Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Privacy Security

NZ Customs Wants Power To Require Passwords 200

First time accepted submitter Orange Roughy writes New Zealand customs are seeking powers to obtain passwords and encryption keys for travelers. Supposedly they will only act to obtain credentials if it was acting on 'some intelligence or observation of abnormal behaviour.' People who refuse to hand over credentials could face up to three months jail time. From the story: "Customs boss Carolyn Tremain has told MPs the department would only request travellers hand over passwords to their electronic devices if it had a reason to be suspicious about what was on them. The department unleashed a furore last week when it said in a discussion paper that it should be given unrestricted power to force people to divulge passwords to their smartphones and computers at the border. That would be without Customs officials having to show they had any grounds for suspicion."
This discussion has been archived. No new comments can be posted.

NZ Customs Wants Power To Require Passwords

Comments Filter:
  • by Futurepower(R) ( 558542 ) on Friday March 20, 2015 @12:50AM (#49298797) Homepage
    Kills tourism to N.Z.
    • by Anonymous Coward on Friday March 20, 2015 @12:56AM (#49298813)

      It won't happen. It's been demonstrated over and over again that people are willing and often eager to comply with the authorities' requests. More likely, other countries will follow soon and the day will come when this is law everywhere. We live in the Surveillance Age now. Deal with it.

      • by Anonymous Coward on Friday March 20, 2015 @02:36AM (#49299119)

        Well, why not? Getting passwords and checking laptops, phones and whatnot on the border is completely useless waste of time, and won't catch a single criminal or terrorist. People will just travel with clean machines and download anything they need while in the country. What if you don't actually KNOW the password? Company IT department will tell it on the phone to you after you have passed customs? Jailed for 3 months? What if your USB stick contains a "random" datafile? Is it encrypted or just junk? Or some data for some obscure program?

        That being said, people will just travel with clean computers, especially the ones that might have something to hide.

        • by dargaud ( 518470 ) <slashdot2@nOSpaM.gdargaud.net> on Friday March 20, 2015 @06:06AM (#49299727) Homepage
          Or what if your work actually FORBIDS you to reveal your password to anyone, under various penalties ? I'd like to see a high US official pass through customs and watch a random rent-a-cop get his password and copy all his files. Right, like this is gonna happen.
          • by sosume ( 680416 )

            You cannot contractually forbid anyone to comply with the law, so your point is moot.

            • Not at all: complying with NZ law might make you violate US law, depending on what is on the laptop.
              • by sosume ( 680416 )

                In that case, you still cannot be prosecuted for complying with NZ customs. You may be prosecuted for bringing a sensitive asset to a different nation. If you are violating the law as you state, this has happened long before entering customs.

                • Encrypted information isn't sensitive, that's the whole point of encryption: To take big secrets (data) and make them little secrets (secret key).

                  • And bring encrypted information to a country that requires you to unencrypt it when you enter is no different that taking it in plain text.

                    That, or risk being refused entry.

                    • It's just a suspicion, though. Without an encryption key - the actual thing that's sensitive - it just looks like random data. It could have been put anywhere else on the Internet. If they could prove it's encrypted, how can they prove you have the key? Maybe you own the key -- on a USB drive at home. And so on.

          • by AmiMoJo ( 196126 ) *

            It would make more sense for the person carrying the laptop not to have the password at all. Once safely in the country they could receive it by (encrypted) phone etc.

          • I'd like to see a high US official pass through customs and watch a random rent-a-cop get his password and copy all his files. Right, like this is gonna happen.

            If it's international travel then they should be travelling on a diplomatic passport. (Which my ex-wife does all the time...)

