Go Back   > > >
 
Thread Tools Search this Thread
Old Feb 21, 17, 4:53 am   #31
Original Poster
  
Join Date: May 2006
Location: Southern California
Programs: *G, SPG100, Starbucks Gold
Posts: 466
For me, disconnecting and uninstalling cloud related apps such as dropbox/google enterprise/social media is more than 50% of sensitive data (personal/financial/work), the rest involves the thousands of pictures stored in phone (uploaded automatically to dropbox but kept in phone). It literally takes 10 minutes to do the above, and to get it back, just log back in and another 10 minutes everything will be back onto the phone.

The rest is a little more problematic.... contact list/call logs/sms logs/chat which, depending on the phone, is hard to delete.... not sure if anyone have any ideas for this part.

I feel CBP can compel/coerce travelers to unlock their phones to examine contents, but it'll be a million years before they can get passwords to look at your cloud/email data.
buylowsellhigh is offline   Reply With Quote
Old Feb 21, 17, 12:51 pm   #32
  
Join Date: Sep 2012
Location: CPH
Programs: Delta SM
Posts: 491
Quote:
Originally Posted by buylowsellhigh View Post
I feel CBP can compel/coerce travelers to unlock their phones to examine contents, but it'll be a million years before they can get passwords to look at your cloud/email data.
I'm not sure why you think this. The whole point of the discussion is limited fourth amendment protections at the border. If CBP can force you to unlock your phone/tablet/computer, then what's to stop them from forcing you to unlock your favorite password protected cloud or password manager program? After all, the juicy stuff they're looking for is more likely to be stored somewhere else, under lock and key, on your smartphone.
FredAnderssen is offline   Reply With Quote
Old Feb 21, 17, 11:20 pm   #33
  
Join Date: Jan 2009
Location: LAS
Programs: Hilton Diamond, Hyatt Platinum, IHG Spire Ambassador
Posts: 2,232
Quote:
Originally Posted by FredAnderssen View Post
If CBP can force you to unlock your phone/tablet/computer
CBP can't force anyone to do anything. People need to stand up for themselves.

"Will you unlock the phone please?"
"No."

Easy.
jphripjah is offline   Reply With Quote
Old Feb 22, 17, 7:09 am   #34
FlyerTalk Evangelist
  
Join Date: Aug 2011
Location: Austin, Texas
Programs: Airline nobody. Sad!
Posts: 22,318
Quote:
Originally Posted by jphripjah View Post
CBP can't force anyone to do anything. People need to stand up for themselves.

"Will you unlock the phone please?"
"No."

Easy.
I'm not sure they can "force" you to unlock your phone even if you're not a US citizen. Of course, they could always deny you entry if a non-citizen (with some exceptions), or seize the phone and attempt a forensic analysis.

Unfortunately, I think we will need to end up with a court case where someone pursues this all the way to the folks in the black robes on First St NE and sees what they have to say specifically, as the rulings in Riley and Cotterman are not as clear on this as they could be.
TheBOSman is offline   Reply With Quote
Old Feb 22, 17, 8:55 am   #35
  
Join Date: Nov 2007
Location: WAS
Programs: enjoyed being warm spit for a few years on CO/UA but now nothing :(
Posts: 1,395
Quote:
Originally Posted by FredAnderssen View Post
I'm not sure why you think this. The whole point of the discussion is limited fourth amendment protections at the border. If CBP can force you to unlock your phone/tablet/computer, then what's to stop them from forcing you to unlock your favorite password protected cloud or password manager program? After all, the juicy stuff they're looking for is more likely to be stored somewhere else, under lock and key, on your smartphone.
Because while the gubmint CAN compel one to produce a thing (such as a key or fingerprint) to unlock something it CANNOT compel one to produce a thought (a password or pin). This is why one should use passwords and not the convenient but less secure methods of biometrics to secure a phone.
Section 107 is offline   Reply With Quote
Old Feb 22, 17, 11:40 am   #36
  
Join Date: Jan 2009
Location: LAS
Programs: Hilton Diamond, Hyatt Platinum, IHG Spire Ambassador
Posts: 2,232
Here's an interesting story about a gay Canadian who was denied entry to the US based in part upon information found on this phone.

http://www.dailyxtra.com/canada/news...profile-215531

Sometime after that, he cleared the offending apps from his phone and cleared his browsing history before trying to re-enter the USA, and he was chastised for having a cleared phone. He was denied entry again.
jphripjah is offline   Reply With Quote
Old Feb 22, 17, 8:23 pm   #37
FlyerTalk Evangelist
  
Join Date: Jun 2005
Posts: 26,770
Quote:
Originally Posted by jphripjah View Post
Here's an interesting story about a gay Canadian who was denied entry to the US based in part upon information found on this phone.

http://www.dailyxtra.com/canada/news...profile-215531

Sometime after that, he cleared the offending apps from his phone and cleared his browsing history before trying to re-enter the USA, and he was chastised for having a cleared phone. He was denied entry again.
They no doubt had notes from the previous rejection.
Loren Pechtel is offline   Reply With Quote
Old Feb 23, 17, 1:35 am   #38
A FlyerTalk Posting Legend
  
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 83,966
Quote:
Originally Posted by Loren Pechtel View Post
They no doubt had notes from the previous rejection.
Yes. The article indicates that CBP had saved his password info from the first encounter and re-used it during the second denied entry/travel encounter.
GUWonder is offline   Reply With Quote
Old Feb 23, 17, 7:02 am   #39
  
