[Excuse me while I rant…]
I’ve never been out of the country, so I’ve never had to deal with the U.S. Customs Service (or whatever self-important name these tax collectors are using lately), but I hate the whole organization on principle anyway because they’re a bunch of weasels who insist on conducting unjustified searches of United States citizens.
Police need a warrant to search our homes, and even when we’re driving there are standards they have to meet—not very high standards, to be sure, but standards nonetheless—but when Customs employees want to search our bags, our vehicles, or even our persons, they can do it for any reason. It’s all right here:
A U.S. Customs and Border Protection (CBP) officer’s border search authority is derived from federal statutes and regulations, including 19 C.F.R. 162.6, which states that, “All persons, baggage and merchandise arriving in the Customs territory of the United States from places outside thereof are liable to inspection by a CBP officer.” Unless exempt by diplomatic status, all persons entering the United States, including U.S. citizens, are subject to examination and search by CBP officers.
In fact, they can even search us when they have no reason:
Essentially, COMPEX examinations involve random selection of vehicles and/or air passengers that ordinarily would not be selected for an intensive examination. By combining the results of these examinations with the results of targeted examinations, CBP is able to estimate the total number of violations being committed by the international traveling public.
In other words, they search us just to gather statistics.
I don’t know who is responsible for creating this reprehensible insult to our freedom, but I say it’s tyranny, and I say to hell with it.
Now that I’ve got that out of my system, the issue I really wanted to write about is the information search, which allows the customs weasels to search your laptop. Jayson Ahern, Deputy Commissioner of U.S. Customs and Border Protection, explains this in a document entitled “Laptop Inspections Legal, Rare, Essential”:
First, it’s important to note that for more than 200 years, the federal government has been granted the authority to prevent dangerous people and things from entering the United States. Our security measures at the border are rooted in this fundamental fact, and our ability to achieve our border mission would be hampered if we did not apply the same search authorities to electronic media that we have long-applied to physical objects–including documents, photographs, film and other graphic material. Indeed, there are numerous laws that apply to such material at the border including laws regarding intellectual property rights, technical data that can be imported or exported only under state department license and child pornography.
First of all, none of these things—electronic media, documents, photographs, film, graphic material, technical data, child pornography—count as “dangerous people and things.” It’s just data. Magnetic fields on a spinning disk, with no meaning other than what we give them.
Second, this argument is rejected everywhere else. Of course people could bring bad stuff into the United States. Everybody knows that. But we’re supposed to have rights, and these rights are supposed to protect us. The same bogeymen—copyright infringement, restricted technical data, child pornography—could be used to justify unrestricted searches within the border as well, but we recognize that our rights are too important to allow government functionaries to crush them on a whim.
Now that I’ve got that out of my system as well, the real reason I started writing this is a post by Bruce Schneier about encrypting your laptop before you cross the border:
Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data — encrypted, of course — on websites and then downloading it at the destination. I have never liked either solution. I do a lot of work on the road, and need to carry all sorts of data with me all the time. It’s a lot of data, and downloading it can take a long time. Also, I like to work on long international flights.
There’s another solution, one that works with whole-disk encryption products like PGP Disk (I’m on PGP’s advisory board), TrueCrypt, and BitLocker: Encrypt the data to a key you don’t know.
Schneier goes on to describe a system for encrypting your data so it can be unlocked by either of two keys, one of which is easy to remember, and the other of which is a long string of random gibberish far too long to remember. Make sure someone back home has the long one (and test it to make sure it works) but go on using the short one normally while you travel. Then, just before you hit Customs, delete the short password. Your data is now encrypted to a password that you honestly and truly do not know.
It’s simple and brilliant and technically correct.
But somehow, it all sounds like geek law. It assumes that cops and lawyers and judges are bound by rules—rules of law, rules of technology, rules of nature—and if we do everything just right, we can slip by without them laying a hand on us.
That’s how it’s supposed to be, but it doesn’t always work that way. Cops aren’t supposed to confiscate cameras from people who take pictures of them, but sometimes they do. Judges aren’t supposed to allow testimony about a suspect’s refusal to answer questions, but sometimes they do.
It makes perfect sense to me—and to anybody else familiar with the technology—that border agents shouldn’t be able to compel you to provide an encryption key, even if you know it. Like it or not, they’re free to examine the hard drive, but they have no right to ask for information in your head.
There are problems with this beautiful idea. For one thing, there’s what cryptologists sometimes refers to as “rubber hose cryptography”:
I’m not sure how far the U.S. government will go to get a peek at your laptop—the internet is surprisingly vague on actual Customs responses to encrypted data—but since they have all the guns and all the jails—and there’s no Fourth Amendment at the border—I imagine they can take it pretty far. It’s well established that they can grab your computer and keep it a few months while they investigate.
They can also refuse to let you enter the United States. You can probably fight that, but you’ll be stuck outside the country while you wait.
It’s not just criminals and libertarian weirdos who worry about this. It’s anybody with data they don’t want seen by random Customs employees—family finances, proprietary business data, confidential medical information, naked pictures of girlfriends. Just because it’s legal doesn’t mean you’re okay if everyone sees it. Some corporations go so far as to provide employees with special scrubbed computers when they travel outside the country, just so proprietary data never falls into unsafe hands.
I hate it that Americans have to worry about totalitarian crap like this.