        • And, for good measure, travel with a laptop running BSD without a GUI.
        • Re: (Score:2, Interesting)

          by Anonymous Coward

          Well, why not? Getting passwords and checking laptops, phones and whatnot on the border is completely useless waste of time, and won't catch a single criminal or terrorist. People will just travel with clean machines and download anything they need while in the country. What if you don't actually KNOW the password? Company IT department will tell it on the phone to you after you have passed customs? Jailed for 3 months? What if your USB stick contains a "random" datafile? Is it encrypted or just junk? Or some data for some obscure program?

          That being said, people will just travel with clean computers, especially the ones that might have something to hide.

          EVERYONE should travel with clean computers. It's just common sense. Also, it takes an "I AM Spartacus" approach to the security theater that does nothing anyway, and inconveniences everyone without a real benefit to anyone. Also, if your machine is stolen, lost, damaged, etc., backing things up before the trip is only common sense, and assuming it will be poked and prodded by government assholes and spies only helps you by forcing you to backup data you know you should anyway.

          The only issue is the re-do

        • With all the dozens of different Linux/BSD/Unix variants, and the different window systems they have, as a full time IT worker, I'd have a hard time working out what was what on them all. Good luck to the rent-a-goon at customs when I pull out my FreeNAS box with VMware hypervisor with an Ubuntu guest with Xmonad windowing system with an AES encrypted partition that's mounted by cryptsetup based bash script.

      • by gadget junkie ( 618542 ) <gbponz@libero.it> on Friday March 20, 2015 @03:38AM (#49299317) Journal

        It won't happen. It's been demonstrated over and over again that people are willing and often eager to comply with the authorities' requests. More likely, other countries will follow soon and the day will come when this is law everywhere. We live in the Surveillance Age now. Deal with it.

        Of course they are. the great unwashed do not see the point, and the others use some form of plausible deniability encryption. [wikipedia.org]
        This is the usual PHB event in which a high official misread some bad science in a hairdresser magazine, asked that something be done about it to an even more ignorant burocrat, and lo and behold, something was eventually done. [youtube.com]
        nothing to see here.

    • by Anonymous Coward

      I found the difference between the article and headline disturbing. I read the headline and went Great! Passwords are required. Nice. Article reveals a compromise of passwords is forced with penalties for failure to compromise your passwords.

      I wonder if I will get tossed in the pooky for having a DVD and not knowing at the check point the full DECSS for the DVD? Or worse a Blu-Ray.

    • by ruir ( 2709173 ) on Friday March 20, 2015 @01:29AM (#49298917)
      Oh yes it happens. I have "nothing to hide" but wont travel to parts of the world that do not respect my rights to privacy. What I alone? I sincerely doubt it.
    • Not at the budget end. This deal gives you three months free food and accommodation during your stay in NZ, and probably a free trip home afterwards too.
      • Your rooms get underfloor heating and TV as well.
        Our prisons have better living conditions than some peoples houses.

    • by AmiMoJo ( 196126 ) * on Friday March 20, 2015 @03:37AM (#49299315) Homepage Journal

      It's even worse for business travellers. New Zealand is already known to do a lot of industrial spying as part of FIVE EYES.

      It's got to the point now where you have to wipe your laptop before travelling, then restore it when you get through customs. Same with your phone. Fortunately it is easy to do both those things these days.

      • This raises an interesting question: What the hell is the fucking point of searching electronic devices. By their very nature they can send data across the border without a physical interaction with customs. What are they hoping to gain from this? Any illegal activity can already be done from either side of the border including all the usual nasties like terrorism, child pornography, and industrial espionage.

        What are they hoping to gain other than catching a few dumb people which likely would have been caug

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          The obvious answer is that they're not hoping to achieve anything through this measure - this isn't about the need to compel passwords from people at the border, this is just a stepping stone onto further and far nastier forms of coercion. It's just part of NZ's National government's gradual push towards greater and greater surveillance. Each step is small - each seems ultimately futile - but taken together they gradually reduce our personal freedoms until suddenly we find ourselves in a police state.

          But l

        • by PRMan ( 959735 )

          Criminals are dumb. They carry evidence of their crimes on their person all the time.

