Rendered at 23:08:50 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
chrsstrm 1 days ago [-]
This directive was issued in January of this year, what is relevance of being posted today?
I love all the instances where it says, we will not do this or infringe in this way... unless it is a matter of national security, which we don't have to disclose to you. So basically, do what you want as long as you write it up properly.
And this part:
5.3 Review and Handling of Passcode-Protected or Encrypted Information
5.3.1 Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device that is protected by a passcode, encryption, or other security mechanism, an officer may request the individual's assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents. Passcodes or other means of access may be requested and maintained for the duration of the search if needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device that is being inspected or has been detained, seized, or retained in accordance with this Directive.
I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device, which is why I always powered mined down before crossing. That goes against the obligated to present devices in a condition that allows inspection portion.
dylan604 1 days ago [-]
> I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device, which is why I always powered mined down before crossing.
Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US. If you're a citizen, they can't deny your re-entry. They can delay you for however long and ruin your day and even keep your devices, but you get to go home.
huslage 1 days ago [-]
It ONLY applies to citizens. The CBP cannot deny an American citizen entry into the country for any reason. They cannot compel a citizen to unlock their devices. All bets are off for non-citizens, sadly.
LocalH 23 hours ago [-]
> The CBP cannot deny an American citizen entry into the country for any reason. They cannot compel a citizen to unlock their devices.
Don't worry, they're working on ending birthright citizenship
mixdup 19 hours ago [-]
They can't prevent you from entering the country. You do not have an unlimited right to bring items into the country with you, though. They can absolutely prevent you from bringing your phone across the border if you decline to unlock it
kelnos 18 hours ago [-]
> They can absolutely prevent you from bringing your phone across the border if you decline to unlock it
Under what grounds?
mixdup 2 hours ago [-]
Customs law? You have an absolute right to return to the country as a citizen. You do not have an absolute right to bring whatever you want into the country, even as a citizen so they can search your belongings to see if you are carrying contraband. It's a different set of rules than if you're just on the street already in the country, crossing a border customs has a lot of leeway
I'm not saying that I agree with it, it's just the way it is
laken 16 hours ago [-]
The directive linked in the literal OP you're commenting under. (section 5.41 in that directive)
NoImmatureAdHom 21 hours ago [-]
Actually, I'm not sure they can compel non-citizens. If you want in, you might have to give them the keys. But if you would rather not enter, would they compel on pain of imprisonment?
The U.S. isn't China or the UK.
piva00 15 hours ago [-]
In my experience going through the border in China is more pleasant than through the USA, never had a hiccup in China while I've been detained for hours without contact with the outside going through a transit in JFK.
NoImmatureAdHom 3 hours ago [-]
The vast majority of people from the developed world have no problems going through any border in the developed world. Your experience is probably representative, but that's not what we're talking about. My understanding is that de facto you have no rights at all in China. The Americans take this sort of thing very seriously, which is why it's in the news and talked about. Some guy gets imprisoned for 37 days for a meme (and is subsequently paid $835k by gov't for his trouble) and it's all Greg Lukianoff can talk about. [0]
Yet Japan, a country the West fetishizes regularly, routinely jails people for 20 days with no contact or even any charges at all, often ruining their lives, while desperately trying to force a confession no matter how innocent you are, then (hopefully) turning them loose, and not many people seem to care about that.
ndsipa_pomu 13 hours ago [-]
UK citizen here and I've never had any issue with flying in/out of UK with several electronic devices (phone, laptop, tablet, steamdeck etc). Never even been asked to power them on or demonstrate them working (i.e. to show that they're not a bomb disguised as a laptop) and don't know anyone else that's had any hassle getting back in the country. I've been selected for being swabbed for explosives a few times though, but even that only takes a minute and is hardly any inconvenience.
In my experience, Australia was the most difficult country to get into as they are (now) very careful about bringing in any plant seeds or fruit, but the security staff were very friendly and helpful. I had to spend a while explaining that I did have some bananas in my bag previously which was why the cute sniffer dog was interested in it.
mrkstu 9 hours ago [-]
Australia is annoying. Israel is by far the worst- UK is bad in theory since they can jail you to compel an unlock, but obviously is going to happen to a vanishingly small number of people…
chopin 12 hours ago [-]
Same experience with Australia. Japan is very painless, as well. Friendly, helpful staff on both.
NoImmatureAdHom 3 hours ago [-]
Your personal experience is probably representative in that invasive searches happen to very few people, but that's not the issue at hand. The fact remains that the British will imprison you for refusing to decrypt your stuff (or for refusing to answer their questions):
Spiteful border agents is not a new thing (I love the URL shortening).
gruez 1 days ago [-]
>> I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device
>Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US.
That's exactly what "you could not be compelled to unlock an encrypted device" means? You won't get sent to the gulag for refusing to, but entry into the US was always conditional with very little room for recourse if the border agent doesn't like you.
dylan604 1 days ago [-]
Not really sure what you're arguing, but it's not an answer to my question
gruez 1 days ago [-]
You don't "have to", but they can deport you and refuse entry in the future in retaliation. It's a variant of the TSA not being able to "compel" you to a search, but they can refuse you from flying.
two_handfuls 24 hours ago [-]
The question was: "Does that apply to non-citizens?"
