Mission Creep
What's the number of devices searched in America by comparison? If you're just transiting through, can a forced-search still happen? Probably...
Customs laws in New Zealand now allow border agents to demand travellers unlock their phones or face an NZ$5,000 (around US$3,300) fine. The law was passed during 2017 with its provisions coming into effect on October 1. The security conscious of you will also be pleased to know Kiwi officials still need a “reasonable” …
If you're transiting through a US airport, then you're considered to be entering the country and are subject to all the checks that come with that process, including customs and immigration. I bitterly remember standing in line at LAX after a 12 hour flight, to explain to a frankly incredulous immigration officer that I didn't have an address in the US because I was never planning to enter the blasted place.
If you're transiting through NZ - from one international flight straight on to another - currently you are not required to go through NZ customs. There's been no announcement of any plan to change that.
> "I bitterly remember standing in line at LAX after a 12 hour flight, to explain to a frankly incredulous immigration officer that I didn't have an address in the US because I was never planning to enter the blasted place."
Um, the US requirement in your case was the same as making a vist to the US, basic customs. hat does not require you to have a US address. Are you sure that's what really happened? Seems like US Customs might have better things to do than inexplicably and needlessly harass international travelers.
The US does require you to have a US address when entering (or transiting) because the blasted ESTA is required even during transit. You can only have an ESTA if you provide a US address. Provide the airport's address instead. When they look incredulous, point out that you're only transiting.
"Um, the US requirement in your case was the same as making a vist to the US, basic customs. hat does not require you to have a US address. "
Yes it does, when you enter the US you are required to tell them where you will be staying, be it at a friend's house or at a hotel they don't care, they just want to know were they can find you.
I fondly recall two separate incidents at Miami International Airport, a.k.a. Hell on Earth.
Both times I was working for a newspaper in Jamaica. The then owner also owned a large hotel chain and Air Jamaica. When the paper started up it was a weekly which went to twice and then three times a week. It didn’t have a press of it’s own; senior staff (that’s me, as I was networks/prepress chief, or one of the senior editors) took the film from the imagesetter in a big box up to a printing operation in Miami (actually Miramar, but close enough) and it was printed there and the paper would fly down on Air Jamaica.
So once the immgration guy took a look a the entry form, and noticed that I’d listed the address of the print shop, not a hotel. He really did’t like the idea that I wouldn’t be staying in a hotel, because I came in on the first Air Jamaica flight in the morning (07:00 departure, theoretically, but like most things it operated on Jamaica Time...) and was scheduled out on the last flight back (20:30, which usually meant 21:00. Jamaica Time, y’know.) with the paper in the cargo hold, so I’d be at the print shop all day and wouldn’t be staying at a hotel. He refused to let me in. I moved to a different line. The immigration guy there asked me why, I told him, he shrugged, said that Rodrigues was like that, apologised and stamped my (UK) passport. (Memo: don’t try to enter the US at MIA on a Jamaican passport. You will be sorry.)
The second time it was a customs guy who had a problem. He really, really, REALLY wanted to know what was in the box of film and was most disappointed when all he could find was sheets of develloped film, tabloid size, enough for 60 pages, 8 in full colour. He had a look through my laptop bag, and was delighted to find my Irish and Kenyan passports, then disapointed again to find that they had the same name and address as my UK passport. Aparently he thought that he’d uncovered some kind of film smuggling ring or something. Then he discovered my old UK, Kenyan, and Irish passports, tied together with rubber bands, which were in a side pocket. And disappointed again when I showed him the clipped corners and the ‘not valid’ markings. One of his supervisors wondered over and told him to let me go. He knew, though the customs guy didn’t, who I worked for and some of the Big Boss’ hotels were in Florida. It’s not a good idea to piss off the tourist industry in Florida.
Flying round trip from Jamaica to Miami (well known narcotics transport locations) on the same day to make a drop off & pick up at an obscure business and traveling with three different passports, it practically screams "look at me". Of course you're going to get looked at pretty closely, what else would you expect?
What's the number of devices searched in America by comparison? If you're just transiting through, can a forced-search still happen? Probably...
I've been a few times while they've been aloowed to snoop - often with a couple of phones and a number of laptops or tablet type devices. So far I've never been asked anything about them.
I do have some colleagues who simply have "an America phone" now, which is all they'll take with them when they go, due to worries over what might be added to a device while out of their posession. It does make me wonder what'll happen when all the different nations implanted spyware begins to fight for control over a device :)
Factory reset when you land. With android it takes just a few minutes once you have WiFi to get back to where you were. With nova launcher even my user experience can be restored from a backup.
I'd love to see the expression on the immigration officer's face when he switches on my phone and has to configure it from scratch only to find there's nothing on it.
/It would be hard enough to find a needle in a haystack on a phone, but what about a laptop? Mine has a 1TB SSD... even at its maximum speed of 550MB/sec, it would take more than a half hour to dump my entire drive if they want to go through it in detail later. How many other devices come through in a half hour? It's unworkable to try to do, and it's equally as unlikely that someone can go through that enormous file system and try to find the one thing that they don't even know they're looking for. Are they going to verify that every file listed as a given type really is what it says? Are they going to watch every video and view every image to make sure they're (a) actually videos and images, and (b) that they don't contain some content they think is bad? Do they have any idea how many files can be on a 1TB drive?
