Go Back  FlyerTalk Forums > Travel&Dining > Travel Safety/Security > Checkpoints and Borders Policy Debate
Reload this Page >

U.S. Customs Warrantless Searches of Computers and Cellphones

U.S. Customs Warrantless Searches of Computers and Cellphones

Old Apr 11, 18, 10:28 am
  #1  
Original Poster
 
Join Date: May 2016
Posts: 31
U.S. Customs Warrantless Searches of Computers and Cellphones

I understand this a grey area and there are conflicting reports online but I havenít found a single report of a US Citizenís experience of what happens if they refuse to provide a passcode to their phone. Is there anyone here who did so and what happened next?
Abducted Alien likes this.
Monking is offline  
Old Apr 11, 18, 11:42 am
  #2  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 12,598
CBP can't prohibit a US citizen from entering the country, but they can confiscate the phone for an indeterminate length of time.

Better idea would be to erase the phone before going through customs, and then restore from backup once you're back home/in office. They can't demand a passcode for information on a phone that doesn't exist.
hossra, zpaul and 4sallypat like this.
gfunkdave is offline  
Old Apr 11, 18, 3:00 pm
  #3  
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
 
Join Date: Dec 2009
Location: VNY | BUR | LAX
Programs: AAdvantage | MileagePlus
Posts: 14,802
There is extensive discussion of at least one such incident in this thread:
"Sterilizing" electronic equipment before coming thru CBP?

Originally Posted by nrgiii View Post
US citizen and GE member forced to unlock phone at IAH

Interesting article about an incident at IAH. Seems that CBT has the power to search your phone but not the power to force you to unlock it?

I'm guessing that a GE member refusing to unlock a phone means GE status goes bye bye?

http://www.theverge.com/2017/2/12/14...ump-travel-ban
TWA884 is offline  
Old Apr 11, 18, 9:40 pm
  #4  
 
Join Date: Sep 2017
Location: YYC
Programs: UA Plat, IHG Plat, AMEX Plat, Nat EE
Posts: 882
I always wipe my electronics before I travel across any border, and never travel with any of my other devices that may have been used to access or store anything that any other foreign service may find objectionable in their own minds.
BSpeaker likes this.
KDS777 is offline  
Old Apr 12, 18, 1:57 am
  #5  
 
Join Date: Jan 2009
Location: LAS
Programs: Hilton Diamond, IHG Spire Ambassador, Radisson Gold, Hyatt Discoverist
Posts: 3,138
Yes. The officer asked to me enter the passcode to my phone. I said no. Hey said "We'll seize it." I said "fine."

They didn't seize it.

At least in the 9th Circuit, they can't seize a phone to perform an off site forensic search unless they have reasonable suspicion of criminal activity.

CBP did release a policy earlier this year suggesting that they can "exclude" your device from entering the USA if you don't give them the password.
jphripjah is offline  
Old Apr 17, 18, 4:37 pm
  #6  
 
Join Date: Jun 2017
Posts: 1
I carry a crappy little flip.
BSpeaker likes this.
Michael A. Williams is offline  
Old Apr 18, 18, 4:47 am
  #7  
 
Join Date: May 2011
Location: San Antonio, TX
Programs: AA EXP, DL Silver, Global Entry
Posts: 1,779
I have to ask if we have any idea how often does CBP ask/demand to examine devices? Does there appear to be pattern like some kind of traveler profiling, certain itineraries, etc? The reason I ask is that since this practice went into effect we’ve traveled back from Europe twice and Mexico once and never been asked about our devices. I was actually thought maybe our last trip that involved a lot of travel in the Middle East might be a tripwire so I took a hard look at sites we might have visited on line and actually wiped our searches, history, etc., just in case.
Randyk47 is offline  
Old Apr 18, 18, 5:13 am
  #8  
Suspended
 
Join Date: Sep 2012
Location: CPH
Programs: Delta SM
Posts: 497
It hasn't happened to me (yet), but I always change my iPhone and iPad from a 4-digit password to 20-digit alphanumeric* before entry to the U.S. I'm also ready for a confiscation if they wish, so I sleep like a baby before landing at MSP.

*Cracking the iPhone:

Law enforcement agencies have a new iPhone cracking tool that works with all modern iPhones and the newest versions of iOS 11, the GrayKey, designed by a company called Grayshift.

Previous reports have suggested the GrayKey can crack 4-digit passcodes in a matter of hours and 6-digit passcodes in days, but as highlighted by VICE's Motherboard, cracking times for the GrayKey and other similar iPhone unlocking methods can potentially be even faster and 6-digit passcodes no longer offer adequate protection.
FredAnderssen is offline  
Old Apr 18, 18, 6:56 am
  #9  
FlyerTalk Evangelist
 
Join Date: Mar 2002
Location: Berlin, SW Florida, and Toronto
Programs: UA 1K, Hilton Diamond, Discovery Black, and assorted others
Posts: 29,052
Originally Posted by FredAnderssen View Post
It hasn't happened to me (yet), but I always change my iPhone and iPad from a 4-digit password to 20-digit alphanumeric* before entry to the U.S. I'm also ready for a confiscation if they wish, so I sleep like a baby before landing at MSP.

