1. Any malicious person savvy enough to pull off a crime of interest to the Feds is smart enough to provide a wiped or burner phone to DHS/ICE, and they have to know this. So, what is the point in doing this if not to target law abiding citizens.
2. USGOV has a spotty track record of keeping this information secure. A foreign actor is likely to access this info eventually. As one former government official once joked many years ago - concerning Chinese hacking - "Well, its probably more secure in the CCP's data center, so I wouldn't worry."
This is the problem when a non-technical generation makes the rules and regs. Luddites ought not be permitted to ascend the GS ranks.
This isn't even remotely true. See for example the recent Anom honeypot[1]. Criminals do more or less the same things that ordinary citizens do, and often have strictly worse security practices because they believe "ordinary" things are weaker. This makes them great targets for snake oil.
That being said, I agree with (2). It's simply an unnecessary risk to keep this much data around for this long.
[1]: https://www.vice.com/en/article/v7veg8/anom-app-source-code-...
The powers these agencies have is far in excesses of what they need to do their jobs, and it is going to be abused. These aren't particularly upstanding people, they're the sort who think DHS/ICE represents an ideal that they are OK with.
Selection bias is the most powerful force in the universe.
This is a "survivor" bias fallacy.
Statement is 3 words too long.
The entire news article could be fake and it will still be effective.
It's the old rule known to governments all over the world - there is no such thing as an innocent citizen, there is only a citizen who you haven't investigated enough. Call me cynical but storing ALL of your digital data allows the agencies to basically find something, anything, that will allow them to further blackmail you into complying. Even the most innocent person will have something that can be misconstrued as criminal, from jokes about tax evasion to pictures of your toddler in a pool - threaten going to trial if the person doesn't do X, and most people will comply, not because they aren't innocent, but because the might of the American justice system is such that you really don't want to fuck with it on the receiving end.
From driving 1mph over the speed limit, to skipping FBI warnings on DVDs, to countless other "innocent" infractions. If they look hard enough they will find SOMETHING. And that's all they need.
Generations pass and everything remains the same. We're all on the same boat, so why are people so quick to judge against those targeted for violations of a contrived status quo?
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
You'd be amazed at how many dumb things smart criminals/people can do. Maintaining proper OpSec is hard. It only takes one mistake to give the LEOs a string to pull to unravel the whole sweater.
Everything else, I tend to feel the same way as you. Just wanted to mention the OpSec part
https://www.bloomberg.com/news/newsletters/2022-09-16/chines...
It's similar to torture training in the US Military: they teach you that everyone breaks eventually, the trick is to hold out long enough the information you provide isn't that useful anymore.
Now take off your shoes and walk through the scanner.
As far as I remember, McAfee shared an iPhone photo with location metadata when he was in Belize, so American authorities were able to track him down.
The Silk Road founder had some sort of PHP coding error which led police to his San Francisco location. That is, you could simply visit the Silk Road home page and his location leaked.
So yeah criminals aren't better at SecOps. They're just more reckless than most people...
This is one thing that has always confused me about the data collection in democratic countries. I understand the appeal from an authoritarian perspective, but it seems that people don't recognize that this same data can be used as a weapon against their own citizens.
So you're left with three real options: 1) Minimize data collection, 2) Spend massive amounts of money on encryption, research, and constant audits to minimize the risk of data leakage (which will eventually get leaked in some form), 3) leave your population (and your political positions) vulnerable to manipulation by foreign and domestic entities that do not have the public's (or your) interest in mind. It seems like we're going with #3 but it even seems like a bad strategy for authoritarians. #2 seems better for that one. But #1 seems best for democracies and people in positions of power where power is not highly centralized. (Can we at least get homomorphic encryption and learning algorithms?) But I guess these same people are still under an impression that a backdoor doesn't work like any other door: that anyone can use a door as long as you can figure out how to break or crack the lock (which always happens).
3. How is this legal? Is it legal?
If this is the doing of the "luddites" then I'm dreading the dawn of tech sawwy rulers.
No only problems with security. Flat out handing it out in forms of subpoena.
3. they took your phone and kept all your data
The millennials hold the power these days. If you consider them non-technical, I'm not sure there will ever be a technical generation...
Which may be a fair assertion as I work with a lot of people in the tech industry who wouldn't even consider the issues you raise unless it was handed to them on a silver platter. If actual tech people aren't considering it, those who have other focuses in life certainly won't be.
