Slashdot Mirror
US Courts Consider Legality of Laptop Inspection
ceide2000 writes "The government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer's hard drive, the government says, is no different from looking through a suitcase. One federal appeals court has agreed, and a second seems ready to follow suit." This story follows up on a story about laptop confiscation at the borders from a few months ago.
next is your banking information, previous employments, medical history and telephone calls made in the past 6 months.
Welcome to the USA.
Can they demand you decrypt data or, worse, provide the key?
... there are effective ways to protect your own privacy http://www.truecrypt.org/
This is not suitcase snooping, this is opening a sealed envelope found within my suitcase and reading the contents even though both the suitcase and envelope test negative on the bomb sniffer.
I pity the foo that isn't metasyntactic
A. You can decrypt the data
B. You can go back where you came from
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Are they going to check all the new laptops shipped from China too? Theres probably spyware, malware etc on their hard drives Anyway its gpoing to mean long lines at the security checkpoints at airports as federal employees check out business travellers pron colledtions.
I think the answer is: no, that's not allowed. They are allowed to search in order to satisfy themselves that it is a book/document and not something nefarious (bomb, contraband, etc.)... but beyond that they cannot go rummaging through any data you happen to be carrying on your person.
By analogy, I would expect that physically inspecting a laptop (to make sure it's not hiding anything nefarious) is okay, but I can't think of a legitimate reason to start scanning through the data on it.
I guess if they're going to ignore the 4th Amendment when it comes to suitcases, they might as well ignore it when it comes to laptops. After all, who is to say what it means for "The right of the people to be secure in their persons, houses, papers, and effects,"
Except that software doesn't pose a "threat to national security" if it's transfered on an airplane. Sure they may say that "We want to keep hacker software and naughty viruses out!", which is ginger and all, but there's this one new thing, maybe you've heard of it TSA - called the internet. So really I have to ask why do they need to search peoples hard drives? The people could easily just leave their data at home or on a remote server and transfer it to their laptops once they land.
On the subject of encrypted data, here's an interesting question, what if the user doesn't have the key (e.g. a messenger)? Do they have to delete that data? And how do they know it's entirely deleted? Do they run Nuke and Boot on the user's hard drive?
It seems to me this is just a classic case of political "Lets make laws on things that we don't understand and scare us".
A laptop can be used to carry contraband. Pirated software. Nuclear secrets. What makes it different from opening a suitcase?
There's a few things that make it different. First, by opening a suitcase and performing a cursory inspection, an official doesn't read every notebook and letter the traveler is carrying. A customs official that takes a computer for inspection can do all kinds of unreasonable things to it, and there's little that can be done about it. There's also the problem of figuring out what is illegal: Should a traveler prove that every mp3 he is carrying was ripped legally? Should we have to carry the licenses of all commercial software? It'd be crazy.
And finally, there's the fact that anyone smuggling software will just get an internet connection and send it across through the wire.
What is "illegal" on a laptop that comes into the country? I can understand stuff like plans for a bomb or correspondence with a terrorist group. But that has to be an extreme. So what else are they looking for?
"There are all sorts of lessons in these cases. One is that the border seems be a privacy-free zone. A second is that encryption programs work. A third is that you should keep your password to yourself. And the most important is that you should leave your laptop at home."
Don't forget the one about not being a pedo, I mean, I know, it isn't that obvious, but still, just in case you didn't catch it, don't be a damn pedo.
Honestly, I am not sure how I feel about boarder inspections. Yes, they are important to some degree (it IS illegal to traffic in certain things). However, they should also have a good REASON to search you.
If we accept them doing random stops and searches (I honestly don't know how I feel about this), or if they have good reason to stop and search you, then I have no problem with them searching your laptop as well. They obviously should not keep records of ANYTHING found in there (unless breaking a specific law), however searching a laptop when you are already searching the person/car for somethign that likely could be found on the laptop? why not?
All in all, I dono. It seems a slippery slope problem, but it also seems relatively reasonable (Again, assuming there is a good reason for the search in the first place)
Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
I tend to store my data in binary on magnetic platters, where it is completely unreadable by humans using plain sight in a simple search.
Folder on desktop named "Kiddie pics?" Check.
Thousands of JPGs within? Check.
