To be effective, this would need to become a kind of norm for overseas travelers, the same way traveler's checks used to be. The idea would be that just as you don't carry a bag with your birth certificate, stock certificates, property titles, and jewelry with you, you also don't carry a 10 year archive of every email you've ever sent or a detailed list of every person you've ever spoken to.
In particular, it needs to be normal enough that a significant fraction of all travelers do it. The feature can't be marketed as a protection for at-risk travelers, but as a common-sense safety mechanism useful to all travelers.
I think it's crazy that people walk around with phones that have access to years of email communications, and that even in the happiest timeline we could have ended up on after 2016, features like this are long overdue.
>>In particular, it needs to be normal enough that a significant fraction of all travelers do it.
Yes, exactly.
Border agents are trained to look for anything out of the ordinary. Currently, using a feature like this would immediately raise a huge red flag and encourage more questioning, detention and possibly even deportation based on the person's country of origin and the mood of the border agent.
Incidentally, that's why I think there is virtually zero chance for these types of features to take off: the system strongly discourages early adopters from trying them.
Incidentally, that's why I think there is virtually zero chance for these types of features to take off: the system strongly discourages early adopters from trying them.
That can be addressed by how it is marketed. Instead of calling it "Travel mode," it could be called "Work mode" or something like that. Commercials could target college students going home to visit parents and not wanting parents to see all their crap or that sort of thing.
Why wouldn't it be marketed as a feature for leaving the country, not returning? There's a very reasonable case to be made that other countries have substantially worse privacy protections than the US does. Whether or not that's true is a separate conversation, but for the purposes of the border conversation about why you've enabled it, blaming the lack of Constitutional protection in foreign countries seems like a good approach to me.
Right, the idea is that US travelers would kick-start the norm by travel-locking their accounts; they're at little risk while traveling. It might take many months or even years before travel locks were normed enough that at-risk travelers could rely on them, but that just means we should get started on these features sooner than later.
Couldn't US CBP defeat that norm for non-citizens, just by announcing "don't enable travel lock until after you clear customs, or you may not be allowed in" in the same way that they eg. tell you not to bring your codeine with you?
Citizens are probably OK, at least until they bring in Exit Visas...
If you are willing to do this, then why not just say "no" to the CBP and DHS? You must be allowed in if you are a citizen so the only risk is them keeping your phone for a few weeks while they try to hack it to get inside. I believe they are required to send it back to you once they are done by law or agency policy.
That's what I plan to do if I ever get asked - telling them to piss off. Worst they can do is confiscate my phone. I am choosing to remain silent. If they still persist on hassling me and end up taking my phone even temporarily, I will treat that device as now being compromised and will take the appropriate action.
Last year I was hassled (not at the border) on two occasions. Once in NYC in the Port Authority by the cops that patrol that facility and a second time in the suburbs of NJ. In NYC the cop didn't like that I was getting testy with a Port Authority employee for not letting me though to get to my bus. He intervened without cause and asked for my ID. I told him "nope". He tried making up some story to justify him asking me and I told him "I'm not giving you my ID. I'm leaving, bye." and then walked away.
In NJ I was detained for way too long under suspicion of several random things. This wasn't even a traffic stop. I parked the car and then they drove over and harassed me for a solid 45 minutes. First they claimed I was drunk. Then they said I was on this particular street to buy drugs. Then they said I could actually be dealing the drugs. They frisked me for "officer safety" and then tried to get me to walk the line and do a bunch of sobriety tests. I told them I wasn't doing any sobriety tests. They lied and said I could be arrested for mere refusal. I told them they were full of shit and that I can only be arrested for refusing the actual breathalyzer, not the voluntary tests. I then remained silent for rest of the encounter. Not a peep, just dirty looks back and forth. Eventually they had to let me go. Moral of the story is that cops do back down plenty of times but you have to have the will to test them. And it greatly helps if you know the law.
One last thing - if you are wondering why I didn't just take the sobriety tests if I'm sober, there's a damn good reason. Some years ago, my friend got arrested in that same town for blowing a 0.00. How you ask? Because first he did the voluntary tests which no one in the history of mankind has ever passed - at least not according to any police officer. Those tests are always used to compel something else like a search, breathalyzer, etc. It's an excuse to justify further harassment in many cases. So my friend did their tests and "failed". So they compel the breathalzyer and he gets a 0.00. He thinks he'll finally be free to go when they tell him that based on his failure on the voluntary tests he is clearly under the influence of something. And since it isn't alcohol, it must be drugs. So they arrest him, take him down to the station and draw blood. They charge him with intoxication and illegal drug use (because he said he doesn't take any medications for anything) before the blood results come back because those take 2 weeks or so. Even though they come back totally clean he has still been charged and is required to show up in court anyway. He had to spent $500 or so on a lawyer to represent him that day and get that bullshit dismissed. I am not sure if he got the arrest wiped from his record - I don't think he did. Which means he now has a record for no reason at all. Please take this story into consideration the next time you interact with law enforcement. I no longer cooperate with law enforcement for anything other than a minor traffic stop, maybe not even then. If a stop were to start going somewhere else (i.e. they are fishing for stuff or trying to screw me just because they feel like it) my attitude and strategy for dealing with them does a complete 180. The only reason I may comply for minor things is simply because it's the quickest way to be back on my way. 99% of the time their minds are already made up. Nothing you say will get you out of a ticket in most cases, so there's no reason to cooperate anyway. Playing nice is just for expediency, but as soon as that turns into something else, you need to switch gears immediately.
