Schneier on Security
A blog covering security and security technology.
« "Psychology of Security" Excerpt |
| Diplomatic Immunity »
March 22, 2007
Incompetence at the Border
Tom Kyte, Oracle database expert, relays a surreal story of a border crossing into the U.S. from Canada:
He clicks on it and it asks for a password. He looks surprised and says "it needs a password". I was like - that is OK, I have it, here you go... Now he is logged in. But -- my desktop looks a tad different from most -- there is no IE on the desktop, just the recycle bin and a folder called programs -- nothing else.
He really doesn't know what to do now. No special searching software, nothing. He looks at me and says "you know what we are doing here right?". I said -- not really (I knew what we were doing, I read the news and all, but just said "no"). "Well" he says "we are looking for pornography". Ahh I say... Ok, no problem.
But he is stuck. There is nothing familiar. So he clicks on the start menu and finds "My Pictures". You know, if I was into that -- that is precisely where I would stick all of my porn -- right there in "My Pictures". He goes into it -- and sees all of my folders. And all of my pictures, which we looked at. He said "wow, you travel a lot", I said "yup".
Posted on March 22, 2007 at 10:39 AM
• 62 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I just bought a Nokia n800. Thinking about it right now, I don't really classify it as "a computer", although it certainly is one (heck, it has more processing power and RAM than my desktop in 2000).
If I was carrying it across the border, it wouldn't even occur to me to check "yes".
You can carry porn on your phone. You can read email, browse the web... is your phone a computer? What about your PSP or NintendoDS? Yes, yes, yes...
I'm not really sure why a customs officer needs to see my laptop, beyond my proving that I don't need to pay import duties on it. I certainly don't see why I need to let him poke around in it.
Which is not to worry, my laptop runs Ubuntu, it'll just confuse the heck out of them.
Also your 80 gig iPod. Because it is primarily used to store music, it's less suspicious than a thumbdrive. Is porn illegal in Canada anyways? Poor canooks.
Heh...ipods and thumb drives...even those are too big and conspicuous....what about the micro SD cards that hold 2 gigs of data and are about half the size of a postage stamp?
Yeah, "looking for pornography"...because pornography can't cross the border via the internet.
Inspecting data on computers crossing the border is a complete waste of time. They should be looking for things that can only be smuggled physically.
Kyte clarified in the comments that he was crossing from the US into Canada and that this was Canadian customs, not US, that did this.
Reading further down in the comments it's obvious that it wasn't USian customs that had issues, it was /Canadian/ Customs.
Why don't you just mail a DVD across the border? That's a heck of a lot cheaper than a plane ticket...
Huh. Is looking at someone's computer just because there might be pornography on there even *legal*? Especially if there is no reason to assume that there is...
1. Other than the fact that the person in question was male.
>I'm not really sure why a customs officer needs to see my laptop, beyond my proving that I don't need to pay import duties on it. I certainly don't see why I need to let him poke around in it.
Well, because the law says they can. Countries have the right to police their borders and to ensure that material that is illegal to possess in that country is not imported. If they want to scan your laptop with an electron microscope to make sure you're not bringing in illegal material, they could do that if they want to. It wouldn't be very efficient, but they could do it.
Be very wary of asserting the rights that you believe that you have here in the US when you are crossing a border. As the article makes clear, it could completely ruin your day (or your month, btw). Best case is you'd be refused entry. And it's not unlikely (depending how much you piss off the border guard) that you'd end up wishing you were refused entry.
Yes, it is legal... It doesn't matter which side of the border, customs officials have the authority to search you and/or your possessions for, well, pretty much anything.
Why is anyone surprised that minimum wage non-technical types are being used as screeners? We don't exactly employ mental giants at the TSA, either, so we don't have a lot of room to point and snicker.
And what about the soon to be implemented U.S. identification card. Next, there will be checkpoints at state lines where you will have to do the same thing. But, if you pay your $100 a year, you can bypass those checkpoints (ala the priviledged line at the airport).
Also, this reminds me of my favorite border crossing story.
