New Zealand Travelers Refusing Digital Search Now Face $5000 Customs Fine

Travelers in New Zealand who refuse to hand over their phone or laptop passwords to Customs officials can now be slapped with a $5000 fine. From a report: The Customs and Excise Act 2018 -- which comes into effect today -- sets guidelines around how Customs can carry out "digital strip-searches." Previously, Customs could stop anyone at the border and demand to see their electronic devices. However, the law did not specify that people had to also provide a password. The updated law makes clear that travelers must provide access -- whether that be a password, pin-code or fingerprint -- but officials would need to have a reasonable suspicion of wrongdoing. "It is a file-by-file [search] on your phone. We're not going into 'the cloud.' We'll examine your phone while it's on flight mode," Customs spokesperson Terry Brown said. If people refused to comply, they could be fined up to $5000 and their device would be seized and forensically searched. Mr Brown said the law struck the "delicate balance" between a person's right to privacy and Customs' law enforcement responsibilities. "I personally have an e-device and it maintains all my records -- banking data, et cetera, et cetera -- so we understand the importance and significance of it."

Digital search?

[ichthus]

The term "digital search" is a bit ambiguous. (Prostate exam comes to mind) Is this really what search electronic devices is called?

Re: Digital search?

I wipe my iphone before landing on a plane, and set it up as new. I do the same with my iPad. I have an external SSD that I use as a time capsule specifically for time capsule to quickly update and backup / restore. It's encrypted, so it won't show anything unless you know how to mount it (a simple offset).

When I'm through customs, I start restoring my laptop, then my iDevices. It's terribly inconvenient, and never been tested crossing the border back into the US, but I'm of Arab descent and I feel that if they want you, they will simply plant it or find SOMETHING you have done to break the law.

This is the sad state of "freedom" in the US these days. I'm a citizen (have been since birth) like my father before me.

Re: Digital search?

[Lanthanide]

Relying to this top comment so more people see this.

As an NZ citizen I think this isn't a great development and understand why people in these comments are setting don't go to NZ and only take burner electronics with you etc.

What is missing, is that the border service currently only request searches of electronic devices about 500 times a year, total, across all border arrivals. That's a little over 1 per day across the whole country.

You have to be a suspect in the first place before they ask for your device. They don't expect the number to increase due to the new policy.

So yes, this is an unfortunate development and it'd be better if they didn't have these powers. However you have to be pretty damn "unlucky" to be targeted by this policy in the first place. 99.9999% of border crossers have nothing to worry about.

Re: Digital search?

[JackSpratts]

wanna bet those numbers increase?

- js.

$5000 fine?

[b0s0z0ku]

$5000 fine might be worth paying, depending on the circumstances, if the alternative is jail or loss of corporate secrets. Way around this is either an erased phone or an SD card with a smaller capacity stamped on it with plus an encrypted partition on the remainder. If what's on the unencrypted partition is innocuous, this should stand up to a casual search at least.

Re:$5000 fine?

[MasseKid]

Don't bring personal/business electronics across borders. It's that simple.

Re:$5000 fine?

[olsmeister]

It's even simpler than that. Don't go to New Zealand.

Re: $5000 fine?

[dargaud]

I work in a critical field. My employer (the State by the way) requires my laptop and phone must be encrypted. I could lose my job or much worse of I give my password to anyone. So which law trumps the other one?

Re: $5000 fine?

[TechyImmigrant]

I assume your employer has rules concerning travel with the laptop containing the oh-so-special secrets. Mine does. Leave it at home and take a burner. It's the cost of doing business and the burner costs less than $5000.

Re: $5000 fine?

[stephanruby]

So which law trumps the other one?

I don't see a conflict.

You'll already lose your job (and worse) if you travel to a country like North Korea or Iran.

Just add New Zealand to that list. Do not go to New Zealand, or you may lose your job and possibly go to prison for the rest of your life. Or if you do go there with your devices on an official government business, you better make sure you have diplomatic immunity.

Re:$5000 fine?

[Bert64]

All this does is disrupt legitimate travellers who have genuine need to carry such devices.

Any serious criminal is going to be prepared for this... they will travel with devices containing nothing but a fresh install and download any data they want over an encrypted channel using the first internet connection they gain access to.

Also, what assurances do you have that the government will be able to keep your data secure and not leak it somehow?

Re:Not simple

[edtice1559]

My employer would have something to say about it. They would issue me burners. Or more likely have the local office give me a loaner while I'm there so I don't have to carry devices across the border. This just imposes a huge expense on business travelers in order to apprehend the dumbest of criminals.

if you can not avoid it

[houghi]

I have a Chromebook and I run Crouton on it with Debian. Adding a ne user tat does not have that is pretty easy.
So I could just add a user with some pasword. If that where not possible, i would change the password to "pass" for the duration.
Or even better would be if they press "Enter" instead of CTRL-d to go to restore mode. Ir I do it myself.
That way I have a blank PC when I arive. Setting things back takes an hour., if that.
Same for the phone. Just restore factory settings. I could even pop in a cheap sim card and blank sd card.
Sim card can be had for 6EUR. Who cares they know it is in my name. It is not as if I am going to use it.

"Refuse to comply"?

[zarmanto]

One method which privacy protestors sometimes favor is wiping their phone prior to entering the airport terminal, and restoring it to normal after leaving... and with the ubiquity of encryption on smart phones, that makes it extremely likely that a forensic search would be entirely fruitless, regardless of the methods employed. So how long will it take for airport authorities to decide that a wiped phone qualifies as a refusal to comply?

"Delicate balance."

[thevirtualcat]

"Mr Brown said the law struck the 'delicate balance' between a person's right to privacy and Customs' law enforcement responsibilities."

Yes. A "delicate balance" wherein customs officials can do whatever they want to your device and slap you with a $5000 fine if you refuse to comply and you have no recourse if you think they're acting in bad faith.

In so far as dropping an anvil on one side of the scale is a "delicate balance," I suppose that's true.

Re: Digital vacuum?

[thomst]

It is important to keep in mind that NZ is a party to the "Five Eyes" intelligence-sharing partnership (the others being the USA, Great Britain, Canada, and Australia). Why that's important is that the agreement between them specifies that any intelligence developed by any of the parties is made freely available to the others, both in regular summary reports, and in full, upon request.

What that means on a practical level is that any data NZ's Customs folks uncover in their search of arrivals' devices that they decide might be of interest to any one of their three national intelligence-gathering organizations is automagically rendered to them. They, in turn, make that data available to the other four signatories' national spies. As Edward Snowden's massive document dump revealed, a key goal of the alliance is to enable the signatories to thwart the limits their own laws place on surveillance and intelligence-gathering activities directed at their own citizens and legal residents. (Appropriately enough, the NZ Herald ran an in-depth report on the subject in its March 5, 2015 edition. It makes for interesting reading, both because its viewpoint is a non-U.S. one, and because it traces the kind of egregious, systematic overreach that the port-of-entry personal electronics search policy TFS exemplifies specifically to the administration of NZ's National Party leader and (now-former) Prime Minister John Key.)

As an example of how the Five Eyes alliance enables its signatories' end-run around their own citizens' privacy protections, Snowden likes to point to a routine tactic that he, as an IT contractor for the NSA, personally witnessed every day: when an NSA analyst wants to look at the phone record metadata, web browsing history, email, and/or other "signals intercept" intelligence on a citizen of the USA who currently resides within its borders - which it is legally forbidden to do without first obtaining a FISA court warrant - he or she need only inform GCHQ (Britain's version of the NSA) of that desire. One of GCHQ's analysts then uses the spy tech that the NSA shares with GCHQ - often the exact same program the NSA person is running - to look up the requested record in GCHQ's database, and helpfully sends a copy of the results to his or her NSA counterpart.

Employing the narrowest possible interpretation of both countries' legal strictures, the search itself is not technically forbidden by U.S. law, because the actual surveillance and initial data acquisition was performed by GCHQ (albeit on the NSA's request), and that organization is not bound by U.S. statutes or Constitutional prohibitions on searches and seizures conducted without the shield of a judicial warrant. And the fact that GCHQ's analyst shared the results with the one from the NSA is, likewise, not illegal, for the same reason.

That kind of data sharing, which is based on the sketchiest possible interpretation of the respective nations' laws, happens thousands of times per day - and it works both ways.

Or, rather, I should say it works all five ways ...

Bomb detectors?

[nnappe]

Nicely put about the US but... Have you ever been to Mexico or Argentina? I've never seen a bomb detector in a McDonald's in my life. Mexico's said to be dangerous near the border, but in Mexico City I saw nothing like what you describe, not even in Acapulco. Also, Mexico's violence is predominantly related to drug traffic and plain old crime (kidnappings too).
Your description of Argentina is totally inaccurate too. Even though there were two terrorist incidents in the last 30 years to Jewish/Israeli targets, the only sign you can see of that is pylons outside of synagogues and Jewish countries. The terrorist threat is non existent.