Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Cellphones Government United Kingdom Encryption Privacy Security

UK Group Fights Arrest Over Refusing To Surrender Passwords At The Border (theguardian.com) 284

An anonymous reader quotes The Guardian: The human rights group Cage is preparing to mount a legal challenge to UK anti-terrorism legislation over a refusal to hand over mobile and laptop passwords to border control officials at air terminals, ports and international rail stations... The move comes after its international director, Muhammad Rabbani, a UK citizen, was arrested at Heathrow airport in November for refusing to hand over passwords. Rabbani, 35, has been detained at least 20 times over the past decade when entering the UK, under schedule 7 of terrorism legislation that provides broad search powers, but this was the first time he had been arrested... On previous occasions, when asked for his passwords, he said he had refused and eventually his devices were returned to him and he was allowed to go. But there was a new twist this time: when he refused to reveal his passwords, he was arrested under schedule 7 provisions of the terrorism act and held overnight at Heathrow Polar Park police station before being released on bail. He expects to be charged on Wednesday.
Rabbani "argues that the real objective...is not stopping terrorists entering the UK, but as a tool to build up a huge data bank on thousands of UK citizens." And his position drew support from Jim Killock, executive director of the UK-based Open Rights Group. "Investigations should take place when there is actual suspicion, and the police should be able to justify their actions on that basis, rather than using wide-ranging powers designed for border searches."
This discussion has been archived. No new comments can be posted.

UK Group Fights Arrest Over Refusing To Surrender Passwords At The Border

Comments Filter:
  • Useless Policy (Score:5, Insightful)

    by mentil ( 1748130 ) on Monday May 15, 2017 @03:01AM (#54417059)

    This type of policy won't do anything to impede terrorists. At best you'll get the low-hanging fruit of a few guilty-minded people looking for an excuse to be stopped, but I have a feeling that rarely happens. The dumbest terrorists will simply wipe anything incriminating off their phone before traveling (or not keep anything incriminating on their phone in the first place), or keep everything locked behind an app that customs is unlikely to ask for the password to. Smarter terrorists will stash a SIM on them, or carry no phone and buy a burner when they reach their destination, or have a phone shipped to them. The smartest terrorists will use no phones at all, and then SIGINT is of no help; you need old-fashioned boots on the ground to catch those.

    I'm skeptical that searching these people's phones (who already seem to be on some kind of list) is an attempt to create a 'huge data bank on thousands of UK citizens.' First, a database with info on thousands of people isn't 'huge', this isn't 1980 anymore. Second, the UK govt. presumably ALREADY has data on these thousands of people... leading to them being put on the 'search their phone' list. I find it more likely that one of the main purposes is 'intimidation', sending a message of 'we have our all-seeing eye on you', along with a not-so-subtle message of "you're not welcome here." It seems the UK is giving in to Islamophobia recently, I hear.

    • by Anonymous Coward on Monday May 15, 2017 @03:13AM (#54417091)

      It's hardly random, to catch some sort of low hanging fruit.

      "Rabbani, who studied economics at the School of Oriental and African Studies, University of London, joined Cage five years ago as managing director. In August last year, he became international director, a role that includes helping investigations of torture victims."

      If you keep arresting an anti-torture charity managing director and keep demanding his passwords, obviously you want information related to his work. This hardly looks random or even terrorist related. More he's investigated some company with political or police connections back in the UK.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Monday May 15, 2017 @04:42AM (#54417317)
      Comment removed based on user account deletion
      • by ledow ( 319597 )

        In the UK, it's not hard to get a working pre-pay phone and SIM without ever giving name or address or credit card or ID. You can often pick them up in supermarkets, and buy top-up-cards in cash.

        To be honest, even having to provide ID is hardly a blocker. I'm sure a potential terrorist either a) doesn't care (i.e. by the time you know he was arranging something, it's too late), b) using other means (e.g. buy phone, install Whatsapp or any of a million-and-one OTR message apps), c) isn't hindered (e.g. fak

    • I agree with you but the policy does have at least one good use - it keeps me from considering the UK for my vacation plans!

    • I strongly suspect that their main purpose is to justify their budget. To understand the plan behind their method of achieving that goal, you have to look at the prejudices of the provider of the budget.
  • by Anonymous Coward on Monday May 15, 2017 @03:16AM (#54417103)

    Privacy issues aside, I object to this whole idea for the simple reason that governments governments have proven themselves rather inept at safeguarding even some of their most valuable information. Some of the CIA and NSA's "crown jewels" are currently freely available on the internet (and gave rise to the Wana ransomware). The TSA in the US has a track record of being a bunch of bumbling fuck-ups with a bad IT security track record. Placing account info for millions of private citizens into the hands of people like this is just asking for it to be hacked. It's not a matter of it, it's when.

    And I've seen it suggested here and other places that people can just setup fake accounts and use those. That's not going to make it past even a cursory screening. If an account is new it's going to be flagged. If a good percentage of your friend's accounts are new, it's going to be flagged. If you don't post or a good percentage of your friends don't post your going to be flagged. Setting up a proper "legacy" on social media would take years... it's not something that you can just churn out unless you have a means to fake post dates on Facebook, Twitter, etc timelines. This is not something the average person is going to have the time or the means to do and all these companies already have mechanisms in place to spot these types of accounts because they are basically "bots". What turns the logic of this wholesale data grab on it's head is it is something that an organized terrorist group would be able to do. The 9/11 attacks were several years in the making, plenty of time for an organized group of people to establish a legitimate looking social media presence. Intelligence agencies have to have already figured this out which means this is either security theater or they want the data for other reasons.

