How to legally cross a US (or other) border without surrendering your data and passwords


#1

Originally published at: http://boingboing.net/2017/02/12/how-to-cross-a-us-or-other-b.html


#2

can they probe you like this if you have Global Entry? - asking for a friend

(edit, several hours later) OK, thanks to Hacker News, here’s an example - http://www.theverge.com/2017/2/12/14583124/nasa-sidd-bikkannavar-detained-cbp-phone-search-trump-travel-ban

Seemingly, Bikkannavar’s reentry into the country should not have raised any flags. Not only is he a natural-born US citizen, but he’s also enrolled in Global Entry — a program through CBP that allows individuals who have undergone background checks to have expedited entry into the country. He hasn’t visited the countries listed in the immigration ban and he has worked at JPL — a major center at a US federal agency — for 10 years.


#3

I’m never going to visit the US again - I can’t afford the insurance - but I doubt I would be let in based on social media postings. I don’t use FB, I don’t use Twitter - how do I persuade an official of the absence of something?
And it seems to take so little to arouse suspicion. At one time I was visiting NY roughly every 4-6 weeks and travelling very light - I could keep spare clothes etc. at the office. Every single time I was getting tested for drugs. White guy in business suit with overnight bag and laptop. Every single time nothing found and stony faced official returned bag without a word. I guess somehow I got on a list.


#4

It’s difficult to persuade of the absence indeed, so you can create accounts in twitter and facebook just so that you have them. Even if you don’t use them, it’s useful to have them just so that you can give up their passwords. It’s a big plus if you use your official name and email on them.


#5

Having travelled the world, in some fairly sketchy and/or police statey type places, I’ve learnt a few lessons. The most important one is that you have to have something to give them. For example, if you choose to walk thru a slum in the back end of a third world city, say Mogadishu or Detroit, it is a good idea to carry an old wallet with some expired ID in it (for verisimilitude) and a small amount of money (usually the minimum amount needed to score some drugs). You get mugged, you hand it over, the mugger goes away happy and you go away alive.

Similarly when crossing a border and dealing with the government thieves, you have to have something to give them. Hence my old lap top. Runs Windows, uses Explorer with a judicious amount of malware. Has a facebook account that friends various family members and innocuous friends (none with say Arabic names, none not residing in North America). It links to a hotmail/outlook email account, in my own name, with a lot of spam and cruft in it. Terrible passwords on both, which I am slightly reluctant to share with the border officer but of course do. I browse (carefully) on it once or twice a week, a bit more often before I travel, mostly visiting very mainstream news and entertainment sites for the vacant. And of course a bit of pretty vanilla porn surfing for the logs (this is a pretty important piece of verisimilitude). There is nothing that might seem sophisticated to a dumbass border officer. I am the very image of an unsophisticated computer user, much like themselves. I gave them something, they are happy and I am not a suspicious person. And it is all 100% legit, I did not tell a lie, and thanks to the powers of the internet it is not difficult to access things I need or want once I am safely through.

Only a moron attempts to cross a police state (like the US) border with either an obvious secret, or nothing embarrassing at all. Don’t fight or resist, and have something to give them. Just like with a mugger.


#6

Yes. It just doesn’t happen as often.


#7

I was given extra screening at my weekly crossings for years. Turns out a thug with my name was wanted on immigration charges. One nice border agent told me one day to travel in short sleeves since the perp they sought has full-sleeve tattoos. Crazy system.


#8

With Facebook, they then track you everywhere. It’s creepy stalking. It’s hard to keep their tracking cookies out of your computer.
Really if “patriotic Americans” understood what Facebook does and how it relates to their freedoms, they’d try to lynch Zuckerberg.


#9

How do they get around the issue of two-factor authentification if you give them your social media passwords? And just how much of a social media life should a 50-something year old man have, anyway? I have Twitter (which to me is just a newsfeed) and Instagram. Not much else. My brother has exactly zero social media accounts.


#10

This has been my life for years. I happen to share a first name, hair color and birthdate with a late era IRA operative.

When I have to go out, I carry a prior gen IPad (and before that, an old laptop) that gets a clean restore about two weeks before I travel, plus a few apps, but not my key manager or Apple ID. If they want to napster my music collection, or my ebooks, they’re the ones pirating. I can fix what I need when I get on the ground, if I can get wifi. If not, it probably won’t kill me to be more off grid than not for a couple weeks.

She’s also the only reason I haven’t nuked my FB account. It’s not like I use it, but its existence simplifies travel.


#11

Here, this account summons a cruise missile. You access it, you die.


#12

How about just setting your password to 2444666668888888? If they ask, you just say “my password is one two three four five six seven eight” and if they can’t figure it out, fuck em!

Seriously though, I don’t care what the ruling has been, I will never give my password up. I don’t believe that the US constitution allows authorities that access to the property and papers of a US citizen, ever. I’d go to jail for that principle.


#13

I respect the principle, but bear in mind that non-compliance may prove to be extremely taxing.


#14

I’m a Luddite – although I have a Twitter account, I’ve never bothered using it and I don’t even remember the password. My one attempt at setting up a Facebook account failed, and I never tried again, after seeing some of the privacy issues involved. I don’t even have a smartphone, although my flip phone is dying and I may end up getting one purely for the picture taking function. I will be very ticked if they try to penalize me for choosing not to be wired up like a Borg.


#15

Different circumstances, but point taken. And the truth is that I have a family, so being taken in to custody just to “fight the good fight” is probably not something I’d actually do. I guess I’ll just have to donate extra to EFF this year…


#16

So… the answer to “how to legally cross the US border without surrendering your data” is to not have the data with you, essentially? That seems less than ideal, to put it mildly.
As a US citizen, I’m still potentially going to run afoul of this kind of nonsense, and this just makes me reluctant to travel. I’d only be carrying a laptop because I need the data within it, and I’d rather not buy a new, blank phone just for the purpose of making phone calls from the airport (nor blank my phone for that purpose), since likely I’d have a burner phone that I know is compatible with local systems for overseas use if I really needed a phone there.


#17

Friend of mine took a flight to the US, passing all the various security checks, etc and while he was on holiday, rediscovered the micro SD card that had his mp3 collection stored on it. It was in the change pocket of his jeans.


#18

Thank god the thug didn’t have a Prince Albert.


#19

See, there’s this thing called the internet, which is very good at storing and moving data around and pretty much ignores borders. You can do it pretty securely and surreptitiously too. I mean if the NSA REALLY wants a look at it, they can, but if you make it a little difficult and don’t otherwise draw attention to yourself, well…

The thing is to not draw attention to yourself mostly. Be Very Ordinary, and always give them Something boring and minimal to look at


#20

Can they make you install software to access your accounts? If I delete the 1password app with all my passwords from my iPad, can they make me install this at the border to access those accounts?

I would have a few accounts (2nd twitter, apple mail, 2nd facebook, on the iPad. the rest would have passwords that I genuinely do not know without accessing 1Password.