Topic: border guards can demand passwords to your laptop (Read 7726 times)

Yeah the border areas have became totally no fun.  There's only one small town crossing I'll even go across.  And that means passing the 50 cal on the jeep, the heavily armed mexican federalis, the US guards (and dog) with flak jackets, the shady characters loitering around....

Seems their mayor got murdered a few months back.

but it's not a 3 hour wait...

dropbox + openssl ?

Precisely.

Many places, over several decades.  But this thread was about the border, which of course for Mexico is the most problematic area.  These days one is liable to get bored to death in the wait for the border crossing, after which the job of the US border guard in extracting your password is quite difficult.

What part of Mexico did you visit?

Then you should examine that something, and question what else it has told you wrongly about.

But do note......I didn't include in what the thug might want, your passwords.

Something tells me you've never actually been there.

Unless some thug wants your car, your money or your wife/girl.

The article specifically lays out that they don't ask for passwords.  They ask the person to access his laptop and show them the emails.

Less objectionable than demanding passwords....

My password is so long they would need to get on both knees to read it

I hear tell Mexico is pretty good about leaving you the hell alone.

Please tell me, which countries are the free ones? 

They don't do that in free countries, but if you go to Israel, I'm afraid it's becoming common practice.

http://news.bbc.co.uk/2/hi/programmes/fast_track/9741639.stm

The government doesn't see anything wrong in doing that.

http://www.reuters.com/article/2013/04/24/us-israel-security-emails-idUSBRE93N16620130424

http://www.truecrypt.org/docs/?s=hidden-operating-system

I don't recall such a capability within Truecrypt, but it is certainly a very robust system.  For example, it provides http://www.truecrypt.org/docs/?s=plausible-deniability "plausible deniability" even after giving a password to a extortionist, border guard, whomever; the same would be the case if the password was hacked.  

Correction, I see it - this is slick!!!

However, in order to boot a system encrypted by TrueCrypt, an unencrypted copy of the TrueCrypt Boot Loader has to be stored on the system drive or on a TrueCrypt Rescue Disk. Hence, the mere presence of the TrueCrypt Boot Loader can indicate that there is a system encrypted by TrueCrypt on the computer. Therefore, to provide a plausible explanation for the presence of the TrueCrypt Boot Loader, the TrueCrypt helps you create a second encrypted operating system, so-called decoy operating system, during the process of creation of a hidden operating system. A decoy operating system must not contain any sensitive files. Its existence is not secret (it is not installed in a hidden volume). The password for the decoy operating system can be safely revealed to anyone forcing you to disclose your pre-boot authentication password.*

LOL...but I still like the HotCindy/Jehovah's Witness training manual method!

Anyone who takes thirty minutes to read the eighty some page Truecrypt manual will be vastly smarter about these issues than before reading it.  I suggest that in lieu of reading, say....this thread....

My opinion is that creating a secure machine is highly advantageous and for multiple reasons.  Yet at the same time, the biggest leaks and the most common issues are the result of users' habits, such as allowing facebook or linkedin access to a contacts list associated with email, or other access allowed to apps on android or iphone.

You could claim that the key file you need to decrypt the data is on an USB stick, which renders unreadable.
The only thing they could do is to guess if you're lying, and where guessing comes into play (guessing here is an emotional act, not a rational one), you can get into trouble no matter if it's your fault or not.

IANAL but I'm pretty sure you cannot be jailed for failing to do something you cannot do. Under some circumstances the burden may be on you to show that, on the balance of probabilities, you were unable to comply with their demands.

Getting caught with anything digital at the border is a newbie error anyway.  Use one of these services to store the (suitably encrypted) Khmer baby photos you took on your Asian holiday.

TrueCrypt can do that.

I recommend: https://supporters.eff.org/shop/i-do-not-consent-search-device-sticker-3-pack

A friend was telling me there is a program that depending on which password you give it at bootup it will
load different encrypted partitions....

Okie dokey occifer boots...here's the my little pony access code complete with i <3 dhs logo desktop  background, itz so coooool...can I get your autograph?

Threads like this serve as a great reminder - If you've been lazy up until now with your encryption habits, etc. don't leave it too late to set things up properly.

Of course there's reason to suspect it. You're not in a uniform, are you?

Anyhoo, police in my sate can download all your text messages if they have the whim after pulling you over. You might be hiding drug deals, even if there's no extraordinary reason to suspect it!

Frankly I don't think you know what you are talking about.  If you really and sincerely think that, then if you want to convince others, you should be able to cite case law and higher court decisions to the effect claimed.

Because what you are saying sounds just silly, and goes against basic principles of law.

I'm not at this time going to look up the relevant cases.  You are the one that has made the fantastic claim, it is your job to support it.