Are they going to verify that all of the unallocated space on my hard drive actually is unallocated and not a hidden encrypted volume? Are they going to verify that the size of all my visible partitions plus the unallocated space adds up to the total size of the SSD?
That's assuming they don't try to install a rootkit or some other thing. My laptop runs Linux. Will their rootkit be able to work with that? Of course, any electronic device that was out of your possession and out of your custody even for a short time has to be considered suspect... does this effectively render the item devoid of value? Shouldn't they have to pay for making my laptop forever untrusted because of what they may have implanted in it?
You may imagine that real criminals are devious masterminds. But they are just ordinary people who are doing naughty thing. Some are even of less then ordinary intelligence.
Taking at face value https://www.bbc.co.uk/news/uk-scotland-tayside-central-45731642
Three Scotsmen recently tried to fly assorted drugs by drone into Perth Prison. The drone was found by a prison officer.
It had a video camera and it had filmed the men's faces, the drugs, their house door with the number on it, and their car, while they were loading the stuff in and then presumably taking the drone to the prison.
Presumably they did not know this.
The pictures are quite good quality as home video by my standards, but I'm not a connoisseur.
Two men in the video are now in jail and one apparently hasn't been recognised yet, so, if he looks familiar, feel free to call the Police Scotland Clypeline.
I'm not telling you the code to unlock my phone, I refuse to pay the fine, & you can knock yourself dead trying to break into the phone... since it'll be a burner phone purchased expressly for the purpose of thwarting all the 1984 levels of snoopy bastards sticking their noses in where they don't belong. And once you DO manage to weasel your way past the lock bits, the only thing on the phone will be an mp3 titled "Confession" of NWA's "Fuck the police!" to amuse everyone in earshot.
That sounds like a very expensive way to make a point. Why don't you just stay away?
I'm happy to unlock my phone for any reasonable authority who asks politely. It's a phone. What do you expect they'll find? By this time they've already got my name, address, biography and family details.
Seriously, I've never seen so much fuss made about a provision that - by current international standards - is still incredibly mild (by which I mean, you're subject to way more intrusive searches if you fly into, say, the USA or Australia, where they will simply seize your device - indefinitely - if you refuse to unlock it on demand). What the hey do some of you people keep on your phones, anyway?
Why don't you just stay away?
I won't have that option, because I live here.
I am intending to take the same attitude, in the unlikely event I am asked to unlock my phone for the customs people.
I will be telling them no, then having my lawyer ask to see their evidence of "prior suspicion" if they decide to fine me.
Five grand is a lot of money, and I'd rather give it to my lawyer.
>What the hey do some of you people keep on your phones, anyway?
Emails, appointments and contact details of customers I am visiting that might be considering buying my foreign product over a home grown competitor. So I should assume that they will be handed over to my local competitors in the name of national economic security
Evidence that I have read an article on gun control which means the red-necked "patriot" on the desk is going to invent some reason to block me, or at least keep me waiting for 12 hours for further questioning.
Photos of my daughters on the beach which are going to be passed around by some police officers before being released to their wider "image sharing network"
In a way it's funny that the "trade craft" of visiting our major Nato ally is now something like visiting East Berlin in the early 80s
"Evidence that I have read an article on gun control which means the red-necked "patriot" on the desk is going to invent some reason to block me, or at least keep me waiting for 12 hours for further questioning."
Law enforcement folk (particularly the urban/metro variety) tend to favor a disarmed civilian population as well. So if it is any consolation, my phone's articles regarding things like 'best ammunition for various pistol calibers' is as likely to get me blocked/delayed as yours are, for fundamentally similar reasons.
In a way it's funny that the "trade craft" of visiting our major Nato ally is now something like visiting East Berlin in the early 80s
New Zealand is not anybody's "major Nato ally". Perhaps you are getting it mixed up with some other country. At least NZ doesn't subject you to mugshots and fingerprinting (fingerprinting! Seriously, why?) on entry, like some "major Nato allies" I could name.
If you think that the officials are going to be passing around your family photos for their titillation and amusement, then... I suggest you lobby for them to get a pay rise so that they can afford broadband. Believe me, there's better material already online.
More to the point, what do you expect you'll find on it when you get it back?
If you honestly believe that the authorities would do that just to get at you personally, then sorry to break it to you, but you've already lost. Not just the battle, you've lost the whole war, and your country is officially a shithole now. Or maybe you're just paranoid.
In a previous role I had accounts on my phone which allowed access to security and audit documentation for a sensitive UK Government IT system. I personally wouldn't have cared who saw it except that I'd signed some paperwork that would let me be jailed if I made them available.
Then you'll be pleased to note that the phone is examined in flight mode. What you have "access" to is literally neither here nor there. Unless you're rash enough to store local copies on the phone itself.
What the hey do some of you people keep on your phones, anyway?
You may have reworded it, but you basically just wrote "if you've nothing to hide, you've nothing to fear."
Besides, if we don't keep sensitive data on our phones, what point is there to look at them?
As an earlier poster said.. mission creep... and with todays 150 character attention span population, the frog in the slowly boiling water is easy to achieve.
"It's a phone. What do you expect they'll find?"
Besides the possibility of them planting spyware on the phone, the US have apps that will grab everything off the phone and upload it to the gigantic NSA database which will keep it forever and cross reference it with the rest of that database. Mission creep may well mean NZ eventually doing something similar.
