendment(s) would those "gimme your laptop" from a border official breach ..

4:34 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



In general, anyone carrying around a laptop with sensitive information not immediately needed for that specific business trip is just asking for trouble. How many articles have we seen about thousands of credit card numbers or other sensitive material being on a laptop that was stolen? Most of that time, that information had no business being on a laptop in the first place.

I like Demaestro's suggestion of putting sensitive information on an SD card (encrypted, of course :) ). But in many cases, most of that information should be left at the office.

5:00 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



take all private client data and put it on an SD card. Then put that card in your camera

And how do you think the customs service would react if they find out that you were dissimulating data in this way?

Confidential information should not be stored on a laptop, encrypted or otherwise, they are far too much of a theft-magnet, and theft is a far more common problem than a few searches by border guards.

5:01 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The easiest way to defeat this almost for 100%:

- Only take cleanly installed for the trip laptops with NO data on them
- Have back home a VPN with servers behind them
- DO NOT have access to the VPN while crossing the border (disabled account)
- If they take the laptop out of your control or connect anything to it in any way: wipe it and reinstall from trusted media only
- Once you're in the country you're visiting call home (phone), authenticate, give the secret handshake to inform them you're not being forced to do this, and only then have them enable the VPN account.
(if it takes too long between the touchdown of the aircraft and the phone call: build in a "will not open the VPN anymore" policy so the one passing the border can't be coerced into giving the secret handshake all to easily)
(add a duress signal: it looks like you authenticate to have it enabled, but you inform the folks back home you're being coerced into doing it and they only give you what looks like access and it only leads to phony data)
- While in the foreign country: only have access to what you absolutely need to have access to, nothing else should be accessible. Authentication and encryption should be the best achievable.
- Before leaving the country: securely wipe the laptop and phone home to disable the VPN again, without a way for you to enable it again. This should be scheduled to automatically be done based on expected time of departure for optimum result.

That way they can try to decrypt anything on it for as long as they care to waste CPU cycles on it / demand your password as long as they want, and you can give them full access for as long as they care to annoy you.

There are commercial companies out in Europe who consider the US government to be hostile and in league with their competitors (e.g. Boeing's competitor).
But most won't need to fear this nor go to these extreme measures, but if you're paranoid this is easily enough defeated.

The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets (but that's not uncommon with overreacting border measures ever since 9/11). So that leaves the real reason:
- either a show of force to both scare the general population and show them "we the politicians do take care of you, give us more power"
- either they are after other targets that don't take the needed precautions and do pass through border carrying data
- (insert your conspiracy theory)

6:13 pm on Aug 31, 2009 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Much too complex - I think I'll just stay at home. ;)

The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets

Exactly, and these are the same people who leave their own computer systems exposed to simple hacking like that done by Gary McKinnon.

1:58 pm on Sep 11, 2009 (gmt 0)

10+ Year Member



...

I'm getting the impression that when crossing an international border in most parts of the world absolutely nothing is private, right? Except that which is actually stored in your head.

So, ah, when do you suppose the law enforcement and law making types will start working on that "in your head" loophole?

...

3:24 pm on Sep 11, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



So, ah, when do you suppose the law enforcement and law making types will start working on that "in your head" loophole?

According to the "Johnny Mnemonic" movie [imdb.com], by 2021. Another option is to use carrier pigeons [webmasterworld.com] for your data. :)
9:27 pm on Sep 12, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Imagine an Apple exec has the latest unreleased iPhone OS source and a custom official tells him they need to make a copy of all his data

What is a rival bribes a customs official to demand the data? People carry some valuable info around these days.

9:36 pm on Sep 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I have personally decided to boycot any and all travel to USA. I will not visit your beautiful country until all this madness stops. I find this anti-terror harassment deeply violating of my personal integrity, my human rights and my sense of righteousness. Before all this nonsense started, flying was the most secure mode of transportation. It still is.
1:59 pm on Sep 16, 2009 (gmt 0)

10+ Year Member



...
Sorry, an edit: I found this on the Justice Department website at [cybercrime.gov ], so that business below about it not being released to the public is not correct. Moderators, this is not illegally placed here on this website.

I've been thinking too much about this thread over the past few days and finally came to the conclusion when I return to the United States I am going to have some copies in my possession of some parts of this manual for Federal prosecutors put out by the United States Justice Department, Computer Crime and Intellectual Property Section, Criminal Division titled "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations"

[cybercrime.gov ]

Published by Office of Legal Education Executive Office for United States Attorneys

The Office of Legal Education intends that this book be used by Federal prosecutors for training and law enforcement purposes and makes no public release of it. Individuals receiving the book in training are reminded to treat it confidentially.

The contents of this book provide internal suggestions to Department of Justice attorneys. Nothing in it is intended to create any substantive or procedural rights, privileges, or benefits enforceable in any administrative, civil, or criminal matter by any prospective or actual witnesses or parties. See United States v. Caceres, 440 U.S. 741 (1979).

This requires a lot of time to read, but from what I have had time to study there are about ten pages that I would have ready -- multiple copies so I can hand them around to the various law enforcement types that may be bothering me.

You folks may find this to be particularly interesting, and it is given special note in the manual with a little index finger pointing at it.

