If it's encrypted it will probably end up in blob storage, which is low cost. If you want to hit them where it hurts, generate tons of fake text (stored as emails, documents, texts, etc.) with GPT-3 to clog up their elasticsearch server and/or NLP classifiers.
For maximum effect you'd want to use something like RSA-1024 which is "just" weak enough that they will take a wack at it, but also strong enough that they'll expend tens or hundreds of thousands of dollars worth of compute attacking it. If you use something "strong" like RSA-4096, they probably won't bother even taking a look at it.
All symmetrically encrypted data looks the same, but almost all encrypted wire formats and encrypted file formats contain some header information. In particular, GPG / OpenPGP encrypted files will contain a header with the public key's hash. Any investigator with more than a day's experience would check the same device for keyrings and check if any of the public or private keys in the keyrings match any of the messages.
It takes a lot of effort to make all of the metadata also not have distinguishable patterns. See DJB's "Elligator" papers for all of the work that goes into designing elliptic curves for this purpose.
It's really a pain to have a full protocol that looks like white noise even if the attacker has millions of message exchanges to look at. I designed a protocol like that about 20 years ago, using the Station-to-Station protocol with the largest 4096-bit safe prime as the DH modulus. I couldn't use the semantically secure version of DH, because in that case, the first 4096 bits exchanged each way would always be a quadratic residue. The modulus needed to be just under a power of 256, so that even with billions of samples, it wouldn't be surprising that none of them were between the modulus and the maximum N-byte integer. For the individual messages within the stream, I needed to encrypt the message length headers, etc., etc. Even with this white noise-looking protocol, I'm pretty sure the pattern of packet sizes used by TCP to encapsulate the stream would give away the protocol being used. It just really increased the amount of analysis a filtering firewall would need, and increased the false positive rate of attempts to block the protocol. These days, TLS is so common and the pain caused by blindly dropping all TLS connections is so great, that you're probably best off either tunnelling your hidden protocol through TLS, or else making your protocol look like a TLS handshake with common parameters.
Now I'm curious, because I've spent the past little while looking at file encryption headers, whether there's an example where the RSA modulus size is explicitly going to be part of the file header. I guess you could tell even if it was presented as a blob (inside a structured header) because it would be padded to a size that was equal to the length of the modulus...
You don't need to muck around with encryption headers for this. Just install gpg, generate a RSA-1024 key pair, and use the public key to encrypt a rickroll video or something.
That reminds me of some story I read back in the 90s about some famous hackers (I think the ones who testified to Congress from MIT).
One of them knew their apartment was going to be raided by the FBI so they left a suitcase full of encrypted cassette tapes in there for the FBI to salivate over.
After finally decrypting the first one, I believe it was just static noise :)
I hoped, HOPED, this story would end with a link to YouTube where a man in a trenchcoat performs a strange dance while lip-syncing to very concerning lyrics about a man that would never give her up, never let her down...
Yes, I earned the downvotes, have at it.
Anyway this made me want to read Cryptonomicon for the 5th time and gift it to some younguns.
Hehe... wish I had a link for you, I went digging around the internet with some serious Google fu and didn't turn up much. The MIT guys were l0pht, but I couldn't find any stories linked to them.
The original story was in a 200 ish page library book I rented in 2004 or so, and I imagine the publishing of that book was in the early to mid 90s based on the tech and artwork involved :) It was at Half Hollow Hills public library, which has since been demolished!
> After finally decrypting the first one, I believe it was just static noise :)
That sound fishy, was there any metadata to confirm it has been decrypted? That's the thing with encryption, it's just math, it won't "fail" anything if you got the wrong key, you'll just get random data back.
If done properly encrypted data looks like random data. That means that if you have a Raspberry Pi pumping out random data (no need for encryption), they'll probably just store it thinking it's top-secret encrypted data that they'll decrypt later.
There is the likelihood that most encryption applications would put a header of some kind on the encrypted blob.
For example, PGP, PKZip, OpenSSL, and age all do this with encrypted files. I'm not sure I can think of a user-oriented encryption application that doesn't. Disk encryption also definitely does (although in TrueCrypt volumes the header is encrypted and not recognizable as such, so TrueCrypt is an exception, probably deliberately).
Crypto primitives in programming languages don't, and NaCl crypto secretboxes don't (they just start with the nonce!), so I guess if you were calling the NaCl secretbox encryptor by hand to encrypt your files, they wouldn't have any header.
The Snowden leaks showed that the NSA has built the capacity to spy on essentially the entire internet. You really think they'll balk at a few petabytes?
Yes but this isn’t the NSA, this is the border patrol, operating with a fraction the budget and expertise of the NSA. The people doing the copying are basically security guards that couldn’t pass the police physical nor find work as teachers.
I really like the idea of a hacked hard drive or phone which generates a never-ending series of files containing terabytes of random data. I bet any given boarder crossing will only have the ability to scan two devices at a time, so bring a couple and you can probably shut down everything as they scramble to figure out what to do when their local storage fills up.
I understand that you're coming from a good place, but speculation on how to "hack" fascism is fundamentally misplaced energy. Nobody will have to worry about overloading the CBP's hard drives if we live in a country where our right to privacy & protections against unlawful search & seizure are respected.
I realise that this is not the exact argument that i was originally making, but technical people are unlikely to rethink technical solutions without them understanding the technical barriers that limit a "solution's" effectiveness.
Most hard drives (and presumably SSDs) contain embedded microcontrollers to handle translation between the various protocol levels (USB, SATA, etc) and the raw data on the platters/FLASH cells, often running i/o drivers on top of some microcontroller-specific RTOS.
So ... surely the ideal technique would be to write a driver for the RTOS that generates a stream of data on the fly that looks like an ExFAT filesystem full of directories and email folder hierarchies containing Lorem Ipsum text? That way, it keeps feeding an unending supply of junk back to the imaging hardware (which probably isn't anything as high level/simple as "plug into a PC, mount it, and copy everything"). Yet if they open up the case and look inside, they'll see a genuine hard drive with genuine platters.
An exotic device that smells like tradecraft is a great way to get past the bored rent-a-cops and meet some some serious counterintelligence investigators.
This is more like my way of thinking. People seem highly focused on how much space they might have for storage. But security isn't really about disk space, which is quite cheap these days. It's about how much time/money/resources it takes to complete the tasks needed to circumvent whatever security controls are in use.
If I had to do this, I would indeed make a faked Nimbus 100TB SSD drive, but it would also be super slow and glitchy. Spit out the proper meta data, then slow random noise presented as glitchy virtual sectors. Done deal. They've surely imaged glitchy drives before. They aren't rare.
How many drives can they image at a time, and how long does it take? How many drives can they not image because yours is taking so long? That's what I would attack.
Maybe you're waiting in a room (or covid-room) while they're trying to copy your strange shitty disk for days on end. I can already see the 'The Atlantic' piece.
I'm wondering if it's not gonna be another 'good' reason to keep anyone they want to mess with for days. Oh sorry we can't read m2 disks we have to call the guy from the place that has the only converter. We'll keep you warm in the mean time. You didn't have a flight connection or a lawyer you wanted to call, right?
That is where the storage comes in. Most likely the data from the drives is being dumped to a local NAS device with a limited capacity - more then likely a consumer level NAS sitting under someone’s desk. When it fills up it probably requires an IT person to get involved, and then they have to decide if they are going to dump data or do an unscheduled upload, being greedy they will probably wait for it to upload, then they have to start over or resume copying data from your device, so if it’s a honeypot giving endless data then you can imagine them making thee or four attempts before giving up and waving you through. Meanwhile they have hundreds of terabytes of your random data to store and index for 75 years.
All of these comments seem to be written as though the side effect of trolling federal agencies is everyone being mature, recognizing that you pulled a great joke on them, having a good laugh, patting you on the back and sending you on your way.
Based on prior stories I've read - trolling pissed off people with any form of Authority could end up very very badly for anyone doing this.
