Securing the Border Against Creepy Pictures on Some Guy's Laptop

Jacob Sullum | 8.28.2009 10:48 AM

The Department of Homeland Security plans to retain the Bush administration policy of seizing and searching international travelers' laptop computers and other electronic devices at will. An ACLU attorney told The Washington Post the revised version of the policy "provides a lot of procedural safeguards, but it doesn't deal with the fundamental problem, which is that under the policy, government officials are free to search people's laptops and cellphones for any reason whatsoever." Homeland Security Secretary Janet Napolitano says such wide discretion is essential to national security:

Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States. The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.

What a crock. As I noted in a column last year, DHS is not looking for bombs in those laptops; it is looking for incriminating files, and the charges that flow from the searches typically have nothing to do with terrorism, contrary to Napolitano's implication. Judging from the comments of her predecessor, Michael Chertoff, the most common crime detected is possession of child pornography. The government is using the "border search exception" to the Fourth Amendment as an excuse to delve into people's private lives without a warrant, looking for a reason to arrest them.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: A Cash for Clunkers Postmortem

Hide Comments (56)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

kilroy 16 years ago

http://www.truecrypt.org/
jtuf 16 years ago

My old rabbi used to get searched every time he went to Russia. Of course, back then, it was the Soviet customs agents who did the searching.
ktc2 16 years ago

It's for the children!

Why do you hate children?!
John 16 years ago

This policy is complete horsehit. No one shows up at the border with terrorist plans on their laptop. Yes, you will catch the occasional pervert but that is about it. They always talk about how they can get all of this information to aid investigations. That is bullshit. The information on a laptop, like numbers and names, only means something. if you already suspect the guy is a criminal, in which case you can get a warrent.

Yes, I suppose that we will occasionally get the one in a million shot of the guy who has Osama Bin Ladin's satillite phone number in his contract list. But to get that one guy we have to violate the privacy of millions of people. It is hardly worth it.

The continuation of this policy shows the idiocy of people who voted for Obama knowing he was an economic leftist but thinking that he would somehow be better on civil rights than the Republicans. Sorry, Obama just gives up Bush era disregard for privacy with a big heaping helping of socialized medicine and multi-trillion rather than billion dollar deficits to wash it down.
P Brooks 16 years ago

The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.

Newspeak; it's real, and it's HERE.
Episiarch 16 years ago

I live on my laptop, so I would never dare take it on an international flight, just on the off chance they decided to search it and then get it back to me at their leisure. I'd have to buy a secondary laptop and transfer only what I needed for the trip. That way I could handle not having it for a few days/weeks.

Remember, the Supreme Court says you have no 4th Amendment rights while crossing the border. Thanks, SCOTUS!
John 16 years ago

Epi,

I wouldn't worry. They only searched 46 laptops last year. They can't search every or even a significant portion of the laptops crossing the border.

That makes this policy even more infuriating. If they did it to everyone, they would at least be uniform and have a hope of catching a few bad guys. As it is, it is just a license for CBP to fuck with you that provides no tangible security benefit.

Also, this is a lot worse than the NSA wiretapping program. I consider someone going through my compter and e-mail without a warrent or suspicion to be a lot worse than listening to the odd phone call.
T 16 years ago

http://www.truecrypt.org/

And go with the hidden volume approach. Give them the BS password and whistle cheerfully as you go on your way.

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing.
Episiarch 16 years ago

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing.

Of course. But if they don't like your face (and I imagine you suffer from that a lot), they decide to take your laptop for "further inspection" and then maybe you get it back in a few weeks.

That's why, even if there is very little of this going on, I'd still want to use a secondary laptop, because you never know when some petty DHS tyrant is going to decide to fuck with you.
John 16 years ago

"And go with the hidden volume approach. Give them the BS password and whistle cheerfully as you go on your way.

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing."

That will just cause them to seize it and send it back to the lab to let their computer forensic trolls go after it. Good luck getting it back.
T 16 years ago

Of course, that doesn't mean that should be allowed to do the inspection. But given the well established case law that the border trumps the Constitution, best to protect yourself.
T 16 years ago

That will just cause them to seize it and send it back to the lab to let their computer forensic trolls go after it. Good luck getting it back.

John, I suggest you read up on how the whole system works. You have two passwords for your encrypted volumes. One opens one set of files, the other opens up another set of files. Set up some dummy crap in one volume and give them that password. Your real data remains secure in the other volume, which is invisible to the OS. They can't search what they don't know exists, and giving them a password shows you're a dutiful citizen with nothing to hide.
P Brooks 16 years ago

I want a laptop with 20g of ram, and a 2g hard drive. With a memory card slot. Can somebody get on that for me?

