Slashdot Mirror
US Courts Consider Legality of Laptop Inspection
ceide2000 writes "The government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer's hard drive, the government says, is no different from looking through a suitcase. One federal appeals court has agreed, and a second seems ready to follow suit." This story follows up on a story about laptop confiscation at the borders from a few months ago.
next is your banking information, previous employments, medical history and telephone calls made in the past 6 months.
Welcome to the USA.
Can they demand you decrypt data or, worse, provide the key?
This is not suitcase snooping, this is opening a sealed envelope found within my suitcase and reading the contents even though both the suitcase and envelope test negative on the bomb sniffer.
I pity the foo that isn't metasyntactic
A. You can decrypt the data
B. You can go back where you came from
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
I think the answer is: no, that's not allowed. They are allowed to search in order to satisfy themselves that it is a book/document and not something nefarious (bomb, contraband, etc.)... but beyond that they cannot go rummaging through any data you happen to be carrying on your person.
By analogy, I would expect that physically inspecting a laptop (to make sure it's not hiding anything nefarious) is okay, but I can't think of a legitimate reason to start scanning through the data on it.
I guess if they're going to ignore the 4th Amendment when it comes to suitcases, they might as well ignore it when it comes to laptops. After all, who is to say what it means for "The right of the people to be secure in their persons, houses, papers, and effects,"
A laptop can be used to carry contraband. Pirated software. Nuclear secrets. What makes it different from opening a suitcase?
There's a few things that make it different. First, by opening a suitcase and performing a cursory inspection, an official doesn't read every notebook and letter the traveler is carrying. A customs official that takes a computer for inspection can do all kinds of unreasonable things to it, and there's little that can be done about it. There's also the problem of figuring out what is illegal: Should a traveler prove that every mp3 he is carrying was ripped legally? Should we have to carry the licenses of all commercial software? It'd be crazy.
And finally, there's the fact that anyone smuggling software will just get an internet connection and send it across through the wire.
Folder on desktop named "Kiddie pics?" Check.
Thousands of JPGs within? Check.
All JPGs are hello.jpg? Checkmate.
I encode all my dangerous stuff with everyday words and string them into mundane sentances disguised as personal communication.
There, everything you need to construct your own death star is in the line above. Oh, and some extra information is hidden in this line about exhaust ports. Damn, I just realized, my encoding for "exhaust ports" renders as "exhaust ports". Well, back to the drawing board.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
I can see the court's argument, and I suppose it really isn't any different, since you're crossing a border. But what's the point? I've heard there's actually a big network that extends internationally outside the United States (an "inter-net" if you will) that makes data transfers into the US without physical hard disks fairly easy. If this is truly the case, wouldn't anything "contraband" be sent via that? (I mean, assuming it's not too difficult to get an account on this network.)
I don't think you'd need to encrypt anything. Your laptop won't be on when they begin their inspection, right? So add another account that you fully cooperate with them with that has access to nothing, and maybe has some default pictures and stuff for them to browse around with. Configure login script to fix whatever they screw up on that account on each login. Log into *that* one for them to do their probing. They won't have any way of knowing it isn't your main account. Heck, make that a nice self-healing account that friends can use. Bonus!
If you assume somewhat more sophisticated inspectors, you may want to put what can be construed as nefarious software (nmap, tcpdump, nessus, kismet, etc) in a more secure than normal place.
Now, if you expect the thing to be confiscated, that is a different story.
Finally a plausible reason why JM is conceivable.
No, it's not "opening a sealed envelope". Envelopes can contain toxic chemicals, weapons, etc. Computers only hold information. The difference is that they're now policing thought.
Can they ask to see the contents of a company laptop? If that information is proprietary you have every right to deny them access as an employee or face legal liability for showing others that information. Arguably, they have no right to a laptop that isn't yours or viewing information that you do not have the right to show them; they would need to get a release from the company in order to view that data.
This is my sig. There are many like it but this one is mine.
they can stick theyre hand up your butt, why would you be worried about your laptop. your laptop won't cry in the shower to boy george after it's violating probing.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Better yet, if you need to keep them from snooping around on it, just unhook the mobo from the PSU.
Some days I just get bored and Troll post all the memes I can think of...
As a heavy terminal user I long since lost interest in running a desktop environment. This has become a problem when I travel internationally, something I do very often.
On two separate occassions I've been asked to boot my machine. On both occassions the security officials became quite disturbed when they saw a text only boot sequence. One asked me to turn the machine off immediately and after 30 minutes I was able to explain what was on my computer in a way they liked. The second incident was worse. Once my laptop had come out of suspend-to-RAM the security guy demanded "Log into your computer please". On seeing a single maximised xterm he became nervous. He held me until an official came down from upstairs, who promptly laughed warmly and said "It's unix. It's OK".
I know a couple of other people that have been in very similar situations.
These days I have a session manager such that I can boot into a clean GNOME desktop should such a situation arise, complete with soothing coastal background image.
