New US Customs Guidelines Limit Copying Files and Searching Cloud Data

The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."

I knew it!

Hah! I knew it! Trump is a xenophobe who hates immigrants! Oh, wait.

Re:I knew it!

[vux984]

"Nothing to do with immigrants. Trump just doesn't want his family members cloud accounts searchable when they cross the border." ... is what I would say if I wanted to somehow associate it with Trump.

In all liklihood this has nothing to do with Trump and has probably been percolating up through the system for a while now and has nothing to do with any president past or present.

Because they already have access

They don't need new access to the cloud because they already have full access.

erase before entry

[dmitrygr]

I've been asked by them to unlock my phone. I happily do. Same for laptop. This is because, expecting this shit, I SCP all the things I care about to me home computer before returning to USA and erase my laptop and phone. They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.

Re:erase before entry

[BrookHarty]

> They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.

Yeah, thats a red flag for "I like cavity searches"

Re:erase before entry

[cfalcon]

You just tell them you always wipe your shit in case it is stolen in transit. It isn't false just because one government or another is the most likely thief, it's a 100% true statement.

I don't think erasure is always going to work if they plug stuff in, but the newest phones at least have a key that everything is encrypted with that can be wiped. It's still a risk. On a computer of course, you can be pretty safe if you delete an encrypted partition and overwrite with zeros or whatever pattern your religion dictates.

Re:erase before entry

[dgatwood]

Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it. So apart from catching the most incredibly stupid criminals (who would probably get caught for other reasons even without this search), the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

Re:erase before entry

[shadowknot]

Starting a reply to a post that ends "cavity searches" with a sentence about wiping your shit creates an unwelcome mental picture. :-P

Re:erase before entry

[networkBoy]

boot a plain jane windows partition with nothing of consequence on it for customs.
Plug in a USB key with a bootloader and boot a second partition that has been encrypted and has all your real files.

Customs isn't going to check disk manager and ask why you have all this "unpartitioned space" at the tail of a 20 gig or so boot volume.

USB key can be cleanly erased after last protected access is needed and prior to customs activity, just format and load with vacation pictures to overwrite previous data.

Perfect plausibility; highly unlikely to raise flags, etc.

In my case I have a travel phone that I use (nexus5) and I delete any apps upon heading through a border. I have unlimited data, so I can just re-download whatever app after the crossing.
Phone sees regular secure erasures as normal operation.

Re:erase before entry

[geekmux]

...the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

99% of Americans couldn't recite the fourth amendment if it was tattooed on your forehead when you ask them.

I find it rather bizarre that you assume otherwise. Obscene ignorance has created rampant abuse.

Re:erase before entry

99% of Americans couldn't recite the fourth amendment if it was tattooed on your forehead when you ask them.

Duh! It would be backwards. Ain't nobody can read backwards.

Re:erase before entry

[rogoshen1]

things like DUI checkpoints and implied consent laws started this bullshit trend years ago :(

in before the chorus of "but driving is not a right.. yadda yadda". That's a complete fig-leaf, and just opens the door to further encroachment on the 4th and 5th

Re:erase before entry

[mark-t]

That would suggest that one of the best ways to convince a border guard you don't have anything that you are specifically not wanting them to discover is to turn off the secure unlock option on your phone just before passing through a security checkpoint, and then turn it back on once you are through everything.

Since, as you said, anyone who would have something to hide would not carry it unencrypted, you are likely going to get through faster.

Re:erase before entry

[war4peace]

Only if the shit is lost in transit. Otherwise he doesn't wipe it at all. Skid marks all over the place.

Re:erase before entry

[Obfuscant]

USB key can be cleanly erased after last protected access is needed and prior to customs activity

If you don' t need access to that hidden partition anymore, why not just remove it?

just format and load with vacation pictures to overwrite previous data.

Just load a partition on the USB stick with vacation pictures and leave the boot stuff alone. It is unlikely customs is going to try to boot from your USB stick, so all they'll see is vacation pictures. Or make the default boot on the USB be the plain windows partition on your hard drive, and if you want to use the hidden one stop the boot and edit the command line to boot it. Or just use grub and stop the normal boot on the laptop to edit it to boot the hidden partition. When customs turns on the laptop they'll boot into the vanilla windows.