Linux, of course.
John 16 years ago

Ok T. Then maybe it would work. Of course it is not like terrorist and criminals won't do the same thing further rendering this already useless and offensive program useless.
Vehical Driver 16 years ago

This is so stupid. It is trivial to encrypt your data in a way that would require a CIA supercomputer working weeks to decrypt it... assuming you aren't using a one time pad, in which case it is impossible to decrypt it.
Episiarch 16 years ago

T, I don't want to give government forensics people too much credit, but any system like truecrypt is out there and they'd know about it, and how to look for it. Just because it's invisible to the OS doesn't mean the file system on the hard drive doesn't know about it.

I would think that if they bothered to bring in a laptop, things like truecrypt are the first thing they'd look for. I would.

That's why I say you get a cheap ass secondary laptop, and put on it only what you need for the trip. If by some chance it gets taken for inspection, you don't care nearly as much.
T 16 years ago

Of course it is not like terrorist and criminals won't do the same thing further rendering this already useless and offensive program useless.

Yup. It's not even security theatre, it's a straight up fishing expedition. I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it.
P Brooks 16 years ago

any system like truecrypt is out there and they'd know about it, and how to look for it.

At one point, I believe, the government was trying to force anybody who makes a commercial encryption system to give them the key; what happened with that?
kilroy 16 years ago

"in which case it is impossible to decrypt it."

If you can decrypt it, someone else can decrypt it. It just may take an extremely long time.
kilroy 16 years ago

Encryption technology is still considered munitions by the US. You need permission to export any cryptographic system, the software or hardware that performs the encryption. Keys are usually generated during the use of a cryptosystem not a part of the system itself.

For practical purposes all the main systems are available from non-US sources.
T 16 years ago

Epi,

Just like every other government agency, if they've decided to fuck with you hard enough, you're hosed. They'll just snatch the box and you're screwed. (Should I stress again the importance of backups?) But using the hidden volume approach gives the appearance of cooperation, which may get you and your laptop out of there together.

Alternatively, keep your data on an SD card. It shouldn't set off a metal detector, so you should be able to skate right through customs with it with no one the wiser.

While the policy is reprehensible and (IMHO) unconstitutional, it's damn near trivial to avoid running afoul of it if you know it's there.
alan 16 years ago

Set up some dummy crap in one volume and give them that password. Your real data remains secure in the other volume, which is invisible to the OS. They can't search what they don't know exists, and giving them a password shows you're a dutiful citizen with nothing to hide.

An alternative compact sized OS on a flash drive (say Damn Small Linux for examining Windows, or my personal favorite, you can find here http://www.menuetos.net for anything else) will bypass any particular OS protections.

But say if you have data that you are really paranoid about, like The REAL Aarchist Cookbook, you could convert the text to an .ntx file, scramble this text with a simple program you write yourself, so long as you can keep it in your head the necessary means of getting it back to the original sequence, copy the print to a series of jpegs, dig out your Family Guy First Season DVD you would not ever watch again if you had to, paste the jpegs every 11.03 second sequences eleven minutes into the seventh episode so no one who bums it from you would ever even see the info flick by (avoid any scene emphasizing Louis boobs some people go for that sort of thing), and you still get busted because some under achiever at the DHS actually has talent and notices that you have an obsession with prime numbers.
P Brooks 16 years ago

You need permission to export any cryptographic system, the software or hardware that performs the encryption.

So if you are attempting to leave the country with encryption software on your laptop, you're a terrorist spy. I feel safer, already.
Geoff 16 years ago

Yup. It's not even security theatre, it's a straight up fishing expedition. I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it.

The fact that there's this enormous back door (why would you put anything on a laptop you're traveling with when you can just get to it through a VPN anywhere in the world) is the proof that the whole thing is either implemented by IT idiots or is just an excuse for a fishing expedition. It's clearly not intended to find terrorists or protect the country.
T 16 years ago

Encryption technology is still considered munitions by the US. You need permission to export any cryptographic system, the software or hardware that performs the encryption. Keys are usually generated during the use of a cryptosystem not a part of the system itself.

Didn't the whole PGP case blow that argument to shreds? Yeah, the compiled software is tech but the source is protected under the 1st amendment.
T 16 years ago

alan,

Read this for the full explanation of the hidden volume concept.

And yes, I'm this paranoid most days of the year. My wife is never going to find everything if I die unexpectedly. I suppose I should make some arrangements for that eventuality.
Episiarch 16 years ago

While the policy is reprehensible and (IMHO) unconstitutional, it's damn near trivial to avoid running afoul of it if you know it's there.