Sorry for the long post. My interactions with police last year are a sore spot for me (there were other interactions I left out).
Because you already know you will "win" the game of chicken between a citizen and CBP, but that win does nothing for non-citizens, for whom CBP has potent recourse.
> . Not a peep, just dirty looks back and forth. Eventually they had to let me go. Moral of the story is that cops do back down plenty of times but you have to have the will to test them. And it greatly helps if you know the law.
> I think it's crazy that people walk around with phones that have access to years of email communications
The one anti-pattern on every website is using your primary email address for both notifications and password resets. There is zero reason why you'd ever want an email address you have authed on your phone to handle Facebook/Twitter password resets, but the only way to avoid this is if you're willing to give up receiving whatever notifications you'd normally want to receive via email on your phone.
Good point, but it doesn't need to be anywhere near a majority. If just 1% is travelers use it, it would not trigger more than a few extra questions. Especially if those 1% are mostly computer professionals where deeper questioning hardly ever turns up anything.
One feature I'd like with this travel mode is having a log of every bit of data that was accessed during the trip. At least then I would know how much was copied. Some kind of rate limiting would be good too, so they cannot just copy everything.
> I think it's crazy that people walk around with phones that have access to years of email communications
You think its crazy in you wish you (and everyone else) had a viable alternative? Or, you think its crazy in that you do something else that others don't do?
I have tar files of old maildirs, but they're encrypted and backed up and not readily accessible. My regular mail client has access to a smaller set of mails. Of course this requires an email setup that allows such easy bulk operations, which gmail isn't really.
Much of the point of the cloud shift was to get your data into the ownership of a private company who can make money off it.
If, for example, Apple can make up some lost money on iCloud with new obsidian gunmetal TimeCapsules with plausible deniability and localhost-tunneling features to sell to rich people, I'm sure they will try and do it.
Yes, an incompetent autoocrat got elected to the highest government office of the most powerful nation on earth. You almost certainly already knew this.
1. I far as I understand there is legal precedent establishing that electronic devices are basically the same as suitcases, and both can be searched at the border (i.e. in the same way that border agents can rummage through a backpack looking for drugs, they can rummage through a laptop's hard drive looking for evidence of drug dealing). The key idea is that objects brought across the border are fair game for search. However, wouldn't accessing social media accounts require fetching data over the internet from a data center somewhere? Maybe there is some info cached locally on the phone, but for them to, say, look through a traveler's post history they'd have to access data that is _not_ being brought across the border. How is this different from border agents finding a house key in a traveler's bag and then using that key to go to the traveler's house, open it, and search everything they find there?
2. Searching the data on the device is one thing. Asking a traveler to provide passwords seems completely different. It seems like a pretty clear 5th amendment violation. There's a lot of precedent protecting people from being compelled to speak.
Just to be clear, I'm wondering about this for US citizens returning home. Obviously all bets are off for non-citizens.
Why shouldn't non-citizens be protected by The Constitution? Not a lawyer, but these came up pretty quick in a Google search.
"It is well established that, if an alien is a lawful permanent resident of the United States and remains physically present there, he is a person within the protection of the Fifth Amendment. He may not be deprived of his life, liberty or property without due process of law."
Kwong Hai Chew v. Colding
". . . The Bill of Rights is a futile authority for the alien seeking admission for the first time to these shores. But, once an alien lawfully enters and resides in this country, he becomes invested with the rights guaranteed by the Constitution to all people within our borders. Such rights include those protected by the First and the Fifth Amendments and by the due process clause of the Fourteenth Amendment. None of these provisions acknowledges any distinction between citizens and resident aliens. They extend their inalienable privileges to all 'persons,' and guard against any encroachment on those rights by federal or state authority."
Bridges v. Wixon
"The alien, to whom the United States has been traditionally hospitable, has been accorded a generous and ascending scale of rights as he increases his identity with our society. Mere lawful presence in the country creates an implied assurance of safe conduct and gives him certain rights; they become more extensive and secure when he makes preliminary declaration of intention to become a citizen, and they expand to those of full citizenship upon naturalization. During his probationary residence, this Court has steadily enlarged his right against Executive deportation except upon full and fair hearing. . . . And, at least since 1886, we have extended to the person and property of resident aliens important constitutional guaranties -- such as the due process of law of the Fourteenth Amendment."
The difference is that non-citizens don't have a right to enter the US, so while they can't be compelled to share their personal information, they can "voluntarily" choose whether to share it and enter the US, or go back.
> non-citizens don't have a right to enter the US...
Here's where I take issue, by obtaining a visa to enter the US for work/ travel you go through security checks and you were deemed safe/ not a terrorist.
So what changed from when you were issued a visa to when you landed in the states?
For me, this feels like China all over again. If requesting passwords becomes prevalent in the US, then the same precautions that travelers take when entering China will become the norm from the US.
Delete your 'social media' accounts.
I'm talking Facebook, LinkedIn, G+ and so on.
I did that and life goes on perfectly - I don't miss them a bit and I don't think anyone noticed.
My wife and daughter are right here at home, I use Skype, Whatsapp or Slack to talk to my friends and colleagues.
So there is nothing that's missing.
Social networks are brainwashing farms (yes, advertising is a form of brainwashing) so stay away from them.
I don't want to sound too negative, but we all sense it: tough times are coming and these accounts will become a liability, even if you have 'nothing to hide'.
