Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Cloud Privacy Government Security United States

New US Customs Guidelines Limit Copying Files and Searching Cloud Data (theverge.com) 71

The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."
This discussion has been archived. No new comments can be posted.

New US Customs Guidelines Limit Copying Files and Searching Cloud Data

Comments Filter:
  • by Anonymous Coward

    They don't need new access to the cloud because they already have full access.

  • erase before entry (Score:5, Interesting)

    by dmitrygr ( 736758 ) <dmitrygr@gmail.com> on Friday January 05, 2018 @06:16PM (#55872245) Homepage
    I've been asked by them to unlock my phone. I happily do. Same for laptop. This is because, expecting this shit, I SCP all the things I care about to me home computer before returning to USA and erase my laptop and phone. They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.
    • by BrookHarty ( 9119 ) on Friday January 05, 2018 @06:19PM (#55872263) Homepage Journal

      > They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.

      Yeah, thats a red flag for "I like cavity searches"

      • by cfalcon ( 779563 ) on Friday January 05, 2018 @06:25PM (#55872289)

        You just tell them you always wipe your shit in case it is stolen in transit. It isn't false just because one government or another is the most likely thief, it's a 100% true statement.

        I don't think erasure is always going to work if they plug stuff in, but the newest phones at least have a key that everything is encrypted with that can be wiped. It's still a risk. On a computer of course, you can be pretty safe if you delete an encrypted partition and overwrite with zeros or whatever pattern your religion dictates.

      • Yup. That's how you do it.

        Seriously, throwing your hands up and squealing "Yay! Go, big boy, do your job and search me!" kinda pisses them off.

    • by dgatwood ( 11270 ) on Friday January 05, 2018 @06:25PM (#55872291) Homepage Journal

      Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it. So apart from catching the most incredibly stupid criminals (who would probably get caught for other reasons even without this search), the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

      • Re: (Score:2, Troll)

        by geekmux ( 1040042 )

        ...the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.

        99% of Americans couldn't recite the fourth amendment if it was tattooed on your forehead when you ask them.

        I find it rather bizarre that you assume otherwise. Obscene ignorance has created rampant abuse.

      • things like DUI checkpoints and implied consent laws started this bullshit trend years ago :(

        in before the chorus of "but driving is not a right.. yadda yadda". That's a complete fig-leaf, and just opens the door to further encroachment on the 4th and 5th

      • by mark-t ( 151149 )

        That would suggest that one of the best ways to convince a border guard you don't have anything that you are specifically not wanting them to discover is to turn off the secure unlock option on your phone just before passing through a security checkpoint, and then turn it back on once you are through everything.

        Since, as you said, anyone who would have something to hide would not carry it unencrypted, you are likely going to get through faster.

      • by AHuxley ( 892839 )
        Re 'Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it."
        People actually do lie to enter another nation and attempt to say they are not supporting and funding banned groups.
        Images, messages, contacts, of the person supporting and funding such banned groups then gets discovered.

        Re "who would actually have something to hide"
        Some cults and faith
    • boot a plain jane windows partition with nothing of consequence on it for customs.
      Plug in a USB key with a bootloader and boot a second partition that has been encrypted and has all your real files.

      Customs isn't going to check disk manager and ask why you have all this "unpartitioned space" at the tail of a 20 gig or so boot volume.

      USB key can be cleanly erased after last protected access is needed and prior to customs activity, just format and load with vacation pictures to overwrite previous data.

      Perfect

      • USB key can be cleanly erased after last protected access is needed and prior to customs activity

        If you don' t need access to that hidden partition anymore, why not just remove it?

        just format and load with vacation pictures to overwrite previous data.

        Just load a partition on the USB stick with vacation pictures and leave the boot stuff alone. It is unlikely customs is going to try to boot from your USB stick, so all they'll see is vacation pictures. Or make the default boot on the USB be the plain windows partition on your hard drive, and if you want to use the hidden one stop the boot and edit the command line to boot it. Or just use grub and stop the normal boot on the

        • True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise.
          As to the boot key, sure, but I was going for dead easiest:
          key in boots secure
          key out boots decoy
          to clean up shop in a jiffy: boot decoy, insert and format key, move folder of pics over to key.