We're talking at cross-purposes. I understand how to encrypt and protect data. My point was very simple: if I take my super-expensive 1080p/Blu-ray/802.11n multimedia laptop through a border check, and for any reason they decide to confiscate it for a check, I am fucked. The same applies to anyone who tends to live and work off of a single primary laptop. Like a guy going through customs with a MacBook Air that he does everything on, and having them say "this looks weird, we might have to confiscate it" (this actually happened).

Encrypt, don't encrypt, whatever. But I would never take a laptop I cared about through a border check.
Meta4 16 years ago

"I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it."

That's how it is where I work.
Meta4 16 years ago

BTW, for some reason, the nine-year-old riding the subway link won't let me post.
jtuf 16 years ago

Yes, I suppose that we will occasionally get the one in a million shot of the guy who has Osama Bin Ladin's satillite phone number in his contract list. But to get that one guy we have to violate the privacy of millions of people. It is hardly worth it.

I am very tempted to buy an address book, write "Al Qaeda Contacts" on the cover, and then take the train to Montreal with it hanging from my neck in clear view.
T 16 years ago

My point was very simple: if I take my super-expensive 1080p/Blu-ray/802.11n multimedia laptop through a border check, and for any reason they decide to confiscate it for a check, I am fucked.

True enough. Most of my travel is business, and when this policy became public last year I told my boss I wasn't fighting with DHS over the company's laptop. DHS wants it, they can have it. I'd probably feel differently if I had a nice personal laptop, but my Acer netbook verges on being disposable.
P Brooks 16 years ago

BTW, for some reason, the nine-year-old riding the subway link won't let me post.

Terrorist!
alan 16 years ago

T.,

I would be careful about relying on encryption, further into the link you provided, it doesn't sound like it would be that difficult to get at the secondary volume if you are looking for it which is likely SOP for The Man, given the public availability of this info:

Note: When you enter a pre-boot authentication password, the TrueCrypt Boot Loader first attempts to decrypt (using the entered password) the last 512 bytes of the first logical track of the system drive (where encrypted master key data for non-hidden encrypted system partitions/drives are normally stored). If it fails and if there is a partition behind the boot partition, the TrueCrypt Boot Loader (even if there is actually no hidden volume on the drive) automatically tries to decrypt (using the same entered password again) the area of the first partition behind the boot partition where the encrypted header of a possible hidden volume might be stored. Note that TrueCrypt never knows if there is a hidden volume in advance (the hidden volume header cannot be identified, as it appears to consist entirely of random data). If the header is successfully decrypted (for information on how TrueCrypt determines that it was successfully decrypted, see the section Encryption Scheme), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset). For further technical details, see the section Encryption Scheme in the chapter Technical Details.
John 16 years ago

jtuf,

How about forming an informal social club and call it Al Qaeda? We could then give out "Al Quada" ID cards and honoray postions. You could be "Al Quada Communications Director" and I could be "Director of Munitions and Chemical Supplies" and so forth. And every member gets a embossed leather day book marked "Al Quada Contacts" with a complete listing of all members, positions and phone numbers. And we will call quarterly meetings and label them "blowups". That way everyone can have a day book with "September 13, 2009, Al Quada Blowup in Las Vegas marked in the day book.
T 16 years ago

alan,

How does that make it easier to find? They'd have to have the hidden volume password in the first place. The boot loader is going to execute the same sequence whether or not there's a hidden volume. Given true crypt uses a 256 bit key, a brute force attack isn't feasible to do on every laptop that comes across the border.
alan 16 years ago

Yet another reason bipartisanship needs to be stabbed right in the middle of its mangled, octogenarian eye
alan 16 years ago

The boot loader is going to execute the same sequence whether or not there's a hidden volume. Given true crypt uses a 256 bit key, a brute force attack isn't feasible to do on every laptop that comes across the border.

TrueCrypt is open source, how difficult would it be to write a version that follows a different protocol to read out the volume?
T 16 years ago

TrueCrypt is open source, how difficult would it be to write a version that follows a different protocol to read out the volume?

Huh? You can use any program, but the algorithm and the key have to be the same. No key, no decrypt, practically speaking.
alan 16 years ago

I should have said 'spit out the volume'. It would still be encrypted but not be mistaken for random noise.
JB 16 years ago

So Reason writers and commenters, still want to worship that Obama cock?

This fucker is just like Bush except that he is so much worse and has a deficit 4x as large.

Fuck Obama and fuck all of you that supported him.
Doug 16 years ago

One word: virtualization. Virtualize your machine then do a clean OS install. Move your virtual machine off the physical machine when you cross the border. Piece of cake.
R C Dean 16 years ago

Posts like this are when I really miss joe.
not me 16 years ago

This is why tourism to the US has dropped 18%.

What percentage of major international conferences now take place on US soil? zero.