    • ^^^ This, exactly. I would add that the government agencies responsible for fighting terrorism don't want terrorism to stop, ever. Just like the "War on Drugs", the "War against Terrorism" is a huge part of the economy - careers and livelihoods and reputations and bragging rights depend on it. Not to mention that such power begets more power. For those addicted to that kind of power, the temptation is irresistible.

      ...this is either security theater or they want the data for other reasons.

      I'd say it's both. The security theatre keeps people fearful, and gets them used to following

  • by XB-70 ( 812342 ) on Monday May 15, 2017 @03:17AM (#54417105)
    The point between when you leave one country and enter another is a very scary legal limbo. The issue is not what you are mandated to provide, the issue is that there is no recourse to reasonable justice should you disagree with border officials.
    • by AmiMoJo ( 196126 )

      It's got to the point where backup->wipe->cross borders->restore is the only viable option. Anything else is too risky, even the best encryption is vulnerable to a rubber hose attack.

      Well, you could give someone else the key so you don't have it, in which case the encryption works but you still get the beating.

  • Cage Group (Score:5, Interesting)

    by desperados ( 1539895 ) on Monday May 15, 2017 @04:43AM (#54417319)
    Have you read about this Cage group? There seem to be many shadows around them http://www.telegraph.co.uk/new... [telegraph.co.uk] For Cage is no collection of isolated loonies. As The Telegraph will describe here, it is part of a closely connected network of extremists relentlessly — and successfully — lying to young British Muslims that they are hated and persecuted by their fellow citizens in order to make them into supporters of terror. Cage has an active outreach programme in mosques, universities and community groups. Even more disturbingly, it continues to be treated as a credible partner by respected and respectable organisations, including Liberty and Amnesty International.
    • Re: (Score:2, Informative)

      by AmiMoJo ( 196126 )

      The Telegraph is not a reliable source of information on this matter. Wikipedia has a much more balanced article: https://en.wikipedia.org/wiki/... [wikipedia.org]

      You may not like them, but they are not anything like the Telegraph describes.

  • ANYTHING owned by "Facefarm" and the billion fellow idiots with a biometric riddled account would like to know. The AI they're developing keeps asking about it. It's like when kindergarteners go to the police station as a "field trip" that ends with "fun" fingerprinting, except for adults. Because you know, Facebook and other social media make forfeiting privacy "fun." But, as long as common strangers don't have access, I guess that makes it ok. Nope, that's nothing more than a peekaboo game as far as anyon
  • by nut ( 19435 ) on Monday May 15, 2017 @06:06AM (#54417547)
    If I wanted to smuggle 16GB of data into the UK the easiest way I could imagine would be to copy it on to my phone and fly it there on the a plane.
    • by ledow ( 319597 )

      If I wanted to smuffle 16GB of data into the UK, I'd buy one of the many VPN providers that offer services in just about every country in the world, then upload it anonymously and encrypted from a cybercafe computer to some local service (e.g. a local Google or whatever equivalent), via that encrypted channel.

      And then only providing the password to decrypt it when I actually got to the other end myself.

      - I'm carrying nothing, no data, no electronics.
      - There's no record linking me to that file.
      - Anyone who r

      • by AmiMoJo ( 196126 )

        This isn't about preventing terrorism, it's about harassing people that annoy the British government by looking into their overseas torture programmes.

        Terrorists don't appear to be dumb enough to fall for this most of the time. There are a few low level idiots, radicalised on Facebook, who get caught, but we see time and time again that the successful ones use simple but effective tactics like single use burner phones and well WhatsApp.

  • As the mega-rich and powerful gather more wealth and power, by exploiting the common people, they are also significantly increasing the surveillance of the same common people.

    They know that when you concentrate too much power at the top, uprisings will start from the bottom. So they're increasing surveillance, in the hopes of being able to curb these uprisings before they happen, by strategic arrests and by exploiting sensitive information about key persons associated with civil unrest.

  • If I give my password to my work laptop to someone, I get fired. It's in my employee agreement. I've worked at companies where there are laws protecting access to patient data that would be on my laptop any time I traveled. How do they deal with that kind of situation?
    • Entering a country outside your home country they are free to do whatever they want with you, regardless of your employee agreement. However, when returning home, if they ask for such things you might actually be able to refuse.

      Really though the best solution is some form of remote desktop (or Vmware VDI, or Citrix, or whathaveyou) and make whatever you bring overseas is nothing more than a thin client like a chromebook.

    • by AmiMoJo ( 196126 )

      They lock you up until they can confirm with the company that your story is true and run some other background checks. Better hope you don't land Friday night.

  • by PPH ( 736903 ) on Monday May 15, 2017 @09:56AM (#54418519)

    If I was a terrorist entering a country with the intent of collecting information in support of an attack, I'd be coming in with a clean laptop, phone and camera. On my way out, I'd have plans and photographs of potential targets. But I've never been checked on my way out. I could be carrying the blueprints for the latest top secret radar and border protection would never know.

    Searching people on their way in is for one of three purposes: Harassment, in support of economic barriers (can't have people sneaking cheap videos across borders) and economic espionage (your bidding strategy and cost data will be handed to your domestic competition).

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...