Aside from them just out and out confiscating any electronic device they like, they could detain you for a long period of time, they could put you on no-Fly lists (and then good luck ever flying into/within the US again), they could put you on extended screening lists (and so, every time you fly then on - again, kiss goodbye every electronic device you posess every time you travel, again). If you're a foreign national, or even if you look vaguely foreign, you might find yourself deported/denied entry/locked up for a while during the deportation process.
That's before they even get motivated enough to be malicious - I'm sure if they wanted, they could gin up enough of a case of "obstruction" or "wasting police time" if they can find any evidence (or even anything that looks like it could be hint of intention, like posting on HN), which even if it never goes to trial can still make your life a living hell, cost you your job, and a huge amount of money defending.
>The people doing the copying are basically security guards that couldn’t pass the police physical nor find work as teachers.
Or maybe they're just people who want to protect the country they live in? You can't just view everyone who disagrees with you politically as a drooling idiot.
I've heard that 5 eyes can only process 20 precent of what they collect a day. I'm not sure what they do with the 80% at the end of the day considering that pipe is constantly getting more feeds.
I doubt they look at everything by default. I would think they have a starting point of something like Persons of Interest, Devices of Interest, and Locations of Interest.
This is HackerNews, so you're going to get called out on such nonsense. There is no technical capability to "spy on the entire internet". If you truly believe this, then you are probably consuming propaganda.
Honestly if you do try that, I think the legal system would be right to prosecute you for it. "The law is immoral" is not a legal defense against "You knowingly disrupted a law-enforcement IT system."
Agreed, but there are no legal defenses against having done 2.
Civil disobedience requires breaking the law. With that comes the possibility of being legally prosecuted. Civil disobedience requires accepting that. And in fact, a large part of the effectiveness of civil disobedience comes from the fact that people accept the risk of arrest.
Just in case any readers are taking the above comment seriously, there is no modern legal system anywhere that allows exceptions based on the above. It is absurd nonsense.
I would encourage you to study peaceful revolutions (e.g. Mahatma Gandhi). Protestors protested against unjust laws by filling up the prisons. One can't be afraid to lose money or time when taking a moral stance. You are ofcourse doing this at great personal expense because you believe you are correct, not for external praise or glory.
Back up a moment, this is suggesting emailing a zip bomb[to yourself or an account you know will not open it.] I believe showing intent is a separate issue.
I think, back in the day, it was used to get away with lynchings. Not the best example, because laws against lynchings were actually also morally correct.
There are many reasons you could legitimately hold a drive with a zip bomb; maybe you're researching them for security? Maybe you collect interesting examples to teach the concept?
(Note: this doesn't mean you should go on record with such a defense without an attorney present, just saying why it shouldn't legally be regarded as malicious without a lot of other evidence.)
It would be interesting to see the legal defense of what constitutes "knowingly" disrupting it.
For example, if I put a zip bomb on all my emails regardless of the border security but just as a general security measure, would that make me culpable if it wasn't targeted?
All hypothetical of course, because there's other hurdles to that as well like being flagged as spam in every day use.
And how would you prove intent? It might be easy to prove if it's an usb drive with only a zip bomb. But what if it's on a 8TB external hard drive, with a bunch of random stuff (research papers, movies, podcasts, etc), placed inside a folder called "DoS examples" with a bunch of other malformed files as well?
Isn't the American legal system the one where that kind of argument actually has weight? Why so many cases are thrown out on technicalities and litigation costs are so high.
A kitchen knife is just a tool for cutting meat, does that sound like a crime to you?
Depends very much on what is being cut, in what context, and why. Cutting chicken fillets in a kitchen to cook dinner? No. Cutting a human on the street whilst screaming 'die you bitch' probably yes.
Because we're talking here about a file that one might possess within one's personal effects and papers--a file, on a PC, with no desire whatsoever to share it with anyone--the comparison to waving a knife around while screaming threats, or forcing a malicious file into a server, seems more than a little thin. Where is the motive? Where is the criminal frame of mind?
Remember, piping /dev/zero to a compression routine for a few seconds, out of curiosity or testing a shell script or whatever, could create a file that might throw a wrench into poorly-built works.
Yes, and if you suspect someone is going to legally try unzipping it, you are probably legally required to inform them that it does contain a zip bomb.
And if you have the zip bomb on the USB drive with the intention to damage a law enforcement system, things change.
Just like you are allowed to have a gun, but you can't walk into a random place carrying a gun.
Personal attacks will get you banned here, so please don't. Also, could you please stop posting unsubstantive comments generally? We're trying for at least a little higher than internet default on this site.
I imagine they would seize the drives and give you a receipt. And then, a year or two later, they give you a call to tell you they are releasing the drives and you can pick them up. Isn't that what happens to computers that are seized as a part of a police investigation?
Best to be deepfake granny & grandpa porn. Is there anyone working on that yet? The US legal system being what it is, I expect it will be necessary to prove the deepfakes are legal adults that consented to the filming.
HN getting upset over something you never said is one thing. The Border patrol getting upset over something you never said would be quite a different level of pain. I think that's the fear.
Where did I make that argument? Most people here have no idea how law enforcement or CBP operates. Some full drives are not a big obstacle and they're not going to waste time without knowing who you are first.
As far as the data collection, searches without reasonable suspicion are already ruled unconstitutional. The rest has been policy for years. The only change is centralizing the data but this isn't big news and there are already movements against existing practices.
I don't support unlawful collection or searching law-abiding citizens but that has nothing to do with my work, or what would realistically happen in the above scenario. I'm not sure what you're talking about with the rest of your political claims.
I believe pretty much none of these protections exist at the US border if you aren't a US citizen, which isn't that much of an edge case considering that's like 96% of the world's population and a lot of people may want or have to visit the US at some point.
I think you must be talking about another situation than the US, can you explain? The us border patrol can do this to citizens and non-citizens, and they assert their right to do it to anyone within 100 miles of the border, which is much more than half the us population. I don't want this for noncitizens crossing the border either. One reason for that is I don't want this to happen to me either.
During the bush 2 administration, they were harassing people traveling to the us who were making documentaries about the us in the iraq war. This is just a convenient way for them to invade the lives of privacy of people coming through the border.
The previous poster was talking about non-citizens and that's what I responded to. Non-citizens by definition don't have the same rights.
I never said I supported this but just explained what would happen in the original scenario and that this isn't new policy. Anyways I've given up trying to deal with the irrational and emotional behavior on HN when it comes to political topics.
Would you support them seizing data from someone who owns a legal marijuana cultivation business in San Diego (because he's so close to the "border area") and then sharing that information with the DEA to federally prosecute him? The definition of "law-abiding" there would get a little murky.
What if it's someone who grows weed for his personal, medical use in an illegal state?
Marijuana is federally illegal and comes with plenty of risks. I don't think CBP should be abusing border area privileges for drug-related offenses but technically the fed govt can use the support of any agency. It's highly unlikely that CBP/DEA would waste time if the establishment is legitimate given state laws unless you're helping a cartel or personally known as a major dealer.
He said "only" risk. I consider them separate. Are we really debating the semantics of the plurality of risks in this situation? This thread is hopeless.
I'm saying you just repeated what he said with more words for no reason. Why are we talking about what affects an arrest might cause? It's not related at all.
Of course they do. I only said that a bunch of harddrives aren't going to be a real problem for them. Not sure why that's leading to so many extra interpretations of things I didn't say.
"A Boston federal court ruled that U.S. federal agents can’t conduct “suspicionless” searches of international travelers’ smartphones and laptops at the border and other ports of entry, a decision hailed by the American Civil Liberties Union (ACLU) as a major victory for privacy rights. In a 48-page decision, U.S. district judge Denise Casper ruled that border officials need justifiable reasons to search a person’s electronic devices, which should be balanced against the privacy interests of travelers."
> Until an appeal actually overturns this, is this not the new standard?
No, because the 11th Circuit Court or Appeals has already ruled to the contrary, while the 4th and 9th Circuits have rules similarly. However the First Circuit rules on this there is a Circuit split until the Supreme Court resolves it. So calling other side of that split the absolute rule is presumptuous.
For forensic, as opposed to manual, searches of electronics there is under the district court judgement in Alasaad v. Nielsen (currently on appeal as Alasaad v. Wolf because of change in DHS leadership.)
