Canadian Fined For Not Providing Border Agents Smartphone Password

Reader da_foz writes: A Canadian was reentering Canada when he was arrested and charged with hindering or obstructing border officials. At the time traces of cocaine were found on his bags and he was carrying $5,000 in cash. He provided his smartphone to border agents as requested, however refused to provide the password. Canada Border Services Agency officials asked for Philippon's smartphone and its password. From a report: "He handed over his BlackBerry but refused to disclose the code to access the phone. Philippon was arrested and charged under the federal Customs Act, accused of hindering or obstructing border officials." It is unclear if he provided the password while agreeing to the fine.

Boarder Agents

Are those the ones that you rent rooms to?

Re:Boarder Agents

[Krakadoom]

Nah, they were waterboarding agents, but with the drought and all.

Re:Boarder Agents

[damn_registrars]

No, I think they are the ones that you plead the third to. Unfortunately in Canada one might not have the same protections.

Re:Boarder Agents

[CrimsonAvenger]

Hmm, original submission spells it correctly, but the headline doesn't. Another case of semiliterate editors at /.?

Re:Boarder Agents

[lgw]

Unusually for XKCD, it's a multi-comic arc. Go back a couple.

Re: Boarder Agents

[sconeu]

I think Bordeaux agents are the guys you wine about...

What happens when wetware bcomes a thing?

[mark-t]

And a person's password can be at least in part defined by what they are thinking about while they provide the password? Even if laws existed to force you to comply with law enforcement when they ask for access to your device, if a computer can read your state of mind, it could potentially be configured to disregard entry attempts if your attempt to access was not sincere (that is, you were doing so only under duress, or compulsion by another party), and I am pretty sure that no law could ever be created that requires you to *think* in a certain way.

Re:What happens when wetware bcomes a thing?

[stephanruby]

it could potentially be configured to disregard entry attempts if your attempt to access was not sincere

That problem is already solved.

My old Android LG G2 for instance allows me to login under a different profile based on the particular pattern/password I am using. This is handy if you have multiple girlfriends (not that I even have one yet, but I am speaking hypothetically, so let's say I do get one girlfriend, and then a second one). If they see your password/pattern, they're under the illusion that it is your main password, so they can snoop all they want using that same password, and the system doesn't give them a clue that they're in a particular profile.

Of course, you can disable apps and functionality for each particular profile you have on that phone, and that part can be handy if you're loaning your phone to a kid, or to a perfect stranger, but then of course, it may become obvious that they're using a crippled profile if too much standard functionality is missing from it.

And for your laptop, you just need to carry around a Linux laptop, or a Chromebook. What are they going to do? Fine you for not having access to all the accounts on your machine? Or fine you for using your Chromebook in Incognito mode?

As to the traces of cocaine, I don't think that's fair. Almost all US currency has traces of cocaine on it and I assume it's the same with Canadian currency. And if he carried cash in his bag, then obviously their spectrometer is going to find traces of cocaine in it. It would be weird if they didn't.

As to the $5,000 cash (whether it's US dollars or Canadian dollars), I don't see why that's even relevant. It's well under the legal limit and a drug mule would probably carry 50+ times that amount anyway. What do the Canadian authorities want anyway? If they tell their Canadian citizens not to carry cash when crossing the US border, US border officials will find that suspicious and may turn them around back to Canada. It's going to be damned if you do, or damned if you don't.

Fake "Panic" keys

[DatbeDank]

Sounds like a good feature for Alfresco would be a fake PIN or password that sends you to a dummy account with minimum if anything available. Android already supports multiple user profiles, maybe treat the lock screen as a log in as well.

Re:Fake "Panic" keys

[omnichad]

That seems like a tedious way to go about it. Why not just delete the encryption key so it's over instantly?

Re:Agents?

[c]

No, no, it's Canada. They just keep repeating questions and commands, but without "please" or "sorry".

Canadian Border Guards...

[__aaclcg7560]

I had a coworker who went to Canada on business. Because he looked like a goddamn hippie with blond hair in a pony tail, he expected trouble at the border. When the border guard gave him the evil eye over his passport, he handed over his honorable discharge papers from the U.S. Army. The border guard let him through without further incident.