All JPGs are hello.jpg? Checkmate.
I encode all my dangerous stuff with everyday words and string them into mundane sentances disguised as personal communication.
There, everything you need to construct your own death star is in the line above. Oh, and some extra information is hidden in this line about exhaust ports. Damn, I just realized, my encoding for "exhaust ports" renders as "exhaust ports". Well, back to the drawing board.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
After all, they keep giving us foreigners more and more reasons to avoid the US and spend our money elsewhere.
It's official. Most of you are morons.
thumb drive
encryption
orifice
Better known as 318230.
I can see the court's argument, and I suppose it really isn't any different, since you're crossing a border. But what's the point? I've heard there's actually a big network that extends internationally outside the United States (an "inter-net" if you will) that makes data transfers into the US without physical hard disks fairly easy. If this is truly the case, wouldn't anything "contraband" be sent via that? (I mean, assuming it's not too difficult to get an account on this network.)
I don't think you'd need to encrypt anything. Your laptop won't be on when they begin their inspection, right? So add another account that you fully cooperate with them with that has access to nothing, and maybe has some default pictures and stuff for them to browse around with. Configure login script to fix whatever they screw up on that account on each login. Log into *that* one for them to do their probing. They won't have any way of knowing it isn't your main account. Heck, make that a nice self-healing account that friends can use. Bonus!
If you assume somewhat more sophisticated inspectors, you may want to put what can be construed as nefarious software (nmap, tcpdump, nessus, kismet, etc) in a more secure than normal place.
Now, if you expect the thing to be confiscated, that is a different story.
This is a perfect example of the government tipping their hand. Every time they say, trust us with your privacy, think back to what they do when they have no constrains.
Finally a plausible reason why JM is conceivable.
No, it's not "opening a sealed envelope". Envelopes can contain toxic chemicals, weapons, etc. Computers only hold information. The difference is that they're now policing thought.
Can they ask to see the contents of a company laptop? If that information is proprietary you have every right to deny them access as an employee or face legal liability for showing others that information. Arguably, they have no right to a laptop that isn't yours or viewing information that you do not have the right to show them; they would need to get a release from the company in order to view that data.
This is my sig. There are many like it but this one is mine.
they can stick theyre hand up your butt, why would you be worried about your laptop. your laptop won't cry in the shower to boy george after it's violating probing.
As a heavy terminal user I long since lost interest in running a desktop environment. This has become a problem when I travel internationally, something I do very often.
On two separate occassions I've been asked to boot my machine. On both occassions the security officials became quite disturbed when they saw a text only boot sequence. One asked me to turn the machine off immediately and after 30 minutes I was able to explain what was on my computer in a way they liked. The second incident was worse. Once my laptop had come out of suspend-to-RAM the security guy demanded "Log into your computer please". On seeing a single maximised xterm he became nervous. He held me until an official came down from upstairs, who promptly laughed warmly and said "It's unix. It's OK".
I know a couple of other people that have been in very similar situations.
These days I have a session manager such that I can boot into a clean GNOME desktop should such a situation arise, complete with soothing coastal background image.
The rationale for having me boot my computer apparently was that it may be a bomb, not that my contents might be suspicious. The logic of having me sit in front of them and power on a bomb just to find out if it is, in fact, a bomb still escapes me to this day. Nearly as bizarre as the giant liquids disposal vat at security check: "Please mix your bomb ingredients in this packed airport instead of on the plane. Thankyou."
The 4th amendment does not apply to searches at the border, and it never has. Throughout modern history, every country in the world (the U.S. included) has reserved the right to search anything and everything entering the country, save diplomatic pouches.
The 4th amendment only covers "unreasonable" search and seizure. Border searches are considered reasonable, and therefore require no warrant. This was formally codified by the 1st Congress (thank you Findlaw), who could be assumed to know the intentions of the founding fathers. More intrusive operations over and above a cursory search (such as X-Rays, or I supposed computer checks) only require "reasonable suspicion", as opposed to the more strict "probable cause".