Note that the US don't just read the files on the phone - they suck down everything that the phone can reach. Every web and cloud application that the phone has the codes for.
That means not only your personal information, but information that your friends have given you access to. If a friend has posted extremely private and personal information in a locked post that they have only given a few close friends access to, that information is now on the NSA database. Personally I have no intention of betraying my friends.
> Seriously, I've never seen so much fuss made about a provision that - by current international standards - is still incredibly mild (by which I mean, you're subject to way more intrusive searches if you fly into, say, the USA or Australia, where they will simply seize your device - indefinitely - if you refuse to unlock it on demand). What the hey do some of you people keep on your phones, anyway?
I guess if you have nothing to say, there is nothing to hide. Listen, if it's not too much trouble, please send us a nightly report of whomever you associated with that day, your exact location by the minute, a copy of any photo you took (remember to tick the box so we get the location with it please).
In a previous role I had accounts on my phone which allowed access to security and audit documentation for a sensitive UK Government IT system. I personally wouldn't have cared who saw it except that I'd signed some paperwork that would let me be jailed if I made them available.
"...I'm happy to unlock my phone for any reasonable authority who asks politely..."
Are you deliberately being stupid for kicks or are you just a naive exhibitionist? Please state what you think a 'reasonable authority' is; by definition it is not one where their agencies seek to pry into areas where they have no right or cause to in the first instance - that is a most unreasonable thing to do indeed.
In the case of the NZ law using the "reasonable cause" argument: this is both erroneous and dangerous because it is a weasel clause. It can - and will be - abused by the very agencies required to implement it, whether polite or not.
"...It's a phone. What do you expect they'll find?"
Is the wrong question.
Of course terrorists and criminals will always have something hide - BUT SO DO THE REST OF US. The concepts, in case you haven't heard, are called privacy and dignity and many people have a strong sense of what that means for themselves .
So it doesn't matter if it's a phone, personal diary, family photo album etc. the state has no business in arbitrarily violating their sanctity - which this law undoubtedly grants license to do.
... By this time they've already got my name, address, biography and family details. ..."
And also where you like to shop, what restaurant you visited last Saturday, when you last got a parking fine and so on and so forth. What of it? None of this stuff is remotely private so it makes no difference whether the state, journalists or other nosey-parkers know or not.
...Seriously, I've never seen so much fuss made about a provision that - by current international standards - is still incredibly mild...
So in other words: everybody else is doing so we can too. From a statement like this it might appear you are perhaps a NZ politician responsible for said legislation.
Nobody would realistically suggest that state security agencies refrain from following bona fide intelligence in helping us to remain safe, but granting free reign without restraint, as this law basically does, is bad for everyone - authorities included.
Well said Veti - couldnt agree more. Ignore the co called liberal freedom fighters whove downvoted your post - if you have nothing to hide you have nothing to lose.
FFS what is wrong with people? You post your entire lives all over social media and then complain about this sort of thing - you cant have it both ways. Get a life - in the real world.
@R69,
I DON'T post my live all over social media (I don't have Twitter, Facebook, snapchat, google+, whatever). Just because YOU are a moron doesn't mean I have to give up my privacy! You people really don't seem to understand the message that EVERYBODY has something to hide. You might think you don't but that's just because you don't realize what kind of information someone might use against you. The NZ government does not have a pressing need for the information on my phone even if I travel there, so they shouldn't have it. Period.
Reminds me and colleague at Bangkok Airport, a long time ago. They'd just introduced biometrics and wanted to take his photo. Now, this man is the original Mr. "Ye can take our lives but ye can't take our FREEDOM!!!!". So, he gave the the camera the finger, and Thai immigration put him up for the night. Not at the Bangkok Hilton, but still quite unpleasant.
Nice story bro,... but not true, first you have to be under investigation for a crime, and the contents of the locked device deemed to be evidence, then a section 49 notice to divulge the password is issued, and if the password isn't divulged, section 53 allows for up to 5 years for national security or kiddie pr0n, and just two years for regular crimes.
It can be up to a whole life sentence in the UK, you will be detained until you tell them the password. And under UK law it doesn't matter if you don't remember the password, the fact you have forgotten the password is a not a valid reason to not supply the password.
Sorry, but I call bullshit on that particular strawman.
Look, just take the path of least resistance here. The people who are doing the searching are not geniuses, they are just poor slobs doing a frankly rather miserable job on not so very much more than minimum wage. The monkeys have their country's law on their side, and they have instructions to use the law to do what they have been told to do.
Butting heads with morons is not smart. Butting heads with morons who can pretty much do anything they fancy to ruin your day is extremely non-smart, especially seeing as said monkeys are doing a boring job for not much money and will welcome any entertainment. You do not want to be entertainment for a border force monkey; you want to embody grey tedium so that your merest presence induces somnolence and indifference.
So, the monkey is expecting everyone to have a phone. Easy, get a Chinese brick of a phone with a SIM which will roam anywhere, and an address book with only the telephone numbers you need in it. Put a storage card in if you like, but make sure it has some tedious and not very good photos on it, plus some generic music. Keep a printed sheet of the exact same phone numbers in your pocket, for if the phone breaks. If the monkeys want to scan it, then the monkeys can scan it and more power to them.