The only power most of them have boils down to passive or active rebellion, and they are too busy managing excess grey pressure in most places while said grey pressure is actively voting against them.
Additionally, even millennials aren't technical at large. They certainly aren't technology preactive enough. Not even most developers are.
Phones will often contain data that can facilitate theft and fraud if ending up in the wrong hands. If they're able to copy everything, including private data from all apps that could be quite bad. For example many countries now use apps to login to online banking, with private keys for the login stored in the app. Will that be copied? Will it ever be found out if one of the 3000 government officials with access to this data sold it on darknet markets?
Maybe some months after your travel you suddenly wake up one day to find all your money transferred from your bank account to some account in Nigeria.
The chain of custody in these instances is basically one guy going into a back room by himself and hooking it up to a computer.
At the very least you should be able to have the contents of your phone independently hashed before handing it over to a potentially corrupt individual. They can put anything they want on there in that time and what recourse do you really have?
Literally no way to ensure that.
It's not just government officials with access, but government contractors and anyone that works for them, as well.
It must be awkward to be an honest Nigerian on Hacker News, since the country is famous for obvious online scams.
Last I heard he and his GF/wife (I don't recall which) were able to immigrate to Dubai, where he's continuing to work as a contractor for western clients, with an eye to eventually immigrating to Europe or the US.
I wish him well, but it is a damn shame that the best option for Nigerians who wish to engage in this type of work is to...leave.
If you get the chance to go to a Nigerian wedding, you definitely should because it is an awesome time.
Apple vs Android is irrelevant in this, there is no truly safe mainstream phone in 2022, period. Are people really that lazy?
I do manage quite a few financial things but for none of those phone apps is crucial and I use exactly 0 of them. There is ebanking login app, but on its own its useless, another 3 factors are required for login. There is always desktop browser variant for everything, with firefox with ublock origin and few other plugins making internet a bit more as it was intended to be.
So yes US government can hack my phone if they havent already, they will see what kind of photography and travelling I do, which family members I write to, and some online shopping history. Thats it.
Phones are not secure and probably never will be for anything more. Anybody telling you otherwise is either dangerously clueless or worse
Because it's convenient, and security is a trade off with convenience. I use banking apps on my phone, and I suspect many (most, even) people here on HN (and who are technically savvy in general) do as well. That doesn't make it smart or good or correct, but I suspect that is the status quo.
I haven't traveled outside the US since before the pandemic, but these days I may only travel with a burner phone the next time I do so.
> Phones are not secure
Neither are laptops or desktops, or anything, really. Everyone needs to decide for themselves what level of security they're willing to accept, and what their threat model is.
Laziness has nothing to do with it.
Why? Three of my bank accounts cannot be accessed without a phone app, and some of my credit cards will not authorise payments without a phone app. It's not a choice.
Two of the bank accounts do have web banking too, i.e. from a desktop browser. But you have to use the phone app to authenticate the browser login! I found this out the hard way, when my phone screen died so I couldn't login to web banking on my laptop.
I called customer support, hoping to use phone banking to make some payments. They told me they could not do anything until I obtained a new working phone, moved my SIM or phone number over, and then they could transfer the authentication to the new device. Other than that, they had no options for logging in. It was fine to borrow someone else's phone if I wanted, installing the bank app on there, but I couldn't login without a phone.
I had to go through this again when the second phone died a few months later.
Now, I'm guessing you're thinking "use a different bank, duh!". Turns out I didn't have a choice of non-app banks when I needed to open a business account during the pandemic, in order to accept a contract, which I needed. My credit rating was not rosy either, greatly limiting which card services I could choose. Things are easier now, thanks.
Because my PC isn't meaningfully more secure.
Because in the overwhelming majority of situations, if that security is compromised, my bank will eventually cough up my money.
Also because I also expect neither Google, Apple, my carrier, nor the dab gum gubment is likely to rob me by...
*checks notes*
Compromising the banking app on my phone. Or my PC. Or my router. Or any of the other non-100% secure devices and processes I use to get through my life.
There's basic security precautions, and there's living in fear and paranoia, brought on by a misunderstanding of the threats you are facing.
You mentioned “hacks, 0-days and bugs”. I assume you’ve seen the news when big banks like capitalone got hacked. Do you believe your account is safe from any of these types of hacks because you don’t use their mobile app?
