Slashdot Mirror
Whitehat Hacker Moxie Marlinspike's Laptop, Cellphones Seized
Orome1 writes "The well-known whitehat hacker and security researcher who goes by the handle Moxie Marlinspike has recently experienced firsthand the electronic device search that travelers are sometimes submitted to by border agents when entering the country. He was returning from the Dominican Republic by plane, and when he landed at JFK airport, he was greeted by two US Customs officials and taken to a detention room where they kept him for almost five hours, took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them."
Link to longer article at CNET
took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them.
Really, why try to sensationalize a story by omitting its outcome?
The fact that something as diriculous as "incoming data storage devices searches" even
exist should be enough of a story by itself, and that has been known for quite a while.
The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts. Border searches have long had a broader definition of reasonable (since the very first session of congress), and are not limited to safety and contraband. FindLaw has additional commentary on the issue.
Once again, Customs is a legitimate and competent part of the government. The TSA is neither. Yes, they both fall under DHS. However, the Army Corp of Engineers and the NSA both fall under the DOD but are very different. Further, the TSA and Customs are regulated by different parts of the CFR. 19 CFR for Customs and 49 CFR for TSA. As in, you're wrong.
He could put the contents of the hard drive on a webserver, wipe the hard drive clean, then download the data once in the country.
No, the authors of the constitution didn't anticipate everything. But they anticipated quite a bit, and that includes unanticipated technology and social issues. In order to give the government the ability to deal with change, the constitution contains article V, which is the portion that outlines the procedure for amendment. Excepting amendment, they expected the constitution to be followed. Not "interpreted."
Our government, however, has fiddled its way into a situation where it does whatever the heck it wants. Make no law? Let's make some law!!! No state religion? Let's print Christian stuff on the money, carve it into buildings, sing it in the anthem, and best of all, use it in the courts for swearing... that'll teach 'em. Shall not infringe? Yay, let's infringe! Regulate among the states? Let's regulate IN the states! No ex post facto laws? Oh *heck* no, we GOTTA make those! Enumerated powers? Nah, let's just do anything we want, the heck with that! Warrants to search? Um... only in the interior of the country. And even then, maybe not. Probable cause? That's the same as "We like to grope", isn't it? Sure! No double jeopardy? Oh, that's easy, we'll just toss them back and forth between the criminal and civil court systems, they'll never figure that one out! Trial by jury? Same as "Lock in closet indefinitely, no lawyer, no phone call, innit?" Cruel and unusual punishment... yeah, what was that awesome torture we hung the Axis defendants for using at the war crimes trials? Oh yeah, water-boarding... let's do THAT! (and let's not forget we have rendition to play with, either.) Excessive bail shall not be imposed... heck with that, we'll ask whatever we want! Powers reserved to the states? Bwahahahaha. Oh, and the article III kicker... judicial power in constitutional cases: nah... let's just Make Stuff Up and skip that whole article V inconvenience.*
(*) It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.
Here in the US, we have government that has usurped powers far outside the explicitly authorized bounds. And that most certainly includes the judiciary.
In the end, it turns out that what the authors of the constitution wrote matters very little in our current legal system, because that document is treated by the government as barely relevant at this point in time, and even at that, only when it is convenient. Otherwise they ignore it, make things up, or simply plow ahead regardless.
I've fallen off your lawn, and I can't get up.
Right, and if you read the CNET article he mentions that he's already disposed of all the checked hardware.
He also mentioned that the extra cost of hardware + embarrassment of missing meetings due to being detained and missing flights means his business is losing contracts and money, and he's thinking of refusing international clients. Maybe that's the government's goal.
You don't just have to be paranoid about government interference to be worried when there's ordinary crime along the lines of the ordinary thefts that we already see.
For instance the low paid TSA guys could be paid kickbacks to put keyloggers on there so that criminals can get credit card numbers. The lack of accountability would mean that it would be a very long time before somebody in that position would be caught even if there was a lot of evidence.
Personally I think we should get rid of that entire knee-jerk reaction organisation and replace their security guard style workforce with professional law enforcement with a clear chain of command and true accountability as was recommended in the first place. We wouldn't need anywhere near as many people and it would not cost as much. The only downside is it takes time to train such a group. We've got time, we've already had seven years of the sort of security staff you have to prevent shoplifting.
As for the second, please explain how in the fuck you get labeled a "white hat" for showing up at black hat conferences and showing everyone how to MITM SSL?
Black hats don't hold conferences (in meatspace). There's just a conference called Black Hat which, by the nature of information from the conference being made public, is actually a white hat conference. It actually started out as something closer to a true black hat conference but of course that didn't last long.
Black hats have their conferences in various chat rooms and forums. When they meet, you don't know about it.
"When information is power, privacy is freedom" - Jah-Wren Ryel
"This airport theatre is OBSCENE, ethically and morally wrong on EVERY level."
Vote with your wallet and don't fly. Deny the airlines money by not using their services. The purpose of security theater is mostly to restore faith in air travel and keep the airlines running.
We can afford to lose a few airliners as easily as we afford to lose thousands of terrestrial travellers in auto crashes, if we CHOOSE an equal level of indifference.
It's about psychological impact, not dead people. Life is cheap except when taken in exotic ways with lots of media coverage.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Again I think it is geeks puffing their own egos. Please remember that there's a vast, VAST gulf between law enforcement wanting to harass some guy, and a national intelligence agency being willing to spend a lot of money to try and snoop on them in an extremely covert manner. Remember that for the NSA to get involved, they have to be willing to break the law. Law says NSA is foreign only in their intelligence gathering. They can monitor communications to and from foreign locations, or systems that are on foreign soil but that's it. No monitoring in the US. I'm not saying they obey that in all cases, but that is the law meaning that if they got evidence its usefulness in a criminal trial would be nil.
So for them to even be willing to do that, there has to be a good reason. Then you are talking about some serious money spent to develop this custom monitoring BIOS that is both undetectable, unflashable, and ready to deploy on the specific device(s) this guy has. Then after all that, the totally ruin the secrecy by a big fluff up at the border.
Really? Sorry, but pushes the bounds of credibility way too far for me.
Remember that in terms of covert surveillance the US law enforcement agencies can do that very well, they just need a warrant. They could then tap his communications, place cameras in his house, monitor with tempest, whatever they get a warrant for, and do it all covertly. Also any evidence obtained in that way is 100% legal, unlike evidence the NSA got.
So why the border thing? Because they've got shit. They aren't expending any massive resources because there's no evidence of anything. The NSA isn't going to spend millions to try and monitor some guy illegally for no reason. However no warrant or anything is needed at the border so they harass him. Doesn't cost anything (the agents are already there) and so on. Also didn't accomplish anything but there you go.
Sorry but I just can't support this massive ego complex so many geeks have of thinking they are so important that the government will go to extremely difficult, nefarious, lengths just to try and monitor them, all while doing it in an extremely incompetent fashion. No, they won't. You are not that important, nor that sneaky. If there's a real problem they'll get a warrant to monitor and/or search for the evidence needed.
Umm I think you missed the news announcement. They are already testing this at bus stations and train stations. So there is no need to wait, it is already here.
Here is the TSA patting people down at a bus station.
http://www.youtube.com/watch?v=_hT8hfrak9I
Looks like the TSA are already at train terminals.
http://www.youtube.com/watch?v=ORdBoG8qv9w
So it would seem that they are only left with us traveling by car. Although I hear that they have vans with the scanners in them and are going to use them at the borders to scan cars without people getting out them. Here is the company that is selling them.
http://www.as-e.com/
So it only a matter of time before the TSA is everywhere scanning everyone at the rate they are going.