The current version of the law states:
19 USC 1581:
(a) Customs officers
Any officer of the customs may at any time go on board of any vessel
or vehicle at any place in the United States or within the customs
waters or, as he may be authorized, within a customs-enforcement area
established under the Anti-Smuggling Act [19 U.S.C. 1701 et seq.], or at
any other authorized place, without as well as within his district, and
examine the manifest and other documents and papers and examine,
inspect, and search the vessel or vehicle and every part thereof and any
person, trunk, package, or cargo on board, and to this end may hail and
stop such vessel or vehicle, and use all necessary force to compel
compliance.
I would think a search of the hard drive falls well within a "package".
SirWired
If I wanted to get information across the border without being noticed, I'd put it on an FTP site and email the link and login info to myself, to a webmail account that I can access anywhere merely by memorizing the username and password. No need to even have the POP3 access info on the laptop, let alone the "incriminating data".
In fact if transporting data is your only reason for entering the country, just upload the nefarious data to one of the free FTP sites, and email the link to your partners-in-crime. Why risk being caught at the border??
~REZ~ #43301. Who'd fake being me anyway?
I sure get tired of the fools who think international borders should be treated as carelessly as the border between Nevada and California. I can only think they've lived so long in a world that seems totally harmless, like trust-fund babies who've never left the crime-free gated community, that they now naively think there's just no more evil left in the world. So they can't see all this fuss about actually, you know, making sure that folks coming into the country are not up to seriously bad things.
They remind me a bit of the similar folks who fuss about the dangers of vaccines or chlorine in the water supply, because they've lived in a world with powerful antibiotics so long they no longer really believe that deadly bacteria exist and can kill you dead without some basic precautions at the similar "border" between one's body and the outside world.
It is possible to encrypt the contents of the hard drive using a SmartCard, then mail the SmartCard to your destination in advance of your border crossing. By doing so, it would be absolutely impossible* for you to give them access to your data. And while they may have the legal authority to search your laptop at the border, they do NOT have the authority to break in to your destination address and take the SmartCard (without probable cause, warrant, etc.).
* For the cryptographers and pedants in the crowd, feel free to substitute the word "infeasible."
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
They are not looking for passwords to nuclear reactor equipment - the clowns at the border probably wouldn't recognize such lists unless they were marked "passwords to nuclear reactor equipment." They're not even looking for bootlegged movies because they'd be detaining damn near everyone with a laptop.
No, they are pretty much just looking for naughty pix of little kids - that's it. And much as someone might find that offensive, sorry it just aint "dangerous."
It's encouraging to see ONE judge in this country got it right - _personal_ computers are an extension of our mind and deserve the utmost protection.
Store your sensitive information in a truecrypt volume on your camera's SD card. Name the truecrypt volume DSCINDEX.TOC if you want a bit more security. In order for anyone to find the data, they'd have to:
1. remove your SD card from your digital camera and stick it in a computer,
2. notice that you have a 2GB index file,
3. recognize (somehow) that it is a truecrypt volume,
4. get you to enter the password that opens the hidden volume instead of the default innocuous volume.
The constitution, 4th amendment included, applies to all people, not just citizens, on U.S. soil and that includes the soil beneath the customs hall.
Were that not the case, we'd have little need for N379P.
the first TSA guy took the battery. http://it.slashdot.org/article.pl?sid=07/12/28/1944208
The Carroll Doctrine (aka the "automobile exception", aka Carroll v. US) says that although they can seize a locked container in transit, they can't search it without a warrant. If no warrant is forthcoming, they have to return the locked container unsearched - they can't destroy it or confiscate it. There have been plenty of court cases since (California v. Acevedo, US v. Chadwick, US v. Ross, Chambers v. Maroney, et. al.) that have clearly established the rights of "persons" (as opposed to merely "citizens") under the Fourth Amendment. And even though the USSC has said that people crossing into the US have a diminished expectation of privacy and border guards have expanded powers of search and seizure because of the exigent nature of the circumstances surrounding a border crossing (in particular, no probable cause is needed before a search), there still is no support as far as I've been able to find for the warrantless search of a locked container absent any sort of either probable cause or even reasonable suspicion. It follows that the government can search my hard drive without a warrant at a border crossing, but what happens when they happen across that TOPSECRET encrypted folder?