Or they may be smarter than you think and know to look for hidden partitions and apparently unallocated space on a disk. One of the digital forensics books I read a few years ago talked about that trick to hide data, so I expect the forensic toolset it recommended would raise a red flag even if they couldn't immediately boot into the sensitive information.

Re:erase before entry

[networkBoy]

True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise.
As to the boot key, sure, but I was going for dead easiest:
key in boots secure
key out boots decoy
to clean up shop in a jiffy: boot decoy, insert and format key, move folder of pics over to key.

Re:erase before entry

You have no idea the stupidity of people. No, this won't help against the KGB, but it will work against a surprising number of violent terrorist.are not as smart as they think they are.

Re:erase before entry

[AHuxley]

Re 'Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it."
People actually do lie to enter another nation and attempt to say they are not supporting and funding banned groups.
Images, messages, contacts, of the person supporting and funding such banned groups then gets discovered.

Re "who would actually have something to hide"
Some cults and faiths see the support for such banned groups as part of the faith and people carry their faith with them.
The images of meetings, protests, banners, slogans, books, messages of support for past actions.

When entering a nice normal nation they lie and present as not been a supporter. Their digital life shows the truth.

Re:erase before entry

[AHuxley]

That just makes the person more interesting to the CIA, NSA, GCHQ, FBI and local law enforcement.
If most people have a lot of digital files they can show of their holidays, work, kin, fun, hobbies, art, food, culture why do a few feel the need to travel with no files?

Re:erase before entry

[AHuxley]

Encryption can be detected using gov and contractor software. A request for full decryption could be made in some nations.
A "plain jane windows partition with nothing of consequence on it for customs" as the only files would be good.
Add some holiday images of sunsets, food, art, culture, museums to show the computer was in daily use.
Any deeper search for any attempts at encryption would then find nothing.
A person with a holiday computer is just like most other people.
A new OS with no files is different.
The use and discovery of encryption could start the formal and direct request to decrypt in some parts of the world.
Return to the USA with a normal computer, average file system and a few fun holiday images.
Just another normal computer.

Re: erase before entry

A cavity search requires permission from a port director, and a serious probable cause. You will be Xrayed before the search and taken to a medical facility. As long as your stuff is encrypted, and you dont give up the password, they really can't do much. They can threaten to keep your stuff. Smile, ask them for a signed receipt, their ID number and an SF95 claim form. If they refuse, ask to speak to the chief on duty.

If your stuff is encrypted with AES they will threaten, they'll say they're going to keep the device or keep a copy of the data on it. Then they'll say that their tools can hack it. It's bluster. Customs cannot break AES. If your device is asking for the encryption password, not the regular unlock code, even Cellebrite says that they won't be able to do anything to break it. If your device is decrypted and at a regular lock screen, chances are that they will be able to read it.

Re: erase before entry

That is such bullshit.

Every single time law enforcement has gone up against strong encryption, they have failed. "Request for full decryption"? How about a request to pull your head from your ass. AES 256 is still cleared for Top Secret material. There are other algorithms waiting behind that.

These are mostly people who run commercial script tools against a device. Their training is in the device, such as Cellebrite. They don't use FTK or some other forensic toolkit. They aren't trained to look at unusual slack space or disk allocation patterns. They certainly aren't going to break anything more complex than ROT13.

Take your conspiracy theories somewhere useful.

Re: erase before entry

[AHuxley]

AC Re "Every single time law enforcement has gone up against strong encryption, they have failed."
All law enforcement has to do is show encryption was used.
A contractor will be happy to scan any storage for the use of encryption.
The person of interest is then asked to decrypt.
No need to "gone up against strong encryption", the person been questioned will be asked to decrypt.
If they say no, demand rights, want a lawyer then some nations pass that person to their law enforcement.
Another more direct and formal request for decryption.
After a while the lack of help with decryption after some time begins to show criminality and that has prison time.

AC recall "Forensics Tool Finds Headerless Encrypted Files" (May 01, 2009)
https://hardware.slashdot.org/...

Re:erase before entry

[TheGratefulNet]

ok, what if you travel with a chromebook?

those don't use local storage, or at least they are all about 'the cloud'.

and the new rules say they can't mess with your cloud data.