Saying "they can deport you" without specifying whether the hypothetical "you" is a citizen or not means you did not answer the question.
Not that you have to answer a stranger's question, but I thought I would clear the confusion in the hope it may be helpful.
gruez 24 hours ago [-]
The premise (non-citizen) is in the question and doesn't need to be repeated. C'mon, this isn't grade school where you have to answer questions by first restating the question in its entirety.
dylan604 23 hours ago [-]
No, but even in grade school, the teacher would get the student to actually answer the question when it is clearly being evaded. Or maybe put the student's name on the board for wasting everyone's time for being obstinate.
TylerE 12 hours ago [-]
Seems to me you're the one being evasive here.
dylan604 9 hours ago [-]
How am I being evasive when I'm the one that asked the question? Gawd, how I love the interwebs
DANmode 24 hours ago [-]
They can lie, and pretend you’re uncooperative,
or that their investigation took longer than the duration until your intended flight,
but, no, they can’t legally refuse you from flying without cause or suspicion.
1 days ago [-]
testing22321 23 hours ago [-]
> but you get to go home
Not always.
They must admit you, but they can arrest you one second later
kelnos 17 hours ago [-]
They still need to charge you with something. If they can't, they can't hold you.
Yes, I know, they can theoretically do whatever they want, but realistically it would take the most spiteful of spiteful agents to arrest you without cause (just because you refused to unlock your device). Just the act of doing this would create a lot of extra work and paperwork for the agent that most of them are not going to want to deal with. Plus, asserting your rights is a sign to them that you aren't a pushover and aren't going to get trampled on easily. The bullies prefer easier targets, usually.
testing22321 17 hours ago [-]
Cue all the people that get thrown in jail for 48 hours without being charged at all, or those arrested for resisting arrest… for resisting arrest.
phoronixrly 1 days ago [-]
I think assuming that the CBP will adhere to the law is based on a pretty outdated mindset. I'd say at least since the current management, but more likely since 9/11...
thankyoufriend 1 days ago [-]
I'd even call it a delusional mindset. For context, CBP and ICE were both formed in 2003. Jenn Budd has several books on this topic if you want to understand why a growing number of people want to abolish CBP, ICE, and even the entire DHS, which itself was formed only a year prior in 2002. These are very recent organizations in our nation's history, and if we're fine putting things like the Dpt of Education on the chopping block, why not DHS?
asveikau 18 hours ago [-]
I personally remember that people were calling the DHS a mistake since 2002. I also, as a DC native, was utterly shocked when I first heard "normies" taking DHS seriously as an entity. A friend mentioned DHS was hiring, and I thought to myself ... "wait, but isn't that place bullshit?" Among a certain set of people, it had a bad reputation from day one.
bdcravens 1 days ago [-]
> what is relevance of being posted today
Not sure about today specifically, but it is pretty relevant with the World Cup starting in 2 weeks
airstrike 23 hours ago [-]
> This directive was issued in January of this year, what is relevance of being posted today?
The best time to plant a tree is 10 years ago. The second best time is today.
mtremsal 1 days ago [-]
I think the context is just mass international travel due to the US hosting the World Cup, no?
1over137 21 hours ago [-]
co-hosting
sokoloff 21 hours ago [-]
I read “may request” and “may be requested” quite literally. They may request it, but it doesn’t say providing it is compulsory.
I have nothing to hide, but still no intention to provide my passcode.
natch 18 hours ago [-]
If you have any friends or contacts or family who have ever shared any private information with you of any kind (phone number, address, photo, private opinions, etc.) you damn well have something to hide.
sokoloff 8 hours ago [-]
That was a callback to "if you have nothing to hide, you have nothing to fear." Even if that didn’t land, I think it's clear from the rest of the context that I don't intend to provide my passcode.
NoImmatureAdHom 21 hours ago [-]
They can't compel you to decrypt anything, and powering down is a good idea.
There are consequences for not decrypting, though: for a U.S. citizen, they can seize your stuff for up to 5 days. For non-citizens, they can elect to not let you in.
Concerning "obligated", I would point out that regulations aren't laws. Governing bodies can say whatever they want, but that doesn't make it so. For instance, the TSA continues to publicly insist that ID (especially "Real" ID) is required to fly within the U.S., but it's not.
bananamogul 19 hours ago [-]
"For instance, the TSA continues to publicly insist that ID (especially "Real" ID) is required to fly within the U.S., but it's not."
Explain, please, because you seem to be implying that someone can board a plane from New York to LA without being legally required to show any identification.
kelnos 17 hours ago [-]
I lost my ID once around 15 years ago and was able to board my return flight just fine. I had to get to the airport early because I -- correctly -- expected a longer, personalized security check, but I was on my flight on time, as expected.
