British Human Rights Activist Faces Prison For Refusing To Hand Over Passwords At UK Border

from the digital-strip-search dept

As Techdirt readers will recall, in 2013 David Miranda was held by the UK authorities when he flew into Heathrow airport, and all of his electronic equipment was seized, in an act of blatant intimidation. His detention was under Schedule 7 of the UK’s Terrorism Act, which, as its name implies, is supposed to be used only if someone is involved in committing, preparing or instigating “acts of terrorism.”

That was clearly ridiculous in Miranda’s case, and it’s just as outrageous in the latest example of UK border bullying, this time against Muhammad Rabbani. He’s a British citizen, and the international director of Cage, which describes itself as “an independent advocacy organisation working to empower communities impacted by the War on Terror.” The Guardian fills in the background:

Rabbani, 35, from London, is involved through Cage in investigating torture cases. He said he was stopped at Heathrow in November returning from one of the Gulf states where he had been investigating a torture case allegedly involving the US.

He said he handed over his laptop and mobile phone but refused to provide his passwords. Although not a lawyer, he said the laptop contained information about the case and the client refused permission to release it. Rabbani was then arrested.

Rabbani later said that he felt that he had been subjected to a “digital strip search,” and pointed out:

Using this power, [UK] officers can compel a person to surrender their passwords without cause and there’s also no right to remain silent. There is nothing like this anywhere in the Western world.

Rather than dropping the case, this week the UK authorities have formally charged Rabbani under the Terrorism Act. He told the Guardian that he intends to fight, because the move has “serious implications” for journalists, lawyers and human rights, even though he faces three months in jail if he loses. This may be the first time Rabbani’s been charged, but he is certainly no stranger to being stopped by the UK border officials:

Rabbani said he had been detained 20 times over the last decade by border officials and had handed over his laptop and mobile phone. On previous occasions, after refusing to hand over passwords, they were returned to him and he was allowed to go. But not on this occasion.

He’s not alone in being subjected to this kind of harassment by the UK authorities. Figures published in an article on the Middle East Eye site reveal just how ineffective Schedule 7 examinations are at spotting terrorists:

More than 28,000 people were subjected to Schedule 7 examinations in 2015-16 resulting in about 10,000 intelligence reports being filed, according to a report by the Independent Reviewer of Terrorism Legislation.

About 500,000 are also estimated to have been subjected to pre-examination screening questions in the same period.

According to 2016 statistics, only 0.02 percent of stops lead to an arrest. An even smaller number lead to criminal charges.

The good news is that the UK court of appeal has already criticized Schedule 7 for forcing people to betray confidences and thus make it unlikely that others would trust them again with information in the public interest. That holds out the hope that Rabbani will ultimately win in the courts, since his case is very similar. The bad news, of course, is that the US is thinking of demanding passwords from every foreigner who visits the US.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “British Human Rights Activist Faces Prison For Refusing To Hand Over Passwords At UK Border”

Subscribe: RSS Leave a comment
84 Comments
AL says:

Re: Ouch

Nice try, however the powers are far more reaching than that. Under this legislation it’s theoretically possible for the examinee to be required to give the examining officer all the information in their possession that the examining officer requests. That means all cloud passwords, social media details, all bank account details, all details of everyone else including work issued logon and passwords, and anything else you can think of. . . . and this power can be exercised “whether or not he has grounds for suspecting” that the person has had any such involvement in terrorism.

The only exclusion that I can see is “officers should take care not to copy material that is, or may be, subject to legal professional privilege”. Note that is not refusal to give, or let them see and read, but only not copy

Anonymous Coward says:

Re: Re: Re: Ouch

For bank account details, of course. Just keep one bank account with enough for your trip, and all the rest of your money in another account, and only give HM Customs the details for the account you intend to use while in the UK. And, of course, keep your travelling account and your main account in separate banks.

Machin Shin says:

Re: Typo...?

