CBSA Reveals Some Laptop Search Info, But Not Much 151
gmcmullen writes "The Canada Border Service Agency took its time getting documents on its policy for border searches of laptops to the BC Civil Liberties Association in response to an Access to Information request the BCCLA filed in October 2009. When the reply did come through, there wasn't much there. The documents were heavily redacted and whole sections of the Access to Information request were ignored, including requests for information on the number of laptops searched and policies for copying data from electronic devices. We did learn that the CBSA knows that 500 megabytes is roughly equivalent to 'a pickup truck full of books,' and use Windows-only software called ICWhatUC to scan for images. Documents also revealed that the CBSA understands that most 'Japanese Anime' is not child pornography, and that your family photos (even with kids in the tub) aren't child pornography either. We've made the documents we did receive available online so you can see for yourself."
Re:Legal, but dubious (Score:4, Insightful)
To put it simply:
Kids who know nothing about sexual concepts having a bath != kids being forced to engage in sexually explicit activities
Or even simpler:
Bathing != fucking
Re:Encryption (Score:2, Insightful)
Just do exactly what the agent says, complying 100%, but don't offer any advice or claim any insight into what is going on at all beyond your legal responsibilities. If you use whole disk encryption, you are probably required to type in the key for that but beyond that ignorance will get you far. When they say "Oh, you run Linux?", say "Um, at my work we use something called U-buntu I think". If they ask you if you have any encrypted files or something, just respond with something like "I don't know much about encryption.". Make them do their job while remaining honest, and they will just leave you alone. Act like a smartass and they won't...
Unfortunately... (Score:3, Insightful)
The sad thing about all this is that when a government department or agency decides to thumb their nose at a Freedom of Information Request, few groups have the time and money to fight them all the way to the Supreme Court. And when they get there, the likelihood of a costs/damages finding big enough to really hurt the government is almost non-existent.
your own fault (Score:4, Insightful)
Refuse to cross borders which have unreasonable search policies.
If you don't, you're implicitly accepting them. It's your fault.
If that means you have to stay in your country entirely, so be it. Many people survive while staying in their own country.
If you lackeys would give up some of your iToys for a moment and stand up for what's right, even if it means a slight loss of comfort, the government would be forced to change.
Yes, I've stopped travelling by air. Yes, I've stopped travelling to America. I did both frequently and willingly before the post-11/9 intrusions, and loved going to the US. But I think in the long run it'll help both my country and yours if I make a stand, as long as others follow.
Re:Encryption (Score:3, Insightful)
"It's my work computer, I don't understand all this technical stuff" is probably a better defence.
Re:Blacklist (Score:5, Insightful)
As someone whose been held and interrogated by Canadian customs for 3 hours a few years back I can give you a brief idea of what they check for, but I'll start by giving some details.
I'm a white British male and was 23 at the time. I was travelling by myself to visit a friend in Ottawa, it was Ottawa airport I landed at. I do not believe therefore there was any racial profiling as I'm not aware that people who are White British are seen as a particularly suspect group. In terms of digital devices I had a laptop and digital camera with me, as well as an old Creative Zen MP3 player full of MP3s, which I'll admit weren't legit, and I'd left a CDR with Windows XP on it in my laptop case which was actually used for a legit install (volume license).
I was asked many questions multiple times, presumably to try and trip me up, but specifically the following occured:
- I was asked where I lived, my age, profession and so forth
- I was asked how much money I have on my person
- I was asked how much money I had in savings, as well as how much I had access to on my card
- I was asked if my laptop or camera had any bestiality images on them
- I was asked if my laptop or camera had any other types of pornographic images on
- I was asked whether I intended to do any business in Canada, they seemed to press this question as they pushed it multiple times, in multiple ways
- I was asked where I was going in Canada and who and how many people I would be meeting, I said apart from my friend I was due to visit I had no plans to visit anyone else specifically. I mentioned I had no specific plans to go anywhere but it was likely we'd go to Montreal or to the Niagara falls, they absolutely did not like the fact I had no fixed itinerary and pushed me hard on this for about 45 minutes. They asked things such as why I didn't have an itinerary planned before hand, they asked why I even came to Canada, when I answered because I have a friend there and like travelling they responded with comments such as "Well I like travelling too, but I always plan where I'm going".
