1Password's Travel Mode

The 1Password password manager has just introduced "travel mode," which allows you to delete your stored passwords when you're in other countries or crossing borders:

Your vaults aren't just hidden; they're completely removed from your devices as long as Travel Mode is on. That includes every item and all your encryption keys. There are no traces left for anyone to find. So even if you're asked to unlock 1Password by someone at the border, there's no way for them to tell that Travel Mode is even enabled.

In 1Password Teams, Travel Mode is even cooler. If you're a team administrator, you have total control over which secrets your employees can travel with. You can turn Travel Mode on and off for your team members, so you can ensure that company information stays safe at all times.

The way this works is important. If the scary border police demand that you unlock your 1Password vault, those passwords/keys are not there for the border police to find.

The only flaw -- and this is minor -- is that the system requires you to lie. When the scary border police ask you "do you have any other passwords?" or "have you enabled travel mode," you can't tell them the truth. In the US, lying to a federal office is a felony.

I previously described a system that doesn't require you to lie. It's more complicated to implement, though.

This is a great feature, and I'm happy to see it implemented.

Posted on July 23, 2018 at 6:17 AM • 59 Comments

Comments

AlanJuly 23, 2018 6:28 AM

"Do you have any other passwords" is such a poorly formed question (what does "any" mean? what does it mean to "have" a password?) I think you can give almost any answer and not face prosecution.

echoJuly 23, 2018 6:40 AM

I agree with Alan. Technically, "password" has a limited definition. As long as the key is not accessible via a "password" it would not be a lie.

I still prefer Bruces scheme though. It removes a whole lot of factors to a safe backend. In extremis a key phrase could be used to both divulge the genuine password and also alert trusted people in your home country. On balance I woudl go with Bruce's scheme even if it's just to reduce the head cluter from yet-another-application-clogging-up-my-computer.

These two methods may be automated:

Another option is to fill a travelling device with benign material and have a large document such as a book containing a passphrase. All you need to remember is the book, page, word number, word length. The disadvantage is this will not surivive an APT attack if they have the infrastructure to crack passwords from known plain texts.

Variants of microdots could carry an unknown password and be concealable.

Marry the two on a microsd card.

Sean JohnstonJuly 23, 2018 7:16 AM

What about something like Lastpass? If you uninstall it can you be asked to reinstall it, or access it remotely in order to unlock stuff you don't know the passwords for?

Peter A.July 23, 2018 7:25 AM

If this is to overcome US/UK border control policy, why bring sand to the beach?

Just buy a laptop while there and use VPN to connect to home system and download all the stuff you need, maybe even a whole image of your OS and apps - or just work remotely, so all your data at rest stay home. It is much easier to cryptographically protect temporary data in transit (like your screen contents ad keypresses) than permanent data at rest (like the contents of your hard drive).

All you need is to bring a (memorized?) passphrase to your account on your home website, and the fingerprint of the website's certificate, just to be sure.

As a plus, you can bring your new laptop home (after restoring it to the "as sold" state of course), so you have a new machine bought cheaper than at home (even after due taxes and tolls), or you could sell it for some gain.

Jim WildmanJuly 23, 2018 8:07 AM

(I am a Red Hat employee, but this capability is available in other Linux distributions as well.)

You might also be able to use something like NBDE (clevis and tang). If you encrypt the sensitive stuff correctly, then it will only decrypt when it can talk to the correct tang server (ie, on a corporate network).

https://rhelblog.redhat.com/2018/04/13/an-easier-way-to-manage-disk-decryption-at-boot-with-red-hat-enterprise-linux-7-5-using-nbde/

https://rhelblog.redhat.com/2018/04/13/an-easier-way-to-manage-disk-decryption-at-boot-with-red-hat-enterprise-linux-7-5-using-nbde/

meJuly 23, 2018 8:09 AM

@schneier
> This is a great feature, and I'm happy to see it implemented.

