I was detained last night by federal authorities at San Francisco International Airport for refusing to answer questions about why I had travelled outside the United States.
The end result is that, after waiting for about half an hour and refusing to answer further questions, I was released because U.S. citizens who have produced proof of citizenship and a written customs declaration are not obligated to answer questions.
Entries Tagged "borders"
Page 3 of 9
Doesn’t the DHS have anything else to do?
As someone who believes that our nation has a right to enforce its borders, I should have been gratified when the Immigrations official at the border saw the canoe on our car and informed us that anyone who crossed the nearby international waterway illegally would be arrested and fined as much as $5,000.
Trouble is, the river wasn’t the Rio Grande, but the St. Croix, which defines the border between Maine and New Brunswick, Canada. And the threat of arrest wasn’t aimed at illegal immigrants or terrorists but at canoeists like myself.
The St. Croix is a wild river that flows through unpopulated country. Primitive campsites are maintained on both shores, some accessible by logging roads, but most reached only by water or by bushwhacking for miles through thick forest and marsh. There are easier ways to sneak into the U.S. from Canada. According to Homeland Security regulations, however, canoeists who begin their trip in Canada cannot step foot on American soil, thus putting half the campsites off limits. It is not an idle threat; the U.S. Border Patrol makes regular helicopter flights down the river.
A large sign saying “United States” at a border crossing was deemed a security risk:
Yet three weeks ago, less than a month after the station opened, workers began prying the big yellow letters off the building’s facade on orders from Customs and Border Protection. The plan is to dismantle the rest of the sign this week.
“At the end of the day, I think they were somewhat surprised at how bold and how bright it was,” said Les Shepherd, the chief architect of the General Services Administration, referring to the customs agency’s sudden turnaround.
“There were security concerns,” said Kelly Ivahnenko, a spokeswoman for the customs agency. “The sign could be a huge target and attract undue attention. Anything that would place our officers at risk we need to avoid.”
The move is a depressing, if not wholly unpredictable, example of how the lingering trauma of 9/11 can make it difficult for government bureaucracies to make rational decisions. It reflects a tendency to focus on worst-case scenarios to the exclusion of common sense, as well as a fundamental misreading of the sign and the message it conveys. And if it is carried out as planned, it will gut a design whose playful pop aesthetic is an inspired expression of what America is about.
Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people’s laptops at customs. What we know is still based on anecdote, as no country has clarified the rules about what their customs officers are and are not allowed to do, and what rights people have.
Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data — encrypted, of course — on websites and then downloading it at the destination. I have never liked either solution. I do a lot of work on the road, and need to carry all sorts of data with me all the time. It’s a lot of data, and downloading it can take a long time. Also, I like to work on long international flights.
There’s another solution, one that works with whole-disk encryption products like PGP Disk (I’m on PGP’s advisory board), TrueCrypt, and BitLocker: Encrypt the data to a key you don’t know.
It sounds crazy, but stay with me. Caveat: Don’t try this at home if you’re not very familiar with whatever encryption product you’re using. Failure results in a bricked computer. Don’t blame me.
Step One: Before you board your plane, add another key to your whole-disk encryption (it’ll probably mean adding another “user”) — and make it random. By “random,” I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don’t make it memorable. Don’t even try to memorize it.
Technically, this key doesn’t directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive — that’s how the software allows multiple users.
So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.
Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won’t be able to recover your hard drive without it.
Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.
Step Four: Board your plane normally and use your computer for the whole flight.
Step Five: Before you land, delete the key you normally use.
At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There’s no need to lie to the customs official; you can even show him a copy of this article if he doesn’t believe you.
Step Six: When you’re safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.
And that’s it.
This is by no means a magic get-through-customs-easily card. Your computer might be impounded, and you might be taken to court and compelled to reveal who has the random key.
But the purpose of this protocol isn’t to prevent all that; it’s just to deny any possible access to your computer to customs. You might be delayed. You might have your computer seized. (This will cost you any work you did on the flight, but — honestly — at that point that’s the least of your troubles.) You might be turned back or sent home. But when you’re back home, you have access to your corporate management, your personal attorneys, your wits after a good night’s sleep, and all the rights you normally have in whatever country you’re now in.
This procedure not only protects you against the warrantless search of your data at the border, it also allows you to deny a customs official your data without having to lie or pretend — which itself is often a crime.