To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed container and examining its contents in the same situation.

It is my understanding that this manual was recently updated by the Justice Department, so how the law enforcement types at the borders or airports could conduct searches that contravened the guidelines set for Federal prosecuters is a question I will explore when I have more time.

For now, I thought we might get this discussion on solid grounds with a document that is supposed to contain facts.

...

2:26 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



And how do you think the customs service would react if they find out that you were dissimulating data in this way?

Who cares, it is my right to put data on a data card and put that data in whatever card slot I choose. I mean honestly you could wear the SD card up your rectum if you really felt it was warranted.

Confidential information should not be stored on a laptop, encrypted or otherwise

While I agree for the most part, sometimes that is just how it goes. I would much rather prep any data I needed on a server then access it remotely like I usually do, but sometime that isn't always viable.

In a perfect world no you shouldn't store sensitive data on any mobile device. But this world is hardly perfect, so if you do have to bring sensitive data with you there are some good and safe ways to do it.

3:27 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The Fourth Amendment ...

doesn't apply to border crossing situations.

3:35 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Individuals receiving the book in training are reminded to treat it confidentially.

Yet it's published on a public web site. Love it!

To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed container and examining its contents in the same situation.

And Customs officials would NEVER open a briefcase. You may have noticed that the officials (at least in my experience) ask your permission before they open your cases (or more commonly, ask you to open them). Once you give permission, or do it yourself, there's no hiding behind the 4th Amendment. I've never refused permission, but my guess is that they would pull you from the line and make you wait several hours while they got a judge to issue a warrant to search your briefcase.

It would be interesting to hear of any court challenges (won or lost) over the issue.

5:55 pm on Sep 16, 2009 (gmt 0)

10+ Year Member



...

About the Fourth Amendment and it not applying at a border, if I am a United States citizen and I am on United States soil, the airport, my Fourth Ammendment rights had better be in play. Suspending a citizen's constitutional rights, no matter the nation, is a very serious business.

I'm certainly no Supreme Court Justice, nor a constitutional lawyer, but I thought that suspending a citizen's constitutional rights was frowned upon in that fine nation of democratic principles.

Over the past few years I have been getting this very odd feeling that I have been away from my country too long. I am beginning to suspect my country needs me more now than when they sent me to that far-off land to fight for the well-being of the country. It's been sounding lately like the country hasn't been so well.

And we thought things were bad back then.

It's been over three decades since I last set foot within the 50 states, so you can bet your sweet bippy any border guard type is going to run up against a real tyrant if I hear he/she doesn't think my constitutional rights are in play as they go about doing their job to keep the country safe.

I have no problem whatsoever with these border checks and whatever else it is they do, as long as they are not stepping on my rights. I haven't done any harm to my country, so I don't expect my country to do any harm to me.

How did that fella put it? "That's all I have to say about that."

Run, jimji, RUN!

...

6:05 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Oh, a quick search points out that border crossing are specifically exempt from the 4th Amendment warrant requirement.

And regarding relevant court cases, the Ninth Circuit Court of Appeals agreed with the government's position and held that "reasonable suspicion is not needed for customs officials to search a laptop or other electronic device at the international border."

6:41 pm on Sep 16, 2009 (gmt 0)

10+ Year Member



...

Oh boy, you are most definitely scaring the bejesus out of me! What's an old country boy supposed to do? My, my! I think I need a drink. And it's a quarter to four in the morning!

...

8:57 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



swa66, you said: "The guise under which this is done" "terrorism" and the ease with which to defeat it, means the measures will not work against the apparent targets"

Really? We haven't exactly seen a lot of sophistication about the use of computers out of Al-Qaida. My sense is that their equivalent of an IT department doesn't know (for example) what a VPN is... Just from your post, I'd say you could run rings around them. Fortune 500 companies are better equipped to circumvent this than AQ and similar groups.

And claus, I'd be really surprised if the EU doesn't have similar regulations on their books.

12:04 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Way too many info/tips for the bad guys to read!
9:18 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



The US has horrible policies on personal privacy, even for it's citizens. I, for one, will never take my laptop with me when traveling to the US (I go on average twice a year). It's just not worth the risk. I have nothing to hide but I can't stand their "We can do whatever we want" attitude (US govt/border service).
9:32 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



No way they could search all devices. I wonder what the criteria are for who will be searched.
9:41 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I wonder what the criteria are for who will be searched.

Here comes a supervisor. Quick! Find someone with a laptop to search so we can look busy!
3:39 pm on Sep 23, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



And what are they going to do if they find you have your business details on an encrypted drive ..?
the UK would like to tell you hand over the encryption key or face two years jail ..
the USA position is ?

They would probably ship the drive to the NSA. Your encrptytion would be broken in very short order.

5:19 pm on Sep 23, 2009 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



And in the meantime they would do what with you ..and under which laws ..
The proposed law in the UK is you'd get 2 years ( starting next morning ) just for saying NO to " give us the key" ..and then they'd try to break your encryption while you served your time ..( having found that maybe all you had was your companies R and D and some patent ideas and sites under dev you'd still have to serve out the time )..because saying No was the offence .
This 31 message thread spans 2 pages: 31
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month