In general, this is old news, I haven't traveled with a laptop for 2 years, when traveling internationally, and I wipe my phone of all personal data before departing (it'll resync the next time I plug in back home).

For people who are (admittedly) so smart (such as the person in his article), these people must not want privacy, as there's tons of ways to do this now (remote-desktop, etc). There are statements to be made, and you darn well know that if it's really important it's not on them, and chances are they left a message on the laptop.

Not saying if this is right or wrong (that's a completely different reply), yet one of the first rules of "hacking" is... work with the environment you're given, and identify how to work within it.

OK, but why not just do the simple -- memorise the key, and refuse to hand it over. They cannot compel you to.


True, but as the article notes, once a CBP agent has taken your laptop out of your sight, you have no idea what has been done to it -- they could have installed keystroke logger or even malicious software. Whether they actually have or not is irrelevant, the fact is, once they do that, you need a new laptop -- it's not right.

There's a case in the UK about someone being sent to prison for about a year, for not surrendering their 50-bit key. It's out there somewhere in google.

Part of this discussion is legal/illegal, part is right/wrong, part is how to deal with the environment. It's probably legal, it's probably wrong, and it's definitely dealable with. You deal with the situation, while trying to change the situation.

A few points here:

As to "rights" before entering the US, the proper way of looking at it is that the Constitution limits what the government can do. There's nothing restricting that limitation to only people who are physically in the US. However, the courts have long ruled that the government has a sufficiently-compelling interest in preventing contraband from entering that searches are permitted at the border which would otherwise require cause elsewhere. One way to look at this that the 4th Amendment doesn't prevent all searches, only "unreasonable" ones and the courts have ruled that the definition of "unreasonable" is different at the border. But the 4th Amendment (and all others) still apply.

As to encryption keys, you're much better off having it yourself than giving it to a friend. The courts have ruled that it's a 5th Amendment violation to be forced to reveal an encryption key (technically, revealing the key itself is not, but revealing that you know it is and there's no way to reveal the key without revealing that you know it) in the US (but you can in the UK). However, there's nothing preventing your friend from being compelled to reveal the key.

Others have previously suggested here that you should give the only copy of your key to your attorney because attorney-client privilege then likely protects the key.

I also agree that it's likely there'll be laws and/or court decisions that limit the goverment's power to do this in the not-too-distant future.

The 50 character key is here: Teen jailed for refusing to disclose PW

Someone needs to wake the CBP/DHS up and tell them 'Hey there is this amazing thing out there called the interwebz and even more amazing is this E-lectronic Mail. They both enable people to send and store things away from their computers!'

I believe those agencies and many others are well aware of that. There are many methods to obtain information. Both sides of the equation, the ones that want to hide information and the ones that want to find information continue to and will continue to evolve with the changes in technology.

FB

In response to your first paragraph, that may very well be the case. The policy is not a new one though at all. It has been updated at least a couple of times in the past 13 years that I have been exposed to it.

In response to your second paragraph, In those 13 years I have looked at a quite a few laptops, cell phones, and cameras etc. I have only, in those 13 years, seen one laptop actually detained. My experience is not that the devices are being looked at for other agencies but for the purposes of locating Immigration and Customs violations. The most common things that are being looked for are evidence of employment in the United States. This most often takes the form of computerized invoices, work orders, business correspondence etc. This is no different than when we would find the paper counterparts in briefcases before computers were so prevalent. The other thing that is looked for most often is child porn. That was the circumstances that surrounded the laptop detention that I witnessed. It was also the case that the judge in Vermont ruled that the subject did not have to give up his password.

I am not saying that what describe doesn't happen. I am saying that I don't believe that it happens with the regularity that is implied. I just haven't seen it and I have worked at ports of significant size both land and air that handle a large amount of traffic and have never encountered it.

FB

It would have to be since the technology has changed a few times in the last 13 years!

I absolutely believe that the vast, vast majority of laptop serches or detentions are conducted for the purpose of locating Immigration and Customs violations. (Please forgive me for making a hyper-technical point: You say that the devices are not being looked at by other agencies, but doesn't ICE frequently do the review and isn't that another agency technically? It would still be for Immigration and Customs violations, though).

Interesting; I would have thought kiddie porn would be the more popular search than for work.

That is the theory behind the laptop search, but it is not entirely the same in the case that people carry their whole lives on their laptops. It would be like rolling several personal file cabinets through customs every time one travels as opposed to just carrying a briefcase of papers. It is different.