I don't think so. it's a problematic feature. not because it doesn't work or the way it is implemented, [i]but because it is necessary in first place.[/i]

all the people should stop finding ways to "cheat the system" and instead tell to people "this is plain wrong and you shoudln't ask my passwords".

for example, when gov censor websites for no reason all the infosec people say "i don't care, i'll just use tor, vpn, proxy, whatever" while they should say "you shouldn't censor that website in first place".
countries with "free internet" are a limited resource, stop ignoring the problem.

The same apply to the eff, we don't have it in Italy, and i'm happy with it, because we don't need that in first place, there are less "digital abuses" and we don't need eff equivalent here.
Another example is that we have "official speedtest" and if that say that you have slow connection isp has to pay you! we have it because isp cheat on real speed, they say "up to 20mb" while the real speed might be 5mb.
other countries doesn't have that "official speed test" because they doesn't need that in first place.

you sould be worried about such a feature, i have no plan visiting us now, but i'd like one day to visit new york and some other famous city, but i don't want to give up my passwords or have the phone cloned just to visit some city.

AnonJuly 23, 2018 8:13 AM

Seems pointless, if you’re worried about this why not just uninstall it and then reinstall later?

meJuly 23, 2018 8:18 AM

The most problematic thing is that you can't even say "well i'll leave my phone at home and bring with me a new/empty one" because they are starting to ask you social handles password and all other kind of private stuff.

note: even if your social account is visible to anyone (public) i still find wrong that someone ask me what accounts i'm using.

and even if this is not a problem for you, it might be a problem for the people you know:
knowing that someone has my full chat history because the other party gave it to agents when they cloned the phone is not fine.

echoJuly 23, 2018 8:45 AM

@me

I agree the issue is bad law. Schemes which accomodate this bad law area form of acquiescence. Where lots of organsiations or individuals default to a bad (and sometimes technically unlawful) implementation of a law and where they all play follow the leader so market forces disappear and you end up with a universally bad default at what point do you say "no"?

It was because of this I made a stand with a UK money transfeer company. The law was clear enough but they over-egged it and blocked a transfer for discriminatory reasons, and broke the specific partof the law they wereusing which stated information obtained under this law may not be used or another purpose, and they also broke regulator guidelines on customer service. My complaint is already in plus a more extensive written complaint as they failed to take up my offer allowing them to act swiftly and reasonably. I will also be contacting the regulator and ombusdman with written complaints too. By chance the very issue I am agitating also received coverage in the Atlantic later that day.

Slightly orthogonally because of Brexit the UK has already lost 30% of companies who previously used the UK as a jurisdiction to settle legal disputes.

Unless you stand up to the bully or the law which enables bullys or, perhaps, find somewhere else to do business with people who are nice you will always enable the bully. I will always say "no" to the bully and it has cost me a lot. I have also learned the bully may give a concession here but take something away there which as a whole only increases their power but even if people are hoodwinked and say it's good deal I still say "no".

I'm not lying just to flatter a bully.

vas pupJuly 23, 2018 8:58 AM

@Bruce:
"In the US, lying to a federal office is a felony."
Yes, Title 18, paragraph 1001.
Is the same rule applies in other G7 countries or US is exceptional on that?
Miranda in US applied during arrest, i.e. you are informed regarding the right to remain silent and everything you say could be used AGAINST you in the court of law, but for feds there is NO requirement to notify person contacted regarding 18/1001 even BEFORE arrest made and that by SCOTUS decision feds could to you, but you can't to them - felony. How many of respected bloggers aware of that? You may find interesting to read the book related 'The Three Felonies a Day'.

solaricJuly 23, 2018 9:13 AM

Wait, why do you have to lie necessarily? If US border security asked me "do you have any other passwords" and I answered "yes" but the necessary followup was "They are at home and I do not have access to them here and am not carrying them with me" what's the issue? I mean, if it's under control of the 1Password for Teams admin then even if I am in fact the admin but I don't actually carry the admin password with me then that's true, not winkwink "well technically...." true but just plain true, I simply don't have access to any of those at the border. I'm not carrying something with me over a border, what I've left home is out of their remit.

