In my country just refusing to unlock your phone instantly labels you as a terrorist (coup organiser)

We did got past all of those (!)

Ps. I live in Turkey

How do multi-account devices fare under these rules? What if I only have access to account A and not account B?

What if unlocking the device requires a security key that I do not have with me?

My intuition is that they'd still treat that as though I was impeding their search, but I wonder legally if it changes anything.

This is a good time to review the guide provided by the EFF:

https://www.eff.org/wp/digital-privacy-us-border-2017

They are also cancelling ESTA for security professionals without warning and the resulting visa application gets stuck in administrative processing for months due to a security flag.

I think this would be a good opportunity for Apple's legal department to do something. Maybe help the ACLU with it's case against the Department of Homeland security.

Dupe: https://news.ycombinator.com/item?id=19558161

Perhaps this is very cynical, but shouldn't they also be able to use airport security camera footage to figure out passwords?

Honestly this is one of the best use cases for multiple profiles on a device.

They want entrance, just grant it to a sandboxed environment.

Chilling, and Kafka-esque. As it happens I'm not convinced that the reason for his being detained had anything to do with him being a Trump critic and Democrat donor, contrary to his claims in the article, but more likely it's some lifeless bureaucrat/computer program or both putting a red flag on his file for some esoteric reason, very possibly connected to his work and writings on online privacy.

The lack of transparency on the reasons for detention are the real problem. Josef K never found out the charge made against him either.

(edit -spelling)

Hmmm it's almost as if the land of the free has some sort of social credit score program?

I prefer increased crime over dealing with shit like this.

I love the creative writing and entitlement that comes through when someone has been wronged.

> Ex-Mozilla CTO

Has no more or less rights than anyone else.

> Techie says he was grilled for three hours

Clearly click bait 'grilled for three hours'. Not questioned but 'grilled'.

> "There I quickly found myself surrounded by three armed agents wearing bullet proof vests."

So what? Of course they were armed. Of course they had bullet proof vests. The sole purpose of using words like that (by a writer) is to get the goat of anyone reading and have them all up in arms about INJUSTICE of one type or another.

> They started to question me aggressively regarding my trip, my current employment, and my past work for Mozilla

What do you think? They should act like the concierge at the Four Seasons? Of course they are going to be aggressive. That's law enforcement attitude and there is a purpose for doing so.

> Given the devices were emblazoned with big red stickers reading "PROPERTY OF APPLE. PROPRIETARY," and he had signed confidentially agreements with Cupertino, Gal said he asked for permission to call his bosses and/or a lawyer to see if he would get into trouble by handing over access.

This is total BS. You don't need your bosses agreement when a request is made from Law Enforcement at least not because you signed some NDA etc. Fine that he attempted and asked. But the reason is weak.

> and threatened him with criminal charges should he not concede to the search

Cops are allowed to lie. Not sure what the story is with border agents but possibly the same. That is how they often get info.

> "My past work on encryption and online privacy is well documented, and so is my disapproval of the Trump administration and my history of significant campaign contributions to Democratic candidates,"

He is living in fantasy land here if he thinks there is some list of people that are being targeted for that reason. Not that it could happen but highly unlikely. It would take an entire Nixonian operation to pull that off. I think more likely since he came from a former communist state his thinking goes to this type of paranoia.

> Now, Gal has enlisted the help of the ACLU to probe into the brouhaha, and determine whether his civil rights were violated.

Yes everyone is looking either for more internet fame or a payout. Not sure why he needs to save the world and belabor the issue. Just move on and don't waste time.

> "Furthermore, CBP’s policies lack protections for First Amendment rights by allowing interrogation and device searches that may be based on a traveler’s political beliefs, activism, nation of origin, or identity."

Sounds like typical ACLU behavior for more publicity to aid fund raising (story on 60 Minutes):

https://www.cbs.com/shows/60_minutes/video/cm_lFZDERHcELSPw2...

ACLU got into high gear over Trump and sends out letters literally trying to raise money (I received one) clearly mentioning in so many words to take Trump down. Not the same organization that it used to be. On the 60 Minutes story iirc a former head of ACLU was interviewed and bothered by the current behavior.