I think we are already well into that. I know I personally try and avoid flying whenever possible, and that is just within the country. I am really hesitant to take a vacation that involves leaving the country. I can’t imagine what it is like for those people who try and vacation to the US.

“Welcome to the US, let us start your vacation off right! Step right over here so our officer can dig through your personal belongings and your electronic devices. Once your done there, in case that wasn’t humiliating enough, move forward to the next station for your complimentary sexual assault. Then if your one of our lucky winners you might even win a full cavity search!”

Roger Strong (profile) says:

Re: Re: Typo...?

Here in Canada, university and high school and other large group trips to the US have been cancelled. There’s a good chance now that someone in any large group will be turned back for having the wrong religion or birthplace. Cancelling the whole trip is usually found to be preferable to leaving someone behind.

The grope checks and porn scans starting a decade ago didn’t help. The new “digital strip search” rules make it worse.

Cowardly Lion says:

Re: Re: Re: Typo...?

Yep, this includes me, some family members and friends. A group of us were to go to the USA to watch the 2017 eclipse but it’s all dead in the water. The killer came a few months ago when a TSA spokesperson said that their screening was going to be even more rapey. That got added to the sad litany; Trump’s racist travel ban back in January, the recent bullshit about electronic devices in carry-on, the threat of being robbed by cops, the quality of the drinking water, being forced to hand passwords over to immigration officials…

Anonymous Coward says:

Re: Re: Re:

But the devices are wiped, there is no password to hand over to them.

That is why, when I cross into the USA and Canada, when I take road trips all over North America, I wipe my devices, and don’t leave any passwords on them they can CBP or CBSA can demand.

If the data has been wiped, there is no data or passwords for them to demand

Anonymous Coward says:

Re: Re: Re:2 Re:

There is no possible way they know the device was wiped. If, after a factory reset, you put a few apps on to make it impossible to determine the phone was wiped.

it would be obvious if you had a squeaky clean phone with no apps installed on it. Just install a few apps to make it look like the phone has been used since the last factory reset.

You just need to know how to fool Customs where they will not know the phone has been reset.

Roger Strong (profile) says:

Re: Re: Re:3 Re:

The call history logs are a lot harder to fake. No calls having ever been made on the phone would be a dead giveaway.

You’ll also need to create fake contacts, fake email, fake web favorites, fake web browser logs etc. By that point it’s not worth the hassle.

(I’m guessing that it’s those contacts and emails that they’re want. Trying to create a vast database of who knows who. So that when a person of interest is identified, they can see everyone they’ve ever been in contact with based on OTHER people’s contact history.)

Anonymous Coward says:

Re: Re: Re:4 Re:

Deleting a call log is not illegal. I do that all the time to keep from accdidentally butt-dialing people. I find that periodically clearing the call log is the only solution to that.

If a Customs agent asks why there is no call log, just tell them you periodically clear the call log to keep from butt-dialing people.

Anonymous Coward says:

Re: Re: Re:4 Re:

I always delete my web history from my devices anymore, before crossing into either the USA or Canada.

You can have illegal stuff on your devices without even knowing it, and people have been burned because of that.

Deleting and obliterating web history on your devices, before passing through Customs is not illegal in the United States or Canada. So I am breaking no laws in either country by wiping out and reinstalling Windows on my laptops.

I have two versions of my Windows installations, one with a pointer to the VPN on my home comptuer, and one without. I have the one without the VPN credentials to my home computer, or any indication I acessed my home PC remootely, on there when I pass through US or Canadian Customs, so they cannot demand the passwords to my home computer. Then, after passing Customs, I just re-image the laptops with the version of Windows that does have the credentials for my home computer stored.

I also have a version that neither has my bank info on there, or any stored passwords for such. Of course PayPal, and some banks have made it where your login information does get stored, and you have to re-enter every time you log on.

And there is no law against doing this in either Canada, or the United States. Deleting and wiping web history, and other stored browser info, before passing through Customs.