Join Date: Jan 2009
Location: LAS
Programs: Hilton Diamond, Hyatt Platinum, IHG Spire Ambassador
Posts: 2,232
Quote:
Originally Posted by GUWonder View Post
Yes. The article indicates that CBP had saved his password info from the first encounter and re-used it during the second denied entry/travel encounter.
That's a good reminder that after every secondary inspection you shouls send a FOIA request for the records of the inspection, as this may give you an idea of what notes the officers have made about you. Assuming they don't redact that from the records.
jphripjah is offline   Reply With Quote
Old Feb 23, 17, 7:04 am   #40
FlyerTalk Evangelist
  
Join Date: Aug 2011
Location: Austin, Texas
Programs: Airline nobody. Sad!
Posts: 22,318
Quote:
Originally Posted by jphripjah View Post
That's a good reminder that after every secondary inspection you shouls send a FOIA request for the records of the inspection, as this may give you an idea of what notes the officers have made about you. Assuming they don't redact that from the records.
More importantly, change your damn passwords...
TheBOSman is offline   Reply With Quote
Old Feb 23, 17, 11:21 am   #41
  
Join Date: Nov 2010
Posts: 61
Quote:
That's why you end up with NASA scientists unnecessarily turning over the passwords to their [NASA owned] phones.
This was in reference to a NASA-owned phone, i.e., U.S. government property. That's important.

As a federal employee myself, it is made absolutely clear that we have ZERO expectation of privacy on our government owned devices and government owned information accounts (email, etc). They may all be inspected bit-by-bit or relcaimed by the govt at any time, for any reason.

FWIW, that standard disclaimer on govt-owned equipment is phrased "by the U.S. Government", not "by [NASA, etc]". That does not mean the retail clerk at my local Post Office can demand I give him my DoD-owned laptop, but the general policy of the federal government towards its own computer equipment is not for federal employees to resist the legitimate requests of federal law enforcement -- it's the govt inspecting its own property.

I know our general guidance is comply with legitimate inspection requests of govt equipment and report afterward to our IT / Security offices.

There are special provisions for classified media to be carried in special numbered courier bags, with documentation, and CBP can call in to the agency security offices to verify that the traveller has been issued that bag. If it isn't in an active courier bag, it's inspectable.
flyerguy99 is offline   Reply With Quote
Old Feb 23, 17, 7:14 pm   #42
  
Join Date: Sep 2016
Posts: 97
Quote:
Originally Posted by Section 107 View Post
Because while the gubmint CAN compel one to produce a thing (such as a key or fingerprint) to unlock something it CANNOT compel one to produce a thought (a password or pin). This is why one should use passwords and not the convenient but less secure methods of biometrics to secure a phone.
There's a new ruling from a case in Chicago that says probable cause to search a residence doesn't extend to compelling anyone on the premises to use their fingerprint to unlock a device.

I have no idea how this applies to CBP, but it does at least indicate the courts' willingness to consider that there are 4th/5th Amendment issues involved.

https://arstechnica.com/tech-policy/...-fingerprints/

Last edited by mauve; Feb 23, 17 at 7:15 pm Reason: forgot the link
mauve is offline   Reply With Quote
Old Feb 26, 17, 3:35 pm   #43
  
Join Date: Apr 2012
Location: Chicago
Posts: 237
My phone has a fingerprint sensor (Nexus 5X) and when you reboot it, it still requires the PIN for the first login. You can also have it ask for a PIN before it boots at all. Since I generally turn my phone off when I fly, this seems to 'fix' the fingerprint part of a search. I've never had that happen, but it might be something to keep in mind as well.
dakuda is offline   Reply With Quote
Old Mar 3, 17, 8:38 am   #44
  
Join Date: Sep 2013
Posts: 681
Quote:
Originally Posted by dakuda View Post
My phone has a fingerprint sensor (Nexus 5X) and when you reboot it, it still requires the PIN for the first login. You can also have it ask for a PIN before it boots at all. Since I generally turn my phone off when I fly, this seems to 'fix' the fingerprint part of a search. I've never had that happen, but it might be something to keep in mind as well.
This is true for the iPhone as well.

You can also choose to have an alphanumeric passcode so it's harder to brute force. A 4 digit PIN only has 1000 possibilities - a computer can try all of them in a few seconds. The iPhone has a "wipe after 10 tries" setting, but they can back up your phone and then try 10 tries on millions of virtual images of your phone in parallel.

I'd recommend coming up with a passphrase that you can memorize without writing it down.

Hypothetically you can carry a dumbphone, but it's contents won't be encrypted at all and any calls made are in the clear.
greggarious is offline   Reply With Quote
Old Mar 4, 17, 6:52 pm   #45
FlyerTalk Evangelist
  
Join Date: Jun 2005
Posts: 26,770
Quote:
Originally Posted by greggarious View Post
This is true for the iPhone as well.

You can also choose to have an alphanumeric passcode so it's harder to brute force. A 4 digit PIN only has 1000 possibilities - a computer can try all of them in a few seconds. The iPhone has a "wipe after 10 tries" setting, but they can back up your phone and then try 10 tries on millions of virtual images of your phone in parallel.

I'd recommend coming up with a passphrase that you can memorize without writing it down.

Hypothetically you can carry a dumbphone, but it's contents won't be encrypted at all and any calls made are in the clear.
I wish they would implement a two level passcode system. The simple code that unlocks the basic operation of the phone and a more complex one for anything sensitive--but which can also provide authentication to apps and websites. You decide what things go in the secure bin (say, banking stuff) and have only one code to deal with. It would also support a duress password that exposes some but not all of the stuff--put some red herrings in there.
Loren Pechtel is offline   Reply With Quote
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Thread Tools
Search Thread
Go to Top
Forum Jump
Contact Us - FlyerTalk - Archive - Top