More Courts Saying That Customs Officers Can Look Through Your Laptop
from the don't-keep-anything-secret-there dept
We first discussed this a while back, but it appears that more US courts are agreeing that customs agents have every right to snoop through your computer before letting you into the country. This issue is getting some people concerned, as they point to the vast difference between bringing tangible goods into the country (which, reasonably, can be searched) and all of the information you contain on your laptop (which, increasingly, is like a backup brain). Of course, since most of the cases testing this theory involve people who were found with child porn on their laptop, it’s no surprise that there hasn’t been as much discussion of the cases. People generally don’t want to be seen as siding with child porn. However, it is a much larger issue, especially considering how much personal and private information most folks have on their laptops these days. If these searches are allowed (as it appears they will be), how long until the process is abused? How long until some confidential or embarrassing information is leaked just because a customs official snoops through someone’s laptop?
Filed Under: border crossing, customs, laptops, privacy
Comments on “More Courts Saying That Customs Officers Can Look Through Your Laptop”
How much are they willing to actually look
Searching through a laptop may not sound long and arduous…but imagine looking at someones backup brain.
I can’t remember where I put the vast majority of the files I don’t regularly use. What are the chances your typical customs agent will know how to search through complex file systems to find files someone really wants to hide.
I would imagine that unless they train teams of highly specialized personnel to accomplish these digital snoops the very idea is bordering on preposterous.
How do you determine who to search? Or do you search everyone? Thousands of people with, nowadays, hundreds of gigabits of data…
Maybe just limit the inspection to people coming from high risk areas…but then isn’t the vast majority of the internet readily accessible from much of the world?
I think that this will soon spin either way out of control or fizzle into the background only coming up when a lawsuit does. (refer back to why are they picking on me question)
Depends on what you put in your luggage
A lady friend was concerned that she might be selected for a more through security screening of her checked bags where the screener would paw through all her stuff. Nothing illegal, it’s just that she felt it wasn’t anyone’s business what brand of vibrator and lube she used and didn’t want other people know it as well.
There are limits to what’s searched and why. I suppose that anything you don’t want the customs people to see should be encrypted. This isn’t the UK where you have to provide your encryption key. Yet.
Anyone flying in the US with a sex toy should wash it before use. Sometimes we wrap the inspection notice around them but not always. They’re often shown to everyone when found.
Sincerely (and unofficially),
TSA
I find it mystifying why anyone would travel with a laptop containing personal/financial/potentially illegal information. Store this stuff on a flash drive and simply “forget” you have it with you.
Re: Re:
There are much better ways to hide that data than using a thumb drive. You can keep an extra (encrypted?) partition that you leave unmounted while traveling. And why the blue hell would you give your root password to a baggage screener so they can get to your folders that only have root permission?
Re: Re: Re:
Better yet, remove it before you leave, or at least copy it to your flash drive before leaving and clean it off the machine before you return.
My question is what do Customs feel they’ll find on a laptop that is within their jurisdiction?
EtG
That begs the question...
If they’re allowed to search through your laptop, are they then allowed to search through any other data storage device? Will they be legally allowed to dig through the contents of any thumb drive that I have with me? What about my smartphone? It has a 2GB memory card.
If we’re not legally required to provide decryption keys to US authorities, does that mean that we can install Full-disk encryption on our laptop and when they are unable to even get the laptop to boot they’ll just have to wave us through? Somehow I doubt it. But if we don’t use FDE and instead set up an encrypted directory or partition would we be likely to slip through?
For that matter, should we be legally required to provide a password to allow someone to log onto our laptops?
Regarding Jerry’s suggestion to store confidential/personal data on a thumb drive instead of a laptop hard drive, that’s easy if you only have a couple of gigabytes of data. But what if you have 50GB of data?
With the prevalence of open/free WiFi, I’m wondering if it doesn’t make sense to just store everything on a server at home (where it’s encrypted or whatever) and then open a VPN tunnel from the laptop to home any time you need something.
at least you dont have to hand over your encryption password:
http://www.news.com/8301-13578_3-9834495-38.html
this sounds mildly reasonable. anything on my computer not encrypted is treated as being in plain view, just like if you kept your stash on the dashboard of your car. keep your stuff hidden and the cops need to show they have a good reason to be looking there.
Re: Re:
Good news that I don’t have to give up my encryption password…
We travel to Europe a good bit for work and I have a lot of proprietary stuff on my machine. The whole hard drive is encrypted.
I have a feeling that telling the Border agent, “Sure you can look through my laptop, but can you sign this NDA first?” wouldn’t go over so well.
Simply done.. zip/rar up yer child porn, or whatever it is you want to hide, password protect it, and rename the zip file temporarily to system32.dll or something important-system-related-like. Stick it somewhere good like in yer system32 directory in windows, and presto, nobody will find it. Even make it a hiden file if u like.