Years ago, pre-Internet, I was working for a large computer company with a development lab in France and a manufacturing plant in Italy. The technology was such that the chip design had to be written to a tape and sent to the manufacturing plant and loaded for manufacture. It had to be a physical tape.
Normally, they were just mailed, but there was a schedule problem and we paid someone to drive the tape from the French lab to the Italian plant. The tape gets there and it was unreadable. So we sent him again with another tape. That one was unreadable as well. So, the development manager took a third tape, and drove south.
When he got to the border crossing the guard asked why he was there, etc. filling out the answers on an entry form. The manager handed over the tape for examination as requested. The guard looked at it for a second, apparently decided he needed a sample, grabbed a pair of sizzors and snipped off about three feet of the tape and stapled it to the entry form.
The manager stared horror, turned around and drove back to the lab.
There was a similar story about a lengthy program that took up several boxes of punch cards and was bound for Australia. The punch line was similar, with a third and escorted shipment finding Aussie Customs taking out a few random cards for a sample.
This is a great comment:
"...the strangest thing I have seen was during the UK's binary liquid explosive scare a security guard confiscating bottles of liquid and pouring the contents into a large container, then handing the empty bottles back.
Some training on the meaning of the word Binary may have been in order..."
As far as hiding porn, don't forget that most of the readers here have a clue when it comes to computers. The vast majority of folks do not. I have been repairing PCs and laptops and have seen porn right there on the desktop or in clearly marked "pr0n" folders.
My favorite border crossing story involved some friends who had a small vial of liquid LSD. The guard found it, sniffed it, dipped his pinkie, tasted it, and decided it was fine.
After some debate, my friends stopped at a pay phone a few miles past the border to call the border station and inform them that one of their guards had just taken about six doses of LSD and would be having massive hallucinations any minute now....
Wait, since when is porn illegal?
At least they're not looking for copyright violations.
"If I knew you were needing some I would have brought some along. What kind do you want?"
There is a great story in Magnet Magazine about one of their music writers traveling to Canada to interview the band "The New Pornographers". When questioned about his business in Canada, he told them the name of the band he was going to interview and they confiscated his laptop.
Maybe they really don't care about what's on the computer or how the thing works. Maybe they're just looking for something "hinkey." A few dumb questions about how the machine works, a few intelligent, comprehensible answers, nothing hinkey, you can go. (I know, its a stretch).
I have a friend who was stopped by the police for speeding, and (because her car was a mess and she was embarrassed) told him "don't look in the back!" Two seconds later she's out of the car, a backup unit arrives, and a full search is under way.
She was "hinkey." Nervous people say stupid things under pressure.
I took a program on about 2000 punched cards from the US to Canada once. There would have been duty and taxes on the cards, but there wasn't on these because they were "used" cards.
I for one am so glad that the officials who are paid and trained to protect their country are so successful that they can waste time on doing something pointless, badly!
Any time you have to deal with government employees, plan on taking more time than is needed. It's not always their fault, it's just the nature of government. Somebody up higher, a higher up, says "check computers, make lists" and it never ends. I've been through it. "Please turn the device on sir." Don't ask why. Then it gets worse.
The customs agent was an impatient pervert to search Kyte's computer for porn. He should have waited his turn for one of these "security devices" and kept himself happy through the work day.
And he did not not think to check the 12 GB Tone micro drive hanging on the end of your key chain. Oh Well, Have A Good Trip.
The customs agents at the LAX indicted over 100 people between August and December of last year for possession of child pornography. They targeted potential "sex tourists" arriving from Thailand and the Philippines. The process was similar to the one described here. Boot the laptop, look for porn. If they see anything suspicious, they turn over ALL of the computer equipment (cameras, phones, etc) to the forensics team, which then uses Encase to search for illegal content.
Shocking. Incompetent government agents. Now, Bruce, who do you think enforces and administers the BroadLaws whose passage you advocate? "Special" agents? Are particularly competent agents set aside as reserves, twidling their thumbs and biding their time until their chance to administer a BroadLaw comes along?
Or will these same incompetent government agents be the ones administering/enforcing the BroadLaws you want in place?