How do you justify using your phone to communicate with family members? After all, a hacker could use those people as an attack vector. Those communications, the family member email addresses, your photos and travel history and shopping history could all be used to profile you, profile them, steal your identity, etc
How do you justify using any technology whatsoever when it’s just such a scary world? Once you answer that for yourself, you’ll find the answer to your “why the hell would anybody sane” question.
Wth the various stories about what data apps seem able to access despite being totally unrelated to their core function, they appear to be a goldmine for privacy invaders (advertising companies) and scammers, hence why even semi-popular apps are targeted for purchase by unethicals to turn into personal data feeds.
I don't have banking apps on my phone. I don't need to move money immediately in any situation. And I still have more apps on my phone than I'm comfortable with.
It's all a personal choice about risk appetite, but for most people (not really the HN crowd) the risks are downplayed or unknown.
How do you transfer money to friends when you go out to dinner? At least in Australia, this is done via your banking app.
How do you withdraw money from an ATM? Again, this is moving primarily app based.
Your definition of sane may be security at all costs, but for most convenience and social norms trump this.
The only reason they could possibly be doing this would be because it is not quite feasible to store it for more than 15 years. Yet.
So now when I travel I just bring my “travel” phone with no sensitive data on it.
IIRC, I've read they can only hold your phone for 30 days or something like that, then they have to return it to you. They can delay an American citizen, but they can't deny entry.
Ever since then, I travel with a travel phone, make sure my photos are backed up when I cross a border, and shut it down before I go through border control. If they demand a password, I'll put up a little fuss and then let them take it.
Which countries agents? You were going from US to Canada. Were they Canadian or US agents?
No biggie, I had just finished my presentation and offered to let them use my laptop. The moment they plugged in the thumb drive with their presentation, my virus scanner went apeshit about something on that drive.
I kept that laptop disconnected for the rest of that trip, and nuked it once I was back home.
Once you've cleared the border, go to a coffee shop and download over their WiFi. Or not, if you're on a unlimited data plan.
That has the advantage of requiring only one phone but would definitely look like you were hiding something. So your approach of a travel phone is better.
As anyone else? “Your request to enter Canada has been denied”
[0]: https://www.aclu.org/know-your-rights/what-do-when-encounter...
Of course the official response is what you would expect:
“CBP officials declined, however, to answer questions about how many Americans’ phone records are in the database, how many searches have been run or how long the practice has gone on, saying it has made no additional statistics available “due to law enforcement sensitivities and national security implications.””
Where does policing end and national security begin?
Oh well, I'll buy a thin-blue-line flag for my lawn and sleep easy, trust the good-guys.
There’s nothing more American than spying on your own people and blaming it on terrorists.
But as a practical matter most people don't want to spend an extra hour or hours or even extra minutes going through a more detailed search for contraband or whatever else. Most don't want to, aren't ready for and/or can't afford having electronic devices held for days/weeks before getting them back. A lot of people simply don't know their rights. So without an explicit exemption a lot of Americans undoubtedly would submit "voluntarily".
So the ACLU isn't wrong (and their actual page is appropriately more nuanced [0]): Americans aren't "subject" in the legal sense to this, or to any other questions beyond what's needed to establish citizenship. Having done so they may politely insist on entry and refuse anything else, demand to see a supervisor if an agent persists in unconstitutional questioning, submit any property required while in response demanding receipts and pursuing complaints or legal action afterwards (or both), and at the end of the day the CBP must put up or shut up: let them through or arrest them, and for the latter will have to meet the legal standard and it'll all play out domestically. But at the same time the financial and other burdens this imposes are very real and serious.
Best practice would be to go as "clean" through the border as possible, preferably with a dedicated phone that only has minimum necessary travel and navigation data on it and nothing else, no logging into any personal accounts of any kind, no bookmarks or the like, and cheap enough to not care about losing it. Then one can just let border agents look through whatever as much as they'd like, or let them take it and just write it off. Not everyone can or knows to even consider that possibility though. And of course the vast majority never have a problem, so it's insurance against a "black swan event" for the average person (those who suspect they'll be subject to heightened scrutiny legally or not may already do this). It's valuable to note both the exact state of the law and when the practical effect is different.
----
0: ACLU: "If you are a U.S. citizen, you need only answer questions establishing your identity and citizenship, although refusing to answer routine questions about the nature and purpose of your travel could result in delay and/or further inspection." Or later "U.S. citizens have the right to enter the United States, so if you are a U.S. citizen and the officers’ questions become intrusive, you can decline to answer those questions, but you should be aware that doing so may result in delay and/or further inspection".
