Slashdot Mirror
Whitehat Hacker Moxie Marlinspike's Laptop, Cellphones Seized
Orome1 writes "The well-known whitehat hacker and security researcher who goes by the handle Moxie Marlinspike has recently experienced firsthand the electronic device search that travelers are sometimes submitted to by border agents when entering the country. He was returning from the Dominican Republic by plane, and when he landed at JFK airport, he was greeted by two US Customs officials and taken to a detention room where they kept him for almost five hours, took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them."
Customs are not TSA.
They are all under the umbrella of the Department of Homeland Security whose core mission is to annoy, harass, and humiliate law-abiding citizens while letting the crooks slip through the cracks.
In short, federal policing powers given to the creme de la crap.
I'm still not sure how this doesn't violate the Fourth Amendment. Customs has the right to view your belongings for *safety* reasons, and to ensure that the items you are carrying are not contraband. Does code constitute contraband now? Can you be arrested for having code on your machine? I'm not talking about copyrighted, installed programs.... if something is encrypted, isn't that the same as having a secret in your mind? You know they dumped his drive, but the main question is whether they're allowed to. Isn't that stealing from the passenger then?
Link to longer article at CNET
uhh, customs and TSA have nothing in common. Customs is a legitimate part of the federal government. TSA is neither legitimate nor competent.
Generally, I agree with the mission of customs, inspect stuff coming into the country. But it does not take 5 hours to do so for some guys laptops and a person should not be required to hand over passwords to their own computers.
uhh, customs and TSA have nothing in common.
Other than they are part of the same organizational chart.
What one fool can do, another can. (Ancient Simian Proverb)
Logic dictates that you'd send an agent at least as smart as the suspect to do the HD search. Granted, this is the government...
took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them.
Really, why try to sensationalize a story by omitting its outcome?
The fact that something as diriculous as "incoming data storage devices searches" even
exist should be enough of a story by itself, and that has been known for quite a while.
I worked through this policy myself as an intellectual exercise (A protocol for China. Or Defcon. Take your pick).
Basically, take a laptop with an easy to swap hard drive. Swap in a new drive, with a clean image, and no access credentials except to a temporary dropbox account for emergency mail and/or working set.
Now if you are intercepted, there is no data TO capture, and you can remove all but hardware/bios trojans by a wipe and reinstall.
As a bonus, you can just take out the drive, hand it to customs, and let them have fun with it.
Test your net with Netalyzr
The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts. Border searches have long had a broader definition of reasonable (since the very first session of congress), and are not limited to safety and contraband. FindLaw has additional commentary on the issue.
Once again, Customs is a legitimate and competent part of the government. The TSA is neither. Yes, they both fall under DHS. However, the Army Corp of Engineers and the NSA both fall under the DOD but are very different. Further, the TSA and Customs are regulated by different parts of the CFR. 19 CFR for Customs and 49 CFR for TSA. As in, you're wrong.
"Customs is a legitimate and competent part of the government."
A part of the government that is both legitimate and competent? I never knew such a thing existed!
Filthy, filthy copyrapists!
If the govt. is interested in you, it's going to be interested in your computers and cell phones. Makes sense, right? So if you don't want the govt. diddling your electronics, don't carry them on airplanes or across an international border. Isn't that pretty simple? The alternative is to have multiple sets of cell phones and computers: one set with all the good stuff on it, one set with nothing important on it that goes with you on planes and across borders so the government agents will have something to amuse themselves with when they detain you.
If it's on the hard drive, and it's not encrypted, one should not expect it to be secret unless you can limit who touches that data. There's tools like those put out Access Data, and some other ones I can't remember cuz I haven't used them in class.. but they make the process of carving data out of a hard drive pretty darn easy.
FTK (or is it PRTK? I ain't no expert, dawgs) even goes through the hard drive, looks at phrases and words on the disk in some fashion, and creates a dictionary you can use to try to start cracking at any encryption there is :D Lots of money to be made if you want to be a Forensic Investigator, though I'm looking more towards playing with servers in the future..
I'd smash it with a hammer.
I would never trust my hardware again once I had handed it over to some customs (or other government agent) goons, and it left my sight. I would rather just remove the hard drive and hand it alone over to them, at least then I wouldn't have to trash the whole thing.
