NZ Customs Wants Power To Require Passwords 200
First time accepted submitter Orange Roughy writes New Zealand customs are seeking powers to obtain passwords and encryption keys for travelers. Supposedly they will only act to obtain credentials if it was acting on 'some intelligence or observation of abnormal behaviour.' People who refuse to hand over credentials could face up to three months jail time. From the story: "Customs boss Carolyn Tremain has told MPs the department would only request travellers hand over passwords to their electronic devices if it had a reason to be suspicious about what was on them. The department unleashed a furore last week when it said in a discussion paper that it should be given unrestricted power to force people to divulge passwords to their smartphones and computers at the border. That would be without Customs officials having to show they had any grounds for suspicion."
Strong public relations (Score:5, Insightful)
Re: Strong public relations (Score:4, Informative)
It won't happen. It's been demonstrated over and over again that people are willing and often eager to comply with the authorities' requests. More likely, other countries will follow soon and the day will come when this is law everywhere. We live in the Surveillance Age now. Deal with it.
Re: Strong public relations (Score:4, Informative)
Well, why not? Getting passwords and checking laptops, phones and whatnot on the border is completely useless waste of time, and won't catch a single criminal or terrorist. People will just travel with clean machines and download anything they need while in the country. What if you don't actually KNOW the password? Company IT department will tell it on the phone to you after you have passed customs? Jailed for 3 months? What if your USB stick contains a "random" datafile? Is it encrypted or just junk? Or some data for some obscure program?
That being said, people will just travel with clean computers, especially the ones that might have something to hide.
Re: Strong public relations (Score:5, Interesting)
Re: (Score:2)
You cannot contractually forbid anyone to comply with the law, so your point is moot.
Re: (Score:3)
Re: (Score:2)
In that case, you still cannot be prosecuted for complying with NZ customs. You may be prosecuted for bringing a sensitive asset to a different nation. If you are violating the law as you state, this has happened long before entering customs.
Re: (Score:3)
Encrypted information isn't sensitive, that's the whole point of encryption: To take big secrets (data) and make them little secrets (secret key).
Re: (Score:2)
And bring encrypted information to a country that requires you to unencrypt it when you enter is no different that taking it in plain text.
That, or risk being refused entry.
Re: (Score:2)
It's just a suspicion, though. Without an encryption key - the actual thing that's sensitive - it just looks like random data. It could have been put anywhere else on the Internet. If they could prove it's encrypted, how can they prove you have the key? Maybe you own the key -- on a USB drive at home. And so on.
Re: (Score:2)
It would make more sense for the person carrying the laptop not to have the password at all. Once safely in the country they could receive it by (encrypted) phone etc.
Re: (Score:2)
I'd like to see a high US official pass through customs and watch a random rent-a-cop get his password and copy all his files. Right, like this is gonna happen.
If it's international travel then they should be travelling on a diplomatic passport. (Which my ex-wife does all the time...)
Re: (Score:2)
She's a lawyer.
I can neither confirm nor deny, that I may, or may not have never won an argument.
Re: (Score:3)
Re: (Score:2, Interesting)
Well, why not? Getting passwords and checking laptops, phones and whatnot on the border is completely useless waste of time, and won't catch a single criminal or terrorist. People will just travel with clean machines and download anything they need while in the country. What if you don't actually KNOW the password? Company IT department will tell it on the phone to you after you have passed customs? Jailed for 3 months? What if your USB stick contains a "random" datafile? Is it encrypted or just junk? Or some data for some obscure program?
That being said, people will just travel with clean computers, especially the ones that might have something to hide.
EVERYONE should travel with clean computers. It's just common sense. Also, it takes an "I AM Spartacus" approach to the security theater that does nothing anyway, and inconveniences everyone without a real benefit to anyone. Also, if your machine is stolen, lost, damaged, etc., backing things up before the trip is only common sense, and assuming it will be poked and prodded by government assholes and spies only helps you by forcing you to backup data you know you should anyway.