So the ACLU does acknowledge a practical cost to insisting on your rights, they aren't merely blindly saying "not subject".
https://gizmodo.com/border-agent-demands-nasa-scientist-unlo...
The ACLU is not wrong, if you actually read their actual words. Your case doesn't say what you think it does. From your own article:
>Bikkannavar insisted that he wasn’t allowed to do that because the phone belonged to NASA’s JPL and he’s required to protect access. Agents insisted and he finally relented.
As far as the law is concerned, he voluntarily let them look at it. It doesn't matter if they "insisted", he could have told them to pound sand. They could have kept the phone, but in its locked state it presumably wouldn't be that useful, and particularly since it wasn't merely a personal device JPL's legal department then could have easily gone right after them for it and won. Just because we have the legal right to something doesn't mean there is some magic barrier preventing LEOs from attempting to violating them, or implying the right doesn't exist. They have to be defended by people exercising them and potentially going to court. The very next paragraph states:
>Hassan Shibly, chief executive director of CAIR Florida, tells The Verge that most people who are shown the form giving CBP authority to search their device believe that they have an obligation to help the agents. “They’re not obligated to unlock the phone,” she says.
Right, same as a police officer who asks if they can "look around" or "ask a few questions". They may certainly ask that. You may choose to cooperate. But in general you'd be a fool to do so, and you also may say "no". If they arrest you they were almost certainly going to do so anyway but now they have less to go on and with more avenues to challenge it, and if they arrest you over exercising your rights you have a strong cause of action right there. CBP agents may well ask people this sort of thing all the time, but that doesn't mean citizens must comply.
I've heard of "border" being applied to anywhere 100 miles from an _airport_, but can't find the reference, which would cover like 99% of the country.
https://www.theverge.com/2021/2/10/22276183/us-appeals-court...
"The court held that the government’s policy, described above, does not violate the Constitution. Border officers can continue to perform advanced searches without a warrant or probable cause and can perform basic searches without reasonable suspicion that there may be a violation of law or a national security concern."
I think that's just as weird a development and worthy of "WTH?" as this topic.
At that point in time, they were still having humans in the loop, and I got a different kind of funny look from the customs or immigration person I spoke to some minutes later.
I got a third kind of funny look once we were allowed back into the country from my highly unamused wife...
In Australia it's an autogate with a face scan for citizens and PR's, you only deal with a person if it can't identify you, which is rare.
Held the kid up to the camera and boom - full name and DOB pops up.
Pretty clear the facial recognition tech works well, but I also wonder if there is backend matching with passenger lists as well.
It's not a technical problem.
1. end-to-end encrypt a cloud backup
2. Securely wipe the phone.
3. Install OS in travel mode, which means no local data is forced and at best kept until restarting phone. Hardware enforcement of ban of updates including firmware and OS, unless system wiped. With a visual unique easily recognizable “code” to tell if the current “travel mode” was over rewritten; for example, unique consistent computer generated recognizable human face is shown on reboot until being reformatted and is different every time phone is reformatted.
4. On reaching known safe point, phone wiped, OS installed in non-travel mode, backup installed.
If there’s no data or way to root the phone, it’s meaningless effort and would no longer even be done at the border; they might find another route to get data, but current issue would no longer be a viable route.
— to be fair, I did mention multiple-logins, but to me that was intended to mean additional features/options, not a replacement for the core issue of forced access to devices/data at predictable chock points like border crossings.
[0] https://www.nbcnews.com/news/us-news/border-patrol-says-it-s...
It is my understanding that if you are American and are trying to enter, they can't stop you from coming in indefinitely, is that not true?
They can't prevent Americans from entering the country.
- Alternatively you can backup the pairing records from your laptop somewhere to be able to put them on a new laptop
- Alternatively you can configure your iPhone to e.g. backup photos and so on to icloud, and then if you ever lose your laptop you can wipe your device and restore the data you chose to backup
I still don't want to get my phone taken on an US airport and returned an hour later with God knows how many viruses that even Apple wouldn't be able to detect on my iPhone.
It's not about having something to hide. It's about not liking it when people poke their noses in your business without you being a criminal. And no I don't think installing backdoors on each device "to catch the criminals more easily" is a solution at all.
When you are disturbed by having your phone searched, what is happening is that the balance has shifted a bit against your favor, and you subconsciously realize that your position is not as safe as it once was. But it was never truly safe, just stable in a certain point and time. The fact that you are not a criminal is irrelevant, because respecting or not respecting the law is very relative. The mental separation between the criminal and the law-abider is fictional in that both are just on a spectrum of usefulness and loyalty to the State.