Now the big question: Who should you send that random key to?
Certainly it should be someone you trust, but — more importantly — it should be someone with whom you have a privileged relationship. Depending on the laws in your country, this could be your spouse, your attorney, your business partner or your priest. In a larger company, the IT department could institutionalize this as a policy, with the help desk acting as the key holder.
You could also send it to yourself, but be careful. You don’t want to e-mail it to your webmail account, because then you’d be lying when you tell the customs official that there is no possible way you can decrypt the drive.
You could put the key on a USB drive and send it to your destination, but there are potential failure modes. It could fail to get there in time to be waiting for your arrival, or it might not get there at all. You could airmail the drive with the key on it to yourself a couple of times, in a couple of different ways, and also fax the key to yourself … but that’s more work than I want to do when I’m traveling.
If you only care about the return trip, you can set it up before you return. Or you can set up an elaborate one-time pad system, with identical lists of keys with you and at home: Destroy each key on the list you have with you as you use it.
Remember that you’ll need to have full-disk encryption, using a product such as PGP Disk, TrueCrypt or BitLocker, already installed and enabled to make this work.
I don’t think we’ll ever get to the point where our computer data is safe when crossing an international border. Even if countries like the U.S. and Britain clarify their rules and institute privacy protections, there will always be other countries that will exercise greater latitude with their authority. And sometimes protecting your data means protecting your data from yourself.
This essay originally appeared on Wired.com.
A Singapore cancer patient was held for four hours by immigration officials in the United States when they could not detect his fingerprints — which had apparently disappeared because of a drug he was taking.
The drug, capecitabine, is commonly used to treat cancers in the head and neck, breast, stomach and colorectum.
One side-effect is chronic inflammation of the palms or soles of the feet and the skin can peel, bleed and develop ulcers or blisters — or what is known as hand-foot syndrome.
“This can give rise to eradication of fingerprints with time,” explained Tan, senior consultant in the medical oncology department at Singapore’s National Cancer Center.
Anyway, turning someone away from the border is a trivial security against terrorism because terrorists are fungible. Turning away a known terrorist merely inconveniences a terrorist group, which just has to recruit someone different. The 9/11 attacks were conducted for the most part by people who had no known record of terrorism and who arrived on visas granted to them by the State Department. Biometric border security would have prevented none of them entering.
(Another option is physical avoidance of the border — crossing into the United States from Canada or Mexico at an uncontrolled part of the border. I know of no instance of this occurring (successfully), but it could. And, most importantly, there’s no cost-effective way to prevent it.)
In summary, border biometrics have some benefit! They are at best a mild inconvenience to terrorists — an inconvenience that the 9/11 attacks mostly anticipated. But that’s not zero benefit! It’s just negligible benefit.
This quote impresses me:
Gov. Janet Napolitano, D-Ariz., is smashing the idea of a border wall, stating it would be too expensive, take too long to construct, and be ineffective once completed.
“You show me a 50-foot wall and I’ll show you a 51-foot ladder at the border. That’s the way the border works,” Napolitano told the Associated Press.
Instead of a wall, she said funds would be better utilized on beefing up Border Patrol manpower, technology sensors and unmanned aerial vehicles.
I am cautiously optimistic.
The Hackers Choice has released a tool allowing people to clone and modify electronic passports.
The problem is self-signed certificates.
A CA is not a great solution:
Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors:
- The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker. Single point of failures are not good. Attractive targets are not good.
Any person with access to the CA key can undetectably fake passports. Direct attacks, virus, misplacing the key by accident (the UK government is good at this!) or bribery are just a few ways of getting the CA key.
- The single CA would need to be trusted by all governments. This is not practical as this means that passports would no longer be a national matter.
- Multiple CA’s would not work either. Any country could use its own CA to create a valid passport of any other country. Read this sentence again: Country A can create a passport data set of Country B and sign it with Country A’s CA key. The terminal will validate and display the information as data from Country B.This option also multiplies the number of ‘juicy’ targets. It makes it also more likely for a CA key to leak.
Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not be detected.
So what’s the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job ‘assessing’ the person and not just the passport. Take the human part away and passport security falls apart.
EDITED TO ADD (10/13): More information.
Sidebar photo of Bruce Schneier by Joe MacInnis.