US Border Patrol says they can create central repository of traveler emails

Sounds like a call to start crossing the border more frequently- with a suitcase full of &quot;suspicious&quot; drives.<p>How many petabytes of mirroring before the whole operation becomes too expensive to justify?

Too bad neither party shows any signs of reigning in this kind of overreach by CBP. Doesn&#x27;t seem like this can be fixed by voting.

What&#x27;s a reasonable way to protect yourself here? Other than wiping and restoring. Are there any encryption tools, or ways to keep your emails and other data on your device safe?<p>Can CBP make you unlock your own phone?

Really, the US system of manually extracting data from peoples physical devices seems so much more old-fashioned compared to the Great Firewall of China.<p>There really isn&#x27;t much difference conceptually between the two systems.

Is there a list online somewhere of all the crazy shit that can legally happen to you in the US? How long you can be detained for, what data can be extracted from you, and so on? Like if you had a <i>really</i> bad day and the authorities exercised all of the powers over you they legally have.

There are a handful of state courts in the US that find passwords testimonial, and therefore the Fifth Amendment prevents compelled production of passwords. [1]<p>Could that apply here?<p>1 <a href="https:&#x2F;&#x2F;www.techdirt.com&#x2F;articles&#x2F;20191124&#x2F;09372943445&#x2F;pennsylvania-supreme-court-says-compelled-password-production-violates-fifth-amendment.shtml" rel="nofollow">https:&#x2F;&#x2F;www.techdirt.com&#x2F;articles&#x2F;20191124&#x2F;09372943445&#x2F;penns...</a>

I&#x27;m going to start traveling with a 10 TB Encrypted NAS full of static. They can download that and save it if they want.<p>What sucks is that I know this is probably being stored on AWS. Tech companies enable this kind of shit, and even push sale of larger and larger systems to governments. And they are massively rewarded for doing so.<p>This isn&#x27;t the government... this is a sales guy at AWS pushing them to store things for 75 years... he knows he gets a helluva commission check on that deal.<p>Gross oversimplification, but not really. We, as technologists, have to take responsibility here.

The easiest thing to do is to simply not take electronic devices with you anywhere in the world, otherwise there is a slight risk of someone wanting to understand the information contained within it.<p>If you think there is a risk, and you take a device, obviously FDE is a requirement, although, that could be seen as &quot;suspicious&quot;.<p>The easiest thing to do is to fill up TB&#x27;s of HDD&#x27;s with useless information. Random pictures, documents, perhaps thousands of people&#x27;s contact information downloaded from a public source. Store any &quot;important&quot; documents as random file names, perhaps inside archives or volumes that need decrypting. Or not at all, instead &quot;in the cloud&quot; but still encrypted so that you can travel without worrying about somebody accessing your information. Make deliberate &quot;suspicious&quot; file names, make them believe a file is encrypted (a 50GB file named &quot;totally not a hidden volume.hiddenvolume&quot;) and maybe they will waste time trying to open the volume only to realize it contains thousands of pictures of naked molerats.<p>Clearly you need to be smart about crossing borders with electronic information these days, and not having any with you seems to be the best course of action.

&gt; Information is stored for 75 years although if it’s not related to any crime it may be deleted after 20 years.<p>I wonder if you have your house burned down and you want your digital pictures back, can you ask them to give you a copy of their backups? That&#x27;s the only thing that storing this data for this period of time is useful for, but I guess they won&#x27;t hand it over.

I&#x27;m not a US citizen, and I used to travel to the US from India occasionally before the pandemic. In reality there is no data that I have with me on my laptop or mobile device, that isn&#x27;t already accessible to a nation state like the US. There is really no point trying to play games with US customs and immigration. You&#x27;ll just irritate them and it won&#x27;t end well.<p>The best strategy is to simply comply with all relevant US law and orders issued by officials at the border. And one should understand that at the border, a foreigner such as me will have very limited protections. In practice there are really no protections at all. People like me essentially rely on the goodwill of the US officials at the border.<p>For the most part they are polite and business-like. Its best to keep all interactions with them on a cordial basis and cooperate immediately and completely when ordered.

The interesting thing about this is that it affects people who have never been to the US and never intend to go, or those who do but take &#x27;precautions&#x27; to protect their privacy (secondary devices, double encryption etc) as most of the data in anyone&#x27;s inbox is not generated by them.<p>That&#x27;s pretty scary.

Hmm could you not just encrypt your data and leave the key at your house and throw one away before you reach the border. They can have all of the “data” that they want.