The only issue is the re-do
The year of Linux on the desktop ;-) (Score:2)
With all the dozens of different Linux/BSD/Unix variants, and the different window systems they have, as a full time IT worker, I'd have a hard time working out what was what on them all. Good luck to the rent-a-goon at customs when I pull out my FreeNAS box with VMware hypervisor with an Ubuntu guest with Xmonad windowing system with an AES encrypted partition that's mounted by cryptsetup based bash script.
Re: Strong public relations (Score:5, Insightful)
It won't happen. It's been demonstrated over and over again that people are willing and often eager to comply with the authorities' requests. More likely, other countries will follow soon and the day will come when this is law everywhere. We live in the Surveillance Age now. Deal with it.
Of course they are. the great unwashed do not see the point, and the others use some form of plausible deniability encryption. [wikipedia.org]
This is the usual PHB event in which a high official misread some bad science in a hairdresser magazine, asked that something be done about it to an even more ignorant burocrat, and lo and behold, something was eventually done. [youtube.com]
nothing to see here.
Re: (Score:2)
[...]"It also doesn't solve the problem of, "We've identified these GMail and Facebook accounts as yours. Please login to them or go to jail."
Sorry, I thought people knew about this [codeplex.com].
And by the way, my answer to the relevant police is "officer, let me give you the password for that volume, that's where I stored my id/passwords or Gmail and Facebook, bank accounts etc."
Re: Strong public relations (Score:4, Insightful)
Fine. We do not believe you, go to jail. When you grow up you'll learn that playing smartass with people who literally own your life is not only foolish but suicidal. You have no concept or understanding of the imbalance of power between you and them, do you?
Re: Strong public relations (Score:5, Insightful)
You can have hidden encrypted information.
You're starting an arms race. Cisco is already shipping routers to dead drops in a bid to avoid NSA interceptions.
The entire tech ecosystem is reacting to increased surveillance.
The average user you will get it. But person with something to hide? They'll install a bit of encryption software that will not only encrypt the data but make it look like it doesn't even exist.
And if there is something you have a bogus encrypted file that is decrypted instead.
There are lots of means of dealing with this stuff.
Re: (Score:3, Insightful)
Better yet, when travelling - the best security is physical security. Don't take important crap with you, keep it on a secure server in your mother country.
Laptops should be dumb terminals, nothing more.
Re: (Score:3)
I generally agree, however what if they ask for your server passwords?
What after all is the difference?
The trick is to put the information somewhere that they don't know it exists at all. They can't ask for the password if they can't find the files or the server login. You say "what password"? If they can't find the files or the server then they can't ask for the password. And THAT is the trick. Putting the files on a USB stick and then secreting that into your other belongings in such a way that it won't b
Re: (Score:2)
It is more complicated than that.
Re: (Score:3)
Re: Strong public relations (Score:1, Insightful)
Perhaps. But anyone disagreeing is just a deluded fool. You do not antagonize Authority, not in this day and age. Not if you hold your life dear. You want my passwords? Fine. Have them. I have learned long ago that avoiding anything that might be considered "questionable" is the wisest course of action. What do you gain for playing rebel? Nothing.
Re: Strong public relations (Score:5, Insightful)
People like you made Nazi Germany a reality. Good job.
Re: Strong public relations (Score:5, Interesting)
No, it is not.
It is a legitimate invocation of a core reason why Nazism was allowed to rule, despite most Germans being against it.
Goodwin is more about "You do know that Hitler also washed his hands daily". Drawing an analogy that has nothing to do with Nazism.
Shachar
Re: (Score:3)
Godwined
You keep using that word. I do not think it means what you think it means.
Re: (Score:2)
Godwin on Godwin's law (Score:2)
In practice, the meaning of "Godwin's law" has grown from the original "later posts to threads about social topics invite more comparisons to the NSDAP" to "he who makes such a comparison loses the argument". Mike Godwin wrote about being surprised about how this law took root in popular culture [jewcy.com]: "I wanted folks who glibly compared someone else to Hitler or to Nazis to think a bit harder about the Holocaust."
