New US Customs Guidelines Limit Copying Files and Searching Cloud Data (theverge.com) 71
The U.S. Customs and Border Protection Agency has updated its guidelines for electronic border searches, adding new detail to border search rules that were last officially updated in 2009. The Verge reports: Officers can still request that people unlock electronic devices for inspection when they're entering the U.S., and they can still look through any files or apps on those devices. But consistent with a statement from acting commissioner Kevin McAleenan last summer, they're explicitly banned from accessing cloud data -- per these guidelines, that means anything that can't be accessed while the phone's data connection is disabled. The guidelines also draw a distinction between "basic" and "advanced" searches. If officers connect to the phone (through a wired or wireless connection) and copy or analyze anything on it using external devices, that's an advanced search, and it can only be carried out with reasonable suspicion of illegal activity or a national security concern. A supervisor can approve the search, and "many factors" might create reasonable suspicion, including a terrorist watchlist flag or "other articulable factors."
Re: (Score:2)
"Nothing to do with immigrants. Trump just doesn't want his family members cloud accounts searchable when they cross the border." ... is what I would say if I wanted to somehow associate it with Trump.
In all liklihood this has nothing to do with Trump and has probably been percolating up through the system for a while now and has nothing to do with any president past or present.
Because they already have access (Score:2, Insightful)
They don't need new access to the cloud because they already have full access.
erase before entry (Score:5, Interesting)
Re:erase before entry (Score:5, Funny)
> They are welcome to inspect the "welcome to android" screen on my phone and "no bootable disk found" screen on my laptop.
Yeah, thats a red flag for "I like cavity searches"
Re:erase before entry (Score:5, Interesting)
You just tell them you always wipe your shit in case it is stolen in transit. It isn't false just because one government or another is the most likely thief, it's a 100% true statement.
I don't think erasure is always going to work if they plug stuff in, but the newest phones at least have a key that everything is encrypted with that can be wiped. It's still a risk. On a computer of course, you can be pretty safe if you delete an encrypted partition and overwrite with zeros or whatever pattern your religion dictates.
Re:erase before entry (Score:5, Funny)
Re: (Score:2)
Only if the shit is lost in transit. Otherwise he doesn't wipe it at all. Skid marks all over the place.
Re: (Score:2)
Yup. That's how you do it.
Seriously, throwing your hands up and squealing "Yay! Go, big boy, do your job and search me!" kinda pisses them off.
Re:erase before entry (Score:4, Insightful)
Yeah, this is what I don't get. Anyone who would actually have something to hide would not carry it unencrypted across the border, because they would know that the border security people might decide to search it. So apart from catching the most incredibly stupid criminals (who would probably get caught for other reasons even without this search), the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.
Re: (Score:2, Troll)
...the only thing this rather bizarre policy will do is cause Americans to become lackadaisical about our fourth amendment rights. Then again, maybe that's the point.
99% of Americans couldn't recite the fourth amendment if it was tattooed on your forehead when you ask them.
I find it rather bizarre that you assume otherwise. Obscene ignorance has created rampant abuse.
Re: (Score:3)
things like DUI checkpoints and implied consent laws started this bullshit trend years ago :(
in before the chorus of "but driving is not a right.. yadda yadda". That's a complete fig-leaf, and just opens the door to further encroachment on the 4th and 5th
Re: (Score:2)
That would suggest that one of the best ways to convince a border guard you don't have anything that you are specifically not wanting them to discover is to turn off the secure unlock option on your phone just before passing through a security checkpoint, and then turn it back on once you are through everything.
Since, as you said, anyone who would have something to hide would not carry it unencrypted, you are likely going to get through faster.
Re: (Score:3)
People actually do lie to enter another nation and attempt to say they are not supporting and funding banned groups.
Images, messages, contacts, of the person supporting and funding such banned groups then gets discovered.
Re "who would actually have something to hide"
Some cults and faith
Re: (Score:2)
Why would any nation tell the world of their new methods and years of law enforcement parallel construction.
Let the wider world keep guessing as to US security and its new methods? No trial, no methods have to be given to human rights lawyers to tell faith groups and cults about changes to US investigative methods.
The methods just keep working and the media can keep guessing at US security.
An airport is a digital and an investigative trap. Chat downs, questions, searches and
Re: (Score:2)
boot a plain jane windows partition with nothing of consequence on it for customs.
Plug in a USB key with a bootloader and boot a second partition that has been encrypted and has all your real files.
Customs isn't going to check disk manager and ask why you have all this "unpartitioned space" at the tail of a 20 gig or so boot volume.
USB key can be cleanly erased after last protected access is needed and prior to customs activity, just format and load with vacation pictures to overwrite previous data.
Perfect
Re: (Score:3)
USB key can be cleanly erased after last protected access is needed and prior to customs activity
If you don' t need access to that hidden partition anymore, why not just remove it?
just format and load with vacation pictures to overwrite previous data.
Just load a partition on the USB stick with vacation pictures and leave the boot stuff alone. It is unlikely customs is going to try to boot from your USB stick, so all they'll see is vacation pictures. Or make the default boot on the USB be the plain windows partition on your hard drive, and if you want to use the hidden one stop the boot and edit the command line to boot it. Or just use grub and stop the normal boot on the
Re: (Score:2)
True, but this is about passing the cursory inspection without raising the kinds of flags that a fully deleted computer would raise.
As to the boot key, sure, but I was going for dead easiest:
key in boots secure
key out boots decoy
to clean up shop in a jiffy: boot decoy, insert and format key, move folder of pics over to key.
Re: (Score:2)
A brand new computer with hidden encryption would be discovered.