Thanks for your advice, but if all I wanted was to chat and see people that are "right here at home," I wouldn't be on social media in the first place. It actually provides value to me beyond that, and yes, I would miss aspects of it :/
Social media is not the best nor the only place to share your opinions, political or not.
In fact this is the exact danger that these networks pose - people start thinking that it's the only place where we can express our right to free speech.
But this is not what social networks were designed for. They were designed to distribute advertising; all the rest of the features are just clever ways to disguise the real purpose of the SN. Even people who work at these companies are delusional about their company's real purpose.
The place to express our right to free speech is 'the Internet'.
Distributed, resilient, no central control.
Plenty of space for anyone to shout as loud as they like and 'share' it with their friends, without selling their soul.
I know my personal views about sexuality and proclivity, expressed on my personal web site, cost me at least one possible job, and maybe a couple others as well, over the years. If my views on these issues were to be discovered on the internet, either on a personal site, or some social network, by someone in the HR department of the Fortune 150 I work for, I would probably be summarily dismissed. So, the "chilling effect" has already happened, and it's only working against one side of the ideological spectrum. Oh, sure, we still have "freedom of speech" in the US, but only if it's politically correct. Otherwise, you'll also be exercising your "freedom to be out of work."
It sounds like you want to have your cake and eat it too. I believe our right to free speech is the most important thing we have. However, if someone reads a post they don't like why should they HAVE to hire you?
As an employer if I read something that genuinely offended me (I have no idea if that's even possible) I wouldn't hire them. I hire people I think are going to make the team better and that I think we would want to work with.
So, yeah, if that hot take you wrote on the internet was a tad incendiary, why is it bad that people passed on you?
I'd like to think that I'm evolved enough that I could disagree with someone's opinion and work just fine with them- but if what they said struck a chord, I can't say that I wouldn't pass on them.
At the end of the day your freedom keeps you out of jail and my freedom gives me the ability to say no thanks. What you say in the public square isn't consequence free.
I believe I specifically said that I understand my free speech has a cost. Now, I don't know if you'll get this, since my original comment seems hidden or shadowbanned from the main discussion now, which just goes to prove the point brilliantly.
What I had originally written on my personal web site was standard, old-fashioned Christian teaching about homosexuality, based on the Bible. Hate the sin; love the sinner. That sort of thing. (No, it wasn't incendiary calls to violence against people.)
If I'm not allowed to say what I want to say, by being fired by my employer and blackballed from further employment, or by being downvoted to oblivion or filtered or shadowbanned by Ycombinator or Facebook or Reddit, or having my account cancelled at the web host provider I use, what good are my Constitutional rights of freedom of speech and religion? You may find this situation wonderful because you hate what I have to say, but I think everyone should find the trend alarming.
Maybe you really are arguing that freedom of speech and religion only grants someone the right to not being jailed when all they have left is to stand, homeless, on the street corner with a sign, shouting at passerby -- and then they'll be jailed for not having a permit, or something -- but I would have thought that the Constitution meant the First Amendment for more protection than that.
And, furthermore, if it's only Christians that are being affected by these discriminations, then hasn't the government declared a side? All this talk on the left about how the US government is prejudiced against anything other than Christianity, and, yet, I have no doubt that my company would LOVE foreign nationals to preach their religion to people in the work place, when I would be fired for it, if overheard.
I believe both of my comments make it evident that I'm perfectly clear on this. In fact, I don't see how it would be possible to argue what I WAS saying without understanding this. But, hey, I've been wrong before; I will be again.
> "If I'm not allowed to say what I want to say, by being fired by my employer and blackballed from further employment, or by being downvoted to oblivion or filtered or shadowbanned by Ycombinator or Facebook or Reddit, or having my account cancelled at the web host provider I use, what good are my Constitutional rights of freedom of speech and religion? You may find this situation wonderful because you hate what I have to say, but I think everyone should find the trend alarming."
If a private employer decides to fire you because of something you said, that's not a violation of your First Amendment rights. Or are you trying to argue that the First Amendment should encompass more than government restrictions on speech? If so that's not clear from what you wrote - it sounds like you believe it already should protect that.
> "Maybe you really are arguing that freedom of speech and religion only grants someone the right to not being jailed when all they have left is to stand, homeless, on the street corner with a sign, shouting at passerby -- and then they'll be jailed for not having a permit, or something -- but I would have thought that the Constitution meant the First Amendment for more protection than that."
No one is argueing that. That's exactly what the First Amendment says (only pertains to government restrictions).
In the words in Inigo, "No, there is too much. Let me sum up."
By reason of the First Amendment and the Equal Protection clause, all manner of discrimination has been made illegal. All except discrimination against conservative or Christian speech. I fear for my job if I so much am overheard to speak on these issues in a way that would imply that I think someone else is morally wrong.
"$Company noticed an intrusion by the US Federal Agents, Border Guards, and have marked this as a compromised account. Please have your designated friend, if set, to authenticate your account."
Its now out of the persons sphere to fix, even if coerced. And companies can defend this by fact of an Acceptable Use Agreement violation itself is breaking a federal law: CFAA.
That, and it seems the only way to stop these issues now is to jam it up in legal limbo by citizens.
And if you're a permanent resident with a green card or any other type of visa, you won't be allowed in at all. All these solutions assuming you're a citizen aren't all that helpful to every other person.
That's the difference. You complied, and the company is road-blocking you.
Frankly, denying everyone at the border is probably a good thing due to the brain-drain it causes. We're not going to get saner laws without some serious economic impairments to punish these 'lawmakers' (really, religious zealots WRT to a very narrow system).