Yes, things have changed in that time with regard to the zealousness of the TSA, but the laws and regulations behind them have not.
eff-nix 8 hours ago [-]
My friend drunk drove and crashed, the cop —correctly— gave him a long talk about how that’s a bad call, then let him off. Does that mean drunk driving is now legal?
eff-nix 18 hours ago [-]
If you tell the TSA you’re a sovereign citizen for 15 minutes they’re legally required to let you fly.
NoImmatureAdHom 3 hours ago [-]
You have the right to travel without ID in the U.S. The TSA may demand it, and may tell you it's legally required, but that doesn't make it true.
"In fact, the TSA does not require, and the law does not authorize the TSA to require, that would-be travelers show any identity documents. According to longstanding practice, people who do not show any identity documents travel by air every day – typically after being required to complete and sign the current version of TSA Form 415 and answer questions about what information is contained in the file about them obtained by the TSA from data broker Accurint…."
Further down, paragraph 5.3.3 says they could detain your phone if they could not bypass the passcode. What are they checking. How many times I read memes making fun of El Leader?
crm9125 1 days ago [-]
[dead]
itstotallykyle 1 days ago [-]
It's wild, I have worked internationally for a long-time and the rule when going to certain countries was bring a burner device. Going to China essentially meant the device was nuked on return to the States, now it is the same feeling to/from the US.
abujazar 1 days ago [-]
That's exactly what European governments and corporations will have to start doing. Adding the US to the same list as Russia, China, Israel, Iran etc.
Caarticles 1 days ago [-]
The list of countries where you need a burner phone will likely grow longer. Canada, Australia, UK, some developing countries, etc...
jandrewrogers 1 days ago [-]
Governments maintain formal lists of countries for these types of things. I think people would be surprised how many diverse countries are on the formal lists. A number of European countries have been on them for years.
antiframe 19 hours ago [-]
I would like to be surprised. Can you share a list?
866-RON-0-FEZ 1 days ago [-]
Australia's been doing this forever.
smdyc1 1 days ago [-]
We have? My international relatives have never been searched to that degree, if at all.
That said, the whole thing is overreach in any democratic society.
TimJRobinson 8 hours ago [-]
I've had a full shakedown at the airport in Brisbane asking for passwords for phone/laptop and they will confiscate for 2 weeks if you don't comply. I'm an Australian citizen. They also didn't let me call anyone so my wife was left waiting for 3 hours wondering where I was.
866-RON-0-FEZ 24 hours ago [-]
I've binge watched enough Australian Border Patrol videos to know that:
1. You don't fuck around with Australian customs agents. Ever.
2. They make every other country look like complete lightweights, Americans and EU included. These guys will fine you AU $500 for half an eaten apple in your bag.
angry_octet 24 hours ago [-]
They may fine you for attempting to import a plant, but they won't imprison you in El Salvador for having liked a meme they don't like on US social media.
jscho 23 hours ago [-]
They're fined because they lied on their declaration forms. Our customs agents are generally pretty fair and reasonable, but they do take their jobs very seriously.
Tip for travelers to Australia/New Zealand: If you have something that is stated on the declaration form, just answer yes. Provided it's not some totally illegal substance, they'll inspect the items and if it's not allowed past the border it'll be seized without penalty. Someone will correct me if I'm wrong, but I believe in some few cases, you can even pick it up on your return.
If it's something like large amounts of cash, goods, alcohol or cigarettes, you may have to pay a tax or import fee and answer a few questions. Just don't be a dimwit.
smdyc1 23 hours ago [-]
Yes, it's a basic function of any customs and quarantine organisation. Australian Border Force don't care if you have memes mocking our PM or DJT. Inspection of electronic devices only happens when there's evidence of a crime.
23 hours ago [-]
kelnos 17 hours ago [-]
> These guys will fine you AU $500 for half an eaten apple in your bag.
That seems entirely appropriate, no? Produce crossing international borders like that can be a huge problem.
Spooky23 1 days ago [-]
Read the stories about people who actually have this happen. You can usually figure out why they are targeted. That may not be just. But it is.
Customs agents are always given broad discretion and generally care about something.
Most normal folks will never intact with these issues. The last time I travelled internationally, they weren’t even doing secondary customs screening upon return to the US.
gonzalohm 1 days ago [-]
Someone should make an app to offload all your data to a personal cloud before going to the airport and then reload it into the phone after going through customs
bdcravens 1 days ago [-]
In the case of Apple, couldn't you reset the phone, sign in to a backup iCloud account, and then repeat the process with your real account once you're clear? Not a fast process, but most people have GBs of personal data so nothing would be quick anyways.
gonzalohm 24 hours ago [-]
In theory that could work (although I have never owned an iPhone) but usually there is stuff that doesn't backup (specially settings for apps, logged accounts, etc.) and it becomes tedious to have to sign in manually.
Ideally we should be able to just snapshot everything and then restore from that state. Kind of like EC2 or Digital Ocean
angry_octet 24 hours ago [-]
It's impossible to log in with just a password, you need to okay it on an Apple device. If ICE has that Apple device and a person who knows the password they can do the same.
