B) DHS and U.S. Customs and Border Protection are evil.
-or-
C) I work for a group that has been classified as an eco-terrorist organization. And due to past terrorist events my org was involved in, they want to find out what I'm doing here.
Doesn't C) explain this so much better than A) and B)?
But then there wouldn't be a story here to report on.
edit: I keep thinking about that, and I don't know how you don't become crazy when you discover that the four or fifth biggest economy (at the time) actively attacked you. A "sane" level of paranoia doesn't exists anymore, you are actually framed by the secret services, you are in the novel, in the movie. They have allies all over the world, the rest is USSR friends you don't trust either or non-aligned third world countries.
Exactly - I don't generally support Greenpeace, but there is no doubt they were a victim of state-sponsored terrorism - the state being France. Actually, it's the only terrorist attack we've ever had in New Zealand, and it resulted in a civilian's death.
France threatened to embargo NZ goods within the EU unless we handed back their terrorists. At which point they were released and promoted.
Terrorism implies violence or threats of violence. Neither Greenpeace nor Chris Eaton can be reasonably labeled as “terrorist” or connected with terrorist actions. Calling such organizations and people terrorist is disrespectful to victims of actual terrorists.
It can be argued that eco-activism hurts “the economy”. But that argument goes both ways: Some practices like whaling, mining, fracking and deforestation do (or can do) massive ecologic damage, and are not sustainable.
Just because some people have committed violence in the name of defending the environment, why does that relate to greenpeace. As far as I know they are are non-violent.
This is what is wrong with the label terrorist - it mixes up people happy to shoot at crowds and bomb markets with all sorts of other people the government finds threatening. The aim of its use is to label people as beyond the pale and therefore not worthy of the protection of our laws. We should be very wary when this label is used.
That these powers have been abused for detaining and searching members of greenpeace, or film makers like Poitras, is a very persuasive argument for me that the government should not have these powers of arbitrary arrest or detention at all.
If it doesn't already exist someone should make an Iphone and/or android app that will let you lock your phone before you go through customs, and only allow you to unlock it at a specified time and/or place. For instance 5 hours after landing at the location of your booked hotel.
That way you won't be able to divulge information held on your phone, even if you wanted to.
Border Control Agents have been issued with devices that can copy the entire contents of your cell phone in a few minutes - the entire contents, using JTAG, of every storage device onboard.
If you've got bits encrypted, great - but there's a lot of stuff you can't encrypt in iOS and Android, in general, unless you work really hard at it ..
This device, advertised to law enforcement agencies, plugs into the phone (or sometimes connects by Bluetooth), exploits it, recovers deleted data, and copies all your texts, contacts, browsing history, GPS history, etc. to a flash drive for the operator. If it's an iPhone it can't exploit, the operator can copy some plists from your iTunes library (which you'd also have with you at a border crossing) onto the device, bypassing the PIN.
Locking your phone or deleting data is pretty much worthless if you're trying to hide from well-equipped law enforcement agency.
I've worke for a few companies that make these products.
They largely depend on public exploits. If you have a fully up-to-date iOS device the odds are lower that someone using one of these kits can image it without a passcode. The companies that make these kits are really dumb and employ bottom-of-the-barrel developers that aren't really capable of writing good code, let alone finding jailbreak-type bugs in mobile stuff.
They also don't have the money (or the contacts) to buy the bugs, so, stick to phones that can't be jailbroken and you're probably safe against these imagers...
Sorry, but no. You may be correct about the incompetent developers of these devices, but the truly competent developers simply use JTAG and do a block-by-block NAND/Flash transfer. There is no protection against this.
the iphone doesn't have a live jtag, does it? you can only use the jtag interface on hardware if the hardware is cooperating (by design) with you, it isn't a magic wand you can wave and get everything... additionally, ios does on-flash encryption of the data partition and you need the phone online to read it (or to get the key), so even if you could get some magical jtag port to give you up all the blocks that store user data, it would be encrypted...
There are debug pins exposed on the standard iOS connector, yes - they may not be 'full JTAG' but they are there for manufacturing and testing purposes, and accomplish pretty much the same thing as you would normally use JTAG.
And yes, you can do a full block copy - with the cooperation of the OS - if you know the back door. A lot of these Border Patrol devices depend on it.
