| Saturday May 28th 2016

Your personal data just got permanently cached at the US border

supreme-court.jpgLet’s be honest here. The reason your average Joe should be scared about this: is because of porn.

Here’s how it works: most guys have this huge stash of porn and no way to verify that every last file is 100% legal. There’s a good chance they don’t even know what’s in there. You just used bit torrent or whatever to download a bunch of huge archives and quit looking at it once you got your rocks off. Somewhere deep in one of those folders, a file with a 17 year old might have snuck through. You know you’re not a pedophile, but you can’t produce the USC legal age verification forms for some thumbnail cache file somewhere, so you go to jail.

Make no mistake, this is bullshit. But to avoid the whole thing, and also to keep our kids from going through our porn and learning we’re human, we encrypt it. At this point, the border guard is probably going to detain you for even having anything that remotely looks like encryption. Your laptop will be handed to someone who knows about TrueCrypt and they will want to know your hidden password. There’s no way to prove or disprove the existence of a hidden volume, so if you’re a bad liar you will be arrested and if you’re a good liar your laptop will probably get confiscated just in case.

All of which amounts to one thing: What the Border Guard is doing is not only unreasonable, it is tantamount to searching and caching your brain for signs of thoughtcrime. There need to be protections against this sort of thing. (Yeah like the 4th amendment… but we’re not using that anymore.)

Now that US customs agents have unfettered access to laptops and other electronic devices at borders, a coalition of travel groups, civil liberties advocates and technologists is calling on Congress to rein in the Department of Homeland Security’s search and seizure practices. They’re also providing practical advice on how to prevent trade secrets and other sensitive data from being breached.

In a letter dated Thursday, the group, which includes the Electronic Frontier Foundation (EFF), the American Civil Liberties Union and the Business Travel Coalition, called on the House Committee on Homeland Security to ensure searches aren’t arbitrary or overly invasive. They also urged the passage of legislation outlawing abusive searches.

The letter comes 10 days after a US appeals court ruled Customs and Border Protection (CBP) agents have the right to rummage through electronic devices even if they have no reason to suspect the hardware holds illegal contents. Not only are they free to view the files during passage; they are also permitted to copy the entire contents of a device. There are no stated policies about what can and can’t be done with the data.

Over the past few months, several news reports have raised eyebrows after detailing border searches that involved electronic devices. The best known of them is this story from The Washington Post, which recounted the experiences of individuals who were forced to reveal data on cell phones and laptop devices when passing through US borders. One individual even reported some of the call history on her cell phone had been deleted.

“The Fourth Amendment protects us all against unreasonable government intrusions,” the letter, which was also signed by the Center for Democracy and Technology and security expert Bruce Schneier, states. “But this guarantee means nothing if CBP can arbitrarily search and seize our digital information at the border and indefinitely store and reuse it.”

Several of the groups are also providing advice to US-bound travelers carrying electronic devices. The Association of Corporate Travel Executives is encouraging members to remove photos, financial information and other personal data before leaving home. This is good advice even if you’re not traveling to the US. There is no reason to store five years worth of email on a portable machine.

In this posting, the EFF agrees that laptops, cell phones, digital cameras and other gizmos should be cleaned of any sensitive information. Then, after passing through customs, travelers can download the data they need, work on it, transmit it back and then digitally destroy the files before returning.

The post also urges the use of strong encryption to scramble sensitive data, although it warns this approach is by no means perfect. For one thing, CBP agents are free to deny entry to travelers who refuse to divulge their passwords. They may also be able to seize the laptop.

If it sounds like a lot of work, consider this: so far, the federal government has refused to reveal any information about border searches, including what it does with the electronic data it seizes. Under the circumstances, there’s no way of knowing what will happen to, say, source code or company memos that may get confiscated. Or the email sent to your lawyer.


Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.