That's because it is testimonial-- admitting you know a password to a computer is admitting that you have access it and anything on it, a statement which could be incriminatory. In a recent case in the 7th Circuit, the issue of who had access to files on a computer came up and his 'confession' to knowing the password was tossed because the police violated Miranda. It is a funny case. In other words, that knowing a password is incriminating evidence not a novel concept in regular child porn cases and it it was just a question in the Customs context. At least the 5th Amendment still applies there. :p

I'm sure you haven't seen it, but I think its happening once is one too many times. Your agency's policy of zero suspicion for laptop searches (endorsed by the coruts) means that you could search every traveler's laptop, not just those you suspect contain evidence of C&I violations. Your agency's position seems to be that "we don't abuse that power so don't worry about it". It seems like we are seeing evidence of abuse now.

Another way of saying that is paper is bulkly and people don't normally carry more than they have an immediate need for. So, before the laptop era, it was reasonable to assume that almost all papers in somebody's possession when they cross a border relate to the trip they're completing and thus examing those papers is part of the legimate government interest in protecting borders.

But nearly all the material in a laptop is not related to the travel that is being completed and hence is out of bounds of that legitimate interest. The pre-laptop analog of looking at every file in a laptop would be that whenever a person crossed the border, the government would look at every piece of paper in his home and place of work. Clearly, that's not permissible. So why is a laptop search?

If a person has child pornography on his laptop or has documents on his laptop related to his illegal employment in the country or of his involvement in people smuggling, the only way to find those files is to examine the laptop in its entirety. All of the games, recipe files, family photographs, and all of the other legal stuff on the computer would be of no interest to the government, but it still may be given a cursory glance as part of the search for the illegal stuff. It's the same with a person's suitcase. The examining officer would be looking for the illegal (or dutiable or prohibited or regulated) things. Searching through one's dirty underwear and feminine hygiene products may seem personal, but those items are being looked at merely as a by-product of the search for the bad stuff.

Even then, the border search exemption does not extend to READING documents a traveller is carrying with them. Yes, of course, they can go through a briefcase, open a file folder, shuffle through a stack of documents to verify there isn't some contraband or dutiable goods secreted inside. But they cannot decide, "oooh, this looks interesting, let's have a closer look at this draft patent application, or these notes from an interview with a dissident or whistle-blower, or this MoU on a planned merger, let me take a few minutes and have a read through this before I call my broker". That's true whether you are talking about a hard or a soft copy.

That is indeed the other side of the argument, but doesn't negate what I said: the probability of having unrelated objects (that the government isn't entitled to search) in a suitcase is far less than in a computer. The courts will have to fashion some way to deal with issue. I agree that it's not straightforward.

Here's a situation where the documents in a suitcase had immigration consequences. Somebody was coming into the US and was claiming to be a tourist. However, in their suitcase was a bunch of cookbooks. CBP correctly determined that this person was instead coming to work in somebody home because a tourist wouldn't be carrying that. But if those cookbooks had instead been on their computer, it would not be suspicious because why delete cookbooks from your computer when you travel? That's yet another example of the fundamental difference.

Again, the suitcase contains only what one plans to bring on a trip-- the correct analogy would be searching a person's entire closet and not just the stuff a person travels with-- including the items they want no one to see. When you put together your suitcase, you know it might be searched so you don't put anything in it you don't want seen. With a laptop is just isn't that simple.

No one is saying the method isn't effective, but do you see why many people consider it an invasion of privacy different than just searching through papers?

Yes, excellent example. And similarly, whilst items in a travellers possession may support or contradict the "story" they giving the immigration officer, so might things they left at home. But that doesn't the agency has the right to look at them just because they are crossing a border. Cookbooks may suggest someone is actually coming to do some professional cooking, lack of outdoor gear might suggest that someone is not actually travelling to do some hiking in mountains as they say they are. But obviously what they leave behind is almost always more useful in verifying a visitor's honesty, but agencies have no right of access to that. That shouldn't change just because computers make it possible to bring a lot more stuff with you.

Why did the kid "refuse" to give the 50-bit key?

How hard is it to say "I forgot the 50-character password..." ?????

Heck, I can't even recall what my ATM card PIN# is and that's only 4 numbers! :)
(probably because I have the PIN# tattooed under my armpit for security)

Seem to me the solution is to create a data partition, backup an image of it before traveling, format the data partition, travel, return, restore the data partition at home. If you take anything in that partition on your trip, make it only absolutely needed on the trip. Makes good sense anyway in case you lose the laptop.