In all honesty, I'm looking at other countries that have saner laws, and less overall problems. I'm looking at the Nordic countries right now, along with Australia... But no country is free from really nasty influences of xenophobia, racism, and hatred.
There is no technical solution to this. If you want there to be no searches of your phone when crossing the border, speak to your representative in Congress and your Senator. If they don't listen, then vote for someone else or even better, run yourself.
The only way this is going to change is with a change in the law.
I appreciate the sentiment here and think that tech as an industry could do with a lot more humility about its intersection with public policy. I feel like I know the people involved in this proposal well enough to say that they agree with this as well.
The point of the travel-lock proposal is that it's actually common sense. Everyone should want this feature. It is actually weird that we walk around all the time with unfettered access to decades of personal correspondence and a detailed log of every person we've ever meet even fleetingly online. The default should be different: getting access to years-old emails or a photographic memory of every acquaintance you have should be extraordinary.
Yes, for that at least, I agree completely. I'm not sure how much the idea would do for border crossing, but just as a general mitigation of risk, it's extremely sensible.
Firstly, social media's only incentive is to make your data as widely available as possible (in the interests of ad revenue), and maintain a good relationship with the government in their jurisdiction. Every other existing "privacy" setting on Facebook, LinkedIn, etc is already obfuscated to the point of unusability, for this reason, and "travel mode" would be no different.
Secondly, lets imagine that FB did implement a watertight "travel mode" that hid your embarrassing data effectively while you were travelling. Third parties would just start capturing and storing posts while you have "travel mode" off, and sell that to CBP, or whoever else wants to pay for it.
He's pointing out what social media companies should do, not predicting that they'll actually do it. That is not naive. Imagine what would happen to the Overton window if we never talked about what people should do, even when we expect them never to do it.
Please clarify: I take your answer as a (fair) response to the first objection, but what about the other ("third parties would just start capturing and storing posts while you have "travel mode" off, and sell that to CBP, or whoever else wants to pay for it")?
Does that possibility worry you? Wouldn't that also put you in a position where you’re lying at the border?
The surveillance economy is not a magic thing that sees all, though. What's the specific way in which third parties end up with my email and private Facebook data?
Sorry, I don't use Facebook, and I applaud the initiative (as I understand it, it's about limiting the exposure).
I just think that the use of a such a travel mode could be likened to/misconstrued as the practice (perilous, as you indicate), of using a decoy account, given for example, some previous snapshots of any public/semipublic social media activity suddenly invisible for the border agents.
Just trying to get a clearer view of your proposition (I think I'm doing it, thanks for answering!)
That's a statement that's true for all sorts of issues, for all sorts of people, at all sorts of places. But what matters is whether their employer has made them responsible for solving those issues.
Facebook and Google also cooperate closely with the US government, law enforcement, intelligence services and state department. How can they be part of the solution when they're part of the problem?
If they already have unlimited access to your account, they wouldn't need to ask for the password. But ok, fine, stipulate that the US knows everything. The feature is still useful for people going to Canada.
They don't seem to be in positions of any authority though -- see eg realnames. Or maybe this is enough of a threat to the core business for them to care?
Facebook has incentives to make your data available to advertisers. That does not mean it needs to make your data available to someone who possesses a device that you accessed Facebook from. The point of the idea is that when you turn it on, your data isn't removed, it's simply not accessible via a device until it's turned off.
Ok, firstly, I think it's great that so many people are engaging on issues of privacy and at least trying to help folks understand how to mitigate their risks in these situations. Something I think that is getting missed about all this is that a lot of people are being very US and techno-centric when they create these articles. Security when travelling is about more than just digital issues.
Doing something like this requires that you consider the risks of your phone seizure versus the risks you may face without your primary smart phone. If your an activist flying from London to D.C then fine. But what about if your an activist flying from D.C to the D.R.C and back - then your threat model changes from potential TSA problems to physical security threats.
For just one example of this, let's say you ask people to ditch their phones and take a burner because of a potential risk at the US border. Now you have removed one of the best devices for the person's physical security - a smartphone that can update people about security alerts, about local news, weather, disease risk, riots (e.g the stuff we put in the Umbrella App dashboard - shameless plug -> https://www.secfirst.org), share data amongst groups of people on the ground, can send GPS alerts in a emergency, can help them navigate if there is a problem, has a flashlight on it in darkness, has access to emergency contact details, insurance information, medical data, nearest hospitals etc. Now, your relatively low likelihood/low impact potential digital security risk at a US border has overridden the low/medium likelihood but high impact physical security risks...
Ditto it's important to thing about basic tactical things like that people are lazy, data is expensive and they will often not bother to restore the most important contacts and information that they may need when they travel, which can be a problem in an emergency...
Again, it's great to see people engaging on security issues but please be aware of the threat model, context and consequences of what you are trading off.
> a smartphone that can update people about security alerts, about local news, weather, disease risk, riots, share data amongst groups of people on the ground, can send GPS alerts in a emergency, can help them navigate if there is a problem, has a flashlight on it in darkness, has access to emergency contact details, insurance information, medical data, nearest hospitals etc.
I'm confused about why you're implying a burner/temp travel phone can't do these things. You can get a cheap & fully capable android phone at best buy for $40
I think you could easily justify something like this as a "travel mode" not just for border security, but "in case your phone is lost/stolen while traveling". Make it so you have full or enhanced access to very recent stuff (photos, status updates, etc.) from the trip itself, and don't have access to as much from before the trip. Help defeat localization settings in the place where you're traveling, and get tourist/visitor-specific ads instead of local ads. Value for the user (usability and safety) as well as for the social media network and advertisers.