Of course that requires actually for real giving up access to that on the go but that's necessary for important security anyway. The only way to have a piece of information be totally immune from acquisition on the go is to simply not have it at all.

The one really in a position to do a better job of this however universally are the mobile device platform companies (Apple in particular) themselves. Apple has the pieces together to do a really good user friendly implementation of this by having "Views" that are unlocked depending on preset conditions, which could be anything the device has access too (GPS, network connection, timestamp, biometrics, user input, etc). Anything not accessible could simply have its encryption keys shuffled out.

BardiJuly 23, 2018 9:17 AM

I mentioned it once and did not see replies, so, is there a way to have two passcodes, one for "regular use" and the other that could wipe the phone? Yes, I understand the danger of doing so, but, if asked for "the" passcode, I would think one could truthfully expose either one.

I always make a backup so that, with time, wiping the disk is less traumatic.

dragonfrogJuly 23, 2018 9:29 AM

I agree with @solaric.

If the answer to "do you have any other passwords" is "Yes, but the administrator has temporarily removed my access to them while I travel, because here you are looking at my passwords. If you saw my work passwords, I'd immediately have to fill out a security breach report, then I'd spend half my trip on the phone with clients explaining why they just got a breach report, my colleagues who are doing vacation coverage for me would have hours of work changing all the client passwords, and I'd be very unpopular on returning to the office," that seems pretty alright...

HmmJuly 23, 2018 9:31 AM

@Dragonfrog

So long as you aren't provably lying about any of that, sure.

If a judge thinks you are, hope you packed your toothbrush.

echoJuly 23, 2018 9:38 AM

@dragonfrog

I have no idea of its travel validity but a statutory declaration and/or printed copy of company policy may help provide a document with everything written up in one place. It saves being nervous and faffing. People also tend to believe what's written down more than verbal information.

I avoid discussing my password scheme online but will say I don't typically bother remembering my passwords. I don't have the foggiest clue what they are.

dani_dJuly 23, 2018 10:09 AM

The blog post referenced in the first paragraph is from May 2017. This feature has been around for more than one year!

-d

solaricJuly 23, 2018 10:12 AM

@Bardi

The concept you're describing is known as a "coercion code" or "distress code" or the like. It's a subset of the overall strategy of pre-determined actions being automatically taken based on matching inputs. "Something you know" can certainly be a factor there, and conditions can vary a lot vs a total wipe, they could also be in the form of a silent alarm or information simply not being loaded for example. This can achieve some of the effect while not tipping off the coercer that anything unusual happened. Biometrics are a fantastic match here since one of the basic challenges with the concept for most people is that nearly by definition they'll be used very rarely or never, so remembering them when the time comes (also nearly by definition a high stress situation) could be very hard. But if it's just "I'm making a frowny face" or "normally I use my index finger, if instead I use my thumb or middle finger [XYZ] happens". Geographic and time triggers also are potentially useful since again, they're things that can be considered ahead of time calmly and deliberately and then require nothing of the user.

I want to emphasize though that while here we're primarily talking security, in mobile devices this concept could offer a great deal of universal value if it was generalized and well implemented (and in turn that would make use common which would be good for security). One of the issues now getting a lot of attention for example is mobile addiction. If we imagine being able to create various "Views" on your device (with varying subsets of apps and information "available", ie., the crypto keys loaded) with a nice GUI for setting triggers for them, then somebody could not merely have a "travel" view for security but also "work", "vacation," "morning@home", "evening@home" and so on where only related apps would be loaded. Games don't appear at work. Work stuff doesn't appear at home. It'd give people more power to recreate the more firm lines between work and home life we once had, to set their own time limits on when they want to have news coming in and such.

I mean, this isn't even a kid thing at all, even though some of the "addiction" stuff has been framed in terms of parental controls. As a working professional I'd personally love to be able to have more powerful and fine grained tools to cut down on the information flow constantly being blasted at me, but without having to give it up when I need it either. That these same tools would be dual-use for security and privacy makes both even more desirable.