Re:Canadian Border Guards...

[tdailey]

She was giving answers to questions that were not being asked.

Don't do this. They'll suspect that you're trying to fluff your answers with distracting information. Roll down all windows when you enter the inspection area. Especially if you have passengers. Only answer questions that are directed to you. Most questions will be asked to the driver of the car. But when they ask the passenger directly for what citizenship they are or in what country they were born (not always the same answer) don't attempt to answer for them.

Re:Canadian Border Guards...

[SuiteSisterMary]

I'm a Canadian who once went on a day trip to Buffalo, NY on a lark with two of my daughters.

I myself look like a goddamn hippie with blond hair in a pony tail. I expected to get grilled like fuck for being a single man with two cute little girls in the back seat.

US Customs guy just pointed out that I hadn't actually signed my passport, that I should probably do that, and to enjoy my visit.

Guess what? You don't hear about the millions of people who don't get hassled at the border. You hear about the one who does.

Re:Canadian Border Guards...

[thegarbz]

I flew to Canada once and I look like a perfectly normal face of white privilege. What I wasn't prepared for was ... questions. Like actual probing questions. Actually to be fair I wasn't really prepared for Canada at all because the exchange went like this:

Guard: What are you here for?
Me: Holiday.
G: What are you doing on holiday?
M: (thinking wtf?) Skiing with a friend.
G: Which mountain?
M: (WTF?) I don't know you have a lot of them.
G: You're going skiing but you don't know where?
M: My friend lives here I assume he knows.
G: Where's your friend live?
M: I don't know, somewhere near Vancouver.
G: Do you know the address?
M: No.
G: What's his name and phone number?
M: *says name* and I don't know his phone number.
G: You don't know know what you're doing here, your friend's address, or his phone number? Just how are you going to meet him?
M: Well I'm hoping he's just through that door *pointing towards the customs exit*.
G: If he's not?
M: I'm going to get my laptop out, find some internet access, open up gmail and write the nastiest email with the worst possible language I can think of hit send.
G: ....
M: Then I'll have lunch and figure out the rest from there.
G: *Starts laughing, hands me my passport and points towards the customs exit* Enjoy your holiday.

That disorganised chaotic start really set the tone for my entire make it up as you go holiday.

Re:Canadian Border Guards...

[torkus]

I've gone into Canada a handfull of times over the last year and had similar.

They customs agents going into Canada typically ask some pointed questions - nothing onerous but things that usually catch you off guard. It's enough to throw someone actualy doing things wrong for a loop and give them easy justification for a detailed search/etc.

I'm going on vacation to visit a friend...i'm invarilably asked either who are they/name, where I know them from, where i'll be staying, or what we're planning to do.

The one time I said I was on business they wanted to know who i worked for, who i was meeting, where, etc. which was amusing since I have a Canadian office for my own company I was going to and two dozen people to meet with. She didn't really care, but was testing to see if it was a basic story/lie of if there were some facts behind it.

It's acutally proven psychology (though it requires *gasp* training) and probably 100x more effective than the rape-i-scan machines are for preventing Bad Things from happening.

Re:Canadian Border Guards...

[SvnLyrBrto]

Well, when the BP/INS/TSA/customs/whatever goons do their jobs correctly and respectfully and don't falsely accuse you, either explicitly or implicitly, of wrongdoing or otherwise abuse their "au-thor-i-tah"; it *shouldn't* be a noteworthy occasion to be reported on. That's the way it should occur every... single... goddamn... time!

When they harass, wrongly accuse, or in any other way abuse their position; they bloody well should be taken to task and not just be publicly vilified, but professionally punished as well.

Re:Canadian Border Guards...

[SvnLyrBrto]

Well, there should be a corollary to the axion that "power corrupts"; along the lines of "positions with power attract the corrupt who wish to abuse it.". I find both to be equally true.

Re:Canadian Border Guards...

[Vadim+Makarov]

The first line of Canadian border guards is trained to ask unexpected and misleading questions. The first few times I went through without a problem, as I naturally engaged in the conversation and, probably, showed expected surprised reactions to the probing. That would be like the grandparent poster explaining how'd he find his friend.