          Source: I know a NZ customs agent personally. I haven't asked her what she thinks of this.

          • But that is my point. The only kind of idiot who would carry this stuff is the same idiot who would send it plain text from his home and get caught anyway. There's no point in the extra grief at the border.

      • The company I work for now issues people special travel laptops for international travel. They are imaged specifically for the trip with only the applications and data the person needs to do the specific job they are traveling for. When they get back any data that needs to be preserved is pulled off and the machines are reimaged. Things like this and just the general high risk of laptop loss in international travel are the motivations for doing all that. It used to be there was a small list of countries we

    • by Anonymous Coward on Friday March 20, 2015 @03:55AM (#49299369)

      Before my next visit to NZ I'll change my phone's password to "fuckyouretardednzcustomsofficers-youimbecilepuppetstotheusa"

      Feel free to use it yourself :-)

    • and I won't be travelling to New Zealand, thanks.

  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday March 20, 2015 @01:07AM (#49298833)

    Even if the person is the biggest paedophile terrorist drug-dealer in the world, do you honestly believe that there would be evidence on his phone WHILE HE IS TRAVELLING?

    I don't believe that Carolyn Tremain understands this "Internet" thing.

    • by Anonymous Coward

      I think you're underestimating how stupid some people are.

      • This is very true, just see the number of people who posted doing ileagl things on failbook and then got arrested.

        I see this dying by corporate interests quickly though. It goes against money and thus will get wiped out .

      • Stupid people will be caught anyway, they don't need massive useless border checks for this.

  • Decoy (Score:5, Informative)

    by photonic ( 584757 ) on Friday March 20, 2015 @01:07AM (#49298835)
    Easy workaround: dual-booted laptop, one partition with WindowsXP and weak password, full with celebrity porn, 9/11 conspiracy documents and spyware to keep them busy for a while. Fully encrypted Linux partition for everything else.
    • Why would anyone take anything of real value? The stuff is cheap. Use a throwaway for traveling and upload to a 'cloud' drive during the trip.

      • Re:Decoy (Score:4, Insightful)

        by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday March 20, 2015 @01:32AM (#49298927)

        Use a throwaway for traveling and upload to a 'cloud' drive during the trip.

        Yes! Do that!

        While you are travelling you are at higher risk for your stuff to be STOLEN.

        So make sure that the thieves (or customs officials) only get hardware.

        Learn how to securely access your files/data remotely.

        Trying to be secretive with hidden partitions and such just runs the risk that you might encounter the one customs agent who knows something about computers. Be boring. Be the most boring person they've ever seen. Have NOTHING of interest to ANYONE on your systems. No pictures/music/movies/anything.

        • Re:Decoy (Score:4, Funny)

          by sjames ( 1099 ) on Friday March 20, 2015 @03:43AM (#49299333) Homepage Journal

          Do have plenty of powerpoints explaining the 1040 long form. That might actually put them into a coma if they look at it.

          • I'd actually try to find as many photos of scummy public people involved and gimp them onto some porn photos, the more offensive, the better. It's unlikely that you'd be able to get pictures of the people who'd be interrogating you, but damn, that would be nice...
        • The problem with your idea is many fold:

          1: You need to insure the communication channel in the host country is sufficient (not always the case)
          2: The cost/time to pull all the relevant information back in a usable manner (so you spend at least a day to get all the pieces of what you need to do your work back, potentially more if the network speed sucks)
          3: Drives up the cost to do business. (see reasons 1 and 2)
          4: You need to insure the connection back to home base is not compromised/tracked (one reason

    • Easy workaround : Don't go to NZ. There are plenty of beautiful places to visit nearby.

  • by Harlequin80 ( 1671040 ) on Friday March 20, 2015 @01:12AM (#49298859)

    A department such as customs, police, wellfare etc. will always ask for the maximum possible powers. It is a given. There can be no argument against the fact that a speed camera on every light pole will lower the amount of speeders (either by fear or getting them off the roads). The police therefore will ask for that.