Seaching laptops will only catch out stupid people, like those willing to have child porn in the first place, so no biggie I say.
Re: Re:
The “go ahead and search because I have nothing to hide” meme is a very frightening and frankly cowardly way to deal with this issue.
The more of us who voluntarily abdicate our rights for the sake of convenience or safety, the faster will find those rights disappearing.
Rights – like muscles – have to be exercised regularly or they atrophy.
A friend of the family was trying to enter the country on a visitor’s visa. When the immigration officer looked through her notebook computer and discovered a resume, she was detained and returned to Brazil. The resume indicated she had intent to break the rules of her visa.
I often travel internationally for work with my laptop, and my laptop carries several versions of my resume. I suppose I should now be worried at every port of entry around the world.
im just wondering what exactly are they looking for?
i get the child porn thingy, but i really doubt thats all they are concerned in? will they ask me to provide invoices for the software installed on my system?
this is stupid
Another simple solution is this… Before you leave, take out the 2.5″ laptop hard drive from the notebook. Hide the Hd in your pocket or some place the customs assholes would never think to look. When they power on the laptop and say “hey why won’t it boot up?” explain to them that your hard drive recently crashed and you haven’t had a chance to get it fixed yet.
This has nothing to do with child porn or security. Just yet another excuse for governments to invade our privacy and violate our freedom. It’s B$ and it does need to be protested. Hell, if I ever go across the border again and they search my laptop, when they ask where the HD is, I’ll tell them the truth. I’m hiding it because I do not want my privacy and rights violated. If they don’t let me cross, fine. I don’t want to visit a country who treats all their visitors like instant criminals. Fuck that shit.
abuse will be when your thoughts or ideas are not politically correct
can they go through my notebooks, address books, sketch books, essays, texts?
yes, they can, but up until now i cannot be arrested for their contents…. usually
seems the laptop is a chance to increase the potential for being caught with something wrong…. in your mind
lucky we all read kafk when young, we are prepared for what is coming
Of course…. The government can do whatever it wishes.
We are only to OBEY, not question or think.
Encrypt your data
Porn or otherwise, you’d be foolish not to. You can quickly and easily encrypt data on your winblows boxes to 256 or even 512 bit. At that level it would take months to decrypt anything for review.
Or better, use your favorite Linux distro and an encrypted file system.
Re: Encrypt your data
Linux blah blah blah…
Same tired old bs.
Re: Re: Encrypt your data
You’re right.
I’m tired of hearing about lacking Winblows security and the many strengths of the Linux kernel. This is getting to be a dead horse. Yes Windows sucks. Yes Linux is better on all fronts (ahem, not gaming, almost all fronts).
Please let’s move on.
Or wait… I’ll just avoid flying at all cost! 🙂
I've solved it..
I simply refuse to fly under any circumstances. A two day car trip is a more reasonable solution than facing the flight fascists. If more people take my position, this won’t end well for the airlines, and if there aren’t any airlines then the fascists get to go back to flipping burgers at DickMe’s. It’s much easier to face them in their home environment with the paper hat on their heads and the spatula in one hand.
Re: I've solved it..
Yeah, I drive from New York to London all the time.
@Da_ALC - go one step further
Go one better and dump the file on any of the many free web based storage sites. Once in the country, download, rename, unzip and decrypt the file(s).
Anyone with anything to hide and half a brain can circumvent the search. It is another instance of criminalising the innocent. Remember DRM and the pointless problems it caused the innocent?
This is a waste of time/money/resources. Further more, it shows how poor the technical understanding of the legislators is.
Face the facts
If you are caught with such ilegal material, then you should pay the price!!! The main point is not to HIDE the information, the point is the invasion of privacy and possible disclosure of personal information publically.
What worries me about these, “Well just encrypt your data.” comments is that the government will just tack on a provision that will require passengers to provide full access to all data storage devices, including passwords, biometrics (fingerprints), and keys.
Security screener funny
You should read this: http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/index.html
“About two years after 9/11 I was selected at random by a TSA agent for additional security screening at an airport checkpoint. I was asked to remove my hat, shoes, belt and jacket, after which I was told to spread my arms and legs for electronic ‘wanding’.
When I asked why I had been chosen for the extra attention, two more agents quickly appeared and their unsmiling faces emphasized that airport security was, indeed, very serious business. “We need to be sure you don’t have anything you can use to take control of an aircraft”, the screener told me. I will never forget the absurdity of his words.
You see, I was, in fact, about to take control of an aircraft, an Airbus A320 to be precise, and fly it up the Potomac River to LaGuardia. That’s what airline Captains like me get paid to do. That’s why I had showed up at the airport in full uniform, properly credentialed and ready to go.