You don't win against border agents by confronting them. You win by out-thinking them, and the way to do that is to just capitulate and let them steal something worthless and unincriminating.
Other than the fact that we're all "monkeys" for this or that monkey-master, I totally agree. All the posturing about giving them a finger, or refusing to unlock the device, are just that, posturing, no sane person wants _at least_ a few hours of demonstration that their "civil rights" are purely for show and the law can be used imaginatively and flexibly by whoever wields the trunchon or taser. Do you have nothing better to do in the next several hours / days? Do you want to be put on some stupid "list" and go through "enhanced" vetting while crossing this border AND MANY OTHERS for the next 10 years - perhaps indefinitely? Happy to spend (or pay later) for your unexpected, pre-planned flight back to where you came from (and a round of investigation when you land on your home turf too?). Just say "no, monkey". Just show your finger when you go through the gate, that'll teach them!
In fact, I couldn't even be bothered with creating a "fake" depository of private information on my "burner" phone, I'd just tell whoever asks, that my original device has broken down / is incompatible with local bandwidth, which is probably true anyway. Look just the way you really feel - bored, weary, shuffle on, next. It's a theatre for modern times and all parties should learn to play this farse with minimum disruption, for the benefit of all those shuffling behind and ahead of you.
"You don't win against border agents by confronting them. You win by out-thinking them, and the way to do that is to just capitulate and let them steal something worthless and unincriminating."
Problem is, NOTHING is "unincriminating" to resourceful plods. The whole "give me six lines" bit.
"Unlock your phone or your anus. Your choice."
Just point out in all honesty that the airline food REALLY didn't agree with you, meaning if you offer the anus, things could get messy for perfectly legitimate reasons.
"I could tell you my password, but then I'd have to kill you."
Never make that threat in front of an authority able to legally reply, "You first."
How much tech training do front line border cops get? I suspect even the most basic 'security by obscurity' measures would work. If I don't have an icon for a file manager, are they going to install one to search my files? If I hide Telegram from the UI, are they going to find it and check my messages? I suspect not..
I am currently involved in an art project that includes developing, from chips-up, an 8/32-bit 80's/90's style computer* which uses an entirely artificial natural language with also entirely artificial non-roman alphabet and non-ascii character encoding (and explicitly /doesn't/ support other languages) for the text-based programming and operating environment (and any textual data that may be stored on it).
Might be interesting to take overseas. Or NOT!
* if we get the speed and functionality roughly equivalent to a Macintosh Color Classic (with a few modern niceties like fast ethernet, and a 24bit 1024x600 LCD), we will be mightily satisfied.
We don't do basements around here: high water table on a shallow soil base over solid bedrock.
And I have lived away from home (often other-countries away) for 30 years now (since my first job fresh out of technical school at age 18, about 1000km away from my parent).
While by no means wealthy or a genius, am financially successful enough to have the luxury, and intelligent enough to have the desire, for exploring new ideas and expanding my mind for my own amusement.
Furthermore, Nah Nah Nah. :-P
How much tech training do front line border cops get? I suspect even the most basic 'security by obscurity' measures would work.
I might very well have this wrong - its based on hazy recollections of things I've read here rather than applied experience or objective study.
I thought one of the purposes of having you unlock the phone was that it enabled the authorities to image it, and have automated tooling trawl through it at their leisure, while you go on your way. Then if anything is found they simply pick you up and the fun begins.
Aussie customs (called "Border Force") have similar laws. But the fine is bigger and they can detain you until you divulge the password, confiscate the phone and laptop.
If you do unlock it they can copy all the data on the laptop, phone and associated cloud accounts.
Reputation, yes, but someone REALLY hungry wouldn't give a rat's rear end about reputation. OK, at least kangaroos are too dangerous to approach and koalas are iffy due to their diet. But if that starving sees a sheep, regardless of origin, they see mutton which means dinner. Try and stop them.
Yup, Border Farce in Oz is much more draconian than NZ in that sense. NZ is just bringing its laws up to a degree of parity.
And as has been observed, the US doesn't give a toss about "reasonable cause". In fact, nothing in their so-wonderful Constitution applies to non-citizens entering their borders.
As for the UK, it's almost as bad. All a Customs officer needs to say is "Terrorism Act", and they can do what they like with your electronic devices. No just cause or anthing of that nature required.
"I remember thinking that in Belfast in 1991"
I assume that that was in reply to "the terrorists have won". A lot of us thought that a good deal earlier. Given that the largest parties in Stormont are essentially the political wings of the main terrorist movements you could be right.
terrorists aren't pushing these laws, but they are reaping the profit of suspicion, fear, paranoia against "the other". Which is, actually, what they were hoping for, originally, to antagonize societies to make them go to "war", "our religion" v. "their religion". So yes, in that they're remarkably succesful, given how little financial resources they employ.
That said, it does pose a dilemma on "democratic" governments, in theory impossible to resolve: they couldn't just let a plane be blown out of the sky every now and then because hey, things like that happen, get on with it. They'd be out in snap elections and the new government would be voted in under the banner of holy war with terrorist menace anyway (which is what we are in now). But then, they couldn't and still can't actually stop terrorism from happening, hence the airport security spectacle, which keeps us happyish that our plane will land safely. OK, less happy about somebody blowing themselves up in the middle of a crowd waiting to go through security in the first place but hey, it's not exactly free-for-all anymore, we'll get this screening tech on the doors, and on the pavements, we will get them on our buses and the trains, we will get them in our tescos and in our beaches, we will never...