The other form of this which would make sense: worksafe mode or public mode. If you're logging into your facebook/twitter account from a public computer, perhaps it doesn't have as full and unlimited access, and doesn't have access to non-reversible account actions, and strongly logs out. If you're logging in from a place defined as "work", it doesn't have notifications, certain groups, etc. (the "giving a meeting presentation on your laptop when a racy notification from spouse pops up" problem).
It's not like they couldn't make you turn travel mode off if they wanted to. How about pushing for a law closing this 4th amendment loophole at the borders, at least for citizens?
Not that it'd do much. If the border agents really want to see one's social media accounts, I have zero doubt they can get that data from other government agencies. In fact, they probably already have it. It sounds to me like they're just trying to assert their power and dominance over the people whose accounts they are demanding access to as a way to get off on intimidating others. Pretty typical behavior by law enforcement officers the world over.
The idea is that they cannot in fact make you turn travel mode off, because travel mode doesn't turn off. It's a time lock. The point is that while locked, Facebook and Google Mail are still usable; they just don't have your whole history available on them.
If we stipulate that your second paragraph is true, then travel mode is in fact a complete countermeasure to that behavior. (I don't think it's true).
> “They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through.
Technological countermeasures don't seem to work. Sure, they work in the sense that they protect your data, but if the border guy doesn't like you, technology won't save you. You will be sent on your way.
The idea is that it would be common, like not carrying large amounts of cash. There are good reasons for it other than limiting border searches.
Some people have suggested making travel mode invisible, but it might be better if it showed the start and end dates. Customs will ask anyway, but if the time period covers the entire trip, there's less reason to search the account.
No, again, the point of the travel lock isn't that you can't use Facebook at all, but rather than your history and social graphs are restricted. For most ordinary purposes, Facebook will probably get more usable while travel-locked.
Yeah. Everyone* would be able to see what I’m posting during my trip (which itself could be dangerous…), but no one could see the history until after the trip.
* who is normally allowed to see what is posted in the first place.
Exactly - the correct solution is that border inspection of luggage (for contraband) NOT be considered a legal basis for searching my information storage.
Warrantless search of gadgets / accounts should be prohibited for citizens. For non-citizens, it should require a significant justification.
Finally, NONE of the data examined at the border should be stored for longer than necessary to reach a go/no-go determination.
While you get to work on repealing 223 years of jurisprudence about border searches, how about we explore things tech companies can do in the immediacy to mitigate their impact?
I think that would be difficult to achieve. If it's minimal enough to achieve the goal, it's minimal enough to look like travel mode.
If the only goal is to refuse them access to your account, you can do that already. Your devices will be confiscated, non-citizens will be refused entry, but you can do it if your device encryption is strong enough.
The goal here seems to be to give you the ability to get through the border without giving up your information. If it looks like "trip mode", it's failed at that goal, and I'm not sure it's possible to make it both mainstream and stealthy enough to work.
I don't think any part of the proposal depends on it not being possible to detect whether an account is travel-locked, but I'm curious about why you think it's so straightforward to tell if an account is locked?
Surely, if this became popular, CBP would simply start asking aliens seeking entry whether their accounts were travel locked. And the standard advice would be, "never lie to CBP".
But I'm still curious about why you think this would be so obvious.
Citizens AND permanent residents. For some reason everyone is just saying citizens. But the whole intention of asking for access to people's accounts is meant to be for verifying they are complying with their visa. [1] E.g. Similar to looking through someone's documents as they cross and seeing a letter that's an offer of work would be cause for refusal if they weren't entering with the correct work permit.
But in the case of citizens and permanent residents both have no cause for this kind of verification. They're allowed to enter for any purpose. So at the very least citizens and permanent residents should not be searched.
[1] I'm not defending the practice or saying this is how it's actually being used, but it is the only actual reasonable justification CBP have for the practice of searching phones.
If they get your password can't they just turn of travle mode for you? Or wait until you do the same? I don't know that there is a technical answer here accept wiping your phone/laptop before you go through customes.
The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.
Wiping your stuff does no good at all. As pointed out in the article, they know who is on the flight hours before you land. They'll know you have a Facebook profile. The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them. Ignorance isn't an escape clause.
Which is, I think, the same problem Maciel's solution faces. Border patrol can possibly just see that you've enabled "trip mode" (by the anemic presence) and put you back on a plane. You're welcome to try again after your trip mode expires, but if they want to see your account, there is, as sure as mathematical logic, no possible "out". Anything you do to deny them that access can be grounds to refuse you entry (if you're a non-citizen).
You're right that the only real solution is a political one. Unfortunately, there are no political solutions to any problem anymore. Not in the US at least. The days when government was even interested in solving problems are gone and I doubt they're ever coming back.
If you're an at-risk traveler, you'd enable travel-lock pretty much as soon as you decide on your itinerary, potentially before you ever get on an airline manifest.
The thing I think I see a lot of people missing here is that travel-lock doesn't wipe or disable your accounts; it just restricts history and breadth. For a lot of people, I think these services will get easier and more pleasant to use while travel-locked, so it's relatively painless to give yourself a generous margin before departing and after arriving.
Sure. But a setting that said "always on mobile" and another one where they schedule it for me based on my airline emails makes uptake faster.
And I want that when I'm traveling anywhere.