So really,

"Apple employee gets mildly harassed at airport because of proprietary confidentially agreements" with

"A terrible, terrible tragedy, non US-citizen travellers agree" as a byline.

The main thing of interest here would be that maybe Mozilla should employ better hiring practices.

He was detained, not arrested. Miranda was unnecessary in this case.

> Make sure your devices are turned off prior to even leaving for the airport.

Security may ask you to turn them back on, not to search them, but to verify that they are actual working devices, and not a bomb.

Given their reported membership in the Five Eyes, I don't see NZ as a place to be. https://en.wikipedia.org/wiki/Five_Eyes

Under the terms of the UN Treaty there are actually certain non-residents that the US cannot refuse visas and entrance to.

Yes. The courts will suppress any evidence that's not gathered legally, but aside from that, officers' qualified immunity protects them from all but the most obvious infringements

The same is true with a Bill of Rights.

The government does what the government wants. If you're lucky, later a different part of the government will apologize.

A bill of rights may reduce the odds that those enumerated rights are denied to you, but it cannot prevent it.

Officers need articulable facts for reasonable suspicion. Not consenting to a search is explicitly not grounds for reasonable suspicion here or in any other context

>Cotterman's previous conviction justified a search

...and there you have it: He's done something wrong in the past, so - of course - he must be doing something bad now - forever and always!

Paracha's detention might be unjust but it's only indirectly related to this thread. He is not a US citizen.

Not a US citizen, so not relevant.

mikeash was talking about US citizens; Paracha is Pakistani.

He's not a US citizen.

No, none that has been presented.

Makes what such an issue?

To point that while the threat that they'll hold you might not be real, they can still fuck you over in some ways...

He expected me to, so yes, I guess?

I feel like there's a difference between "lying about the facts of an investigation, including what they know or don't know, during questioning" and "misrepresenting the rights of the accused."

The latter feels like a serious problem that should get rectified.

If you show that you cooperate yet you can't provide access to anything (because your phone is empty for example) they may treat you better or - if you're a foreigner - not deny you entry.

He asked, on a US website, using US invested technology, on a US written application.

Please let's not kid ourselves, the US rocks!

I used to say that until I started doing sports competitions and had to travel there repeatedly. I was admittedly worried because of my ethnicity but it went fine (a Canadian passport and NEXUS membership might've helped...you also wouldn't find much on my phone other than sports memes, as much as I care about my privacy).

Similarly in the game development community, lots of people complain about customs but then go to GDC every year.

I guess my point is that as long as America continues being a pillar of the world, people (like myself!) will continue putting their principles aside and comply, and the system will have no reason to change.

I hope you'll last longer than I did. :)

Edit for clarifications.

Contracts, or at least clauses within contracts, which require a party to break the law are not valid.

Yay for getting protection from your local Lord or Knight against the King. Sad if it’s come to this.

Reading a story like this, which is based entirely upon the information provided by Gal, and drawing any widespread conclusion about travel into the US is utterly irrational. From this story there is zero ability to determine if it really happened, or assuming it happened, you have no idea what the actual interactions were like between Gal and CBP agents.

Some of the facts presented don't even make sense. You don't take the fifth when refusing a search. You're relying on the fourth amendment and refusing to consent to a search. Searches like this having nothing to do with self incrimination.

And also Australia and the UK:

https://www.abc.net.au/news/2018-10-08/if-a-border-agent-dem...

https://techcrunch.com/2017/09/25/traveler-who-refused-to-gi...

It seems to be mostly a Five Eyes thing.

Countries often have reciprocal arrangements regarding how they treat each other's citizens. If your country treats country X's citizens like crap, odds are country X will start treating your country's citizens like crap too.

Because of this, it's likely that the world will likely spiral to worse and worse treatment of everyone. As the saying goes, an eye for an eye and soon the whole world is blind.

Yup! Not sure why Canada gets to slip under the radar on things like this. They are demanding access to devices as well.

“On the other hand, we’ve got very recent case law from the Supreme Court of Canada, starting in about 2010, that says you’ve got an intense amount of privacy in your electronic devices."

If he went all the way up to the supreme court instead of taking the plea deal, the story might have gone the other way.