It's going to interesting the first time one of these cases reaches the USSC. What happens if I encrypt my data with AES 256 (certified for TOP SECRET data), I get stopped at the border, and I refuse to give up my encryption key? Since I'm a citizen, they can't deny me entry, they can't hold me until I give up my key, and they can't decrypt the data. An interesting situation. As a former police officer, I know how I'd handle the situation without breaking the law and without holding the subject in jail, but I doubt that most DHS folks would have that much creative imagination.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
Canadian customs and immigration checked through my laptop also. In fact, I say also but US customs and immigration has never actually checked the contents of my hard drive as Canadian customs did but they have made sure it turns on and isn't a bomb instead however.
I've never taken my laptop round Europe with me so I can't really give any experience of other customs. I've not actually had British customs itself check my laptop at all though, simply putting it through the scanner in it's case was enough for them although I'd imagine they may check it if I was coming into the country as a foreign national or if I seemed slightly more dodgy!
Now should they get a warrant from a judge, then matters become a little more shaky. They could argue that the laptop is locked and that you are in contempt by refusing to unlock it for search as ordered by the court the same as they would do for someone refusing to unlock a building or safe, etc. That is where a good encryption software comes in. Unless they can prove that the drive is encrypted, that you know it is encrypted and you are in possession of said keys to decrypt it. They get nowhere.
Citizens can push this issue since they can't exactly refuse them entry. Visitors legally can do the same, but being refused entry can have ramifications as others have mentioned previously. IMO they are using that last item as a method to coerce disclosure of laptop contents even though they have no legal grounds to demand the same. Normal caveat - IANAL.
Now, next time I visit the States, I know how to be prepared. I will create folders like "goatsePr0n", "My Cunning Plan to Drop a Bomb On George W. Bush", and "Allahu Akbar" . . . and fill them with pictures of Hello Kitty.
this stupid search mandate is to teach ALL (even the perps) to put the data on an SD or mini-SD card
Next up, cavity searches at customs checkpoints for flash drives hidden on one's person.
"Ein Volk, ein Reich, ein Führer." -Adolf Hitler
"We are one Nation, we are one People." -The One 'leader'
Lord Vader does not skip lunch, fool! ... ... ...
*CTHHHHK*
*KHHHHH*
*CTHHHHK*
*KHHHHH*
Now bring me my burrito!
Please stop stalking me, bro.
Molesting a child is a harmful act. So is molesting and adult.
Images of child molestation are not child molestation. Looking at an image of child molestation no more makes one a molester than does watching bank robbery footage make one a bank robber.
And pedophilia may be real, but its no more "dangerous" than homosexuality or heterosexuality. We all have feelings every day it would be bad to act upon - most of us are rational enough to avoid doing the wrong thing. Assuming all "pedophiles" (which, in this society, would mean pretty much any male who has ever looked at a 15 year old and thought "wow that's hot") are simply out of control, irrational animals unable to control their actions is the very height of idiocy.
Kinda vague, is not it? What's reasonable? Up to the courts, really...
And the courts have determined, that such "administrative searches" are Ok "as long as they are "conducted as part of a scheme that has as its purpose something "other than the gathering of evidence for criminal prosecutions."
In Soviet Washington the swamp drains you.
I can see it now...
"Please power on your laptop, sir"
*click*
"Sir, I'm sorry to inform you that this border does not support linux. You will have to return to your place of origin until such time that you install the latest version of Windows Vista Ultimate, Now With Extra Neato Security! (tm)."
/facepalm
My favorite was the time the Linksys tech support person told me that my router doesn't support linux. To which I responded, "The router is RUNNING linux, you know-nothing dweeb!" That call was not very productive...
1, 2, 3, 4, 5... That's the combination on my luggage!
Our rights are going down the drain. We, in the United States, seems to slowly going by the way of an state. What the heck is the fourth Amendment doing? I hate child porn but there are other methods of getting these people. If this occurs there will be sudden stop of all business travel and it will make the flight stoppage after 9/11 look small. Not every person has porn on their laptops but definitely have important information on those laptops and confiscating these laptops for no good reason will not help.
Guantanamo. Where the rights of the world are pissed on en-masse. Nothing to see here folks..
It would have been hypocritical for our founders to then limit recognized human rights to citizens only.
Yet, they decided slaves weren't people. Nope, not hypocritical at all.