And as has been observed, the US doesn't give a toss about "reasonable cause". In fact, nothing in their so-wonderful Constitution applies to non-citizens entering their borders.
This is widely believed, but it's not true. The constitution and its protections apply to anyone within US jurisdiction, regardless of citizenship.
American citizens like to forget this, because it makes them feel special. Politicians like to forget it, because it makes their voters feel special, and simultaneously allows them to pass laws breaching those protections and pretending that they're only for foreigners, when in fact - once the law is passed - it by definition applies to everyone.
I don't use Facebook, Instagram etc. and if I travel now, I will probably leave my phone at home.
The question is, in the USA, if you say you don't have a Facebook, Instagram etc. account, do they believe you?
With each passing day, Qualityland and The Circle seem to be becoming more and more real, how long until Facebook has a legal, government mandate to create a profile for everybody without an account and for every newborn?
"Full off-device backup."
It'd be nice to not have something out of science-fichon as a solution.
I've had to migrate from one Android phone to another, and noticed how impossible it is to actually make a *full* backup, let alone restore it.
Or did you mean that you prefer to comply by conveniently storing data for the police to search in a cloud to which they already have access?
A full backup is easy, you backup the entire internal storage to an image with TWRP by clicking 'backup' and then ticking the boxes next to 'system' and 'data' and then copy the image to a SD card, then copy it back later and restore.
You cannot migrate backups to different devices as the hardware is different, so perhaps that is why you had issues attempting to do so.
You can't use TWRP without breaking dm-verity (and in the Samsung case, KNOX). Which means tamper-detecting apps (of which the number are increasing) start to balk
Can you tell us any practical solutions for an unmodified phone? And no, burner phones aren't an option because calling to/from home without the home phone and its free WiFi Calling can be expensive.
"You can't use TWRP without breaking dm-verity (and in the Samsung case, KNOX). Which means tamper-detecting apps (of which the number are increasing) start to balk"
If you care about your privacy, then Knox means nothing to your right. Alternatively, you can get a google pixel and other bootloader unlock/ custom rom friendly phone to avoid the knox completely. See the list in lineageos.org for the list of supported devices.
"Can you tell us any practical solutions for an unmodified phone? And no, burner phones aren't an option because calling to/from home without the home phone and its free WiFi Calling can be expensive."
Are you bringing the home phone out, to the security gate and across the country? Surely, the free Wifi calling should have stops working when you unplugged the phone off the wall at home.
Let's just assume you meant your home phone is a mobile and has a roaming wifi calling feature. Other than the wifi calling under roaming will now be expensive, any hotspot supported phone would meet all your requirements. The hotspot can be used for wifi calling and the phone can still be used to call home. If you decided to trash it with no private info on the phone after use, then it's functioning like a burner phone.
The home phone is tied to the carrier. ONLY carrier phones can use WiFi Calling. Yes, I do use a hotpot with the local phone (and data is cheap enough), but I still have to initiate the call with the home phone, so it has to come with me.
PS. I'd love to see these devices which can supposedly image a 32GB+ phone with nothing but a USB2 port for access (sealed phone) in under a minute. Quick mental calculations tell me there's no way physically (need over 4Gbit/sec min, USB2 max is 480Mbit/sec, not including overhead).
It won't matter. There will be a special high speed port they plug into that gives them unfettered access to everything on your phone/tablet/laptop. Kind of like v-pro today but from an exclusive agreement between government and manufacturers. They will use AI to slice and dice your machine to find any nasty bits and deal with you accordingly. Expect China to do it first. And then add the results to your all-important and all-encompassing social credit score. Better watch out folks, the social credit score is going to eventually affect you too. "I see you used profanity in a public forum on The Register. We need to reduce your social credit score by 20, restrict your travel away from decent people while here in our country and raise the cost of everything you spend here by 50%. You really shouldn't use profanity you know, it upsets the social order. Maybe you will refrain from using it in the future and, in 10 years time, we will lift the restrictions and penalties if there are no other violations,Elon."
I was almost ready to be as outraged as the next commentard, but then I recalled that when I worked for a Big Blue multinational ~15 years ago there was already a company policy in place regarding this. I travelled with a company laptop with lots of sensitive material on an encrypted disk. The policy said, "If you are asked to unlock the computer on any border in the world comply without arguing or questioning - even in countries that are more than likely to be interested in our commercial secrets. Any conceivable commercial damage is preferable to the hassle of extricating an employee from a dispute with foreign authorities."
So, it looks like NZ is merely catching up, at worst, and in a mild manner, comparatively speaking. Out of curiousity, how do such laws work in jurisdictions where there is a right to withhold potentially self-incriminating information when questioned by authorities (not sure about NZ, hell, not sure about UK, either - IANAL)? Are such rights suspended on the borders?
"You're entirely free to exercise your right against self incrimination, but that won't stop you being in breach of the mandatory device unlock law."
Unless the mandatory device unlock law is in the Constitution itself, then the Fifth Amendment (protection against self-incrimination) trumps it, and you can challenge the unlock law on that (as well as the Fourth Amendment protection against unreasonable search and seizure). In a fight between an Act and the Constitution, the Constitution wins by its own words (Article VI).