OTOH, without the state, you have anarchy, which is inevitably and quickly filled by warlords or criminal gangs controlling whatever geographic and/or economic territory they can. The security situation in relation tho them is even less good, and you don't get nearly as much good infrastructure.
So, it's important to keep in mind the broader context and what really is a lesser of evils.
Unless, of course, you can point me to the magical stable stateless advanced society where I can go live... (srsly, it'd be great)
Oh yeah, I am painfully aware of the power imbalance and that we're left alone simply because the powers that be don't have the resources to pick bones with each and every one of us. No other reason. If these things can get automated -- robot/AI security personnel -- then I am sure they'll start searching everyone's devices because it'll be practical and quick for them.
As mentioned above, I am a fairly average citizen and like 99% of people I just want to go about my business without being disturbed. I am social, easy to put a smile on my face, and fairly casual in my demeanor. I discovered this works really well with figures of authority -- they automatically write you off as harmless and leave you alone.
Still, I dread the thought of having to divulge that I have a collection of erotic pictures and even some copyrighted material in my photo gallery (e.g. small snippets from movies). If somebody wishes me harm they can absolutely do it -- sadly.
And that's the part that's not OK. The rulers want us always guilty of something by default. Sigh.
Absent this, one of three conditions exist;
1. There is no monopoly. In which case violence is widespread, and there is no state.
2. There is no legitimacy. In which case violence is capricious. This is your condition of tyranny (unaccountable power).
3. Some non-state power or agent assumes the monopoly on legitimate violence. In which case it becomes, by definition the State.
The state's claim is to legitimacy. A capricious exercise would be an abrogation of legitimacy
Weber, Max (1978). Roth, Guenther; Wittich, Claus (eds.). Economy and Society. Berkeley: U. California P. p. 54.
<https://archive.org/details/economysociety00webe/page/54/mod...>
There's an excellent explanation of the common misunderstanding in this episode of the Talking Politics podcast: <https://play.acast.com/s/history-of-ideas/weberonleadership>
The misleading and abbreviated form that's frequently found online seems to have originated with Rothbard in the 1960s, and was further popularised by Nozick in the 1970s. It's now falsely accepted as a truth when in fact it is a gross misrepresentation and obscures the core principles Weber advanced.
As an American, I couldn't agree more.
It's been a while since I've been outside the US, but given how so many (not least of which is the US) countries are doing intrusive things with mobile devices at the border, I will most certainly back up (nandroid, which I do anyway for backups) my phone and flash a stock ROM before leaving the US.
Upon my return, I'll restore my backup and pick up where I left off.
Not because I have anything very interesting (to law "enforcement", or anyone other than me for that matter), but rather because my business is my business and no one else's.
on another note: lets talk about how one would go about keeping ones privacy intact aka having a party in the capitol.
1. will they be able to get into my cryptrooted pinephone / hdd in those 5 days? 2. if not will this only make them more angry and privacy penetrating?
No it's not. It's very easy. I do it all the time using adb.
> will they be able to get into my cryptrooted pinephone / hdd in those 5 days?
They don't need to. They can take a binary image of your encrypted partition(s) and take all the time they want to break into it later. Assuming they're sufficiently motivated.
In other words: this isn't a technical challenge, either you comply and give them your private stuff, or you're not going anywhere. Maybe you can con them into giving a 'public' part of the phone and pretending that's all there is, but again, that's social engineering and not a technical challenge.
We are simply not allowed to have privacy and also live a meaningful life. Everything we want to do now requires us to surrender our privacy. Transact with money, see a medical professional, travel internationally, etc.
One of the fundamental functions of a country is to regulate input/outputs at the border.
There are so many disastrous problems that arise from the elimination of a border, that I question whether such a suggestion is ever even made seriously or made by sane people.
These things are happening from some years now and besides some isolated reports everybody seems very happy.
Ie. You pay a substantial fee for permission to cross the border. Once the fee is paid, it's unlimited border crossings for life. For example the fee could be $5000 + 5% of your total wealth.
The fee reduces immigration and limits it to the rich, who you probably wanted to allow in anyway. And it costs about what people traffickers currently charge, but the government gets to keep the revenue.
But hey, just add the US to the long list of countries like Canada, UK, Australia, etc, etc, etc.