There's really no way to be 100% sure you successfully "re-flashed" the BIOS, or cleaned all hardware as some posters have said they would do. Not to mention: There could be additional hardware installed, 5 hours is a long time...
You could tear your machine apart and inspect it all you want, but it's well known once the enemy has unfettered physical access to a device, all bets are off.
It's about questioning authority. It's about unreasonableness. It's about personal liberty & heavy-handed government. It's about "give an inch and they'll take a yard." (There's more but I hope that's sufficient.)
What one fool can do, another can. (Ancient Simian Proverb)
That's not fair. From his Wikipedia page he seems to be obsessed with finding ways to man in the middle SSL connections so he can present them at Black Hat conferences and allow people to commercialise the for as long as possible before they are fixed.
Where would we be as a society if that it were possible for people to make secure SSL connections to their banks for example? That would be a nightmarish world where it would be impossible to redistribute income from the first world bourgeoisie to more worthy informal entrepreneurs in impoverished countries like China, Eastern Europe or Nigeria.
I think he's doing socially very useful work. I'd recommend a prize for him, except he's probably not short of cash.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
He could put the contents of the hard drive on a webserver, wipe the hard drive clean, then download the data once in the country.
I travel to the US a lot for business. What I do is Fedex my "real" hdd to the hotel I'm planning on staying at, usually 1 day before travel to the US is enough for it to be there waiting for me when I arrive at check-in (obviously its an encrypted disk).
I travel with my laptop, with a small capacity hdd that has a clean install, some common oss apps installed, some bogus documents downloaded from scribed, some fake e-mail accounts with credentials saved in firefox and some typical surfing history. The aim is to make them feel like they've found the stuff they're looking for and that there isn't anything worth pursuing - rather than trying to be a smart-ass that makes them even more intent on performing those unwanted rectal examinations. I've had my laptop taken twice in the last 3 years, and on both occasions after providing access details, I was given the laptop back within 5-10mins, other people i know that tried to screw over the TSA/customs by not providing all the access details they wanted, ended up never seeing their machines again.
Though now with the new scanners at play in the airports, I'm trying to reduce my travel to the US to a minimum. If I have to travel, I charge a premium for the various inconveniences endured, most clients are sympathetic and pay without much fuss.
TrueCrypt because it works.
FTK, PRTK?
Pffft, The FBI knows about those, and still didn't crack the TrueCrypt volume.
I can't think of a single thing that could be carried on any laptop that warrants the harrassment of millions a year.
Even if a 9/11 scale event happened every single year, it would take more than four years to match a single year of alcohol-related deaths in the U.S.
Problem is it is going to have to get tested in courts, mostly likely the supreme court, and that takes time. Searches at the border themselves are completely legal. That has been established long ago. You have no expectation of privacy there, and the government has a right, and duty, to secure its borders. However the idea behind this was searching for contraband more or less. A regular search. The whole "copying your entire harddrive" or "taking your computer and not giving it back for months" is not something that was considered because such devices weren't around.
Well that being the case there's three ways this could change:
1) The president could order it stopped. Even if the government does have the authority, they don't have to exercise it. However the whole thing started with the executive and it is pretty clear the president has no wish to put a stop to it.
2) Congress could pass a law stopping it, or more generally defining what is and is not allowed in border searches. Pretty clear they are not at all interested in that.
3) The Supreme Court could find the searches unconstitutional. I think there's a reasonable chance that would happen, but only if a case reaches them. Unfortunately that is kinda hard. More or less someone has to either be convicted of criminal charges base don evidence obtained in this way, or harmed by it in some manner giving them standing to file a suit. It then has to work its way up. Also, it needs to be a good case. Any civil rights lawyer that would take it up to the SC would want a solid case because if you lose, then you are fucked and getting it reversed would be near impossible.
As such this shit will probably continue for a good while.
What you can do about it is write to the president and your representatives and let them know this is an issue that matters to you and one you'll vote on. The only hope of getting the practice changed any time soon is to get the president to order it halted, or congress to pass a law preventing it.
