U.S. border agents stopped journalist from entry and took his phones
#1
Original Poster
Join Date: Jul 2006
Location: YYZ/LHR/SFO/SIN
Programs: AC SE100K
Posts: 282
U.S. border agents stopped journalist from entry and took his phones
#3
FlyerTalk Evangelist
Join Date: Mar 2002
Location: An NPR mind living in a Fox News world
Posts: 14,153
I Found the Canadian Law About Preclearance
Right of traveller to leave preclearance area
10 (1) Every traveller has the right, at any stage of the preclearance process, to leave a preclearance area without departing for the United States, unless a preclearance officer informs the traveller that the officer suspects on reasonable grounds that the traveller has committed an offence under section 33 or 34.
10 (1) Every traveller has the right, at any stage of the preclearance process, to leave a preclearance area without departing for the United States, unless a preclearance officer informs the traveller that the officer suspects on reasonable grounds that the traveller has committed an offence under section 33 or 34.
Section 33: Deceptive Statements.
Section 34: Obstruction.
There was a new international agreement signed in 2015, but I don't see a reference to a new Canadian law other than the 1999 Preclearance Act, which I posted above.
This presentation from April 2016 would suggest that the right of a traveler to withdraw is, thankfully, still intact (chart 7).
#4
Join Date: Sep 2016
Posts: 45
Don't travel with data on your systems. Don't travel with automatic access to other systems. Put data on a private cloud and remotely access it, as needed, through a VPN. Don't trust DNS, use IPs for direct VPN access.
Use 2FA and if truly paranoid, don't bring the HW device with you or know the passphrase yourself without calling another person when traveling. You want to be able to tell border officials that you honestly do not know the passphrase.
Should go without saying, but whole disk encryption is required for all portable devices ... and beware of known bugs (there's an encryption bypass for certain versions of Win10 today) around whole disk encryption. Look up 'evil maid attack.'
Smartphones need full encryption, VPNs and 2FA as well, especially when crossing borders.
#5
Join Date: Jun 2013
Location: FRA
Posts: 1,398
If Ou had already been inside the U.S. border, law enforcement officers would have needed a warrant to search his smartphones to comply with a 2014 Supreme Court ruling. But the journalist learned the hard way that the same rules don't apply at the border, where the government claims the right to search electronic devices without a warrant or any suspicion of wrongdoing.
#6
FlyerTalk Evangelist
Join Date: Mar 2002
Location: An NPR mind living in a Fox News world
Posts: 14,153
Check out my upstream post where I found the Canadian Preclearance Act. It actually does a decent job preserving rights of people on Canadian soil being confronted with a U.S. CBP interrogation.
#7
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
Join Date: Dec 2009
Location: LAX
Programs: oneword Emerald
Posts: 20,478
With the exception of the outcome, this incident is not that different from the one discussed in this thread:
#8
Join Date: Apr 2003
Location: Seattle, Wash. USA
Posts: 1,530
THIS!
Don't travel with data on your systems. Don't travel with automatic access to other systems. Put data on a private cloud and remotely access it, as needed, through a VPN. Don't trust DNS, use IPs for direct VPN access.
Use 2FA and if truly paranoid, don't bring the HW device with you or know the passphrase yourself without calling another person when traveling. You want to be able to tell border officials that you honestly do not know the passphrase.
Should go without saying, but whole disk encryption is required for all portable devices ... and beware of known bugs (there's an encryption bypass for certain versions of Win10 today) around whole disk encryption. Look up 'evil maid attack.'
Smartphones need full encryption, VPNs and 2FA as well, especially when crossing borders.
Don't travel with data on your systems. Don't travel with automatic access to other systems. Put data on a private cloud and remotely access it, as needed, through a VPN. Don't trust DNS, use IPs for direct VPN access.
Use 2FA and if truly paranoid, don't bring the HW device with you or know the passphrase yourself without calling another person when traveling. You want to be able to tell border officials that you honestly do not know the passphrase.
Should go without saying, but whole disk encryption is required for all portable devices ... and beware of known bugs (there's an encryption bypass for certain versions of Win10 today) around whole disk encryption. Look up 'evil maid attack.'
Smartphones need full encryption, VPNs and 2FA as well, especially when crossing borders.
http://www.cjr.org/first_person/ed_o...nding_rock.php
#9
Original Poster
Join Date: Jul 2006
Location: YYZ/LHR/SFO/SIN
Programs: AC SE100K
Posts: 282
● New officer authorities include:
- Authority to question and seek identification from travelers wishing to withdraw from the preclearance area
- Authority to question and seek identification from travelers wishing to withdraw from the preclearance area
#10
Join Date: Sep 2016
Posts: 45
Not very practical, in this case. I don't think they have WiFi at the Standing Rock protest site. And this guy had a Nexus card!
http://www.cjr.org/first_person/ed_o...nding_rock.php
http://www.cjr.org/first_person/ed_o...nding_rock.php
Thanks for the link. He wasn't going to be allowed in regardless of his answers. They were fishing for more data. ANYTHING can be searched at a US border. OTOH, it is easy to pick up a burner Android device at any grocery store once inside. I've done this in other countries rather than risk my normal device at a border.
Security is almost always a trade-off between convenience and security. The only tool I know that is both more convenient AND more secure than other alternatives is ssh. But most end-users have never heard of ssh, which is really too bad.
Then push the changed data back to the private cloud BEFORE going through a border again. Again, lots of tools for this - rsync (over ssh) is one. Just providing options. Oh, and don't use passwords, use key-based authentication. Using passwords and you've already lost the security game. I understand this could be a shock to most people.