And there is a way you can create fake call history. Before returning home, just use something like SpoofCard to make a few spoofed calls to your phone and put a bunch of random calls into the call log. Customs will never know you made spoofed calls to your phone, and this dos not violate either Canadian or US laws to make spoofed calls into your own phone for that purpose

Joel says:

Re: Re: Re:4 Re:

You could proabably get plausible deniability if you wiped the device, then used it for a few days to get some typical travel stuff on there and when asked just say you were worried about data being lost to pickpokets etc on your travels. Basically you admit to wiping it, but also have a sensible cover story. Protecting trade secrets from the highened risk of thieves on your travel would be plausible I think. In a sense it’s even true, only that the criminals are the border agents.

Anonymous Coward says:

Re: Re: Re:4 Re:

One way to foil any file recovery is to go to the cellphone store, get a new phone, and have the seized phone bricked. When a phone is reported as lost or stolen, the phone company bricks it, so that it cannot be used. Then Customs cannot do anything with the phone on account of it being bricked.

Anonymous Coward says:

Re: Re: Re:6 Re:

Since this would be after passing through Customs, if you are arrested, you just simply make bail then not appear in court.

If they put a GPS “anklet” on you, that can be jammed with either a GPS jammer, or a jammer that jams mobile data connections, rendering the monitoring station not able to locate you.

Anonymous Coward says:

Re: Re: Re:7 Re:

A faraday cage the size of a room is quote simple to build, just paper all surfaces with kitchen foil. More sophisticated versions exist in various labs for the purposes of EMC testing. Also shipping containers, box vans and metal sheds work quite well, the latter often being used by thieves to defeat car tracking systems.

Anonymous Coward says:

Re: Re: Re:8 Re:

A better way to defeat a car tracking system is to use a GPS jammer. It is more foolproof way to do it.

Jammers are going to be an issue, if God forbid, we have WWIII, which could well happen, assuming it did not go total nuclear, which I don’t think Putin would want to do right away.

When gas rationing was done in WWII, it was not for a shortage of gas, but a shortage of rubber. With electric and hybrid cars out there, enforcing mileage limits, which is what WWII gas rationing was meant for, to save rubber, could only be done on electric cars using GPS tracking.

There is also the fact that, unlike WWII, cars get all different kids of mileage, where all cars got pretty much the same in WWII, so GPS tracking is the only it can be enforced, but it can also be jammed.

GPS tracking can be defeated with a jammer, making wartime mileage limits, to save rubber, unenforceable, if WWIII should happen.

Anonymous Coward says:

Re: Re: Re:

As far as digial services, you have have “dummy” accounts to give to HM Customs, and keep the real accounts hidden.

As far as them wanting to login to your work network, your boss can also set up a “dummy” account on the company VPN, and you just give that to HM Customs, so they will not find anything.

I am trying to start my own company soon, and it will be policy for any employees travelling abroad to be given temporary “dummy” accounts on the company network, so HM Customs, CBSA, or CBP will not find anything, when they access those accounts. It CBSA, CBP, or HM Customs do not like my policy, they can all just kiss my ASS.

Same thing with your home computer. Just set up a “dummy” account on your computer, if they want to examine the contents on your computer back home. Make sure that account does not have admin access.

HM Customs has no jurisdiction over a computer in the United States. The British cannot seize a computer in the United States.

Anonymous Coward says:

Re: Re: Re:3 Proceedure to the rescue.

the law and judges really hate this type of bullshittery.

The company involved in this would quickly be charged for facilitating this. Laws are usually written specifically to account for these kinds of tricks. There literally would have to be a way for the business to allow law enforcement full access “or else”.

Anonymous Coward says:

Re: Re: Re:4 Proceedure to the rescue.

Sure – warrants and subpoenas. It’s pretty well-established law, and the vast majority of the time the validity of the search is not disputed.

Limiting access to company systems from foreign countries can be considered good security policy, much like a blanket policy to delete emails over six months old.