Also they'll detain you for having a suspicious burner phone and interrogate you about your social media etc.
ZiiS 1 days ago [-]
All backup apps work, no special requirements. Seedvault for my LiniageOS.
XorNot 1 days ago [-]
They don't work well in my experience.
What I want is to get my home screen back exactly as I left it: I've not found anything able to pull it off on Android though.
Ideally it would be an exact flash image of the phone.
ZiiS 30 minutes ago [-]
NANDroid dose the exact flash image, but with modern hardware rooted encryption it stopped being useful.
ZiiS 33 minutes ago [-]
I agree they could be better; though I do get my home screen restored.
stavros 1 days ago [-]
Adb backup exists, though I haven't tried it, and Google cloud backup does this. However, if you trust Google, you probably already trust the US.
Unfortunately, I don't know of any other app that does this on an unrooted phone.
tgsovlerkhgsel 17 hours ago [-]
Nothing works on Android. Not even for basic app data. The biggest problem is keystore keys and e.g. bank authenticator apps tied to them.
AFAIK iPhone backups, if restored on the exact same device (i.e. a CPU with the correct decryption key embedded in it) will restore almost everything, including authenticator apps.
The only realistic option for Android is a separate "burner" device.
gruez 1 days ago [-]
>Adb backup exists, though I haven't tried it,
It's very patchy, and many (most?) apps opt out, so it's functionally useless.
XorNot 23 hours ago [-]
Google cloud backup has never done this for me. It seems like it'll restore a whole lot of stuff, but details like getting my Nova Launcher screen back (version pinned to before it was sold - alternatives just aren't good enough yet) or a bunch of the little logins and details has never done it for me.
aucisson_masque 1 days ago [-]
Seedvault doesn't work half of the time.
chasd00 1 days ago [-]
Going to China means your devices are owned when the plane touches down if not before. That’s why you bring a burner device (including laptop and anything else), never log into anything, and throw it in the trash when you leave.
gruez 1 days ago [-]
>Going to China means your devices are owned when the plane touches down if not before.
???
Are American made operating systems (Android, iOS, Windows, Mac) so full of 0days that the Chinese are burning them on random travelers? This just feels like either severe paranoia and/or chinese/american psyop, making people think that China has some magic hacking power.
paulsen 23 hours ago [-]
I wouldn't say your devices are owned, but you should expect being monitored and your communications being recorded.
You could make an argument about the security of the modem of your devices, as that was often a target due to it not being particularly secure and it having wide access to your device, but I believe that started changing some years ago when this started being a more widely reported issue.
1 days ago [-]
eff-nix 1 days ago [-]
[dead]
antman 1 days ago [-]
Had the same guidance for many years for visiting the US given by the large US firm that employed me
simoncion 17 hours ago [-]
I heard that soon after the extent of NSA's domestic surveillance programs were revealed to the public, at least one FAANG changed its US border-crossing policy to those used for countries known to tamper with your computers during border crossings. That is, bring a blank computer that you connect to the corporate VPN and load after you arrive at work on the far side of your trip, let IT wipe that computer before you travel back to the US (or just leave it behind), and assume that computer is compromised if it leaves your sight at a checkpoint for longer than it takes to run it through the x-ray scanner.
So, yeah, savvy companies have had these policies for like twenty years now.
NoImmatureAdHom 21 hours ago [-]
This is cray.
Protections at the U.S. border and within the U.S. are actually pretty good. Much of Europe isn't as good. Hell, the British will throw you in jail for refusing to unlock.
jazz9k 1 days ago [-]
China installs malware to spy on you. The US doesn't do this. Totally different situation.
This also happens in many other countries
gruez 1 days ago [-]
>China installs malware to spy on you. The US doesn't do this.
Source? Are we talking on random travelers, or targeted individuals? I seriously doubt china is doing the former, and I also seriously doubt the US doesn't engage in the latter.
Spooky23 1 days ago [-]
There are many well cited examples.
I believe in politically sensitive areas like Xinjiang it happens to everyone. A past employer gave specific advice regarding Hong Kong as well.
I think the key thing as a traveller isn’t the righteousness of China vs. US. It’s the chilling effect on travel and trade.
We really depend on these devices that have access to vast scopes of personal and other data. That sexy text you got a year ago is still in your text message store and may be a problem in some places.
gruez 1 days ago [-]
If we're talking about targeted hacks, are we sure the US doesn't do this? Is US soil off limits for hacks somehow? What plausible exploits could be done when someone is on US soil, but not over the internet, especially on modern phones where the baseband is isolated?
swiftcoder 17 hours ago [-]
Malware seems somewhat implausible. Why would they bother, when they have access to the carrier logs? Knowing your exact location at all times, and who you communicate isn't enough?
Kim_Bruning 1 days ago [-]
For GDPR reasons alone it's probably not a good idea to take a business phone across certain borders. You run the risk of disclosing customer data to a 3rd party, if only because the customer data in your phone book counts as PII.