After a couple years I got tired of the game and answered, but shortly. Like: - What are you doing in Canada? - I live here. - Where do you live? - Waterloo. - What do you do in Canada? - See my residence permit, it says I'm a spouse of a student. That's it. - Do you work? - My residence permit does not require me to work, sir. - (starts getting annoyed) Are you working? - Yes. - What do you do? - I'm a university professor. - What do you teach? - My contract does not require me to lecture. I do research. (I later learned to skip this one. Professors teach, everyone knows that.) - What do you research? - Physics. - Where are you coming from? - (name of the country I've been on the flight from). - What did you do there? - It was a business trip, sir. - What business? - University business, sir. - Are you bringing any goods with you? - No sir, just as I have stated in my declaration. - Why? - It was a business trip sir, I did not have time to buy.

After the above, I usually ended up in the immigration office, then a full customs search of my bags. The immigration office would admit me, sometimes with a farewell statement "You are not (sounding) frendly. But that's okay".

Eventually I decided to find out what was triggering the searches, and whether I was at a real risk of not being admitted home after one of my numerous business trips. I requested at the first check to be routed to the immigration, and had a long conversation with the immigration officer. I asked to clarify things. The Canadian officer asked me lots of questions, explained the law permitted them to deny me entry (because I didn't have permanent residency) but they saw no reason to do that, and stamped my passport. Then the female officer switched language and told me in clear Russian, which I translate here: "When a weird-looking bloke in a t-shirt with long hair and discheveled beard says he's a professor, we have to investigate". Well, these reasons are not something I can fix :).

This is the only country where I'm regularly interrogated at the border. In Europe and the rest of the world, the guards either silently look at my visas and ask nothing, or ask 1-2 quick questions about the duration and purpose of the trip. Customs have never been interested in searching my usual luggage. To me, Canada is a stark contrast to the rest of the world.

The ensuing case will be dismissed

[nightfire-unique]

In Canada, under sections 7 and 11(c) of the Canadian Charter of Rights and Freedoms, Canadians have the right to remain silent during both interrogation and trial.

Open and shut case here.

Re:The ensuing case will be dismissed

[cdrudge]

Is that settled case law in Canada where not revealing a password is filed under the right to remain silent? Here in the states there have been multiple cases, under different circumstances, that go both ways regarding key disclosure laws.

NEVER give out your passwords

[TheDarkMaster]

Never, ever give out your passwords to any "law enforcement" (the reason for the quotes will be clear)

- It's ridiculously easy to plant evidence on a cellphone or PC;
- Your password can be used later for industrial espionage;
- There is no guarantee that the law officer would really be a law enforcement officer or that he is honest and therefore not going to use your passwords for dishonest activities;

Re:NEVER give out your passwords

[Archfeld]

This just follows the old saying never volunteer anything. There are procedures and policies in place both to protect your rights and to ensure the validity of any investigation. Make sure that they are followed to the letter.

I back my device up everyday. I'd really like an app that would allow me to volunteer a 'password' that would institute a full device wipe should it be invoked, that way I could 'comply' with the demand while not compromising my data at all.

Re:NEVER give out your passwords

[rahvin112]

Failure to allow US Customs access to your electronic devices is grounds for them to seize the device. Just a warning.

Re:NEVER give out your passwords

[Altrag]

Or just don't store suspicious things on your phone. There's plenty of cloud storage services out there, not to mention you can just setup a file host yourself in whatever country you feel like.

I mean if you have a legitimate worry about them trying to plant evidence on your or something then sure, just giving them access to a clean phone could still be problematic.. but 99.99999% of people aren't important enough to warrant that level of paranoia.

Most of those border guards see thousands of people per day so unless there's some reason you think you stand out from the crowd (celebrities, politicians, etc.. or if you're already under suspicion for something technology-related) you probably don't have to worry too much about being framed.

Remember its as easy, if not easier, to plant physical evidence if they're just looking to frame you in general rather than for something specifically related to your phone or online presence.

Re:NEVER give out your passwords

[TheDarkMaster]

A bit of context: Here on Brazil the verage Joe (you, me, etc) do not really have rights, as we say here "lei no Brasil é só para inglês ver" ("law on Brazil is just make-believe"). If you cross the path of someone rich/powerful you die or they make your life become a hell, but as is necessary to maintain the illusion of a democratic/civilized country so they make laws like that of the US customs and then plant evidence (or worse) for you to be considered a "dangerous criminal" and so you can be "disappeared" without too many questions.