Maybe we can come up with a positive list of countries that won't search your phone at the border?
edit: It was the Signal founder. https://appleinsider.com/articles/21/04/21/signal-hacks-cell...
You're describing a (digital) booby trap. Since you're knowingly targeting law enforcement officers, I'm not sure legal theory factors into whether you could get away with it in practice but even theoretically the answer is probably no, that's a computer crime.
1. Have a reasonable amount of emergency savings (6-8 months of expenses stored).
2. Have someone in-country who isn't traveling with you who can make sure your bills get paid (financial power of attorney).
3. Apply for Global Entry, which pre-clears you for border crossing.
4. Turn your phone /off/ when you land (usually a 15-20 minute walk to passport control in most airports). Powering off is important.
5. Refuse to provide the password, refuse to unlock. Provide all relevant travel documents and customs declarations, and allow free inspection of your baggage.
6. Wait... depends on the agent. Longest I've been detained was 2 days, most of the time they hem and haw for an hour or so and let you go.
7. Go on with your life.
Step #1 and #2 is in case you get arrested, which will almost guarantee losing your job, at least for right then. Since you can clearly establish no priors and that you aren't a flight risk, getting bail and then finding another job should be relatively easy to do within 6-8 months for most of the HN crowd. Also, invest in pre-paid legal.
Obviously, this is assuming things go mostly okay and you don't get murdered at the airport, however the realistic probability of this occurring is fantastically low (these types of crimes are almost always committed in the US by local law enforcement, not federal law enforcement, as feds undergo much more stringent requirements and aren't just your high school bully drunk on power with a gun).
Steps #1 and #2 you should be doing anyway, just out of good financial sense. Step #3 you should do anyway if you're traveling internationally regularly just to make your life easier when black swan events don't happen. And Step #4 you should do EVERY time you are about to let your phone out of your possession, whether involving the government or not, because it prevents most forms of attacks against an encrypted device and disables biometric unlock (which can be coerced/forced/done when you are dead).
The hardest step is honestly #7, because after what I've experienced in my travels (and let me tell you, the US CBP is MUCH MUCH more professional, courteous, and reasonable than many many other countries), nobody really believes you and there are way too many people that are apologists for the powerful. Governments, pretty much universally, suck. The only difference between whether you personally experience the suck or not is whether or not you happen to get randomly selected or fall outside the bounds of what the government expects of you. There is no requirement that you do anything "wrong" in either the moral or legal sense, to end up stuck in the suck. Embrace the suck early if you plan to exercise your rights, because doing so will bring the suck on to you full force, but if you're the self-righteous type at least you'll get some sense of satisfaction out of it.
No one's private data should be taken without a legitimate cause, no matter their nationality.
It not at all evident that it is illegal for the US to summarily execute US citizens without trial if they are outside of US borders. The data protections of Europeans are without question non-existent. Europe would be upset if we did it anyway, since Europe depends on us to bypass its own domestic spying restrictions.
Our rights and freedoms do not come without struggle. And they sure do not last without somebody constantly defending them. And it’s only bravado to assume that we can stand against the might of federal agents as individuals without dedicated organizations fighting for us.
Please donate to ACLU - as much as you can.
https://whyevolutionistrue.com/2022/01/30/the-aclu-reverses-...
What other organisations do you donate to along the same lines?
Much of it's quite silly in the era of technology and current society scales anyways where most the nonsense they could be concerned about being on your personal phone in terms of data can be conducted right inside the border without ever leaving. So the excuses for cloning phones and archiving data outside of another loophole that let's them spy on US citizens are pretty limited. Anything on your phone they could be concerned about can be archived, encrypted, and tucked away somewhere on the internet that's far less tracable. So what information do you really need? Outside of the really stupid criminals (who will eventually learn to be more sophisticated and evade these approaches), what do you expect to catch?
Preventing this practice should be a no brainer.
I'm guessing my corporate compliance team will not be pleased if I tell them someone made copies of all the companies data...even if it is uncle sam.
Like what does one do in that situation? Can't really agree. At the same time US border staff is not known for their understanding nature when it comes to saying no.
There are stories online of people having a "travel" laptop where they fill their USB/Thunderbolt ports with epoxy or similar to prevent device connections by anyone not just at border crossings.
(And no, it's not my main phone, Pixel 5a with GrapheneOS is my daily driver)
Citizens are suspects. Tourists are terrorists. Everyone is a potential criminal in the land of the free.