Anonymous Coward says:

Re: Re: Re:5 Proceedure to the rescue.

I agree that limiting access is a very good policy. the problem comes to when there is any attempt at subterfuge in the process.

Well… if you get caught that is…

You do not have to be guilty of anything else, just guilty of misleading law enforcement to get into a heap of trouble.

Anonymous Coward says:

Re: Re: Re:6 Proceedure to the rescue.

However, British law enforcement has ZERO authority over a computer network in the United States, so if the admins block access, at the firewall level, from any address belonging to HM Governmenet, they are not subject to any kind of prosecution in Britain, as HM Government has no jurisdiction over computer networks in the United States.

So, a US company blocking all IP addresses belonging to HM government is only subject to US laws, and is not subject to prosecution in Britain

Anonymous Coward says:

Re: Re: Re:6 Proceedure to the rescue.

Not if you delete the logs and overwrite the unused sectors. this way if they seize the servers to examine them for evidence of misleading law enforcement they will not be able to recover. KillDisk has this option. You can either wipe the entire disk, or just the empty sectors. Just overwrite the unused sectors, to prevent any evidence from recovered, after deleting all the logs.

Anonymous Coward says:

Re: Re: Re:6 Proceedure to the rescue.

Limiting access is not illegal. When I ran my online radio station, I blocked all access from all known ip addresses for K-12 schools in the USA.

This is because I also had a message forum as well, and decided to block all known IP ranges for K-12 schools, just in a student was among the users, and school administration decided to demand his/her password for any reason, they would be unable to access my site. And the same service was also configured to block access from all known VPNs and proxies, so that block could not be circumvented.

I was breaking no laws by doing this to prevent school administrators who might demand passwords from students from being able to access.

My network, my rules, I had a right to deny access from whomever I wanted, and if some school administrator did not like that, they could just kiss my ass.

Anonymous Coward says:

Re: Re: Re:4 Proceedure to the rescue.

Just wipe out the evidence of what company did. After full access has been restored when an employee has come back, just use one of the many “evidence elimination” programs on the market to get rid of the evidence. Just delete the logs and then overwrite all the empty space so that law enforcement will get nothing when they do come and seize the serve.

Anonymous Coward says:

Re: Re: Re:4 Proceedure to the rescue.

Another way the boss could do it is to backup the files in that employee’s account and then temporarily delete them, only keeping files in the account an employee will need while they are away. There would no way for law enforcement to find out what you the boss it up to. The restore those files when the employee comes back. There is no possible way the boss can get caught.

Here is another thing. If you are fired for giving Customs your workplace password, you just leave that company OFF the list of places you worked for when you apply for your next job.

Anonymous Coward says:

Re: Re: Re:2 Re:

Another way I will do it is to block all access to the company network, at the firewall level, from all known government IP ranges.

In other words, they will be blocked at the firewall level, so even if those working for me are forced to give their passwords for the company network, the goverment will be blocked at the firewall level. I will block all ranges belonging to the US government, as well as those used by HM Customs and Canadian Border Services Agency (CBSA).

Plus anyone workking for mee will be instructed to notify immiedately if Customs, anywhere, demanded their password, and then the password would be changed ASAP to lock CBSA, CBP, or HM Customs out of the network. That will be company policy. That person working for me can get their new password when they next report for work.

That will be company policy, and CBP, CBSA, or HM Customs do not like my policy on that, they can KISS MY ASS!!!!

Alphonse Tomato (profile) says:

Re: Re: Re:3 Re:

Another way I will do it is to block all access to the company network, at the firewall level, from all known government IP ranges.

That’s so cute. You don’t think a govt employee is capable of using a VPN service to change his location/IP address. And that no govt controls any IP addresses that aren’t publicly identified as govt.

Anonymous Coward says:

Re: Re: Re:4 Re:

Then you block the IP ranges of ever known VPN service. There are services on the net that can handle this. When I was in online radio, I had problems with one troublesome user on my website who just dhd not get the message he was not welcome. Using such a service, I was able to easily block all known proxy, Tor, and VPN IP ranges and lock this guy out.