What&#x27;s super awesome is nearly every US voter (including the ones reading this) will vote for the jackwads that enable and fund bulk surveillance abuses like this.<p>In and outside the US, non US citizens serve as a proving ground, for tech that US Gov will eventually deploy against it&#x27;s own citizens.<p>US Gov does this because it can, because news orgs are more interested in sportball, because both parties have successfully set citizens at each other throats for decades and because the public keeps gorging on whatever fear-filled plate of nonsense is put in front of us.<p>Ten years from now, an entirely new regime of surveillance abuses will be added to those already deployed against us. More than any other reason, this will happen because we endlessly reelect the people who are ultimately responsible.<p>We could do better.

&gt; a federal judge in Boston ruled that forensic searches of cell phones require at least reasonable suspicion “that the devices contain contraband.”<p>outside of illegal porn, what exactly constitutes digital contraband? is this defined anywhere? any well known example cases?

I hope someone challenges this in court.

Really wish I could enter a fake password on my Android device to launch a fake persona

If this is the case, I’ll leave the country with basically naked devices which I’ll restore on the other side of the checkpoint.

Surely you&#x27;d need to be a person of interest to have them process your data. The data is likely encrypted so how do they decrypt it? They can socially engineer a way in but does that work? Do people break down and give up their passcode?<p>Would they really process the data just because? It seems like a severe amount of data to process and evaluate. How much compute power is set aside for this and how much online storage is used? Do they use a cloud service for this?<p>It&#x27;d be interesting to hear from somebody in the know about what is they real can do and what is heresy.

So do I just need to fill my computer with porn? Or use stenography to put all my files inside porn.

Remind me to travel with terabytes of encrypted garbage data. Just to be a costly pain in the ass. I&#x27;d love to watch an incompetent CBP agent try to figure out how to move 10TB of disk images with USB thumbdrives.

My takeaway; they have to search for porn first because they can&#x27;t be amassing a huge porn collection, so store your sensitive info in your porn folder!

At least now I can be like Jason Bourne, and have lockers in different parts of the world with laptops and phones... ;)

&gt; <i>Before uploading it to their network they check to make sure there’s no porn on it</i><p>What happens if there’s porn?

I know they market this product for security researchers, and I&#x27;ve read all sorts of good reviews about the &quot;anonymous&quot; version. May everyone expand on this concept:<p><a href="https:&#x2F;&#x2F;usbkill.com" rel="nofollow">https:&#x2F;&#x2F;usbkill.com</a>

Imagine the private letters of people in 1945 being of any use to a border agency in 2020.

&gt; Before uploading it to their network they check to make sure there’s no porn on it (so they search your devices to find porn first).<p>&quot;Stenographically encode your important documents into your porn&quot; is what I&#x27;m reading here.

Uninstall everything before crossing the border? The 100 miles thing is the weirdest though, especially if enforceable on someone who has not recently&#x2F;ever crossed the border.

Can&#x27;t they just ask the NSA for the Emails?

It sounds like a person needs a filesystem that generates a few exabytes of GPT-2 output on the fly.

I guess the studios wanted to get their copyrights extended one way or the other.

I hate the world in which my own Gov is the nation state I need to fear.

How long till burner devices are necessary for traveling to the US?

defund the border patrol. seriously

Cue the inevitable breach.

When I was a kid in the 80s, I had a US flag on my wall. What happened to the US in the past fourty years? It became a country that I don&#x27;t really want to visit anymore. Every civilized nation behaves differently, at least towards citizens of allied nations. We are no enemies. Ain&#x27;t no reason to treat us non-US citizens like people without any rights. - I am deeply saddened to see the US come this way, and I have no hopes that this will change in the forseeable future.<p>Edit: Look at how non-US citizens exchange ideas for how to avoid handing over all their personal data at border-crossing. What a shame.

What are the use-cases, and when would such a policy have led to a drastically different outcome (in the case of a crime being committed, industrial espionage, or what-have-you)?<p>If I have a laptop encrypted with luks or whatever, then what? What are the consequences of non-compliance?

I wonder what implications this would have for business travel. Devices may be required to be encrypted and giving a business password may violate employment law in the home country for non US travelers. It could be illegal to grant US border agents access to the phone and also illegal not to.<p>Even if you could grant access, businesses may very rightly feel the content shouldn’t be accessed by US border agents and if it’s stored by border agents, it means now some US government server could fall under the juris diction of GDPR or something (eg my work phone or laptop had a photo with sensitive customer data or something).<p>On top of that, it’s increasingly mandatory to use your personal phone for business data, eg PagerDuty, Slack, company email, company social media tools. So while it may be your personal device, you may still run into crazy conflicting issues of whether you are allowed to unlock it.<p>How are you going to comply with “delete my account” requests when some business data is on US government servers for 75 years?<p>US agencies have deeply poor and incompetent information security, so how long before this is subject to a data breach, or a rogue employee exfiltrating and selling it? Will people be able to sue the US government for substantial per-person damages when that happens?<p>The conflicting and incompatible privacy issues of this are bananas. What an arrogant and deeply stupid thing to do by the border agency.