Turns out the phone number he was assigned had previously belonged to a drug kingpin's burner phone or something like that. When my friend got a new phone and ended up with the number, he made calls from the US to Pakistan because he was going to attend a friend's wedding there. The authorities saw these things and at some point contacted the owner of the phone (the company) to try to figure out what was going on.
It's a great overview of digital privacy and protection laws in the US, how they came about, and what protections they actually offer. The short answer is "very few" and the long answer is "never ever ever turn over your data short of a court order and even then try to fight it."
Then with Third Party Doctrine, most of the few/limited privacy/warrant rules go out the window.
Also, I'm not a lawyer.
So if the AI has me marked as a person of interest and they seize my phone at the border, it won't be a good day for me. Am I just being paranoid and lacking perspective because I have never been a parent who spends a lot of time with naked children ? Is this so common that I shouldn't be concerned ?
Based on the fact that you are concerned, I’d say there is some agent out there that would flag it and ruin your / the kids’ lives, etc.
The mid-level consumer tech I have access to takes a most of a work day to copy my wife's 80GB of iphone 7+ data to a flash drive.
Based on this, I doubt they have some sort of magic thing that will just copy everything on your phone as you pass through a checkpoint.
Do they hold you until the copy is done?
Or do they have some super fast thing that works on every device?
Honestly curious.
Edit— From the photos posted further down thread it seems like they’re armed with every imaginable dongle...
Also, make sure the device doesn’t have any credentials (especially avoid work SSO, Google and Apple credentials) on it, or things like signal, iMessage or RCS installed.
I put up a fuss and almost missed my flight, but they took both my laptop and cellphone into a back room with about 5-8 other people on my flight. Made me unlock of course.
Here is the pamphlet they let me take… saved and documented. They take down hardware addresses and more, and would not allow lawyers on the scene or for me to witness their search. Here are all the pages of the pamphlet:
As a tech worker and privacy advocate for all I was rightfully not thrilled. I still need to buy new hardware, I had no idea this was the case as far as data storage and 15 years but figured they probably upload malware and all that fun stuff. Neat. I have been a citizen my whole life.
Reading through the comments now, I am glad I learned a little. If they pull the stunt again I will happily deny and wait however long and just rebook a flight and maybe hire a lawyer. It’s a gross abuse of power.
It makes the NSAs Utah data center to have other applications like parallel reconstruction.
I recently had a long discussion with CBP about my Canadian passport showing a US birthplace. Under a repealed section of the INA my US nationality lapsed some half a century ago and I suspect a call was made to the Port Manager. Since then my entries have not discussed this point which leads me to suspect their system has been updated.
The current question is your plate number (already displayed by the camera). You need written permission from the vehicle owner to cross the border, even if the owner is family.
Border officers may also have quotas for more thorough examinations.
I remember a lawyer on radio saying that they take "naked" laptops across the border.
Most definitely DO NOT cross ANY border with anything that in the most remote possibility would trigger the interest of customs.
To sanitise a phone or tablet, fill it with dashcam video, encrypt and factory reset. Then set it up with a fresh Google or Apple ID.
Maybe leave your sim card at home.
Having repartitioned a tablet, I discovered that there is a massive amount of hardware data in partitions that most people are totally unaware of.
https://www.congress.gov/bill/117th-congress/senate-bill/295...
Or, target the data storage center directly. I guarantee that someone in their custody chain is dumb enough to click a fake email link or visit that hijacked site to download code that wipes their data center drives. You only need to be lucky once to put them back at square one.
Or better yet, someone could create a repository of shitty memes that can be downloaded to your burner phone before you travel. Just grab a bunch of "Yo' Mama" memes and let the agency hacks waste all their time reviewing the same well-worn collection over and over. The more boring the better.
Has anyone that this happen by US border patrol? What are the specifics?
"Would you like to download your phone backup at 2010".
I've lost a phone back then and lost a lot photos in it.
Sorry, I meant to say Google.
I'd rather that complication than have some 'roid-redneck at the border capturing data that's really none of their business.
Don't say nobody told you so.
Did much of the progress in the past that led us to today's democratic institutions involve law-breaking, strictly interpreted, of the law of the day? Would too-effective, too-cheap enforcement have prevented that progress? I know little about history, but I suspect so.
Enjoy guys, you deserve this!
Mobile device file systems, etc, have changed a lot during that time. 15 years ago Blackberries were the big mobile thing.
Can you easily store data from a 2007 Blackberry on the same disk as an iPhone 14?
