US Courts Consider Legality of Laptop Inspection

ceide2000 writes "The government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer's hard drive, the government says, is no different from looking through a suitcase. One federal appeals court has agreed, and a second seems ready to follow suit." This story follows up on a story about laptop confiscation at the borders from a few months ago.

Luckily

[svelemor]

... there are effective ways to protect your own privacy http://www.truecrypt.org/ [truecrypt.org]

Re:Suitcase opening... HAH!

[winkydink]

Um, upon entering the country, they can open a sealed letter in your possession and read the contents already.

Re:By that logic...

[russ1337]

Can they inspect every packet that enters (or exits) the US? Does the physical medium have to be in transit?

Answer: yes [wikipedia.org]

Re:Suitcase opening... HAH!

[sholden]

Your assumption is wrong. It's to search for items which are illegal to bring into the country. That would some plants and animals (quarantine laws), and also certain bit sequences on a hard drive (child pornography), bits of paper (undeclared currency over a magic value), arbitrary objects (that you didn't pay duty on) and a lot of other things. It's customs doing the searching, they don't actually care about bombs - of course if they found one they'd bring in the people who do care about such things...

Re:But

[eln]

Not that the Bill of Rights has much sway in cases where "terrorism" or "national security" can be applied, but the 5th amendment applies to "persons" rather than "citizens" (this distinction is made several times in the Constitution), and thus applies equally to anyone under US jurisdiction, whether they are a citizen or not.

So, if we actually followed the Bill of Rights, no one should be compelled to give that information, regardless of where they come from.

Re:No you have a choice.

[Em Adespoton]

Is there now a place for a program that decrypts data in two ways?

It's called TrueCrypt [truecrypt.org] and is available for Windows, Linux and to some degree for OS X.

Main Features:

        * Creates a virtual encrypted disk within a file and mounts it as a real disk.

        * Encrypts an entire hard disk partition or a storage device such as USB flash drive.

        * Encryption is automatic, real-time (on-the-fly) and transparent.

        * Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

            1) Hidden volume (steganography - more information may be found here).

            2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

        * Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.

            Further information regarding features of the software may be found in the documentation.

The 4th does not apply to border searches

[sirwired]

The 4th amendment does not apply to searches at the border, and it never has. Throughout modern history, every country in the world (the U.S. included) has reserved the right to search anything and everything entering the country, save diplomatic pouches.

The 4th amendment only covers "unreasonable" search and seizure. Border searches are considered reasonable, and therefore require no warrant. This was formally codified by the 1st Congress (thank you Findlaw), who could be assumed to know the intentions of the founding fathers. More intrusive operations over and above a cursory search (such as X-Rays, or I supposed computer checks) only require "reasonable suspicion", as opposed to the more strict "probable cause".

The current version of the law states:
19 USC 1581:
(a) Customs officers
Any officer of the customs may at any time go on board of any vessel
or vehicle at any place in the United States or within the customs
waters or, as he may be authorized, within a customs-enforcement area
established under the Anti-Smuggling Act [19 U.S.C. 1701 et seq.], or at
any other authorized place, without as well as within his district, and
examine the manifest and other documents and papers and examine,
inspect, and search the vessel or vehicle and every part thereof and any
person, trunk, package, or cargo on board, and to this end may hail and
stop such vessel or vehicle, and use all necessary force to compel
compliance.

I would think a search of the hard drive falls well within a "package".

SirWired

Re:next will be...

[hey!]

Next?

Are you kidding? There is no fundamental law which protects the stuff you mention. Instead there is a patchwork of laws like HIPAA, ECPA, Fair Credit Reporting etc that protect against various egregious abuses, but many if not most of these laws have massive loopholes. For example, the Government is forbidden to take its records and create dossiers on random citizens, but it can buy that same information from vendors on the open market.

And most of these laws have explicit exceptions of law enforcement and intelligence activities.

There is no fundamental right to privacy recognized in US law, especially if you are a strict constructionist. The only protection for individual privacy in the US is political; if people get mad enough, then Congress will places the biggest patch on the problem that they can get past the lobbyists.

Re:Just create a dummy account?

[Anonymous Coward]

That could get you in a lot more trouble than just letting them see your real account. Granted, it is really easy to fool these people. It is not like they are college educated. You just need to set-up a login screen that does not show the accounts (easy to do with Gnome and KDE). But God help you if they find out what you did. The reason they are searching laptops is to look for suspicious activity that resembles behavior of a terrorist or spy. What you just described is exactly that.

Re:Suitcase opening... HAH!

[servognome]

That sounds suspicious (for instance I doubt they can do it for mail). Care to back up that statement?

They can [schneier.com] for mail. Thank this one to the "war" on drugs.

Re:next will be...

[Anonymous Coward]

Actually, there is a right to privacy fundamental in the Constitution both through the 4th Amendment (its purpose is to protect the citizenry from unfair intrusion by the Government) and via the 9th and 10th amendments (The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people. and powers not granted the federal government in the Constitution or given to it by the States are reserved for the states or the people).