Neither party might go as far as you want, but it is also a mistake to think both parties are completely identical in their views of this sort of behavior.
How could two organizations of thousands of people ever be completely 100% identical, and why does that matter at all if neither party has rolled back these massively unpopular policies, even when controlling both houses of Congress and the executive?
We do have to keep context in mind. If you ask a question in general about data collection, will you get different answers than if you asked specifically about collecting data at the border?
It was a question and not a statement so I don't need to base it on anything beyond knowing that how you ask a question in a survey is incredibly influential on the response you get.
I would guess that "Do you oppose government data collection?" would get different answers than "Would you support government data collection at the border in order to try to curtail illegal immigration and terrorism?" which is how this administration will likely defend this.
> yet you're implying there is evidence they would
My first comment on the issue was a question and my second one was prefixed with "I would guess...". I don't know how you can read either of those comments and assume that I am stating anything definitive.
It may not be your intention, but the tone of your comments is very aggressive. Further, your sarcasm is off-putting. I understand this is a hot-button issue, so maybe take a breather.
I stated a simple question asking if the linked survey was too general to definitively indicate how the public would feel about this specific issue. I then followed up with a guess about public opinion that was clearly labeled a guess. I honestly don't understand what prompted the hostile tone of your comments, but I apologize if my comments offended you in some way.
Game theory. If people vote for the party promising policies closest to (using whatever metric) their ideals, and there are only two parties, optimal strategy for each party is to move as close to the center as possible.
They wouldn’t lose voters with ‘extreme’ ideals because, if they decided to not vote, parties would counteract by moving towards the new center, which would be further removed from the ideals of those voters abstaining from voting.
How do you square that with the rise of the Tea Party and the Alt-Right? It seems like they've found that they can motivate people to vote by moving _further_ from the center, and the moderates continue to vote the party line of whichever party they prefer.
Alt-right or the tea party would lose an election against a center-line party, big time.
Motivating people with ‘extreme’ opinions from one side of the spectrum to vote moves the center, so it can make both parties move in that direction.
Let’s (in a very simplistic model) say we have 100 voters on a 1 to 100 scale, so centered around 50.5.
If, normally, the extremes of 1 to 10 and 91 to 100 don’t vote, the center stays at 50.5. Convince the 1 to 10 people to vote, and the center moves to 45.5, so the two major parties move in that direction, too.
There’s an assumption here that most politicians are willing to, somewhat, go against their beliefs in order to get elected. I think that’s true, and unavoidable in a two-party system (which, in turn, is hard to avoid in a system with “winner takes all” elections), but if it weren’t, parties can easily replace candidates that object to a course change with others that either have different ideals or are willing to sacrifice some of that a bit in exchange for their career.
> so it can make both parties move in that direction.
This is the opposite of what we’re seeing on the right. Centrist republicans have been pushed out of the party for not being conservative enough over the last 4 years, and primary candidates go out of their way to outdo each other in terms of conservative positioning.
Nobody seriously running on the right is trying to be a moderate Republican on the federal level because being a “RINO” is political suicide.
The opposite of your view is what is happening for both parties. It's laughable to look at Republicans and think they are moving to the middle. The democrats have partly moved to the middle (Biden being a great example). But in primaries, which have the most energized voters on both parties tend to get less people in the middle. In practice, in reality, it doesn't work that way. Also gerrymandering tends to make districts even more polarized.
66% of americans oppose government data collection. Obviously neither party is anywhere near the ‘middle’ and other political forces are driving what legislation gets passed.
> Game theory. If people vote for the party promising policies closest to (using whatever metric) their ideals, and there are only two parties, optimal strategy for each party is to move as close to the center as possible.
This theory requires either ignoring that voters may have a threshold at which they become disaffected or ignoring that political opinion may not be unimodal; if you consider both of those factors, that strategy ceases to be dominant.
In the real world, voters can become disaffected and abstain, and political opinion is often not unimodal (in the US it's closer to bimodal.)
What you describe is not what happened. Look at republicans who ended up with Trump and the base was pretty happy to move far away from the middle, demonizing black people and other minorities. This move from the middle energized a large part of the population in the us.
Primaries in gerrymandered districts weed out moderate candidates. Their goal is to win the majority in their district or state, so they can sometimes ignore all other parties.
They are not 100% identical, but they do agree on a huge number (a majority?) of important political issues, particularly in defense, foreign policy and economics, and make a big show of arguing over the other topics in order to try to differentiate themselves.
While I understand the frustration please don't make false generalizations like this. There are several people with a consistent track record of pushing back on this stuff, like Wyden.
This is one of the biggest problems with modern Western democracies - there are some thing (a lot of things) that governments do to work against their citizens that voting simply will not change. It feels so futile...
This is an example of why we need more viable political parties. Which is why we need a better voting system (ranked choice, approval, etc) so that other parties can become viable and start influencing politics. Of course neither of the two dominant parties want their power reduced in this way.
In the UK we have a few more political parties, but still only 2 dominate. Those 2 parties do actually differ on something: Labour wants to borrow and spend, the Conservatives want to be fiscally responsible. Aside from that though, things like foreign policy, defence spending, mass surveilance etc, are all the same - doesn't matter who you vote for.
Ballot measures are one way you take this on. You make it explicitly illegal for companies to have over data on users from your state unless a warrant is produced. This won't stop entities from tapping fiber or attacking companies and stealing data, but it does stop companies from just handing stuff over voluntarily.
We just have to keep increasing the visibility of this issue. Don't give up, I'm not giving up. I don't expect Biden to change this unless there is a very very large groundswell of people complaining. AOC and Sanders seem like people that could understand the reason why this is bad behavior.
I'm from the UK, so don't have the best optics on US politics, but Biden strikes me as quite conservative, probably leaning middle-right. I would guess that Biden would be "more of the same" as pre-Trump - probably a welcome relief after the madness of Trump, but many will not welcome a return to the status quo.
That sounds about right. We'll have to see how much pull the more liberal dems have on him, the impact of AOC/Warren/Harris especially. The republicans are saying Harris is more liberal than the whole senate, but I don't see that. Time will tell. Warren was who I wanted.
What's a reasonable way to protect yourself here? Other than wiping and restoring. Are there any encryption tools, or ways to keep your emails and other data on your device safe?
What is on the device in their hands, on US soil, is subject to their stupidities, whatever those stupidities may be on the day their grubby hands get hold of your phone.
What is located remotely, in a privacy conscious jurisdiction, say Switzerland, is outside of their remit. I know US courts like to think they have power over the world, but they don't. US courts and US law power stops at US borders.
The trick is to make sure nothing gets cached on your local device (including authentication credentials, obviously). A bit like the old Thin Client computing really.
If you want to go one step further, don't travel with working credentials. Rely on someone outside of US jurisdiction to provide you the last piece of the jigsaw in a secure manner once you are in a safe location.
Well, in theory, yes. In practice, there have been recorded instances where the US Government has asked people to disclose their social media [1] and in other ones (I failed to find the source) refused access to people who refused to log into their accounts.
Also, if you're a non-american traveler, all the constitutional rights you're afforded as an American don't apply. So they can pretty much ask whatever and refuse you access for any reason.
It's like the US is becoming more and more like China. But it's a worlwide trend, really, with old men screaming "We're gonna be in the dark !" ... It's thoroughly depressing.
Edit: As written down in the comments, the part about foreigners' rights is wrong. See comment for correction.
But can’t they just deny you entry? I mean you can have all the rights but if they can just let you in (especially if you live in the US), that’s still a pretty big lever.
I’ve always considered America’s uniform worship to make the 3rd irellevent, I guess it goes to show that ensuring rights via law is good even if you think it unnecceraary
I've been to the US and there's no passport control whatsoever when you leave. You don't ever see a border guard on your way out — you go through security at the airport and then straight to the gate.
The real problem is that they now require social media handles on the visa application.
US “law power” extends as far as the enforcers of that power are able and motivated to extend their reach, which very often extends far outside of US borders.
OTOH, there's places and contexts where that reach tends to encompass more casually and with less case-specific motivation.