HmmJuly 23, 2018 10:39 AM

What if.... we're going about the security checkpoint problem from the wrong side?

What if you could send your data ahead of you securely somehow non-physically (or physically..)
and then seamlessly and easily re-input all of that into your phone on the other side?

Granted that's less feasible in some places than others, but it seems to me that we're being held "hostage" by the checkpoint laws themselves as they relate to unlocking what you have on you - if you don't have it on you, it's a damn sight harder to get at.

They've demonstrated capabilities to get past most any locking system on the market.
It's like a luggage padlock, it's not saving anyone if 'the people' want to look in there.
(and they do)

So why are we continuing to deliver that to them on a legal platter? Convenience alone.

solaricJuly 23, 2018 10:54 AM

Eh? You mean like carrying a clean or minimal device then just accessing your VPN once you arrive and reloading over that? Sure, that's a plenty common strategy, has been for a long time. It just takes work/planning/bandwidth is all.

HmmJuly 23, 2018 11:35 AM

" It just takes work/planning/bandwidth is all. "

Which is why most people don't bother, right? Exactly my point.

What if someone offered a product line that made it seamless and easy, reasonably secure for the average tecnophobe? I think the combination of a few things as you mention could be packaged together specifically to defeat these kinds of intrusions at checkpoints.

It seems to me focusing on bigger/badder padlocks is just an arms race joe user can't win.

meJuly 23, 2018 12:03 PM

@echo
Thanks for your answer, ihave got a great idea:
GDPR them, so that when they ask for passowrds you tell them "i'm not sure it's gdpr compliant, it's not privacy by default"

HmmJuly 23, 2018 12:04 PM

I realize I'm rehashing what Bruce said in the linked-to previous blog in a sense.

But why shouldn't say Apple, which pretends to be fighting the good fight versus data intrusion versus the .gov, sell a for-pay fully encrypted service dedicated to its product line to enable a secure and simple process to jump around these draconian checkpoints?

What if it were as simple as "enable travel mode - wiping all personal info" and then
"disable travel mode - securely sync device now" and took only a few minutes?

As you say there's no technological restriction, just a UI/knowledge/work barrier.

You would think more people would get in that habit if it were easier, a matter of course.
It's kind of a huge PITA as-is - and you'd really have to know what you're doing to "be sure."

BardiJuly 23, 2018 2:18 PM

Solaric,

Thank you for the reply. You bring up nearly an entire, unexploited industry. Very well thought out.

Sed Contra July 23, 2018 2:20 PM

Operating legally can’t be read as routinely standing all the time with toes on the edge of the legal cliff. Just don’t bring anything and don’t encrypt, password is 1111. Don’t have any “social media” accounts; they are a mindless distraction anyway. If you have anything “private” email or internet-wise that would/could be a problem, don’t go. VPN is illegal often; no one comes to check, but they could. There is no right to travel. If it’s business, be sure your employer has a sponsor in good standing where you are going and folloe the company rules to the t. Fight the good fight less Quixotically.

justinacolmenaJuly 23, 2018 2:58 PM

lying to a federal office[r]

Looks like a typo, but it's not. Trump is bellowing at the top of his lungs about some Iranian rug salesman "threatening the United States," and Special Prosecutor Sir Robert Swan Mueller the Third wants to bring charges against him for "conspiracy to defraud the United States." ConFraudUs, ChiMo, something like that.

WeatherJuly 23, 2018 3:28 PM

Confused, drunk, crazy, insane rambling, it took me 20 years to realise that a snake outside your motel next to a highway in long grass, might not be normal based on what I was doing at the time, lucky I new I die if I leave nz

WeatherJuly 23, 2018 3:32 PM

Last time I went over the nz, au sis looked after me, so I would like to find out who did that

WeatherJuly 23, 2018 3:55 PM

I'm not going to attack you, but a wise man once said no religion, sex, or political, I'm not going to attack you because it seems weak after the mod comment, but you are leaking lots of side channels, so hint, sorry none to offer, even if you are a teenager might slack. But you suck at fishing

SteveJuly 23, 2018 4:24 PM

The linked post is from May 2017. Nice feature but not just introduced.

ismarJuly 23, 2018 4:44 PM

@Bruce
Let's take this one step further and have the ability to "lock" the drive based on a geographic location - i.e when at airports or any other predefined location which can be set using the software.