As someone who wrote multiple iOS jailbreaks, the above post is entirely incorrect.
(1) It is almost certain that JTAG is not exposed on an iPhone, as this would be a massive and obvious error on Apple's part, though I do not actually have proof of this.
(2) No type of debug interface is exposed via the dock connector, as this would also be a massive security hole. Rather, as previously stated, imaging software uses exploits, often for bugs previously found by jailbreakers and since patched. (Note that people have used the kernel debugger over the serial interface on some dock connector pins, but only as a convenience after exploiting the kernel to enable this functionality. It is normally disabled.)
(3) A raw block copy of the NAND is useless, because the data is encrypted using the UID key hidden in the hardware AES engine.
(4) Even if you get an exploit running, some information (sensitive information minus the information that's required for operation while locked) is encrypted with the passcode. You can bruteforce the passcode, the process of testing a particular passcode requires using the aforementioned UID key, which you can only ask the hardware AES engine to encrypt and decrypt things with, not actually retrieve. Therefore, without some really powerful hardware attacks, bruteforcing must be conducted at a fixed rate on the phone itself, rather than offline on a compute cluster. If you use a 4 digit passcode, this isn't much help, since it doesn't take long to try 10,000 possibilities, but a good password will take a long time to bruteforce.
Not perfect - among other things, as previously mentioned, you're screwed if they also have the computer you sync the phone with - but not bad.
That makes sense. I'm guessing this is why the forensics company has a procedure for lifting some sort of key out of the paired iTunes library to get access to the device without the PIN.
I should add that these aren't primarily border control devices. Legitimate use-case would be searching a phone seized in an arrest after obtaining a wiretap order for it. They police end up using them to read your entire digital life as long as an officer says that, in his judgement, you may have been texting while driving.
Yeah doesn't really make a lot of sense at the border. Nobody is going to deliberately bring any device with incriminating content over the border, not when you can easily get a new phone and laptop at WalMart for a couple of hundred bucks.
Overkill. Cross borders clean. I reset my phone every time I cross any border. And then resync everything I need on the other side. I have a TrueCrypt volume I download to my travel laptop. It's small but contains what I need when abroad.
The US has outlawed encryption in the past, and tools they once touted as promoting democratic freedom in oppressive regimes are suddenly seen as evil, so you'd probably need to remove all signs of TrueCrypt on your laptop as well.
Depends on what you mean by overkill. Effort? Then yes. Security? Then no. If the data is there but inaccessible you can be detained until it is. If the data isn't there to begin with, there's no reason to detain you.
I'd call that more of an effectiveness thing than overkill. And it would be possible for an app to not unlock the phone until it enters a certain geofence, like the hotel.
I said plain text, not password. And it doesn't side-step anything because when you're in front of a judge and explain why you cannot provide plain text, they'll take your phone from you, get it to the location you tell them, and if none of that yields plain text, you go to jail. Two years, they give you for that.
Sorry, my post was a bit sparse on detail. I keep a TC volume (file) on three separate public file shares. My laptop is clean. I download and install TruCrypt, and download the TC volume once I'm through customs. When I say clean, I mean that there's no trace of anything on any of my devices while I cross a border. That means there's no TrueCrypt, and no TrueCrypt volume on my laptop at all. Why should there be? We have the Internet.
You've crossed a lot of borders before, haven't you, mixmax? I thought about this proposal of yours for a while as I was eating breakfast, and I remember the ways that tangible property of travelers can be handled at a border.
First of all, if a particular kind of tangible property is declared to be contraband by some country, it can be seized at the border. There is nothing you could do about that, if you want to visit that country, except not bring along the property.
Another treatment of some kinds of property is charging a tariff, even if the property will remain in the traveler's possession after leaving the country. I have seen this done. Some items carried by Americans were dutiable in Taiwan even if they were not items that would be sold in Taiwan. (This was in the 1980s.) The customs duty for some items, by the tariff laws Taiwan then had, were equal to the full retail price of the items (mostly consumer electronics, as in the case I observed).
Or the property could be held in bonded storage at the airport until you finish your journey. That happens for some items in some countries too.