I don't love chromebooks (don't love google) but this may be the way around all this BS.

"my data is in the cloud. my pc is just programs. sorry. that's how google designed this system"

and its true, too.

chromebooks are $150 or so. almost throw-away money. and if they decide to keep your chromebook, well, its not your main laptop, so its much less of a worry.

Re: erase before entry

Wow!

In some counties... we are talking about the United States of America still, right?

A reference to a tool that isn't actually needed to identify an encrypted file.

I'm impressed! You must know a lot! About what I have no fucking idea.

Use of encryption is not a crime in the US.
Customs can ask, but not dictate that you enter a password or decrypt something. The worst case is that they seize it on flimsy claims and you get to file some paperwork to get it back or a refund for your the value of your stuff.

If they turn you over to law enforcement, great! The other agency will understand the constitution better than customs.

Re:erase before entry

[AHuxley]

Re "those don't use local storage, or at least they are all about 'the cloud'."
Some nations will just demand access and start to copy out all files, search for contacts of any account they find.
If the "data is in the cloud" "book" is the first account that shows up during a search then that will have to be ready for inspection.
Enter the pass word and the inspection/interview/chatdown can go looking into all files.
Some nations take their time with comments like "rights", "lawyer" "embassy" during a longer interview and just want to get back to that request for a password.
Re "mess with your cloud data."
Depends who also has the right to look into that "cloud" product for images and files. It might not just be the "trusted" cloud provider in some nations.
Law enforcement could be all over the cloud in some nations as part of ongoing image matching database support.
Domestic law enfacement already has every file on some cloud systems referenced in some nations.
Police network searches of the cloud as part of getting a "free" cloud. Every file on the cloud cross referenced to any file that turns up during that nations police work.

Re: erase before entry

[AHuxley]

AC re "The worst case is that they seize it"
Then the use of encryption is discovered by contractors later.
Why is a person returning to the USA with an encrypted fie system? What is in the files?
What kind of encryption is been used? Consumer grade that is junk? Can another agency decrypt?
That starts a lot of questions that might not just stop when "paperwork to get it back or a refund".
That person who feels the need for so much good encryption is now interesting. What are they doing in the USA? What did they do in another part of the world that needed encryption? What did they do over the years?
The need for encryption is a nice way to find out someone is interesting even if they get a "refund" or their "stuff" back later.
The next holiday, business trip? US law enforcement might suggest another nation interview that interesting person. They are watched and "randomly" selected for a search and a few questions. Law enforcement cooperation is great like that in the modern world. That nation might have a law that required decryption when asked.
The "Use of encryption is not a crime in the US." is then not such a problem as it might be a crime in that nation.
AC the really neat thing about US customs is that demand for "constitution" has been tested over many decades by many generations of very different people and their teams of skilled lawyers thinking they could prevent a search, not be searched, not be asked questions, block a US court from looking at what was found.
That they could lie to US customs...
The "constitution" is not diplomatic immunity when returning to the USA.
People still get searched after decades of trying to demand that they cannot be searched because "constitution" when returning to the USA.
Become a diplomat for another nation and then enjoy some protection.

Re:erase before entry

[AHuxley]

Re "True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise."
A brand new computer with hidden encryption would be discovered.
An old computer will not hide the use of hidden encryption.
A new OS on an old computer with no user files is also too different from average users.
Have something very normal to inspect. Work files that are allowed to be worked on during a holiday. Holiday images and video clips. Just remember to remove all camera data from the "edited" photography. Software can be set to remove all such dat when saving a new file. GPS and camera data in any file is always collected and considered. The nation/s a person said they visited might not be the same as what the image GPS showed.
Interesting people often forget just how much location data is in some modern image files when they claim to have only been to a few very boring nations.

Re:erase before entry

[buss_error]

I've been asked by them to unlock my phone. I happily do.

I just tell them that since I do not own the devices (my employer does), I would be committing a felony to allow them access.

Things escalate, threats are issued. I tell them that even if I give them access, they are committing a felony, (CFAA - access without permission)

Things escalate, more threats are issued. Then I cave in. Here's the passwords and tokens.

They log in, see nothing but fetish porn (gotta give them SOMETHING they see, otherwise they just keep digging), no email (web based, and carefully cleared from cache), and no external storage, and a few fake memos with lurid read warnings "COMPANY CONFIDENTIAL".