If you are asked to unlock the computer on any border in the world comply without arguing or questioning
Yup, policy where I work too. Hand over whatever they want, call the in-house security guys as soon as you reasonably can afterwards. The company has much better lawyers than I can afford.
Too much data to pass on too-narrow international links and too-small prepaid data allowances. Plus, countries are getting wise to the VPN business and scrambling all unsanctioned ones (read: ones they can't crack). And without the data, you defeated the purpose of the trip (which can be critical for the company; nothing like a lost contract to ruin long-term planning).
Reading through reminded me of those plastic tag things you used to get to stiffen shirt collars. I don't know if they are a thing because I don't wear formal shirts any more.
Anyway, as already posted there must be many places about your person to conceal a microSDHC card if you so wish. Wonder how good the airport scanners are?
Also brings to mind the old style James Bond briefcase with knives, gold coins and all sorts of other shit in it. Airport security has certainly moved on.
There are ways that you can make data secure, such as using a utility which encrypts all the data then sends a key to a third party at your destination so you don't know what it is when you cross the border. However they have thought of that and in the UK you just remain locked up until you reveal the key that you don't know.
Despite lack of trust in communications, the cloud, and such like it seems to me that you should be able to strongly encrypt any sensitive data and VPN it to a server at your destination (or even at a 3rd location) then retrieve it later. Why would you want to carry anything sensitive on your person through border checks?
there are also hollow 1/2-euro coins, hollow US coins, hollow AUS$, perfect for 1tb storage on microSD tho 256GB seems the best price point at present. Thats rather a lot of Project Gutenberg reading material, saved from incidental static damage by being carried in this mini but effective faraday-cage . . .
https://www.ebay.ie/itm/MicroSD-Hidden-Hollow-Covert-Spy-Coin-Authentic-International-and-US-Mint/362434500622
these might be legal, who knows? I'd probably use the AUS$ in UK tho' as the queen might be upset about someone taking a laser to her coinage. I guess anyone who buys these will quickly get on a very interesting list at certain borders.
I have travelled across borders with data empty phones, recently I've simply avoided the U.S.A. even tho' I like the country a lot, but my work hasnt required me to travel there recently. Should I have to go, which would be nice, then I would take a diplomatic passport which is offered by my job for these circumstances. I have to say that entering the U.S.A. border at Hawaii, from N.Z. is such a pleasant experience, I might try that route again - but with or without hollow coins?
"Anyway, as already posted there must be many places about your person to conceal a microSDHC card if you so wish. Wonder how good the airport scanners are?"
They're getting quite a bit better. If they can detect explosive traces, then a microSD card should be cinch (especially since it MUST have metal in it). Plus, as someone else mentioned, they've also trained dogs to sniff for concealed media. Unless you're willing to go extra kinky, you're rolling dice at this point.
I already use full-disk encryption on my home computer disks -- primarily so when they die I can throw them in the rubbish without worrying about having to securely delete the contents. Of course, I can, and will, decrypt them for authorities but when I stop using them I don't keep the passwords (the current password is stored on a small USB stick that the computer reads at boot time but no previous passwords are stored).
I am considering moving to always encrypting my USB sticks with a disposable password each time I use them. When I have finished with it I don't bother deleting the files on it: I just destroy the password, knowing that no one can recover the files. This is already how my work laptop handles USB sticks.
My work phone already encrypts its SD card. I have no idea what the password is.
Once this has become the norm for most people, there will be nothing suspicious about having several MicroSD cards in your luggage, each encrypted, with no idea what the passwords are and no way to recover the contents. They are just spares for when you want to move data or need more space for photos and videos.
'dd and a microSDHC would be better, and infinitely easier to hide'
Ah, the game of hunting inadvisably hidden objects in or upon one's person or in one's luggage..if only there were a group of dedicated professionals skilled at such a task employed at every airport whose sole joy in life is in finding the drongos trying to game the system....
It's a hell of a lot safer to download and burn a live isoimage from a server once you get there than trying to smuggle a concealed electronic device through. As to phones, mines is the collection with a Motorola v180 and a Huawei G7010 (it's amazing what junk people will give you) .
A few years ago, I suggested (mainly because of battery life) that there was a market for phones to be sold - like pistols sometimes were - as a matched pair.
You use one. And when it needs charging, you simply pick up it's twin, and some dark magic would ensure that it was a clone of the one now on charge.
With most things being cloud-based these days, it should be pretty straightforward.
The point is you'd whizz through customs with your blank - uncloned phone. Clone it when in the free air. And wipe it before you left.
I can't believe Apple haven't worked out how to put 2 iPhones in a presentation box .....
ISTM that's what's needed here is something akin to a Chromebook in that it contains no data but where, in place of a conventional login, you VPN to a server of your choice which could be a Google account as per Chromebook but could equally well be a Nextcloud server or anything else. No default, previous login etc would be kept on the device. The user could then present an innocuous server account for customs and log into a confidential server for work.
The law was passed during 2017 with its provisions coming into effect on October 1. The security conscious of you will also be pleased to know Kiwi officials still need a “reasonable” suspicion that there's something to find.
Well if they need reasonable suspicion then that's OK then, it's not like it's ever been misused.
