New US Customs Guidelines Limit Copying Files and Searching Cloud Data

The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."

Because they already have access

They don't need new access to the cloud because they already have full access.

erase before entry

[dmitrygr]

I've been asked by them to unlock my phone. I happily do. Same for laptop. This is because, expecting this shit, I SCP all the things I care about to me home computer before returning to USA and erase my laptop and phone. They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.

Re:erase before entry

[BrookHarty]

> They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.

Yeah, thats a red flag for "I like cavity searches"

Re:erase before entry

[cfalcon]

You just tell them you always wipe your shit in case it is stolen in transit. It isn't false just because one government or another is the most likely thief, it's a 100% true statement.

I don't think erasure is always going to work if they plug stuff in, but the newest phones at least have a key that everything is encrypted with that can be wiped. It's still a risk. On a computer of course, you can be pretty safe if you delete an encrypted partition and overwrite with zeros or whatever pattern your religion dictates.

Re:erase before entry

[dgatwood]

Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it. So apart from catching the most incredibly stupid criminals (who would probably get caught for other reasons even without this search), the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

Re:erase before entry

[shadowknot]

Starting a reply to a post that ends "cavity searches" with a sentence about wiping your shit creates an unwelcome mental picture. :-P

Re:erase before entry

[networkBoy]

boot a plain jane windows partition with nothing of consequence on it for customs.
Plug in a USB key with a bootloader and boot a second partition that has been encrypted and has all your real files.

Customs isn't going to check disk manager and ask why you have all this "unpartitioned space" at the tail of a 20 gig or so boot volume.

USB key can be cleanly erased after last protected access is needed and prior to customs activity, just format and load with vacation pictures to overwrite previous data.

Perfect plausibility; highly unlikely to raise flags, etc.

In my case I have a travel phone that I use (nexus5) and I delete any apps upon heading through a border. I have unlimited data, so I can just re-download whatever app after the crossing.
Phone sees regular secure erasures as normal operation.

Re:erase before entry

[geekmux]

...the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

99% of Americans couldn't recite the fourth amendment if it was tattooed on your forehead when you ask them.

I find it rather bizarre that you assume otherwise. Obscene ignorance has created rampant abuse.

Re:erase before entry

[rogoshen1]

things like DUI checkpoints and implied consent laws started this bullshit trend years ago :(

in before the chorus of "but driving is not a right.. yadda yadda". That's a complete fig-leaf, and just opens the door to further encroachment on the 4th and 5th

Re:erase before entry

[mark-t]

That would suggest that one of the best ways to convince a border guard you don't have anything that you are specifically not wanting them to discover is to turn off the secure unlock option on your phone just before passing through a security checkpoint, and then turn it back on once you are through everything.

Since, as you said, anyone who would have something to hide would not carry it unencrypted, you are likely going to get through faster.

Re:erase before entry

[war4peace]

Only if the shit is lost in transit. Otherwise he doesn't wipe it at all. Skid marks all over the place.

Re:erase before entry

[Obfuscant]

USB key can be cleanly erased after last protected access is needed and prior to customs activity

If you don' t need access to that hidden partition anymore, why not just remove it?

just format and load with vacation pictures to overwrite previous data.

Just load a partition on the USB stick with vacation pictures and leave the boot stuff alone. It is unlikely customs is going to try to boot from your USB stick, so all they'll see is vacation pictures. Or make the default boot on the USB be the plain windows partition on your hard drive, and if you want to use the hidden one stop the boot and edit the command line to boot it. Or just use grub and stop the normal boot on the laptop to edit it to boot the hidden partition. When customs turns on the laptop they'll boot into the vanilla windows.

Or they may be smarter than you think and know to look for hidden partitions and apparently unallocated space on a disk. One of the digital forensics books I read a few years ago talked about that trick to hide data, so I expect the forensic toolset it recommended would raise a red flag even if they couldn't immediately boot into the sensitive information.

Re:erase before entry

[networkBoy]

True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise.
As to the boot key, sure, but I was going for dead easiest:
key in boots secure
key out boots decoy
to clean up shop in a jiffy: boot decoy, insert and format key, move folder of pics over to key.

Re:erase before entry

[AHuxley]

Re 'Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it."
People actually do lie to enter another nation and attempt to say they are not supporting and funding banned groups.
Images, messages, contacts, of the person supporting and funding such banned groups then gets discovered.