You think this is just for *crossing* borders?
http://www.aclu.org/technology-and-liberty/fact-sheet-us-constitution-free-zone

Driving from Phoenix to San Diego?  Albuquerque to Austin?  You will be stopped, and can be searched on the border patrol's whim..

There is no fear factor involved. Claiming you don't know a password as a defense will result in you being placed in jail for contempt of court. Claiming to not know a password is not a valid legal defense.

I have no idea where you get these assertions from. 

Can some cop find some excuse to jail someone regardless of the facts?

Yeah, probably, anytime, anywhere.

Is "I don't know" a valid defense?  Hell yes it is. 

What I think you are referring to is whether an individual could be strong armed and pressured into giving up some things, under threat of some legal charges being brought.  That's different from "being jailed".  There is a process where someone might be detained and questioned, then possibly charged with something, then booked, possibly being in jail overnight if they timed it right, then getting out on bond when the courts open the next day and after bond has been set and an attorney hired.

So please don't argue the fear factor.  Yet in so doing you miss my point.

I argued FOR giving them passwords, but making the obvious content so disgusting, boring and ridiculous that it matched their disgusting, boring and ridiculous behavior. 

And there's no person, anywhere that's going to credibly assert that one individual has all the logins to a family computer.

Which is exactly what most of the controversy is about, since even if you genuinely do not know the password, they will jail you anyway. The flip side is that anyone could get away with not giving up a password just by claiming to not know it.

Fuck 'em. It's true. I can't give what I don't know.

You can still be jailed for not giving the passwords for the other accounts. Claiming "I don't know them" is not a valid defense.

Sure, officer....here is the password to my account.  It's "HotCindy".  What?  You want the passwords to the other fourteen accounts?  Oh, I have NO IDEA.  Those must be my kids and my girlfriend's accounts.  What, you've got into HotCindy?  What's the problem?  You don't like what we do?  Well, it's just the training manual materials for our door to door missionaries.  You don't have any problem with Jehovah's Witnesses, do you?

What's that?  You want the administrator password?  Gee, I don't know...none of these accounts are named administrator.  Aren't you an administrator?  There's one account here, look.  It's called BigBOB....
......
 

They want to act sick and twisted, give'em sick and twisted.

Reasonable Suspicion

"He was acting suspiciously."
"He smelled like weed."
"He was white but his children were Hispanic."
"He kinda looked like a guy."
"His car kinda looked like another car."
"He don't speak American English good."
"He wore a fancy desert-dress and a head-towel."
"He could've had guns."
"He could've had child-porn."
"He could've had WMD's in his trunk.  And laptop."

If none of that works,

"We suspected he was a terrorist."

Assuming you`re talking about the US specifically, that was the situation for the past few years.

Not so much anymore.  For a while there, DHS and successive administrations were of the view that it could do anything it wanted with regard to confiscation of anybody`s laptop at the border for off-site inspection, and they were claiming that the mere fact of password-protection was evidence of wrongdoing which would justify them in seizing the computer.

Now, they have to have "reasonable suspicion" (which is a lower hurdle than probable cause, but still more than "I felt like searching") in order to seize your device(s).

Article about the case in WashingtonTimes.  


It`s super intrusive.  I can understand the reasoning behind it, but I don`t agree with it and I don`t think it`s especially effective.  It`s unfortunate that this particular ruling came after an investigation where they actually DID find pictures of the guy abusing children.  My guess is that most people just don`t challenge it far enough when they don`t have anything to lose.  I mean, if you have your laptop taken away, examined, and then maybe taken offsite and returned to you a few months later - what are you going to do about it?  Be pissed off for a while but little else?  Or challenge it to the highest court in the land?  Most people go for the former, because it`s mainly the principle and most people don`t have the cash to fight a legal battle over such a principle.

If for some reason they do have reasonable suspicion, they can still take your laptop, and a court order can still compel you to reveal your password.  Whether you can do that, and whether you have adequate encryption to provide some kind of plausible deniability in such a situation, is a whole different story.

Anyway, based on this ruling the ability to do this has been diminished though not eliminated.  And in the UK, you can be sent to jail *just* for refusing to reveal your password, depending on what offences you are being charged with. See also here.

I`m being lazy and not providing links to the cases themselves, but these articles give you the general gist.

Bottom line is that there`s a bit of a storm brewing regarding cryptography, and the state actors are very interested in limiting its usefulness.

dont maek fun fellow canadian im not that smart

i get by on my good looks

if you don't understand that, you shouldn't be crossing borders.. you could get lost

"a bit" intrusive.

For facebook, I believe that violates TOS Section 4 ( 8 ).

i dont understand?

i been reading that border guards can demand access to laptop and look youre computer , email , facebook messages ect

anyone else finds this a bit intrusive?