Slashdot Mirror
US Courts Consider Legality of Laptop Inspection
ceide2000 writes "The government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer's hard drive, the government says, is no different from looking through a suitcase. One federal appeals court has agreed, and a second seems ready to follow suit." This story follows up on a story about laptop confiscation at the borders from a few months ago.
next is your banking information, previous employments, medical history and telephone calls made in the past 6 months.
Welcome to the USA.
Can they demand you decrypt data or, worse, provide the key?
This is not suitcase snooping, this is opening a sealed envelope found within my suitcase and reading the contents even though both the suitcase and envelope test negative on the bomb sniffer.
I pity the foo that isn't metasyntactic
A. You can decrypt the data
B. You can go back where you came from
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
I think the answer is: no, that's not allowed. They are allowed to search in order to satisfy themselves that it is a book/document and not something nefarious (bomb, contraband, etc.)... but beyond that they cannot go rummaging through any data you happen to be carrying on your person.
By analogy, I would expect that physically inspecting a laptop (to make sure it's not hiding anything nefarious) is okay, but I can't think of a legitimate reason to start scanning through the data on it.
I guess if they're going to ignore the 4th Amendment when it comes to suitcases, they might as well ignore it when it comes to laptops. After all, who is to say what it means for "The right of the people to be secure in their persons, houses, papers, and effects,"
Folder on desktop named "Kiddie pics?" Check.
Thousands of JPGs within? Check.
All JPGs are hello.jpg? Checkmate.
I encode all my dangerous stuff with everyday words and string them into mundane sentances disguised as personal communication.
There, everything you need to construct your own death star is in the line above. Oh, and some extra information is hidden in this line about exhaust ports. Damn, I just realized, my encoding for "exhaust ports" renders as "exhaust ports". Well, back to the drawing board.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
I can see the court's argument, and I suppose it really isn't any different, since you're crossing a border. But what's the point? I've heard there's actually a big network that extends internationally outside the United States (an "inter-net" if you will) that makes data transfers into the US without physical hard disks fairly easy. If this is truly the case, wouldn't anything "contraband" be sent via that? (I mean, assuming it's not too difficult to get an account on this network.)
I don't think you'd need to encrypt anything. Your laptop won't be on when they begin their inspection, right? So add another account that you fully cooperate with them with that has access to nothing, and maybe has some default pictures and stuff for them to browse around with. Configure login script to fix whatever they screw up on that account on each login. Log into *that* one for them to do their probing. They won't have any way of knowing it isn't your main account. Heck, make that a nice self-healing account that friends can use. Bonus!
If you assume somewhat more sophisticated inspectors, you may want to put what can be construed as nefarious software (nmap, tcpdump, nessus, kismet, etc) in a more secure than normal place.
Now, if you expect the thing to be confiscated, that is a different story.
No, it's not "opening a sealed envelope". Envelopes can contain toxic chemicals, weapons, etc. Computers only hold information. The difference is that they're now policing thought.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
As a heavy terminal user I long since lost interest in running a desktop environment. This has become a problem when I travel internationally, something I do very often.
On two separate occassions I've been asked to boot my machine. On both occassions the security officials became quite disturbed when they saw a text only boot sequence. One asked me to turn the machine off immediately and after 30 minutes I was able to explain what was on my computer in a way they liked. The second incident was worse. Once my laptop had come out of suspend-to-RAM the security guy demanded "Log into your computer please". On seeing a single maximised xterm he became nervous. He held me until an official came down from upstairs, who promptly laughed warmly and said "It's unix. It's OK".
I know a couple of other people that have been in very similar situations.
These days I have a session manager such that I can boot into a clean GNOME desktop should such a situation arise, complete with soothing coastal background image.
The rationale for having me boot my computer apparently was that it may be a bomb, not that my contents might be suspicious. The logic of having me sit in front of them and power on a bomb just to find out if it is, in fact, a bomb still escapes me to this day. Nearly as bizarre as the giant liquids disposal vat at security check: "Please mix your bomb ingredients in this packed airport instead of on the plane. Thankyou."