Re:next will be...

[Anarke_Incarnate]

Nothing about citizenry. The law states that "The People" shall be secure in their person and effects.

Re:No you have a choice.

[Em Adespoton]

Right up to the moment they use an undelete tool on your laptop and find the formerly uninstalled encryption program on your hard drive....

I think you missed the point... TrueCrypt allows you to hide an encrypted volume in the same filespace as another innocuous encrypted volume. TrueCrypt can also run as a portable app... no registry entries etc; you can run the entire thing off of a USB drive or SD card. Of course, there will still be visible data in the OS's pagefiles....

The other trick TrueCrypt uses is that it doesn't leave recognizable headers, so you could have 10 truecrypt files with innocuous names hidden within other files, and unless you know they're there, there is no way to identify them. Use a standard TrueCrypt archive and the TrueCrypt software to store your home computer inventory or something similar, and you can show this to anyone who wonders why you've got an encrypted partition on your drive/USB drive.

Of course, as I mentioned elsewhere, the best way to go about this is to have a multilayer truecrypt drive file named DSCINDEX.TOC and store it on the SD card you keep in your digital camera. Such files are generally treated as junk files, and an examination of the file would make it look like junk... unless you tried to mount it with TrueCrypt after mounting the card on your computer desktop.

Probably easier just to use TrueCrypt to encrypt your laptop drive at the drive level though, and have two passwords to reveal two different sets of data. That way your pagefile will be encrypted too, and the only way to analyze the sensitive data would be to read the RAM chips with a special device. Of course, an examiner could still accidentally erase your real data while examining the device, which would be a shame.

Re:No you have a choice.

[JasonTik]

And if you RTFC(onstitution), you will see that the fourth amendment does not use the word citizen. As such, his point is still valid.

Re:Huh?

[Anonymous Coward]

I can remember a time when we wouldn't stand for showing identification period, and were collectively willing as a country to back that up.
http://en.wikipedia.org/wiki/Checkpoint_Charlie#Clay_responds [wikipedia.org]

Re:SmartCard

[Chris Mattern]

Yep, follow some of the links in other posts. They have discretion to confiscate almost anything. Technically, it's still yours; DHS is supposed to give it back to you when their investigation is complete or the laptop is no longer required for the investigation. There is, however, no time limit on how long DHS can take doing this. One of the articles linked to in this thread reports a woman's been waiting for over a year with still no indication of when they'll give it back.

Chris Mattern

Re:The 4th does not apply to border searches

[a1englishman]

I recently took a trip back to the United Kingdom, via France. At no point during that journey did customs go through all my belongings, and ask me to fill in some form that disclosed how much stuff I was bringing back. I come back to the States, and it's like the Spanish Inquisition. It's like the rest of the West has moved on, yet over here, we're dwelling in the dark ages. Did you say "Witch?"

Re:But

[richcsst]

The problem is, you aren't "in the country" until Customs says you are. This is international law. The areas marked for international travel are technically an "embassy", not US soil. This allows the governments (plural, no matter where you are) to send you back where you came from without you actually legally "arriving". The movie "The Terminal" shows this concept very well. So, until Customs approves your arrival, you're not in the USA (and its "jurisdiction") and the US Constitution does not apply. The same goes for other countries as well.

So, you can refuse a search, but then again, they can refuse to let you into their country. The control is left to you and them (mostly them).

So, remember, whilst in an international terminal, whether airport or border crossing, you are in a place where only international law applies until that country says you are in their country. Until they say you are in their country, they have every right to search anything you bring with you, and every right to confiscate anything deemed as contraband, every right to send you back where you came from, and every right to use anything they found as evidence against you according to their country's laws after they say you are "in their country".

Re:Ridiculous

[Zibblsnrt]

They are not looking for passwords to nuclear reactor equipment - the clowns at the border probably wouldn't recognize such lists unless they were marked "passwords to nuclear reactor equipment." They're not even looking for bootlegged movies because they'd be detaining damn near everyone with a laptop.

No, they are pretty much just looking for naughty pix of little kids - that's it. And much as someone might find that offensive, sorry it just aint "dangerous."

Another thing it ain't is "gonna accomplish much of anything."

Anyone who really thinks some bored customs/security folks are going to be able to competently identify the contents of, say, a 500GB drive with two hundred thousand files on it is smoking something. What're they going to do? Haul the laptops off someplace and spend an afternoon checking every directory and making sure the files are really what they're named? People like the one in TFA aside, they're not likely to find much doing this unless they're willing to take their sweet time holding someone while they fine-tooth-comb their computer to do so. For anything resembling a reasonable-length search at customs, any contraband's either going to be glaringly obvious to a non-expert who's going through the motions, or it won't show up at all.

As one of the comments in the article says, this is just more fishing in the dark, like no-fly-lists or people demanding I explain why I'm wearing boots every time I fly in the winter.

Re:Ridiculous

[blueskies]

Not so dangerous unless you're one of the little kids.

uh, it's still not dangerous. Unless your Amish and realize that having your picture taken steals your SOUL!!!