So long as only a few countries are doing this, it might seems doable. If everyone starts doing it, international travel becomes rather annoying to say the least. Realistically I think at some point a detente might want to be reached, with everyone agreeing not to search everyone else's electronics.
gruez 1 days ago [-]
>For GDPR reasons alone it's probably not a good idea to take a business phone across certain borders. You run the risk of disclosing customer data to a 3rd party, if only because the customer data in your phone book counts as PII.
Law enforcement refers to EU member states law enforcement and processing by them in their context. But even in the EU controller needs legal basis to disclose personal data to law enforcement inside the EU. Normally that is handled by local law, but it's not carte blanche, that law still needs to take e.g. rights granted by EU Charter in account.
Search by border officers may very well be GDPR breach for that controller if there was data of EU data subjects, but I don't think there is currently any case law around it.
somebudyelse 1 days ago [-]
Don't think this is anything new? Have seen various cases from years ago where they searched texts to determine if the person was planning on working or visiting.
We need a constitutional amendment that says "we really mean it" with respect to the 4th and 9th amendments, explicitly including personal digital data and criminalizing general surveillance. With fangs.
Spooky23 1 days ago [-]
We really need a concept of tenancy in a digital context.
Your personal papers are perfectly safe and subject the fourth amendment protections in your rented apartment. But most digital materials are considered to have been shared with a third-party if you store them on Google Drive.
My feeling about this stuff personally is that the biggest issue is that stuff that happens in electronic devices is different in a modern sense than what anyone intended in the past. If you could figure out a way to make my personal property as it exists on a foam or another device, the same as the personal property that’s in my desk at home or the trunk of my car then technology would be able to solve a lot of these problems. I think the custom thing is a more nuance conversation. I don’t understand the theory of it enough, but intuitively it seems ridiculous that a CBP officer has the ability to legally go through 30 years of my pictures in my Apple album because I happen to be crossing a border.
tptacek 1 days ago [-]
The border search exception was designed by the framers.
themafia 1 days ago [-]
The collection act originally was intended to apply to merchandise and merchant ports. The concept was judicially expanded upon in 1925 but wasn't fully ensconced into federal law until 1952.
tptacek 24 hours ago [-]
At actual border crossings, the practice at the time of the framers was that warrantless searches/inspections at border crossings were normal and permissible.
simoncion 17 hours ago [-]
At actual border crossings, the practice at the time of the framers was not to carry along all of your private correspondence, business records, reading lists, and so forth. Related to that, given the complaints that started the war, I'd strongly expect that in Washington's day it was not permitted to perform unwarranted searches of one's sealed correspondence going through the US Post. [0]
As the ability to perform surveillance on members of the public expands, laws and regulations must be reconsidered with these new capabilities in mind if just outcomes are to be maintained. Laws, regulations, and punishments that were just and reasonable when one expected to learn about and prosecute one offender in -say- a million are likely unjust and unreasonable when one expects to learn about and prosecute every single offender. [2]
[0] See also Section 16 on numbered page 236 of [1]
[2] Yes, there are offenses -such as murder- for which this doesn't hold. I'd expect that these are the minority of offenses.
tptacek 9 hours ago [-]
I'm not saying that iPhones and computers don't challenge the premises of the border search exception, only that those searches don't by themselves represent some decay of the Fourth Amendment.
userbinator 1 days ago [-]
The legalese is thick but this is a notable point I saw from a quick skim:
5.3.2 "Passcodes or other means of access may not be utilized to access information that is only stored remotely."
rockskon 1 days ago [-]
They will be disruptive to your life if you, as a U.S. citizen, refuse to unlock your phone on the U.S. border. But it is my understanding they cannot constitutionally mandate you provide a passcode to unlock your phone. But they may confiscate your phone from you.
geekone 1 days ago [-]
looks like they can request your passcode to unlock the phone so anything local and/or cached before they disable network connectivity would be there.
maerF0x0 21 hours ago [-]
This is an element of 1Password's travel mode, if i understand it correctly...
KennyBlanken 1 days ago [-]
That's not notable at all given a lot of content is synced to the device, not even counting temporary and cache files.
userbinator 1 days ago [-]
It's notable in that I've seen an increasing number of companies where employees are essentially given a thin client to connect to a remote server for work, and are sometimes even prohibited from transferring that data out of that environment to the local machine.
Spooky23 1 days ago [-]
Yeah that’s really critical if you use O365, as the encryption terminates in each local jurisdiction and is in cleartext on that front end device. So if you connecting in Germany, you’re hitting a front end in Germany or at least the EU, and so forth.
One easier way to do that is to use a Chromebook Public Session with a VPN, then connect to SaaS or a hosted desktop in your jurisdiction.
natch 18 hours ago [-]
This kind of device access also affects others whose private information is shared privately on the device of the traveler.
CBP partly justify the invasion of privacy by citing a supposed reduced expectation of privacy when traveling. But people whose data is caught up on the devices of others are not the ones traveling, but they are still having their messages read and photos copied.