An old computer will not hide the use of hidden encryption.
A new OS on an old computer with no user files is also too different from average users.
Have something very normal to inspect. Work files that are allowed to be worked on during a holiday. Holiday images and video clips. Just remember to remove
Re: (Score:2)
A "plain jane windows partition with nothing of consequence on it for customs" as the only files would be good.
Add some holiday images of sunsets, food, art, culture, museums to show the computer was in daily use.
Any deeper search for any attempts at encryption would then find nothing.
A person with a holiday computer is just like most other people.
A new OS with no files is diffe
Re: (Score:2)
All law enforcement has to do is show encryption was used.
A contractor will be happy to scan any storage for the use of encryption.
The person of interest is then asked to decrypt.
No need to "gone up against strong encryption", the person been questioned will be asked to decrypt.
If they say no, demand rights, want a lawyer then some nations pass that person to their law enforcement.
Another more direct and
Re: (Score:2)
Then the use of encryption is discovered by contractors later.
Why is a person returning to the USA with an encrypted fie system? What is in the files?
What kind of encryption is been used? Consumer grade that is junk? Can another agency decrypt?
That starts a lot of questions that might not just stop when "paperwork to get it back or a refund".
That person who feels the need for so much good encryption is now interesting. What are they doing in the USA? W
Re: (Score:2)
If most people have a lot of digital files they can show of their holidays, work, kin, fun, hobbies, art, food, culture why do a few feel the need to travel with no files?
Re: (Score:2)
ok, what if you travel with a chromebook?
those don't use local storage, or at least they are all about 'the cloud'.
and the new rules say they can't mess with your cloud data.
I don't love chromebooks (don't love google) but this may be the way around all this BS.
"my data is in the cloud. my pc is just programs. sorry. that's how google designed this system"
and its true, too.
chromebooks are $150 or so. almost throw-away money. and if they decide to keep your chromebook, well, its not your main laptop, so
Re: (Score:2)
Some nations will just demand access and start to copy out all files, search for contacts of any account they find.
If the "data is in the cloud" "book" is the first account that shows up during a search then that will have to be ready for inspection.
Enter the pass word and the inspection/interview/chatdown can go looking into all files.
Some nations take their time with comments like "rights", "lawyer" "embassy" during a lon
Re: (Score:2)
I've been asked by them to unlock my phone. I happily do.
I just tell them that since I do not own the devices (my employer does), I would be committing a felony to allow them access.
Things escalate, threats are issued. I tell them that even if I give them access, they are committing a felony, (CFAA - access without permission)
Things escalate, more threats are issued. Then I cave in. Here's the passwords and tokens.
They log in, see nothing but fetish porn (gotta give them SOMETHING they see, otherwise they
Re: (Score:2)
Is it possible to set an application that imitates this on startup and a secret key to bypass it?
Re: (Score:2)
Re: (Score:2)
What the fuck are they looking for? "My plan to blow up the Whitehouse.doc" sitting on the desktop?
Terrorists may be just as inept at PC security ops as your average office worker, or even your average person who works at the DOD. (I think you know how that goes.) But also, perhaps cookies that can provide information needed to subsequently retrieve Google Maps history. Or FB identities. Or maybe just some downloaded material or email with something "interesting" on it that can be analyzed later, or used on the spot to indicate probable cause.
I'm not saying I like it, just answering your question. Yo
Re: (Score:2)
What the fuck are they looking for?
Some, unwise, people will take across things like porn - which provides an excuse for "advanced" search; but that is otherwise of little interest. They are unlikely to find terrorist training manuals or plans to blow up a shopping centre and most people will think that if they don't have stuff like that then all will be OK. But border guards do more than that; individuals might be targeted for a search because of who they work for, any commercial information could be useful to their USA competitors.
Many do
Re: (Score:2)
"other articulable factors." (Score:2)
My beard is longer than 5 cm. I guess I'm fucked.
Re: (Score:2)
> My beard is longer than 5 cm. I guess I'm fucked.
Given that you didn't give that in inches, I concur! Everyone knows a cm is a commiemeter.
Re: (Score:2)
As an Eastern European, I guess I'm doubly-fucked.
I thought this problem was settled (Score:1)
Don't people with sensitive personal files use burner phones and laptops to sidestep this argument? Why do people keep pontificating on it?
Everybody knows what needs to be done. Next opportunity comes in November. If you want change you have to *Sweep the House*.
Re: (Score:2)
> If you want change you have to *Sweep the House*.
Of the remaining Democrats? That doesn't seem all that wise, but I understand how you could want to vote out all Democrats, given that they controlled the House, the Senate, and the Executive back in 2009, when the overbearing linked rules were put in place:
https://foiarr.cbp.gov/streami... [cbp.gov]
The current rules, put in place with a Republican House, Senate, and Executive Branch, are far better than the 2009 rules, as they prevent the search of cloud data,
For people travelling internationally with data ro (Score:2)
Much better news than I expected (Score:1)
Wipe Those Devices! (Score:2)
I'll never need to worry about this, because I no longer fly and will never again leave the country. But what's preventing you from doing a cloud backup of your device at the hotel before heading hope, and then wiping your device while you're waiting to come through customs? Then tell the customs agent that there's NOTHING on the phone at all. And you wouldn't even be lying.
Stupid.. (Score:2)
So if you're up to any suspicious activity, you just back up all your data to an encrypted backup on a cloud server located outside of the US and wipe your phone before you travel...
All this does is invades the privacy of ordinary people who desire privacy but don't have anything important enough to go to these lengths to hide it.
Easy way around (Score:1)