To sum up, just because you can lock your phone doesn't mean you will be able to travel around the world with your phone. Try that in North Korea. Try that in some other places, and see what happens. Countries can control the entry of tangible property into their territory if they so choose.
> That way you won't be able to divulge information held on your phone, even if you wanted to.
Bad. If you have nothing to hide, this will make it look like you have, and now you're in deep shit.
From the stories I'm reading lately, chances are that if you answer with such non-sense (sorry, I can't access the information in MY OWN PHONE) they will have someone from border control beat the information out of you.
Haha, you can do that already. Disable that feature that restores your phone after x number of failed passcode attempts, and keep inputting wrong passcodes until it's locked for x hours.
I don't think it has an upper bound but I could be wrong.
I'm pretty sure the cap is one hour and even if its not if he wanted to lock it for 5 hours he would have to wait 1 hour to try again and then 2 hours and then 3, etc.
The cap is not 1 hour ... it is MUCH much longer. At one point I had gotten ahold of my friends phone while he was passed out drunk. He slept pretty much all day, every time the counter ran out, we locked it again. He ended up having to wait 18 hours to finally get to it, since he didn't have his computer with iTunes on it with him.
He'd get text messages/calls and he wouldn't be able to answer them!
I fail to see how everyone is now considered to be a potential terrorist simply because some (mostly) Saudi nationals hijacked a few planes 11 years ago.
It is an affront to our dignity, especially in light of the fact that "General Aviation" (Private jets) terminals are not held to the same level of scrutiny.
I had the privilege of flying on a private plane this summer. "Not held to the same level of scrutiny" is a major understatement. There were no checks whatsoever, only a gate with a keypad standing between us and the airplane. We could travel with whatever we wanted on the plane. Yes, we had as many duffle bags as there were people, and no, nobody was even around to ask what was inside those bags.
It is a clear illustration of the utter pointlessness of the TSA checkpoints. The kind of terrorists who attacked us in 2001 could have used a private plane packed with C4 just as easily as a commercial jet.
Federal agents have lately been doing more searches of general-aviation aircraft. Typically on landing, when the filed flight plan had the plane coming from a state where marijuana has been decriminalized.
Doing the checks on landing doesn't address security though (rather than just drugs), so the airport checks are definitely pointless from that point of view. It's to show the public that politicians are 'tough on crime', even if they're not entirely committed to actually improving anything
I would try to google this but I'm afraid this will get logged by NSA-like agencies and I might be subject to harrassement next time I vist the US. The terrorists surely achieved their end goal.
"It is an international legal phenomenon that is left much to the discretion of host countries."
Yes it is. Every country has this power, and every country uses this power as it wishes. There are plenty of countries that I have no hope whatever of visiting.
> In the 2011 DHS document, the CBP says it can conduct a "brief physical inspection," such as switching a device on, to demonstrate that it is not a container for illegal substances, but it has the right to "search [...] the device's contents." A device can also be detained, which can result in a copy of the data contained on the device being stored for latest forensic searches. And a copy of the data can be used for "evidence of continued or future admissibility." Device detentions can are often returned within seven days, but can be extended up to 14 days, the document says.
This means: If you don't want to give random people your data, you can simply not travel with any devices such as a phone, laptop, tablet, USB stick, SD card.
Well, that's US-American imperialism for you: declare de-facto jurisdiction over everything, afford rights to nobody. Be that at the US border or at US-run detention facilities outside the US like Guantanamo.
I fail to see how "imperialism" applies to U.S. border restrictions. I have found those annoying too (brown + permanent resident) but the word imperialism is incorrectly being applied here, I think.
Germany is enabling the US to continue with these ridiculous escapades by not closing US bases for some minuscule economic gain. If you believe these wars, Iraq, Afghanistan and soon Syria are terrible but want to keep the bases you are a hypocrite and either way as culpable for civilian deaths as any American. Many in Germany are upset about these wars, virtually none want to close the bases. Serious willful disconnect there.
I don't see too many Americans chomping at the bit in favor of US intervention in yet another nation which poses absolutely zero viable threat to the the USA.
We're sick and tired of interventionist policy, since Korea, Viet Nam, etc, etc, etc.