Topology1 1 days ago [-]
Is this not old? Since then they have also required all social media to be public.
bsimpson 8 hours ago [-]
The Supreme Court has recently had an appetite to overturn precedent deemed to be rooted in faulty case law/reasoning (controversially, Roe v Wade). It would be nice to see that energy pointed at blatantly unconstitutional notions like "you have no privacy when traveling."
Except for the parts that say "we get to be even more invasive for 'national security concerns'" and that they can compel you to provide a password, this doc seems mostly reasonable if you accept that they can search you. Then again, it's not clear _why_ they should be able to search your devices. There are no foreign pests nor WMDs that exist as documents on a device. This is clearly just the government being nosy because they think they can.
floatin 23 hours ago [-]
I just factory reset the phone or tablet and pull my data back down from cloud storage.just show up with the phone on the choose your language screen.
bsimpson 8 hours ago [-]
It says they're supposed to put it in airplane mode before searching. Of course, there's nothing preventing a Snowden-style klep the cookies and let a three letter agency reuse them later.
trebligdivad 1 days ago [-]
So hmm this allows 'electronic or digital' information to be examined - so you're fine transporting your information read out on cine film?
217 1 days ago [-]
what does this mean in practice? is everyone being / going to be forced to unlock the devices during the border crossing
1 days ago [-]
ChrisArchitect 20 hours ago [-]
More recently:
EFF to 4th Circuit: Electronic Device Searches at the Border Require a Warrant
When you enter Tibet, Chinese Border Patrol (heh!) will go through your photo album looking for images of the Dalai Lama. If you have a picture of yourself wearing a "Free Tibet" t shirt they will delete it. That's about it.
soyunpendej0 1 days ago [-]
> 5.1.3 An officer may conduct a basic search of an electronic device with or without suspicion,
subject to the requirements and limitations provided herein and applicable law.
> 5.1.4 An officer may perform an advanced search of an electronic device only in instances in
which there is reasonable suspicion of activity in violation of the laws enforced or administered
by CBP or, in the absence of individualized reasonable suspicion when there is a national
security concern.
In this climate, the qualifiers in 5.1.4 should be assumed to apply 100% of the time.
So, if you bring a device, be prepared to either unlock it and hand it over to be mirrored or abandon it and deal with whatever consequences fall out of that decision.
I'm probably never leaving this shithole again but, if I do, I'm coming and going empty-handed.
cyanydeez 1 days ago [-]
that's not your only options, but the ones likely everyone will follow. Guidance does not equal law.
KennyBlanken 1 days ago [-]
A friendly reminder that the CBP has decreed itself to have authority within 100 miles of any US border, as that it is its interpretation of "a reasonable distance" from said border.
That basically encompasses two thirds of the population.
The last two years have demonstrated a radical need to curtail that range of authority and shift from it being vaguely specified to a concrete legislative specification.
Even ten miles seems (pardon the pun) borderline excessive. There is no reason CBP can't hand off stuff to local, county, state, or federal domestic law enforcement. We have no shortage whatsoever of law enforcement in this country and they're able to communicate inter-agency better than ever via cell phone, tools like slack/teams, text messages, email, and long distance digital radio systems.
Maybe in the 1950's when all they had were shitty radios given them that sort of range was appropriate. Not anymore.
tptacek 1 days ago [-]
This is false. It's an old fundraising claim used by the ACLU; they have since set up pages backing away from it (because convincing people in the US that they don't have rights they do in fact have is not good civil liberties advocacy). There's direct SCOTUS precedent on this.
There's a 100 air mile border definition that's material to immigration enforcement (with complicated limitations). It does not determine where searches under the border search exception can occur.
LocalH 23 hours ago [-]
Congress's own website with a map showing the exception area seems to indicate that nearly the entire state of Hawaiʻi is within the exception zone.
Nobody disputes that border searches are constitutional at the functional equivalents of the border; if you fly in from Canada and land in Tulsa, Tulsa includes a de jure international border.
The dispute (it's not really a dispute, there's a line of SCOTUS precedent explicitly about this question) is whether a 25-100 mile zone extends outwards the airport customs gates. No.
TylerE 12 hours ago [-]
> 25-100 mile zone extends outwards the airport customs gates
No one in this subthread has claimed that but you.
I love all the instances where it says, we will not do this or infringe in this way... unless it is a matter of national security, which we don't have to disclose to you. So basically, do what you want as long as you write it up properly.
And this part: 5.3 Review and Handling of Passcode-Protected or Encrypted Information 5.3.1 Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device that is protected by a passcode, encryption, or other security mechanism, an officer may request the individual's assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents. Passcodes or other means of access may be requested and maintained for the duration of the search if needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device that is being inspected or has been detained, seized, or retained in accordance with this Directive.
I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device, which is why I always powered mined down before crossing. That goes against the obligated to present devices in a condition that allows inspection portion.
Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US. If you're a citizen, they can't deny your re-entry. They can delay you for however long and ruin your day and even keep your devices, but you get to go home.