HmmJuly 23, 2018 5:04 PM

"do you have any other passwords?" or "have you enabled travel mode,"

"No, I don't have any other passwords, haven't enabled travel mode."

-Works if being administrated by the team leader, someone else, (anyone else?) without lying.

Hmm. I'll let someone else try that out.

Clive RobinsonJuly 23, 2018 5:05 PM

@ bardi,

I mentioned it once and did not see replies, so, is there a way to have two passcodes, one for "regular use" and the other that could wipe the phone?

You are asking about either a "duress code" or "deadmans switch".

They have been discussed quiye extensively in the past on this blog by amongst others @Nick P and myself.

They have issues that require extra precautions.

For instance it's a quite serious offense to "destroy evidence" however "following procedure" that is enshrined in company rules is not a crime, unless you don't follow the rule.

That is a "damed if you do damed if you don't" Catch22 legal situation caused by the conflict of two seperate pieces of legislation (civil/criminal law and company law).

Such "fringe areas" are a consequence of the way legislation is generaly produced.

There are other issues I won't go into but we glibbly talk about 2FA and similar not realising that there are subsets of the old "Something you are, something you have and something you know".

Also other effective factors as,

Some time point.
Some geographic position.

The advantage of the "time point" is once the time is passed there is no going back thus you can not be coerced beyond that point in time.

The interesting thing about a geographic position is that it does not require "GPS" which can be spoofed, the webcam can be used to correctly identify a building or similar.

But the best thing to have is "an out of jurisdiction key holder". Because the judge in one jurisdiction generally is not a judge outside of their jurisdiction. That is as a general rule they can not command somebody outside of their jurisdiction to cough up a key etc. Whilst it might be possible to force the key holder such a process takes time, thus any time limitation has expired...

You can improve on this by the use of "key shares" and several jurisdictions.

David LeppikJuly 23, 2018 6:58 PM

One thing that's changed lately is the rise in popularity of two-factor authentication.

If they ask you for your login credentials, but you don't have your second factor, they'll have a much harder time accessing your data.

HmmJuly 23, 2018 7:19 PM

@David

The question is : Does that actually get you off the hook, or do they confiscate your item now?

I guess if you're fine with ditching that "burner" laptop right?

echoJuly 23, 2018 9:22 PM

@me

Thanks for your answer, ihave got a great idea: GDPR them, so that when they ask for passowrds you tell them "i'm not sure it's gdpr compliant, it's not privacy by default"

There are also safe harbour laws. UK judges have since ruled the processing of census data by Lockheed Martin was unlawful.

My pursuing issues with the international finance system are ongoing but, yes, I will check GDPR and safe harbour to see if it applies. There is also the Data Protection Act and Human Rights Act and Equality Act. I have no idea what the UK government is up to with respect to US death penalty issues. I'm fairly sure their legal position is bogus.

This makes me wonder if lawyers representing the terrorists can challenge US law atthe border. They will be incarcerated anyway so a hold up for them is no major loss.

https://www.theguardian.com/uk-news/2018/jul/23/uk-will-not-oppose-us-death-penalty-for-isis-beatles

The development has been widely criticised, including by relatives of Kotey and Elsheikh’s alleged victims.

Nobody is arguing for letting criminals and terrorists get away with it (either with respect to being held to account for their crimse or border controls) but arbitrary and unjust laws.

BardiJuly 23, 2018 9:27 PM

Clive,

Thank you. I should have (and will) review past discussions about "duress code".

If I faithfully take the time (about ten minutes on my device) to backup all information, can anyone truly make a claim that I have "destroyed information"? I mean, perhaps in their jurisdiction, but there does exist a copy elsewhere. They might have to work for it, but the information is not destroyed. Unfortunately, there exist jurisdictions in this world that can act like little children, throwing a tantrum when denied their favorite candy, a political win (can one say, USA?)