You could do the same to keep the the government out of your network. After blocking all government IP ranges, you use a service like this to keep the government from using any kind of VPN or proxy to gain access to your network.

Using a service, like blocked.com, is how sites like Netflix, BBC, and others are enforcing their VPN bans. The banned IP list is updated by the service, and it is foolproof, as it also blocks incoming access from all colocation centers, where VPNs are hosted.

Anonymous Coward says:

The guy must of been a real asshole to the people detaining him. Like it says in your citation that 97% are released in under an hour so I get the feeling there’s a lot more to this than we’re being told. I’m not saying it’s right but crap like this usually escalates to epic proportions when both sides get into a mud slinging fight.

Anonymous Coward says:

Re: Re:

Probably something to do with the many stories like this:
[http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11442602/Cage-the-extremists-peddling-lies-to-British-Muslims-to-turn-them-into-supporters-of-terror.html] (Cage: the extremists peddling lies to British Muslims to turn them into supporters of terror). Sorry for the long URL, but the article is very informative.

So it seems that ‘human rights activist’ is less accurate than ‘terrorist apologist and recruiter disguised as human rights activist’, which is a shame as it casts a shadow on legitimate human rights work. As this guy has legit terrorist connections, it seems like the detention might also actually be legit as there’s probably actual investigations into him, and this was not ‘random harassment’ as originally portrayed.

orbitalinsertion (profile) says:

Re: Re: Re:

If only we detained all apologists for assholery, right?

It was never portrayed as “random harassment”. Exactly the opposite. Sorry he isn’t the most sympathetic victim for you. But being a British citizen, they are free to serve a proper warrant on him at any time. (Or intercept all his shit like they are probably doing anyway.) It’s not like he is some faceless entity in the wind.

This is nothing but expensive security theater, a waste of everyone’s time, an invasion, a stripping of rights, an annoyance, and significant inconvenience to everyone who travels (or no longer does). It’s not about defending this one guy (oh look Techdirt is sticking up for criminals again). The point is that it is wrong. It’s wrong regardless of who it catches. Unreasonable laws, powers, and methods are not justified by catching someone occasionally and annoying people whose views are wrong or unlikable, along with everyone else.

Never mind the British government, and the US, and friends, are just as much terrorists as the groups this guy apparently chooses to be an apologist for. The Telegraph article also, while maybe technically correct, glibly dismisses the the ambient bigotry, and the special government targeting Muslims face. So there is about zero moral high ground here. But that is wholly irrelevant to the unconscionable dumpster fire that is “border security”.

Machin Shin says:

Re: Re:

Probably around 97% cave in under an hour and give up their passwords. This guy stood his ground and told them “No”.

Also, being an asshole is not a crime. No matter how many authority figures really wish “being asshole to authority” was a crime, it still isn’t. (Unless your in such wonderful places as North Korea)

Anonymous Coward says:

Re: Re: Re:

“Also, being an asshole is not a crime.”

Correction, it is a crime, and people are arrested for it frequently as well. “disorderly conduct”, “failure to comply”, “interfering with the process of law enforcement performing its functions”, there are really a lot of laws that can get you arrested and fined for being an asshole.

Remember, you are ALREADY GUILTY, now we are just waiting for a cop to decide to process you.

Anonymous Coward says:

Re: Response to: Anonymous Coward on May 19th, 2017 @ 5:55am

Starting out claiming a sort of lawyer client privilege when he is neither the lawyer or the client isn’t wise.

I would agree, i have a feeling that after 20 stops in the past, he has turned a little arrogant.

I actually think people like this are trying to create incidents just to get attention to themselves and their work.

He could have easily encrypted the data and put it on a cloud storage and not carried it over the border. He seems to have sort of set this up.