Security was then, and remains now, largely a sham. It’s all about politics and the appearance of vigilance. It’s about collecting pocket knives from forgetful, but otherwise law-abiding people.”
Source for this clip: http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/index.html#comment-3747
Doesn't federal law prevent this?
AFAIK, the regulation known as HIPAA (Health Insurance Portability and Accountability Act) expressly forbids the disclosure of private health information by anyone not involved in the care of the patient (with few exceptions, none of which include the TSA). So, if a TSA official opens up your private health file and sees your private HIPAA-covered information, isn’t that a violation of federal law?
If so, I may have finally found the one good thing about HIPAA.
Re: Doesn't federal law prevent this?
The TSA is not Customs and Border Protection.
The TSA are the underpaid fools who supposedly will prevent terrorists from making it onto a plane but really just make air travel all that more annoying.
Customs and Border Protection are the people who supposedly will prevent terrorists from entering the US (we’ll forget the whole ‘we let the 9/11 terrorists in’ thing) but really just add an hour or so to your travel time at the Canada-US border.
You talk like there is no abuse of personal info p
Hey,
The days of secure data are long long gone, and even more so with wireless. All that is left is to rub it in our faces, rather than being secretive (doublespeak) about it.
The only reason your bowel movements are not monitored is because the government is not interested. It is not about rights any more, about the rights of government to protect itself from (itself) its citizens and any human or noun.
i believe hipaa only covers the disclosure by the doctor (or health care provider, or other hipaa covered entity), thus the TSA person looking at YOUR info on YOUR computer doesnt violate hipaa. now, i would think that if a doctor has his practices medical records on his computer, he would then have to take steps to prevent the TSA from looking at it as he would be violating Hipaa (but i would be surprised if hipaa doesnt carve out providing the info to comply with law…..which this could be…)
Here is the solution
TrueCrypt – It’s free software that easily does the following. Creates an encrypted “drive” for you to store stuff in. Here is the cool part. It can partition this drive into 2, with different passwords for each. You have one “safe” drive and one “public” drive. When forced to provide an encryption key, you provide the one for the “public” drive. There is no way to to tell there are two drives….as they appear as a single file on your computer. It’s called plausable deniability.
Dead Battery
Oops. And the cord is in my checked baggage. Darn. Sorry.
Oh yeah. And so’s the hard drive.
Re: Dead Battery
Yeah, because you never have your luggage with you when you go through customs….
GOVERNMENT SNOOPING
GOVERNMENT SNOOPING IS OUT OF CONTROL. THIS HAS TO BE STOPPED. IMAGINE ENTERING THIS COUNTRY AND HAVING SOMEONE LOOK INSIDE YOUR COMPUTER. I AM TELLING YOU IF THIS SORT OF THING CONTINUES IT WILL NOT BE LONG BEFORE WE ARE GETTING E-MAILS THAT THE GOVERNMENT DOES NOT LIKE CERTAIN THINGS THAT WE ARE DOING. IT SOUNDS FAR FETCHED BUT IT WILL NOT BE LONG BEFORE THEY START TELLING US WHAT BRANDS OF PRODUCTS WE CAN PURCHASE, OR WHO WE CAN ASSOCIATE WITH. WHAT BOOKS WE CAN READ OR WHICH WEBSITES WE CAN VISIT. ENOUGH IS ENOUGH BEST REGARDS BRADLEY STEWART
Precedence to inspect, will be precedence to copy
(my comments from Slashdot, cross-posted)
Precedence is the true problem here, not searching for kiddie porn.
It’s quite reasonable to say that customs inspectors do not have time to dig through someone’s laptop. In the future, as the number of international flights continues to rise, the time a customs inspector has to look over your luggage will drop significantly.
Therefor, it’s quite reasonable to presume that at some point in time in the future customs officials will have at their disposal a mechanism to quickly backup the hard drive for “inspection” by a third party. Of course this will be made easier with some new standard that is required in all “portable computers.”
The problem then is not if the customs agent is reading your personal documents. The problem becomes what does the third party, contracted to review all data, do with that data while they have posession? Share your love letters with the FBI? Share your medical data with your insurance companies? The possibilities are endless, and it all starts with the expectation that customs officials have the “right” to view all data on your person.
Shane
Who can access your company computer?
I travel with a pharmaceutical company computer. Anyone accessing a company asset must first pass a security screening. What do I do when a government lackey wants access?
Passwords
If you’re using windows.. You have the simple solution of putting a password on the intro screen. You know, the one where you choose the “profile”?
AFAIK, its not technically encrypted, but it is protected.
linux...
well linux does have a huge advantage here, configure it to start as a command line, sit back and what a ‘user friendly’ experience in action.
you will either get a bit of paper to say it has been checked, probably with a sigh. or investigated more.
this almost makes sense though, since I dare say it will mostly be used as a legal method of searching electronic devices of people being watched anyway.
of course it will also be used by the board to target the annoyed.