To hold American citizens culpable for the actions of the government which lies to us and spies upon us while claiming "Moral High Ground" is to ignore the fact that we are no longer informed, so the "consent of the governed" is no longer present.
You must not get out much. There are a lot of Americans chomping at the bit to "stick it to those ragheads." It doesn't matter which Middle Eastern country, as long as we go over there and "kick some ass" against people that are different than us, they are 100% on-board.
I think they are US jurisdiction, not territory, it's like an embassy.
There are ways to remove them. There might also be a reason to remove them, in light of the spying involved, if Germany discovers for example that SAP is more negatively impacted by the US spying than positively by the commerce with the US. Same with planes (that's where the suspicions are the highest) car makers and tool machine makers.
I think your example of SAP is spot on. People see all these news about war, US vs. the world, etc and they take sides, become angry, etc while not questioning the obvious: who is going to have a material gain from this all?
I've become quite a cinic about these things and I think economic power / money will usually be behind most of it. Unfortunately I don't believe in countries helping poor people in remote lands, government worried about killings, pride in being the beacon of democracy, etc. It's all about power and money.
The US will try anyway. Years ago, when the F-117 was still in use, the USAF would regularly acquire permits to fly cargo planes from Germany to Italy over Austria. What they then attempted was letting a F-117 fly really close to the cargo plane (Austria wouldn't allow foreign military planes through their airspace unless for very specific reasons) to try to get over the short way through Austria, as well.
The Austrian Airforce found out about that, and intercepted and sent a few F-117s back to Germany.
Actually, the US, the UK and France had contracts with the Soviets that guaranteed them access to Berlin by air. They didn't have correspnding contracts for access via streets and railways, though, that's why the Soviets could block food trucks but not the airlift.
The contracts only allowed very specific air corridors (3, to be precise), which is one of the points why the airlift was so hard to implement at full capacity.
The Allied forces had quite extensive rights in all the other sectors, and not just in Berlin. For example, military vehicles were considered extraterritorial, and had to be let in. And that's what the US and the UK did: they drove into East Germany and rather openly spied on Soviet troop movements and maneuvers.
Why worry about borders when even ex-STASI members have declared they would have loved to had (at their times) the suirvellance tools USA has right now.
Are you serious about your privacy? Never use social networks, crypt everything and never fly to or through USA.
Oh, and by the way now I can welcome myself in the one percenters. :)
Has anyone created a simple, anonymous app (webapp?) to rate your experience going through customs / tsa security? It would: geolocate, allow you to choose airport, entry or exit, and then rate a few parameters of the experience with optional comment.
That's a massive number of travelers crossing the border and a small percentage of those have a bad intent. We often jump at the first opportunity to criticize about our "first world" rights but do we have a better solution to keep the country safe?
I bet many of you don't like the cops ticketing you for over-speeding either. But it keeps the roads safe... for the remaining & from the remaining 98%.
I've never done anything illegal ( not even a speeding ticket). All my documents are clean and valid. Yet, I've been called a 'dog' that needs to be 'kicked out' by an 'immigration officer'. I am not sure how that keeps America safe.
You tell me. How many terrorist attacks have you heard after 9/11 in USA. You can count them on your fingers. Is that good or bad? How many gun related violence have you heard. Don't even start to count. What does that say?
'harassment' isn't the aim, it is an unintended by-product. I believe, a careful screening makes incredible difference.
People living in first world countries often take law & order for granted. When you visit a third world country, you are issued so many safety advisories because you aren't used to weird stuff happen day in & day out.
Uhh...the guys who did 9/11 had already crossed the border. Look, if you are legitimately entering the country, there is a several multi-stage process that involves extensive vetting of the person at the visa issuance stage. I am confused why on earth harassment needs to occur on U.S. territory by a rent-a-cop. Why not simply reject the person at the embassy/consulate?
"How many terrorist attacks have you heard after 9/11 in USA." Hundreds. Every idiot child who talks about taking a gun to school is labelled a terrorist.
Conversely, how many terrorist attacks have you heard before 9/11 in USA? I can't think of any. Wikipedia shows some - total deaths for decade or so I flicked back through: about 5.
When we are discussing about screening at international US border, we can discount the cases that you are talking about even though you may call them terror attacks.