- They asked me to log in to my laptop and let them check it so I did as I had nothing incriminating on there, they simply did a search through my browser history and searched for *.jpg, *.avi and the likes. What is of real concern is that they dissapeared with my laptop for about 20 minutes. I have no idea what they did during this time, but I'd only recently done a fresh install on the laptop so short of Windows, Office, one or two games, there was little to find. They did find a soft-porn image from a pop up in my browser cache which they questioned me about, and called me a liar over for telling them previously I had no porn on the laptop.
- They asked a few times if I had a criminal record, when I responded no, they insisted I shouldn't lie and that they could check with the British police, to which I simply responded that they were welcome to do so to confirm I wasn't lying
- It's worth noting that they didn't seem to care that I was texting away on my mobile phone to my friend to explain why the fuck I hadn't yet got through customs as they were waiting for me in the airport whilst they were dissapearing back and forth. My friend told me they'd been out and spoken to him to ask about me too- he's got dual British-Canadian citizenship and I don't think that as a Canadian citizen he was too impressed they were questioning him in the manner they were too.
- They interviewed me both informally at the customs desk, and formally in an interview room covering the sort of questions mentioned above
- They did a search of my luggage, but it was very half-assed, they opened it, asked if I had any sharp objects, turned a couple of pairs of jeans over and then closed it again- hardly a thorough search
- Interestingly they had no interest in the contents of my MP3 player, they found the Windows XP CDR and didn't even question it.
- They used threats, initially subtle, the male questioning me fir
Re:Legal, but dubious (Score:5, Insightful)
I don't downmod for disagreeing, but I sure came awfully close here, especially with as high up as this was modded. I think it requires a response, though.
Locking up anyone who "might" become a criminal would require locking us all up. Time and time again, the person that was "always so nice" or "was a little quiet but seemed harmless" commit horrible crimes. On the other hand, time and time again, the person that seems really nice is nice, and the person who's quiet and a little eccentric really is harmless.
I could wind up killing someone, or abusing children, or starting up the next Madoff-style ripoff tomorrow. I have no intent of doing any of those things, but you have no way to verify that's actually true. Of course, I can't verify that you won't do them either, so both of us might. Guess they better lock both of us up.
Re:your own fault (Score:1, Insightful)
If you lackeys would give up some of your iToys for a moment and stand up for what's right, even if it means a slight loss of comfort, the government would be forced to change.
So giving up iToys and restricting your own travel is forcing some government to change how?
Re:Legal, but dubious (Score:2, Insightful)
Just to clear this up as people seem to think I'm proposing that people should be locked up on the basis of what they might do in the future.
I was commenting on the apparent goals, not proposing how I think things should be.
Re:Encryption (Score:4, Insightful)
Disclaimer: I am not a lawyer, this is not legal advice. It is my opinion. If you're really worried, seek out a lawyer.
First things first - if a border guard wants you to turn it on, do so. Generally, unless the guards find you interesting, all they want is to see is that it's harmless (i.e. that you're not nervous, that it turns on, and nothing blows up). They're just doing their job, just like you're doing yours.
What is your company's policy on border searches of company equipment? Oh, your company doesn't have a policy? Then let your boss know that until there is one, you'll obey any lawful orders the guards give you (which, you not knowing any better, will include "log in past the encryption").
That said, you could investigate whether unauthorised computer access is illegal (i.e. an actual crime) in your country / the countries you plan to visit. One of my past employers had a nice big login message warning that unauthorised access to their particular network was a federal offence punishable by up to ten years in prison. If your login comes with a valid legal warning of ten in the pen, and you're not authorised to log in for them, you simply say "sorry, I'm not authorised to log you in, I can't go any further". They can still confiscate it, but they can't order you to commit a felony (well, they could, but that's probably when you politely ask for their supervisor/commander).