Once I get where I'm going, I wipe the system, load from known clean ISO, log into my cloud storage, download an image, and reburn.
When I'm ready to depart, reverse the process.

It's not that I have anything I know to be illegal, it's just that there are so many laws, I'm sure they could find a way to bend it if they want to. Besides, I find it offensive to my sense of fairness to be searched without probable cause.

Re: erase before entry

Dude... seriously where are you from?

Android has implemented AES 128 since inception. Not top secret, but pretty far from junk. Veracrypt and its predecessor Truecrypt have been out in the wild for a decade. If you don't trust AES, throw Twofish or something else at your filesystem. I seem to recall some traitorous prick saying "trust the math."

Either way, some customs drone, being paid GS7 wages for his third double shift this week, throwing USB cables from a cellebrite or similar system isn't going to do anything real. If he manages to copy your stuff and actually get a valid image to a paid contractor, what's he going to do? Brute force? They aren't going to water board you for your passwords. Your illusions of the surveillance state are hilarious. Nobody has the time or money to watch you. They certainly aren't going to pay to break your stuff with a supercomputer if you're not already on the naughty list.

Re:erase before entry

[mapkinase]

Is it possible to set an application that imitates this on startup and a secret key to bypass it?

Re: erase before entry

Everything is a crime in the USA if US authorities want it to be. Don't be naive.

Re:erase before entry

things like DUI checkpoints and implied consent laws started this bullshit trend years ago :(

Is there nothing that self-serving cars won't fix? Come on, future.

Re:erase before entry

That's just a movie-plot threat. I would challenge you to provide a real-world example. To quote Bruce Schneier in 2012, "In the entire decade or so of airport security since the attacks on America on September 11th 2001, the Transportation Security Administration (TSA) has not foiled a single terrorist plot or caught a single terrorist." The TSA has no legitimacy to assert that a particular measure is effective without providing a concrete example, since no measure they've claimed in the past is useful has actually been effective.

I can assert that people do actually do anything. That doesn't make it true.

Re:erase before entry

[Opportunist]

Yup. That's how you do it.

Seriously, throwing your hands up and squealing "Yay! Go, big boy, do your job and search me!" kinda pisses them off.

Re:erase before entry

[AHuxley]

AC re "foiled" or "caught"
Why would any nation tell the world of their new methods and years of law enforcement parallel construction.
Let the wider world keep guessing as to US security and its new methods? No trial, no methods have to be given to human rights lawyers to tell faith groups and cults about changes to US investigative methods.
The methods just keep working and the media can keep guessing at US security.
An airport is a digital and an investigative trap. Chat downs, questions, searches and investigations before been allowed to enter the USA.
Images of every face, voice prints, chats about needing a rental car, chats at hotels, motels, taxi/car services with camera/mic? Free wifi at different locations. Cell phones been linked to voice prints, faces and what phone service.
Images and digital collection on all the people with people arriving/leaving the USA. Their voice prints, faces, licence plates.
Why tell people about what is done by informing their lawyers after been "caught"?
Nobody would have to know about what was done in the USA or before getting to the USA. Let the interesting people keep asking their human rights lawyers and keep reading the media for hints of US methods AC.
Nothing will be in court or published about how US security really works. Anything mentioned will be fake/bait/a trap/part of an investigation to see who repeats/shares/links the "released" news on US security methods.

Re:erase before entry

This seems ripe for an "enema of the state" joke.

When have guidelines/laws stopped DHS

They'll do whatever they want and there is nothing you can do or say about it if you want to travel. We should just end DHS altogether.

Re:When have guidelines/laws stopped DHS

[Attila+Dimedici]

Laws are one thing...guidelines written by the guy who decides whether the department's lawyers will defend you when somebody sue or if perhaps they should refer you to the Justice Department for prosecution is something else entirely.

So stupid.

What the fuck are they looking for? "My plan to blow up the Whitehouse.doc" sitting on the desktop?

Re:So stupid.

[cstacy]

What the fuck are they looking for? "My plan to blow up the Whitehouse.doc" sitting on the desktop?