I brought a just an internal sata hard drive to Canada from the US, while in Canada I wiped it clean. On the way back into the US they stopped me for a few hours.. They seemed to not get the concept of bring just a hard drive, I think if it would have been an external drive they wouldn't have gave me so much grief. When I got home there were large files all over the drive.. I can only assume they did that to overwrite anything hidden on the drive, which there wasn't. I found it to be a long waste of time and the people to be a bit clueless.....
s/©//g
Data has nothing to do with customs. They are overstepping their jurisdiction just to bully people.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Regardless of how long it takes, there is no reason to search laptops at the border. Anyone truly interested in slyly transmitting data across the US border would never be foolish enough to accompany said data on the trip. It is _trivial_ to transmit data undetected into the US (nice to meet you, internet. how long have you been there?); what justification is there for searching laptops in the first place?
The secret to creativity is knowing how to hide your sources. - Albert Einstein
Other than their recently uncovered fetish for porn the intention of customs is good.
The idea of customs looking for data in the 21st century is laughable, have they not heard of the internet? That's where I import my data from.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Then get rid of your computer. Seriously, because something like that you aren't talking half-assed law enforcement agency (which is what CBP is) you are talking national intelligence agency that really, really, wants your shit. Well you think that the only time they could pull something like that is at an obvious stop? Not hardly. They could do it before you ever get your hardware. So you order a new motherboard, they intercept the motherboard in transit, replace it with one they've modified, and on it goes to you.
At some point, you have to realize that it is just not worth it, you aren't as valuable as you think you are, and simply trust that your computer is probably fine. If you jump at shadows as badly as your post suggests, then you can never trust any computer ever that you didn't personally build every part on yourself.
Next time, take a broken hard drive with you. That will give them a challenge. :-)
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
You know, you should have brought the HD to the authorities and explain that some terrorist mole at Customs had placed unknown files, probably containing steganographed information, on your drive for later "retrieval" by burglary and that you were rightfully afraid for your life because the terrorists obviously wouldn't be willing to leave any witnesses behind. That would have been a giant hoot.
Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
Hey, at least get your terminology right, those guys didn't spend all that time at Gooning classes to be called 'thugs'.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
Without people looking for vulnerabilities in SSL and publishing the results there would be other people looking for vulnerabilities in SSL and not publishing, just using them to steal.
Security crackers that publish their results are essential to making sure we are really secure, not that we just think we are.
So, Customs tried to erase all of your data on that drive? (If the drive was in a file system that they didn't recognize, like EXT3 or such, then writing files would destroy data)
Actually, why would customs mount the drive in a way that it could be modified at all? It seems like if they can modify it, anything they found would be tainted.
If I have nothing to hide, don't search me
Furthermore, he was being searched by customs after returning from a know drug smuggling point.
Yes, because certain criminals use the Dominican Republic to trade drugs, it's completely reasonable to assume that this person was involved in such activities. After all, nobody would go there to experience the culture, the cuisine, or the wide, sandy, sun-drenched beaches.
However, let's not forget that this guy is an American. There's more drug trading and murder going on in the US than in the Dominican. Obviously that makes him a gun-toting, murdering, drug lord, like all other Americans. I've seen Breaking Bad. The world would no doubt be a safer place if we didn't let Americans get out of the US.
When our name is on the back of your car, we're behind you all the way!
> legitimate and competent
Really? So harassing someone and stealing their kit in the airport is "legitimate and competent"?
If someone *really* wanted to smuggle "illegal" data of some kind into the country, they wouldn't be daft enough to travel with it on their laptop. They'd encrypt it and email it to themselves; or upload it to a cloud storage service, or have a file server of their own to FTP it into; or dump it into some random usenet group; or any of probably a dozen other ways to move data without physically carrying anything incriminating with them. The fact that this is lost on these thugs kind of blows "competent" out of the water.
That just leaves "legitimate". And I guess that depend on whether or not you believe in the fourth amendment to the constitution or not.
Imagine all the people...