/sarcasm
Sod it, think I'll stick to my UK camping hols for the foreseeable as trying take any kind of tech into another country now automatically seems to label you a a peado, terrorist or simple criminal.
At least in this country I'm on home turf so when the Plod finger me and demand passwords I know you'll get a nice cushy cell at Parkhurst with a TV and 3 squares a day, and not "banged up the slammer" in some foreign jail praying your family can find you a local brief who speaks your lingo.
'..At least in this country I'm on home turf so when the Plod finger me and demand passwords I know you'll get a nice cushy cell at Parkhurst with a TV and 3 squares a day..'
Parkhurst?, ah, so you'll no be travelling north of the border then?, up here you might end up in Bar L or Saughton
'..and not "banged up the slammer" in some foreign jail praying your family can find you a local brief who speaks your lingo.'
Ah, sorry, I didn't read that far, I see you do really mean to stick to camping holidays in England, it was your use of UK in that context earlier that had me confused..
About a decade or so ago I was at the customs desk at Newark Airport being checked through (traveling alone) when the customs official witnessed an arriving cohort and announced "Oh Christ, a plane full of f*cking Italians. This is going to be an unending pain in the ass". I guess the flavour of the day moves on but the job attracts a certain type.
"A Customs spokesperson told Radio New Zealand “We're not going into 'the cloud'. We'll examine your phone while it's on flight mode”."
What are you talking about? My Samsung uploads the photos on my phone to the "cloud" but they also stay on the phone. So unless someone configures it to only use cloud storage, you'd still have access to all my cat photos, even in flight mode you fucking idiot. Understand the tech you're investigating.
If I ever intended to travel to a place that had a draconian policy like this I think I would just factory wipe my phone before getting off the plane, go through customs, factory wipe it again on the other side and then restore it from a secure cloud backup over wifi after I'm in country.
If you're not signed into the phone and its blank of all apps and data what is there that they can do?
that would be reasonably suspicious in and of itself, no?
I'd argue that it's no more suspicious than a phone of someone you believe warrants investigation containing a heap of irrelevant shit, much like most of the World's phones, and nothing as incriminating as you'd like to see. Guilt is in the eye of the accuser.
Reminds me of the US where they have successfully sold this stuff as keeping people safe (I.E. preventing crime), but strangely enough I have not heard of one single case where the searching of electronic device prevented a crime. I have heard of numerous where it "caught the criminal" after the fact. Me thinks that too much information can get in the way of actual crime prevention, especially if the parser does not know what to look for....
IIRC years I read a suggestion that an OS could be set so that if you enter one password you'd have access to just some files with the other files hidden and have another password that would give access to everything. I wonder if any OS's have that now?
If you tried 'hiding' most files then it would be fairly easy to detect but if you only 'hide' say 10-20% it might be difficult to spot.
To some extent, all OSes have this capability.
You set up two user accounts (in addition to the administrative one). On demand, you provide the password to one of the user accounts, where there is evidence of you watching cat videos from time to time. The other user account is pretty much blank. Once you are at "a safe pub" (to borrow an expression from an earlier commentard) you restore the second account from a secure cloud backup. (Remember to reverse the process on your way home.)
The vast majority of your hard disc is stupid OS bloatware and you don't want to waste time or bandwidth downloading that in the pub. There's probably only a handful of files actually matter. With careful data hygiene, this "split personality" PC could even be your normal working setup rather than something special for foreign trips. It also protects you against having the PC stolen.
Too many smartphome users here on El Reg.
*
My ten year old Samsung feature phone DOES NOT HAVE A PASSWORD! It has a list of contact phone numbers, a few SMS messages and maybe five (really ugly) low resolution photographs on it. Plod is welcome to inspect it any time.
*
By the way, a new feature phone like this costs £10, and Lebara will provide some minutes for another £10. What's not to like?
*
PLOD....DO YOUR WORST!!!
You just need a barely-provisioned TracFone (or equivalent) with all the files needed to reconfigure it (afterwards) on a microSD card, which you keep *under* the insole of your shoe (or maybe figure out how to make a removable heel).
Or start designing Android phones that look and behave like an old-school GameBoy; it powers up and plays games enough to convince the inspector, then later on you slide off the back cover and carry on using your phone.
Whenever I travel I just take a basic device (phone, tablet or laptop, whichever is most appropriate) with little of importance on it, and use TeamViewer to connect to my computer back at home. This has the added advantage that if I'm somewhere with slow WiFi I can still run software at full speed - it's running at home and TeamViewer essentially just sends me screen updates. It would be trivial to enter a country with a factory reset device, install and use TeamViewer once you get there, then remove TeamViewer (or factory reset for extra security) before you leave. You'll need to remember your TeamViewer codes, but nobody can ask you for those if you don't have TeamViewer installed at the border.
Two visits to the USA...
1) An organised camping trip with an American company - I was held for three hours as I couldn't provide a telephone number for one campsite, which turned out to be a rock encampment on the top of a mountain in Nevada..
2) Weekend trip to New York, I was held for two hours as I "hadn't brought enough stuff" with me, my small rucksack was scanned about 15 times, I asked them to stop as they were making it radioactive, so three different people searched it. I was staying two nights and it was pre-mobile phone era, so had clothes and a toothbrush.
Solution, don't go to the USA, seems to work for me.