Don't worry, they're working on ending birthright citizenship
Under what grounds?
I'm not saying that I agree with it, it's just the way it is
The U.S. isn't China or the UK.
[0]: https://substack.com/@glukianoff/note/c-262196255
In my experience, Australia was the most difficult country to get into as they are (now) very careful about bringing in any plant seeds or fruit, but the security staff were very friendly and helpful. I had to spend a while explaining that I did have some bananas in my bag previously which was why the cute sniffer dog was interested in it.
https://www.libertyhumanrights.org.uk/advice_information/exa...
Wasn't. Past tense.
Spiteful border agents is not a new thing (I love the URL shortening).
>Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US.
That's exactly what "you could not be compelled to unlock an encrypted device" means? You won't get sent to the gulag for refusing to, but entry into the US was always conditional with very little room for recourse if the border agent doesn't like you.
Saying "they can deport you" without specifying whether the hypothetical "you" is a citizen or not means you did not answer the question.
Not that you have to answer a stranger's question, but I thought I would clear the confusion in the hope it may be helpful.
or that their investigation took longer than the duration until your intended flight,
but, no, they can’t legally refuse you from flying without cause or suspicion.
Not always.
They must admit you, but they can arrest you one second later
Yes, I know, they can theoretically do whatever they want, but realistically it would take the most spiteful of spiteful agents to arrest you without cause (just because you refused to unlock your device). Just the act of doing this would create a lot of extra work and paperwork for the agent that most of them are not going to want to deal with. Plus, asserting your rights is a sign to them that you aren't a pushover and aren't going to get trampled on easily. The bullies prefer easier targets, usually.
Not sure about today specifically, but it is pretty relevant with the World Cup starting in 2 weeks
The best time to plant a tree is 10 years ago. The second best time is today.
I have nothing to hide, but still no intention to provide my passcode.
There are consequences for not decrypting, though: for a U.S. citizen, they can seize your stuff for up to 5 days. For non-citizens, they can elect to not let you in.
Concerning "obligated", I would point out that regulations aren't laws. Governing bodies can say whatever they want, but that doesn't make it so. For instance, the TSA continues to publicly insist that ID (especially "Real" ID) is required to fly within the U.S., but it's not.
Explain, please, because you seem to be implying that someone can board a plane from New York to LA without being legally required to show any identification.
Yes, things have changed in that time with regard to the zealousness of the TSA, but the laws and regulations behind them have not.
"In fact, the TSA does not require, and the law does not authorize the TSA to require, that would-be travelers show any identity documents. According to longstanding practice, people who do not show any identity documents travel by air every day – typically after being required to complete and sign the current version of TSA Form 415 and answer questions about what information is contained in the file about them obtained by the TSA from data broker Accurint…."
https://papersplease.org/wp/2020/05/19/tsa-tries-again-to-im...
https://papersplease.org/wp/2024/03/18/buses-trains-and-us-d...
https://en.wikipedia.org/wiki/Freedom_of_movement_under_Unit...
ezpz
That said, the whole thing is overreach in any democratic society.
1. You don't fuck around with Australian customs agents. Ever.
2. They make every other country look like complete lightweights, Americans and EU included. These guys will fine you AU $500 for half an eaten apple in your bag.
Tip for travelers to Australia/New Zealand: If you have something that is stated on the declaration form, just answer yes. Provided it's not some totally illegal substance, they'll inspect the items and if it's not allowed past the border it'll be seized without penalty. Someone will correct me if I'm wrong, but I believe in some few cases, you can even pick it up on your return.
If it's something like large amounts of cash, goods, alcohol or cigarettes, you may have to pay a tax or import fee and answer a few questions. Just don't be a dimwit.
That seems entirely appropriate, no? Produce crossing international borders like that can be a huge problem.
Customs agents are always given broad discretion and generally care about something.
Most normal folks will never intact with these issues. The last time I travelled internationally, they weren’t even doing secondary customs screening upon return to the US.
Ideally we should be able to just snapshot everything and then restore from that state. Kind of like EC2 or Digital Ocean
Also they'll detain you for having a suspicious burner phone and interrogate you about your social media etc.
What I want is to get my home screen back exactly as I left it: I've not found anything able to pull it off on Android though.
Ideally it would be an exact flash image of the phone.
Unfortunately, I don't know of any other app that does this on an unrooted phone.
AFAIK iPhone backups, if restored on the exact same device (i.e. a CPU with the correct decryption key embedded in it) will restore almost everything, including authenticator apps.
The only realistic option for Android is a separate "burner" device.
It's very patchy, and many (most?) apps opt out, so it's functionally useless.
???
Are American made operating systems (Android, iOS, Windows, Mac) so full of 0days that the Chinese are burning them on random travelers? This just feels like either severe paranoia and/or chinese/american psyop, making people think that China has some magic hacking power.
You could make an argument about the security of the modem of your devices, as that was often a target due to it not being particularly secure and it having wide access to your device, but I believe that started changing some years ago when this started being a more widely reported issue.