It's interesting that you single out Switzerland as a jurisdiction that the US can't touch.
It used to be that Switzerland had iron-tight bank secrecy regulations that the US (and the rest of the world) really couldn't breach. Yet over the years the US has managed to force massive changes on Switzerland's financial institutions, and for decades now there's been much more transparency, and Switzerland's banks are not nearly as secret nor as effective at hiding assets as they used to be.
Apart from getting other countries to change their financial regulations to be more in line with what the US wants, the US has also been very successful in doing the same in regards to issues like drug enforcement, human trafficking, child molestation, and many other issues.
So, depending on your threat model and what data you're trying to keep private, I wouldn't count on any jurisdiction ultimately being and remaining safe for your data.
Something else to consider is that once your data is out of your hands, it's easy for whoever has it to make a copy to archive and work on at their leisure. Even if they don't share, sell, compromise, or trade away that data today, that doesn't mean they won't do so at some time in the future when laws, technical capabilities, or incentives change.
I think you're drastically overstating what happened regarding Swiss banking secrecy.
Switzerland agreed to FATCA, which only applies to people subject to US taxes and allows those people to refuse to have their information shared with the IRS, in which case the IRS has to specifically request it.
The "massive changes" you mention essentially consist of banks asking you if you're a US person and then, for the big banks, making you fill out a bunch of paperwork and for the small banks, refusing to open an account for you. If you're not subject to US taxes, there's no effect on you whatsoever.
I think the _much_ more interesting thing, which is unrelated to the US (as it's not a party to the agreement) is the AEOI [0].
Anyhow, Switzerland is still very much a sovereign nation and the fact that it has agreed to give limited financial information to the US, with consent of the account holder, does not change that.
A fun bit of proof: copyright infringement, one of the US's pet peeves, is still very much alive in Switzerland. It's your legal right to make as many copies of something as you want and give them to your friends and family [1].
And ultimately, the US' power over Switzerland is quite limited due to the referendum system. Any change they'd like the government to make has to have the consent of the people. The Swiss are quite protective of their privacy so I don't see the US having any success weakening that.
I don't know if you realize how absurd this is: imagine if you, as a US citizen, in the US, had to answer whether you are subject to Swiss taxes any time you wanted to open a US bank account.
Also, for stock accounts, you'd be required to fill out a form in German/Italian/French regarding Swiss taxation.
It wasn't the US alone. The pressure increased from pretty much all the important trade partners in the west and a lot of the bank secrecy breaking a bit had to do with the Swiss banks really really wanting to do business in those countries, preferably without following their laws. But in the end it was the big banks that gave up on the iron-tight secrecy themselves and pushed for deals before the Swiss government did.
I agree that you can't count on jurisdiction alone for your data remaining safe. Neither will a technical solution like encryption. The latter might keep your data safe, but not you and your loved ones if there are not some legal limits what people wanting to access it can do.
> Yet over the years the US has managed to force massive changes on Switzerland's financial institutions, and for decades now there's been much more transparency, and Switzerland's banks are not nearly as secret nor as effective at hiding assets as they used to be.
Eh not really unless you're a US citizen, which is a US problem not a Swiss problem. When I arrived, several years ago, and was opening an account I was asked multiple times If I was (or ever was) a US citizen and had to sign (again multiple times) that I wasn't a US citizen. Many small and even cantonal banks will outright refuse to open accounts for US citizens.
That’s not true. A US court can order you to go to another country, retrieve documents, and bring them back to the US, even if you doing so is in violation of that other country’s laws. This is more reasonable than you might think, because otherwise companies and individuals could hide all of their incriminating data in such ways and evade accountability under US law.
Further, being involved in any violation of or conspiracy to violate American law is a crime, even if you never actually step foot in the US. Companies can be sued in US courts for actions they took overseas. None of this is particular to American law, the same is true in any advanced legal system. American law just has particular significance because of American economic preeminence. Some of the most vexing legal issues, both theoretical and practical, surround this cross-border application of law. And I guarantee you wouldn’t like the result if countries took a strictly physical, territorial approach to their legal authority.
That's not really accurate. The US, due to its historical position as a super power, has extradition treaties for many countries around the world. If charged with a crime in the US, your physical location might not matter.
It very case/situation specific. The host country might block extradition for various reasons, but often, the US has global reach.
Calling your congressman makes the most sense, IMO. As technologists we have an inclination to jump to the technical workaround, but the workaround should not be needed to begin with.
This would have no effect. “Call your congressperson” should never, under any circumstances, be considered useful or effective.
Policies are decided in the interest of plutocrats. Very occasionally when it would generate good PR or if disenfranchisement gets too bad, some retroactive number fudging will be used to whip up a press release or report on the number of calls or letters to a congressional office, as if to make it seem like a policy was affected by democratic consideration of constituents, but that is purely theatrics and publicity and has no bearing on or connection to the way congressional offices pursue legislation.
The alternative cynical view (which I subscribe to) is that this small-to-medium amount of pain can sometimes tip the scales in the right direction.
There are of course other tools, but they require a bit more dedication: regular donations to think tanks and lobbyists who agree with you and can spend time schmoozing/convincing congressmen, regular donations to legal foundations who challenge overreach in court, and of course voting when the time comes.
Well, you're not talking to a congressman. You're talking to an office aide. I'm not convinced causing "pain" for interns and aides is what transmutes into political change.
I’m still not understanding. How is my comment distrustful? It’s just a factual description of a decision making and PR process.
The tone I imagine when I say something like “legislators only consider the desires of plutocrats” is like saying “plants survive by photosynthesis” or “the Efficient Markets hypothesis is only useful as an occasional approximation” or something - neutral observations of factual descriptions of how systems work.
“Cynical” implies a normative judgment, or some extended assumption as if my comment has anything to do with presumed self-interest or distrust of sincerity.
The rule is apparently phrased as being within 100 miles of any "external boundary", which doesn't just mean borders with other countries, but also the entire coastline, including the coasts of the Great Lakes. Most Americans live in this area.
Note that the "border" here is not the coastline, but the limits of territorial waters (12 miles). This also means that proximity to, say, the upper Chesapeake Bay or the southern tip of Lake Michigan aren't relevant, as those coastlines are of internal waters and not the larger ocean.
> Note that the "border" here is not the coastline, but the limits of territorial waters (12 miles)
No, the Border Patrol interpretation of the “reasonable distance from the external boundary rule” is that it extends to at least 100 miles from any land border or any part of the US coastline (whether or not it is or is in proximity to an international border.)
That's what the ACLU says the Border Patrol's interpretation is. When I actually read the regulations and the statutes themselves, as far as I could infer, the external boundary was meant to refer to the international water boundary.
I'm afraid I don't recall the exact citation off the top of my head, but I'd like to see more evidence for the ACLU's claims than, well, just the ACLU saying so. Especially when the ACLU itself points out that the law and regulations doesn't actually give the Border Patrol some of the powers it has.
(I should note there's a distinction between the actual legal authority and the actual policies applied in practice--I'm arguing that the legal authority is 100 miles from the international waters boundary; that the Border Patrol is exceeding that is probable, but the ACLU is, IMO, conflating the legal and actual effects to lobby specifically against the law rather than lobbying against the Border Patrol acting illegally).
> I think the rule applies to incoming travellers only, not everyone who happens to be near the border.
No, it applies to where the Border Patrol asserts authority to conduct warrantless stops and searches of any person/vehicle/etc. for potential immigration or violations.
(There's also a similar 25-mile zone where they assert authority to do so on private property other than physically entering houses.)
They also claim similar authority to the 100-mile limit in cities with international airports, if they happen to be outside of the 100 mile zone.
> The Fourteenth Amendment doesn't just lose force for everyone living in one of the coastal cities.
The Fourteenth Amendment limits the power of state governments, it's the Fourth Amendment that is at issue here. But the legal theory is that warrantless searches in these circumstances, are reasonable and thus compliant with the Fourth Amendment.
Searching someone's phone or laptop isn't just done to determine their immigration status. So if a person shows their U.S passport, would BP still be allowed to search their electronics?