Re "who would actually have something to hide"
Some cults and faiths see the support for such banned groups as part of the faith and people carry their faith with them.
The images of meetings, protests, banners, slogans, books, messages of support for past actions.

When entering a nice normal nation they lie and present as not been a supporter. Their digital life shows the truth.

Re:erase before entry

[AHuxley]

That just makes the person more interesting to the CIA, NSA, GCHQ, FBI and local law enforcement.
If most people have a lot of digital files they can show of their holidays, work, kin, fun, hobbies, art, food, culture why do a few feel the need to travel with no files?

Re:erase before entry

[AHuxley]

Encryption can be detected using gov and contractor software. A request for full decryption could be made in some nations.
A "plain jane windows partition with nothing of consequence on it for customs" as the only files would be good.
Add some holiday images of sunsets, food, art, culture, museums to show the computer was in daily use.
Any deeper search for any attempts at encryption would then find nothing.
A person with a holiday computer is just like most other people.
A new OS with no files is different.
The use and discovery of encryption could start the formal and direct request to decrypt in some parts of the world.
Return to the USA with a normal computer, average file system and a few fun holiday images.
Just another normal computer.

Re: erase before entry

[AHuxley]

AC Re "Every single time law enforcement has gone up against strong encryption, they have failed."
All law enforcement has to do is show encryption was used.
A contractor will be happy to scan any storage for the use of encryption.
The person of interest is then asked to decrypt.
No need to "gone up against strong encryption", the person been questioned will be asked to decrypt.
If they say no, demand rights, want a lawyer then some nations pass that person to their law enforcement.
Another more direct and formal request for decryption.
After a while the lack of help with decryption after some time begins to show criminality and that has prison time.

AC recall "Forensics Tool Finds Headerless Encrypted Files" (May 01, 2009)
https://hardware.slashdot.org/...

Re:erase before entry

[TheGratefulNet]

ok, what if you travel with a chromebook?

those don't use local storage, or at least they are all about 'the cloud'.

and the new rules say they can't mess with your cloud data.

I don't love chromebooks (don't love google) but this may be the way around all this BS.

"my data is in the cloud. my pc is just programs. sorry. that's how google designed this system"

and its true, too.

chromebooks are $150 or so. almost throw-away money. and if they decide to keep your chromebook, well, its not your main laptop, so its much less of a worry.

Re:erase before entry

[AHuxley]

Re "those don't use local storage, or at least they are all about 'the cloud'."
Some nations will just demand access and start to copy out all files, search for contacts of any account they find.
If the "data is in the cloud" "book" is the first account that shows up during a search then that will have to be ready for inspection.
Enter the pass word and the inspection/interview/chatdown can go looking into all files.
Some nations take their time with comments like "rights", "lawyer" "embassy" during a longer interview and just want to get back to that request for a password.
Re "mess with your cloud data."
Depends who also has the right to look into that "cloud" product for images and files. It might not just be the "trusted" cloud provider in some nations.
Law enforcement could be all over the cloud in some nations as part of ongoing image matching database support.
Domestic law enfacement already has every file on some cloud systems referenced in some nations.
Police network searches of the cloud as part of getting a "free" cloud. Every file on the cloud cross referenced to any file that turns up during that nations police work.

Re: erase before entry

[AHuxley]

AC re "The worst case is that they seize it"
Then the use of encryption is discovered by contractors later.
Why is a person returning to the USA with an encrypted fie system? What is in the files?
What kind of encryption is been used? Consumer grade that is junk? Can another agency decrypt?
That starts a lot of questions that might not just stop when "paperwork to get it back or a refund".
That person who feels the need for so much good encryption is now interesting. What are they doing in the USA? What did they do in another part of the world that needed encryption? What did they do over the years?
The need for encryption is a nice way to find out someone is interesting even if they get a "refund" or their "stuff" back later.
The next holiday, business trip? US law enforcement might suggest another nation interview that interesting person. They are watched and "randomly" selected for a search and a few questions. Law enforcement cooperation is great like that in the modern world. That nation might have a law that required decryption when asked.
The "Use of encryption is not a crime in the US." is then not such a problem as it might be a crime in that nation.
AC the really neat thing about US customs is that demand for "constitution" has been tested over many decades by many generations of very different people and their teams of skilled lawyers thinking they could prevent a search, not be searched, not be asked questions, block a US court from looking at what was found.
That they could lie to US customs...
The "constitution" is not diplomatic immunity when returning to the USA.
People still get searched after decades of trying to demand that they cannot be searched because "constitution" when returning to the USA.
Become a diplomat for another nation and then enjoy some protection.