That One Guy (profile) says:

Re: Re: Response to: Anonymous Coward on May 19th, 2017 @ 5:55am

Assuming for a moment that he did plan it, a ‘trap’ like that only works if both sides cooperate. Just as he could have encrypted the data and put it in cloud storage they could have easily decided not to push the matter when he refused to hand over the password.

This however is not what happened.

If he was ‘trying to create an incident’ then like bumbling buffoons they walked right into it, and that’s entirely on them.

Anonymous Coward says:

“According to 2016 statistics, only 0.02 percent of stops lead to an arrest. An even smaller number lead to criminal charges.”

If people who refuse to hand over the password for their device gets arrested, like this guy, isn’t it possible that would account for about 0.02 percent?
I am guessing that they are included in the statistics.
So how many actual terrorists have they ever captured?

Rekrul says:

He told the Guardian that he intends to fight, because the move has "serious implications" for journalists, lawyers and human rights, even though he faces three months in jail if he loses.

You know things are bad when spending a grand total of three months in jail for not turning over your passwords sounds pretty lenient compared to potential life in prison for a similar refusal in the U.S.

Anonymous Coward says:

how quaint

Citizens clamor for their governments to protect them, and then they start complaining when they take steps to protect you.

Remember, every time you turn to government for your safety needs, this is what you get, “their interpretations on what it takes to keep you safe”. When will it get through your thick little noggins that you ARE getting what you asked for here?

This is government in a nutshell, “abusing authority” citizens ignorantly allow them to have!

Citizens: but but but….
Government: I have altered the deal, pray I do not alter it any further.

Anonymous Coward says:

the UK used to value privacy and freedom above all else, condemning countries that were of the opposite opinion and enactment. now, under the Tory government that has screwed the UK continuously and, unfortunately, has taken over from the USA in surveillance and spying on it’s own and everyone else citizens, as well as bending over whenever told to by the USA so as to be able to do on it’s behalf, what is wanted but, officially at any rate, it is prevented from doing, just because it is afraid of losing the USA as an ally, as well as wanting to ensure as much as possible that all the dastardly deeds the UK government, the rich and the famous are up to, never get ‘out in the wild’. it has become more important than anything to keep UK citizens in the dark and under the cosh! Hitler would have been proud of what successive governments have done in the UK, all under the excuse of pornography, pedophilia and terrorism, none of which are anything at all to do with the reasons the government is executing these procedures!

Anonymous Coward says:

Re: Re: Re:

I like the fact that he is dumb enough to think the US used to value privacy and freedom “ever”.

Even the USA whom kicked those fucks to the curb for greater independence didn’t value privacy and freedom above all else for long.

It is just not in government’s nature to value anything other than complete obedience from the people.

Personanongrata says:

Petty Authoritarian Control Freaks, Charades and Utopia

British Human Rights Activist Faces Prison For Refusing To Hand Over Passwords At UK Border

All persons should refuse to hand over their passwords at all borders at all times to any petty tyrant representing any totalitarian government masquerading as a republic or constitutional monarchy.

These authoritarian acts (based upon the most specious motives) of the US/UK governments require either mass non-violent civil disobedience where jet load after jet load of travelers refuse to divulge their passwords thus filling the "authorities" detention centers until they are bursting at the seams with non-compliant persons or travelers can simply boycott traveling to the US/UK and deny both governments the revenue associated with business persons and holiday seekers.

These are the actions of governments (ie criminals) that are fearful that people will find out the truth that they are really nothing more than criminal enterprises operating solely for their own benefit at the expense of all others while hiding behind the charade of national security justifications.

“As God loves me, when I consider this, then every modern society seems to me to be nothing but a conspiracy of the rich, who while protesting their interest in the common good pursue their own interests and stop at no trick and deception to secure their ill-gotten possessions, to pay as little as possible for the labor that produces their wealth and so force its makers to accept the nearest thing to nothing. They contrive rules for securing and assuring these tidy profits for the rich in the name of the common good, including of course the poor, and call them laws!” ― Thomas More, Utopia

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...