Well if CBSA continues with this practice I hope it ends up with a lawsuit and gets shut down by the supreme court.

Is it a risk if you stay in the airport, in the secure zone? (Whatever it's called...I've flown rarely over the past couple of decades.)

Another anecdotal point, in the past few years I've entered the US a dozen times, China, SA, Australia, Canada and some European countries outside my native France, and I've never been asked to unlock my phone once. I always get the fingerprint treatment at LAX though.

I was asked to unlock my phone trying to get to Canada as a US citizen too.

What are they even trying to find on your phone?

Are these kinda searches that common?

Pro tip: on newer iPhones with either Face ID or Touch ID, holding the sleep/wake button and the volume down button for some time puts the device in a mode where Touch/Face ID are disabled, the phone is locked, and the device passcode is required to unlock.

> But never decrypt. If this results in you missing your flight, so be it.

Why? Is that more important to stay locked than miss granma's funeral, or more positively, 75th birthday?

> there have been plenty stories and comments on HN, as well as other places.

We have ZERO data on the probability of this happening to someone. What we do know is that when it happens to certain people and they have some kind of notoriety or the ability to get noticed we hear about it. That means there is a non rational reaction from people which makes it seem like any one person stands a large chance of having the same experience. Obviously they have not the time or resources to doing this on any widespread basis. Hence it's a small risk. Ditto for that matter to letting them see what is on your phone. Don't want to sound like the 'if you have nothing to hide' guy (Eric Schmidt) but honestly is it such a big deal? [1]

[1] By that token I have no clue why people would allow complete and total strangers access to where they live (or drive them) which to me seems like a much greater risk. (Not saying the OP did this).

I'm a US citizen, and my worst experience has been with Canadian border patrol (I'm not saying this is general, just my experience).

>No, you can't have the password to that. Yes, I know, you can hold it indefinitely.

I have a hard time believing that an audience that finds buying a car stressful (as is often stated in Tesla threads) is going to demonstrate assertiveness to a real authority...

No it's not but this kind of issue tends to happen more frequently in the US.

> Walt Disney World will still be there in 2021

Border policy won't change by 2021 either, at least not for the better.

> Walt Disney World will still be there in 2021.

I think you'll have to wait awhile. These policy tools have been under both parties starting with GWB far as the initial PATRIOT Act (I think?). Right now, we're at a point where the USA might, but unlikely, go back to an isolationist policy far as borders.

At a meta level, this is a debate around internationalism vs globalism. Currently, Earth is in an era of internationalism. There is a desire by lots of people to move towards Globalism.

Even if a Democratic regime takes over in 2021 I promise you it will be no different. One of the largest expanses of the surveillance state was a consequence of the previous President, and there is no reason to believe that won’t continue into the foreseeable future.

> Any device that you lose physical control of during these encounters must be presumed to be compromised and should be physically destroyed afterwards.

Seems unwise to destroy evidence. Find the rootkit, or have your employer or security researcher do so, prove it's existence, and sue the Government.

But yes, definitely get a new laptop.

What do they do if you say no in this situation though? Escort you home and inspect your desktop computer there? If I were to tell them that I carry a travel laptop/phone with no information on, there's little they'd be able to do about it unless that in itself was somehow made a crime.

You can be as honest as you like. Or just say you don't take data with you when you travel. For security reasons. If it's work related, this is trivial to justify: company policy, trade secrets shouldn't fall in the wrong hands, etc. And even if private, phone theft and identity theft are serious concerns.

I would hope that admitting to deleting data is not admitting to a crime. I delete data all the time (old emails, texts, pictures, etc...)

Say, "yes I wiped it in case it got lost whilst I was travelling"?

yes, I'm not importing that data to the USA?

I know that at least one big German chemical company is doing exactly the same for US trips, because they have evidence of industrial espionage attempts against then. Executives that have to go to any non-European country get a clean laptop, with nothing but the VPN client installed and access is only enabled after the traveler has reached the destination and has called and given a verbal "all good". On return the laptop is not connected to the internal network, but wiped clean.