Terrorists may be just as inept at PC security ops as your average office worker, or even your average person who works at the DOD. (I think you know how that goes.) But also, perhaps cookies that can provide information needed to subsequently retrieve Google Maps history. Or FB identities. Or maybe just some downloaded material or email with something "interesting" on it that can be analyzed later, or used on the spot to indicate probable cause.

I'm not saying I like it, just answering your question. You realize that the UK and Canada do this also. Not sure about most other countries offhand, but probably most of them do it when they feel like it.

Re:So stupid.

[Alain+Williams]

What the fuck are they looking for?

Some, unwise, people will take across things like porn - which provides an excuse for "advanced" search; but that is otherwise of little interest. They are unlikely to find terrorist training manuals or plans to blow up a shopping centre and most people will think that if they don't have stuff like that then all will be OK. But border guards do more than that; individuals might be targeted for a search because of who they work for, any commercial information could be useful to their USA competitors.

Many do not realise quite how hard it is to remove things of interest from a machine. OK: remove documents, images, etc that you don't want them to have, but that is not good enough: browser history can be interesting, desktop thumb-nails, system logs, ~/.ssh/authorized_keys ... all have their tale to tell. The only safe machine is one that it wiped and freshly installed.

Re:So stupid.

[chuckugly]

A guy I know was thoroughly searched because he lived in the Philippines for several years and they quickly found some bikini pics of his Filipina wife on his iPad. Normally having pics of your wife on a personal device isn't criminal but it took him over 12 hours to get his gizmos back and get back to travelling. Maybe they just liked looking at his wife.

Not good enough

These guidelines are written in pencil. CBP can change these guidelines whenever they want. I agree with the intent of restricting searches, but CBP really can't fix this in a truly satisfactory manner. A significant improvement would be for Congress to pass a law that limits the ability of CBP to conduct searches. It's better than a policy change by CBP, because there's more scrutiny and debate over legislation than of internal policy changes. Nonetheless, it's still written in pencil, and subject to being reversed. A Supreme Court ruling would be better yet, because it would establish precedent that can't so easily be reversed. I'm in favor of amending the Constitution to extend fourth, fifth, and sixth amendment rights to ports of entry.

"other articulable factors."

[war4peace]

My beard is longer than 5 cm. I guess I'm fucked.

Re:"other articulable factors."

[cfalcon]

> My beard is longer than 5 cm. I guess I'm fucked.

Given that you didn't give that in inches, I concur! Everyone knows a cm is a commiemeter.

Re:"other articulable factors."

[war4peace]

As an Eastern European, I guess I'm doubly-fucked.

I thought this problem was settled

[fustakrakich]

Don't people with sensitive personal files use burner phones and laptops to sidestep this argument? Why do people keep pontificating on it?

Everybody knows what needs to be done. Next opportunity comes in November. If you want change you have to *Sweep the House*.

Re:I thought this problem was settled

[cfalcon]

> If you want change you have to *Sweep the House*.

Of the remaining Democrats? That doesn't seem all that wise, but I understand how you could want to vote out all Democrats, given that they controlled the House, the Senate, and the Executive back in 2009, when the overbearing linked rules were put in place:
https://foiarr.cbp.gov/streami...

The current rules, put in place with a Republican House, Senate, and Executive Branch, are far better than the 2009 rules, as they prevent the search of cloud data, and establish standards for when an "advanced" search can be used.

Unless you mean to elect all Libertarians and Green party members, who will get rid of this routine and disgusting violation of the 4th amendment, I can't imagine why sweeping the house of its remaining Democrats will result in further privacy- the Republicans are apparently better at this than Democrats, but both fall far short of respecting our constitutionally guaranteed rights.

Re:I thought this problem was settled

I hope your post gets a 5 score. No lefties or righties will agree, but everything you said was true.

please: someone kill all these fucks

the 4th amendment shouldn't disappear at the border and it's just a bunch of bits anyway. i want all these people to die. why are these pieces of shit running everything.

For people travelling internationally with data ro

[CGordy]

How did the old implementation work in practice for foreigners? Due to extortionate data roaming charges (>$5/MB), I always disable data roaming before travelling. Does anyone have horror stories caused by the TSA enabling data roaming and racking up thousands of dollars in bills?