Other things you can do:
First, on "play dumb", since that got suggested by another poster. While not bad advice in general when dealing with bored authorities, don't confuse "play dumb" with "play stupid". If your papers say you're a scientist/engineer/etc, acting like a clueless newb about the contents of your laptop is going to make any competent officer suspicious. Just be a polite, mild-mannered version of your normal self.
Dilbert Option: Call the embassies of whatever countries you're passing through (including your own) and ask them the rules on business laptops/drives with encrypted content (e.g. "Hi, I'm Bob from Acme Corp, can you send us a copy of your border regulations for travellers carrying encrypted business laptops? And an executive summary would be fantastic for my boss, too."). Compare with company policy for potential problems, just in case Legal screwed up or had out-of-date info. Whatever. Tell your boss/Legal about any of those. C.Y.A..
Kenobi Option: keep an unencrypted eye-candy partition on the drive as the default boot volume (e.g. Windows or OSX or Ubuntu or anything else that says "boring GUI-based OS here, these aren't the droids you're looking for"). Use it enough to look "lived in", but don't surf/keep anything NSFW on it. If the guard is alert enough to notice the encrypted partition, he's also smart enough to understand when you explain the encrypted partition is confidential company data that you can't log into without authorisation (if he disagrees, proceed as above, with offer to call his/your boss etcetera).
FedEx Option: normal boring drive in laptop, encrypted drives sent by courier/post to your destination. Let someone else worry about border searches (just check first that you're not breaking any crazy rules about "exporting munitions" or whatever).
Look Ma No Hands Option: nothing secret on the drives, use the company VPN over SSL or something. Pray they have decent bandwidth if you need to download anything big.
But it bears repeating that, yeah, border guards have a lot of power. Be polite, go with the flow, and remember that losing your laptop (or even your job) is usually preferable to some foreign prison hellhole.
Windows Only? (Score:3, Insightful)
Re:Legal, but dubious (Score:3, Insightful)
Lock up anyone who might become a child abuser?
Possibly.
In a word, no.
By the same rationale, you would lock up every male on the planet for being a potential rapist.
Re:Windows Only? (Score:3, Insightful)
Hopefully they will just threaten you until you provide passwords.
Its clear that only criminals would use an operating system other than windows.
Re:Windows Only? (Score:1, Insightful)
What they'd probably do is accuse you of deliberately hiding the contents of your computer using terrorist technology. You would then either be held up for 6 or 8 more hours until they can bring in someone who knows what they're doing, or deported (if you are incoming cargo). I wish I was joking, but I remember reading about someone who actually had this happen to them.
Don't understand the unit of measure (Score:3, Insightful)
Nice try to relate to us slashdotters but that is not one of our standard units of measure. I mean, what kind of pickup is it; a subaru Brat/Baja, a Chevrolet El Camino, a Ford Ranger, or a Ford F-350 - and is it long bed or short bed, fleet side or step side? Is there a cap over the bed and is the space filled to the top?
Better yet, please convert the amount in the unit of either "volkswagens' or "libraries of congress." Other units of measure confuse us.
Thanks!
Re:Windows Only? (Score:1, Insightful)
I'm surprised that no one picked up on this, even though the discussion charged directly into the CP issue (perennial for /., I'm afraid.) If the scanning software they use is Windows-only, what would they do with a Linux (or even just a Mac) user? Unless the software comes packaged with drivers for various Unix and Unix-based filesystems, what will they do when it won't scan?
Related and more importantly, who would allow [any random Customs grunt] to run unknown/untrusted code on their machine? No big deal for Cathy Coed or Dear-Old-Dad who willingly install every toolbar and widget they can get their netbook on, but business/tech users? If you had proprietary data on your laptop, would anyone who reads Slashdot really allow unknown code to be executed? What are the ramifications of a refusal to allow their software to be run (not a blanket refusal of the search, just of the software)?
Byline: It would appear that the answer may be in the CAPTCHA... for this submission, mine is 'custody'.