The last company I worked for (quasi-government) would issue special temporary laptops and blackberries for international travel. You were not allowed to take company devices outside the US. At one point they brought someone in from the CIA to basically scare us with stories of how your devices will be targeted at the border, or even by someone breaking into your room when you are not there.

Most countries aren't that invasive, but it's pretty clear that a visit to the US justifies issuing a special "US" laptop now.

I'm actually wondering what happens if I'm ever asked about Facebook credentials when travelling to the US.

Fact is: I don't do Facebook, nor any other Facebook product, so I'm really not able to hand over any such credentials.

Say that you take a burner when traveling abroad because you don't trust foreign governments to accord you the same civil rights protections against unreasonable searches that the United States does.

They are just cheap smartphones these days. Do they really profile people because their smartphones look too cheap?

There isn't data on this. This incident likely wasn't logged in any way. CBP is a rogue agency and the least transparent. They don't respond to FOIA anymore either.

>Canada is not exactly welcoming to visitor. Particularly visitors that may have a mark on their background check from any number of years ago.

Not a bug, working as intended. Entering a country that you aren't a citizen of isn't some inalienable human right, especially if you're a convicted criminal.

Pretty much any country does this. Unless you're a citizen of that country, you have no right to enter it and should be on your best behavior at all times, and they can decline you for any reason they feel like, justified or not.

Americans who have concealed carry permits on their person when entering Canada will have their vehicle searched with a fine toothed comb.

Maybe, but you can also hand those over to a trusted party. Would be nice if email services lets you lock your email account until a trusted party unlocks it again.

For a lot of websites (like Facebook), that's a violation of their ToS and I'm not sure they can ask you to break a contract.

It's not that it's legal, is that you have no way to hold them to account when they do.

On a related note, car rental places now email me the contract and rental documents by default, I receive no paperwork unless I remember to ask. The problem didn't register with me right away (It was so similar to what hotels do when you travel, all paperless now) but the last time I returned the car I asked them what I was supposed to do if I was stopped for a traffic violation. "You can open the email from us on your phone and give it to the officer" they suggested. I recommend everyone ask for a printed contract instead.

As an aside, on iOS, the airline apps I have used work like the Wallet app and are visible on the lock-screen, the device must be powered on but remains locked when you display your boarding pass, etc.

I’ve been using mobile boarding passes exclusively for the past few years and it doesn’t even remotely work in the way you describe (within the US, at least; cannot comment on CBP).

1. There is no special app you need for mobile boarding passes. It has always been either a PDF or a PNG file emailed to you.

2. I was never asked to hand over my phone to TSA agents at any point. They just ask you to put your phone with the boarding pass QR code displayed over a QR scanner. At no point the phone leaves your hands.

Perhaps I was unclear, I was asking if they can confiscate your stuff and send you back without it.

Instagram is still Facebook.

In the US, an NDA can't be used to conceal a crime.

You forgot "any international airport" on your list of ports of entry used to determine the 100-mile constitution-free zone.

> [100-mile] border zone is home to 65.3 percent of the entire U.S. population, and around 75 percent of the U.S. Hispanic population

Or an international airport. Sorry Denver!

> So if you live near the any ocean, Great Lakes, the Mexican border or Canadian border, you live under a different set of rights than the rest of America.

Interesting. You'd think that "real America" was just a turn of phrase - turns out that it isn't, that there is a Real America and that it does care far more about protecting individual rights.

A forensic search would require reasonable suspicion. I'm not aware of any legal weight attached to batteries - what's the legal precedent you're thinking of?

Better, have a secure server at home and ansible playbooks to set up laptops (including getting any minor secrets that you need onto that laptop. Restrict more important stuff to just ssh).

If your threat model doesn't include physical tampering/rootkits, just wipe your devices pre-travel and set it up when you get where you're going. If it does and you can afford to mitigate that risk, arrange to have cheap new devices at your destination and travel with nothing.

Nah , just backup and then wipe all your devices and then restore them after customs. (Kevin mitnick does this).

How do you find a rented laptop trustworthy?

This is often called "sterile transit" (the ability to depart the airport without passing through immigration), and the U.S. and Mexico (and apparently Canada) don't allow this, while generally European and Asian countries do.

https://wikitravel.org/en/Avoiding_a_transit_of_the_United_S...

