The “flaw” is that there’s an incentive for you to enter the country. Even if it’s just to visit, you’ve spent money to fly out there. if it’s for work or a job, that incentive is even bigger.
Denying them access because you don’t have or know the password may end up with you waiting for a plane back home. They may simply not believe you, or decide that you are actively hindering them in their job.
They know that they have the power to inconvenience you severely. The sad reality is that pissing them off may make them do so.
I’m looking for a cheaper and smaller laptop for when I travel - an old Thinkpad X61s or similar would be good.
Let’s just say you can have “travel-private” data and “private-private” data.
You can always encrypt your private-private data and put it in the cloud in case you want it on-the-go.
A good password is say, the 3rd sentence, 7th chapter from your favourite novel in Spanish.
Nobody explains in this thread why the US would even want to implement a “hand over your (social media) data” doctrine. I would think they most likely still have access through stuff like XKeyScore. Or does anybody believe they actually scrapped all those things in the wake of the Snowden affair?
This administration wants people to, whether they have a reason or not (I don’t think they’re big on reasoning).
Homeland Security Secretary John Kelly told Congress on Tuesday the measure was one of several being considered to vet refugees and visa applicants from seven Muslim-majority countries.
“We want to get on their social media, with passwords: What do you do, what do you say?” he told the House Homeland Security Committee. “If they don’t want to cooperate then you don’t come in.”
Creating a facebook or twitter account just for the purpose of travelling to the US will not work. That account will be mostly empty and look very different to the average account were the average traveler has links to his or her family, work, and has pictures of their life dating back a few years. Customs are not that naive.
Make no mistake: if you do not have a real social account where family and friends can vouch for you, all looking totally unsuspicous to customs, you will not be able to travel to the US in the near future. And the beauty of it is that nobody will even realize it is so: the people without credentials will simply be put on a no fly list, will not get a visa or an ESTA number and will simply not be able to get a plane ticket.
It is a good idea, but there is a flaw in your idea of carrying inoucuous data and having your real account accessible online. That flaw is called 2 step identification. Most accounts nowadays require that, in addition to a password, you use a physical token. That physical token is usually some cryptographic key on your computer and customs will eventually look for that data and ask about the other accounts.
If you don’t have the extra bit, when you try to access your mail abroad with your valid password, you’re locked out.
Of course, it is possible to set up your own server that will only ask a password, and restore the data from there, but this is too involved for most people.
You will not be able to restore your backup from Apple’s server without 2-steps verification. That means: if you are abroad, you can’t restore your backup on a blank iPhone/iPad without another “token”. That “token” is either another computer which is not wiped off (which defeats the purpose) or a SIM card (to get a SMS message).
At present, the SIM card is the flaw in the system, but I expect customs to be able to get that info from Apple (or Google for android phones) very quickly. And probably the NSA already knows. Then, they find the SIM card, and ask Apple to associate it with an Apple id. They find it is not the one on your phone… checkmate.
The hackers thank you when they crack your computer.
What all the “just leave all your data on the Internet!” people fail to realize is that they’re not the only one that can get to your data then, if properly motivated.
Encrypt your hard drive with tools like BitLocker, TrueCrypt, or Apple’s Filevault, and choose a strong passphrase.
Truecrypt? Really? Although it passed the security audit with some minor issues there have been several serious vulnerabilities revealed since then which have been patched in later versions of veracrypt. It has been long since time to move away from truecrypt to be honest.
Here’s my advice: Don’t do anything cute. Don’t work around, don’t mail yourself a SIM card, don’t do this shit. There’s not such thing as technically complying while not giving them your data. That’s a very long phrase for “pissing off the border guards”, which is a dumb-as-hell thing to do.
Them getting your data is the cost of entering the country. You are either paying the cost or you are not. I wouldn’t count on the law to protect me if I was an American citizen, and I’d definitely not count on it if not. Use that wonderful internet thing to do whatever you’ve got to do in America without actually going there.
If you are a US citizen, you’re not legally required to unlock devices. Customs may confiscate your devices and not return them if you refuse to comply but, as of right now, they can’t keep you from entering the US as a citizen if you stand your ground. As I’ve said above, if they take your devices away, you should consider them compromised even if they return them.
Working in a security organization in Silicon Valley, me and other folks at work are actively discussing this and what to do. I have a work trip to Berlin (with my entire seven person team) in April. At least three of us will be crossing a US border and the same team will be in the Bay Area in June, so the four foreign living, non-US citizens, will have to enter the US at that time. One of my US people is on an H1B as well and is a citizen of an Asian nation. So, this is really a rather important discussion. That said, we don’t know what to yet beyond “Leave your phone at home and get a burner (intern) laptop from services for your trip.”
This is insane. The whole thing. Just the fact that someone felt compelled to bring this info into existence. It’s completely nuts. Here’s the really depressing part: we’re only at the infancy of the era of The Cyber. I’ll take a pad and pencil or pen from here out, thanks.
Not sure if you’re joking given Mango Mussolini as Commander in Chief, or if you’re serious. Presuming the latter, just in case: cyber, adjective: “In predicative use. Of, relating to, or involving (the culture of) computers, virtual reality, or the Internet; futuristic.”
Doesn’t mention gov or mil. Also, I submit Billy Idol in my defense, himself niether gov nor mil.
I know the meaning. I’m saying if you walk up and talk about “The Cyber” in front of actual security people, folks will assume one or both of two things:
You’re from the government
You’re an idiot
Only the government, its associated entities, and their contractors talk about “cyber” this or “cyber” that. It’s a running joke in the rest of the industry.
That definition might have been accurate 20 or more years ago. Now it sounds like a old dot com joke (just like Billy Idol’s album, which is often mentioned as the same sort of idiocy).
It pays to know if the jargon you use leaves you open to derision by folks. Just sayin’.