The rationale for having me boot my computer apparently was that it may be a bomb, not that my contents might be suspicious. The logic of having me sit in front of them and power on a bomb just to find out if it is, in fact, a bomb still escapes me to this day. Nearly as bizarre as the giant liquids disposal vat at security check: "Please mix your bomb ingredients in this packed airport instead of on the plane. Thankyou."
The 4th amendment does not apply to searches at the border, and it never has. Throughout modern history, every country in the world (the U.S. included) has reserved the right to search anything and everything entering the country, save diplomatic pouches.
The 4th amendment only covers "unreasonable" search and seizure. Border searches are considered reasonable, and therefore require no warrant. This was formally codified by the 1st Congress (thank you Findlaw), who could be assumed to know the intentions of the founding fathers. More intrusive operations over and above a cursory search (such as X-Rays, or I supposed computer checks) only require "reasonable suspicion", as opposed to the more strict "probable cause".
The current version of the law states:
19 USC 1581:
(a) Customs officers
Any officer of the customs may at any time go on board of any vessel
or vehicle at any place in the United States or within the customs
waters or, as he may be authorized, within a customs-enforcement area
established under the Anti-Smuggling Act [19 U.S.C. 1701 et seq.], or at
any other authorized place, without as well as within his district, and
examine the manifest and other documents and papers and examine,
inspect, and search the vessel or vehicle and every part thereof and any
person, trunk, package, or cargo on board, and to this end may hail and
stop such vessel or vehicle, and use all necessary force to compel
compliance.
I would think a search of the hard drive falls well within a "package".
SirWired
If I wanted to get information across the border without being noticed, I'd put it on an FTP site and email the link and login info to myself, to a webmail account that I can access anywhere merely by memorizing the username and password. No need to even have the POP3 access info on the laptop, let alone the "incriminating data".
In fact if transporting data is your only reason for entering the country, just upload the nefarious data to one of the free FTP sites, and email the link to your partners-in-crime. Why risk being caught at the border??
~REZ~ #43301. Who'd fake being me anyway?
I sure get tired of the fools who think international borders should be treated as carelessly as the border between Nevada and California. I can only think they've lived so long in a world that seems totally harmless, like trust-fund babies who've never left the crime-free gated community, that they now naively think there's just no more evil left in the world. So they can't see all this fuss about actually, you know, making sure that folks coming into the country are not up to seriously bad things.
They remind me a bit of the similar folks who fuss about the dangers of vaccines or chlorine in the water supply, because they've lived in a world with powerful antibiotics so long they no longer really believe that deadly bacteria exist and can kill you dead without some basic precautions at the similar "border" between one's body and the outside world.
They are not looking for passwords to nuclear reactor equipment - the clowns at the border probably wouldn't recognize such lists unless they were marked "passwords to nuclear reactor equipment." They're not even looking for bootlegged movies because they'd be detaining damn near everyone with a laptop.
No, they are pretty much just looking for naughty pix of little kids - that's it. And much as someone might find that offensive, sorry it just aint "dangerous."
It's encouraging to see ONE judge in this country got it right - _personal_ computers are an extension of our mind and deserve the utmost protection.
The Carroll Doctrine (aka the "automobile exception", aka Carroll v. US) says that although they can seize a locked container in transit, they can't search it without a warrant. If no warrant is forthcoming, they have to return the locked container unsearched - they can't destroy it or confiscate it. There have been plenty of court cases since (California v. Acevedo, US v. Chadwick, US v. Ross, Chambers v. Maroney, et. al.) that have clearly established the rights of "persons" (as opposed to merely "citizens") under the Fourth Amendment. And even though the USSC has said that people crossing into the US have a diminished expectation of privacy and border guards have expanded powers of search and seizure because of the exigent nature of the circumstances surrounding a border crossing (in particular, no probable cause is needed before a search), there still is no support as far as I've been able to find for the warrantless search of a locked container absent any sort of either probable cause or even reasonable suspicion. It follows that the government can search my hard drive without a warrant at a border crossing, but what happens when they happen across that TOPSECRET encrypted folder?
It's going to interesting the first time one of these cases reaches the USSC. What happens if I encrypt my data with AES 256 (certified for TOP SECRET data), I get stopped at the border, and I refuse to give up my encryption key? Since I'm a citizen, they can't deny me entry, they can't hold me until I give up my key, and they can't decrypt the data. An interesting situation. As a former police officer, I know how I'd handle the situation without breaking the law and without holding the subject in jail, but I doubt that most DHS folks would have that much creative imagination.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
No. But if I'm understanding some other posters here, they DO have the authority to simply keep your laptop. That seems to be the problem with most of these "solutions": no, the Feds don't get to see your data. But you're out maybe $1500 worth of laptop that you'll never see again.
Chris Mattern
Lord Vader does not skip lunch, fool! ... ... ...
*CTHHHHK*
*KHHHHH*
*CTHHHHK*
*KHHHHH*
Now bring me my burrito!
Please stop stalking me, bro.
Kinda vague, is not it? What's reasonable? Up to the courts, really...
And the courts have determined, that such "administrative searches" are Ok "as long as they are "conducted as part of a scheme that has as its purpose something "other than the gathering of evidence for criminal prosecutions."
In Soviet Washington the swamp drains you.