Point is, you do not need to look suspicious, you just need to pass in front of an "authority" that is in a powertrip.

Re:NEVER give out your passwords

[Archfeld]

I'd like to give the appearance of cooperation. Whether right or wrong, I prefer not to spend the day in custody, and even if they are out of line, Customs and Border patrol are one of the last places where even if you are right, you will still lose fighting them in the short term for sure. I live in AZ and going to and from Mexico frequently has taught me that lesson the hard way. Four hours at the border getting vetted and undergoing repeated questioning, only to be released in the end is still a huge pain in the colon. If I had a 'password' that I could supply them at their insistence that appeared to work but actually wiped the device clean I could make a case for having cooperated to the letter of their request.

Re:NEVER give out your passwords

[Whorhay]

Wiping the device would be risky if you want to give the appearance of complying. Better would be an alternate password that gives them access to a dummy account that is good enough to look legit while not containing or giving access to content owned by the main profile.

Traces of cocaine?

[Bruinwar]

Are traces of cocaine the same as the "we smelled marijuana"? Was the cash found first, then they somehow found some "traces of cocaine"?

Re:Traces of cocaine?

[rahvin112]

Considering there is research indicating that almost all US currency has traces of cocaine on it then it wouldn't be very hard for them to claim that.

Good!

[Murdoch5]

Don't provide any password to a border agent, or really anyone who doesn't need it.

My company is currently in the process of designing a special TPM style product that makes it very near impossible to enter a devices without being the one intended for reception. Well solutions like this do exist, ours is going to be fairly open, cheap and allow it to interface to almost device to which someone can write a low level kernel based driver. With our device, it makes it impossible to access the contents of anything on the device under encryption due to how the data is stored and decrypted. Without access to the exact key which is paired to the device under encryption, you may as well wipe the device because except in exceptional cases, where multiple keys are warranted, there is no other way in the device under encryption.

I'm bringing this up for this exact kind of situation, well traveling you can keep your data fully encrypted, have one of our keys at home, with the data it encrypted being unavailable physically until you arrive home, and you could carry a second key which can decrypt any data marked for use between the two keys or just the data encrypted well traveling, with the only way to view the date, to be in possession of a key physically, think very small USB thumb drive.

If the border needs access, they can get access themselves. You're not stopping them by giving your phone, and you're not stopping them by refusing to give up a password or encryption key, you're simply protecting your right against possible self incrimination, and if the border patrol is actually qualified in the first place to do a job that would be require decryption information on a phone, they should be able to do it regardless of what you put on it. I know that's a ridiculous statement, but it works. You shouldn't have to provide access to your personal data, to anyone. If anyone wants access, they can get access themselves without you.

I even once gave the border an entire database encrypted with our key solution, told them how it was encrypted and that the key for decryption was already sitting at an office in the US, so even if I wanted to get the data, I couldn't, they had no choice but to let me travel. You're not blacking anything by refused to decrypt data or let them into the system. In our case, we're going to the Nth degree and making it a physical problem, where it doesn't matter if you know the password, because it's point to point tied down.

I support anyone who refused to give up access, it's the right thing to do, the access isn't theirs and if it is, they can enter it themselves.

Re:Good!

[SvnLyrBrto]

A company I used to work for had a system such as that. Whenever anyone travelled, they were issued a temporary laptop, with two partitions on the HD. The first was unencrypted and contained the OS, some basic applications (but critically, NOT email), and a VPN client. The second was encrypted and contained the important applications and any company data. We'd bought a solution such that the user never had the key to decrypt the other partition. Rather, he'd VPN in, and the key would be provided over the tunnel, stored in RAM, never paged out to swap, and used to access the encrypted data. By some voodoo possible with XP but not Vista and above, (And no, I have no idea what solution they switched to after the upgrade to 7.) if the VPN client quit or termed the connection, the key would be removed from RAM and the data drive once again would become so much gibberish. IT was simply informed of the travel arrangements and suspended the employee's VPN access for the duration and until they were safely checked into their hotel or field office. So there was no way the the Airport SecurityGoons could get access, even if the employee were beaten with the $2 wrench from that xkcd cartoon.