So, yeah, savvy companies have had these policies for like twenty years now.
Protections at the U.S. border and within the U.S. are actually pretty good. Much of Europe isn't as good. Hell, the British will throw you in jail for refusing to unlock.
This also happens in many other countries
Source? Are we talking on random travelers, or targeted individuals? I seriously doubt china is doing the former, and I also seriously doubt the US doesn't engage in the latter.
I believe in politically sensitive areas like Xinjiang it happens to everyone. A past employer gave specific advice regarding Hong Kong as well.
I think the key thing as a traveller isn’t the righteousness of China vs. US. It’s the chilling effect on travel and trade.
We really depend on these devices that have access to vast scopes of personal and other data. That sexy text you got a year ago is still in your text message store and may be a problem in some places.
So long as only a few countries are doing this, it might seems doable. If everyone starts doing it, international travel becomes rather annoying to say the least. Realistically I think at some point a detente might want to be reached, with everyone agreeing not to search everyone else's electronics.
But "law enforcement" is specifically exempt?
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
Search by border officers may very well be GDPR breach for that controller if there was data of EU data subjects, but I don't think there is currently any case law around it.
Edit: the first directive apparently was from 2009: https://www.jdsupra.com/legalnews/new-policy-for-device-sear...
Your personal papers are perfectly safe and subject the fourth amendment protections in your rented apartment. But most digital materials are considered to have been shared with a third-party if you store them on Google Drive.
My feeling about this stuff personally is that the biggest issue is that stuff that happens in electronic devices is different in a modern sense than what anyone intended in the past. If you could figure out a way to make my personal property as it exists on a foam or another device, the same as the personal property that’s in my desk at home or the trunk of my car then technology would be able to solve a lot of these problems. I think the custom thing is a more nuance conversation. I don’t understand the theory of it enough, but intuitively it seems ridiculous that a CBP officer has the ability to legally go through 30 years of my pictures in my Apple album because I happen to be crossing a border.
As the ability to perform surveillance on members of the public expands, laws and regulations must be reconsidered with these new capabilities in mind if just outcomes are to be maintained. Laws, regulations, and punishments that were just and reasonable when one expected to learn about and prosecute one offender in -say- a million are likely unjust and unreasonable when one expects to learn about and prosecute every single offender. [2]
[0] See also Section 16 on numbered page 236 of [1]
[1] <https://govtrackus.s3.amazonaws.com/legislink/pdf/stat/1/STA...>
[2] Yes, there are offenses -such as murder- for which this doesn't hold. I'd expect that these are the minority of offenses.
5.3.2 "Passcodes or other means of access may not be utilized to access information that is only stored remotely."
One easier way to do that is to use a Chromebook Public Session with a VPN, then connect to SaaS or a hosted desktop in your jurisdiction.
CBP partly justify the invasion of privacy by citing a supposed reduced expectation of privacy when traveling. But people whose data is caught up on the devices of others are not the ones traveling, but they are still having their messages read and photos copied.
Except for the parts that say "we get to be even more invasive for 'national security concerns'" and that they can compel you to provide a password, this doc seems mostly reasonable if you accept that they can search you. Then again, it's not clear _why_ they should be able to search your devices. There are no foreign pests nor WMDs that exist as documents on a device. This is clearly just the government being nosy because they think they can.
EFF to 4th Circuit: Electronic Device Searches at the Border Require a Warrant
https://news.ycombinator.com/item?id=48115059
> 5.1.4 An officer may perform an advanced search of an electronic device only in instances in which there is reasonable suspicion of activity in violation of the laws enforced or administered by CBP or, in the absence of individualized reasonable suspicion when there is a national security concern.
In this climate, the qualifiers in 5.1.4 should be assumed to apply 100% of the time.
So, if you bring a device, be prepared to either unlock it and hand it over to be mirrored or abandon it and deal with whatever consequences fall out of that decision.
I'm probably never leaving this shithole again but, if I do, I'm coming and going empty-handed.
That basically encompasses two thirds of the population.
The last two years have demonstrated a radical need to curtail that range of authority and shift from it being vaguely specified to a concrete legislative specification.
Even ten miles seems (pardon the pun) borderline excessive. There is no reason CBP can't hand off stuff to local, county, state, or federal domestic law enforcement. We have no shortage whatsoever of law enforcement in this country and they're able to communicate inter-agency better than ever via cell phone, tools like slack/teams, text messages, email, and long distance digital radio systems.
Maybe in the 1950's when all they had were shitty radios given them that sort of range was appropriate. Not anymore.
There's a 100 air mile border definition that's material to immigration enforcement (with complicated limitations). It does not determine where searches under the border search exception can occur.
https://www.congress.gov/crs-product/R46601
The dispute (it's not really a dispute, there's a line of SCOTUS precedent explicitly about this question) is whether a 25-100 mile zone extends outwards the airport customs gates. No.
No one in this subthread has claimed that but you.
We're talking about this: https://www.congress.gov/crs-product/R46601#_Ref40429957