Re: Strong public relations (Score:4, Interesting)
Way to lay down in the street and die just because some with supposed authority asks you to.
There's also a third solution: appear to be compliant while retaining your privacy.
Re: (Score:2)
The three other words:
Against Corporate Policy
Re: (Score:2)
What right to unhindered travel?
Since when was anyone allowed to enter any country they liked and not comply with local laws?
Re: (Score:1)
I found the difference between the article and headline disturbing. I read the headline and went Great! Passwords are required. Nice. Article reveals a compromise of passwords is forced with penalties for failure to compromise your passwords.
I wonder if I will get tossed in the pooky for having a DVD and not knowing at the check point the full DECSS for the DVD? Or worse a Blu-Ray.
Re:Strong public relations (Score:4, Insightful)
Re: (Score:3)
Privacy is only dead if you are willing to get over it.
Yes, a lot of people *do* have options (Score:3)
Alternative theory: I choose not to travel to somewhere where such mall cops have any authority, or where border authorities like to throw their weight around.
There are more places in the world that I would like to see than I will ever be able to in one lifetime. I choose to visit those where I feel welcome, and they get my tourism revenue in return.
There are more clients in the world than my company will ever be able to do business with. I choose to work with those in places where doing business is easy, a
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Your rooms get underfloor heating and TV as well.
Our prisons have better living conditions than some peoples houses.
Re:Strong public relations (Score:4, Interesting)
It's even worse for business travellers. New Zealand is already known to do a lot of industrial spying as part of FIVE EYES.
It's got to the point now where you have to wipe your laptop before travelling, then restore it when you get through customs. Same with your phone. Fortunately it is easy to do both those things these days.
Re: (Score:3)
This raises an interesting question: What the hell is the fucking point of searching electronic devices. By their very nature they can send data across the border without a physical interaction with customs. What are they hoping to gain from this? Any illegal activity can already be done from either side of the border including all the usual nasties like terrorism, child pornography, and industrial espionage.
What are they hoping to gain other than catching a few dumb people which likely would have been caug
Re: (Score:2, Interesting)
The obvious answer is that they're not hoping to achieve anything through this measure - this isn't about the need to compel passwords from people at the border, this is just a stepping stone onto further and far nastier forms of coercion. It's just part of NZ's National government's gradual push towards greater and greater surveillance. Each step is small - each seems ultimately futile - but taken together they gradually reduce our personal freedoms until suddenly we find ourselves in a police state.
But l
Re: (Score:2)
Criminals are dumb. They carry evidence of their crimes on their person all the time.
Source: I know a NZ customs agent personally. I haven't asked her what she thinks of this.
Re: (Score:2)
But that is my point. The only kind of idiot who would carry this stuff is the same idiot who would send it plain text from his home and get caught anyway. There's no point in the extra grief at the border.
Re: (Score:3)
The company I work for now issues people special travel laptops for international travel. They are imaged specifically for the trip with only the applications and data the person needs to do the specific job they are traveling for. When they get back any data that needs to be preserved is pulled off and the machines are reimaged. Things like this and just the general high risk of laptop loss in international travel are the motivations for doing all that. It used to be there was a small list of countries we
Re: Strong public relations (Score:5, Funny)
Before my next visit to NZ I'll change my phone's password to "fuckyouretardednzcustomsofficers-youimbecilepuppetstotheusa"
Feel free to use it yourself :-)
Re: (Score:2)
Re: (Score:2)
"Five Eyes" doesn't have to be in the article. "New Zealand" alone is enough. All major industrialized anglophone countries are in on this.
Re: (Score:2)
my password: jamitfool (Score:2)
and I won't be travelling to New Zealand, thanks.
What do you expect to find? (Score:3)
Even if the person is the biggest paedophile terrorist drug-dealer in the world, do you honestly believe that there would be evidence on his phone WHILE HE IS TRAVELLING?