The point here is :
- Does screening at border reduces terror attacks : Yes
There is not enough data to support your assertions. "Count the incidents" is not a satisfactory answer to the question. We did boarder screenings before 9/11 and 9/11 happened.
How many terrorist attacks have you heard after 9/11 in USA.
And how many terrorist attacks did we see before 9/11 and the massive increase in security? I imagine if you looked at the statistics, you'd see no correlation between massive increases in spending and safety. Please do provide figures if that is wrong (but I think you'd have to do better than counting attacks, at least used deaths caused).
Terrorism is a chimera employed to justify wars, drone strikes, and curtailment of liberty, not (IMHO) in some vast conspiracy, but just because it's a convenient and credible excuse, and life is easier in authority if you don't have laws getting in the way. Other threats to public safety are far more dangerous than terrorism anyway, and yet remain relatively neglected.
There is no proof that any of this increased 'security' actually does increase security (please provide some statistics if you have some), and what's worse, whether it works or not it sacrifices too much and gives too much arbitrary power to the government and allows them to harass without suspicion or court involvement.
article starts with a general overview, then explains the numbers (a really small sub section of travellers get into trouble at the border, most for very good reasons like warrants).
and then the article takes a u-turn and focuses on a special case. someone associated to an eco terrorist association. what the fuck.
ever seen what happens in frankfurt if one of the border agents suspects you of smuggling? off you go. they trawl the airport, pick you out of the crowd. they even show this in some reality tv shows, hope you like being on camera.
how about you travel a bit more? any major country has border control, they all are very, very similar.
and what the hell are the mini james bonds in here doing that needs them to truecrypt their shit and wipe their phones? you have HN, github, whatever accounts, you code in public but you need to hide your files? the fuck are you storing on your hds that is not public knowledge? travelling with your porn collection?
"the fuck are you storing on your hds that is not public knowledge?"
Personal emails to my fiance? Personal photographs that I am not posting all over the Internet? Business secrets, maybe things that I had to sign an NDA for? How about this: if you have nothing to hide on your hard drive, send me a disk dump and let me look through. If you do not want me looking through it, why should I feel OK with the CBP looking through mine?
"travelling with your porn collection?"
Suppose someone only has one laptop (shocking!). Would it be that crazy to think that they might be traveling with their porn collection?
i went through 2 passports in the last 6 years, ran out of space.
travelling with company laptops and now additional iPads. never, ever, did anyone want to search my HD. and this is Russia, China, Japan, SKorea, US, Brazil, Argentinia, plus 80% of Europe. none, ever.
and even if. good luck with some powerpoints, pdfs, word docs. emails are in gmail, work is JIRA/confluence/google docs, etc. NDAs talk about preventing willful sharing with
competitors, etc. Reasonable prevention measures, like locking your computer. Border Patrol requesting access? go ahead. unless you're a nuclear physicist working on the next gen thing, what the hell is so important to hide from a border agent that right now wants to search YOU, not your precious employer.
You asked what sort of things I might have on my hard drive that I do not want strangers to view. I gave you answers. Your solution is to store all those things on Google's servers, and then still let CBP look through them if they ask. You go ahead and do that, I will be over here using dm-crypt and PGP to keep my private things private.
If you're not working with important enough stuff that might be valuable in the hands of other people, does not mean nobody else is. It does not need to be military/state-level stuff. Even if the border shitheads aren't actively looking for it, they might get ideas once they see something.
Please send a URL to the uploaded contents of your hard drive so we can see them. I'm sure you wouldn't mind.
>right, absolutely the same case. giving access to a border agent vs. the whole internet
If your argument to the first case is "the fuck are you storing on your hds that is not public knowledge?" then it wouldn't matter whatever it was a single guy or the internet. After all it's "public knowledge".
>and again, i travel a lot and never, ever has anyone given a fig about my hds.
A, the "that didn't happen to me, so I don't see it is a problem" argument.
A) I'm not the right skin color.
B) DHS and U.S. Customs and Border Protection are evil.
-or-
C) I work for a group that has been classified as an eco-terrorist organization. And due to past terrorist events my org was involved in, they want to find out what I'm doing here.
Doesn't C) explain this so much better than A) and B)?
But then there wouldn't be a story here to report on.