Never going to the US (again. Managed to pass through a couple of times 20-30 years ago) for any reason. Even if it's the last safe haven in WWZ. They have nothing that mitigates the downside of going to their shithole.
Been to NZ a few times, seem most of it. Now it's: so long and thanks for all the fush.
Been to OZ, never liked the place. Good riddance.
Never been to Canada, but don't have any foreseeable reason to. Won't be missed.
Trips to the UK becoming less and less likely due to pending BreakIt. Again good riddance anyway. Always was, and always will be a shithole.
Makes for an interesting rant given you don't specify where you reside so that we have a point of reference. I mean, rose tinted specs and all.
For reference, I live in Oz and whilst it is run by twats, completely overpriced and totally anti-competitive with piss-poor regulation in some aspects and nanny-statism in others (worst of both worlds) I console myself with the firm belief that there are much worse places to be and that I'd rather be poorer here than have the wealth I'd have accumulated had I stayed in Europe. It is quite easy to just up a disappear into the country's lesser populated areas for some real back to basics alone time if desired.
I had reason to recently travel to NZ for business. They were more interested in my footwear and where it had been than any electronic devices I had (three of them).
They were so interested in my footwear, in fact, that I was diverted into an agricultural inspection queue so that an agent could inspect my brand new, as yet never worn, tramping boots to insure they were not infected with some type of nasty little bug.
Be advised, you don't want to be diverted into the agri queue, as it added an additional 60 minutes for me to clear into the country. I would gladly give them all my passwords in exchange for avoiding the boot inspector. By the way, whereas you face a fine if you don't hand over passwords when demanded, if you were to try to sneak past the agri inspection with any questionable item(s) and you are caught, you face jail, a fine and deportation with no prospect of ever getting back into the country again.
"They were more interested in my footwear and where it had been than... "
Because it's fairly unlikely that you're carrying criminal content on your devices.
But it is *extremely* likely that you've not bothered to engage in proper bio-security practices. You're supposed to get all your "country" or "watersports" kits steam cleaned, although dilute bleach will also do it.
And yes, everyone claims that their tent/boots etc are brand new.
NZ doesn't have a number of crop pests. However, even a single case can be enough for certain countries (USA, Australia) to engage in full on protectionist trade practises.
As NZ is mainly based on primary industries, stuff fucking with the ag sector is considered a Bad Thing.
NZ customs catches quite a lot, because they are genuinely more worried about the mud on your boots, and thus search stuff to that level.
"NZ doesn't have a number of crop pests."
What it does have is a particularly nasty flatworm that eats earthworms and it's exported them here. That's not only GB but also N Ireland - I don't know if they've got south yet but I had the bastards in my garden in Lisburn. It's a great pity they didn't pay as much attention to not letting stuff out as they do to not letting stuff in.
Struck off South Africa because of racism and incidental violence probability being high
Struck off Jamaica because incidental violence probability being high
Struck off China because of racism, disrespect for privacy and personal freedoms
Struck off USA because it's China and Jamaica rolled into one
Struck off NZ when they declared they were 'fattist'; one more reason won't hurt..
Oh dear so you give them the password, walk outside and change it! Really I do despair at these so called people that come up with these ideas. Have they not thought about that. If they had how about everybody having to go to the police station to show the new passwords, if they change it everyday then there will be some queues. Now the whole country can grind to a halt, and still the state will not know every body's access codes! In fact to really upset the entry people say oh well now I am here and the machine is open and you have seen it I will now change it!
Technically inept is the word I will use. Now we could go on a wind up, before you get to the entry port change your password to "inept", I wohat the comment will be when they get many with the password of inept. Will they realise that there is a conspiracy.
"In fact to really upset the entry people say oh well now I am here and the machine is open and you have seen it I will now change it!"
Wouldn't matter. The thought is that, now that it's open, they'll inject something into the device so that they can regain access to it at any time, even IF you change the code. Who knows? It may even be firmware-based and thus nuke-proof.
What it amounts to in the end is that Rationalism lost to Sheeple's needed for security. The 'power of private contemplation' is required to be checked to avoid thoughts of a heretical nature - better a thousand be searched than heretic be loose. The bad guys are winning. The US has established a national ID card in the form of a uniform drivers license and in the process trod solidly on common law practices dating to Blackstone. Oh for the security of Stalinland and Der Fuhrer Reich
Robert Heinlein had some interesting thoughts on NZ based on his visit in the 50s. The Maoris ate the wrong colonists.
"The US has established a national ID card in the form of a uniform drivers license and in the process trod solidly on common law practices dating to Blackstone."
Well, answer me this. Without SOME form of uniform identification, how can you tell citizens from noncitizens (which is important in many respects)?
Well at one time that question could asked under penalty of perjury in an application or by legal authority, then it was decided that this was discrimination and the 14th forbade unequal treatment of people in the disunited states of confusion; consequently dropped. Then under immigration reform it was sorta, kinda [sic] brought back but the social security card was the check. The National ID (internal passport) requirements may or may not match the name on previous drivers licenses, military ID cards, school transcripts, federal tax returns or credit reports. It can and was created new identities because of the manner in which it is created. As an exercise the new identity was run through the DoJ system and was returned as fraudulent: person described was in records as the old life long name. So who is the real citizen the born and lived or the paper creation without a past. Shades of Ludlum.