That is of course terrible and should never happen, but I think it's also erroneous or illegal, not something the law permits.
I'm not defending BP or ICE practice. I was just wondering if the law actually permits the authorities to search electronic equipment of U.S citizens for no other reason than being within 100 miles of the border. That I would find truly astonishing.
That’s the law as I understand it, yes. CBP set up search checkpoints on highways (even those parallel to the border) to stop and search all vehicle traffic sometimes.
I offered that information about citizen arrests to illustrate that whether or not something is legal or permitted by law does not have much practical effect on the ability to constrain ICE/CBP. They have repeatedly ignored injunctions from federal judges.
> Searching someone's phone or laptop isn't just done to determine their immigration status. So if a person shows their U.S passport, would BP still be allowed to search their electronics?
Sorry, “immigration status” was not quite what I should have said, it's to determine border violations, both immigration and contraband related. As warrantless electronics searches are for “digital cobtraband”, they would seem likely to have the same status in the border zone (to the extent it is valid) as at the border, where manual checks with no specific basis and forensic checks with “reasonable suspicion” have been upheld, IIRC.
From all I've read, they will certainly try, even if they don't technically have the authority (I don't know if they do or do not, but CBP has broad authority). Encryption also incurs their ire.
You need to either wipe the phone or have stegnograpic volumes.
There are a plethora of full disk encryption tools. Linux has dm-crypt, Windows has BitLocker, iOS and Android have it. I assume there's a way to enable full disk encryption in OSX but I'm not familiar with the ecosystem.
They can force you to unlock/provide password to your devices if they have probable cause that there is evidence of a crime on the disk. Typically this is because someone looked over a shoulder and saw child porn on the screen. I'm not aware of anyone being forced to provide passwords or keys in any other circumstance, but I'm not an expert.
Encrypt your data, keep your devices off. Do this even if you have "nothing to hide".
If you're seriously concerned about the security of the information on your phone, you could look at the NSA's Security Configuration recommendations. [1] These recommendations are intended for "Apple iOS 5 Devices", and many of the recommendations sound like they would not be appropriate for the average traveler.
What I would recommend is to keep as much information off your phone as possible. Save emails on your personal computer, and delete them from your phone before traveling. Log out from online accounts like web-based email accounts before traveling. Don't have sensitive files on your phone; encrypt them and download them from a server somewhere that you control.
Finally, as "sumanthvepa" recommended, "keep all interactions with (Border Patrol Agents) on a cordial basis and cooperate immediately and completely when ordered."
VeraCrypt encryption tool for one, offers hidden encrypted volumes. If I remember correctly, you would have 2 passwords for the same encrypted container. One pw for a decoy volume if forced to decrypt your files such as in this case, other pw would reveal your true data.
You could try to push your luck, if you're an American citizen.
More realistic is to just wipe your phone and reset it to factory settings using a throwaway google account. They probably won't ask for it but that way it looks unremarkable and you don't have to waste your time arguing with them.
I wouldn't even bring a computer across the border anymore, at least not for a vacation. I always use full disk encryption and I am not interested in giving the CBP (which I'm sure has great IT security) copies of all my confidential work documents to just leave sitting around for the next 20 to 75 years waiting to get exfiltrated by who knows what hacker group will get to it first.
Chromebooks are great for this - they're fast to wipe and fast to set back up. I travel with a Chromebook and a phone that I wipe before crossing international borders.
Wiping and restoring is underrated. I feel pretty safe about my Apple encrypted cloud backups. It's a minor inconvenience to wipe the phone before crossing the border, and restore on the other side.
Now - if they can make you restore in their presence, that would be a big problem.
Really, the US system of manually extracting data from peoples physical devices seems so much more old-fashioned compared to the Great Firewall of China.
There really isn't much difference conceptually between the two systems.
That's an overstatement. The conceptual difference is that the U.S. system is limited to specific, known, legally prescribed situations, while the Chinese system is constant and ubiquitous. The U.S. system is far from perfect when you get down to specifics, but I'd definitely take it over the Chinese system.
30,000 device searches annually is WAY too many, but it is far more limited than than the system in China. Are you really trying to argue that border searches, no matter how much overreach, is the same as the Chinese Firewall?
It sounds like you're saying the limit infringes on constitutional or human rights, and should be reduced, which I agree with. Your original comment said there wasn't much conceptual difference between the two systems, which I disagree with. Neither system is acceptable, but that doesn't mean they are the same.
Is there a list online somewhere of all the crazy shit that can legally happen to you in the US? How long you can be detained for, what data can be extracted from you, and so on? Like if you had a really bad day and the authorities exercised all of the powers over you they legally have.
I think they got him confused with the officers that unloaded 20 rounds in a no-knock warrant, killing an EMT not involved in the investigation, and resulting in no evidence
In that rare instance charges were filed, but there is yet to be a conviction. There is a vast system in place to protect police officers in these situations, up to and including federal law.
There are a handful of state courts in the US that find passwords testimonial, and therefore the Fifth Amendment prevents compelled production of passwords. [1]
Actually, the First Congress okayed border searches. Given that many of them were authors of the Constitution, it stands to reason that border searches were always intended to be allowed under the Constitution, even if not stated explicitly.
I also suspect they did not anticipate it being both feasible and normal to have one’s entire private writings on one’s person at all times like modern phones permit.
I'm going to start traveling with a 10 TB Encrypted NAS full of static. They can download that and save it if they want.
What sucks is that I know this is probably being stored on AWS. Tech companies enable this kind of shit, and even push sale of larger and larger systems to governments. And they are massively rewarded for doing so.
This isn't the government... this is a sales guy at AWS pushing them to store things for 75 years... he knows he gets a helluva commission check on that deal.
Gross oversimplification, but not really. We, as technologists, have to take responsibility here.
The easiest thing to do is to simply not take electronic devices with you anywhere in the world, otherwise there is a slight risk of someone wanting to understand the information contained within it.
If you think there is a risk, and you take a device, obviously FDE is a requirement, although, that could be seen as "suspicious".
The easiest thing to do is to fill up TB's of HDD's with useless information. Random pictures, documents, perhaps thousands of people's contact information downloaded from a public source. Store any "important" documents as random file names, perhaps inside archives or volumes that need decrypting. Or not at all, instead "in the cloud" but still encrypted so that you can travel without worrying about somebody accessing your information. Make deliberate "suspicious" file names, make them believe a file is encrypted (a 50GB file named "totally not a hidden volume.hiddenvolume") and maybe they will waste time trying to open the volume only to realize it contains thousands of pictures of naked molerats.
Clearly you need to be smart about crossing borders with electronic information these days, and not having any with you seems to be the best course of action.
This why you keep the stuff you can't show people in the cloud encrypted with a password only you know. Once you get to the border you can't really argue any longer. That said, the US really needs a new amendment spelling out digital freedom and privacy rights. The old farts in Congress don't see information on devices as information portrayed in the constitution. Information is information and the Constitution laid out methods for handling it long ago that are far superior to what our current idiots in charge seem to be able to handle. About the only ones we have paritally on our side are judges who actually know the constitution rather than pay it lip service; those types are also becoming rare.
> The easiest thing to do is to simply not take electronic devices with you anywhere in the world, otherwise there is a slight risk of someone wanting to understand the information contained within it.
I think people seriously misunderstand the range that the Border Patrol has--its far more than the US and Canadian borders. Portland Oregon, for example, is within their grasps due to the coast + 100 miles being considered part of the border.
So, you could be never leave the country and be caught up in their web quite easily. I wouldn't be surprised if 70% of the population of the US lived within their range.
Genuinely curious - what would be an example of how border patrol might exert influence over someone not crossing international boundaries? For example, if I live in an apartment in Portland, under what circumstances might USBP decide to search my computers/phone/etc.?
That's easy to answer: the beginning of international waters is defined as a certain distance from the border.
Which is the coastline, for the most part; international law considers countries to control land, and lakes, bays (some) and harbors, but not the seas and oceans.
Full disk encryption isn't suspicious. It's standard on many corporate devices, and corporate travelers cross the border with them constantly.