    The role of the legislative body is to control the power of the departments and offset their wants against the negative outcomes of those wants. *Customs* We want everyone's password *Legislature* No, but you can seize equipment and a password may be demanded by a judge.

    The fact that they don't always get it right is a different issue.

    • The problem is that recently the legislative body seems to be willing to grant those powers to the departments or even give them more and we are dependent on the judicial system to claw them back.

  • by whoever57 ( 658626 ) on Friday March 20, 2015 @01:21AM (#49298875) Journal

    Although the proposed power would let Customs request passwords from any traveller or do random checks on electronic devices, Tremain told a parliamentary select committee that was not its intention.

    Instead, the department would only use the power if it was acting on "some intelligence or observation of abnormal behaviour", she said.

    Protip: whenever some government official says that they won't use their power for some purpose, you know that it will be used in exactly that way or for that purpose. Case in point, RIPA in the UK, which has been used (abused) in cases related to petty crime in exactly the way it was originally claimed it would not be used.

  • by facetube ( 4023065 ) on Friday March 20, 2015 @01:24AM (#49298893)
    for i in `seq 1 2160`; do echo "Hello, jail! It's hour $n."; done \
    | gpg -a --symmetric --passphrase "$(dd if=/dev/urandom bs=1024 count=1)" > ~/important.txt
    • Just line the inside of your suitcase with floppies. Dump a bunch of old thumb drives in as a well. Glue some microSD's to your phones case and let THEM sort it out.

  • When in a foreign land, you follow the rules of that land. Intrinsic rights are and only can be given to those who fall under that state's jurisdiction. Until there are universally accepted and guaranteed by some global dominion people can not and should not expect the laws that they were raised under to respected in other jurisdictions.

    • "Travellers" includes citizens of New Zealand returning to their homes.
    • Or an invading foreign government can pull you out of your home and invent a new type of human called an "enemy combatant" and pretend that existing laws from both countries, , and international treaties and the US Code of Military Justice do not apply to them. It's difficult to tell the last estimate I saw said there are still more than 100 prisoners at Guantanamo Bay.

      Let's be very clear that many governments, including that of the US, pick and choose what rules to follow for some quite inconsistent and q

    • Intrinsic rights are

      ...imaginary.

      In practice, we have only those rights which you can protect, or which someone else will protect on your behalf. That's why having them written down is so relevant. In theory, a bill of rights does not enumerate human rights. In practice...

  • by Anonymous Coward

    My dad was just in N.Z.

    The first thing he did when he arrived was call me and asked me what we set his pin code for his tablet .... TO JAIL!

  • According to the article linked to in the story:

    [New Zealand] Customs said its counterparts in Australia, Canada, the United States and Britain had equivalent powers, though the department has so far been unable to substantiate that.

    Is that true? Does anyone know the current law in those countries? I think it is true in the U.K. where you can be jailed for not handing over passwords and/or encryption keys, but I don't know about Australia, Canada, or the U.S. Can anyone shed some light on this?

    • by edjs ( 1043612 )

      Canadian border agents have vaguely broad powers to search travellers; whether that includes demanding passwords is not explicitly stated and is untested in the courts. That's likely to change, however, as they recently charged someone for refusing to give up his phone's password:

      http://www.cbc.ca/news/canada/... [www.cbc.ca]

  • People are stupid on average and would be daft enough to leave incriminating files on laptops and smart phones that's why customs needs an over-reaching power like this.

    The problem is really is revealing a password that you use elsewhere. So change it before you go make it 1234 or password or some other trivial thing. Maybe put a fresh copy of windows on before you travel, or would that be suspicious in itself. Customs can give you a hard time already even your butt isn't secure.

    New Zealand wouldn't be the

    • New install of Windows? Not suspicious at all - it's a new computer, or it got "corrupted by a virus", and you had your helpful nephew reinstall it for you.