Yes, there is money to be made as an investigator... a lot more to STOP the investigators. You could take every machine in my home (assuming you could find them all which is a lot harder than it sounds - take a notebook out of its case and slurp off of a line in the wall and unless they are REALLY motivated, someone generally won't find it). For all of the respect a lot of agencies get, you've got to remember that the best and brightest DON'T WORK FOR THE GOVERNMENT. Why would they? I've worked with the government enough to know this. For every competent INFOSEC professional, there're 10s if not 100s of incompetent ones. The smart ones get a clearance on their resume and then go work for six figures in the private sector. Just one thing to remember.... crypto isn't meant to stop someone... only delay them. In 1973-1974 IBM came up with a crypto algorithm based on Lucifer, the NSA took it, played with it some (they swapped the S-boxs), and gave it back, it later became known as DES. For years (and even now... which is really silly) people thought that the NSA weakened the code or put in some kind of backdoor. Why the NSA did it (and IBM knew of this method but agreed to keep it secret) didn't come out until about 20 years later. Eli Biham and Adi Shamir published a paper on differential cryptanalysis, the best method for breaking block cryptos. The changes the NSA made actually the code RESISTANT to the attack. This tells us two things. One, the NSA (and IBM) had attacks that others didn't figure out for almost 20 years. Two, they managed to keep it a secret. Hidden volumes, crypto, and solid tradecraft are all good things but when against and enemy with nearly limitless resources (and the tax-free money to rent... er hire for consultation the ones they need) you really don't stand a chance.
"Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
So...
Whatever happened to him in the mean time is OK so long as it reaches a satisfactory conclusion?
Most^H^H^H^H Some Slashdotters are smart enough to understand that the ends never justify the means, that this person was picked on, detained for 5 hours and subjected to an invasive search was _not_ all well and good because he got his laptop back.
In the end, I'd put good money on this person being picked up because he was coming in from the Dom Rep rather then because he was Moxie Marlinspike. The TSA likes to pick on single males coming in from potential sex tourism destinations, perhaps because it's the low hanging fruit. Bust a few guys coming back from the Philippines with some home made porn (a pic of a naked Pinay is not hard to get) and make it look like you're doing a great job, after all who would defend these dirty sex pests (they are probably all pedo's anyway). Incompetence rather then malice, but the end result is the same.
Calling someone a "hater" only means you can not rationally rebut their argument.
When traveling out-of-country, do not:
Bring your best laptop with you. Bring a cheapie that you don't mind losing. This way you don't have any real qualms about abandoning it when these ass-wipes pull this.
Keep anything important on the machine, encrypted or otherwise. Have an internet dead-drop you can push things to before crossing borders.
Leave anything important on the machine. Use a decent file shredder to eliminate it.
Chas - The one, the only.
THANK GOD!!!
***They are all under the umbrella of the Department of Homeland Security whose core mission is to annoy, harass, and humiliate law-abiding citizens while letting the crooks slip through the cracks. ***
Very dubious. The DHS clownshow shows little sign of being competent enough to identify crooks well enough to let them through. Sleep well tonight, terrorists have exactly the same chance of being harassed by the DHS as anyone else.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
This gives me the idea of building a slightly custom drive. It's not hard to do, really; remove the platters and there's plenty of space inside, then just put a cable to the outside controller board, concealed under it. The first idea that comes to mind is a drive that happily accepts all write and erase commands, yet presents a read-only filesystem.. say, with a troll image.. or better yet a *different* filesystem each time it's powered. Have fun imaging that. If you want writable storage, it could do a straight log of what the intrusive party did to the drive. The technology is near identical to current hybrid hard drives.
Uh, I don't know about you, but I would prefer to keep possession of my OTHER computer equipment. If you haven't realized already the authorities in most countries can seize "everything" given a good enough excuse.
When they figure out the truth, they could pretend to take you way more seriously than you ever want. And you would have given them the paperwork to cover their asses for it.
Perhaps you can do what you propose, then the rest of us can discuss the resulting story on Slashdot.
Call me paranoid, but either U.S. Customs/DHS is totally stupid, or smuggling data into the country physically is the only way to get it in without being noticed nowadays. Has anyone looked into the possibility that Echelon and it's progeny might be active after all? Maybe the NSA can, to a high degree of confidence, wade though all online data traveling across the U.S. backbones. If they can't, and it's really that easy to get data into the U.S. via the 'Net, then the searches of the laptops are either A) only a good way to catch the two people too dumb not to keep their drug kingpin boss's accounts in quickbooks, or B) so incredibly daft that it's mind-blowing. Or, to take it to the next level of crazy paranoia, they want us to think that we have to send data over the interwebs to get it "past customs" so they can slurp it all up into their giant multi-petaflop interweb analyzer.
I'd love to see statistics on how many prosecutions have resulted from border-laptop-searches. Unfortunately, I think the dumb answer is probably correct.
"Next time, take a broken hard drive with you. That will give them a challenge. :-)"
They'll probably just think it's one they've already processed.