However, the encryption would not protect you against this problem. They may ask for the password to decrypt the volume and deny you entry to the country if you refuse to provide it.
"The easiest thing to do is to simply not take electronic devices with you anywhere in the world"
That sounds monumentally complicated and not easy at all. I understand that a tiny percentage of highly engaged techies can manage what you are talking about, but 99% of people cannot.
> Information is stored for 75 years although if it’s not related to any crime it may be deleted after 20 years.
I wonder if you have your house burned down and you want your digital pictures back, can you ask them to give you a copy of their backups? That's the only thing that storing this data for this period of time is useful for, but I guess they won't hand it over.
It may still be useful to the endless parade of hackers that get access to the confidential documents "procured" by CBP in this way and stored in what I sincerely doubt will be some impenetrable database.
Not to mention that given their track record regarding things like facial recognition software, individual unmonitored CBP agents will probably be able to just you know, steal all the private information taken on people they're stalking.
The police have already been caught abusing these databases when they were minimal, increasing the amount of available stored is idiotic until we solve the problem of oversight and security.
I believe someone awhile back tried to compel the NSA to release data collected in mass surveillance which he claimed could exonerate him. Unsurprisingly, this tactic did not work.
I'm not a US citizen, and I used to travel to the US from India occasionally before the pandemic. In reality there is no data that I have with me on my laptop or mobile device, that isn't already accessible to a nation state like the US. There is really no point trying to play games with US customs and immigration. You'll just irritate them and it won't end well.
The best strategy is to simply comply with all relevant US law and orders issued by officials at the border. And one should understand that at the border, a foreigner such as me will have very limited protections. In practice there are really no protections at all. People like me essentially rely on the goodwill of the US officials at the border.
For the most part they are polite and business-like. Its best to keep all interactions with them on a cordial basis and cooperate immediately and completely when ordered.
> The best strategy is to simply comply with all relevant US law and orders issued by officials at the border.
The best strategy is not to travel to the US at all, if you can avoid it.
It's not even about not handing over data that they could have if they really wanted it. It's about sending a message that this behavior isn't OK and that foreigners are human beings too.
The US doesn't care about your privacy, but it does care about its economy and so voting with your wallet is still the most power you have. Continuing to degrade yourself at the border at their whims condones their abuses, however implicitly.
Every border on Earth already reserves the right to search your personal effects as thoroughly as they please, without any concept of probable cause being applicable.
If they don't extend that into data located on devices you're carrying across the border, it isn't because they don't reserve the right, but merely because they lack the means or interest.
> Every border on Earth already reserves the right to search your personal effects as thoroughly as they please
You're correct, however this does not mean they all treat you like you should be the most thankful person of Earth for them letting you in and not harassing you endlessly.
The U.S. even requires you to hand over social media passwords in some cases and a lot of personal information before you even get on the plane.
The outright contempt for foreigners is not as common elsewhere.
P.S. And of course, you have borders like between EU countries where you barely even notice you crossed a country border, (as an EU citizen).
Likewise here from the UK. Be polite and respectful and generally I've never had any issues.
Once I even had the guard - who before me had been dealing with a plane full of Chinese tourists - give me a knowing smile and a "I can tell you know what you're doing" kinda comment as he more or less waived me through. I guess being a white male native-english speaker helps a lot in those scenarios.
P.S. Global entry helps a lot in these scenarios and is (still? was?) available to non-US citizens
This is categorically false and borders on misinformation.
Subpeonas etc. can be challenged by US companies/individuals in the court when they are within the country. Innocent until proven guilty is the way of life within a country. During border crossing, system has been changed to assume guilty until proven innocent (for better or worse).
You are correct that if you are in such a situation (border agent asking for data), it's better to comply amicably. I personally would consider cloud backing data and cleaning up local drive before entering US as my best strategy. Carrying unsurmountable amount of data (10 TB+) is also another strategy.
The interesting thing about this is that it affects people who have never been to the US and never intend to go, or those who do but take 'precautions' to protect their privacy (secondary devices, double encryption etc) as most of the data in anyone's inbox is not generated by them.
It also affects U.S. citizens who don’t even have a valid passport and no intention to leave the country. According to the CBP being in the extended border zone is enough to be crossing a border and therefore be subject to a warrantless search.
Hmm could you not just encrypt your data and leave the key at your house and throw one away before you reach the border. They can have all of the “data” that they want.
What's super awesome is nearly every US voter (including the ones reading this) will vote for the jackwads that enable and fund bulk surveillance abuses like this.
In and outside the US, non US citizens serve as a proving ground, for tech that US Gov will eventually deploy against it's own citizens.
US Gov does this because it can, because news orgs are more interested in sportball, because both parties have successfully set citizens at each other throats for decades and because the public keeps gorging on whatever fear-filled plate of nonsense is put in front of us.
Ten years from now, an entirely new regime of surveillance abuses will be added to those already deployed against us. More than any other reason, this will happen because we endlessly reelect the people who are ultimately responsible.
I 100% agree with you. What can a voter do until the EFF fields a candidate? There are copyright and surveillance maximalists running both parties apparently. The DMCA, the Patriot Act, and the all the other BS seems to the type of stuff that everyone in power agrees on and no candidate that I’m aware of is trying to do anything about it.
If you hack somebody and steal their data, that'd probably count. If you've exfiltrated confidential data from your employer, that could count. For a time, exporting strong crypto was illegal; we might see a return to that.
The ACLU doesn't generate propaganda or take single sided political stances on matters. They defend all sides of the spectrum equally as it pertains to their rights.
If you consider it to be anti Trump propaganda, then in all likelihood it means Trump is violating rights. The ACLU is perhaps one of the most non-partisan organizations.
They have a fairly nuanced and IMHO fair take on civil liberties regarding gun rights. I'm sure many second amendment supporters may take issue with their stance, but in my reading, it's quite fair and non partisan. In fact they encourage people on both sides to work together and vote towards clear law on the matter. The ACLU focuses on rights violations not advocacy for extension of rights beyond what is decreed in law.
I don't believe they support the individual's right to own a gun beyond what a state or the Federal government allows. The Feds could outlaw individuals rights to own a gun tomorrow and the ACLU wouldn't bat an eye. Check out their position on it. They flat out state it's only for militias and anything beyond that for individuals is not supported Constitutionally (aka left up to state/federal laws to dictate) https://www.aclu.org/other/second-amendment. I think this article reasonable says what I'm trying to say much better. https://reason.com/2019/04/12/the-aclu-defends-the-rights-of...
The sitting president was elected as a Republican on the promise of deporting foreign nationals living illegally in the United States. Wether you agree or strongly disagree with that policy, how is suing to let them stay “non-partisan”?
EDIT:
I’m not arguing about this policy. The fact that 43% of Americans oppose the admittance of central american migrates seeking to claim refugee status makes it a partisan issue.
Out of curiosity, what is your understanding of the rights afforded to individuals within the United States regardless of their legality? Especially with regards to applying for humanitarian refuge legally?
The perceived partisanship of this is directly related to what you consider the rights of the people versus what is written in law etc...
I personally believe that everyone in the USA should be protected via their Constitutionally mandated personal rights. That said there is nothing in the Constitution about giving asylum and that is the mandate of Congress. I personally believe that a well thought out quota system is needed. We can't take everyone in the world who wants to seek asylum here. That's simply not possible. No one who isn't a US citizen has a right to live here, it is strictly up to the US government to say how many in what time span.
The ACLU however is not defending people's unilateral right to live in the US. They are defending the right to due process and the ability to apply for humanitarian refugee status.
If it can be shown that undocumented immigrants were afforded those, then the ACLU hasn't gotten involved to the best of my knowledge.
Why did you oversimplify "unprecedented policy of expelling migrant children from the U.S. southern border without giving them an opportunity to seek humanitarian refuge" to "deporting foreign nationals living illegally?"