  • by ledow ( 319597 ) on Friday March 20, 2015 @03:13AM (#49299229) Homepage

    Anyone with a brain that doesn't want to have their files read will stick it in a private "cloud" and access it remotely and securely anyway.

    Hell, £100 NAS boxes have this functionality nowadays without any third-party storing the data. Or rent a VPS for the duration.

    The problem I have with laws like this is that you ONLY catch the stupid people anyway. If they are going through customs with a laptop full of "how to beat customs" documents, then they get what they deserve and shouldn't be that professional.

    What you're doing, though, is doing NOTHING to stop an actual, determined guy with half a brain from doing whatever he wants.

    Spend less on junk like this, and just get more passengers a five minute interview to find suspicious people, or spend fives minutes longer on checking the faces, passport lists, etc.

    • by Sique ( 173459 )

      The problem I have with laws like this is that you ONLY catch the stupid people anyway.

      Always remember: They have to succeed only once. Yes, a smart criminal might get away again and again -- until he doesn't get away any longer because of some stupid mistake. Outside of our special talents, knowledge and education, all of us are stupid.

  • The real issue is if they store those credentials. Providing credentials to the custom for an inspection is somewhat legal. Storing the passenger info + credentials is a NO.
    • This is totally about storing that password to your phone, PC whatever. You can bet if its not for everyone, its for everyone fingered as a potential troublemaker by the NSA/FBI/Five Eyes accomplices - like privacy advocates. Everyone will just travel with "travel" phones and PC's - something new to work around.

      Looking at what we've learned over the last 2 years and then the statement of what NZ wants to do - makes me wonder if the governments of all (thats the really troubling part, all) the western
  • You want to bring some document to someone IN NZ, ask him to send you his PUBLIC key.
    You want to be able to bring some document OUT OF NZ, keep your PUBLIC key on your computer.

    And have NO PRIVATE KEY with you...

    When asked to decrypt, you're just mathematically unable to do so... And any computer expert will be able to confirm what you say.

    If enough people take that way, they'll eventually understand that it's futile to require password.

  • Easy, just create a default boot partition with nothing on it and boot the encrypted bomb-making partition when you are in your hotel room.

  • Anyone?

    Alas, there is no good open source password manager with built-in plausible deniability. All variants of keepass reject the idea, shifting it somewhere else and there is no good solution for Android. The best solution would be a database of X password databases (big X, a hundred or more), with only one database being encrypted and other slots filled with junk, and everything must be overwrittend during any save operation. If password manager does that by default (i.e. you don't tick special option

  • Never, ever travel to any Commonwealth country again. Not that the US of A is that far behind but each day that passes just brings more revolting news from these supposed "freedom loving" countries.

  • They belong to my employer. And I would violate the terms of my employment if I reveal them.

    I wonder if NZ could do much if corporations applied pressure to them. NZ's GDP and Apple's revenue number is nearly the same at $183B (in USD).

  • Maybe I am way off base here, but I thought that when a person flies to another country,the traveler isn't considered to be in the country before clearing customs. If travelers do not get through the customs checks, they are prevented from entering the country. If this is the case, how can a person that has not cleared customs be sent to a New Zealand jail for 3 months for breaking NZ laws when they are not in NZ?
  • What for, exactly?
    I mean, passwords protect data.
    Is customs afraid of data?
    Is there some dangerous piece of information that must be stopped from entering the country?

    If your police force is afraid of people keeping secrets, then your police force needs to be disbanded.

  • Instead, the department would only use the power if it was acting on "some intelligence or observation of abnormal behaviour", she said

    And that 'intelligence' or 'observation' will be totally classified (you know, because of national security and stuff), so there will be no way to verify if there was actually a valid reason to break into your iPhone. But don't worry, we won't abuse this new power.

Avoid strange women and temporary variables.

Working...