Sending all your Data onto one of those $10 per month multi-gigabyte file hosting companies sounds like US Customs just itching to install a middle-man to Regulate you.
I briefly remember how US Customs didn't like seeing that I sent broken computer hardware back and forth to Ireland as declared to be usually $10 and sometimes $0, to be repaired and then re-imported at a restored value; eventually US Customs looked at my broken dismembered assemblies for part numbers and started cataloguing them at full retail value and taxed me as retail and then when a finished product was imported they would tax me again. It's completely absurd, no different than someone exporting their raw steel and being taxed as though they were exporting a finished Lambourghini and then importing the same to be taxed again.
US Customs, and all the related alphabet Gangs of the federal Government, are nothing more than a revenue-generating bunch of scam artists that would sell-out their own hosting countries they are parasitically attaching theirselves onto by Federation. That's why most of them are secretly privateers trying to move monopoly powers to companies they have Shares or Interest in, and then everyone working under them are always the Felons that do whatever necessary without hesitation to bring the plans in motion. Just one corporation I know of is a perfect example of complete power-grab having nothing to do with helping the people but making them more dependent and feeble-minded: Bureau of Alchol, Tobacco, Firearms, Explosives...what next to add for B.A.T.F.E.ces?
or better dd if=/dev/urandom of=/dev/sdb bs=512
try decrypting THAT
how long until
Oh, this is easy! We'll just beat you with this rubber hose until you give up the key.
The beatings shall continue until the key is revealed!
As for the second, please explain how in the fuck you get labeled a "white hat" for showing up at black hat conferences and showing everyone how to MITM SSL?
Black hats don't hold conferences (in meatspace). There's just a conference called Black Hat which, by the nature of information from the conference being made public, is actually a white hat conference. It actually started out as something closer to a true black hat conference but of course that didn't last long.
Black hats have their conferences in various chat rooms and forums. When they meet, you don't know about it.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Say, you're not one of those people that visits inmates in prison and acts suspicious on the way in just for the free anal probing are you?
Actually, you might try rigging up a USB adapter for those old RLL disks and then just using an RLL drive mailing the adapter to you at home. Let's see how long it takes them to figure out how to access that data. Or better yet, you'd be limited to a minute amount of data, but those old 8" floppy disks have to be hard to read these days.
I don't really agree on the difference.
If there's a tool to exploit the problem then companies using SSL/TLS/whatever can see a clear and present danger.
If someone publishes a vulnerability it's easy to write it off as theoretical and we're back to the situation where black-hats can exploit things.
or better dd if=/dev/urandom of=/dev/sdb bs=512
try decrypting THAT
YOU FUCKER! THAT COMMAND OVERWROTE MY WINDOWS PARTITION!
8 of 13 people found this answer helpful. Did you?
I would suggest entering (or exiting the US), have nothing on your HD/SSD but an OS with a few games/media player and a phone that empty and can be used once for a short time. In that case, why carry a computer and phone at all?
To complete the ritual. No one hides daggers in sleeves any more, but we still shake hands as a greeting.
So why are you complaining? ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
"After all, nobody would go there to experience the culture, the cuisine, or the wide, sandy, sun-drenched beaches."
Doing all that doesn't exclude playing drug mule.
You don't need a password to extract drugs from a hard drive.
When our name is on the back of your car, we're behind you all the way!
What makes you think that something presented at Blackhat isn't after 90 days notice to the developer? That's often the case - the threat of revelation after some fixed time provides some minor incentive to care about the vulnerability.
But even if not, it merely starts a race between the app developer and the exploit developer. In the case of some popular open-source app, the app developers would win the race (because they care, and know the code better). Not the best approach, but far nicer than selling the vulnerability to organized crime and staying quiet about it!
Socialism: a lie told by totalitarians and believed by fools.
Again I think it is geeks puffing their own egos. Please remember that there's a vast, VAST gulf between law enforcement wanting to harass some guy, and a national intelligence agency being willing to spend a lot of money to try and snoop on them in an extremely covert manner. Remember that for the NSA to get involved, they have to be willing to break the law. Law says NSA is foreign only in their intelligence gathering. They can monitor communications to and from foreign locations, or systems that are on foreign soil but that's it. No monitoring in the US. I'm not saying they obey that in all cases, but that is the law meaning that if they got evidence its usefulness in a criminal trial would be nil.