          • by AHuxley ( 892839 )
            Re "True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise."
            A brand new computer with hidden encryption would be discovered.
            An old computer will not hide the use of hidden encryption.
            A new OS on an old computer with no user files is also too different from average users.
            Have something very normal to inspect. Work files that are allowed to be worked on during a holiday. Holiday images and video clips. Just remember to remove
      • by AHuxley ( 892839 )
        Encryption can be detected using gov and contractor software. A request for full decryption could be made in some nations.
        A "plain jane windows partition with nothing of consequence on it for customs" as the only files would be good.
        Add some holiday images of sunsets, food, art, culture, museums to show the computer was in daily use.
        Any deeper search for any attempts at encryption would then find nothing.
        A person with a holiday computer is just like most other people.
        A new OS with no files is diffe
    • by AHuxley ( 892839 )
      That just makes the person more interesting to the CIA, NSA, GCHQ, FBI and local law enforcement.
      If most people have a lot of digital files they can show of their holidays, work, kin, fun, hobbies, art, food, culture why do a few feel the need to travel with no files?
      • ok, what if you travel with a chromebook?

        those don't use local storage, or at least they are all about 'the cloud'.

        and the new rules say they can't mess with your cloud data.

        I don't love chromebooks (don't love google) but this may be the way around all this BS.

        "my data is in the cloud. my pc is just programs. sorry. that's how google designed this system"

        and its true, too.

        chromebooks are $150 or so. almost throw-away money. and if they decide to keep your chromebook, well, its not your main laptop, so

        • by AHuxley ( 892839 )
          Re "those don't use local storage, or at least they are all about 'the cloud'."
          Some nations will just demand access and start to copy out all files, search for contacts of any account they find.
          If the "data is in the cloud" "book" is the first account that shows up during a search then that will have to be ready for inspection.
          Enter the pass word and the inspection/interview/chatdown can go looking into all files.
          Some nations take their time with comments like "rights", "lawyer" "embassy" during a lon
    • I've been asked by them to unlock my phone. I happily do.

      I just tell them that since I do not own the devices (my employer does), I would be committing a felony to allow them access.

      Things escalate, threats are issued. I tell them that even if I give them access, they are committing a felony, (CFAA - access without permission)

      Things escalate, more threats are issued. Then I cave in. Here's the passwords and tokens.

      They log in, see nothing but fetish porn (gotta give them SOMETHING they see, otherwise they

    • Is it possible to set an application that imitates this on startup and a secret key to bypass it?

  • My beard is longer than 5 cm. I guess I'm fucked.

    • by cfalcon ( 779563 )

      > My beard is longer than 5 cm. I guess I'm fucked.

      Given that you didn't give that in inches, I concur! Everyone knows a cm is a commiemeter.

  • Don't people with sensitive personal files use burner phones and laptops to sidestep this argument? Why do people keep pontificating on it?

    Everybody knows what needs to be done. Next opportunity comes in November. If you want change you have to *Sweep the House*.

    • by cfalcon ( 779563 )

      > If you want change you have to *Sweep the House*.

      Of the remaining Democrats? That doesn't seem all that wise, but I understand how you could want to vote out all Democrats, given that they controlled the House, the Senate, and the Executive back in 2009, when the overbearing linked rules were put in place:
      https://foiarr.cbp.gov/streami... [cbp.gov]

      The current rules, put in place with a Republican House, Senate, and Executive Branch, are far better than the 2009 rules, as they prevent the search of cloud data,

  • How did the old implementation work in practice for foreigners? Due to extortionate data roaming charges (>$5/MB), I always disable data roaming before travelling. Does anyone have horror stories caused by the TSA enabling data roaming and racking up thousands of dollars in bills?
  • At first, I thought "New US Customs Guidelines Limit Copying Files and Searching Cloud Data" meant they were going to try to make it illegal to load data from the cloud onto your computer that wasn't there already when you passed through customs.
  • I'll never need to worry about this, because I no longer fly and will never again leave the country. But what's preventing you from doing a cloud backup of your device at the hotel before heading hope, and then wiping your device while you're waiting to come through customs? Then tell the customs agent that there's NOTHING on the phone at all. And you wouldn't even be lying.

  • So if you're up to any suspicious activity, you just back up all your data to an encrypted backup on a cloud server located outside of the US and wipe your phone before you travel...
    All this does is invades the privacy of ordinary people who desire privacy but don't have anything important enough to go to these lengths to hide it.

  • Favorite Linux flavor on thumb drive. Load whatever onto laptop hard drive. Put thumb drive in wallet. Looks bad, but just use the "Don't want it stolen" excuse. Have I left something out?

Harrison's Postulate: For every action, there is an equal and opposite criticism.

Working...