Pornography is basically illegal to import into Canada even though it's basically legal inside Canada. The reason is that Canada Customs pretty much gets to make up its own definition of "obscenity" independent of the definition that applies in all other contexts. There is a lot of what could be called selective enforcement, and there's nothing stopping people from shipping the data across the Net. There's been a series of high-profile cases in which books legal to sell in Canada have been blocked at the border as "obscene," and it's been claimed that the Customs authorities were singling out homosexual material for more restrictive enforcement. It's not a good situation.
MarkJ said: "As far as hiding porn, don't forget that most of the readers here have a clue when it comes to computers. The vast majority of folks do not. I have been repairing PCs and laptops and have seen porn right there on the desktop or in clearly marked "pr0n" folders."
I think you're assuming cluelessness where there isn't any. Those people were simply not hiding their porn. Why should they?
Thats so silly it has to be true. What about crossing the border with your partner and a video camera? is that "importing raw materials with intent to become a pornographer?" ... what if the kids are with you? or the family cat? and if you're wearing clothes, thats concealment?
Wait, they were searching for porn coming _into_ the US?
I wonder how they react to non-Windows, non-MacOS laptops... And, as others have said, iPods, smartphones, SD cards, etc, all have immense storage capacities these days. Not to mention just keeping it all online in the first place.
Yes, its is perfectly legal for Canadian Border Services et al to look at the contents of any device, publication, etc., as one enters the country.
Most border agents exercise intelligence in this process. This just sounds like this ellow ran into a specific case of someone on a power trip.
I can just as easily cite similar cases of individual US border agents being idiots, so I am not sure why anyone is making such a big deal about this...
...Bruce, was this just a slow blog day?
There seems to be this silly idea that Canadian border guards exist to prevent dangerous or undesirable goods from entering the country. As someone who crosses the Canada/U.S. border relatively frequently (but not quite so frequently as to justify getting a Nexxus pass), I can assure you that this just isn't the case.
The border guard here was not looking for porn that was unacceptable for Canada, but rather for porn that was being imported to Canada without the requisite taxes and duties having been paid. You'd think that these sorts of activities are a waste of money, but the Canadian border is actually self-financing and then some; for every dozen or so people searched, they hit a motherlode who has so much to pay in taxes and duties (and now penalties and fines too!) that the wages required to search a thousand travellers are easily covered.
(yes, this is a joke, but it's only really half of a joke)
Can't stop myself from wondering wtf he would do i someone came with a computer running Linux with Beryl and KDE tweaked halfway to hell hehe.
"Can't stop myself from wondering wtf he would do i someone came with a computer running Linux with Beryl and KDE tweaked halfway to hell hehe. "
You'd probably lose your computer.
Government agents are scum when you don't kowtow or help them look foolish.
> "Well" he says "we are looking for pornography"
He should have replied "Aren't we all, honey?"
It would probably be more productive to look at the "family photos" - you'd be surprised at how many people have pictures that are unconditionally indecent in amongst otherwise innocent images (photos of naked infants and young children, often in "sexual" poses, like, say, flat on their back with their legs apart)
"But officer I dont even own a pornograph "
....... Groucho Marx
Q. Where do underqualified authortain folks get jobs.
A. in customs.
I'm not joking. The kind of "fear" we are suppose to have brings the worst out of this type of person and this type of person wan'ts these types of jobs. Its more about Power trips than anything.
Prepare for the rectal exams at the gates, sheeple.
I'm wondering what exactly it takes for you to stop bending over. Frankly, the willingness to vote for any scoundrel who promises more security in exchange for more intrusions is disgusting.
Note to self: install TrueCrypt on laptop.
This is related to why they search, good to know if you travel outside the US.
Police blotter Laptop border searches OK'd
I had a similar (yet different!) experience on my way through the Moncton Int'l Airport. The bored security guards took it upon themselves to give themselves something to do...
> Note to self: install TrueCrypt on laptop.
Installing TrueCrypt on your computer would most likely provoke the agent to keep your computer.
An alternate solution is to create a user account whose only purpose is to provide law enforcement agents with a simple view of your computer. Don't encrypt anything, use the default desktop setup with some easy to find photos of your loved ones (headshots only) and possibly some legally acquired music, etc. Set the logon screen to require a userid and password rather than listing all available accounts.