So for them to even be willing to do that, there has to be a good reason. Then you are talking about some serious money spent to develop this custom monitoring BIOS that is both undetectable, unflashable, and ready to deploy on the specific device(s) this guy has. Then after all that, the totally ruin the secrecy by a big fluff up at the border.
Really? Sorry, but pushes the bounds of credibility way too far for me.
Remember that in terms of covert surveillance the US law enforcement agencies can do that very well, they just need a warrant. They could then tap his communications, place cameras in his house, monitor with tempest, whatever they get a warrant for, and do it all covertly. Also any evidence obtained in that way is 100% legal, unlike evidence the NSA got.
So why the border thing? Because they've got shit. They aren't expending any massive resources because there's no evidence of anything. The NSA isn't going to spend millions to try and monitor some guy illegally for no reason. However no warrant or anything is needed at the border so they harass him. Doesn't cost anything (the agents are already there) and so on. Also didn't accomplish anything but there you go.
Sorry but I just can't support this massive ego complex so many geeks have of thinking they are so important that the government will go to extremely difficult, nefarious, lengths just to try and monitor them, all while doing it in an extremely incompetent fashion. No, they won't. You are not that important, nor that sneaky. If there's a real problem they'll get a warrant to monitor and/or search for the evidence needed.
Basically, take a laptop with an easy to swap hard drive. Swap in a new drive, with a clean image, and no access credentials except to a temporary dropbox account for emergency mail and/or working set.
Now if you are intercepted, there is no data TO capture, and you can remove all but hardware/bios trojans by a wipe and reinstall.
As a bonus, you can just take out the drive, hand it to customs, and let them have fun with it.
International corporations are already doing something quite similar to this. You carry an empty laptop with you - and download an encrypted "project package" at your destination to install any special software, and any data you need. You encrypt and upload your product data (if you need to bring it back at all) and run a program that wipes the laptop before return.
But of course spies, criminals and terrorists would never think of doing this.
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.
Except when it comes to installing spyware on people's computers - the cybernetic equivalent.
The point of "quartering troops" in people's homes was not just the seizure of the homeowners' resources to support the occupying army. It was also that the troops - living with the family, eating at their table, etc. - doubled as government spies scrutinizing all aspects of their behavior and most of their belongings. They destroyed the privacy of the home.
Spyware is the same story: Active agents of the governmental power, resident in the victims' space, supported by their resources, privy to their dealings and information, and reporting it back to the powers-that-be.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I brought a just an internal sata hard drive to Canada from the US, while in Canada I wiped it clean. On the way back into the US they stopped me for a few hours.. When I got home there were large files all over the drive..
Sounds like one of three things:
1) They installed some spyware on it.
2) Their machine was virus-infested and infested your drive.
3) Your "wipe" was a remove rather than a reformat-with-surface-analysis and they ran an undelete utility. (Were those files your previous content?)
I hope you held on to that drive - and kept it separate from any machine you're continuing to trust. If it's door number 1) you've got a pristine sample of their latest spyware tools without extraneous files for distraction. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It is _trivial_ to transmit data undetected into the US (nice to meet you, internet. how long have you been there?); what justification is there for searching laptops in the first place?
But you have to transmit the data to something. One of the things they look for when searching a laptop are clues as to which server systems you've been logging into. If they see by your browser history, for example, that you regularly visit hotmail.com, you'll probably be asked to log into your e-mail account so they can look for things there. If they don't find too many documents on your computer, they'll ask where you store them and have you log in there, as well. So, while the laptop might not contain the illegal data, it might contain clues as to where the Customs officers may find them.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
But it's not and until you convince the government to change the laws, those drugs and other things are checked for by customs.
It's not different for your data, it's different because of where it is at.
The courts have long held up the idea that the US government can as being a necessary a right of sovereignty, control what enters the country and this right allows searches at the borders and ports of entry. This sentiment is also shared by our founding fathers insomuch as they created and passed into law, the very first warrant-less search at the border (or port of entry) in the second session of the very first congress of the United states.
BTW, even the US mail is allowed to be searched/read when it comes in from another country. Well, in certain circumstances that is. There are some restrictions written into postal code (a portion of US law) but the courts support not having those protections at all.
I do not store my documents on my laptop. I store them on my server at home. Log into it? From remote? Can't do that, I'm sorry. I don't need my documents on this trip, to why should I have to access them?
Your turn.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.