Re:erase before entry

[AHuxley]

Re "True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise."
A brand new computer with hidden encryption would be discovered.
An old computer will not hide the use of hidden encryption.
A new OS on an old computer with no user files is also too different from average users.
Have something very normal to inspect. Work files that are allowed to be worked on during a holiday. Holiday images and video clips. Just remember to remove all camera data from the "edited" photography. Software can be set to remove all such dat when saving a new file. GPS and camera data in any file is always collected and considered. The nation/s a person said they visited might not be the same as what the image GPS showed.
Interesting people often forget just how much location data is in some modern image files when they claim to have only been to a few very boring nations.

Re:erase before entry

[buss_error]

I've been asked by them to unlock my phone. I happily do.

I just tell them that since I do not own the devices (my employer does), I would be committing a felony to allow them access.

Things escalate, threats are issued. I tell them that even if I give them access, they are committing a felony, (CFAA - access without permission)

Things escalate, more threats are issued. Then I cave in. Here's the passwords and tokens.

They log in, see nothing but fetish porn (gotta give them SOMETHING they see, otherwise they just keep digging), no email (web based, and carefully cleared from cache), and no external storage, and a few fake memos with lurid read warnings "COMPANY CONFIDENTIAL".

Once I get where I'm going, I wipe the system, load from known clean ISO, log into my cloud storage, download an image, and reburn.
When I'm ready to depart, reverse the process.

It's not that I have anything I know to be illegal, it's just that there are so many laws, I'm sure they could find a way to bend it if they want to. Besides, I find it offensive to my sense of fairness to be searched without probable cause.

Re:erase before entry

[mapkinase]

Is it possible to set an application that imitates this on startup and a secret key to bypass it?

Re:erase before entry

[Opportunist]

Yup. That's how you do it.

Seriously, throwing your hands up and squealing "Yay! Go, big boy, do your job and search me!" kinda pisses them off.

Re:erase before entry

[AHuxley]

AC re "foiled" or "caught"
Why would any nation tell the world of their new methods and years of law enforcement parallel construction.
Let the wider world keep guessing as to US security and its new methods? No trial, no methods have to be given to human rights lawyers to tell faith groups and cults about changes to US investigative methods.
The methods just keep working and the media can keep guessing at US security.
An airport is a digital and an investigative trap. Chat downs, questions, searches and investigations before been allowed to enter the USA.
Images of every face, voice prints, chats about needing a rental car, chats at hotels, motels, taxi/car services with camera/mic? Free wifi at different locations. Cell phones been linked to voice prints, faces and what phone service.
Images and digital collection on all the people with people arriving/leaving the USA. Their voice prints, faces, licence plates.
Why tell people about what is done by informing their lawyers after been "caught"?
Nobody would have to know about what was done in the USA or before getting to the USA. Let the interesting people keep asking their human rights lawyers and keep reading the media for hints of US methods AC.
Nothing will be in court or published about how US security really works. Anything mentioned will be fake/bait/a trap/part of an investigation to see who repeats/shares/links the "released" news on US security methods.

Re:So stupid.

[cstacy]

What the fuck are they looking for? "My plan to blow up the Whitehouse.doc" sitting on the desktop?

Terrorists may be just as inept at PC security ops as your average office worker, or even your average person who works at the DOD. (I think you know how that goes.) But also, perhaps cookies that can provide information needed to subsequently retrieve Google Maps history. Or FB identities. Or maybe just some downloaded material or email with something "interesting" on it that can be analyzed later, or used on the spot to indicate probable cause.

I'm not saying I like it, just answering your question. You realize that the UK and Canada do this also. Not sure about most other countries offhand, but probably most of them do it when they feel like it.

"other articulable factors."

[war4peace]

My beard is longer than 5 cm. I guess I'm fucked.

Re:"other articulable factors."

[cfalcon]

> My beard is longer than 5 cm. I guess I'm fucked.