[later] we want to normalize the idea that access permission to our data is context aware based on what we are doing. To me this is true independent of border crossings. For instance there are things I want in the cloud for backup purposes that I don't want be able to access from anywhere but home normally.
Into their gmail accounts? That seems a little unlikely short of 'looking for any excuse to deny you entry' and there's no technical defense against that.
> The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them.
No, that's not how it works. Border agents are entitled to "search" your laptop. They can't force you to retrieve arbitrary data from a remote server.
All this with the caveat that they can, of course, refuse non-citizens for basically any reason.
> The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them.
I have no idea what most of my passwords are. They're complex strings of ASCII stored in an encrypted file on my personal machine and a few backups. If I travel internationally, I can just leave my personal machine at home.
I don't think that gets you entry into the country though. There's not much difference between can't and won't. I suppose, that if you were a citizen, you could take that up with a judge, but if you're not, you don't even get the opportunity.
> To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it’s set. There’s no sense in having a ‘trip mode’ if the person demanding your password can simply switch it off, or coerce you into switching it off.
The point is to make it impossible even for the owner to disable the lock, so there isn't even a conversation to be had about whether you're a phone call away from getting a family member, friend, or neighbor to read off the passcode to open access to the account.
What about a location or IP-lock? That way the only way to unlock it is to literally bring it to a location inside the US, where Constitutional protections do apply.
Then if border agents really want to get in to a particular individual's device, they'll just detain them (or seize their device) until trip mode automatically turns off.
They would be required to detain people for an indeterminate amount of time, potentially weeks. The idea is that it's impractical (and also illegal) for them to do that. If enough people travel-locked their accounts, invasive social media monitoring would be off the table.
Indeterminate? Being a non-citizen with a one way ticket is already pretty good cause for being subject to high scrutiny - this would likely tip the balance in favor of refusal.
Most people have return tickets. So (and don't think for a second I'm in favor of this) they'd know exactly how long your detention would need to be.
Would they? If someone is traveling for a week and presets their social media account to be in travel mode for 1 week, wouldn't they then just need to be detained for a week until the lock expired?
My gut feeling is that non-US citizens are more likely to be affected by this CBP policy than US citizens. Don't get me wrong here, happy if some solutions works for some subset of people, but as a non-US citizen I want something that works for me.
Hey, you have any easy solution: never ever visit the US. The overwhelming majority of non-citizens passing through the border are on some kind of temporary visit, so it's relatively easy to choose to stay the hell away.
That's a very defeatist position (not to mention that this policy is emulated, or will be soon emulated by many other countries). Isolationisms won't help neither the political situation in the world at large, nor the situation in the US right now. The US is a great place to visit, a great place to do business in, and a great place to live in. Not to mention that many, many people that are affected by this policy are non-citizens that are in the process of becoming a citizen (either formally, or not started yet). Or many are employees of some US company living in some other country.
My parents and my partner are in the US. They have lived there for 27 years, but I am not a US citizen. Are you telling me that I should just give up on my family?
A significant part of why things are bad for non-resident aliens is that protecting your social media accounts is abnormal, so doing it flags you as an anomaly.
But that's not because people don't want to protect their social media accounts. You could probably make decent money with a "travel lock" product that groomed your accounts this way, in fact. The reason nobody does it is that the big cloud services don't offer this as a built-in feature.
So this is a case, it seems to me, where helping citizens will have a knock-on effect of also helping non-resident aliens.
No, but they can "tip off" law enforcement who will tap you on the shoulder as soon as you leave the customs area and start the clock again, with different rules.
> The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.
Considering the tiny percentage of Americans that travel overseas or even hold passports, I'm not sure a political solution is realistic. I think we might be outnumbered by the people who don't care about such privacy issues because it will never affect them.
Instead of that, I'd like a way to clone everything on my phone and save it on a USB. Every app, logins, contacts, photos, settings, factory updates, wallpaper, lock screen password, everything, in an encrypted archive that I can put on a USB in my checked baggage, or mail ahead to my destination, upload to my personal server, whatever. Then I'll just do a factory reset, install some cover apps, and go. Then reinstall my backup when I get where I'm going.
The Android backup feature that comes with the phone backs up contacts and photos, but it's very incomplete. Settings, saved logins, and other stuff gets lost. You have to reinstall swype every time. It's too inconvenient to use the way I've described. Other phone cloning apps exist, but a cursory google search only finds ones that require two phones, rather than a phone and a PC.
On a rooted Android device, TitaniumBackup can be used this way (not factory updates, but those don't get wiped by factory reset anyway).
However, it doesn't solve your real problem, which is that you can be compelled to log into your social media accounts in the presence of the border control officers. You can do that from the browser on a wiped phone, or on their equipment.
Yeah, it's true. I guess it would be one part of a strategy. Mine also involves saying "pardon me?" a lot and telling them that I'm deaf. 98% of people in uniform don't have the patience to try to communicate with a deaf person, and just tell me to move along. Also, they probably won't believe that I don't have facebook or email, but I can avoid telling them about things like okcupid, instagram, and disqus logins at least long enough to delete those accounts if I do get searched. Like any security, it's more of a deterrence than an absolute block.
Why not go further with the idea of a Travel Mode toggle and have it be tied to the device itself. This cuts out any possibility of any data being left on the device from being analyzed easily, social media or otherwise.
Google and/or Apple could add this as a new menu toggle similar to Airplane mode. Once switched on, while in an airport, prevents the device from being unlocked. Then by utilizing geofencing, once the device leaves the airport it unlocks and can be used again.
