Slashdot Mirror
NZ Customs Wants Power To Require Passwords
First time accepted submitter Orange Roughy writes New Zealand customs are seeking powers to obtain passwords and encryption keys for travelers. Supposedly they will only act to obtain credentials if it was acting on 'some intelligence or observation of abnormal behaviour.' People who refuse to hand over credentials could face up to three months jail time. From the story: "Customs boss Carolyn Tremain has told MPs the department would only request travellers hand over passwords to their electronic devices if it had a reason to be suspicious about what was on them. The department unleashed a furore last week when it said in a discussion paper that it should be given unrestricted power to force people to divulge passwords to their smartphones and computers at the border. That would be without Customs officials having to show they had any grounds for suspicion."
It's even worse for business travellers. New Zealand is already known to do a lot of industrial spying as part of FIVE EYES.
It's got to the point now where you have to wipe your laptop before travelling, then restore it when you get through customs. Same with your phone. Fortunately it is easy to do both those things these days.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Way to lay down in the street and die just because some with supposed authority asks you to.
There's also a third solution: appear to be compliant while retaining your privacy.
No, it is not.
It is a legitimate invocation of a core reason why Nazism was allowed to rule, despite most Germans being against it.
Goodwin is more about "You do know that Hitler also washed his hands daily". Drawing an analogy that has nothing to do with Nazism.
Shachar
Or what if your work actually FORBIDS you to reveal your password to anyone, under various penalties ? I'd like to see a high US official pass through customs and watch a random rent-a-cop get his password and copy all his files. Right, like this is gonna happen.
Non-Linux Penguins ?
The obvious answer is that they're not hoping to achieve anything through this measure - this isn't about the need to compel passwords from people at the border, this is just a stepping stone onto further and far nastier forms of coercion. It's just part of NZ's National government's gradual push towards greater and greater surveillance. Each step is small - each seems ultimately futile - but taken together they gradually reduce our personal freedoms until suddenly we find ourselves in a police state.
But last election, everyone voted for them. Why?
Well, why not? Getting passwords and checking laptops, phones and whatnot on the border is completely useless waste of time, and won't catch a single criminal or terrorist. People will just travel with clean machines and download anything they need while in the country. What if you don't actually KNOW the password? Company IT department will tell it on the phone to you after you have passed customs? Jailed for 3 months? What if your USB stick contains a "random" datafile? Is it encrypted or just junk? Or some data for some obscure program?
That being said, people will just travel with clean computers, especially the ones that might have something to hide.
EVERYONE should travel with clean computers. It's just common sense. Also, it takes an "I AM Spartacus" approach to the security theater that does nothing anyway, and inconveniences everyone without a real benefit to anyone. Also, if your machine is stolen, lost, damaged, etc., backing things up before the trip is only common sense, and assuming it will be poked and prodded by government assholes and spies only helps you by forcing you to backup data you know you should anyway.
The only issue is the re-downloading of content. How sure can you be that the encryption you're using is REALLY secure? You can't, unless you wrote it yourself, and were COMPETENT to write such software. Best of luck.
Remember: the only truly unbreakable crypto is the one-time-pad, and only if the keys are truly random, truly kept secure, and only ever used ONCE. And even then, you must still be extremely careful, as whenever you let your device out of your site, just assume it's been bugged, had key loggers added to it, etc. You simply can't trust your own technology anymore, since it all came from China anyway...