People can get detained, deported and humiliated for no reason and with no resource. Specially foreigners trying to go through.
If you can revoke consent for "legitimate interest", it's not legitimate interest. Legitimate interest is a legal basis for collecting and processing data without explicit consent (i.e. it's an alternative mechanism to explicit consent and you can merely inform the user of it, not ask them to consent to it). If you can opt out, it's not legitimate interest. And if it's not actually legitimate interest, you have to make it an opt-in option like the other consent prompts, not an opt-out (tho at least this site doesn't make you select them individually).
I'm not sure what marketing firm convinced publishers they could use "legitimate consent opt-outs" as a fallback for the consent many people probably don't opt in to, but their advice is flat out wrong at best and illegal at worst. They'd be better of not providing a detailed consent popup than doing this because the former at least allows them to claim ignorance whereas this clearly demonstrates an attempt to circumvent consent requirements. Not to mention the current state of the law explicitly requires them to provide both "opt in to all" and "opt out of all" options without additional clicks and dark pattern shenanigans (i.e. they have to be equally prominent and the same color and design).
Also if you find these popups annoying keep in mind that there's literally no legal requirement to have a consent popup under the EU GDPR. You don't even need one if you use cookies. The only reason these sites need them is because they use third party embeds, resources and scripts that set non-essential (e.g. tracking) cookies or want to record/process user data (e.g. for targeted ads). It's the death pains of a failing business model that's making this annoying for you, not the law.
Right now, from a steganography standpoint, there's no real way to be secure from this sort of thing. US Customs, or another country , from a tech standpoint. Yes, the cloud, though not everyone will have resources to access enough space online to keep their data secure - or be able to properly make a usable copy or image of their device that includes every aspect of their device, for a complete , fully restore later
-Why aren't there more plausible deniable, or just, stealthy encryption options? It appears, there's nearly NONE today for these advanced used cases.
Veracrypt is known for it's hidden features -but those are ...dangerously approaching obsolescence. Their Hidden OS option- ONLY works if you've formatted your system to MBR, not UEFI- otherwise you can't use the Hidden OS option. Are you telling me for every laptop you buy form here on out, you'll format it to the old MBR standard to use the Hidden OS option for your personal laptop that you want to take on a trip- or need to?
And sure, you can just put important data in Hidden Volumes as a fallback- but then you come to a common fight today in the tech world of system vs file level encryption. And sure, just hiding what is most crucial, is perhaps better form a standpoint of sneaking by- but is it truly now impossible to hide everything else that's not as important, by default? Furthermore, you have to wipe traces of the material's location where it was BEFORE you copied it into the hidden volume. Did you also eliminate all traces? Windows Shellbags are a thing, that nearly no one knows will be a smoking gun..
Veracrypt doesn't work on Mac or Linux with it's Hidden OS option, just volumes.
There was a really promising advanced system being built - here, and it was even presented at a blackhat conference i think https://portswigger.net/daily-swig/russian-doll-steganograph...
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectl...
But i've heard nothing since- and right now, all your data will be at risk from your computers ,phones ,and tablets, when you go through Customs- even if it's encrypted, they'll hang on to it, and image and copy the data. If you refuse to provide encryption passwords, they'll potentially keep it and not return it to you in all cases. This is where the deniable systems would come into play- where you'd be okay, if they just unlock it. Now if they plug it in and image it regardless, you're at risk because theoretically they could be running exploits on your device(they won't let you watch them imaging it so you can'tverify that ever)
-encrypted data will be unreadable here, but it's not as good as if they can't tell it's hidden, from a imaging point when they plug in a Cellebrite or Greykey device and have it run it's exploits to get everything.
And i do not see the Forensic Security community often giving recommendations on what it takes to get around this, i think this leads to the public being at the mercy of officials-
This will become very destructive also, as this will become a precedent. Imagine Southern States checking devices like to look for evidence of abortion information-searches, for example. Imagine Abortion getting federally banned, and then customs checking for mentions of abortion .
- Technical solutions aren't a full solution, as the EFF loves to hamper on- but it appears everyone has given up with efforts to even provide them. I suppose if you want to stand a chance, you need to go become a expert on disks, and forensic techniques , in order to then even have a chance at experimenting on how to get around that- and if that sort of privacy ,security, and plausible deniability cannot be brought to the masses at large, the way Signal did for encrypted communications, ...
If it is, why the hell hasn't the broken constitution been fixed?
This is fascism.