Seemingly OT. With Airbus, plus a few others, we can have pretty darn fast internet throughout the world. If I can get my tutu moving, we can bring electricity to the billion or so in Africa that are without. Any ideas?

RealFakeNewsJuly 23, 2018 9:59 PM

If you take a new laptop, could anything about it ge deemed "suspicious"? Could they (ab)use the law and detain you, even if just for the mere purpose of delaying the carrier, because of it?

What about general questions, such as intent? Would a question such as "Is it your intent while in-country to download files later for the purpose of evading this search?" be legitimate?

I'm thinking that given connectivity, and particularly the ubiquitous nature of the internet and online file storage, that this could be an interesting "catch all".

Can they ask questions this broad at the border?

echoJuly 23, 2018 10:14 PM

@Bardi

You make your data inaccessible before you get there which is a different thing to destroyed.

Within a UK context:

You will need to check with a criminal lawyer but my guess is that as long as there is no indication of an investigation, either by the execution of a search warrant or being placed under caution, data may be rendered inaccessible or deleted.

UK law is fairly clear on the issue that a citizen is under no obligation to make life easy for the state. A citizen is also under no obligation to believe the assertion of the state. This is within other law such as a limited right to silence and also the public interest element of fiscal law.

As long as you haven't broke the law in the UK which would allow a US extradition application my guess is you are on the right track.

The UK Home Office ordered the destruction of records because of storage issues. Subsequently, there was an immigration crackdown and the data to prove lawful immigrants cases was missing. It will be extremely difficult to prove this was deliberate but I wouldn't put anything past politicians (or anyone else with an agenda), sadly.

HmmJuly 23, 2018 10:34 PM

" Could they (ab)use the law and detain you "

Depending on where you are, they can detain you for an ungodly amount of time for no reason. Most places that's how it works for different amounts of ungodly time.

If you lie and get caught you can expect not to enjoy that time. Most people.

Mr. CJuly 23, 2018 11:46 PM

Doesn't 1Password have a history of security vulnerabilities and a PR posture of obscuring, denying, and spinning said vulnerabilities? Shouldn't that be disqualifying, before we even get around to looking at features like this?

echoJuly 24, 2018 12:32 AM

@Mr C

Where there is likely to be a risk of a breach of the Human Rights Act(or Equality Act) a decision/action is unlawful. These rights may not be derogated so any organisation using software with a known risk of compromise which will lead to a breach of these laws will itself likely be unlawful. There are also positive obligations in effect which means a proper level of due diligence is required and that steps must be taken to mitigate a breach.

With regard to European Convention rights jurisprudence is that consideration of these issues must be vigorously pursued, and UK judgements tend to reflect this (although individual cases may not themselves be successful especially if it involves public enquiry/judicial review aspects which judges use to kick the case out of their sphere of responsibility).

Loads of organisations and individuals fall down on this. I daresay efforts would more serious if an explosive collar was placed around the neck of the person making the decision with a trip switch at the other end...

Clive RobinsonJuly 24, 2018 1:55 AM

@ RealFakeNews,

Can they ask questions this broad at the border?

As a general rule when you are not on the "land side" of the border they can ask what they like (see the US question on imigration cards that few even know what it means, including the border protection staff). They can also turn you away without giving a reason if they like.

However there are limits on what they can do in terms of "tourture", "detention" and "mis-treatment" by international agreement.

In recent times certain nations have decided that their writ applies where ever they can force it to apply. You have little or no power, protection, or legal rights when you are not on the "land side" of the border. Thus they can and do get away with all sorts of behaviours that most would find degrading, humiliating or a lot lot worse and there is of course no legal recourse either.

Oh and remember when in the US, you may think you are on the "land side" but you may not be. If you think back they broadened the border zone to a hundred miles "in land"...

Just another reason why as a previous frequent traveler I've decided travelling across borders is nolonger in my future...