I'd been thinking about a similar thing: a "limited access for border guards" mode.
Basically, you can turn over the phone to border guards in a way which gives them access to what is on the phone, but which logs actions, and allows you to easily revert/revoke any changes they make. (This would also be a mode you'd turn over to an employer demanding access).
Potentially this mode might also block access to certain things (secret FB groups, archives over a certain age, some chat logs), but would otherwise be fully functional.
The benefit would mainly be that all actions taken would be logged and reportable, as a way to try to keep authorities from poking in places they shouldn't. It seems they are NOT mostly using forensic imaging tools, but logging in directly on the devices, at least right now, so there would be some value.
They could. CBP can deny any non-citizen entry for just about any reason. They could just start denying all non-citizens all the time, so why don't they? Because it would hurt business, tourism and other countries would retaliate and refuse US citizens entry. That is the power we have. The time to start using Travel Mode is now, before demands for passwords becomes stand procedure at the border.
Or how quickly Facebook/Google/Twitter would comply with some classified FBI/NSA directive to provide the data anyway.
The first mistake is trusting these networks with your personal life in the first place. Nothing can erase that except your ability and willpower to keep your secrets to yourself.
Illegitimate government actions are sort of out of scope for this discussion though (which is about convincing companies to mitigate legitimate government actions).
As for your second point, there's no going back for an awful lot of people. And holding that aside, it's a sad world where using a computer to communicate is somehow a mistake.
Note that CBP does not have access to all the data NSA has gathered. If they did, we wouldn't be talking about this at all; they'd already have everything they wanted.
I've already accepted that if the NSA is interested in me, they'll acquire _any_ cloud hosted data about me (and if they're a little more curious, most likely every bit of non-cloud data stored on my personal hardware too).
I _still_ want to be able to defend myself and the people in my social graph against a bored/curious/vindictive/power-tripping CBP agent looking for excuses to meet their "must reject at least $N bearded border crossers per shift" quotas...
> It's not dysfunctional communication, it's legally mandated boundaries enforced by an independent judiciary.
Do you really think that wouldn't dissolve in the face of "we already have the information, we're just improving communication between government organizations"? They shouldn't collect the information in the first place.
I feel it would be quite obvious looking at your device and it's lack of data that such a feature was in force and they would just deny you entry. Nice idea but the problems need fixed in law. IMO technical solutions are just temporary bandaids.
Your device can be confiscated for much longer, of course. You could take that time difference and hopefully permanently wipe account data before the lock expired, but that has the drawback that it's terribly inconvenient for you and causes the government no great concern at all, so it might simply become routine procedure.
It is worth noting that while social media represents a significant threat to ordinary travelers, the potential for significant harm through indirect leaks exists through retained professionals as well.
I'd love to see travel modes take off. I was talking with some friends about how great it would be to be able to switch my login credentials to some sort of shared multiple person-required password for the duration of a flight. Like Shamir's Secret Sharing, but temporarily.
What, exactly, has been gained from the days of just posting on anonymous message boards and using email?
Nothing but giving unimaginable power to creepy guys like Zuckerberg and the ability for governments and employers to track your entire life. I'll pass.
What if the phone can be put into "suck mode" that just makes it completely infuriating to get any information from for a while after you've flown a long distance in a plane?
Sure, you can open Facebook and stare at a loading icon until you give up. You can go to a profile page and see images that are failing to load. At some point you're going to stop wasting everyone's time.
The reason this is better than just a "trip mode" is that it's so banally realistic. Of note: because of the weirdness of connecting to cell networks after having moved thousands of miles in airplane mode, most phones I've owned already do this to some extent.
2FA, for services that support it, with the second factor being a device that isn't with you when cross the border would be a solution that would be near absolute in prevention of logging in at the border, whether from your own device or a CBP-controlled device (of course, it wouldn't prevent you from any consequences CBP applies to not logging in.)
Of course, there's a question of the risk to that device, which somehow has to cross the border separate from you, which creates its own ream of problems (you could protect the access to that device with 2FA that uses the device you do keep with you, which mitigates the security risk of loss, but you still risk losing access to the services it protects if it is lost in transit; obviously, you want to make sure your 2FA has a recovery process and one that isn't usable from arbitrary locations or the device you carry across the border, but will be usable by you when you get home, at least.)
Can you set up Facebook to require 2FA when you log in from a mysterious new device? And configure 2FA so it'll fail to reach you while you're traveling?
Edit: Actually, a sufficiently robust Suck Mode would make 2FA impossible. And I think all you have to do to get there is configure your cell network settings wrong, set Boingo Wireless as the top Wi-Fi SSID to connect to, and not pay for Boingo.
There are many good ideas here and I'll even wager that a 'trip mode' of some sort could even produce benefits outside of the held-at-the-border use case. It really does seem silly at retrospect that these tech giants have decided the default needed to be "expose all of the connections"
In fact, the border case is just an edge case. You also want your accounts protected if you lose your unlocked phone, have it stolen, have your password stolen, log in on a dodgy public computer, plug in an infected USB stick, or leave your laptop unattended in the wrong hotel room.
This isn't very different from refusing to provide login credentials. Sure, turning travel mode on and off could require keys, which are present only on primary devices, which are left at home. So there'd be no need to lie.
However, foreigners would likely be turned back. Because using travel mode is arguably evidence of hiding stuff. And citizens might still be detained. It seems unlikely that they'd send agents to homes, to turn off travel mode. But it's arguably not impossible.
