I spoke with a CBP officer about this issue. While he didn't directly answer the question, he did say that when they search a laptop, they don't read what appears to be "correspondence" unless it appears to be "material evidence."
He also implied that refusing to provide the password wouldn't be a problem from their perspective, as they have computer techs who can examine temporarily-seized computers. While I'm sure these folks can easily defeat the basic Windows password protection, I have heard stories of CBP trying to search a computer and giving up because the machine is running Linux, Mac OS X, or some other non-Microsoft OS.
Also, one could encrypt the files, which would offer much more protection than a simple password-required login system. With strong enough encryption, it would likely be impossible for CBP's computer techs to read the files.
I don't know how the Canadian Customs folks do things, but I get the impression that they work together with CBP and follow many of the same procedures. For example, sometimes the officer will change the questions during a routine border interview to trip up anyone prepared with a cover story. One day I entered Canada and returned to the U.S. the same day. Both the Canadian and U.S. officer changed the standard "citizenship?" question to, "Where's home"?
Location: Commuting around the mid-atlantic and rust-belt on any number of RJs
Programs: TSA Random Selectee Platinum, * Gold, SPG/HH/MR mid-tier, and a tiny bag of pretzels.
Posts: 8,136
Quote:
Originally Posted by Deeg
Ha. Speaking for me, I'd tell you to shove your form up your behind. The law allows him to search it and does not require compliance with your corporate policy.
Of course, if he tried that with someone with just a bit of determination, he'd see nothing.
Quote:
Originally Posted by Deeg
A third is that there are some inspection methods and technology that are simply not for public knowledge.
Don't kid yourself--the private sector invented all of them, and sold most of it to the feds.
Quote:
Originally Posted by Deeg
Agreed. I consider myself to be a rather computer-savvy person, but without either my tools or the owner's cooperation, I wouldn't have a chance of finding well-hidden files.
I can guarantee that without my help (and I'm just a mild-mannered network type) you would never see a thing on my laptop without my consent to a search that I'm not required to give to CBP or anyone else absent a court order.
Alternatively, interagency cooperation to the tune of several days/weeks/months/years of distributed computing time might do it, but I'm quite sure that invoking that kind of cost more than once and finding nothing on this mild-mannered traveler's laptop would quickly result in a serious reaming from the powers-that-be.
My solution would probably be to ask the sup to simply pull the drive and let me go on my way such that I might miss the hours of ensuing carnage and headbanging.
Since the CBP guys would probably detain one as long as possible while all this was happening, I'm really hoping that I have some popcorn handy, because watching it is going to be akin to the keystone cops. Really.
At the end of the day, this is trolling for really stupid purveyors and watchers of kiddie porn. Anyone with anything truly sensitive has it stored in such a way that the local yocals at one's friendly border stop are not going to see it without calling in the reserves from DC.
__________________
This space for rent.
Last edited by ClueByFour; Dec 28, 05 at 11:32 pm.
Programs: United 1K Delta 2MM/GM/FC Marriott Lifetime Plat Hertz 5-star
Posts: 9,560
I agree completely. The notion that the Feds have some sort of secret decryption weapon is clearly false. The NSA runs into messages that can't be decrypted all the time. (Some say all you have to do is write in Arabic!!! ) Also, remember about 10 years ago when NSA wanted a law requiring a "back door" into all encryption algorithms? They didn't get it, but if they're so smart, why would they need it?
CBP can obviously search physical devices. They can take your computer apart into nuts and bolts if they like -- and they don't even have to put it back together again! But they can't force you to divulge encrypted contents. Only a court can do that, and even they need probable cause. And then, you can refuse to comply and just sit in jail for contempt of court. There are worse fates. (Suppose, for instance, that your computer contains video evidence of your history as a serial murderer. Wouldn't you prefer contempt of court to disclosure?)
Programs: WN CP, A-List; CO Plats; NW Golds (ex Plats); Hilton Diamond; Marriott Silver; Club Cholula™ Plat
Posts: 19,249
Quote:
Originally Posted by Kremmen
It doesn't require one. I treat Windows as inherently insecure and consider password protection of it pointless (against any intruder with any real knowledge). I assume that I would have had to provide any password if asked, just as I had to unlock my checked bag to let them search that.
The funny thing is that I had been considering just the night before whether to disable the Windows boot altogether and make it boot straight into Linux. I so wish I'd done that, because I've have loved to have seen what he'd have done with a Linux command line.
Cheap substitute: Place the C/D ROM drive at the top of the boot drives and leave a Knoppix bootable C/D in the machine. He can still get to the Windows drive but it's more of a hassle.
This might also limit the damage possible by powering down improperly since Knoppix accesses Windows drives as read/only drives.
There are various encryption programs that should allow you to turn any laptop search into an even greater waste of time for TSA. They are all readily available and much of the encryption is virtually unbreakable. While I'm sure the federal government is perfectly capable of cracking this code if they wanted to, I'm sure airport security is NOT highest in the pecking order of new decryption technology. You'd really have to frustrate a Customs officer for them to deem you important enough to focus a lot of effort on you.
Note, there are also programs available that will allow you to encrypt data on a mass storage device (USB drive, IPhone, Digital Camera, etc). The important element of this system is that the data is not identified as an encrypted volume, thus eliminating suspicion. It will only be recognized as data when connected to a specific computer and then loaded by the software on the host computer. I assure you no average customs agent is capable of pulling this off.
Given the general topic of this folder I'm sure most of you don't need this type of security.
Best in Class 