Here in Canada, most teenagers take their first trip to Europe, not the United States. We're worried about being "disappeared" in transit and sent to some Syrian prison for torture.
Mikey 16 years ago

The only time I've ever been hassled about my laptop was when I was entering Canada. Germany, no problem; USA, no problem; Canada, some dude with a protective vest and rather large machine gun wanted to know an awful lot about my laptop (personally owned or company owned? can my employer view it? do I have movies on it? etc).

They didn't take it, but geeze, what a hassle.
Solanum 16 years ago

Posts like this are when I really miss joe.

Posts like this are exactly why joe isn't here anymore. Good riddance.
val 16 years ago

Here in Canada, most teenagers take their first trip to Europe, not the United States. We're worried about being "disappeared" in transit and sent to some Syrian prison for torture.

Thats a pretty ridiculous statement. Most teenagers spend thousands of dollars on their first trip to go to Europe rather than the couple hundred bucks it would take to go anywhere in the US? I doubt it. Maybe if you said Mexico or something for spring break, but Europe? gimme a break.
Kyle Roberts 16 years ago

A scenario I've always envisioned, whilst going through an airport security checkpoint:

TSA guy: Sir, could you please open up and turn on your laptop.

Me: Sure. I just need to see evidence of your current Secret clearance.

TSA guy: ...

Me: Sorry. I'd be violating UCMJ if I did that then, and then you could be arrested as a spy.

TSA guy: ...

Alas, I deleted all that stuff (like I was supposed to) when I left the army.
Ebeneezer Scrooge 16 years ago

At one point, I believe, the government was trying to force anybody who makes a commercial encryption system to give them the key; what happened with that?

Whatever the final deal that was cut --er imposed? would they do that? -- there is a reason why I don't use encryption software from US sources.
Ebeneezer Scrooge 16 years ago

btw, pgp is at least as obtuse to use as ever. But I wouldn't trust it for anything I cared about.
Erica 16 years ago

Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States.

That's crap, since it's trivial to get whatever you need via a secure internet connection at your destination.

If it's true that they only searched 46 laptops last year (from an earlier comment) then this tells me that they're not "screening materials," they're searching the belongings of somebody they already think is sketchy for whatever reason. If that's the case, then why the need for the "at will" policy?

If the real goal here is to find kiddie porn, then this seems like a horribly inefficient way of going about it...
Paul 16 years ago

http://www.truecrypt.org/

Kilroy, nice try, except law enforcement can jail your ass if you don't hand over the key.

Nope, the only way is to have dead-man's data destruction. If you don't put in the right password, a background task starts a secure delete on anything you want gone.

I swear all those models are over 18.
Paul 16 years ago

What percentage of those "46 laptops" they searched turned up with terrorists or contraband porn?
JB 16 years ago

I went through customs coming back from Amsterdam and I was the only person from my flight that was pulled aside for a thorough luggage search. I was well-dressed, but mid 20s guy coming back from Amsterdam.

I had leftover European funny money and I spent the last of it on a few porno magazines at the airport. Customs dude flips through them and says "All normal. No kids or animals."

The one time I was traveling with porn and the one time I've been searched at customs. I think my main thought was "Good. Better them search me than the person who brought pot with them."
Paul 16 years ago

"All normal. No kids or animals."

It's my understanding that when one goes in to Amsterdam, they'll check to make sure you only have kids or animals, and anything normal will be confiscated.
cgee 16 years ago

@ T:

Just like every other government agency, if they've decided to fuck with you hard enough, you're hosed. They'll just snatch the box and you're screwed.

Ok, someone really needs to get laid this weekend...
Jake 15 years ago

I'm surprised at you people! I say we welcome our new memory card police. If you have nothing to hide in your photo album, while then you have no reason to deny requests to examine them. We need to remember: the police have a hard job, and this excuses any oversight that may rarely occur.
Besides, we need to start winning the war on ambiguous, gross, and suspicious pictures. These things can't be let into the country where they could make our good people grossed out or suspicious. Its time to declare war on socially unacceptable memory card contents.

I'll lead the way by volunteering to let random people look through my stuff if they are employed by a law enforcement agency. Do your part to make sure my kids grow up in a nice world free of weirdos with weird pictures (it is, after all, your job to take responsibility for my children's development).

Won't somebody think of the children?

Please log in to post comments

Securing the Border Against Creepy Pictures on Some Guy's Laptop

Latest

No Other Land Won an Oscar. Miami Beach's Mayor Is Trying To Evict a Movie Theater for Screening It

Are Democrats Regretting Trying To Out-Hawk Trump?

Everything's Computer

Is This the Beginning of the End for the Department of Education?

Biden Rushed Out Billions for Green Energy Projects Before Trump Took Office

Recommended

Login Form