*Cracking the iPhone:
Interesting!
FredAnderssen likes this.
LondonElite is offline  
Old Apr 18, 18, 10:47 am
  #10  
 
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTP, Hertz President's Club
Posts: 957
If customs really wants your phone or PC, they will take it and contract out cracking it. They can't deny a citizen entry, but they can confiscate devices. If you're really paranoid (or more politely, just security conscious), it's not unreasonable to take precautions. That being said, the number of seizures is exceedingly small, and new guidelines in 2018 are more restrictive on border searches.

If you use a modern Samsung or Apple device and have device encryption enabled (default on newer iOS/Android versions) with a sufficiently strong passcode and incorrect entry attempts wipe (generally the latter is a default) it's a good start. However, the software is basically validating the PIN (for the Apple devices since iPhone 5S except the iPhone 5C and iPad Air 2 & later, a chip called the secure enclave is in the middle). It's a stronger protection to enter customs with your device off as it ensures the full encryption passcode is not loaded into device memory. Depending on how devices like the GrayKey (post #8) work it might or might not prevent passcode bruteforcing, but not having the key to decrypt loaded into device memory would increase the attack surface. Going with a dumbphone or wiped smart device could be more secure, and then restore from cloud at arrival.

(The fact that Graykey devices require more time to crack more complex passcodes suggests to me that they have figured out some way to prevent the secure enclave on iPhone/iPad from incrementing the incorrect passcode attempt counter up but the end result is just good old fashioned bruteforcing but whether or not that works if the device is freshly booted/encryption key is not in memory as a result is not public knowledge).

If you're using a Windows PC, Bitlocker with TPM will generally preload the encryption key and just have the password screen. For additional protection, you can use group policy to restrict the TPM from loading the relevant key for encryption to device memory until a valid username/password for the system is entered (general partition for system is encrypted, small partition for logon screen is not, TPM throttles logon/bruteforcing attempts). Encryption that skips the TPM and just relies on an encryption key being correctly entered at startup may be more secure (in theory, assuming the key is strong enough).

As a US citizen, upon request from CBP I would personally refuse to decrypt personal devices and would offer CBP to contact my employer on authorization to decrypt any corporate devices (by putting the decision on my employer, the liability for the consequences of choosing to comply or not with the request falls on them.)

Never been asked personally though...
BSpeaker and hossra like this.
phltraveler is offline  
Old Apr 24, 18, 7:53 am
  #11  
 
Join Date: Oct 2007
Programs: American Airlines
Posts: 20
Any police like entities can make demands sometimes even illegal. It is your responsibility to protect your rights. You can always sue them for a violation of your rights.
Scott Kiwi likes this.
taina2 is offline  
Old Apr 24, 18, 8:44 am
  #12  
 
Join Date: Nov 2002
Posts: 9
Electronic Frontier Foundation

On Monday April 23 2018 there was a scheduled hearing in a case Alasaad v Nielsen, filed regarding US citizens having their devices searched without a warrant. https://www.eff.org/press/releases/h...nd-smartphones

INfo about the case is on their website.
sackdzmom is offline  
Old Apr 24, 18, 8:59 am
  #13  
 
Join Date: Oct 2015
Location: Southern Cal
Programs: UA, AA, Delta, Marriott
Posts: 92
Since my phone has nothing I wouldn't show my mother, it isn't fear of secrets revealed that has me concerned about Customs seizing my phone. It's my constitutional rights. I like having them, so why not exercise them when willy-nilly some young government employee gets it in his or her head to violate my rights?
BSpeaker and 84fiero like this.
Scott Kiwi is offline  
Old Apr 24, 18, 10:16 am
  #14  
 
Join Date: Apr 2013
Location: Monterey, CA
Programs: UA Gold, United Presidential Card, Amex Platinum, Marriott Gold, Hilton Gold, SPG Gold
Posts: 58
exercise your rights

Originally Posted by Scott Kiwi View Post
Since my phone has nothing I wouldn't show my mother, it isn't fear of secrets revealed that has me concerned about Customs seizing my phone. It's my constitutional rights. I like having them, so why not exercise them when willy-nilly some young government employee gets it in his or her head to violate my rights?
I agree with Scott Kiwi -- one should always politely decline police and other government authorities attempting to overreach and examine or search your possessions without proper cause. If US citizens don't exercise their right to improper search and seizure, then believe it -- police and authorities will increasingly do such unauthorized searches and seizures. I just recently was pulled over by a very young police officer for rolling through a stop sign, who told me that he had the right to search my car. I had nothing to fear, but I politely refused. He let me proceed but repeated that he had the right to search my car if he wanted. He was wrong (he had no probable cause) and was obviously not listening during training. This sort of behavior will increase if citizens don't know and exercise their rights.

Police and gov't authorities can lie to the general public about nearly anything. Know your rights and exercise them, or we will lose them.
hossra, 84fiero, c502cid and 4 others like this.
photoagent101 is offline  
Old Apr 24, 18, 11:02 am
  #15  
 
Join Date: May 2014
Posts: 3
Border searches are perfectly legal without probable cause or suspicion. As to electronics, according to wikipedia: "Although the Supreme Court has not addressed the standard of suspicion necessary for a warrantless border search of electronic materials, the only jurisprudence thus far, guided by Ickes and Arnold, suggests that customs officers may search any electronic materials (including laptops, CDs, MP3 players, cellular phones, and digital cameras) randomly, without any suspicion, and without any first amendment restrictions."
polarbears likes this.
ForSpud is offline  

Thread Tools
Search this Thread
Search Engine: