All your data are belong to us
This is not a new policy but one that is getting people’s attention because Homeland Security is now admitting it publicly. It seems that anyone travelling into the US, and that includes US citizens, can have their laptops, PDAs or phones confiscated upon entry into the country. They can be held for a "reasonable" period after which they must be returned to the owner. They can search all of the data looking for anything suspicious and the sad part is that they do not need to have any suspicions of wrong-doing prior to the equipment confiscations. It’s sort of like if you tick off the govenment employees they can take your stuff. Homeland Security assures us that they will destroy any data they searched during the confiscation but they can keep any notes they took while looking at it. Ouch, once again it appears that we’ve already lost that war.
(via Yahoo News)
Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.
Yep, this has been going on for a while now. Security theater at its finest. If someone really wanted to get data into the country, they could just connect to a server once they’re in. Or, at the very least they could store the information on a micro SD card and stick it in their sock/under a shoe insert. Sheesh.
Anything or anyone coming across the boarder is subject to search, just because its coming across the boarder. This had been in place for years.
Jason
I remember someone way back when suggesting a way to prevent the officials from grabbing one’s computers and wrecking a work project or, worse, college work prior to graduation (as I remember the context of the suggestion.) If there is “pre-publish” material on the computer, they are allegedly supposed to at least allow you to make a copy of it before confiscation. The idea is that by not allowing that, they run into First Amendment issues, as a seizure like that could be used to prevent publication. It wasn’t cited as a way to prevent the removal of your equipment, but at least you still had use of the data on it.
Not sure if this is still a viable tactic. Anyone know better?
But if you believe the mythical stories that Europe is still relatively “free” as in free-from-government-intervention-from-personal-privacy, your wrong. While progressive left-winged politicians are well-represented, more conservative factors in the Europian parlement have made significant in-roads in privacy invading anti-terrorist measures. Though, in all fairness, the situation is far less worse than in the US, the sad truth is that Europian Airline corporations are simply forced to hand over personal information to the US government or they cannot fly to the US. National Governments can complain all they want, it simply doesn’t seem to help.
@Jason: border searches aren’t new, but until a few years ago laptop searches weren’t common. Or cellphones, for that matter (I suppose the increasing capabilities of phones led to this).
TrueCrypt version 6 has a way of making a fake partition. CNet has a video on how to do it, and while it can take some time to do it, it is possibly worth investigating if you want or need to protect your data. (Please note that IANAL-I Am Not A Lawyer, nor do I play one on TV, so I do not know if this is legal.)
To see the CNet TV show, go to the Insider Secrets section and look for the show titled “Create a hidden operating system”.
Woadan
You do realize that the ‘terrorists’ have achieved their purpose, don’t you?
Sounds like an argument for cloud computing and/or encrypted removable storage to me. They can’t search what they won’t find, and if they start grabbing at random, I’d rather they pick me, find out that my computer has seemingly NO relevant data on it, and be stuck dead in the water.
(Now, what I would give for 80mm Blu-ray discs and affordable burners, so that I could walk through a metal detector with 15GB of data in my pocket.)
It is interesting to note that mail can’t be opened (without reasonable cause) at the security checkpoints.
To me the real issue here is not keeping them from your data. Sure, that’s important. But the way this happens is was it devastating. You’re traveling to the US on business (or returning) and with no provocation they just confiscate your laptop or phone. That’s the real issue here.
We read every day of cases getting thrown out of court because of illegal seizure of real evidence. They don’t need any reason at all to take your stuff.
Welcome to America!!
James,
There isn’t anything new here, really. It’s long been the policy of most nations, including the US, and I know from first hand experience. All the way back in 1992 I had all my luggage seized by customs agents. On a routine trip from overseas my property was taken from me, and I was held for 4-5 hours without any explanation. When my passport was handed back to me, I was told I was free to go, but I was also informed that my property wouldn’t be returned. I never saw my bags again. Most of what was lost was old clothing, but I also had my DayRunner (these were pre-PDA days) taken from me. That thing had every bit of detail for 2 years in it. It took me forever to rebuild that information. I had a lawyer look into the situation, and he basically said that I didn’t have any reasonable recourse. We filed a letter asking for information on why this happened, and the whereabouts of my stuff, and in return we received a letter stating that Customs did not have to respond to the request.
To this day I don’t know what I did, or what my property contained, for customs to confiscate it. It only happened that once, and I’ve traveled freely ever since.
The only thing that has changed now is that laptops can contain exponentially greater amounts of data than a DayRunner, and so the potential loss of private information is that more dangerous.
A few years after that incident, another lawyer friend told me that Customs reserves the right to ‘arrest’ anything, people or items, at the entry point. Technically you aren’t ‘inside’ the US until Immigration AND Customs clear you, therefore they can get away with it. I’m not sure if I believe that, but it’s been happening for years now.
You can encrypt your data and they will not be able to look at it. they would have to get a court order. Sounds like it would be a good idea to have a online encrypted backup aswell. Of course them taking your laptop would not be good.
If they want to look at your data, fine. Image the drive and give it back to me. If they find anything that could be a security issue, arrest the person. I’m ok with that. Pirated movies are not a security risk. If someone was arrested because of pirated data that be utter crap, in my opinion. Customs might be able to police that since you are illegally importing content. I only bring up pirated data because I can see it causing the first arrest.
With that said, anyone that is going to get data into the US wouldn’t use a laptop or a thumb drive. That’s was FTP or e-mail are used for.
One more reason why I am happy with an online backup solution (I personally use Carbonite). If my laptop gets stolen/lost/broken/confiscated I can restore all content onto another computer quite easily!
Encryption doesn’t help unless you’re intent on hiding something. Personally, I’m much more afraid of LOSING my data by having it seized. They can look at anything they want…just don’t take my business devices and personal/professional data from me.
Maybe it’s time to invest in that 32GB flash drive disguised as a stick of gum. ;-)
Here is the thing that will spur Cloud Computing.
If not that, then Dear God, the Revolution!!
The “they can look at it all they want, just don’t take my hardware” argument sounds a little bit like “you can search my home all you want as I have nothing to hide, just take off your shoes and don’t break down my door in the process.”
I can easily protect myself from data loss. And the hardware is replaceable. But having random people snoop *though* my data for no good reason is an unacceptable loss of privacy. I am not a criminal, and while snooping through my stuff will not reveal any evidence of crime, I still don’t want this to happen. It’s a matter of principle.
By the way, encrypting your files is only going to help you if you also hide the files. Just like they’ll ask you to unlock your Windows account by entering the userid/password, they’ll ask you to decrypt a file/drive if they find it. And if you choose to refuse… well, as someone pointed out, you’re not yet in the country, so good luck getting a lawyer to help you from your little holding cell :(
if you look deeper into why all the sudden the US is enforcing this, well you can find out exactly who to thank the RIAA & MPAA lobbyists.
What am I missing?
If I were going to try and sneak data into or out of the country, the last thing I would do is put it on a physical device on my person or in my possession.
The hardware would be barren; better yet I would get to my destination and THEN buy or steal a computer, and secure FTP an encrypted file from a server back in my country of origin or a third country.
Given the borderless nature of the interweb, why would anyone ever have sensitive data on their person? What are these searches and confiscations supposed to catch other than the dumbest N% of the terrorists?
I can imagine that the Dept. of Homeland Security isn’t really concerned about discovering illegal activity like possessing pirated movies or even worse. By searching mobile phones or email programs they could quickly identify if the person being searched has any known ‘dangerous’ contacts.
I suppose if you have the wrong name, or someone on your contact list has the wrong name you could be in for an experience that would put a dentist visit to shame :)
@Joel: …and you find the funny because?
I dislike this and ideas of such ilk.
Here (Australia) there’s discussion between our foreign minister and the USA to allow specifically for searching of digital devices for pirated movies and mp3s. Suggesting criminal charges for those found guilty.
Clearly the foreign minister is a luddite and has no idea about the logistics of such a choice.
Oh well, have fun differentiating between ripped mp3s, pirated mp3s and purchased mp3s. Then have fun digging through the myriad of other media formats.
THEN have fun sifting through these cases and attempting to kludge together some kind of criminal case against the people proving this beyond reasonable doubt.
@bluemonq
OK, I have a dark sense of humor. But is anyone really surprised about this? This kind of stuff has been going on for the last 7 years (warrentless wiretaps, for example) . The only thing different now is that is isn’t taking place behind the scenes and that everyday Americans are being affected.
After being eyed-scanned and fingerprinted even for a simple transit, this sounds like another fine argument to avoid usa during their middle-age century…
btw, Asia seems to be pleased to welcome all tourists and money of the world
;-)
There was a notice that customs can now search through any devices for copyright infringing material on devices passing the border. Don’t recall where I read it. One thing is sure, anyone passing the US border would be wise to make sure they have no entertainment on there they haven’t paid for, and certainly make sure all personal data is fully backed up and available at home if they do swipe your devices. Personally I’d truecrypt my entire freeking laptop to the hilt… at last make them work for it.
Land of the brave and home of the free. (insert helpless belly laugh here.)
Oops, I think I reversed the land and the home. Ah well. :)
Many of these supposed security laws are made for reasons other than the ones stated. Media copyright infringements are an obvious target. No doubt there are others such as industrial espionage.
Even if it is not feasible to prosecute piracy cases on a wide scale, it has the net result of making every one a bit paranoid about it and thus avoid ripped media altogether. It will only take a couple of well publicized cases for people to get the message. In the end people will avoid hassle where ever they can.
Of course if you encrypt or obfuscate your data in some way, this just means it will take that much longer to get your stuff back as they will have to run a brute force decryption if you don’t provide the passwords, plus you get added to a “suspect” or “trouble-maker” list for your efforts.
Cloud computing sounds like a good idea too, unfortunately Uncle Sam already has it covered and you won’t even know about it!
Myself, I will avoid travelling to the US unless I really have to, and will only take those devices I have to take for my job. Certainly not my UMPC which is a real shame. Let me know when your country’s government rejoins the 21st century and civilization. :)