Given that you didn't give that in inches, I concur! Everyone knows a cm is a commiemeter.

Re:"other articulable factors."

[war4peace]

As an Eastern European, I guess I'm doubly-fucked.

Re:So stupid.

[Alain+Williams]

What the fuck are they looking for?

Some, unwise, people will take across things like porn - which provides an excuse for "advanced" search; but that is otherwise of little interest. They are unlikely to find terrorist training manuals or plans to blow up a shopping centre and most people will think that if they don't have stuff like that then all will be OK. But border guards do more than that; individuals might be targeted for a search because of who they work for, any commercial information could be useful to their USA competitors.

Many do not realise quite how hard it is to remove things of interest from a machine. OK: remove documents, images, etc that you don't want them to have, but that is not good enough: browser history can be interesting, desktop thumb-nails, system logs, ~/.ssh/authorized_keys ... all have their tale to tell. The only safe machine is one that it wiped and freshly installed.

Re:When have guidelines/laws stopped DHS

[Attila+Dimedici]

Laws are one thing...guidelines written by the guy who decides whether the department's lawyers will defend you when somebody sue or if perhaps they should refer you to the Justice Department for prosecution is something else entirely.

I thought this problem was settled

[fustakrakich]

Don't people with sensitive personal files use burner phones and laptops to sidestep this argument? Why do people keep pontificating on it?

Everybody knows what needs to be done. Next opportunity comes in November. If you want change you have to *Sweep the House*.

Re:I thought this problem was settled

[cfalcon]

> If you want change you have to *Sweep the House*.

Of the remaining Democrats? That doesn't seem all that wise, but I understand how you could want to vote out all Democrats, given that they controlled the House, the Senate, and the Executive back in 2009, when the overbearing linked rules were put in place:
https://foiarr.cbp.gov/streami...

The current rules, put in place with a Republican House, Senate, and Executive Branch, are far better than the 2009 rules, as they prevent the search of cloud data, and establish standards for when an "advanced" search can be used.

Unless you mean to elect all Libertarians and Green party members, who will get rid of this routine and disgusting violation of the 4th amendment, I can't imagine why sweeping the house of its remaining Democrats will result in further privacy- the Republicans are apparently better at this than Democrats, but both fall far short of respecting our constitutionally guaranteed rights.

For people travelling internationally with data ro

[CGordy]

How did the old implementation work in practice for foreigners? Due to extortionate data roaming charges (>$5/MB), I always disable data roaming before travelling. Does anyone have horror stories caused by the TSA enabling data roaming and racking up thousands of dollars in bills?

Re:So stupid.

[chuckugly]

A guy I know was thoroughly searched because he lived in the Philippines for several years and they quickly found some bikini pics of his Filipina wife on his iPad. Normally having pics of your wife on a personal device isn't criminal but it took him over 12 hours to get his gizmos back and get back to travelling. Maybe they just liked looking at his wife.

Re:I knew it!

[vux984]

"Nothing to do with immigrants. Trump just doesn't want his family members cloud accounts searchable when they cross the border." ... is what I would say if I wanted to somehow associate it with Trump.

In all liklihood this has nothing to do with Trump and has probably been percolating up through the system for a while now and has nothing to do with any president past or present.

Much better news than I expected

[dsoodak]

At first, I thought "New US Customs Guidelines Limit Copying Files and Searching Cloud Data" meant they were going to try to make it illegal to load data from the cloud onto your computer that wasn't there already when you passed through customs.

Wipe Those Devices!

[kenwd0elq]

I'll never need to worry about this, because I no longer fly and will never again leave the country. But what's preventing you from doing a cloud backup of your device at the hotel before heading hope, and then wiping your device while you're waiting to come through customs? Then tell the customs agent that there's NOTHING on the phone at all. And you wouldn't even be lying.

Stupid..

[Bert64]

So if you're up to any suspicious activity, you just back up all your data to an encrypted backup on a cloud server located outside of the US and wipe your phone before you travel...
All this does is invades the privacy of ordinary people who desire privacy but don't have anything important enough to go to these lengths to hide it.

Easy way around

[Shogun37]

Favorite Linux flavor on thumb drive. Load whatever onto laptop hard drive. Put thumb drive in wallet. Looks bad, but just use the "Don't want it stolen" excuse. Have I left something out?