The real question we should be asking though is when are "cyber-borders" going to appear and how?

You can be sure there are quite a few legal minds working on that, as potentially there is more than a Kings Ransom in taxation etc to be made from it. As well as effectively killing off encryption...

DaveJuly 24, 2018 2:11 AM

@vas pup: In some countries there's no need to lie to government officials. I occasionally travel to Russia on business, at one point pretty much synonymous with oppressive government, and I've never been stopped, had my electronic devices searched, my laptop or phone taken away, or whatever. The same goes for Europe, Asian and African countries I've been to, etc. It's only when entering the US that I'm put in a position where I have to lie to government officials.

ismarJuly 24, 2018 2:25 AM

@echo
Don't mean to be rude or anything like tat but can we , in the interest of being able to make some sense of these blogs later, keep on topic and not start going off on a tangent all the time, please ?

As you know there are weekly squid blogs for that :-)

from carpenter vs united statesJuly 24, 2018 2:45 AM

https://www.eff.org/document/carpenter-v-united-states-supreme-court-opinion
Page 104:
as JUSTICE THOMAS thoughtfully explains today.
The Amendment’s protections do not depend on the breach of some abstract “expectation of privacy” whose contours are left to the judicial imagination.
Much more concretely, it protects your “person,” and your houses, papers, and effects.
Nor does your right to bring a Fourth Amendment claim depend on whether a judge happens to agree that your subjective expectation to privacy is a “reasonable” one.
Under its plain terms, the Amendment grants you the right to invoke its guarantees whenever one of your protected things (your person, your house, your papers, or your effects) is unreasonably searched or seized.
Period.

echoJuly 24, 2018 4:33 AM

@ismar

Pardon? I am on topic. Please demonstrate where I am not (and no sex discrimination ignoring the guys infractions if there are any).

VinnyGJuly 24, 2018 6:12 AM

There is a tremendous volume of naivety being demonstrated here on this topic based on the fallacious assumption that the interrogators and the parties they represent will be bound by the letter of the law, and all one must do is truthfully adhere to a strict interpretation of that law whilst avoiding compromising one's passwords. There _might_ be a very limited vestige of the principal of law remaining in some Western nations, but it is rapidly disappearing. In most other nations, it never really existed in the first place. The harsh fact is that if you are regarded by any state entity as a high value target for any reason, the law will be given naught but lip service, and that only insofar as it serves the ends of the thugs who desire your information. If you are not a high vlue target, you probably did not need to do very much to secure your information in the first place. The sane objective here is to avoid furnishing one's private property to the state and get away with it, not to adhere to the manifestly unfair rules of a game that has been designed by the authorities to produce a specific outcome that is exclusively in their interests...

echoJuly 24, 2018 6:39 AM

@VinnyG

I would tend to agree. This is true even at a basic admin level when dealing with the state in my experience.

My security is Swiss cheese partly because A.) I don't need the level of assurance some do and B.) Swiss cheese security encourages a sense there is nothing much of value to be found.

I think what bothered me about this topic is technical issues aside the product can only give so many gaurantees. Anyone in position of responsibility has a need to know this and give proper advice and ensure policies and guidelines are appropriate. Saying "we didn't know" or "the place is a black box so we couldn't know" is not an excuse. This is probably the point where I would suggest these kinds of products are really aimed at the average consumer and the promotional material should probably reflect this.

WooJuly 24, 2018 7:04 AM

The best way out of that dilemma is to not travel to the US anymore until sanity has been restored there. If the loss of sales doesn't get the US industry to make their government revoke these idiotic policies, then they apparently don't need international customers. If we all bend to their will or find awful workarounds, it's only going to become worse.

Or pitch your policy against theirs..
"Yes, I have other passwords, but GDPR prevents me from divulging them to you. Have your gov't discuss that with my gov't if that's not good enough for you."