This is the TSA we're talking about not tech suppo
Dual boot
windows Me on the first partition
Whatever OS of choice on the 2nd
Hide OS selection menu
Or you could just leave a Knoppix cd in the drive or boot off of a SD card that was left in the laptop.
Regardless of the work around this needs to be fought.
solution: Ron Paul VOTE!
computer search
Tyranny comes in many forms! Though distastfull to most of us the argument of this being an extention of our memory is good; and although IF PRINTED, it would be illegal, it coorelates to thought NOT spoken or printed is NOT ILLEGAL, but IF SPOKEN orPRINTED could be
Automated Harddrive Search
Apparently Customs officials use Encase on your machine to search your hard drive. Seems as automated as running your bags through the x-ray machine and can find things you thought you had erased months ago. Not too sure what they’re looking for though, obviously child porn and evil crap like that, but are they looking for dvd rips, cracked software etc.
Heres where I read it;
http://chat.extremetourist.com/index.php?showtopic=249&st=0&p=1243&#entry1243
Re: Automated Harddrive Search
It looks like the link you posted changed (site is now http://www.itourist.com/ ) :
Very scary if they indeed are using Encase.
http://www.itourist.com/forums/index.php?showtopic=249&st=0&p=1243&#entry1243
From what I understand Encase not only makes an image of your hard drive, but it makes a true image where they can locate items that have been deleted.
I don’t carry anything illegal on my laptop, but I do have personal data (finances) and work material (proprietary) that I wouldn’t want anyone else to have, including US Customs.
I’m now using a clean hard disk when I go overseas just because of this.
on this
security is always suscpcious and given that this world is ruled by those who have the power and want to have world resources in their control;they can do anything they want to suit thier interests;so donot be scared of such moves
So here’s the question. No one has a problem with people transporting child porn being arrested, of course, but what about when it comes to perfectly legitimate pornography? Different areas and countries have different obscenity laws and I would hate to lose my computer because of some perfectly legal graphic pictures I downloaded at home. Just leaving your laptop behind is not so easy as people make it sound. I suppose I’ll have to get used to moving my porn on CDs in my checked luggage or something, but what an inconvenience when it comes to long-term travel!
Dont get into what you dont understand
Its funny how people talk about security when they know NOTHING about it. Frustrating. How do you believe we (CBP) are supposed to prevent terrorist, money laundring, child porn, (you know, all the stuff you wish people wouldnt do…) from entering the country? There is WAYYYY more intel on these items that we have access to than you think. It is totally appropriate to do this. We are extremely professional in what we do. We dont care if you have porn, or embarassing pic or videos. That info does not leave the inspection area. I GUARANTEE those who dont agree with this authority would be singing a different tale if they knew all the terrorist alone we have prevented from coming into this country from laptop searches. We have a great amount of authority, but we are not untrained professionals! We accept the TREMENDOUS responsibility we have to the people of this country and more specifically the people we inspect. Bottom line is, if you dont know what your talking about… STAY OUT OF IT! ESPECIALLY when it comes to National Security. Just a suggestion.
Re: Dont get into what you dont understand
you know this is all too eerily reminiscent of the third reich…not only do you falsely democratic bush administration swine tell people this is to prevent terrorism, but you dare pry into your OWN peoples’ lives, which are said to be so firmely protected by your defender of international democracy, who is in truth the polar opposite. Measures like this will only give rise to terrorist bastards from within, that realise the fundamental rights of freedom, sovereignty, and LIBERTY that were given to the u.s. by the founding fathers have been RAPED just as all of the u.s. population IS NOW!!!
You worthless worm, how bout to suffice to you invasive ways, after i take a dump in the bathroom i won’t flush, and you can go stick your long jewish nose in it and dig around see if you can find any ‘threatening’ information. which i’m sure you will since you can make up any BS and still come out fooling the naive people that nod and agree with everything.
were found with child porn on their laptop, it’s no surprise that there hasn’t been as much discussion of the cases. People generally don’t want to be seen as siding with child porn. However, it is a much larger issue, especially considering how much personal and private information most folks have on their laptops these days. If these searches are allowed (as it appears they will be), how long until the process is abused? How long until some confidential or embarrassing information is leaked just because a customs official snoops through someone’s laptop?
46 Comments | Leave a Comment..
Stolen Technology
I don’t think the emphasis should be placed on what happens at our borders. Rest assured any private, proprietary, business, sensitive, protected technology and etc loaded on a laptop is vulnerable at all international borders.
Companies should establish policies to ensure such information does not travel internationally on a laptop or other media for that matter. If a laptop is needed, issue a sanitized one. However, never travel with protected technology unless appropriate licenses (Departments of State, Commerce and etc) are in place.
See more @ http://www.amazon.com/dp/1439803714