I don't believe that Carolyn Tremain understands this "Internet" thing.
Re: What do you expect to find? (Score:3, Insightful)
I think you're underestimating how stupid some people are.
Re: (Score:2)
This is very true, just see the number of people who posted doing ileagl things on failbook and then got arrested.
I see this dying by corporate interests quickly though. It goes against money and thus will get wiped out .
Re: (Score:2)
Stupid people will be caught anyway, they don't need massive useless border checks for this.
Decoy (Score:5, Informative)
Re: (Score:2)
Why would anyone take anything of real value? The stuff is cheap. Use a throwaway for traveling and upload to a 'cloud' drive during the trip.
Re:Decoy (Score:4, Insightful)
Yes! Do that!
While you are travelling you are at higher risk for your stuff to be STOLEN.
So make sure that the thieves (or customs officials) only get hardware.
Learn how to securely access your files/data remotely.
Trying to be secretive with hidden partitions and such just runs the risk that you might encounter the one customs agent who knows something about computers. Be boring. Be the most boring person they've ever seen. Have NOTHING of interest to ANYONE on your systems. No pictures/music/movies/anything.
Re:Decoy (Score:4, Funny)
Do have plenty of powerpoints explaining the 1040 long form. That might actually put them into a coma if they look at it.
Re: (Score:2)
Re: (Score:2)
It would be far more effective to carry thousands of boring landscape photos.
Re: (Score:2)
The problem with your idea is many fold:
1: You need to insure the communication channel in the host country is sufficient (not always the case)
2: The cost/time to pull all the relevant information back in a usable manner (so you spend at least a day to get all the pieces of what you need to do your work back, potentially more if the network speed sucks)
3: Drives up the cost to do business. (see reasons 1 and 2)
4: You need to insure the connection back to home base is not compromised/tracked (one reason
Re: (Score:3)
Easy workaround : Don't go to NZ. There are plenty of beautiful places to visit nearby.
Re: (Score:2)
Re: (Score:2)
NZ is hardly unique in desiring tourism.
Standard practice for a department (Score:4, Insightful)
A department such as customs, police, wellfare etc. will always ask for the maximum possible powers. It is a given. There can be no argument against the fact that a speed camera on every light pole will lower the amount of speeders (either by fear or getting them off the roads). The police therefore will ask for that.
The role of the legislative body is to control the power of the departments and offset their wants against the negative outcomes of those wants. *Customs* We want everyone's password *Legislature* No, but you can seize equipment and a password may be demanded by a judge.
The fact that they don't always get it right is a different issue.
Re: (Score:2)
The problem is that recently the legislative body seems to be willing to grant those powers to the departments or even give them more and we are dependent on the judicial system to claw them back.
"not its intention", hah, hah! (Score:5, Informative)
Protip: whenever some government official says that they won't use their power for some purpose, you know that it will be used in exactly that way or for that purpose. Case in point, RIPA in the UK, which has been used (abused) in cases related to petty crime in exactly the way it was originally claimed it would not be used.
See you in three months (Score:4, Funny)
| gpg -a --symmetric --passphrase "$(dd if=/dev/urandom bs=1024 count=1)" > ~/important.txt
Re: (Score:2)
Just line the inside of your suitcase with floppies. Dump a bunch of old thumb drives in as a well. Glue some microSD's to your phones case and let THEM sort it out.
Where's the beef? (Score:1)
When in a foreign land, you follow the rules of that land. Intrinsic rights are and only can be given to those who fall under that state's jurisdiction. Until there are universally accepted and guaranteed by some global dominion people can not and should not expect the laws that they were raised under to respected in other jurisdictions.
Re: (Score:2)
Re: (Score:2)
> a drug addict, rapist, or mass murderer
Addiction is a medical issue. Rape and mass murder are rather serious crimes. If my child became addicted to a substance, I'd take it in my house at any cost. But in the case of rape or murder, well, that will end family ties for a few decades.