The 4th amendment does not apply to searches at the border, and it never has. Throughout modern history, every country in the world (the U.S. included) has reserved the right to search anything and everything entering the country, save diplomatic pouches.
The 4th amendment only covers "unreasonable" search and seizure. Border searches are considered reasonable, and therefore require no warrant. This was formally codified by the 1st Congress (thank you Findlaw), who could be assumed to know the intentions of the founding fathers. More intrusive operations over and above a cursory search (such as X-Rays, or I supposed computer checks) only require "reasonable suspicion", as opposed to the more strict "probable cause".
The current version of the law states:
19 USC 1581:
(a) Customs officers
Any officer of the customs may at any time go on board of any vessel
or vehicle at any place in the United States or within the customs
waters or, as he may be authorized, within a customs-enforcement area
established under the Anti-Smuggling Act [19 U.S.C. 1701 et seq.], or at
any other authorized place, without as well as within his district, and
examine the manifest and other documents and papers and examine,
inspect, and search the vessel or vehicle and every part thereof and any
person, trunk, package, or cargo on board, and to this end may hail and
stop such vessel or vehicle, and use all necessary force to compel
compliance.
I would think a search of the hard drive falls well within a "package".
SirWired
The US Customs agency is operating under the mandate that they can detain you and/or inspect you arbitrarily, and that you have no legal recourse against it.
You used to be able to say "I withdraw my petition to enter your country" and they'd just basically ship you back. Now, they don't really care. Gonzales basically gave them a legal opinion that says you, as a foreign national, have no legal protections or expectation of privacy. I'm not sure of the specifics, but at one point, they said "we can do anything we like".
Refusing to give them the information on the grounds of a NDA will mean nothing to them. They'll jail you if they want to. They are not bound by your NDA, and they can compel you to answer whatever they ask or open what they request.
I wouldn't be willing to try to stand behind an NDA with my company at a US border -- but then again, I don't plan on presenting myself to one any more. Over the last few years, I have decided that there really isn't a compelling enough reason to travel to the US. The level of draconian crap and complete loss of rights which can ensue is just not worth the exposure or the risk.
It gets echoed a lot here on Slashdot, but an awful lot of people simply will not travel to the US again.
Cheers
Lost at C:>. Found at C.
They are not looking for passwords to nuclear reactor equipment - the clowns at the border probably wouldn't recognize such lists unless they were marked "passwords to nuclear reactor equipment." They're not even looking for bootlegged movies because they'd be detaining damn near everyone with a laptop.
No, they are pretty much just looking for naughty pix of little kids - that's it. And much as someone might find that offensive, sorry it just aint "dangerous."
It's encouraging to see ONE judge in this country got it right - _personal_ computers are an extension of our mind and deserve the utmost protection.
The Carroll Doctrine (aka the "automobile exception", aka Carroll v. US) says that although they can seize a locked container in transit, they can't search it without a warrant. If no warrant is forthcoming, they have to return the locked container unsearched - they can't destroy it or confiscate it. There have been plenty of court cases since (California v. Acevedo, US v. Chadwick, US v. Ross, Chambers v. Maroney, et. al.) that have clearly established the rights of "persons" (as opposed to merely "citizens") under the Fourth Amendment. And even though the USSC has said that people crossing into the US have a diminished expectation of privacy and border guards have expanded powers of search and seizure because of the exigent nature of the circumstances surrounding a border crossing (in particular, no probable cause is needed before a search), there still is no support as far as I've been able to find for the warrantless search of a locked container absent any sort of either probable cause or even reasonable suspicion. It follows that the government can search my hard drive without a warrant at a border crossing, but what happens when they happen across that TOPSECRET encrypted folder?
It's going to interesting the first time one of these cases reaches the USSC. What happens if I encrypt my data with AES 256 (certified for TOP SECRET data), I get stopped at the border, and I refuse to give up my encryption key? Since I'm a citizen, they can't deny me entry, they can't hold me until I give up my key, and they can't decrypt the data. An interesting situation. As a former police officer, I know how I'd handle the situation without breaking the law and without holding the subject in jail, but I doubt that most DHS folks would have that much creative imagination.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu