Even if you are a person who will never in your life end up as any kind of person of interest for the government, handing over data in this way could still be quite dangerous.
Phones will often contain data that can facilitate theft and fraud if ending up in the wrong hands. If they're able to copy everything, including private data from all apps that could be quite bad. For example many countries now use apps to login to online banking, with private keys for the login stored in the app. Will that be copied? Will it ever be found out if one of the 3000 government officials with access to this data sold it on darknet markets?
Maybe some months after your travel you suddenly wake up one day to find all your money transferred from your bank account to some account in Nigeria.
To me the lack of checks/balances before handing over your device for an hour or so is the worst part.
The chain of custody in these instances is basically one guy going into a back room by himself and hooking it up to a computer.
At the very least you should be able to have the contents of your phone independently hashed before handing it over to a potentially corrupt individual. They can put anything they want on there in that time and what recourse do you really have?
It doesn't even have to be the government itself. Let's say the sheriff in your town takes interest in your partner. Or his kid gets in a spat with your mom because the kid was DUI.
The chances of becoming a person of interest will always be non-zero, but I think I a lot of people can be reasonably confident that they are not likely to become a person of interest.
Given that 0.5—1% of the US population is incarcerated[1], and that getting a prison sentence is far from the only way to become a person of interest, it is quite reasonable to say that chances of getting some unwanted attention from various government and government-adjacent institutions are too damn high to ignore it.
While US justice certainly can be capricious and arbitrary, it is not entirely a random lottery whose eye it falls upon. And while those who believe in the centrality of personal responsibility and try to tell you that anyone who comes into contact with the police must have done something to deserve it are clearly deluded, there are things you can do in your life, or elements of your personal background and lifestyle that, though you never really opted into them, you may benefit from (one might call them 'privileges'), which will reduce the chances that you personally will run into trouble with the law quite considerably.
Your own personal odds are rarely the same as the average odds across the whole population. For anything. That's why insurance companies can exist.
> there are things you can do in your life, or elements of your personal background and lifestyle that, though you never really opted into them, you may benefit from (one might call them 'privileges'), which will reduce the chances that you personally will run into trouble with the law quite considerably.
They are always watching. Always collecting your data and trolling through it looking for things to use against you. You might not face consequences from the ongoing surveillance, but it never stops and something as simple as being in the wrong place at the wrong time or typing the wrong combinations of words in a search engine can be enough to get you questioned by police.
You can always make choices that will make your situation worse, but no matter what you do or don't do there's really no telling what might cause you harm.
> You can always make choices that will make your situation worse, but no matter what you do or don't do there's really no telling what might cause you harm.
People resist this notion because psychologically, on a basic level, we wanna feel safe at home. In Maslow's ordered sets of needs, the need to feel safe at your resting spot comes right after "not being beaten", "not freezing" and "not starving". The idea that it's entirely unknowable to you what (completely innocent and legal) things you might have done ten years ago turn you into a "PoI" today is - obviously - quite scary and contrary to that.
That's what makes the panopticon so disturbing. You can't (or at least shouldn't) ever feel entirely safe/free because the threat is always looming and strikes at any time. I think on some level most people do realize that, even the ones who have never known things any other way, and I think it's only getting harder and harder to ignore. Difficult to say what it's been doing to us though. There' are a lot of other things contributing to the background level of dread these days.
When pretty much every single person in the country is being spied on doesn't that make everyone a "person of interest?"
The only thing that differentiates you from anyone else is how much interest they have in you and that likely changes by some percentage with every scrap of data they collect or whatever they happen to be fishing for in the moment.
At any time your phone's GPS history and your Google searches can land you on a suspect list. Somebody is interested.
This discussion is sorely lacking the nuance that you don’t even have to be a person of interest. You just have to be a convenient fall guy. There’s always a right time for anybody to fit that description.
I worked with a great Nigerian dev some years ago. He contracted for us to do our frontend work. The stories this dude told were insane. He lived in Lagos, notorious for traffic jams. He would frequently get stuck in multi-hour long traffic jams just trying to get fuel for his electric generator. He had to do this to keep his power on during the routine black/brown outs that plagued the city, so that he could continue to work. He eventually, thanks to his work, was able to move to a nicer part of the city where the electricity was more reliable.
Last I heard he and his GF/wife (I don't recall which) were able to immigrate to Dubai, where he's continuing to work as a contractor for western clients, with an eye to eventually immigrating to Europe or the US.
I wish him well, but it is a damn shame that the best option for Nigerians who wish to engage in this type of work is to...leave.
I once sat through a “Pending Regulation of Cryptocurrency” CLE and one of the panelists was a real crypto-fanatic. He put up a slide about how quickly bitcoin was being adopted around the world and he kept excitedly saying how Nigeria was the fastest-growing crypto market in Africa! Another of the panelists was an FBI agent who investigates crypto-related crimes and when it was his turn he was quick to point out that rapid adoption of crypto in a country famous for internet scams isn’t exactly a selling point...
Looks like Dare@MSFT does have an account on HN, altho unused for many years. He's a genuine Nigerian Prince! Well, at least he's the son of a genuine Nigerian warlord/dictator.
A Nigerian and a Florida Man walk into a bar. They order drinks and nachos and have a reasonable conversation that concludes in a legitimate business deal.
Have you seen the YouTube channel “Pleasant Green”? He is a scam baiter but has been working with some of the Nigerian scammers to turn their lives around.
Why the hell would anybody sane, especially with all knowledge average HN user has about government overreach and greed, hacks, 0days, bugs etc. ever put such a critical item as banking app on their phone?
Apple vs Android is irrelevant in this, there is no truly safe mainstream phone in 2022, period. Are people really that lazy?
I do manage quite a few financial things but for none of those phone apps is crucial and I use exactly 0 of them. There is ebanking login app, but on its own its useless, another 3 factors are required for login. There is always desktop browser variant for everything, with firefox with ublock origin and few other plugins making internet a bit more as it was intended to be.
So yes US government can hack my phone if they havent already, they will see what kind of photography and travelling I do, which family members I write to, and some online shopping history. Thats it.
Phones are not secure and probably never will be for anything more. Anybody telling you otherwise is either dangerously clueless or worse
> Why the hell would anybody sane, especially with all knowledge average HN user has about government overreach and greed, hacks, 0days, bugs etc. ever put such a critical item as banking app on their phone?
Because it's convenient, and security is a trade off with convenience. I use banking apps on my phone, and I suspect many (most, even) people here on HN (and who are technically savvy in general) do as well. That doesn't make it smart or good or correct, but I suspect that is the status quo.
I haven't traveled outside the US since before the pandemic, but these days I may only travel with a burner phone the next time I do so.
> Phones are not secure
Neither are laptops or desktops, or anything, really. Everyone needs to decide for themselves what level of security they're willing to accept, and what their threat model is.
> ever put such a critical item as banking app on their phone?
Laziness has nothing to do with it.
Why? Three of my bank accounts cannot be accessed without a phone app, and some of my credit cards will not authorise payments without a phone app. It's not a choice.
Two of the bank accounts do have web banking too, i.e. from a desktop browser. But you have to use the phone app to authenticate the browser login! I found this out the hard way, when my phone screen died so I couldn't login to web banking on my laptop.
I called customer support, hoping to use phone banking to make some payments. They told me they could not do anything until I obtained a new working phone, moved my SIM or phone number over, and then they could transfer the authentication to the new device. Other than that, they had no options for logging in. It was fine to borrow someone else's phone if I wanted, installing the bank app on there, but I couldn't login without a phone.
I had to go through this again when the second phone died a few months later.
Now, I'm guessing you're thinking "use a different bank, duh!". Turns out I didn't have a choice of non-app banks when I needed to open a business account during the pandemic, in order to accept a contract, which I needed. My credit rating was not rosy either, greatly limiting which card services I could choose. Things are easier now, thanks.
My bank sent me a little fob that generates a one time code. Of course, they will also use SMS, the app on your phone, or email for 2FA. They are all considered equally valid and there is no intermediate step should you wish to use one over the other at any time.
>ever put such a critical item as banking app on their phone?
Because my PC isn't meaningfully more secure.
Because in the overwhelming majority of situations, if that security is compromised, my bank will eventually cough up my money.
Also because I also expect neither Google, Apple, my carrier, nor the dab gum gubment is likely to rob me by...
*checks notes*
Compromising the banking app on my phone. Or my PC. Or my router. Or any of the other non-100% secure devices and processes I use to get through my life.
There's basic security precautions, and there's living in fear and paranoia, brought on by a misunderstanding of the threats you are facing.
> Compromising the banking app on my phone. Or my PC. Or my router. Or any of the other non-100% secure devices and processes I use to get through my life. There's basic security precautions, and there's living in fear and paranoia, brought on by a misunderstanding of the threats you are facing.
If you think the risks to your privacy and security are remotely equivalent with a PC and a cell phone I'd argue that you're the one who is misunderstanding the threats you are facing. It is possible that your PC is no more secure than your phone, but that'd be uncommon and your own failing.
You can be responsible and secure a PC pretty well, but there is nothing you can do to prevent a functional cell phone from collecting extremely sensitive data and leaking it like a sieve.
These days, I don't think it's realistic to tell people not to drive. There will always be some risk involved, but you can give folks the tools and the information they need to help protect what's important to them most of the time.
Sometimes that might even include advice on helmets and five-point seat belts, but even without them we should be careful not to mislead people into thinking that a well maintained Volvo XC90 on their desk would be no safer than the 1970s Ford Pinto in their pocket.
Some things are just broken by design and shouldn't be trusted with anything you really care about, while other things can be reasonably safe if you're careful and pay attention.
As someone who works very prominently in mobile device security, and had to long ago come to the realization that I actually KNEW the people who could manage to hack into my phones... I agree with your answer 100%. The threat analysis here leading to only using Firefox on your desktop computer to access your bank makes absolutely no sense to me and--to inject some conspiracy theory back into this (for shits and giggles)--almost feels like "what the enemy wants you to do" ;P.
If your bank uses phone for 2FA (say OTP via SMS or whatever else), but you have no bank login, now attacker have to hack your PC (to get bank account login) AND phone (to get access to 2FA). So not having your 2FA source in same place as your password would be meaningfully more secure
Do you ever use an ATM? How do you justify the possibility there’s a card skimmer in it?
You mentioned “hacks, 0-days and bugs”. I assume you’ve seen the news when big banks like capitalone got hacked. Do you believe your account is safe from any of these types of hacks because you don’t use their mobile app?
How do you justify using your phone to communicate with family members? After all, a hacker could use those people as an attack vector. Those communications, the family member email addresses, your photos and travel history and shopping history could all be used to profile you, profile them, steal your identity, etc
How do you justify using any technology whatsoever when it’s just such a scary world? Once you answer that for yourself, you’ll find the answer to your “why the hell would anybody sane” question.
Wth the various stories about what data apps seem able to access despite being totally unrelated to their core function, they appear to be a goldmine for privacy invaders (advertising companies) and scammers, hence why even semi-popular apps are targeted for purchase by unethicals to turn into personal data feeds.
I don't have banking apps on my phone. I don't need to move money immediately in any situation. And I still have more apps on my phone than I'm comfortable with.
It's all a personal choice about risk appetite, but for most people (not really the HN crowd) the risks are downplayed or unknown.
Were any of the companies listed on the PRISM slide consensual partners? My understanding is that the NSA tapped the internal network in an era where mTLS wasn't rolled out. Everyone then saw the slides and rolled out mTLS.
Sure. I would think that the NSA had plenty of insiders. So do other security agencies, probably. Background checks aren't that thorough against a state-level adversary. (This is one reason why big companies can't trust insiders. I guess small companies should be cautious as well, but sometimes you don't have the funding to protect against insiders and still do your actual work.)
And a hardware implant will give the evil maid control over device I/O at minimum, likely the ability to read RAM too. All that's left is to exfiltrate over a prepaid SIM or something.
It always blows my mind that the same people who insist they don’t trust the government are the first in line to hand over all their personal data to the government, whether by way of Google, Facebook, or otherwise.
1. Any malicious person savvy enough to pull off a crime of interest to the Feds is smart enough to provide a wiped or burner phone to DHS/ICE, and they have to know this. So, what is the point in doing this if not to target law abiding citizens.
2. USGOV has a spotty track record of keeping this information secure. A foreign actor is likely to access this info eventually. As one former government official once joked many years ago - concerning Chinese hacking - "Well, its probably more secure in the CCP's data center, so I wouldn't worry."
This is the problem when a non-technical generation makes the rules and regs. Luddites ought not be permitted to ascend the GS ranks.
> 1. Any malicious person savvy enough to pull off a crime of interest to the Feds is smart enough to provide a wiped or burner phone to DHS/ICE, and they have to know this. So, what is the point in doing this if not to target law abiding citizens.
This isn't even remotely true. See for example the recent Anom honeypot[1]. Criminals do more or less the same things that ordinary citizens do, and often have strictly worse security practices because they believe "ordinary" things are weaker. This makes them great targets for snake oil.
That being said, I agree with (2). It's simply an unnecessary risk to keep this much data around for this long.
Although grandparent's logic is faulty, I think it does go to an important point. They don't need 15 years warrantless storage of phone data. On anyone, including foreigners. If it takes them 15 years to realise they shouldn't have let someone over the border it is around 14 to 14.995 years too late.
The powers these agencies have is far in excesses of what they need to do their jobs, and it is going to be abused. These aren't particularly upstanding people, they're the sort who think DHS/ICE represents an ideal that they are OK with.
There are a few reasons why government would want to keep data for that long. Educated guess: playing the odds that currently encrypted data could be broken in the near future.
My primary argument isn’t security theater, although I do agree it applies. My argument is that no democracy / republic should assume that every resident/citizen is a potential criminal without some probable cause / particularized suspicion/ significant evidence. The larger the percentage of citizens who experience unjustified searches, the lower the institutional trust level falls. Eventually citizens stop trusting elections, courts, police, etc. then people start massive social panics on the assumption that everything government is corrupt.
This isn't security theater. Security theater has to be in your face. Security theater is pageantry, but no substance. Security theater is has no impact on your safety, but makes people feel safer by providing the illusion of security.
This is substantial, has been being done without most Americans being aware of it, and it doesn't make anyone feel safer, but it still has a huge impact on your safety. It makes you less safe.
This is just a gross violation of our constitutional rights.
If a group had infinite budgets to actually act on this data effectively and if you could actually ever prove that this data was used for said purpose, you're still violating the privacy of 99.999999 of the people who don't commit crimes. I'm all for collecting legitimate warranted wide access information about people with legitimate patterns of criminal behaviour. I'm all about collecting information about financial transactions as one form or another the proceeds of crime are traded into legitimacy in regulated channels (at least for now). I'm not ok collecting "whatever I feel like" for the reason "well because we legally can".
if there is data suggesting it, it would be classified. the Government isn't in an equal information relationship with the population, nor can it be, to effectively use intel domestically and abroad.
just a counter-argument. I am not in favor of this obvious overreach. But I don't need data to tell me that.
Criminals who get caught do more or less the same things that ordinary citizens do, because the systems setup to catch them assume they'll act like a normal person, because you catch the greatest number of criminals that way. By definition, we have no information about what criminals who don't get caught do, because they're never identified as criminals. That's the point.
Selection bias is the most powerful force in the universe.
Reminds me of the Stainless Steel Rat, where he is intentionally caught and sent to prison, hoping to further his criminal education. Only to find out he is now incarcerated with all the criminals that weren't smart enough to evade capture...
This is essentially Pareto resource efficiency for crime. Spending 20% of resources catches 80% of criminals. To catch the other 20% you have to spend exponentially more with exponentially diminishing returns. (This model is too simple though as the environment isn't static and criminals are able to learn and adopt strategies that make your efficiency decay over time)
Ah, so criminals that get busted follow poor practices that lead to them getting busted. Not sure what this has to do with criminals at large, you know, the ones that do stuff like use a safe phone when traveling abroad.
This is unfalsifiable: are you saying that there's some unquantifiable number of perfectly competent criminals? How would we go about verifying that?
On an individual level, I am positive that there are criminals that escape the (not particularly competent) techniques of DHS/CBP. But the GP's claim (that Federal criminals are, as a category, completely above and beyond this kind of enforcement) is just not true.
I'm just going off of talking with people during 5 years in the Feds. You know, the guys that can get whatever they want in prison because 'connections'. The guys that can reach out and touch someone for you if you need it. But sure, there isn't some larger more competent network of people that arrange all this for them. It's probably their grandmothers.
Of course there are. I said that in the last comment.
There are two points here:
* Estimates of "darknet" economies (and "criminal" economies in general) strongly express preferences for the mostly unfalsifiable LEO hypothesis that there's lots of crime just floating around out there, and they could do so much more about it if we just put up with a little more surveillance, etc.
* There's no particular evidence that there's a bimodal distribution between incompetent criminals who get caught and competent criminals who don't. There are probably lots of competent criminals who don't get caught, but there are also probably lots of incompetent ones who don't (and vice versa). The strongest predictor for successful interdiction (especially at borders) isn't competence, but sheer numbers: criminals have to succeed every time, cops only have to succeed once.
there is without a doubt a correlation between the significance of criminal enterprise and the rate of getting caught.
they may be catching some low level movers with these practices, but not much else above that. The evidence is that there is functioning enterprises in the first place. If captures at the border were a normal distribution of all criminal competency.. that would be destabilizing to a trillion dollar industry.
> there is without a doubt a correlation between the significance of criminal enterprise and the rate of getting caught.
This is the problem with unfalsifiable claims. Why is that "without a doubt"?
I can formulate a just as intuitive (and just as baseless) claim: less significant criminal enterprises get caught less, since they fail the "significance" test.
You are right, organized crime has never existed in this country. Hasn't required complex new statutes be created to go up against their sophistication. The government doesn't shout from the rooftops with their limited victories. You got me.
If you exclude the history of crime in this country and go only from the context of this specific conversation, you have a valid argument.
There are no Mexican cartels. They definitely don't operate in the USA (because they could never operate in a covert way in the USA and a public way in Mexico, being smart and adjusting to fit situational needs). The cartel just sits on the other side of the border and 'hopes' their product makes it to market and hopes they can find random repeat drug smugglers for their BILLION dollar operations.
The mafia was wiped out by the Feds. Vegas is totally clean of corruption.
MCs are just guys that enjoy riding together and having chapters spread throughout the country.
I can't buy illegal drugs in every town in American (which would require a sophisticated multistate/international logistics network). I can't launder money (yet the government continues to impose complex money laundering rules on banks at significant cost to the industry for some reason?). There aren't massage parlors in every city with women from China/Korea, with those women routinely changing out.
And if anything illegal is happening, it just random individuals, acting on their own, who HAPPEN to not get caught. A multi billion dollar international network, that has an uninterrupted supply of drugs/gambling/sex in most ever town in the country, all done by random people that somehow make it come together.
I didn't say any of that. Of course there's organized crime in the US.
My point is simple: LEOs rely on the fear and paranoia of invisible, unquantified crime to maintain public support for things that we'd otherwise never accept (domestic surveillance, civil asset forfeiture, a generally bloated and inefficient funding structure for police forces, etc.).
All I want is numbers: the money we put in should be a function of need, not of persistent handwringing by paranoiacs (or, worse, someone with a power trip taking advantage of the paranoiac). To that end, it simply isn't enough to say "we don't know what's really going on." Find out (that's what the existing ample funding is for!) and come back for more.
> Criminals do more or less the same things that ordinary citizens do, and often have strictly worse security practices because they believe "ordinary" things are weaker
The null hypothesis is that criminals are humans like us, except that they make money through crime instead of legal employment. Fallacious reasoning here would require us to treat criminals as uniquely invisible or otherwise unlike other humans, which isn't really borne out.
>>So, what is the point in doing this if not to target law abiding citizens.
It's the old rule known to governments all over the world - there is no such thing as an innocent citizen, there is only a citizen who you haven't investigated enough. Call me cynical but storing ALL of your digital data allows the agencies to basically find something, anything, that will allow them to further blackmail you into complying. Even the most innocent person will have something that can be misconstrued as criminal, from jokes about tax evasion to pictures of your toddler in a pool - threaten going to trial if the person doesn't do X, and most people will comply, not because they aren't innocent, but because the might of the American justice system is such that you really don't want to fuck with it on the receiving end.
To add to your point, our laws are so overly broad that it is impossible to exist without breaking some law. (your point talks of 'digital data' my comment refers to real-life)
From driving 1mph over the speed limit, to skipping FBI warnings on DVDs, to countless other "innocent" infractions. If they look hard enough they will find SOMETHING. And that's all they need.
Three Felonies a Day by Silverglate (ISBN 1594035229) and even https://twitter.com/CrimeADay make it obvious. Every citizen escapes prosecution only by the grace of Federal law enforcement.
For people renting it is routine to receive mail for several previous tenants. Everytime you throw away a credit card sign-up offer for someone else, you are committing a felony.
I did this with mail from the tax service addressed to the previous tenant. The result? A few days later I received the same mail in my inbox again, plus another one. Returned both of them, a few weeks later I received 4 mails.
When I started receiving more than 20 mails in one day, all from the tax service to that previous tenant, I bought a shredder and shredded the entire stack of mails. Some years later, I was still shredding mails. My magnanimity to correct for government failures only goes so far.
I've been routinely receiving junk mail for a person that I know for a fact has been dead for about a decade. I used to do this with that mail, but stopped a couple of years ago. Now I just toss it directly in the recycling bin.
It's not that dangerous. They'll talk to you about what your intent was. On the other hand it could be the companies mailing you junk with no reply for decades have the ill intent because they're trying to get people into committing felonies (entrapment) with dogshit offers nobody would ever take that are littering the mail system. So if they accuse you, tell them that accusation must be redirected--like mail is--to like a middle-manager in the company doing mass-mailings.
They didn't pay you anything to wade through their junk. You aren't their slave unless you sign.
And I don't open the mail -- that's a crime the postal service would take very seriously indeed. Sure, perhaps my practice is technically illegal, but I don't think it's the sort of illegal that the USPS would spend a lot of time and money on.
I'm not opening someone else's mail, I'm not preventing it from being delivered to the address on it, and I'm not preventing the recipient from receiving it. His death does that.
why is this specific to renting? what about previous owners? and yes I do get stuff for people not here for more that 12 years now, and I toss it, and I dare them to do anything about that.
These systems are perpetuated on the backs of the naive or sanctimonious enough to believe, and loudly proclaim, that they have nothing to hide; they haven't been targeted and haven't ever been in trouble; why are you breaking the law, you criminal scum?
Generations pass and everything remains the same. We're all on the same boat, so why are people so quick to judge against those targeted for violations of a contrived status quo?
No in the USA. We have rights on paper, but the threat of the trial tax convinced most to waive all of their rights in a plea agreement. That takes away things like their right to appeal their sentence, challenge illegal police behavior, etc. What would you pick? Keep your rights but face the entire weight of the US Government with unlimited budget and risk 20-40 years, or a plea for 3-5? All you have to do is give up all your rights. 95% pick to give up their rights.
Plea agreements were illegal up until the 70s for a reason.
>Any malicious person savvy enough to pull off a crime of interest...and they have to know this.
You'd be amazed at how many dumb things smart criminals/people can do. Maintaining proper OpSec is hard. It only takes one mistake to give the LEOs a string to pull to unravel the whole sweater.
Everything else, I tend to feel the same way as you. Just wanted to mention the OpSec part
I just just reading this Bloomberg story about a Chinese spy who was busted. It’s mind boggling how sloppy even state backed malicious agents are at information security.
It's hard to keep up security. You get tired, lonely, bored, exhausted. Everyone screws up at some point, you hope that those you're hiding from don't notice.
It's similar to torture training in the US Military: they teach you that everyone breaks eventually, the trick is to hold out long enough the information you provide isn't that useful anymore.
Haha, just 5 minutes ago I read a story about Iranian 'hacker' who wrote a ransomware note in Microsoft Word, so the file metadata contained his full name :)
Similar SecOps problems happened to both John McAfee and the Silk Road founder.
As far as I remember, McAfee shared an iPhone photo with location metadata when he was in Belize, so American authorities were able to track him down.
The Silk Road founder had some sort of PHP coding error which led police to his San Francisco location. That is, you could simply visit the Silk Road home page and his location leaked.
So yeah criminals aren't better at SecOps. They're just more reckless than most people...
(where 80 is a random number between 75 and 85 I choose at the time and 91.1 is a random (real) number between 91.0 and 91.9)
You cannot exiftool purge a HEIC because it breaks it - you need to exiftool purge the resulting jpeg ... also, weirdly, -attenuate needs to come before the +noise switch in the command line.
I think I know what you mean when you say Luddites, but the Luddites were actually very knowledgeable about technology. They rebelled against technology being used against them without any benefit to them. If you understand that history, you might agree with me that we want Luddites such as Wyden in government.
I do think it's a shame that nobody seems to understand what the Luddites were actually about. They weren't ignorant of or against technology at all. Their beef was about economics.
> A foreign actor is likely to access this info eventually.
This is one thing that has always confused me about the data collection in democratic countries. I understand the appeal from an authoritarian perspective, but it seems that people don't recognize that this same data can be used as a weapon against their own citizens.
So you're left with three real options: 1) Minimize data collection, 2) Spend massive amounts of money on encryption, research, and constant audits to minimize the risk of data leakage (which will eventually get leaked in some form), 3) leave your population (and your political positions) vulnerable to manipulation by foreign and domestic entities that do not have the public's (or your) interest in mind. It seems like we're going with #3 but it even seems like a bad strategy for authoritarians. #2 seems better for that one. But #1 seems best for democracies and people in positions of power where power is not highly centralized. (Can we at least get homomorphic encryption and learning algorithms?) But I guess these same people are still under an impression that a backdoor doesn't work like any other door: that anyone can use a door as long as you can figure out how to break or crack the lock (which always happens).
> This is the problem when a non-technical generation makes the rules and regs.
The millennials hold the power these days. If you consider them non-technical, I'm not sure there will ever be a technical generation...
Which may be a fair assertion as I work with a lot of people in the tech industry who wouldn't even consider the issues you raise unless it was handed to them on a silver platter. If actual tech people aren't considering it, those who have other focuses in life certainly won't be.
Millennials have less money than the generations before them, they do not make up the majority of voters and they aren't executives at large.
The only power most of them have boils down to passive or active rebellion, and they are too busy managing excess grey pressure in most places while said grey pressure is actively voting against them.
Additionally, even millennials aren't technical at large. They certainly aren't technology preactive enough. Not even most developers are.
The intelligence community only exists because those in power grant it so. The millennials hold the power. Certainly they delegate – there is only so much time in the day – but the outcome still rests on what lies at the top.
The reality is that millennials, as a generation, don't see a problem with this. Select individuals may, but individuals don't hold power.
im not sure what definition you are using, the executive is nearly 80, the average age of congress is 60, average age of CEOs is 58. You know, the people with actual power.
The civil servant representatives may be older, but they don’t hold the power. They are hired by the power to serve the power. Again , we are talking about the power, not those who the power has delegated some work to.
Again? No, you obviously have a different definition of power, one that is abstract and in practicality useless. I'm trying not to be disparaging, but your comment is so absurd that I can't think of any situation where it would be appropriate outside of a college freshman poly sci class.
Please, let your disparagement run free. It allows us to understand that your motivation is to protect your emotional state, not to simply convey information as has been the nature of discussion up to this point. As I have no emotional attachment to the subject, I'm not bothered by it and am able to learn that you are not here in good faith.
Contradictory information is welcome, encouraged even, but I am not sure your criticism, no matter how constructive, is on-topic information. The subject here is pretty well defined. Worrying about what I may have done wrong does not add value to the thread of information here.
Bringing this back to the topic at hand to not derail it further, millennials hold the power. They are largely not concerned with it. Technical understanding to some degree doesn't mean one is an expert in all matters of tech. Security is actually not well understood by most, even those who are involved with tech professionally. As an example, "don't implement your own encryption" is common advice given because we realize that security and related matters is actually really hard to understand and really easy to get wrong.
Sure, lets start with what I can only assume is your premise, that since millennials are very recently the largest adult demographic , that somehow translates into any current issue being implicit agreement by the millennials?
1. millennials are very very marginally above boomers in % of population, when separating each demographic.
https://www.statista.com/statistics/797321/us-population-by-...
- this doesn't give millennials majority rule, ie (boomers + gen x ) is larger
2. It is not the case that population numbers are directly proportional to power. Even on paper, this has never been true in the US. It is a democratic republic. A million arguments could be made why this ideal is even barely true.
3. Political power in the US is so far removed from I'm guessing your libertarian? view of politicians. They are not servants of a populace power. It is also not a failing of millennials if politicians are in contradiction with "millennial" belief.
4. The US is not a vaccuum. One trillionaire would have more power than 99.99% of millennials combined. this isn't the french revolution.
I feel like your reply to politicians not being representative of the marginally larger populace of millennials is a moral failing of millennials for not starting a revolution. Which is absurd.
Indeed, it would be quite illogical to experience feelings over consuming information. There is no inherit emotional experience found within information. The fact that security is hard to understand, even for tech professionals, equating to feeling like there is a moral failing of millennials being implied does not compute. If your feelings won't let you participate in good faith, so be it, but ultimately there is no value in those emotions.
You are saying millennials hold the power, like it's an axiom. There is no on topic when you build your premise on that. They do not hold the power by any reasonable definition.
Were it an axiom what purpose would stating it serve? There is no value proposition found in conveying information that is already established.
Millennials hold the power, but do not understand technology well enough to realize the implications of their actions. Many tech professionals do not even understand the implications. It is a hard topic to understand.
Certainly. Every manager understands that when you hire an employee there will be situations where, in the heat of the moment, they have to make decisions without consulting a higher rank and sometimes you won't like those decisions. That's the nature of being an employer. If you weren't willing to take that risk you wouldn't hire someone.
However, when an employee doesn't do what you like you can tell them to stop going forward. There isn't much will to have the employees stop in this case because nobody is thinking about the security implications outside of HN where you have professional security researchers able to provide their unique perspective. Security is a fairly hard to understand topic if you're not deeply engrossed in it and is not something people casually think about.
Venture out into the world where you find millennials in construction, food service, retail, childcare, etc. and listen to what they are talking about. I can almost guarantee it is not this.
Upper ranks, sure, but at the very top you find millennials. They are the largest and strongest force.
Of course, they also don't really consider the implications. Step away from HN, where the perspective is biased by people who study security for a living, for a minute and you won't find much of anyone who is stopping to think why this may be a problem.
- On step 11 you can choose to allow (or disallow) removing the profile with a password
- Alternatively you can backup the pairing records from your laptop somewhere to be able to put them on a new laptop
- Alternatively you can configure your iPhone to e.g. backup photos and so on to icloud, and then if you ever lose your laptop you can wipe your device and restore the data you chose to backup
Yes, although if the premise is that you're being compelled to unlock your device by law enforcement then it seems like they could also compel you to disable Lockdown Mode and restart your device - that's not possible with Pair Locking.
iPhone users are pretty safe even without supervision and the special profile, right? Don't they have to authenticate (passcode) to allow a forensics tool to connect? Still, I appreciate the idea to put up another barrier.
On my last trip back from Europe in June, when I re-entered the US, US Customs & Border Control didn't ask for my passport. No one did. They did wave a webcam connected to a computer in front of my face, and then a moment later, called out my name and said I could enter. Same with everyone coming through the international border area.
I think that's just as weird a development and worthy of "WTH?" as this topic.
BOS got unstaffed camera kiosks some years back, and being the wise-ass I am, I made a funny face for the camera, figuring the picture would end up stored for all eternity on a computer, never having been seen by human eyes.
At that point in time, they were still having humans in the loop, and I got a different kind of funny look from the customs or immigration person I spoke to some minutes later.
I got a third kind of funny look once we were allowed back into the country from my highly unamused wife...
I took a bus many years ago from Rochester, NY to Toronto, ON. As ID for crossing the border, I only had my driver's license, not my passport, as this was allowed at the time. But the border agent was a bit grumpy about it for some reason. He asked if I had a birth certificate, and I thought I'd be cute about it and responded, "Sure, of course I've got one... but not with me! :D" He stared at me dead faced and just said, "Go over there and wait in line J". Line J felt kind of like "The group W bench" from the song Alice's Restaurant. I waited in that line for about 45 minutes for the new border agent to give me a tired look and then wave me through. The rest of the passengers on the bus waiting for me were not amused.
At the passport control kiosks, they can just scan your face and give you an exit ticket. It was super quick, and surprising. I was able to skip talking to an immigration agent completely. They can do this because they have photos of me from previous kiosk visits, and because they can restrict the universe of photos they need to check to just those who were on recent flights. I wonder how well it works for twins traveling together or something. For any level of uncertainty, they can just have you go talk to a human instead.
Were you on the illusion that they didn't have your biometric data? Or that they didn't have the passenger list with your name in it? Those two are pretty transparent (and honestly, not a big deal).
Does biometric here mean your passport photo? I totally believe this is the official name, but the nomenclature definitely opens up the possibility of concept creep so that biometric data can mean anything from the mundane to the terrifying
A set of high quality photos, from a few different angles, a set of fingerprints, and quite possibly a sample of your writing gait. Also, very likely, some measurement of your height.
That surprised me as well, but even freakier, my sister flew into the US with her 3 year old who looks nothing like her passport photo since it was taken when she was 6 months old.
Held the kid up to the camera and boom - full name and DOB pops up.
Pretty clear the facial recognition tech works well, but I also wonder if there is backend matching with passenger lists as well.
Same. I think it's great. Saves me having to take out my passport and the border control agent has all the info they need. Yes, your face is saved in their DB but so are your fingerprints.
This happened to me in 2016 crossing into Canada. Borders agents took my phone for no reason, demand I give them the password to unlock it (otherwise they would seize the phone), took it in the back for 45 min before returning it and letting me enter. I think it’s obvious they took all my data.
So now when I travel I just bring my “travel” phone with no sensitive data on it.
> I give them the password to unlock it (otherwise they would seize the phone)
IIRC, I've read they can only hold your phone for 30 days or something like that, then they have to return it to you. They can delay an American citizen, but they can't deny entry.
Ever since then, I travel with a travel phone, make sure my photos are backed up when I cross a border, and shut it down before I go through border control. If they demand a password, I'll put up a little fuss and then let them take it.
I had this basic thing happen in 2014 -- I refused to give access. I was detained for a while, part of it in a cell, and Canada did explicitly deny me entry. They never gave back my phone or laptop, though I didn't fight too hard for the hardware.
I like to share an anecdote that at a professional conference, some agents from the ATF came to give a presentation regarding updated regulations and found that their laptop couldn't connect to the projector.
No biggie, I had just finished my presentation and offered to let them use my laptop. The moment they plugged in the thumb drive with their presentation, my virus scanner went apeshit about something on that drive.
I kept that laptop disconnected for the rest of that trip, and nuked it once I was back home.
They took my laptop in the back for just 30 minutes or so, after which I refused to accept it back from them or even touch it, which took another 2 hours or so. Eventually they agreed to dispose of it themselves.
What harm would happen if you touched it long enough to put it in a trash can? You were concerned they may have poisoned it or something? I completely understand not wanting to operate it since they could have backdoored it or put tracking devices in it, etc.
Another reason right to repair is so damn important. If all of a device's memory were thoroughly documented, then this type of attack would require hardware modification, making it more expensive and easier to detect. And if hardware revisions were documented, the community could do things like document visual changes to circuit boards for automated visual comparison. Whereas with the current state of hostile code like ME/PSP, I can imagine a (larger) backdoor being created merely as a side effect of a "search".
Buy a 2nd-hand $40 scrap phone, erase it, save a few panorama pictures and a couple of selfies on it and put your SIM card in it every time you are about to cross a border. Then put the card back in your regular phone after that.
It is less "sim card is tied to this phone and can't be moved" and more "sim card exists logically and doesn't require a physical presence in the phone it wants to be used in"
Which really sucks for travellers. High roaming costs? Just go to a gasstation and buy a travel sim card, put it inside, use it, put it in the walled when you leave, and if you still have any data left, use it the next time you come there.
Just go to a carrier website, buy an esim, download to the phone, use it, switch it off when you leave, use it next time you come there.
It is literally the same except you don't even need to go to a gas station. My Pixel can hold as many esims as I want standing by until they are needed to be used.
If any company you depend on uses your phone number for 2FA, then SIMless is useful. A SIM can be removed and put into another phone to receive authentication txts.
Mostly relevant if your phone is lost or stolen, or perhaps even if criminals are directly threatening you. For example, I worry about bank accounts when I travel to some countries because criminals would be highly motivated to steal from me - the only thing protecting me is their ignorance. In some countries a few thousand dollars is a lot of motivation. Unfortunately my primary bank does not provide secure 2FA but only provides phone auth, and I am locked into my bank because of my mortgage (I have a mortgage, and conditions have changed which prevent me from getting a different mortgage from another bank). I could cancel revolving credit (the main financial risk) but that has other opportunity costs for me.
Also SIMless helps prevent unwanted telephone charges - important if roaming in other countries on account. Phone companies do not make it easy to limit your liability, so if you are unlucky you could end up owing many thousands.
This is why you should enable the PIN code feature for your SIM. It will be disabled after a few incorrect attempts. It protects you from the scenarios you describe.
One approach would be to upload everything, wipe the phone, then log back in but not connect to iCloud (or Google).
Once you've cleared the border, go to a coffee shop and download over their WiFi. Or not, if you're on a unlimited data plan.
That has the advantage of requiring only one phone but would definitely look like you were hiding something. So your approach of a travel phone is better.
Unless they have some reason to fear you, they'll just take it if they feel like it. Worse, if you're not Canadian they might send you back where you came from. And when they do it, they won't even tell you their names. What are you gonna do about it?
I'm not sure I missed something, the title says "Americans" but I couldn't find an elaboration on exactly _who_ is subject to these searches. The ACLU [0] seems to contend that, at least, US citizens are not subject to these measures.
Of course the official response is what you would expect:
“CBP officials declined, however, to answer questions about how many Americans’ phone records are in the database, how many searches have been run or how long the practice has gone on, saying it has made no additional statistics available “due to law enforcement sensitivities and national security implications.””
To fight these people you have to be some combination of powerful, morally spotless and willing to make great personal sacrifices - like Chelsea Manning.
A government that doesn't keep good enough control if it's people will soon be overthrown.
When you give the people more freedom to protest, organise, mass communicate easily etc, you also have to add equal amounts of monitoring and restrictions to make sure that next movement to overthrow the government can't pick up speed without you catching it.
Yeah, but that defeats the purpose of creating the state in the first place.
The entire point is being able to tell people what to do for your own profit.
It's a lot easier if you pretend you are doing it for the subject's benefit as it reduces the resistance to rule immensely. But you don't want to let that go too far or they start getting a big head and start thinking that paying you billions of dollars is optional.
We wouldn’t want those pesky commies, ahh sorry, that was the 50s and 60s, those darn uppity negroes, ahh sorry again, my bad, that was civil rights era, those blasted … err, commies again? They made a comeback in the 80s it seems. Ahh there it is. We don’t want those crazy islamist terrorists harming our people. We need to protect your freedom … by curtailing it, of course.
Sorry, sorry, I’ve just been informed, the boogieman is no longer islamic terrorists. Now, it’s called radical white supremacist qanon Jan 6 anti vax conspiracy incel nationalist. My bad. I apologise.
But the curtailing of freedom will continue and the surveillance will increase. In order to safeguard our freedom and privacy, of course.
If you cannot see the difference between civil rights movements attempting to change governing to be more even-handed vs expansionist authoritarian governments or movements attempting to destroy democratic governments altogether, you need serious help (and should at least stop broadcasting your ignorance).
It's less about the difference between these groups and more about the response to these groups. It is your politics showing in your response rather than the person you are replying to... do you think they don't believe that Islamic terrorists exist (which they mentioned)? At no point in the history of the government national security apparatus has the target and its veracity made any difference in the trend line of the government doing more surveillance and curtailing more freedoms. Don't believe me? Do some research on COINTELPRO.
Your argument, and that of many others here, seems to be that any govt surveillance is illegitimate, and that govt cannot have any legitimate reason to capture information on anyone.
There couldn't be any actual reason for intelligence operations. "It is your politics showing".
Any such view is hopelessly ignorant and naive, yet it pops up here often.
The person to whom I'm replying is blatantly implying that it is nothing but a variety of illegitimate excuses that form a false justification for intelligence operations.
This is even more ignorant than usual, as none of those are the source of intelligence gathering, which predates all of them.
Yes, I'm familiar with COINTELPRO, a horde of illegal FBI operations, and many other excesses among the 17 intelligence agencies. I also note that these were ILLEGAL and shut down. I also note that intelligence has been twisted and abused by politicians, including bogh Bush presidents (Bush Sr. let exaggerated estimates of Soviet mil funding drive our mil funding, which did have the good result of collapsing the SU, and Jr abused intel to wrongly justify the Iraq invasion on WMD grounds).
I'm know enough to see that while the excesses and even abuses do matter a lot, they are not a justification for ending all intelligence, whether domestic or international. If you want to do that, we might as well simply declare anarchy, and let everyone deal with the criminals and warlords who will take over, and that's no exaggeration.
> If you want to do that, we might as well simply declare anarchy, and let everyone deal with the criminals and warlords who will take over, and that's no exaggeration.
Bruv …
Honestly I can’t tell if you’re for real or no. You already did that! California. People robbing stores in broad daylight, nothing happens to them. Chicago. Do I need to say anything about that third world enclave? Bloody hell man, chaz. A literal warlord took over!
What are you doing to yourselves? Snap out of it America!
It has already been tried, both the ages before govt, every time govt fell down, and in the case of San Francisco, just got way too lax.
The idea that we can somehow get away without governance (or intelligence ops, or policing) is born completely of very high privilege — it completely assumes that all the things that the govt does just happen automatically.
It is just like the idiot new manager who arrives and sees that the halls and offices are clean so fires the janitorial staff as excess cost or because they are inconvenient.
Of course there are overreaches and abuses of intelligence, and the very concept of policing and everything about it's training, practice, accountability, and results needs to be burnt to the ground and overhauled.
But that does NOT mean that we can get away without it. Because, as you noted, even a little time without it becomes a disaster.
The key is not to abandon intelligence. The key is to strengthen democracy, make sure that the institutions of democracy, lawmaking, executive, judicial, press, academia, industry, ngos, and individual people all have their own separate power base and independence.
In autocracies, all of these are bent to the service of the leader/oligarch.
In democracies, there are all kinds of visible flaws, but they tend to be self-correcting, because there is oversight and balance of power. That alone does not prevent overreach or abuses, but it does lead to them being eventually corrected.
As Churchill said: "Democracy is the worst form of government, except for all others."
Believing government acts on your behalf reeks of 'very high privilege.' If you think shop-keeps won't protect their stores once the chains of SF/Cali government come off, I have a bridge to sell you.
Edit: thank you for spelling correction. Wreaks changed to reeks
Of course the shop-keeps will attmpt to protect their stores. That is completely beside the point.
The point is that without a democratic government that is at least attempting to self-govern, the alternative is either a new autocracy comes in (see Russia, CCP, Venezuela, Myanmar, etc.), or it starts with anarchy, and quickly falls to the first crimelord/warlord.
Every one of those options is far worse than a flawed democracy.
Unless, of course, you can point me to the magical stable stateless advanced society where I can go live... (srsly, it'd be great)
And no, believing government acts on your behalf does not "wreaks of 'very high privilege.'". Aside from the fact that the word you want is "reeks" (as in smells bad, not inflicting punishment of vengeance), thinking that an attempt at democratic govt is less bad than being ruled by a crimelord, warlord, or fascist autocrat is not high privilege, it is simply a fact. Being able to live in such a democratic govt is, sadly, a bit of a privilege, as many are not so fortunate.
What is your test to determine whether a nation has reached the level of "flawed democracy?"
Is the US one?
I mean even anarchism could be considered 'flawed democracy.' The power is theoretically at the individual level, with the population of each government split down to a democracy of size '1' and the individual voting how to dictate his/her own life, although of course even that is flawed.
Then again, if you frame it as "flawed democracy" vs "everything worse than that" then almost by definition flawed democracy is going to win...
First of course is that the people elect their leaders and not the leaders selecting their "voters".
How independent are the various pillars of a functioning democracy? The Legislative, Judiciary, Executive, Press, Academia, Industry, Religions, NGOs, etc.? Are these institutions free to pursue their own course, or have they all been co-opted to serve the ends of an autocrat or oligarchy?
This all exists on a spectrum that can be measured. Hungary is, although nominally a democracy, tipping strongly to autocracy and is in danger of being expelled from the EU. OTOH, Iceland kicked out the bankers & politicians that caused the crisis a decade ago... Both nominally democracies, one strong, one weak. The US nearly fell to Hungary's fate, and still may, but things are trending better and a majority recognize that parts of one party are no longer a valid political party but are attempting to threaten democracy itself.
So, no it is not a self-defining tautology, but a characteristic that can be measured.
The US has not yet fallen, but is definitely under attack from within on two major fronts, one is masquerading as a political party, and the second was previously the greatest threat, which was corporate regulatory & legislative capture. Progress is being made against both.
I'd suggest reading a bit more about it with the Renew Democracy Initiative [0].
There is a split here between law and practicality for many people I guess. As a matter of law for US Citizens it doesn't matter whether there is an "exemption" or not: a US Citizen may not be denied entry at a land port of entry, period. Their property can potentially be taken but only with legal process and it can't be kept indefinitely without violation of law. If they're wanted for a crime they can of course be arrested from which the normal legal process within the US plays out, but all the normal requirements are there too. They can be asked additional questions and put through more inspection, but with citizenship established that's it. So if someone simply refuses to answer any questions or unlock their phone and there is no further reasonable cause there is nothing the CBP can legally do to keep them out.
But as a practical matter most people don't want to spend an extra hour or hours or even extra minutes going through a more detailed search for contraband or whatever else. Most don't want to, aren't ready for and/or can't afford having electronic devices held for days/weeks before getting them back. A lot of people simply don't know their rights. So without an explicit exemption a lot of Americans undoubtedly would submit "voluntarily".
So the ACLU isn't wrong (and their actual page is appropriately more nuanced [0]): Americans aren't "subject" in the legal sense to this, or to any other questions beyond what's needed to establish citizenship. Having done so they may politely insist on entry and refuse anything else, demand to see a supervisor if an agent persists in unconstitutional questioning, submit any property required while in response demanding receipts and pursuing complaints or legal action afterwards (or both), and at the end of the day the CBP must put up or shut up: let them through or arrest them, and for the latter will have to meet the legal standard and it'll all play out domestically. But at the same time the financial and other burdens this imposes are very real and serious.
Best practice would be to go as "clean" through the border as possible, preferably with a dedicated phone that only has minimum necessary travel and navigation data on it and nothing else, no logging into any personal accounts of any kind, no bookmarks or the like, and cheap enough to not care about losing it. Then one can just let border agents look through whatever as much as they'd like, or let them take it and just write it off. Not everyone can or knows to even consider that possibility though. And of course the vast majority never have a problem, so it's insurance against a "black swan event" for the average person (those who suspect they'll be subject to heightened scrutiny legally or not may already do this). It's valuable to note both the exact state of the law and when the practical effect is different.
----
0: ACLU: "If you are a U.S. citizen, you need only answer questions establishing your identity and citizenship, although refusing to answer routine questions about the nature and purpose of your travel could result in delay and/or further inspection." Or later "U.S. citizens have the right to enter the United States, so if you are a U.S. citizen and the officers’ questions become intrusive, you can decline to answer those questions, but you should be aware that doing so may result in delay and/or further inspection".
So the ACLU does acknowledge a practical cost to insisting on your rights, they aren't merely blindly saying "not subject".
And of course non-Citizens presenting for entry at the border are subject to the coercion that refusal to comply will likely result in entry being refused. Noncitizens do actually still have human rights (something Americans often seem to forget - ‘I can’t believe they used a dronestrike on a US citizen’, etc)
But take the example of a person who has been issued a visa, looking to enter the US with the intent to immigrate legally, doing everything by the book. On their phone they likely have all the privileged communications with their immigration attorney - all the conversations about which visa strategy to pursue, etc. now they’re at the border, they can be pressured by an agent into handing that data over ‘voluntarily’. What protections does that person have as to how that information is used in respect of their future immigration application? Are they entitled to due process protections? Have they waived attorney client privilege? Once they later become a citizen, is that data still on file and searchable by DHS?
Or a green-card holding US resident, returning home from a business trip, with corporate data on their phone - can they refuse to hand it over, and risk being refused entry and heap or fixing their US residency? If they can’t, does that mean some employers might refuse to hire green card holders to mitigate such risks?
This data collection is egregious even when applied to noncitizens.
Sorry, 5 comments in a few hours triggered HN's rate limiting, "sorry you are posting too fast", so I couldn't reply earlier. Not sure if you'll still see this but since I wrote it anyway:
>And of course non-Citizens presenting for entry at the border are subject to the coercion that refusal to comply will likely result in entry being refused. Noncitizens do actually still have human rights
Certainly, but this sub-thread is specifically about Americans, so that's what I was sticking to. That said yes, non-citizens do not have any right of entry. However, that is the norm worldwide not the exception. There is no universal "human right" to enter any country except as a refugee or someone seeking asylum per ratified treaties or domestic law. The basic idea of a "sovereign nation" is somewhat bound up with the capability of border control and distinguishing the nation from the world. There are lots and lots of very reasonable disagreements on what said controls should be, what exceptions, and so on. But "completely open borders" is a fairly niche position. This at least isn't merely a US thing, I would exercise some level of caution for international travel anywhere on the planet when it comes to personal property and devices, or even just my own liberty. Different countries can have radically different legal regimes. If any of us are traveling somewhere we don't have any inherent legal right to be, then naturally there is some leverage there in terms of what conditions might be set for our entry.
>This data collection is egregious even when applied to noncitizens.
I do agree (and I think it's generally agreed upon in civil liberties circles) that the global increase in data collection, storage, and processing capabilities is not merely "worrisome" but prone to abuse and in fact actively abused. It's a bad thing. I'd personally go farther in that I lean towards the idea that a lot of modern electronic devices should be considered almost as "exo cortexes", extensions of our minds that should have the same kind of protection as the contents of our minds (and that protection should be total). This is another area where tech has raced ahead of societal reckoning.
As far as individual reactions though I'd say the same thing as for business secrets or whatever else: the best thing to do is to just not have it on you, have no ability to get it either, have other humans who know your travel plans and can check on you, know what rights you do have, where to make complaints, and most of all have fallbacks if things don't work out. That alone is very empowering. If some data is vitally important and private to the level you describe, perhaps stick it onto an encrypted image on a USB stick and mail it separately or something along those lines. Or via private online transfer of which there are many, but something completely out of band from your own physical person.
100% agreed. Stipulated, countries can do anything they like to people who ask to enter. Basic respect for the property, civil liberties, dignity and universal human rights of people petitioning to enter the country, though, is not tantamount to 'completely open borders'. I think we can all agree that even if there are not legal constraints on the indignities and rights violations which a border entry officer can subject an applicant to, there should be some ethical ones.
The danger at the border is that a person might be admitted who is not who they say they are, that they might bring with them some goods that shouldn't be brought in to the country, or that they might be planning to do something that exceeds the terms of their entry visa, or is otherwise undesirable. That last case is the tricky one, because it amounts to trying to detect a thoughtcrime.
Of course if you're trying to prevent thoughtcrimes, it would be useful to see into all of a person's relationships, private communications, and online activities. But we have to draw a line somewhere for what information it is acceptable for border agents to acquire to render their judgements. And even if we allow that accessing electronic devices at the border helps with that determination of 'intent' at the moment of entry, keeping all that data (not just the subset that was evaluated as relevant to the judgement) for years beyond that determination seems completely unnecessary.
And it's not necessary, because we all know that if you allow a border agent to search someone's phone, they can find a reason to prevent entry. But that's unnecessary, because a border agent can already deny entry for essentially any reason they like. There's no need to have access to a phone to generate pretext. But the difference between 'Access denied' with a note on the file to the effect that they thought the answers you gave to their questions were inadequate, versus 'access denied' with a complete copy of your digital identity attached to the file and a flag pointing at a set of facebook messages you exchanged a few years ago.... is pretty vast.
>The ACLU is wrong. The border does it all the time. Here is the one that sticks out in my mind as the most popular case:
The ACLU is not wrong, if you actually read their actual words. Your case doesn't say what you think it does. From your own article:
>Bikkannavar insisted that he wasn’t allowed to do that because the phone belonged to NASA’s JPL and he’s required to protect access. Agents insisted and he finally relented.
As far as the law is concerned, he voluntarily let them look at it. It doesn't matter if they "insisted", he could have told them to pound sand. They could have kept the phone, but in its locked state it presumably wouldn't be that useful, and particularly since it wasn't merely a personal device JPL's legal department then could have easily gone right after them for it and won. Just because we have the legal right to something doesn't mean there is some magic barrier preventing LEOs from attempting to violating them, or implying the right doesn't exist. They have to be defended by people exercising them and potentially going to court. The very next paragraph states:
>Hassan Shibly, chief executive director of CAIR Florida, tells The Verge that most people who are shown the form giving CBP authority to search their device believe that they have an obligation to help the agents. “They’re not obligated to unlock the phone,” she says.
Right, same as a police officer who asks if they can "look around" or "ask a few questions". They may certainly ask that. You may choose to cooperate. But in general you'd be a fool to do so, and you also may say "no". If they arrest you they were almost certainly going to do so anyway but now they have less to go on and with more avenues to challenge it, and if they arrest you over exercising your rights you have a strong cause of action right there. CBP agents may well ask people this sort of thing all the time, but that doesn't mean citizens must comply.
>Right, same as a police officer who asks if they can "look around" or "ask a few questions". ...But in general you'd be a fool to do so, and you also may say "no"
This is not only a very naive take, its a dangerous one - people have been killed by law enforcement for doing what you are suggesting. Law Enforcement Officers in the US has what is known as qualified immunity. In practice qualified immunity means as long as the LEO says they believed they were following rules (even if they were not), then they can do anything they want to you (including kill you) with little to no personal consequences.
In other words, you can say "No officer, you can't look around without a warrant", to which they can say "I see an object that may be a gun, and you're moving your hand in the direction of your pocket. Stop. I'm afraid for my life, I need to break your car windows and throw you on the street"
It's common enough that a LEO can publicly and slowly strangle George Floyd on the street, recorded and in front of others, and the only notable/unusual aspect is that the police officer was convicted of a crime.
> people have been killed by law enforcement for doing what you are suggesting.
Can you cite any examples of this happening? I’m a pretty big policing reform person and follow this stuff closely and can’t think of a single case like this.
Wasn't this essentially what happened to Philando Castile? In his case he was even complying before he was shot, and the officer who shot him was acquitted.
I believe that was a traffic stop and the officer freaked out after Castile mentioned that he had a CC handgun. Clearly the officer fucked up and murdered an innocent man. However, I think that’s different in kind and circumstances from what I was asking about.
I imagine you are splitting hairs on 2, (mentioning you have a CC handgun, vs telling an officer they can't have your phone), but both are Rights and one person died trying to exercise them (i.e., Your rights don't mean shit to cops).
I see your point, but I was specifically asking about searches like the border searches mentioned in the article, that's the context here.
I also agree that Castile was murdered by a cop, I just don't think it's splitting hairs to distinguish between a warrantless search and seizure vs a traffic stop where a handgun is in play. Both involve violations of rights, but different rights and in circumstances which are operationally different if that makes sense.
He did cite an example: George Floyd. You really ought to read the comment you are replying to more carefully. (And you have to be pretty profoundly ignorant of current events not to already be aware of this.)
We’ll I was specifically asking if there are examples of people being killed by police for refusing a search without a warrant, so it matters insofar as it’s the question I asked.
I’m not here to defend policing as it stands in the US or dismiss any wrongful killing. I just disagree with a particular narrow assertion.
> I was specifically asking if there are examples of people being killed by police for refusing a search without a warrant
No, you weren't. You asked:
"Can you cite any examples of *this* happening? I’m a pretty big policing reform person and follow this stuff closely and can’t think of a single case *like this*." [Emphasis added]
The semantics of that question turn entirely on the antecedent of "this", which is pretty ambiguous in this (!) context.
So I'll revise my criticism of your original remark: you need to be clearer about the scope of what you are asking about. Personally, I don't think it is at all unreasonable to extrapolate the circumstances of the GF case to the potential for the same thing to happen during a border search, but I suppose reasonable people could disagree.
It seems clear when you selectively edit the transcript the way you did. But add a little more context:
> Right, same as a police officer who asks if they can "look around" or "ask a few questions". ...But in general you'd be a fool to do so, and you also may say "no"
So? Just because one person professes to have no trouble understanding something doesn't mean it was clear. Maybe you have unusual powers of comprehension. Maybe you understood it because the tacit assumptions happened to align with your prejudices. Maybe you are rewriting the past [1] to save face. Your testimony in this regard doesn't really inform the discussion.
I thought it was clear what I meant, but could see how there might be ambiguity.
To be perfectly clear I do not think qualified immunity should exist and that courts are too quick to rubber stamp warrants. Also most non-violent crimes shouldn’t be crimes IMO. That said, in many year of following the topic I don’t know of anyone being killed while refusing a search in a Terry Stop or an officer requesting entry to a home. Most police killings conform to a few narrow sets of common circumstances, that deserve a LOT of scrutiny but never seem to involve a warrantless search.
The prejudice that it's unlikely that an HN poster doesn't know George Floyd's story? Not only should you have that prejudice too, but simply assuming good faith would have helped you as well.
My prejudice is that if ch4c3 had noticed that the parent comment did provide an example (and it did) he would have said something like: the example you gave is not applicable because… do you have any other examples that are more on point?
> Hassan Shibly, chief executive director of CAIR Florida, tells The Verge that most people who are shown the form giving CBP authority to search their device believe that they have an obligation to help the agents. “They’re not obligated to unlock the phone,” she says.
Which he follows up with:
> Right, same as a police officer who asks if they can "look around" or "ask a few questions". They may certainly ask that. You may choose to cooperate. But in general you'd be a fool to do so, and you also may say "no". If they arrest you they were almost certainly going to do so anyway but now they have less to go on and with more avenues to challenge it, and if they arrest you over exercising your rights you have a strong cause of action right there. CBP agents may well ask people this sort of thing all the time, but that doesn't mean citizens must comply.
Note that the scope of the discussion has been broadened here. /u/xoa is comparing phone searches at border stops to 'police officer[s] who [ask] if they can "look around" or "ask a few questions"'. And it's pretty clear that this list of police actions is not meant to be exhaustive, just illustrative. There are other unspecified things that an officer could do or say that would be within the scope of what /u/xoa is talking about.
So at this point in the conversation the scope is both broad and ambiguous.
The next step is /u/xnyan quoting /u/xoa:
> Right, same as a police officer who asks if they can "look around" or "ask a few questions". ...But in general you'd be a fool to do so, and you also may say "no"
and following up with:
> This is not only a very naive take, its a dangerous one - people have been killed by law enforcement for doing what you are suggesting. Law Enforcement Officers in the US has what is known as qualified immunity. In practice qualified immunity means as long as the LEO says they believed they were following rules (even if they were not), then they can do anything they want to you (including kill you) with little to no personal consequences.
> In other words, you can say "No officer, you can't look around without a warrant", to which they can say "I see an object that may be a gun, and you're moving your hand in the direction of your pocket. Stop. I'm afraid for my life, I need to break your car windows and throw you on the street"
The scope of the discussion has now been broadened yet again. And again, the specific details of the hypothetical scenario described by /u/xnyan are obviously intended to be illustrative and not exhaustive. An officer could say different words under different circumstances and still be within the scope of what /u/xnyan is talking about. And again, the full extent of the scope is ambiguous because /u/xnyan has not said how far he intended his example to be extrapolated.
But the next thing that /u/xnyan does is give an example of what he is talking about in order to support the point he is trying to make:
> It's common enough that a LEO can publicly and slowly strangle George Floyd on the street, recorded and in front of others, and the only notable/unusual aspect is that the police officer was convicted of a crime.
And finally:
> Your rights don't mean shit to cops.
All this allows us to infer that /u/xnyan intended the scope of his comment to be very broad indeed. He is basically saying that the police in the U.S. can, if they choose, do anything they want to you at any time under any circumstances, up to and including taking your life, and there is nothing you can do about it.
This is the point at which you asked:
> > people have been killed by law enforcement for doing what you are suggesting.
> Can you cite any examples of this happening?
Well, yes, he can. And he did.
I understand that it was not your intention to ask about the "unrelated" example, but in context, that is the most reasonable interpretation of the words that you actually wrote because you didn't say what you meant by "this". In the absence of clarification, the antecedent for "this" in English is usually the most recent reasonable reference, which is to say, the circumstances being described by /u/xnyan in the comment you were responding to, which were very broad, and which included an example as part of the description.
I don't know how you're improving your case here at all.
>> people have been killed by law enforcement for doing what you are suggesting.
> Can you cite any examples of this happening? I’m a pretty big policing reform person and follow this stuff closely and can’t think of a single case like this.
And at this point, you decided to react with snark. Here's why that was wrong:
1. George Floyd is an example of what happened to George Floyd, so why would he ask for an example of what happened to George Floyd? Is that arguing in good faith?
2. Did you honestly think a "pretty big policing reform person" wouldn't be aware of George Floyd? This is why his question was clear to everyone.
3. George Floyd's case was actually irrelevant to the thrust of the discussion, which was the perils of refusing to allow a search of property at a border.
> Did you honestly think a "pretty big policing reform person" wouldn't be aware of George Floyd?
It seemed improbable, but profound ignorance is not exactly unheard of on the internet.
In any case, it seemed manifestly true that /u/ch4s3 had either not seen or chosen to ignore the example that /u/xnyan provided because he didn't refer to it at all. "Can you provide an example?" is what you say when you think no example has been provided. It is not what you say when you are aware that an example has been provided but you think the example is deficient. What you say in that case is something like: "The example you provided is deficient because... Can you provide a better one?"
> Here's why that was wrong:
Here is why you are wrong: if you give someone an example and they respond by saying "Can you give me an example?" you should not be surprised when you leave your interlocutor somewhat nonplussed, and you should be equally unsurprised when they, being human, respond with a certain amount of frustration at your inability to communicate your intentions more clearly. It's like if you gave a homeless person a pizza and they respond by saying, "Can you give me a pizza?" Dude, I just gave you a pizza, what more do you want? Oh, this is a ham-and-pineapple pizza. I wanted pepperoni! If you think a snarky response is inappropriate in a situation like that, well, we'll just have to agree to disagree about that.
If he didn't know what happened to George Floyd, he wouldn't have asked "for an example". He would have asked "who is George Floyd?"
People don't ask for examples of proper nouns.
This is why fluent English speakers understood clearly that he wasn't asking for an example of George Floyd, and therefore was asking for an example of something else, an example that had not been provided.
> Just because we have the legal right to something doesn't mean there is some magic barrier preventing LEOs from attempting to violating them, or implying the right doesn't exist. They have to be defended by people exercising them and potentially going to court
This is a major flaw in our system, and desperately needs legal reform. LEOs should only be allowed to ask people to do things that they can be legally compelled to do. Acting outside of that authority to coerce other actions should be charged equivalent to impersonating a police officer, kidnapping, or logically similar - the same as if a non-police dressed up in a police costume to coerce someone.
This is of course in addition to the need to make longstanding laws like the ones against murder apply to LEOs as well.
Not that I expect much to ever change. I've got to wonder what our society would be like if Hollywood hadn't leaned into "police procedural" for its cheap production cost. How many hours per week does the average American watch people pointing guns at one another and barking orders? It nowhere reflects real life, yet we've all been primed to think that's how the world operates.
That sounds great when typing it up on the internet in a comfortable chair, but when a few power hungry workers with guns are breathing down your neck in a small room you can't get out of, the rules aren't going to make you feel 'safe'.
That's why in fields where this isn't uncommon you drill and drill and drill your response until it becomes second nature. If you don't comply you are still an American citizen. CBP cannot deny you entry for any reason (yet). However, they can make your life hell for as long as legally possible.
If you are prepared for that then you absolute can and should tell them to pound sand. Just like you should to the police. But standing up for yourself has consequences you may not be prepared for. In both cases, CBP and police, you may be isolated from your loved ones, harassed, interrogated, etc in an attempt to make you crack. The difference, in a "border zone"[1] 100 miles from any border you effectively lose several important rights so the stakes are far, far higher. But, if you are truly innocent, it is worth the time to exercise your fourth and fifth amendment. As long as you present the correct paperwork the officer can't do much. However, they CAN lie. So it's imperative you know your rights to not talk yourself into probable cause.
>If you are prepared for that then you absolute can and should tell them to pound sand. Just like you should to the police. But standing up for yourself has consequences you may not be prepared for. In both cases, CBP and police, you may be isolated from your loved ones, harassed, interrogated, etc in an attempt to make you crack.
I went through the border without a phone or anything of interest for them to search. They cuffed and shackled me, finger printed me, booked me, tossed me in a cell. Then held me for 16 hours while driving me to hospitals and told doctors there was drugs up my ass. Towards the end they got a warrant to cover their ass, where they woke a federal judge and and the US assistant attorney in the middle of the night and told them vicious lies that a dog had 'alerted' on my asshole and that during a (real) invasive strip search they found (fake) evidence of smuggling.
As sibling comments have said already, rights must be defended, and clear eyed prep is a big part of the answer for individuals. Even just thinking it through a bit, while you have time.
>That sounds great
How does having your property confiscated for days/weeks and being arrested sound "great" to you? It's not great, it stinks. For some people it could even be ruinous. But it's also legal reality. Every single "right" your or I or anyone has came out of blood. Lots of blood. Blood, sweat, tears, money, activism, power both soft and hard. The entire reason the ACLU exists at all is precisely that rights don't auto-enforce and must be defended, that's literally their raison d'etre. When they say US Citizens have an absolute legal right of entry but that exercising it may result in significant inconvenience or cost they aren't wrong. All of society as well as individuals need to work with that tailored to their own situations.
>but when a few power hungry workers with guns are breathing down your neck in a small room you can't get out of, the rules aren't going to make you feel 'safe'.
And? What does "feeling safe" have to do with this? And it's precisely because we're "in comfortable chairs" that it's the best time to go over our rights and consider ways to protect them both at the overall political level and individual level, rather then once we're in the hot seat. Preparation is worth a huge amount. If you know both your rights and the practical risks, you can do things like simply carry a minimal phone/computer, load and reload with a VPN at your destination. Make sure trusted contacts know all your travel plans and status. If you're carrying sensitive data for a corporation or government, check in with your legal department, HR etc. That's literally a core strength of a big organization, that they can have powerful specialists of their own vs leaving it all on their employees. At the political level, when was the last time you actually wrote your Senators and House Rep? If you're outraged and feel at risk, the bare minimum is telling them that. It adds up. Even if one gets a canned reply they absolutely pay attention to volume on an issue, and on a sliding scale. People who are angry enough to actually go to the trouble of writing or even calling are presumed to represent some number of people angry enough to maybe vote in opposition or stay home on election day but can't be bothered to write or don't know to.
Not everyone wants to spend their time on any of this. Some people want to go about their day as they please without having to deal with any of this. That's the entire goal of having a society.
>Not everyone wants to spend their time on any of this. Some people want to go about their day as they please without having to deal with any of this.
That's nice? They can choose to try to do that, and in turn they may well get stepped on. There is a rest of the world out there, not just us as individuals. It doesn't always conform on its own to our wishes.
>That's the entire goal of having a society.
"Society" isn't magic that just happens on its own. It's made up of its people and their actions. If enough of its people don't actually take action, then "society" is going to reflect that too. Society creates more slack and wiggle room, and collective action can help shield individuals. You see that right here, society and law is why there is even an absolute right to return, why someone cannot simply be jailed indefinitely on a whim, etc, which in turn are foundational in making it much less costly to try to work for more. But if you merely want to free ride, well, it may or may not work out.
Eh, right are only rights if they are enforced and/or asserted. If neither is done, at best, they are forgotten and wither and at worst become a quaint memory of things that were.
The rules exist for a reason. They also exist for people with guns; especially for people that do it on behalf of government. If you are afraid of guns from people in uniform, you are already doing it wrong. I will tell you this as an interesting little factoid.
In Israel guns are everywhere, but you are responsible for every single bullet.
It's not the guns that are the problem in this scenario, it's the person holding it. If they feel like they can get away with anything, no rule will help you. And even if down the line you get your day in court, you'll still be the one shot.
You might be onto something. Being able to gauge the person behind gun is probably helpful.
Long time ago in country far away, we was traveling through a soon to be former Soviet satellite country. My brother got really sick. We were worried he would die. GPS does not exist yet. Foreign country. We miraculously stumbled upon a hospital. It happened to have armed guards. They blocked the entrance. My mom got pissed and started walking towards them with my brother in her arms. Rifle was raised, but guard ended flat on the floor as my mom pushed him out of the way. My dad followed with an embarrassed hand gestures that he hoped meant 'sorry, she is a little preoccupied now'. Nothing happened. Brother didn't die either. We drove forth.
How you handle yourself matters; doubly so in a time of actual crisis.
edit: Don't be an idiot rule applies. Sensible person will not storm armed guards just because you read a testimonial on the net.
<< no rule will help you.
What do you propose then, because I assure you the world without rules will not be a world people will want to exist in for long?
I have often wondered why gun control advocates in the US haven't taken the ammunition approach. Is there some precedent in the courts that limitations on ammunition are equivalent to those on the firearms themselves? I.E. ammunition commonly used for legal purposes cannot be banned?
In a sense, steps have been taken to do just that, but not in courts. I am not a proponent of those efforts, but it is important to understand what is going on. Various payment systems are currently trying coordinate in a way to track those purchases. Naturally, once they are tracked, they eventually will be marked as risky and, in banks anyway, derisked in a typical bank fashion. The same approach is taken for porn.
And to all that cheer this one, because you happen to align with those values, remember that a tool is just a tool and can be used by anyone for anything.
So that means ammunition must be purchased by bank wire or something? Or of course cash if in person. They already do this for pornography? Yeah, that sounds super scary. Maybe cryptocurrencies are a good thing... I don't want to have to buy a ladder with BTC because I might fall off of it and sue visa.
They have. New York doesn't allow free purchase of pistol ammunition. That also includes small caliber rifle ammunition that has been used in handgun applications.
Let me know how successful you are crossing the border and getting home when you tell CBP to “pound sand”. They’ll just deny you entry and you’re left with very little recourse. Effectively they are the judge and jury and you’re stuck in the waiting area if you’re lucky, a holding cell if you’re not
If you think you’re immune just because you’re a US citizen, you’re not.
A friend came back to the US after 3 years. A time period you typically lose your green card.
However friend was smart to ask a lawyer and the lawyer said “agree to nothing, sign nothing, only a judge can take your green card”.
So she did just that. Put up with about an hour of shit. “No, im not signing anything”, “No, I don’t agree that I’m no longer a permanent resident of the US”.
Was eventually let in and nothing came of it.
Know your rights and stand firm. If some non-us citizen minority woman can do it, I’m sure you can too.
I'm shocked it went that well for her. I've had agents simply lie on their report, including lying to (and waking up) a federal judge and US assistant attorney in the search warrant DHS got for me. Also had them lie to me and tell me I wasn't permitted to enter the US with my US passport.
I'm quite certain if she had dealt with some of the agents I dealt with they simply would have lied or signed the form for her and kicked her out of the country. If they would have simply taken the green card from her and said "good fuckin luck" it would have been a hell of a road getting it back after being gone 3 years. Either way good on her for calling the bluff.
Native born Americans of non immigrant parents are incredibly afraid of the us government.
Growing up in a family that came to this country, you're very disabused of the notion these agents have much power.
For most of them it's a power trip. Once you understand that, you will figure out what to say.
You have to understand that they know they're lying to you but it makes them feel powerful. Play into it. Let them feel the rush of power but remain firm in your goals.
I know in developing countries, the cops are nothing more than opportunist thugs. I have friends who tell them to just "fuck off" regularly. Then they come to the US with the same attitude, and while true US cops have limited powers, the "fuck off" approach often doesn't go over as well as politely refusing and stating your rights.
When I was younger I used the "fuck off" approach. I would say it worked slightly better than the polite approach of asserting my rights (and then shutting the fuck up) I use now. The polite approach tends to make them falsely believe I am a push over. The only real reason I use it now is because body cams are everywhere and I assume the judge will be watching exactly what I say if I ends up in court. Before body cams I assumed the cop would just make up the most horrid shit possible so there was not point in being nice.
Course it makes not much difference now. I'm on CBP's watch-list or some shit so I'm in for the 16+ hour shit-show, fraudulent warrants, with HSI detectives and the works everytime anyways. Even the seemingly nice agents see it on the computer and say "you know the drill" and send me into the bad-boy room.
Or they won't. And they'll lie to a judge, and they'll lie to a doctor, and they'll lie to the assistant US attorney. They'll create an insane and false chain of probable cause to accuse you of having drugs up your ass. You'll be taken (while cuffed, and chained to a van) to MULTIPLE hospitals against your will and be seen without your permission (without an arrest, without a warrant, and without a court order, and without any psych hold), each of which sends you a multi-thousand dollar bill. You'll wonder when the lawsuit will end up getting served for the medical bills for a medical condition you never had that the agents made up. You will complain to the state medical/nursing board, and they'll tell you nurses can search and perform 'care' on you without a warrant, probable cause, any emergency, consent, an arrest, nor a court order -- and DHS will exploit this loophole to violate what few 4th amendment rights you do have at the border. The DHS agents will smile inside knowing they can weaponize the high cost of fake medical complains while under your detention to rack up debt in your name.
Later you contact an attorney, and find out the agents have qualified immunity, that suing is a financial black hole that you probably cannot afford, and that your best chance is to be some incredibly sympathetic mother-teresa kind of character that are one of the one per 10,000 or whatever ACLU takes up for a cause.
These are not theoretical. This is what they've done to me, and more.
> If you think you’re immune just because you’re a US citizen, you’re not.
That's a pretty big claim, do you have a particular example in mind? You might have your phone seized, sure, but denying a citizen entry to the country? Even CBP understands they can't do that and it would make the evening news if they did it.
If you are a citizen of the United States of America, and you are returning to the United States from a foreign country, Customs and Border Patrol are not allowed to deny you entry to the United States of America.
Of course the caveats - if you, as the citizen, have an outstanding warrant, they can arrest you. They can take your electronics. They can delay you. They can put you in a room by yourself for some period of time. But they can’t deny you entry without some kind of legal reason. They can’t hold you indefinitely.
It just comes down to how much the citizen is willing to be inconvenienced.
And I believe any American with any felony on their record will have trouble visiting Canada. I once traveled with a guy who had a felony assault conviction from a college bar fight 15 years prior. They wouldn’t let him in.
But they will lie to you and tell you they won't let you in.
They will also lie to you and tell you they have the power to cancel your passport.
I've had them pull both 'tricks' on me. Not a lot of people are well versed on their rights and without access to a lawyer it would be easy to believe a federal officer when they tell you these things. If you believe what a federal officer tells you, which is probably most Americans, being told you won't be let in unless you do X is going to be taken literally as 'unless I do X, I am denied entry to the country.' They will simply comply on the basis of a fraudulent lie, which I might add a material lie like this is a felony if a normal citizen says it to a federal agent.
I'm a brown man and I regularly tell cbp to pound sand.
Once they tried to hold me up because my wife had two drivers licenses. We were just married and she had an old invalidated license with her old name.
I explained the situation and he thought it was suspicious so I asked him if he was suspicious because I was brown really loudly and he then let us through.
I don't understand all these people who cow down to everything.
My family, due to being immigrants, have been in many fights with cbp, ice, ins. Like all government bureaucracies they are filled with power hungry people. Knowing your rights and politely but firmly insisting upon them will rarely land you into trouble.
It's the politeness and insistence most people have trouble with. But honestly even my high tempered dad did not have any trouble growing up.
>Let me know how successful you are crossing the border and getting home when you tell CBP to “pound sand”. They’ll just deny you entry and you’re left with very little recourse.
How about instead of this handwave-y impossible ask BS you cite any actual cases at all since Lyttle v. US (10 years ago) where the CBP denied a US Citizen entry or deported them? There is plenty of case law here. In Nguyen v. INS the Supreme Court stated that (emphasis added) "[...]a citizen entitled as of birth to the full protection of the United States, to the absolute right to enter its borders, and to full participation in the political process." And that's not even tied to a passport. In Worthy v. US the 5th Circuit found the government could not impose a penalty on returning without a passport: "We think it is inherent in the concept of citizenship that the citizen, when absent from the country to which he owes allegiance, has a right to return, again to set foot on its soil. . . . We do not think that a citizen, absent from his country, can have his fundamental right to have free ingress thereto subject to a criminal penalty if he does not have a passport."
Lower courts have since cited all this, even when the practical result was a mixed bag or a loss for the plaintiff. Fikre v. FBI was about the no-fly list, and the court didn't hold that the absolute right to return meant the US couldn't prevent getting on an airplane in another country, and that Fikre hadn't asserted enough facts to support that the No-Fly list and boarding denial were enough to violate his right to get to a port of entry a different way. I think that's unfortunate, saying essentially "well take a boat or figure out a flight to Canada/Mexico" isn't ok and I think the whole no-fly list is flagrantly bad, but the court did uphold a citizen's right to enter borders on getting to them.
Finally in Lyttle v. US [0] there was indeed a case where a US citizen with mental challenges was detained by ICE and deported, after being allegedly coerced into signing a document falsely stating he was Mexican citizen. This set off a saga that eventually resulted in the DHS terminating deportation efforts "on the basis that “it was determined that [Lyttle] was not a Mexican citizen and is, in fact, a citizen of the United States.”" The court refused to dismiss all damages claims, and at all times ICE/CBP proceeded on the basis of fraud that he in fact wasn't a US citizen. Court found that the government is simply not authorized to detain or deport US citizens, and thus may not ignore any credible assertion of citizenship.
So again, if you have a newer example to share where someone was denied entry at all, let alone "with very little recourse", you share it. Otherwise you're just posting FUD.
If someone's family/connections had the wherewithal and resources to get picked up by the ACLU and go to the federal court once in a decade I wonder how often it actually happens. I was subjected to some abuse by CBP, and found out there were a steady stream of people getting the same treatment ('internal' examination of their body without their consent by a nearby hospital, often without a warrant). The last federal lawsuit is practically a decade old, but I can assure you based on the bragging by CBP officers themselves the shit was happening daily. So a decade old court case doesn't mean it isn't happening more frequently.
I mean, that's great and all, but IIRC this Supreme Court has been instituting a policy of Absolute Immunity related to immigration issues via Egbert v. Boule. If one has absolute immunity, the law simply isn't a concern for federal border security.
If I remember correctly, it's not complete immunity, but they require a compensation mechanism approved by congress for any issue that doesn't have prior history of being compensated explicitly similar to the situation at hand. It's like 99% immunity.
Right, so federal agents receive absolute immunity by default, and this is guaranteed to continue for every new issue, unless Congress magically becomes un-gridlocked in the meanwhile AND chooses to solve this issue AND chooses to do so every time a new unprecedent issue occurs involving a federal agent.
"The court held that the government’s policy, described above, does not violate the Constitution. Border officers can continue to perform advanced searches without a warrant or probable cause and can perform basic searches without reasonable suspicion that there may be a violation of law or a national security concern."
Honestly, as a non-American this scares me. I am absolutely not at all important and a fairly mediocre programmer as well, I don't store compromising data about anyone, never stole code or company data in my life (and never will), etc., you get it. A normal law-abiding citizen.
I still don't want to get my phone taken on an US airport and returned an hour later with God knows how many viruses that even Apple wouldn't be able to detect on my iPhone.
It's not about having something to hide. It's about not liking it when people poke their noses in your business without you being a criminal. And no I don't think installing backdoors on each device "to catch the criminals more easily" is a solution at all.
The elephant in the room in this case is that at a most basic level a State is an entity that maintains a (near) monopoly of violence in a given area. Being a normal law-abiding citizen just means that you are currently functioning in an area where the State's goals somewhat coincide with you living with some degree of freedom and comfort. Or at least they have no current incentive to mess with your life. But the whole system of laws we see as normal is just an abstraction that masks the balance of power which is in itself not that different from gang warfare at a higher scale.
When you are disturbed by having your phone searched, what is happening is that the balance has shifted a bit against your favor, and you subconsciously realize that your position is not as safe as it once was. But it was never truly safe, just stable in a certain point and time. The fact that you are not a criminal is irrelevant, because respecting or not respecting the law is very relative. The mental separation between the criminal and the law-abider is fictional in that both are just on a spectrum of usefulness and loyalty to the State.
OTOH, without the state, you have anarchy, which is inevitably and quickly filled by warlords or criminal gangs controlling whatever geographic and/or economic territory they can. The security situation in relation tho them is even less good, and you don't get nearly as much good infrastructure.
So, it's important to keep in mind the broader context and what really is a lesser of evils.
Unless, of course, you can point me to the magical stable stateless advanced society where I can go live... (srsly, it'd be great)
> When you are disturbed by having your phone searched, what is happening is that the balance has shifted a bit against your favor
Oh yeah, I am painfully aware of the power imbalance and that we're left alone simply because the powers that be don't have the resources to pick bones with each and every one of us. No other reason. If these things can get automated -- robot/AI security personnel -- then I am sure they'll start searching everyone's devices because it'll be practical and quick for them.
As mentioned above, I am a fairly average citizen and like 99% of people I just want to go about my business without being disturbed. I am social, easy to put a smile on my face, and fairly casual in my demeanor. I discovered this works really well with figures of authority -- they automatically write you off as harmless and leave you alone.
Still, I dread the thought of having to divulge that I have a collection of erotic pictures and even some copyrighted material in my photo gallery (e.g. small snippets from movies). If somebody wishes me harm they can absolutely do it -- sadly.
And that's the part that's not OK. The rulers want us always guilty of something by default. Sigh.
The state's monopoly, qua Max Weber, is on the legitimate use of violence. That is, the right and legitimacy of that right, is restricted to the state.
Absent this, one of three conditions exist;
1. There is no monopoly. In which case violence is widespread, and there is no state.
2. There is no legitimacy. In which case violence is capricious. This is your condition of tyranny (unaccountable power).
3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition the State.
The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy
Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California P. p. 54.
The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.
I am aware of the original definition and am not simply parroting it. I am questioning the idea of legitimacy here. Capriciousness is a highly relative term that is influenced by class and social differences i.e. what will appear legitimate and normal to an economically established person will be much more violent to a person of lower status.
The other problem is that even if you admit that legitimacy is a thing and not a circular construct (i.e. the idea is reinforced to promote the relative power of the group that sees itself as legitimate, and gains currency because the group is already powerful), you still have other states to contend with that are just against each other with no rules above them. And of course the capriciousness of a state against another state is seen as just normal diplomacy because we are used to it, when in fact it is often quite a brutal affair.
Legitimacy isn't what you'd emphasized initially, however, and my sense is that presenting Weber's definition and analyzing it with specific focus brings the issue to light more usefully.
I agree that the question of legitimacy is central, and highly concerning.
Intrastate conflict would fall outside Weber's definition, though how specifically that occurs can vary, e.g., within international zones (usually maritime, occasionally air or space, outside of Antarctica very seldom on land), or with border / sovereignty conflicts (India/Pakistan, India/China, China/Taiwan, North & South Korea, Israel/Palestine, Russia and numerous former Soviet republics, etc.), failed states (Somalia, Yemen, Afghanistan), or geopolitics (numerous US invasions, incursions, regime-changes, etc., for example).
What the US is doing in terms of demanding device access and holding data for inordinate lengths of time, as well as numerous other examples of the state-capitalist surveillance apparatus is exceedingly troubling.
But getting Weber's definition correct makes for a better basis for discussion.
>It's not about having something to hide. It's about not liking it when people poke their noses in your business without you being a criminal. And no I don't think installing backdoors on each device "to catch the criminals more easily" is a solution at all.
As an American, I couldn't agree more.
It's been a while since I've been outside the US, but given how so many (not least of which is the US) countries are doing intrusive things with mobile devices at the border, I will most certainly back up (nandroid, which I do anyway for backups) my phone and flash a stock ROM before leaving the US.
Upon my return, I'll restore my backup and pick up where I left off.
Not because I have anything very interesting (to law "enforcement", or anyone other than me for that matter), but rather because my business is my business and no one else's.
Also, I'm sure the US isn't the only country that does this. So if you travel internationally at all, you're essentially boned when it comes to personal privacy.
That's absolutely true, we were just discussing USA at the time. I have heard plenty of stories where security randomly pulls somebody from the crowd and straight up orders them to unlock their phone, or else.
"That's when they can plug in the traveler's phone, tablet or PC to a device that copies their information, ...".
would really like to know which "devices" they are talking about. fkn hard to do a full android backup these days.. this world. im tellin ya.
on another note: lets talk about how one would go about keeping ones privacy intact aka having a party in the capitol.
1. will they be able to get into my cryptrooted pinephone / hdd in those 5 days?
2. if not will this only make them more angry and privacy penetrating?
> fkn hard to do a full android backup these days.
No it's not. It's very easy. I do it all the time using adb.
> will they be able to get into my cryptrooted pinephone / hdd in those 5 days?
They don't need to. They can take a binary image of your encrypted partition(s) and take all the time they want to break into it later. Assuming they're sufficiently motivated.
have you tried restoring your adb backup?
Most apps set the backup=false flag in thr android manifest and adb will sput out an empty backup. This is what grandparents meant.
They will get a $5 wrench and beat you until you give it up yourself, per XKCD https://xkcd.com/538/
In other words: this isn't a technical challenge, either you comply and give them your private stuff, or you're not going anywhere. Maybe you can con them into giving a 'public' part of the phone and pretending that's all there is, but again, that's social engineering and not a technical challenge.
We are simply not allowed to have privacy and also live a meaningful life. Everything we want to do now requires us to surrender our privacy. Transact with money, see a medical professional, travel internationally, etc.
As a European I find it strange how the article and many comments here seem to focus only on it being US citizen's data being hovered up by the boarder control.
No one's private data should be taken without a legitimate cause, no matter their nationality.
You have to reset your perspective to a US one that believes that US laws only protect US citizens, and even those protections stop 100 miles from the border.
It not at all evident that it is illegal for the US to summarily execute US citizens without trial if they are outside of US borders. The data protections of Europeans are without question non-existent. Europe would be upset if we did it anyway, since Europe depends on us to bypass its own domestic spying restrictions.
Why strange if we very much do the same at external borders? Especially asylum seekers who get their phones confiscated but all in all the system is very similar when you entry outside Schengen, only imo Americans are more paranoid in a good way, about their privacy unlike euros.
Seems like real solution are phones that by default provided end-to-end-encryption for cloud backups, no local data “travel modes”, secure wipes, multiple logins, etc. — since trying to get countries to uniformly play by same rules seem highly unlikely.
No because if it's standard, they will ask you to disable travel mode and download all the data. You can say no, but you can't refuse and cross the border.
It for sure is a technical issue and by “travel mode” I mean you:
1. end-to-end encrypt a cloud backup
2. Securely wipe the phone.
3. Install OS in travel mode, which means no local data is forced and at best kept until restarting phone. Hardware enforcement of ban of updates including firmware and OS, unless system wiped. With a visual unique easily recognizable “code” to tell if the current “travel mode” was over rewritten; for example, unique consistent computer generated recognizable human face is shown on reboot until being reformatted and is different every time phone is reformatted.
4. On reaching known safe point, phone wiped, OS installed in non-travel mode, backup installed.
If there’s no data or way to root the phone, it’s meaningless effort and would no longer even be done at the border; they might find another route to get data, but current issue would no longer be a viable route.
— to be fair, I did mention multiple-logins, but to me that was intended to mean additional features/options, not a replacement for the core issue of forced access to devices/data at predictable chock points like border crossings.
Nope, if an abusive administration is committed enough, it will mark as suspicious any cleaned phone, especially if they can access freely metadata about your life without a judge.
No need for the content, they just need to make sure the activity score is higher than the one on your phone. It's not illegal not to have you real phone, but why haven't you? Do you have anything to hide? And they will make you life annoying enough, making you miss flights, waste your time, cost you money and opportunities, until most of the population comply.
It's a cat and mouse game, where you are trying to oppose technical solutions to people being simply abusive, which doesn't work on the long run, because the problem is that you are being ruled by the mob.
It's funny, because if were it be happening in China or in Russia, everybody would be loosing their mind, saying how those dictatorships are abusive. Then they would note how the Russian and Chinese don't seem to notice they are being abused and defend their country.
They don't have to, they can just say the phone synchronized on its own when set back out of travel mode. They will lie, of pressure you to download the data prior their search.
Again, it's not a technical problem. Abusive people are abusive.
Law enforcers are not good people because of their title, society shape them in who their are and how they behave. Currently, in the US, they are not shaped to be helping citizen.
Article says they can hold onto your electronic devices tho. They can also probably arrest you for the legal maximum (which unlike proper jail probably won't result in you losing your living but could result in you losing money in addition to time).
They don't have to literally prevent you from entering your own country in order to make refusal to cooperate extremely unpleasant for you. Not to mention they can do this every time going forward and they can do this to other people in your group as well. Good luck proving this is harassment and not due dilligence.
But they can, and will if the trend of abuses continue, make you loose your flight, make you waste time, opportunity, and money. And put you in a list so that they do that every time your travel.
"Oh you have no phone and nothing to search? There must be drugs up your asshole"
<detained and search, strip-search invasively, cuffed, shackled, tossed in cell, taken to hospitals against my will (for 16 hours) where they lied to doctors. Warrant obtained (for external and 'internal' search). Taken (via prisoner van) to another hospital 60 miles away with more crooked doctor after first doctor refuses to go with the shenanigans. Finger printed, booked. Denied sleep and harassed every time you try to fall asleep. Forced to perform bodily functions in front of agents, who search what comes out. Eventually dumped at the border without apology -- hopefully if you have pets or children someone will take care of them because you're not entitled to a phone call or use of a phone in most circumstances.>
My true story as a US citizen re-entering America. Enjoy!
There are (still) lots of US citizens who don't own a cellphone and so couldn't produce one. Are all of those subject to a cavity search? If that were common, I'd think I'd heard of it by now.
In any case, if the choice is between having a copy of the contents of my phone made, or being detained and cavity-searched, I'll take the detention and cavity search.
>In any case, if the choice is between having a copy of the contents of my phone made, or being detained and cavity-searched, I'll take the detention and cavity search.
Obviously I would too, but if you haven't experienced this kind of detention I think you'll find people such as ourselves who would rather this than that are rare. And don't forget, once you're on the shit-list they will mark you on their computer and make you experience hell _for life_ everytime you enter the US. Ask me how I know. Ready to exercise some privacy today? Great, hope 30 years down the road when you want to take the grandkids to Cabo you're ready for the whole party to get the Pablo Escabar lock-up experience. Want to get quick lunch across the border? Hope you informed your boss you may not be back to work tomorrow.
I've effectively lost for life the ability most Americans have to have any expectation whatsoever they may be able to clear customs in a matter of hours. I have to plan to be in complete incommunicado from my family for 24 hours from the time I hit the border. I have to plan that most likely I'll be tossed in a cold cell, and perhaps get more Emergency Room bills after agents take me to doctors against my will. I have to prepare for the lawsuits that may come from any unpaid medical bills for medical service I never asked for and for which I was brought involuntarily (cuffed and shackled), which CBP officers have weaponized. I have to plan on never scheduling a flight back home the same day I enter the US, because most likely I'm going to miss it.
>Are all of those subject to a cavity search? If that were common, I'd think I'd heard of it by now.
Yes it's extremely common. Holy Cross Hospital in Nogalez, AZ has a steady stream of traffic bringing 'patients' in to be inspected in this manner and there are lawsuits for forceful penetration of women without a warrant as part of this practice as well. While the agents detained me they told me many many stories of others put through this treatment.
It's not like you have another phone you're trying to hide and pass this one off, right? So at that point, it is the only answer. They can not like it all they want, and they can spend as much time trying to find how you're gaming them, but if you're not actually gaming them, then that's their problem.
>>but if you're not actually gaming them, then that's their problem.
Is it? They have almost infinite time and money, they can follow false leads and accusations almost indefinitely, and whoever makes that decision will never be met with any kind of consequence for making the wrong call. However sitting in a cell somewhere while they wait for you to give them information that doesn't exist definitely sounds like your problem not theirs.
Not on its own. It's just that if crossing the border relies on the discretionary power of the local agents, and they find you suspicious enough to search you, and you then have additional aspects that might annoy them further such as being evasive about your electronics, then it could be a big problem for you.
Statistically you don't have to worry about this at all.
It's not being evasive about your electronics if you truly only have a travel phone while explaining it as a travel phone. That's telling it how it is.
If you have a phone and refuse to grant access, that's being evasive. If you have 2 phones and try to play it like you have 1 phone, that's being evasive. If you have a secret under-duress boot partition for your laptop, that's being evasive.
Having a set of travel electronics is not evasive. That's just how it is in today's big brother world.
In some countries and contexts this is a possibility. It's not uncommon for countries to have a system where you essentially have to convince a human border guard that you are no threat with no clear guidelines. Having no phone or a phone with not enough data can be a problem in such a context.
The vast majority of border crossings across the world don't involve any questions about phones anyway, but if you are at the stage where they do the characteristics of your phone or lack thereof can piss off the person who determines whether you are allowed to enter. And if you are at that stage entry denial will probably not be solely based on your phone or lack thereof because there was probably a reason they starting asking about it in the first place.
These aren't purely hypothetical scenarios but real life examples of things that happened to people I know.
> It's not uncommon for countries to have a system where you essentially have to convince a human border guard that you are no threat with no clear guidelines.
Canada is like this. I traveled to Canada with my father a few years ago. When we crossed the border I was driving; they asked both of us if we had any guns in the car. The answer was no and they were obviously free to search the car if they doubted that. But then they started grilling my dad about which guns he had at home, 500 miles away. How many shotguns do you own? What models? How many rifles do you own? Which models? How long have you owned these guns? What do you use them for?
They didn't ask me any of that though. I was 35, I could have owned as many guns as he did, but I didn't and they seemed to know that already. I assume their system had access to some sort of database that flagged my father as a probable gun owner but not me. And the young border guard seemed intent to ask him invasive and utterly irrelevant questions to 'punish' him for this. I think the border guard was acting on individual initiative, because a few weeks later we entered Canada a second time and the border guards didn't even ask if we had guns in the car.
If the database shows that your dad is a gun owner but then your dad denies owning guns or soft sells the guns so it is a different list than what the border agent already knows, then they have your dad on being evasive and potentially a subversive. Now they get to do something for the day rather than whatever they normally do.
I am under the impression you did not read the comment. I am not making the claim that the travel phone equals entry denial, just that it's a factor among several.
In the vast majority of cases, it will not be a factor, nor will anything else because you'll just go through the border without arousing suspicion or any searches.
The vast majority of flights won't include device searches or these awkward questions. But if you are in a situation where they do want to search your phone, the fact that it's a travel phone is not going to be received well. This will of course depend on the border guard in question. Unless you are a citizen of the country your capacity to enter it is now compromised because the will of the border guard is in practice nearly absolute and without recourse.
If by plausible, you mean intentionally false — then in many countries, if caught, that might result in being: blacklisted, deported, imprisoned, detained, lose of citizenship, etc.
Imagine having a knock on your door because you exchanged a few friendly text messages 15 years ago with someone who is being investigated for a crime committed today.
Citizens are suspects. Tourists are terrorists. Everyone is a potential criminal in the land of the free.
Something like this happened to a friend of mine. He was using a work-allocated phone. He didn't directly get contacted by authorities, but someone at the company tipped him off that they had been contacted.
Turns out the phone number he was assigned had previously belonged to a drug kingpin's burner phone or something like that. When my friend got a new phone and ended up with the number, he made calls from the US to Pakistan because he was going to attend a friend's wedding there. The authorities saw these things and at some point contacted the owner of the phone (the company) to try to figure out what was going on.
As a thought experiment, what would happen if you wrote your own malicious payload to a burner device and handed that over? What if you warned the border agents that your device would deliver malicious code and they plugged it in anyway?
I believe there was a defcon talk about this but for the life of me I can't find it. My advice is to epoxy your lightning port closed (or snip the data connection inside the phone) and use wireless charging exclusively.
My guess is it would be like setting up a trap gun and putting a sign on the door warning about it. Still illegal. But I'm a rando on the Internet and a loooooong ways from being any kind of lawyer, and I didn't stay in a Holiday Inn Express last night, either.
Huh? I'm asking about the realistic outcome, whether that be denial of border crossing, criminal charges, or they choose to not examine the device and let you through.
What if you planted a bomb in a package on your doorstep with instructions on it telling people not to open it? What if the package thief stealing your package opens it and causes an explosion injuring themselves and maybe others?
You're describing a (digital) booby trap. Since you're knowingly targeting law enforcement officers, I'm not sure legal theory factors into whether you could get away with it in practice but even theoretically the answer is probably no, that's a computer crime.
This recently happened to me earlier this year. I am a U.S. citizen, coming back to the states from South America. I have not broken any laws nor do I intend to.
I put up a fuss and almost missed my flight, but they took both my laptop and cellphone into a back room with about 5-8 other people on my flight. Made me unlock of course.
Here is the pamphlet they let me take… saved and documented. They take down hardware addresses and more, and would not allow lawyers on the scene or for me to witness their search. Here are all the pages of the pamphlet:
As a tech worker and privacy advocate for all I was rightfully not thrilled. I still need to buy new hardware, I had no idea this was the case as far as data storage and 15 years but figured they probably upload malware and all that fun stuff. Neat. I have been a citizen my whole life.
Reading through the comments now, I am glad I learned a little. If they pull the stunt again I will happily deny and wait however long and just rebook a flight and maybe hire a lawyer. It’s a gross abuse of power.
It's a great overview of digital privacy and protection laws in the US, how they came about, and what protections they actually offer. The short answer is "very few" and the long answer is "never ever ever turn over your data short of a court order and even then try to fight it."
Then with Third Party Doctrine, most of the few/limited privacy/warrant rules go out the window.
If you don't read the 'Accept Me' On most random websites nowadays, most people are just openly giving up access to their devices/data without even knowing it.
This (and similar issues) is the main reason that I donate a non-trivial (10%) part of my earnings to ACLU (and 2 other) organization.
Our rights and freedoms do not come without struggle. And they sure do not last without somebody constantly defending them. And it’s only bravado to assume that we can stand against the might of federal agents as individuals without dedicated organizations fighting for us.
ACLU is a shadow of what it once was. Their unprincipled wavering on free speech ensures that I will not be donating to them. I would, however, love some new recommendations for where those donations can go.
If you are looking for something more right libertarian or conservative-supported, you probably want FIRE.
If you are looking for something more consistently progressive or liberal-supported, you might want to give the EFF a try.
If you specifically care about free speech above all, you're probably right libertarian. It's fine. There's no such thing as centrism in real life politics and an individual's political alignments can vary drastically in different issues rather than line up perfectly with any specific political movement. Especially if you consider yourself apolitical or haven't really reflected on the entirety of your political beliefs and how they interact with each other (most people haven't).
Not claiming that ACLU does nothing useful -- I certainly don't know enough to say -- but what do you think about this (which suggests to me a damaged commitment to civil liberties):
Maybe it's just me but all unironic use of the term "wokeness", especially as an accusation, should be limited to post New Atheism era or Gamer Gate era YouTube channels by faceless cartoon narrators calling themselves things like Skeptical Panda, Truthoid or ${obscure_bronze_age_ruler_here}.
It just instantly sinks any attempt at seriousness. The website might as well be called Destroying Creationists with Facts and Logic after publishing an article with a headline like that.
One thing I learned at Defcon 30 was how to break encryption at rest by just storing the encrypted data and wait for a quantum computer to be developed but storing it for 15 years wouldn’t be long enough (average guess of scientists were 50 years in the future).
It makes the NSAs Utah data center to have other applications like parallel reconstruction.
US CBP and other national border agencies change target priorities from time to time, which is reflected in the questions they ask you.
I recently had a long discussion with CBP about my Canadian passport showing a US birthplace. Under a repealed section of the INA my US nationality lapsed some half a century ago and I suspect a call was made to the Port Manager. Since then my entries have not discussed this point which leads me to suspect their system has been updated.
The current question is your plate number (already displayed by the camera). You need written permission from the vehicle owner to cross the border, even if the owner is family.
Border officers may also have quotas for more thorough examinations.
I remember a lawyer on radio saying that they take "naked" laptops across the border.
Most definitely DO NOT cross ANY border with anything that in the most remote possibility would trigger the interest of customs.
To sanitise a phone or tablet, fill it with dashcam video, encrypt and factory reset. Then set it up with a fresh Google or Apple ID.
Maybe leave your sim card at home.
Having repartitioned a tablet, I discovered that there is a massive amount of hardware data in partitions that most people are totally unaware of.
Is there any significant effort in progress to combat this practice? I see that EFF has some old articles on the topic but I don't see anything current.
From what I understand, the border is a sort of wild west in terms of citizens rights and lack there of. As usual with those seeking power and greed, boundary conditions that are not clearly defined are optimized around for their goals. Where do your rights begin and end as a US citizen? That's ignoring all the giant carve aways in your rights when it comes to reentry.
Much of it's quite silly in the era of technology and current society scales anyways where most the nonsense they could be concerned about being on your personal phone in terms of data can be conducted right inside the border without ever leaving. So the excuses for cloning phones and archiving data outside of another loophole that let's them spy on US citizens are pretty limited. Anything on your phone they could be concerned about can be archived, encrypted, and tucked away somewhere on the internet that's far less tracable. So what information do you really need? Outside of the really stupid criminals (who will eventually learn to be more sophisticated and evade these approaches), what do you expect to catch?
I submitted this the other day but it didn't get any traction: the Protecting Data at the Border Act[0] is a thing, but has barely been touched by the relevant Senate committee since it was introduced nearly a year ago. As expected, it's not perfect: it has some carve-outs, and only applies to US citizens (and maybe permanent residents; I forget the exact definition of "U.S. person"). But it would definitely improve things. Maybe something to bug your Senators about.
Can we request it back later? This sounds like a great publicly-funded backup service if they can get the user experience right. I certainly haven't nailed storing my own data for 15 years.
This happened to me, a US citizen, when I was returning to the US from Europe. They stopped me and asked me to hand over my electronics with passwords. I refused and they told me I had to sit in the room by myself until I gave them my electronics. I asked for a lawyer and they told me I am not entitled to a lawyer because I had not fully entered the US yet. After over an hour I finally gave them my electronics and passwords. After CBP gave the electronics back to me I threw them away.
The easiest solution to this persistent storage of private citizen's personal data siphoned from their phones or other devices is to carry a burner phone on international trips and weaponize the data that you store on it before you travel. Infect some photos and PDFs with one of those silent exploits that, once it gets into their data center, maps all the drives and wipes them or one that wipes the devices that they are using to siphon all the data at the border crossing. Even sticking them with something like a shitcoin miner would be a win.
Or, target the data storage center directly. I guarantee that someone in their custody chain is dumb enough to click a fake email link or visit that hijacked site to download code that wipes their data center drives. You only need to be lucky once to put them back at square one.
Or better yet, someone could create a repository of shitty memes that can be downloaded to your burner phone before you travel. Just grab a bunch of "Yo' Mama" memes and let the agency hacks waste all their time reviewing the same well-worn collection over and over. The more boring the better.
I am planning on travel to Mexico soon. A few days ago my sister in-law sent photos and videos of my nephew in bed with his 7 year old girl friend in the family WhatsApp channel. He is only in his underwear and she is topless and crawling around in her underwear and giving him hugs. She repeatedly does this with my nephew's bath-time as well. Out of context it looks creepy and perhaps would be flagged by an AI classifying for exploitation.
So if the AI has me marked as a person of interest and they seize my phone at the border, it won't be a good day for me. Am I just being paranoid and lacking perspective because I have never been a parent who spends a lot of time with naked children ? Is this so common that I shouldn't be concerned ?
I once had my all my devices searched when returning to my home country (Australia). They kept my phone for a few days too. They didn't find anything and I wasn't charged wth any crime. But you only have to suffer this massive invasion of privacy once to make make sure it never happens again. Now when I return home I wipe all my devices in the time it takes to de-plane, collect bags and get to customs. Easy enough to get back up and running fairly quickly with an iCloud backup once I get home. Looks like I might have to do the same if I ever decide to visit the US again.
I guess the oft-cited advice to travel with a burner phone even applies to the USA. Sad to hear. I hope Wyden is successful in changing this practice, but I very much doubt that it'll change.
Has anyone that this happen by US border patrol? What are the specifics?
The way US treats the migrants is human rights violation at the border. Now add this to the pile of atrocities committed by the border patrol and ICE. It's high time we should consider open border.
This is like suggesting a biological cell not have a cell wall.
One of the fundamental functions of a country is to regulate input/outputs at the border.
There are so many disastrous problems that arise from the elimination of a border, that I question whether such a suggestion is ever even made seriously or made by sane people.
I advocate for almost completely open borders, for three reasons, freedom + economic growth + national security.
(1) Freedom. Closed borders was actually one of the first iterations of technology being used to suppress human freedom. We had open borders for most of human history. Only with the advent of modern nation states (and the associated mind virus of nationalism) and recent technical capabilities have we both been motivated and capable of blocking people from travelling and moving freely.
(2) Economic growth. Self-explanatory. Look at where our top founders, or their recent ancestors, come from. The more immigration, the better.
(3) In the long-run steady state, geopolitical power comes from population size. China and India surpassing the US economically and militarily is a near inevitability and a matter of time. I'd rather a liberal democracy play the role of world police than an authoritarian regime. But that's only possible with 600 million+ Americans.
TLDR, closed borders is a disgusting modern aberration with racist and protectionist motivations that stunts the growth of countries and eliminates the freedoms of humans.
1. the us had open borders because they could offer land to people coming in, it had economic benefits for everyone involved. nowadays, EVERYONE wants to get in, especially actors with bad intentions, and as was just shown in europe not even five years ago now, open borders are a terrible idea with long lasting consequences.
2. economic growth does not simply derive from a larger population, there's a balance between population size and the economic prosperity of each individual within that population, to tip the scale so absolutely in only one direction completely destroys the scale itself
3. geopolitics are not so black and white. it derives complexities in more areas than just population, and the US does not have a small population, nor do its allies
There's really no substance to anything you've said here. Just confusion and fears and basic misunderstanding of economics and geopolitics. Please consult any economist or international relations scholar on point 2 or 3.
and what substance is there to open borders, let alone the argument that 'we' (who exactly?) had open borders for most of human history
for the past few thousand years, you risked your life by traveling. if someone went around looking for slaves to sell and you found yourself clamped in iron, your life was over
I still think there is merit in Lifeboat Ethics. Our country can only support so many people before it would be overwhelmed by resource scarcity and further overpopulation that burdens other nations.
Of course closed borders are protectionist. I don't think that's a bad thing.
Correct, because in doing so you max freedom, growth and power, which you don't want to stunt in order to avoid a made up concern that may or may not happen and can be prevented before it happens if it almost happens. Anyway, the market will tend to equilibrate. If one country hypothetically gets "overpopulated", then the less populated place will become more attractive (although I strongly challenge this, nobody wants to move to rural areas within so-called overpopulated countries -- overpopulation is a myth by anti-freedom conservatives), leading to reverse migration.
I'm making practical and utility arguments here but I also simply think noone has the right to prevent someone's freedom of movement unless the stakes are truly dire (infectious disease with high mortality). I believe it's evil for people whose ancestors immigrated (which is everyone, including England, which used to be black inhabited) to then point guns at the border and prevent others from doing so for no reason whatsoever aside from fear and bigotry masquerading as vacuous excuses. The planet is so small, it's a heinous assault of freedom to deprive humans of the freedom to explore and settle around it during our brief existence.
I think there is value in the participants of a society, principally in the governance of a society, being educated and adhering to a certain set of common principles and sharing some level of culture.
Due to the lack of a good alternative, we allow anyone born in this country to be a citizen, and to vote at age 18. I wouldn't want random people who don't speak the language nor have any interest in sharing our culture or respect for human rights or democracy to have political power. (See: the importance of public education for a well-run society).
So let's say we allow an unlimited number of people in with almost no barrier, who may or may not share our political values or language, to live and work here. Sure, it's happened before in mass immigration movements. What if we said, "You can be here, but you can't vote until you are documented to have lived here for a certain period of time and can pass a citizenship test?"
That may work, but I wonder what will happen if we continue to have (as we now do) a two-tiered system ala Starship Troopers; one of citizens and one of "civilians" who do do not have political power. What are the impacts? I am not sure.
My core belief is that education and common values are important to a society, and I am concerned that unfettered immigration into this country would risk destroying whatever common culture/language we have over time.
That analogy may be more insightful than you meant it to be.
Animal cells (e.g., the ones in your body or mine) do not have cell walls. They do have membranes surrounding the cells, but they aren't walls.
In the same way, any country has borders, but there's a lot of scope for variation in what they allow across the border under what conditions. "Open borders" does not mean "no borders".
For instance, the borders between countries in the Schengen Area of Europe are "open", even though those countries still have borders. This has been the case since 1995. Civilization there does not appear to have fallen so far.
We're talking about a multicellular organism. An animal's skin keeps out things that its individual cell membranes aren't concerned with.
(I don't actually think the details of what cell walls, cell membranes, skin, etc., do and don't regulate / completely block really tell us anything much about what should happen at national borders. If tomorrow someone discovered a previously unknown regulatory mechanism in cell membranes, that shouldn't make anyone change their mind about immigration controls. The way these analogies actually work is that someone decides what they think about immigration on other grounds, and then goes looking for an analogy that fits the rhetorical point they want to make. Someone arguing for "open borders" would probably choose something else rather than cells to make analogies with. The analogy isn't doing any real intellectual work, it's just window-dressing.)
No, I've made a substantive observation about the point actually at issue: you implied that every country necessarily has immigration controls at its border, which in fact is not true.
You had tried to support that claim by making an analogy with biological cells, and it pleased me that in fact my counter-point fits into that analogy, but it doesn't really matter: if it turns out that the cell-analogue of "every country has to have immigration controls at its border" is true, all that means is that cells were a bad analogy because, again, it is simply not true that every country needs immigration controls at its border.
I am not a cell biologist so this might be wrong, but my understanding is that cell membranes are in fact permeable to water and don't have any particular ability to regulate the movement of water in and out of the cell. The rate at which that happens will be affected by e.g. concentration of solutes on each side, but it's not a thing a typical cell has mechanisms for controlling. I think there are such mechanisms in some cells in the kidney, but AIUI while most (all?) cells have aquaporins there's nothing adjusting their permeability. But, once again, while this is all interesting in its own right it tells us nothing about what countries can, or do, or should regulate. If some researcher makes a stunning discovery that overturns our understanding of what cell membranes do, the appropriate adjustment in national-border regulation will be zero.
Pre-modern world having no borders is what gave birth to immigration into the said country & other parts of the world which got colonized over time. Kinda hypocritical to suddenly have everything closed up. Who knows maybe space travel or resource scarcity is what unites all countries centuries down the line.
People ask "what will our descendants think we're currently doing that's horrific?". The usual response is eating meat. But another one will be closed borders. It is one of those shamefully morally abhorrent violations of individual freedoms that is fairly widely accepted as normal.
Wow, it's almost like "human rights" are a cultural/political/ideological construct and not a legalistic one, and people might have varying differing opinions of what those rights are. And that there might be room in a democratic society for discussion of this, what is most just and sensible, and how we might accommodate a changing world situation.
But no... the legal categories of border rights are immutable and constant. Citizenship is a fixed construct. Migrants fleeing starvation and war and climate crisis are criminals. And all these borders set and conquered by force 200-300 years ago are inviolable.
> But no... the legal categories of border rights are immutable and constant.
Except of course, they're not, since the whole concept of restricting movement into the US didn't really being until about 1917 - before that you pretty much just showed up. (I know you know this, I'm just re-enforcing your point.)
They do indeed have established processes. And the US violates the shit out of them and illegally detains people against international law. You really think the UN established processes involve caging people without checking their credentials or asylum claims? Do you think international law is big on freeing up border guards to violate civil liberties of both citizens and immigrants? No. After the Holocaust, where many countries turned away fleeing Jews, who would then end up getting gassed, the US made sure the UN implemented international law that would make seeking asylum more human rights friendly.
Then we started violating those processes and cracking down on immigration, which actually increased illegal overstays because people stopped going home after their short term visa jobs because they knew they couldn't come back next year to pick strawberries if they left. This isn't wokeism, it's just history.
I'd like to see a country experiment with an open-but-chargable border.
Ie. You pay a substantial fee for permission to cross the border. Once the fee is paid, it's unlimited border crossings for life. For example the fee could be $5000 + 5% of your total wealth.
The fee reduces immigration and limits it to the rich, who you probably wanted to allow in anyway. And it costs about what people traffickers currently charge, but the government gets to keep the revenue.
We have something like that with "golden visas/golden passports" already here in Europe. The result was a bunch of Russian oligarchs with Schengen freedom of movement [1].
So maybe we don't want all the rich people? And we probably want some of the poor people. There is a shortage of all sorts of labor afterall.
The real issue is that there is no good way to verify the identity or non-criminal nature of any of the migrants. You can create a solid ID at the time of entry and start tracking there at least.
If you have strong diplomatic ties with the country the migrant came from, you can totally do identity/criminal background checks.
You can also do things like asking an existing citizen to sponsor an immigrant. If that immigrant commits a crime or doesn't pay their taxes, the sponsor is jointly liable.
I had to look up the reference. Are you saying it doesn't matter if some people entering a country are wanted for crimes? That seems like something we should check.
Every country asks for your criminal record and does background checks before issueing visas. You are trying to reinvent a system that existed for decades
I was thinking if the gp really wanted open borders you might not even require an ID but yeah requiring an ID is normal at any controlled border crossing. My understanding is that sometimes even between schengen states that id is checked.
United Nations Declaration of Human Rights (UDHR) 1948, Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
Privacy is not a right under US law. The US constitution makes no mention of it and the interpretive framework that creates such a right was recently overthrown in the antiRoe ruling.
Privacy is not an implicit right under the Constitution under the new ruling of RvW, but that doesn't mean it's not a right under US law. There are plenty of privacy laws in the US.
Police in the UK have the power to seize mobile devices from any traveler entering the country, and can retain their personal data for as long as they see fit, according to a report from the Telegraph.
They might have the power to, but they don't exercise it[1]. Also, this is about phone as in physical device; it doesn't grant them the right to access the (encrypted) data, does it?
1. Fun fact: the Queen has the power to execute anyone at will.
What difference does it make if EvilCorp can store the data (phone location data, search data, etc.) on its systems, and then will volunteer to hand over to authorities when requested?
Lot's of people fantasizing about what they'll do at the border with weaponizing the data on a burner phone. Let me present a "simpler" and actually realistic option (only for US citizens) on how to handle this:
1. Have a reasonable amount of emergency savings (6-8 months of expenses stored).
2. Have someone in-country who isn't traveling with you who can make sure your bills get paid (financial power of attorney).
3. Apply for Global Entry, which pre-clears you for border crossing.
4. Turn your phone /off/ when you land (usually a 15-20 minute walk to passport control in most airports). Powering off is important.
5. Refuse to provide the password, refuse to unlock. Provide all relevant travel documents and customs declarations, and allow free inspection of your baggage.
6. Wait... depends on the agent. Longest I've been detained was 2 days, most of the time they hem and haw for an hour or so and let you go.
7. Go on with your life.
Step #1 and #2 is in case you get arrested, which will almost guarantee losing your job, at least for right then. Since you can clearly establish no priors and that you aren't a flight risk, getting bail and then finding another job should be relatively easy to do within 6-8 months for most of the HN crowd. Also, invest in pre-paid legal.
Obviously, this is assuming things go mostly okay and you don't get murdered at the airport, however the realistic probability of this occurring is fantastically low (these types of crimes are almost always committed in the US by local law enforcement, not federal law enforcement, as feds undergo much more stringent requirements and aren't just your high school bully drunk on power with a gun).
Steps #1 and #2 you should be doing anyway, just out of good financial sense. Step #3 you should do anyway if you're traveling internationally regularly just to make your life easier when black swan events don't happen. And Step #4 you should do EVERY time you are about to let your phone out of your possession, whether involving the government or not, because it prevents most forms of attacks against an encrypted device and disables biometric unlock (which can be coerced/forced/done when you are dead).
The hardest step is honestly #7, because after what I've experienced in my travels (and let me tell you, the US CBP is MUCH MUCH more professional, courteous, and reasonable than many many other countries), nobody really believes you and there are way too many people that are apologists for the powerful. Governments, pretty much universally, suck. The only difference between whether you personally experience the suck or not is whether or not you happen to get randomly selected or fall outside the bounds of what the government expects of you. There is no requirement that you do anything "wrong" in either the moral or legal sense, to end up stuck in the suck. Embrace the suck early if you plan to exercise your rights, because doing so will bring the suck on to you full force, but if you're the self-righteous type at least you'll get some sense of satisfaction out of it.
Yes, it's happened to me twice, both times crossing from Canada to the US on a land border entry. There was a short period of time where the CBP was doing this in droves on Canada land border entries. The way it's generally structured is they ask permission, and if you refuse, they can't really do anything without a court order and can only hold you at most 72 hours. The time I was held up for 2 days was because they wanted to further inspect my vehicle, which I can't prevent. The only thing you really have any possible way to control is your digital devices, anything physically on your person / in your possession is open to physical inspection at a border entry point and there's no legal means to prevent it, so there's no point in even arguing. Your phone you /must/ relinquish to them, but you can refuse to unlock it if it's locked with a password. The only way to get around it is a court order, which they're not going to bother with if you're not actually suspected of anything.
Of course, YMMV, which is why I say the most important thing is realizing you could absolutely be arrested and charged for something stupid if you refuse, and should have 6-8 months of financial coverage. And of course, any non-citizen can be refused entry arbitrarily with no recourse.
FTA "(CBP) leaders have admitted to lawmakers in a briefing that its officials are adding information to a database from as many as 10,000 devices every year" this is not a rare occurrence, it's rare in the grand scheme of things because there's so many travelers in/out of the US, but it's not really that rare. If you travel internationally often enough, especially at land borders (I don't know why, but these get hassled more in my experience than airports), you will likely eventually get asked.
This demonstrates a clear lack of understanding on the rules and how ports of entry are "special"
> There was a short period of time where the CBP was doing this in droves on Canada land border entries. The way it's generally structured is they ask permission, and if you refuse, they can't really do anything without a court order and can only hold you at most 72 hours.
They can do worse, they can :
- enforce travel bans (starting at 5 years) and issue large fines.
- Failure to grant access to your digital device may result in the detention of that device under section 101 of the Customs Act, or seizure of the device under subsection 140 (1) of the Immigration and Refugee Protection Act.
The Border has its own special laws, especially entering the US where it is a "constitutional free zone". The US really is an odd case as this extends 100 miles INTO the US.
> enforce travel bans (starting at 5 years) and issue large fines.
This only affects future travel and is subject to court oversight. You cannot be refused entry as a US citizen. You can however find that just on the other side of the border you'll be sitting in a detention holding cell.
> Failure to grant access to your digital device may result in the detention of that device under section 101 of the Customs Act, or seizure of the device under subsection 140 (1) of the Immigration and Refugee Protection Act.
Yes, they have broad powers of search and seizure for anything physically in your possession when you cross the border. You MUST physically turn over the device, you have no legal recourse. You do not have to give them the password or unlock it for them (short of a court order compelling you to do so). They can absolutely just take your phone and laptop and essentially never give it back if it's considered evidence in an ongoing investigation. In practice, they generally return them when you are released, and if they hold them longer are required to return them within 30 days if it's not part of an ongoing investigation.
If you are traveling internationally and want to protect your rights and your privacy, it's a good idea to have a lot of money so you can afford possible job loss due to detention, to pay for attorneys, and to buy new electronics if/when they are seized. This is kind of implied and somewhat explicitly said in my original comment.
Most likely random chance, but it’s possible it’s due to how many times I crossed that border. At the time I was doing contract work for a company in Canada but staying in upstate New York so was crossing the border nearly daily for several months, similar situation the second time but on the other coast.
You could say it’s random chance and the frequency of my crossings rolled the dice enough my number came up or that I was singled out due to frequent crossings being somehow suspicious, either way nothing really came of it as everything I was doing was business related and above board.
Which country(s) other than the US were the most problematic / worst? Personally I've had more aggravation at the Canadian border than any European country.
Many countries are worse to deal with than the US at the border during entry. Ironically, most of the worst ones are wealthy / "low corruption" countries, because they have well-paid, interested people at the border, who also don't like having their authority challenged in any way. The UK and Canada are both significantly worse to deal with than the US, probably my worst experience on entry though was Australia. IMO, the Australian government is maliciously incompetent at every level /and/ at the same time fastidiously aligned to their maliciously incompetent policies. A lot of folks in the West don't realize that Australia is closer to China than the US when it comes to digital freedom and privacy.
All the less-wealthy and "more corrupt" places I've traveled were far easier to deal with at the border. It's happened so many times I've lost count that the border agent didn't even look at me /or/ my passport before stamping a random page and yelling "Next". This doesn't happen in countries where the person at the border is well-paid and engaged in their job, it happens when they are bored, disinterested, and just want to go home. With one exception, all my worst border experiences were in wealthy countries. The one exception I won't discuss in detail publicly, but it was while leaving, not arriving, and at any rate wasn't due to their border agency but rather their secret police mistaking me for a journalist.
Another observation I have is that only foreigners really get the worst treatment, so this may be why I haven't felt so badly about the US CBP, while I hear from my non-American friends and acquaintances that the US is the worst one to deal with. I'm sure any citizens of the countries I've mentioned will be quick to defend them in the comments in reply. After all, when you're a citizen, it's generally pretty painless to get back into the country of your citizenship. As a foreigner you face more scrutiny and have less legal protections.
I'm Canadian and lived in the US for 5 years and crossed back and forth at least once a month.
I agree, Canada's border crossing is worse.
I've crossed the US with underage children without their mother present several times.
US customs hauled the kids out of the car and took them to a secure location and asked them where they are going, if their mother knows where they are, etc.
This makes perfect sense and I'm glad the US customs officers took the time to do this. They are doing their job, preventing child abductions, etc and it was outstanding to see it being done.
Entering Canada it seems they only care about one thing : What do you have they can tax you on.
I wont be surprised to see the day when Canada measures how much gas is in your car, and if it exceeds an arbitrary amount tax you on this too.
I think at this point, if I were to travel internationally, I would not bring my EDC. I'd buy a cheap phone when I arrived at my destination and just chalk it up to travel expenses. I would tell everyone I'll email them my phone number when I get to my destination in case of emergency.
I'd rather that complication than have some 'roid-redneck at the border capturing data that's really none of their business.
I’m also curious whether the copying device works with all models. If I went back to my old iPhone 3, for example, would they still be able to snag a copy? Might their surveillance be foiled by want of a dongle?
Edit— From the photos posted further down thread it seems like they’re armed with every imaginable dongle...
95% of my 2FA accounts are TOTP. My issue is that not all providers give me printable backup codes - some just say "get two devices!" and that's just not reasonable for a variety of reasons.
My work-based 2FA is tied to my phone and is non-transferrable. If I lost my main phone without switching the 2FA install while logged in, I'd have to go through a recovery process.
Culprits: RSA Authenticate and Okta Verify.
My personal accounts that have 2FA are all backed up with Authy.
>My work-based 2FA is tied to my phone and is non-transferrable.
If that's the case with your workplace, do they issue you a phone to use for work-related stuff.
If not, why not?
Your personal device shouldn't be required to do work-related stuff, IMHO.
I'd add that since there's work-related stuff on your phone, your employer can restrict what you do/don't do with that phone and subject your personal device to its corporate policies via Mobile Device Management (MDM)[0] systems.
Even more, if you ensure that work-related stuff isn't on your personal device, issues with either device won't impact the other one.
I realize that it's out of fashion these days to keep one's work and personal lives separate. But IME, doing so is generally a good idea.
I don't have MDM on my phone (no alt-roots or anything). "Just" the 2FA, gmail and Slack. But I agree, I'm tempted to get the work stuff off and onto an old phone just to have the mental separation.
>I don't have MDM on my phone (no alt-roots or anything). "Just" the 2FA, gmail and Slack. But I agree, I'm tempted to get the work stuff off and onto an old phone just to have the mental separation.
Gotcha. I encourage you to do so. I'd further encourage you (if this isn't the case already) to have your employer pay all costs associated with that other device. As it's their requirements that put you in this situation.
I print backup codes where available, but some providers don't offer it and instead instruct me to have two devices. Do you maintain 2+ devices with your 2FA codes? Do you carry both devices everywhere? Or just when you need to add a new 2FA code to Authenticator?
Unless this sort of thing gets corrected, it will be used in corrupt ways and to enforce tyrannical laws / regimes.
Did much of the progress in the past that led us to today's democratic institutions involve law-breaking, strictly interpreted, of the law of the day? Would too-effective, too-cheap enforcement have prevented that progress? I know little about history, but I suspect so.
I often buy a cheap pay-as-you-go phone in my destination country when I travel (mostly because I think something internal is funky with my phone, despite all arrangements being made and plans authorized with my carrier for international travel/service, the damn thing never finds signal), I may just start leaving my own phone at home when I do so.
Zuckerberg is illegally interfering with elections in Washington state and elsewhere. Honestly this is mor concerning. As we've learned over the past year, there's no recourse for private infringement of human rights. At least with the government you have someone to complain to
And I'm still waiting for someone to explain how that works with employer gear.
I'm guessing my corporate compliance team will not be pleased if I tell them someone made copies of all the companies data...even if it is uncle sam.
Like what does one do in that situation? Can't really agree. At the same time US border staff is not known for their understanding nature when it comes to saying no.
If they are concerned they will do what many companies do when going to places like China. You get issued a new laptop for the trip who's only job is to act as a remote terminal to a system that doesn't travel with you.
>There's not much more you can do in that situation.
Indeed - and yet that is an entirely unworkable situation. e.g. The stuff on my laptop is covered by three countries' regulators/boards of directors/jurisdictions, none of whom will be understanding if I tell them the border stasi copied all the data ably assisted by yours truly with decryption keys
Very much doubt I'd still be employed even if innocent & had no choice
>Revoke keys
With financial data once its been duplicated it's gone / out in the wild.
Yes, they do, but not all people carry laptops where pretty much everyone will have a smartphone. There have been references to Cellebrite devices which target smartphones. So when all you have is a hammer, you focus on the nails.
There are stories online of people having a "travel" laptop where they fill their USB/Thunderbolt ports with epoxy or similar to prevent device connections by anyone not just at border crossings.
If the border guards see that your laptop has epoxy in the ports, and that by definition you are using this technique for privacy-averse countries, sounds like you won't be making the flight any time soon.
What border guards have you seen that would inspect a laptop that closely in the first place? I fly relatively frequently and all they care about is that it's kept in a separate bin to the rest of your luggage, no one looks at it upclose(also you can damage ports in a way that isn't visible on the outside).
99% of my flights have been exactly like this with no device inspection, and I've been in multiple autocratic countries. What I meant is that if they are at the stage where they are looking to plug into your laptop, having the ports blocked like this will immediately cause problems for you in countries where blocking your ports would be useful. It's a catch-22
Ah, I see - sorry I misunderstood. I thought the comment meant that you'd be stopped from boarding the plane in the first place if your laptop has glued up ports.
Nothing exciting or worth sharing to be honest. Anxious hours spent in the airport followed by entry denial. There were no real consequences other than stress in the moment and the inconvenience of having to re-book a ton of things.
Pulling out the hard drive might be effective if it's 2002 or something. If you have a modern laptop like a MBP, then the drive isn't really removable. If you were to remove it, the use of encryption linked to the T2 chip makes the thing useless.
… and then physically destroy any device border agents touch.
Also, make sure the device doesn’t have any credentials (especially avoid work SSO, Google and Apple credentials) on it, or things like signal, iMessage or RCS installed.
I wonder how much trouble I would get in if I broke my phone in half before handing it over to the agents. I can't imagine it would go over well, especially with the damaged lithium ion battery and broken glass involved.
The reasons stuff like this happens is because there are no punitive repercussions such as jail time for the officials that oversee the programs. All that happens is a judge eventually strikes it down. This needs to change.
This is tangential to the content of the article but this site's data protection consent pop-up (not sure if this is EU-only) is actually an own-goal when it comes to EU GDPR compliance:
If you can revoke consent for "legitimate interest", it's not legitimate interest. Legitimate interest is a legal basis for collecting and processing data without explicit consent (i.e. it's an alternative mechanism to explicit consent and you can merely inform the user of it, not ask them to consent to it). If you can opt out, it's not legitimate interest. And if it's not actually legitimate interest, you have to make it an opt-in option like the other consent prompts, not an opt-out (tho at least this site doesn't make you select them individually).
I'm not sure what marketing firm convinced publishers they could use "legitimate consent opt-outs" as a fallback for the consent many people probably don't opt in to, but their advice is flat out wrong at best and illegal at worst. They'd be better of not providing a detailed consent popup than doing this because the former at least allows them to claim ignorance whereas this clearly demonstrates an attempt to circumvent consent requirements. Not to mention the current state of the law explicitly requires them to provide both "opt in to all" and "opt out of all" options without additional clicks and dark pattern shenanigans (i.e. they have to be equally prominent and the same color and design).
Also if you find these popups annoying keep in mind that there's literally no legal requirement to have a consent popup under the EU GDPR. You don't even need one if you use cookies. The only reason these sites need them is because they use third party embeds, resources and scripts that set non-essential (e.g. tracking) cookies or want to record/process user data (e.g. for targeted ads). It's the death pains of a failing business model that's making this annoying for you, not the law.
we need to end this useless security theater. only a matter of time until a bad actor gets ahold of this massive database and sells it off to the highest bidder
As a foreigner to the US I see this as a simple display of power: See how powerful we are over you, we can and will exert control over you, your data and your belongings. If you want to enter our Empire you will belong to us and will allow us to plug all your orifices.
No way I felt like that when travelling to the UK or to continental Europe.
The real answer is to avoid traveling there. Empires crumble when they become irrelevant. And for US citizens, they should definitely strive to create a society with more freedom and privacy for them. But only if they want that, which doesn't seem that way nowadays.
There's a social stigma here about being too vocal about this sort of thing, at least in the circles I encounter in California. You are either wasting your time or are a bit of a paranoid if you worry too much about these sorts of things. You even still see it here on HN, where people will pull out Hanlon's razor as some sort of proof that this sort of malfeasance doesn't exist.
there should be an unlock code, that if entered, wipes and writes over all dram bits with random data, including the OS and a big fuck you to gov types that want this data
Did some thinking about this- Here's something no one has every ...thought of it seems-
Right now, from a steganography standpoint, there's no real way to be secure from this sort of thing. US Customs, or another country , from a tech standpoint. Yes, the cloud, though not everyone will have resources to access enough space online to keep their data secure - or be able to properly make a usable copy or image of their device that includes every aspect of their device, for a complete , fully restore later
-Why aren't there more plausible deniable, or just, stealthy encryption options? It appears, there's nearly NONE today for these advanced used cases.
Veracrypt is known for it's hidden features -but those are ...dangerously approaching obsolescence. Their Hidden OS option- ONLY works if you've formatted your system to MBR, not UEFI- otherwise you can't use the Hidden OS option.
Are you telling me for every laptop you buy form here on out, you'll format it to the old MBR standard to use the Hidden OS option for your personal laptop that you want to take on a trip- or need to?
And sure, you can just put important data in Hidden Volumes as a fallback- but then you come to a common fight today in the tech world of system vs file level encryption. And sure, just hiding what is most crucial, is perhaps better form a standpoint of sneaking by- but is it truly now impossible to hide everything else that's not as important, by default? Furthermore, you have to wipe traces of the material's location where it was BEFORE you copied it into the hidden volume. Did you also eliminate all traces? Windows Shellbags are a thing, that nearly no one knows will be a smoking gun..
Veracrypt doesn't work on Mac or Linux with it's Hidden OS option, just volumes.
But i've heard nothing since- and right now, all your data will be at risk from your computers ,phones ,and tablets, when you go through Customs- even if it's encrypted, they'll hang on to it, and image and copy the data. If you refuse to provide encryption passwords, they'll potentially keep it and not return it to you in all cases. This is where the deniable systems would come into play- where you'd be okay, if they just unlock it. Now if they plug it in and image it regardless, you're at risk because theoretically they could be running exploits on your device(they won't let you watch them imaging it so you can'tverify that ever)
-encrypted data will be unreadable here, but it's not as good as if they can't tell it's hidden, from a imaging point when they plug in a Cellebrite or Greykey device and have it run it's exploits to get everything.
And i do not see the Forensic Security community often giving recommendations on what it takes to get around this, i think this leads to the public being at the mercy of officials-
This will become very destructive also, as this will become a precedent. Imagine Southern States checking devices like to look for evidence of abortion information-searches, for example. Imagine Abortion getting federally banned, and then customs checking for mentions of abortion .
- Technical solutions aren't a full solution, as the EFF loves to hamper on- but it appears everyone has given up with efforts to even provide them.
I suppose if you want to stand a chance, you need to go become a expert on disks, and forensic techniques , in order to then even have a chance at experimenting on how to get around that- and if that sort of privacy ,security, and plausible deniability cannot be brought to the masses at large, the way Signal did for encrypted communications, ...
How is an elected representative a dictator? About half of the US population voted in 2020, something like 100x the proportion of the population who voted to elect representatives at the time of the constitution. By any standard the US is far more democratic than it was then. I do agree that things should be more democratic now though.
Enjoy it while you can, Moore v. Harper is up for debate in the Supreme Court this year, and it appears to be in favor of this (insane) idea that voting is no longer a right.
Some states don’t vote for their representatives, moving forward.
Seriously, go watch the speech, then you don’t need to speculate about what the executive branch thinks about veiled threats for violence and domestic terrorism, or what I’m advocating for. Here’s the official transcript:
MTG successfully argued in court that since 1776 is emblazoned over the threshold of the court, that references to the American Revolution are built into our judicial system.
This program predates Biden. The fact that the Biden administration is cooperating with the senator (a Democrat) suggests the Biden administration doesn’t support the program very strongly.
Most of this stuff was enabled by the patriot act, which was pushed through by George W Bush. Also, the Republican controlled Supreme Court recently ruled it is legal for states pass laws that explicitly ignore vote tallies moving forward.
If you want the US to be a democracy moving forward, I suggest you watch Biden’s Sept 1, 2022 speech. It touches on these issues.
Phones will often contain data that can facilitate theft and fraud if ending up in the wrong hands. If they're able to copy everything, including private data from all apps that could be quite bad. For example many countries now use apps to login to online banking, with private keys for the login stored in the app. Will that be copied? Will it ever be found out if one of the 3000 government officials with access to this data sold it on darknet markets?
Maybe some months after your travel you suddenly wake up one day to find all your money transferred from your bank account to some account in Nigeria.