Because they'd file the same suit if a Democratic president took similar actions. In fact, they already did[1]. They're not working for the benefit of either party, but rather for the general protection of the civil liberties of people in America, regardless of politics. They've historically represented many different viewpoints, up to and including literal Nazis [2].
this is a great idea actually. or simply manage fake social media accounts with a fake persona that you update semi frequently either by hand or through an automated script. Login to these accounts upon arrival, then switch back to your real ones when you're clear.
i do use multiple profiles on my android phone where the main one is not the one i actually use. I wonder if they would catch that as its kinda obvious if you know to look for this but actually somewhat hidden if not...
Even if this works for now, for you, you have only solved the problem for yourself. But the problem of privacy is a collective problem in society, so unless most people have privacy, you don’t have it, either.
This would be like commenting on censorship/non-free speech laws that you’d solve it for yourself by using Tor or some other anonymizing method. That would not solve the problem of a society which will lack free speech, and if a society did not have free speech, you would have problems, even if you’d manage to somehow get free speech for yourself.
Most likely solution isn't either/or between two options but rather both. Lots of people will start doing this and make it more accessible for the common man while others are getting the law changed (if).
I've been doing this while going between the US and China. Once you get used to it, it is only a few minutes of hassle to restore everything. If it is so suspicious, they should have no problem articulating that to a judge and getting it from my email provider or my storage provider. But I suspect they only do it because they can and if you add even a tiny bit of friction, they won't bother unless there are other things that make them suspicious.
Surely you'd need to be a person of interest to have them process your data. The data is likely encrypted so how do they decrypt it? They can socially engineer a way in but does that work? Do people break down and give up their passcode?
Would they really process the data just because? It seems like a severe amount of data to process and evaluate. How much compute power is set aside for this and how much online storage is used? Do they use a cloud service for this?
It'd be interesting to hear from somebody in the know about what is they real can do and what is heresy.
In the past, a human was required for most policing operations. Economically, that meant you'd need to be a person of interest or at least incidentally connected to one to be subject to an investigation. It meant that judges and legislators could say stuff like "it's fine for the police to run arbitrarily license plates, that's public information" because running license plates meant there was a cop with a pad of paper walking through a parking lot, bringing the notes back to a clerk to manually tab through the registration files. Storing the data and processing it used to happen at human speed and cost on the order of $20/hr, assuming they weren't working overtime rates on nights, weekends, and holidays, now it runs at gigabits per second and costs $0.05/hr to run 24/7.
I'm not in the know, but I know that all the email content I've ever written is trivial to fit on a $50 hard drive, and with that I can search through 20 years in under 20 seconds.
It's not a question of "could they do it" but "would they do it", your answer to that question depends on social and political issues, not technology. It's why I prefer technical solutions like encryption to political problems like privacy.
To be honest, if your decryption process is "just" a passcode you "know" then you've already failed.
You could have a key and a passcode that relies on 10 steps (such as using a web service) that is reliable for you to know but not easy to "explain" how to obtain (and, as a bonus, easy enough to build in a dead man's switch, if I don't visit script.php within 24 hours the key is gone and even I can't decrypt now).
Make sure you have legally obtained copies of porn if you do this. Unfortunately, it does not seem unreasonable to me that doubly illicit images (copyright-violating porn) could lead to a cause of action against the holder of the hard drive.
Remind me to travel with terabytes of encrypted garbage data. Just to be a costly pain in the ass. I'd love to watch an incompetent CBP agent try to figure out how to move 10TB of disk images with USB thumbdrives.
Your time is probably a bigger issue. Hard drives maybe average 200MB/s transfer speed, so a 10TB disk would take a little under 14 hours to image. I don't know about you, but I'm not too inclined to waste a day just to troll the CBP.
My takeaway; they have to search for porn first because they can't be amassing a huge porn collection, so store your sensitive info in your porn folder!
I know they market this product for security researchers, and I've read all sorts of good reviews about the "anonymous" version. May everyone expand on this concept:
It would be interesting to have one of those built into a smartphone as an antitheft device. It could thwart someone who steals your phone or otherwise tries to get unauthorized access. Does anyone know the legal status of setting traps for intruders into private property?
Uninstall everything before crossing the border? The 100 miles thing is the weirdest though, especially if enforceable on someone who has not recently/ever crossed the border.
When I was a kid in the 80s, I had a US flag on my wall. What happened to the US in the past fourty years? It became a country that I don't really want to visit anymore. Every civilized nation behaves differently, at least towards citizens of allied nations. We are no enemies. Ain't no reason to treat us non-US citizens like people without any rights. - I am deeply saddened to see the US come this way, and I have no hopes that this will change in the forseeable future.
Edit: Look at how non-US citizens exchange ideas for how to avoid handing over all their personal data at border-crossing. What a shame.
My simple answer: we became afraid. 9/11 showed us we were not invincible. Technology to enable mass surveillance had quick answers for our collective fears. Stoking our fears is a profitable industry. Here we are today.
Don’t know why you’re getting so many downvotes. This is pretty general but there’s a lot of truth to it.
9/11 ushered in an era where the US government took pretty extraordinary steps to protect national security by undermining the rights of citizens (see operation “Stellar Wind”.) It was so aggressive that FBI director Comey did not want to reauthorize it due to constitutional concerns.
Fear indeed is a powerful and profitable emotion to traffic in, it drives so much of our current media and political landscape.
A prominent political pundit that shall remain nameless said relatively recently that what is true doesn’t matter as much as what feels true. And that mentality dominates our political discourse.
I can totally understand the need to protect your citizens, but I rather think that this kind of behaviour damages the reputation of the US deeply. In the long run, you might have gotten your hands on someone's data that would like to harm the US (but are these guys so stupid to put their malicious plans on a handheld device they use at border crossing?)
Actually after the Snowden revelations: aren't the three letter agencies able to access our data without us knowing it anyways? If we are on their radar, they can get whatever info they want from us anyway. That's my understanding. So why harrass the normal person crossing the border?
Since the border has become such a focal point of our political conscious, the culture of some of these agencies is really being brought to light. Just look at the private Facebook groups of current and former CBP agents comparing migrants to animals and whatnot.
When the culture of an agency gets toxic, you start to see enablement of this kind of behavior.
It's another thing where people have such a different world view about this that I can't understand why they don't have concerns. I can only guess people comfortable with this don't live in a place where the border patrol doesn't bug them, or they don't cross the border much. Your whole life is basically accessible on your phone, giving a copy of it to the us govt isn't going to make america a better country. I haven't ever understood what happens if you don't unlock your devices and just give them to them. Will they return them? I'm certain they'll harass you next time you come to the border.
Like a lot of things that come down to "this doesn't affect them", this is yet another issue where I'm surprised that there are people who support this. The border patrol is under the control of the president, who can make changes. They could change this policy. Obama didn't change it, and Trump doesn't seem likely to care, because 'it won't apply to him'. But why not? The 100 mile border plus other exemptions is incre
And there's others, Israel, German's BND literally handing over most of Europe's internet traffic to the NSA...
-
The same reason you as a non-American had that flag on your wall, is why you hear so much about the US. I'm an immigrant to this country and have lived in plenty of other places
Over the years people's opinions of the US in other countries have gone from overly positive compared to reality, to overly negative compared to reality, mostly because of the amount of scrutiny the country gets (and how much the media here thrives on turmoil, no one is quicker to insult America than Americans)
You know, when you try and compare the US to any country doing worse than the US at treating it's citizens...
... you usually instead get called out for not comparing the US to some homogeneous Scandinavian country that would fit inside California.
Neither is a realistic comparison, in general governments will quickly default to not treating individuals well because of the dehumanizing tendencies of bureaucracy and power dynamics, and the effect is only amplified "few party system" most countries end up with.
The US struggles, but does make excellent progress, in escaping that trap.
I'm an immigrant to this country, my pride doesn't rest on "USA #1!!!!!!!"-style nationalism...
But the US treats it's citizens great on the global scale of the term, that's why they're so quick to make noise when certain groups are excluded from that fair treatment.
The fact Americans are so comfortable and so quick to self-denigrating is just a further reflection of that.
I will always judge my society for the bad things it institutionalizes.
There's no reason for entry to be hostile. It's quite hostile, even coming from Canada. The US would be fine if we had the same entry standards as Canada and an open border...