Laptops are cheap... trivially so... compared to the data that they contain. That data belongs to the company. And if the ASGs think they have a legitimate need to see it; they can goto a real LEO who can goto a real judge who can issue a real subpoena; which company could and would fight. Otherwise, they can go piss off.

Other ones

[SuperKendall]

I figured he must have been sitting in a boat being towed in.

Or else the agents were all women and the submitter badly misspelled "broad".

Re:There goes the Canada option...

[Kierthos]

With Trump as the Republican nominee, I don't think we need to worry about that for another four years.

Re:Meet the $5 wrench

Why are duress passwords not a standard feature at this point?

Because they are useless once the party causing the duress becomes aware that such a thing exists.

Agent: "Give me your password"
You: "Here you go"
Agent: Clubs you with a wrench. "Give me your REAL password, smartass"
You: ...

Well, the concept behind a duress password is that they have to actually try the one you give them to verify it, and once they enter a duress password further attempts to get a real one are useless. (note, there's no reason you can't have arbitrarily many duress passwords, so they'll never be sure that the Xth unique password you divulge is the real one.)

If the duress password summons the authorities or destroys the device than, asking for your password is pointless as they know that even if you do give them the real one they won't be able to verify that without risking the device's destruction, or exposing their attempt.

The problem arises when the people breaking in ARE the authorities, as then they don't care if the phone calls the cops, and they will nail you with obstruction and destroying evidence if the device self destructs. In that case it's safer to try the "I forgot" or "I plead the 5th (or local equivalent)" gambit.

Re:Meet the $5 wrench

[magarity]

Agent: Clubs you with a wrench. "Give me your REAL password, smartass"
You: ...

That's why my password is "I'll never tell, you bastards!"

Re:Meet the $5 wrench

[JohnFen]

Better be sure whatever you are protecting is worth your life or your freedom because that's what it might cost you.

What you are trying to protect is your freedom. If you're going to lose it one way or another, it seems better to lose it by standing up for yourself.

Re:Meet the $5 wrench

[bankman]

*smack* "Where's the comma!" *smack*

Re:Carrying cash has been a crime for a century

[tripleevenfall]

I don't know why there isn't some sort of a feature like a bogus password I could give to someone that would appear to show a plain vanilla OS installation - just my contacts and some fake innocuous texts. No email access or apps beyond a standard load of fake ones.

A password that wipes the device would be helpful, but one that betrays nothing while still giving the illusion of compliance would be more helpful.

Re:$5K is just fine

[gordguide]

They might have confiscated the cash, but then would have had to prove in court that the money was proceeds of crime. Failing that, they would have to give the money back.

You don't have to declare any amount of cash below $C10,000, so I'm not sure what grounds they would have to confiscate the money, but they might have wanted to harass this person, and in that case deprive him of the money for a few months until the courts ordered it returned.

As for the cocaine residue, it's not illegal in Canada to have used drugs while visiting another country. The ion scanners they use can detect and identify extremely minuscule traces of many substances (not just drugs) but that does not mean the quantity would be enough to lay a charge. An ion scan, by itself, is not admissible evidence; you need a more definite test from a crime lab, which requires a larger quantity.

Really, the fine is essentially the only form of official sanction they had at their disposal. The only interesting part is they used it.

The OP wonders if he offered the password as well as received the fine. I seriously doubt it ... there are no misdemeanor charges they could have offered to plea down to, and they didn't drop the charge, so I'm pretty sure he kept the password to himself.

If he hadn't, there would not be a story in the first place, I suspect the charge would have been stayed (dropped, but can be re-introduced within one year) or dropped entirely (cannot be charged again with the same offence for the same incident).

Re:He Pleaded Guilty

[jedidiah]

5K really isn't that much money either in terms of drug transactions or in general. The notion that it is, is why so many people end up victims of forfeiture. Unwitting dupes continue perpetrating the myth that cash equals drug dealer.

Re:He Pleaded Guilty

[NotAPK]

I agree. There seems to be a "war on cash". Unsurprising considering the banking industry benefits from every single transaction.