HmmJuly 24, 2018 12:37 PM

@woo

"Have your gov't discuss that with my gov't if that's not good enough for you."
"Sure, just put your hands behind your back for us meanwhile."
"Am I being detained?"
"Oh yes, you're being detained. It might be a while." Click.

If you have the ability to boycott flying to the US, absolutely please do that.
But I doubt anyone would notice even if there were a million of you.

Unless there's a physical riot every day in the international terminals that gets international media attention and disrupts flights, you can expect zero changes.
Sanity doesn't just come about, it's enforced by the ground-level reality.

If their lines are clogged to non-function with angry internationals who miss their flights for months to years on end, if they run out of airport holding cells for tweed-suited businessfolks, then you might see some momentum in the places where these decisions are made. A boycott, that probably just makes their job easier as far as they're concerned.

Jeffrey GoldbergJuly 24, 2018 6:52 PM

I work for 1Password, and I strongly advise people to not lie to border officials. I feel like a lot of people commenting on this issue in general fail to understand the enormous power asymmetry that exists at the border, particular if you are not a citizen of the country you are entering.

Travel Mode is designed to make it easier and safer to comply with such search requests. In many circumstances only what you are carrying with you over the border is subject to search. Those are the circumstances that Travel Mode does you some good.

Admittedly there is a danger that Travel Mode would encourage someone to boast about having things that can’t be searched. Don’t do that! Such bragging might be taken as probable cause, and then an entirely different set of rules apply. We were keenly aware of this risk when we launched Travel Mode, and so have been keeping an eye out for it. Fortunately, we’ve heard no reports of anyone doing that.

Jon (fD)July 24, 2018 8:23 PM

Just to get back on topic (@vas_pup, really)

Surely Title 18, paragraph 1001 only applies to "federal law enforcement officers". And, oddly enough, a court has ruled that TSA agents are not federal law enforcement officers.

https://www.techdirt.com/articles/20180711/21300340223/appeals-court-says-tsa-agents-are-beyond-reach-federal-lawsuits.shtml

Of course, if it applies to every Fed, there are some people who should be in big trouble for what they told Genl. Colin Powell about the justification(s) for invading Iraq... Among many other things.

Jon (fD)

echoJuly 24, 2018 9:45 PM

@Jon (fD)

Yes, I have noticed this kind of thing with the state and organisations. As with the international money transfer issue I am pursuing people can step beyond the law as written. Some of this may be not paying attention and just assuming which becomes a belief which when checked against the law turns out not to be true. Then you can end up dealing with people who are just smack you with the policy types or who are too lazy and don't care enough to conduct their due diligience when an issue arises because it doesn't effect them. There are some organisations you can have a dialogue with when in the middle of a situation and others you can't.

While I'm working through issues for making a complaint against one company to statutory bodies I'm also approaching an alternative supplier in the market and having a dialogue before a transaction is processed to see if anyone is paying attention before we begin.

By chance one of my clients earlier today was a compliance auditor. This was a brief but interesting discussion. The short version is he worked undercover appearing as an ordinary person to them then compared their performance against the standard they should reach (which included statutory obligations and so forth) and wrote up his report. As for whether anyone paid attention?

JohnJuly 25, 2018 3:04 AM

If you don't use a password then you won't be lying when asked if you have another password.

vas pupJuly 25, 2018 9:24 AM

@Dave: Thank you!
The paradigm is other in places you've noticed. LEAs/government officials asked you about facts they do not know (usually) versus asking the facts they already know just to entrap you and put on their hook.

ciphertextJuly 30, 2018 10:51 AM

Maybe a possible option for a travel mode that doesn't require lying to "officials" would be to have a physical token required to disable travel mode. You enable travel mode prior to leaving the country. The question asked of you is "do you have travel mode enabled?" and you can say "yes I do". The next command given would be to ask that you disable to which you could confidently respond "I don't have the capability to do so. Not because I don't want to comply. It's simply that I don't have the necessary access to perform the disablement." In that case the only lie you would be guilty of perpetrating is "Not because i don't want to comply". You wouldn't be able to disable travel mode because you don't have the required token available to disable the mechanism.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.