Statutory rape (Score:2)
But in the case of rape or murder, well, that will end family ties for a few decades.
For this purpose, would you consider "rape" to include sexual contact between an 18-year-old and a 17-year-old when the 17-year-old has presented fake ID? Or are you in the "save it for marriage to avoid accidental molestation convictions" camp?
Re: (Score:2)
New Zealand actually is a signatory of the Universal Declaration of Human Rights, which says that "everyone has the right to leave any country, including his own, and to return to his country", "no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence".
I don't even know where to begin with the child/parent analogy. The relationship between a ten-year-old and her mom is obviously and fundamentally different than the relationship between a citizen and their repres
Re: (Score:2)
Or an invading foreign government can pull you out of your home and invent a new type of human called an "enemy combatant" and pretend that existing laws from both countries, , and international treaties and the US Code of Military Justice do not apply to them. It's difficult to tell the last estimate I saw said there are still more than 100 prisoners at Guantanamo Bay.
Let's be very clear that many governments, including that of the US, pick and choose what rules to follow for some quite inconsistent and q
Re: (Score:2)
Intrinsic rights are
...imaginary.
In practice, we have only those rights which you can protect, or which someone else will protect on your behalf. That's why having them written down is so relevant. In theory, a bill of rights does not enumerate human rights. In practice...
Jail time for honestly not remembering!? (Score:1)
My dad was just in N.Z.
The first thing he did when he arrived was call me and asked me what we set his pin code for his tablet .... TO JAIL!
According to the article... (Score:2)
[New Zealand] Customs said its counterparts in Australia, Canada, the United States and Britain had equivalent powers, though the department has so far been unable to substantiate that.
Is that true? Does anyone know the current law in those countries? I think it is true in the U.K. where you can be jailed for not handing over passwords and/or encryption keys, but I don't know about Australia, Canada, or the U.S. Can anyone shed some light on this?
Re: (Score:3)
Canadian border agents have vaguely broad powers to search travellers; whether that includes demanding passwords is not explicitly stated and is untested in the courts. That's likely to change, however, as they recently charged someone for refusing to give up his phone's password:
http://www.cbc.ca/news/canada/... [www.cbc.ca]
change password before going to NewZealand (Score:2)
People are stupid on average and would be daft enough to leave incriminating files on laptops and smart phones that's why customs needs an over-reaching power like this.
The problem is really is revealing a password that you use elsewhere. So change it before you go make it 1234 or password or some other trivial thing. Maybe put a fresh copy of windows on before you travel, or would that be suspicious in itself. Customs can give you a hard time already even your butt isn't secure.
New Zealand wouldn't be the
Re: (Score:2)
New install of Windows? Not suspicious at all - it's a new computer, or it got "corrupted by a virus", and you had your helpful nephew reinstall it for you.
Sigh (Score:3)
Anyone with a brain that doesn't want to have their files read will stick it in a private "cloud" and access it remotely and securely anyway.
Hell, £100 NAS boxes have this functionality nowadays without any third-party storing the data. Or rent a VPS for the duration.
The problem I have with laws like this is that you ONLY catch the stupid people anyway. If they are going through customs with a laptop full of "how to beat customs" documents, then they get what they deserve and shouldn't be that professional.
What you're doing, though, is doing NOTHING to stop an actual, determined guy with half a brain from doing whatever he wants.
Spend less on junk like this, and just get more passengers a five minute interview to find suspicious people, or spend fives minutes longer on checking the faces, passport lists, etc.
Re: (Score:2)
The problem I have with laws like this is that you ONLY catch the stupid people anyway.
Always remember: They have to succeed only once. Yes, a smart criminal might get away again and again -- until he doesn't get away any longer because of some stupid mistake. Outside of our special talents, knowledge and education, all of us are stupid.
The real issue (Score:2)
Re: (Score:3)
Looking at what we've learned over the last 2 years and then the statement of what NZ wants to do - makes me wonder if the governments of all (thats the really troubling part, all) the western
Public Key Cryptography is the key... (Score:2)
You want to bring some document to someone IN NZ, ask him to send you his PUBLIC key.