I don't want to take my digital possessions through customs if they can request access or deny me.
I don't want a burner that is subpar and I can't afford another phone with great camera etc.
So, I can see two options:
A virtualbox/dualboot where you run two OSes of your devices with full encryption - and one is a dumb/fake install with no personal data that you enable when traveling. It doesn't login to your mail or your facebook and doesn't have your real contacts, photos, passwords on it. You can do this trivially (still for the technically savvy) for a laptop, probably for an android it is not too hard with a custom bootloader. If you were more paranoid, you could create 'dumb' social media accounts, but that starts being time consuming.
Second option is you make an encrypted snapshot of your system before travel. Then you reset / wipe your system before traveling, and then reload the snapshot once you are through customs. This could be done more securely by not actually taking the snapshot on physical media across borders, but storing on a server and downloading once you are through customs. The downside of this is you need data access during travel.
As an aside, I am curious how they would react to someone like me who has no social media accounts. Do I need a fake one to make me look 'real'?
If you legit don't have a Facebook account, you're fine. The problem is that most people do have them, and it's an extremely bad idea to try to sneak them past CBP.
An article with an interesting suggestion and a noble goal but I'm not the first one to say it:
Technology cannot solve the problem we currently face with erosion of privacy at the border! These clever tricks trying to get around the issue only kicks the problem downfield, and likely won't effectively work. If they found out you have travel mode enabled - you may be denied entry or worse (note the comment from @mholt) - they would just detain you until the time lock runs out.
Our border patrol isn't "similarly vigilant". That's a meme being spread by a very dedicated account on HN, probably to seed the grounds for a lot of "whataboutism".
What is actually needed is a dead man's switch: a secondary password that, when entered, destroys the security enclave/TPM to render the device unreadable
Social media doesn't need a travel mode. Non US citizen just stop travelling to the US whilst the country is violating human privacy rights at border control.
How do you turn a travel mode off? Once border patrol knows this feature exists and how it works, the jig is up. Any expiration/timeout would just cause you to be detained for the duration the travel mode is enabled. A second password to turn it off would just cause that second password to be coerced out of you. Location-based deactivation can be spoofed.
> To work effectively, a trip mode feature would need to be... irrevocable for an amount of time chosen by the user once it’s set. There’s no sense in having a ‘trip mode’ if the person demanding your password can simply switch it off, or coerce you into switching it off.
That's fine for US citizens entering the US, but any 'travel mode' needs to work for the outbound trip too. If the country you're visiting has adopted a US-style border stance, then you're in no better a position than a non-US citizen visiting the US: the border forces of that other country can detain you until travel mode expires if they want. It seems like "They can't hold me for days while they wait for the mode to expire" only works for citizens returning to their own countries.
More likely they'd just send you home. Either way, denying people entry is bad for business and tourism. If enough people want to protect their accounts when they travel, countries will have to weigh the trade-offs.
Sure, it is bad for business. It will likely be used disproportionately on brown people and minorities, just like "random" screenings at the airport. Yes, bad for tourism, but only consistently bad for a minority of the population and most others just have to take of their shoes etc.
Would basic geoblocking help? A setting that says this account cannot be accessed outside your home country? Has the plausible deniability of "security". VPNs can also be effectively blocked if the same lists Netflix etc subscribe to are used.
Maybe I'm missing something, but I don't see how this is any different from refusing to provide your password. Border Patrol may just detain you regardless of whether the issue is you aren't providing your password or you decided to make your device less accessible before going on your trip. Both are forms of trying to prevent them access to your device, which they won't like. The real solution seems to be changing the laws that allow them to get away with what they're doing.
I think social media and gmail are a complete lost cause wrt privacy. I already de-activated my facebook due to it being a time sink. But I think I'll go ahead and delete it now.
One thing about Facebook culture is that the employees there see themselves as fanatical guardians of privacy. It's a very strange belief system, but it's real.
I love this idea, but it also needs to be discussed within the context of knowing that (since Snowden) the NSA already has all your social media data categorized and ready to go should it need.
So, in context, this is about stopping one branch of government - CBP - from being able to compile data that another branch of government already has.
I love the idea but worry it might be a form of security theater, given the three lettered elephant in the room.
What if you changed your password to something really long and not memorable before you leave home? Print it out on a piece of paper and leave it in a safe. You can't be forced to produce a password you don't remember. When you get home, open the safe and change your password back to something you know.
Cell phones often have 4G connections but if they're on wifi or laptops on wifi, we could collect the IPs of all airports and present the travel mode by default.
Phones could use GPS to detect when their in/near airports and inject an X-Travel-Mode cookie into HTTP requests.
The simplest solution would be simply to not to travel to the US. I'm sure it wouldn't be long before the airlines & hotels were lobbying for a change in the law.
Didn't Moxie come up with something like this a while back? It was a bit of a non-starter since you had to install a custom version of Android in order to get it work
> We need a ‘trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home.
Border security officer: I see you have trip mode on. Turn it off, and give us the phone, or you're not getting into the country.
A week? 2? I don't think technology changes are the right approach here, but you wouldn't be setting travel mode for a duration equal to transit time through an airport.
In particular, it needs to be normal enough that a significant fraction of all travelers do it. The feature can't be marketed as a protection for at-risk travelers, but as a common-sense safety mechanism useful to all travelers.
I think it's crazy that people walk around with phones that have access to years of email communications, and that even in the happiest timeline we could have ended up on after 2016, features like this are long overdue.