Let me put things into perspective for you. Cops raided the wrong house (battering ram and everything) which happened to be where I lived. They ripped up floor boards and broken holes in the wall -- they found $300 worth of personal weed. So they confiscated everything I own because it could possibly be related to drug money. I'm also incarcerated without the ability to post bail (because cops just took everything). I wasn't granted personal recognizance bond, it was $50,000 -- my family takes this as a sign that I must be guilty of whatever they say so I have no access to money for bail or for a lawyer. So I did my own case work while I sat in jail for 3 months, got a different judge to finally give me a personal recognizance bond, pick apart the prosecutor and detective at later hearings/motions, and finally leading up to the day before a jury trial (for two felony charges). I was offered a better plea and took it -- everything leading up to this point was so fucking asinine that despite all the headway I made I could not trust I would not spend years in prison. Its quite clear they did not want to look like idiots after getting a warrant and executing it in force based entirely on some 17 year old kid told them while being interrogated himself.

I'm only a criminal to someone like you.

Let’s imagine, hypothetically, that a visitor came to the US and had a permit from their country of origin allowing them to own and travel with slaves. Would border patrol be justified in giving them extra scrutiny to see if they might have one with them?

But having a CC permit is an announcement that you own firearms, and you’re in the habit of carrying them on your person. It makes sense to check this person for firearms, even if to make sure they didn’t accidentally bring one out of habit.

It seems (ha!) possible to design the logic for such a system with deniability, like the system has to use the second/third/fourth password to attempt decryption before you know if the padding is encrypted or random noise [if the specific encryption has a signature then each install could encrypt the empty space with a few keys taken from urandom].

First password accesses clean files, second one accesses dummy [legal!] fetish porn collection ... do border guards hold you to get a third password?

An analogue analogue might be: I have a book full of "random alphanum text", I have two (or more) one-time pads for decryption of portions of the book, I also know the page/line the actual cyphertext starts at. The rest of the text in the book is random quotations encrypted using a selection of further random one-time pads. Can forensics find that there is a "hidden" n+1 plaintext when I give them the n pads and starting points? Seems impossible??

To be pedantic, unless you flashed coreboot it's not your own firmware and if you aren't using an open hardware laptop then it's not really your hardware either.

I was flying from Seattle to Rome with a connecting flight in Dublin. In both Rome and Dublin I had to go through immigration (that is, present my passport) and in Dublin I had my carry on X-rayed again. Upon arrival in Rome, after clearing immigration I had to go through customs, which is to say I walked out the "Nothing to Declare" portal.

Reasonable suspicion is a legal standard that requires articulable facts, not a whim. Courts regularly hold that officers didn't obtain it.

For more: https://en.wikipedia.org/wiki/Reasonable_suspicion

"Reasonable suspicion" is a legal term. In this context, a CBP officer would need to have evidence that would lead a reasonable person to believe the item to be searched is illegal to bring into the country, or contains something that is illegal to bring into the country. A hunch is not sufficient; it requires objective evidence.

Reasonable suspicion is not required for every search at a border crossing, and the Federal circuit courts are split on whether it is required for a forensic examination of a mobile phone at a border crossing. The 9th circuit has jurisdiction in this case, and has ruled that it is required.

>What you are really saying is that you think countries have very good reasons to keep people that are not well off from entering.

Well, yes. As far as immigration goes, the policy of most non-US western countries is primarily merit-based or if you have money to invest in the country. If you aren't educated and productive and you're not a legitimate refugee, why should a country let you in? How does the country benefit?

Canada has a generous welfare system and social safety net that that would likely be unsustainable if it let in sufficient number of people unable to support their own benefits. Even if you hold the view that drug use ought to be a public health matter and not a criminal matter, there's a limited amount of immigration that can be sustained without overburdening these services and why let in a drug user when you can let in a doctor or engineer?

In the case of tourism, it's just about limiting risk of someone overstaying their visa.

> But when they do, courts will suppress the evidence

Not if the violation was done in “good faith”:

https://www.law.cornell.edu/wex/good_faith_exception_to_excl...