We could also rather politely control immigration by having a solid system for verifying employment eligibility and fining the pants off of employers that violate it. There's literally no reason to run around policing the individuals working without authorization.
> I will always judge my society for the bad things it institutionalizes.
... like my comment says Americans do and doesn't oppose?
>There's no reason for entry to be hostile. It's quite hostile, even coming from Canada. The US would be fine if we had the same entry standards as Canada and an open border...
Does my comment say something against this?
-
Did you reply to the wrong comment? Or did you think that me saying "Be pragmatic in viewing a country on a global scale instead of just having this self-serving need to constantly insult yourselves" was saying "America did nothing wrong!"
Problems should be solved inwards, not by treating human rights like a pissing contest.
Instead of immediately going "We could do what country X does, look at their outcomes!!!!", realize country X is not your country, and realize, you don't need country X's actions to frame what's wrong with your own country's problems.
The problem with immigration isn't "We're not doing what Canada is doing", the problem with immigration is you're not treating human being like human beings.
It's much easier to justify solutions to the latter than the former because moment you turn this into "look at your sibling do this right!!" you shift the focus from the real problem, mistreating people, to a fake "problem", "other countries are doing better than us", to which it's easy to say "so many others are doing worse".
Other country's actions and outcomes should be a catalyst to examine application in your own country at most, not some kind of goalpost like Americans love to treat them.
Healthy systems exist in multiple-layered robust feedback systems. Short answer: we're the same people just as afraid as we've always been, but we've dismantled or disabled several different feedback systems. We kept mucking with a complex system until we broke it.
This news is a horrible thing, and I'm outraged. It needs to be fixed. Right now. Having said that, it's good to have a little bit of historical context. Every governmental structure we've set up, from the military to a national police force, has pushed the limits to see how far they can go.
You think you'd set up these agencies with clear missions and they would stay inside the coloring book and mind their knitting, but that's not how it actually plays out. Instead, egotistical, ambitious people get in charge and want to do something even more impressive than the last guy. That means pushing things. IIRC, one of the first uses of a telephone tap was made by law enforcement. The intelligence community got so far out of whack that by the 70s it took a major reform to try to un-screw them. A lot of that work we dismantled after 9-11.
Here's another way of saying the same thing: it used to be that when extreme things happened the people we elect and the government we've created took drastic, emergency and probably extra-constitutional action to react. You can go back as far as Jefferson (or before) and the Louisiana Purchase and see people we put in charge kind of making it up as they went along.
This actually worked well because if there was a mistake? Well, we were doing it the wrong way to begin with. Elect new people, clean up the agency, say a bunch of apologies and write checks, and don't do that again --- at least in the same way.
Now, however, we want to create systems of things. Whereas it used to be that if they thought there was a bomb on a plane they might forceably unload it and strip-search everybody there, now we just hired tens of thousands of people and treat everybody that flies like a potential terrorist. Problem solved. No more worrying about those one-of incidents. No more people getting fired, agencies looking bad, or any of those huge cleanups.
After the 93 World Trade Center bombings, the United States Secret Service wanted to put anti-aircraft missiles on the White House. They were laughed out of the room. Who knows, they might have put some up anyway and nobody ever found out. After 9-11 that changed. Now it's a system. They wanted to shut down Pa Avenue, also laughed out of the room. They got it. They regularly ruin cell service, and are monitoring all calls in the area. Now they're bulk-buying privacy data and asking for even more permissions. These aren't "Hey, we're worried that something might happen, so let's try this for a while even if it's wrong" These are "We want permission to do this from this point on out and you leave us the hell alone" I don't mean to pick on them. Everybody's getting in on the action.
I could continue the rant, but as you see, this isn't a case of people changing or agencies changing in the last 20 years or so. This is a case of continuing to tinker with a system over 230+ years until you broke it. I wish it were just as easy as blaming the Border Patrol. It is not.
The trend unfortunately dates back through history. The 1960s through 1990s were a high period of openness to foreigners and globalisation, across the political spectrum, though not universally embraced. In particular the 1965 Hart-Celler Act, lifting nation-of-origin quotas (https://en.wikipedia.org/wiki/Immigration_and_Nationality_Ac...) and the 1961 formation of the Peace Corps (https://en.wikipedia.org/wiki/Peace_Corps) saw a tremendous increase in non-European immigration and foreign students to the US, and of peaceful deployment of Americans to non-European nations. (Despite overlapping in part with the Vietnam War). Globalisation, beginning in large part with oil and the Middle East but extending to consumer, manufacturing, and service relationships, also played a major role. The "bad foreigners" existed, but were Communists, a relationship that shifted and softened beginning in the 1980s, with Islamic and generally Latin-American narcotics adversaries ascendant.
Richard J. Hofstadter, "The Paranoid Style in American Politics", is a 1963 essay that "explores the influence of a particular 'style' of conspiracy theory and "movements of suspicious discontent" throughout American history." It's not specifically concerned with anti-foreign sentiment, but includes that.
But the xenophobic pattern is clear in the history of American Immigration law. Forced Mexican Repatriation (1932), The National Origins Formula (1924), California Alien Land Law of 1913, Anarchist Exclusion Act (1901), Chinese Exclusion Act (1882).
The Page Act (1875) barring "immigrants considered 'undesirable,' defining this as a person from East Asia who was coming to the United States to be a forced laborer, any East Asian woman who would engage in prostitution, and all people considered to be convicts in their own country."
Samuel Finley Breese Morse, creator of the eponymous Morse Code, wrote an anti-immigrant, anti-Catholic screed, Foreign Conspiracy Against the Liberties of the United States, initially anonymously though his name was later associated with the piece.
Surely American Protestants, freemen, have discernment enough to discover beneath them the cloven foot of this subtle foreign heresy. They will see that Popery is now, what it has ever been, a system of the darkest political intrigue and despotism, cloaking itself to avoid attack under the sacred name of religion. They will be deeply impressed with the truth, that Popery is a political as well as a religious system; that in this respect it differs totally from all other sects, from all other forms of religion in the country.
That itself is only one of a long line of examples of anti-immigrant, nationalistic, or racist sentiments expressed by business and industry leaders, including notably Henry Ford and Thomas Watson (IBM), both anti-semites and Nazi collaborators.
Mark Twain's On the Damned Human Race includes numerous essays highlighting abominable treatment of and policy toward foreigners (and others), notably during the Spanish American war, mostly dating from 1890-1910.
Ellsworth and Harris, The American Right Wing (1960) is a fascinating look at reactionary politics, much of it xenophobic and racist, largely of the 1940s and 1950s, with more than a few names familiar today.
What are the use-cases, and when would such a policy have led to a drastically different outcome (in the case of a crime being committed, industrial espionage, or what-have-you)?
If I have a laptop encrypted with luks or whatever, then what? What are the consequences of non-compliance?
I wonder what implications this would have for business travel. Devices may be required to be encrypted and giving a business password may violate employment law in the home country for non US travelers. It could be illegal to grant US border agents access to the phone and also illegal not to.
Even if you could grant access, businesses may very rightly feel the content shouldn’t be accessed by US border agents and if it’s stored by border agents, it means now some US government server could fall under the juris diction of GDPR or something (eg my work phone or laptop had a photo with sensitive customer data or something).
On top of that, it’s increasingly mandatory to use your personal phone for business data, eg PagerDuty, Slack, company email, company social media tools. So while it may be your personal device, you may still run into crazy conflicting issues of whether you are allowed to unlock it.
How are you going to comply with “delete my account” requests when some business data is on US government servers for 75 years?
US agencies have deeply poor and incompetent information security, so how long before this is subject to a data breach, or a rogue employee exfiltrating and selling it? Will people be able to sue the US government for substantial per-person damages when that happens?
The conflicting and incompatible privacy issues of this are bananas. What an arrogant and deeply stupid thing to do by the border agency.
Some businesses don't allow their corporate data to cross borders via devices, e.g. they can use VDI to keep all data under enterprise control except for pixel-level viewing.
This has literally nothing to do with communism. And plenty of people from the left are against these measures too so I'm not sure what you're talking about.
How many petabytes of mirroring before the whole operation becomes too expensive to justify?