You probably don't want to use this account for guest logins as who knows what Web sites your brother is visiting.
@ Tom Davis
>>Installing TrueCrypt on your computer would most likely provoke the agent to keep your computer.
Not true. You can hide the TrueCrypt container files.
Also, remember we are dealing with someone with an I.Q. lower than Barney Fife (Andy Griffith Show). The encrypted data could be staring him in the face and duh, he wouldn't know it.
"the Canadian border is actually self-financing and then some; [...](yes, this is a joke, but it's only really half of a joke)"
I don't know why you'd think it is a joke. In most countries, the Customs service is by far the most profitable branch of government, much more lucrative than the tax office in terms of costs to earnings ratio. Collecting excise and seizing contraband (marketable goods on which excise has not been paid) is the MAIN duty of Customs officers. Seizing prohibited goods is a minor secondary duty.
BTW, I'm not sure why people seem to think that Customs officers are dumb. Security screeners may be, sure. But around here, Customs apparently have rather more exacting minimum standards for what is, in effect, a very well trained, fairly senior law enforcement officer. I've personally known two, and both were fairly bright guys. One was a regular joe, but reasonably bright, spoke three langauages, etc. The other was a real polyglot (including Latin, and a smattering of Polynesian languages) and had degree in history. But they were mostly arts/law/soft science types and didn't know squat about computers; for that they had the computer forensics team down the hall (near the document forensics team, the chem lab, the mass spectrometers, etc. etc.)
Perhaps this incident was at a fairly small border crossing, someone took sick leave, and they were forced to use someone who wasn't qualified for the job?
In Douglas Adam's Hitchhikers guide to the Galaxy when Earth is abandoned they leave behind the useless professions: Hairdressers, Phone Hygienists... and might I suggest these clowns too. They never work when you need them.
Recently a guy flew to Australia with a Hand Grenade in his carryon. Don't worry, it turned out to be inert. He boarded the flight in L.A. without declaring it and without incident, only declaring it when he arrived in Sydney. This happened over a year ago, but the story only came out a few weeks ago. The government hushes up their mutual security incompetance.
These are the same clowns that won't let us take liquid on unless it's in 10 x 100 ml bottles (can anyone see the hole in that one?), unless you buy it at Airport Duty Free shops. And laptops. If they were really serious about security they'd ban laptops. Of course the business community would never allow that, so they don't.
The result is the ridiculous farce of theatre inflicted by politicians who like to say "In these uncertain times..."
"In Douglas Adam's Hitchhikers guide to the Galaxy when Earth is abandoned they leave behind the useless professions: Hairdressers, Phone Hygienists... and might I suggest these clowns too."
You seem to have missed the rather blunt irony in Adams' book. It turned out that these "useless" people were more important than they looked, and as a consequence their judgemental and supercilious society was devastated by abandoning them.
"Not true. You can hide the TrueCrypt container files."
Turecrypt itself need not be on the computer. It can be on a usb device, even a camera chip.
> What do people think of their claim to examine contents of encrypted archives??
I can't see where they make such a claim. They do say their product can do its stuff on encrypted volumes -- but only after you've mounted them. In other words, the password must be supplied first.
Use a puppy linux (Live) CD
Leave your hard drive at home.
If your OSh appens to be one with Opera ,firefox,an mp3 ripper,lots of goodies.
Hey it runs right outta RAM no Hard drive even needed.
Where do you put your stuff then you ask???
Online storage space.
ps-you will need at least a GIG of ran to do this.
Nothing to unerase---EVER
I travel quite often to the states via both air and ground from Canada. Typically with out much hassle even though I carry photog gear and laptop. Never had an issue at all via ground and via air - most I have ever had to do is fire up the MAC to show them it turns on, and turn on the Nikon and allow them to view through EACH lens. No big deal.
Is it possible to download a Nexxus pass application form off the internet? I have been looking around for it but coming up empty handed. Anyone have one and do you find it beneficial? What is the process and how long does it take to finalize?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.