You want to be able to bring some document OUT OF NZ, keep your PUBLIC key on your computer.
And have NO PRIVATE KEY with you...
When asked to decrypt, you're just mathematically unable to do so... And any computer expert will be able to confirm what you say.
If enough people take that way, they'll eventually understand that it's futile to require password.
Re: (Score:2)
There is no way you could remember a 4096 bits RSA key... Anyone in court will agree
If the files are encrypted using someone else's private key, there is no way that you can know or have that key... you only have the public key available. This could also be easily established in a court... You can't give out something that you never had access to in the first place...
The only more "sensible" part is about your private key that you didn't take with you... Even then, if they don't require you explicitely to h
Politicians (Score:2)
Easy, just create a default boot partition with nothing on it and boot the encrypted bomb-making partition when you are in your hotel room.
Password manager with plausible deniability (Score:2)
Alas, there is no good open source password manager with built-in plausible deniability. All variants of keepass reject the idea, shifting it somewhere else and there is no good solution for Android. The best solution would be a database of X password databases (big X, a hundred or more), with only one database being encrypted and other slots filled with junk, and everything must be overwrittend during any save operation. If password manager does that by default (i.e. you don't tick special option
Simple Solution (Score:2)
Never, ever travel to any Commonwealth country again. Not that the US of A is that far behind but each day that passes just brings more revolting news from these supposed "freedom loving" countries.
Those encryption keys aren't mine to give (Score:2)
They belong to my employer. And I would violate the terms of my employment if I reveal them.
I wonder if NZ could do much if corporations applied pressure to them. NZ's GDP and Apple's revenue number is nearly the same at $183B (in USD).
Do NZ's laws apply before passing customs? (Score:2)
Re: (Score:2)
Why do they want passwords? (Score:2)
What for, exactly?
I mean, passwords protect data.
Is customs afraid of data?
Is there some dangerous piece of information that must be stopped from entering the country?
If your police force is afraid of people keeping secrets, then your police force needs to be disbanded.
Trust us... (Score:2)
Instead, the department would only use the power if it was acting on "some intelligence or observation of abnormal behaviour", she said
And that 'intelligence' or 'observation' will be totally classified (you know, because of national security and stuff), so there will be no way to verify if there was actually a valid reason to break into your iPhone. But don't worry, we won't abuse this new power.
Re: (Score:2)
And how many customs officials do they have on duty at AKL anyway? do they have time to go through all 300+ passengers phones/tablets/laptops?
And of course you could keep you sensitive data on a 64GB microSD card, easy enough to hide, and just have a card in the machine with your music and ebooks to keep you amused on the long flight. (its about 12 hrs from LAX)
Re: (Score:3)
and just have a card in the machine with your music and ebooks to keep you amused on the long flight. (its about 12 hrs from LAX)
Hopefully, all your music is legal and your ebook titles don't sound suspicious.
And how many customs officials do they have on duty at AKL anyway? do they have time to go through all 300+ passengers phones/tablets/laptops?
This can be fully automated. In the UK, I recall they recorded the entire hard drive of your laptop. They said this was a measure against pedophiles, although this policy seems to only have affected a couple of reporters as far as I can tell. They never did this to me when I entered the UK.
This is in contrast with France.
At least, the French make a copy of your hard drive when you don't know they're doing it. Waiting until you'v
Re: (Score:2)
A government strong enough to give you everything you want, is also strong enough to take away everything you have.
Look strawman: Even an incredibly weak government can take everything you have.
Re: (Score:2)
This is not "strawman" — such government overreach and assertiveness is an inevitable outcome of Statists, who think, their taxes buy them civilization [governmentisgood.com].
No, not if I am reasonably armed and have my neighbors' support.
Moreover, an "incredibly weak government" would not even know about me and there being anything worth taking from me...