More reason for your own hosted at home "cloud"

Setup a freebsd/linux server at home, load something like owncloud and openvpn on it and install the owncloud and openvpn apps on your phone to do data syncs. Setup the syncing to backup everything of importance. Wipe the phone before you cross the border, resync on wifi once past the border. For all but the largest of data hoarders you could probably resync it overnight the 1st night in your hotel.

Re:More reason for your own hosted at home "cloud"

Also not a bad practice for the event your phone is lost or stolen.

Much better news than I expected

[dsoodak]

At first, I thought "New US Customs Guidelines Limit Copying Files and Searching Cloud Data" meant they were going to try to make it illegal to load data from the cloud onto your computer that wasn't there already when you passed through customs.

has anyone gone through one of these searches?

Hell I can't even find stuff on my own computer. Do they use some automated tool to do the search or just nose around a few folders?

Wipe Those Devices!

[kenwd0elq]

I'll never need to worry about this, because I no longer fly and will never again leave the country. But what's preventing you from doing a cloud backup of your device at the hotel before heading hope, and then wiping your device while you're waiting to come through customs? Then tell the customs agent that there's NOTHING on the phone at all. And you wouldn't even be lying.

Re:Wipe Those Devices!

I'll never need to worry about this, because I no longer fly and will never again leave the country.

Same here, except for me it is "I will never visit the country". Keeping my tourism money at home.

Giant Loophole

Section 5.3.4 basically says they can do a full image of your phone without any standard of suspicion and no due process.

N.B. WTF is it with the PDF of the new directive not containing selectable/searchable text? Its fucking 2018 and they can't even get that right? It's almost like they want to make it as hard as possible for citizens to read the new regulations.

Stupid..

[Bert64]

So if you're up to any suspicious activity, you just back up all your data to an encrypted backup on a cloud server located outside of the US and wipe your phone before you travel...
All this does is invades the privacy of ordinary people who desire privacy but don't have anything important enough to go to these lengths to hide it.

Its not an "Advanced" search

when you're dumb enough to voluntarily use the USB "charging" ports at an airport. Besides, you damn good and well they'll lie their asses off to get you to allow them to do an advance search through clever threats (*clears throat*), I mean wording.

They don't need to access cloud data

They already have some else doing it. Cough cough cough cough.

Re: They don't need to access cloud data

Dare we list the three letter agencies?

We don't need no steenkin rules

Besides they're just guidelines more than anything else!

I fly 25K+ miles a year.

I fly 25K+ miles a year.

I back up my phone, scrape the settings, and then do a factory reset/full update on it before I fly back to the US.

I have 3 different hard drives I install in my laptop: Work, Serious Work, and Travel. Travel is a "factory new, fully updated, innocent web-use" operating system installation with Firefox.

Don't use encryption. It attracts attention.

Fascist shit

Ah well as long as this fascist shit stays in place not travels to the us.

This makes it easier for them

Instead of keeping all your data password-protected on your phone, why not just upload it to our American cloud services where we can trawl through every bit of it?

Easy way around

[Shogun37]

Favorite Linux flavor on thumb drive. Load whatever onto laptop hard drive. Put thumb drive in wallet. Looks bad, but just use the "Don't want it stolen" excuse. Have I left something out?

border search

[ohgary]

Backup your files, factory reset your phone basic phone login, Restore on the other side. For your laptop a second drive with minimal image on it if they want to search.

Traveling...

I don't travel much (and it's always been for business reasons), and the last time I had to cross the US border was probably pre-2000. It boggles the mind that nowadays customs is allowed to force you to log into your computer or phone at all to search their content, and people are actually okay with that. I can absolutely understand searching someone and their luggage or even empty laptops shells, which can be used to bring physical harm to travelers, but looking at data? Piss of.

Until this bullshit stops, I'm *not* travelling to the US anymore - purely out of principle. I've let my passport expire after my last trip (I feel it was a mistake to get one in the first place) and I have no intention whatsoever to ever renew it.

Articulated Justification

The agent in question was able to articulate a reason for the search. The subject of the search:

1). Has hair, or;
2). Does not have hair, or;
3). Has socks, or ;
4). Does not have socks, or;
5). Likes Rock and Roll music, or;
6). Does not like Rock and Roll music, or;
7). Etc.