[MikeD]

Seems like a lot of people don't actually understand what rights to privacy are...

-----
Posted January 06, 2008 10:26 PM
http://www.nytimes.com/2008/01/07/us/07bar.html?ref=us

If Your Hard Drive Could Testify ...


By ADAM LIPTAK
Published: January 7, 2008

A couple of years ago, Michael T. Arnold landed at the Los Angeles International Airport after a 20-hour flight from the Philippines. He had his laptop with him, and a customs officer took a look at what was on his hard drive. Clicking on folders called “Kodak pictures” and “Kodak memories,” the officer found child pornography.

The search was not unusual: the government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer’s hard drive, the government says, is no different than looking through a suitcase.

One federal appeals court has agreed, and a second seems ready to follow suit.

There is one lonely voice on the other side. In 2006, Judge Dean D. Pregerson of Federal District Court in Los Angeles suppressed the evidence against Mr. Arnold.

“Electronic storage devices function as an extension of our own memory,” Judge Pregerson wrote, in explaining why the government should not be allowed to inspect them without cause. “They are capable of storing our thoughts, ranging from the most whimsical to the most profound.”

Computer hard drives can include, Judge Pregerson continued, diaries, letters, medical information, financial records, trade secrets, attorney-client materials and — the clincher, of course — information about reporters’ “confidential sources and story leads.”

But Judge Pregerson’s decision seems to be headed for reversal. The three judges who heard the arguments in October in the appeal of his decision seemed persuaded that a computer is just a container and deserves no special protection from searches at the border. The same information in hard-copy form, their questions suggested, would doubtless be subject to search.

The United States Court of Appeals for the Fourth Circuit, in Richmond, Va., took that position in a 2005 decision. It upheld the conviction of John W. Ickes Jr., who crossed the Canadian border with a computer containing child pornography. A customs agent’s suspicions were raised, the court’s decision said, “after discovering a video camera containing a tape of a tennis match which focused excessively on a young ball boy.”

It is true that the government should have great leeway in searching physical objects at the border. But the law requires a little more — a “reasonable suspicion” — when the search is especially invasive, as when the human body is involved.

Searching a computer, said Jennifer M. Chacón, a law professor at the University of California, Davis, “is fairly intrusive.” Like searches of the body, she said, such “an invasive search should require reasonable suspicion.”

An interesting supporting brief filed in the Arnold case by the Association of Corporate Travel Executives and the Electronic Frontier Foundation said there have to be some limits on the government’s ability to acquire information.

“Under the government’s reasoning,” the brief said, “border authorities could systematically collect all of the information contained on every laptop computer, BlackBerry and other electronic device carried across our national borders by every traveler, American or foreign.” That is, the brief said, “simply electronic surveillance after the fact.”

The government went even further in the case of Sebastien Boucher, a Canadian who lives in New Hampshire. Mr. Boucher crossed the Canadian border by car about a year ago, and a customs agent noticed a laptop in the back seat.

Asked whether he had child pornography on his laptop, Mr. Boucher said he was not sure. He said he downloaded a lot of pornography but deleted child pornography when he found it.

Some of the files on Mr. Boucher’s computer were encrypted using a program called Pretty Good Privacy, and Mr. Boucher helped the agent look at them, apparently by entering an encryption code. The agent said he saw lots of revolting pornography involving children.

The government seized the laptop. But when it tried to open the encrypted files again, it could not. A grand jury instructed Mr. Boucher to provide the password.

But a federal magistrate judge quashed that subpoena in November, saying that requiring Mr. Boucher to provide it would violate his Fifth Amendment right against self-incrimination. Last week, the government appealed.

The magistrate judge, Jerome J. Niedermeier of Federal District Court in Burlington, Vt., used an analogy from Supreme Court precedent. It is one thing to require a defendant to surrender a key to a safe and another to make him reveal its combination.

The government can make you provide samples of your blood, handwriting and the sound of your voice. It can make you put on a shirt or stand in a lineup. But it cannot make you testify about facts or beliefs that may incriminate you, Judge Niedermeier said.

“The core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt,” Michael Froomkin, a law professor at the University of Miami, wrote about the Boucher case on his Discourse.net blog.

But Orin S. Kerr, a law professor at the George Washington University, said Judge Niedermeier had probably gotten it wrong. “In a normal case,” Professor Kerr said in an interview, “there would be a privilege.” But given what Mr. Boucher had already done at the border, he said, making him provide the password again would probably not violate the Fifth Amendment.

There are all sorts of lessons in these cases. One is that the border seems be a privacy-free zone. A second is that encryption programs work. A third is that you should keep your password to yourself. And the most important, as my wife keeps telling me, is that you should leave your laptop at home.

 

[MikeD]

At first glance, I agree with the court that it's no different than carrying paper. By voluntarily crossing the border, you consent to a search as a condition of entry. Don't like it? Don't cross the border, or don't cross the border carrying anything that you wish to keep protected by your reasonable expectation of privacy. Just because it's electronic and/or password protected doesn't mean it's special. People carry around a lot of personal info on laptops, but that's a fact of technology, not law. No one's forcing you to carry it around, and if it's especially private, well, KEEP IT PRIVATE.

And providing the password is a legit condition of entry to the country, just like allowing access to a locked container in your luggage.

However, I also agree that requiring the guy to provide the password NOW is a 5th amendment violation. He provided it as a condition of entry. The LEOs failed to document the criminal aspect of it at the time while they had the consent of the owner, who provided the password. (photograph the screen, copy it, obtain a written confession). Not a knock on them, but a simple fact.

He's able to withdraw consent to a search whenever he wants. (Even at the border...he just won't be able to enter the US.) And he can't be forced to offer testimony against himself. Things like fingerprints or ID aren't testimony--but a computer password certainly is. It's a communication, not a passive identifying detail of an individual which can be seized by court order.


"National security" interests mean pretty much anything is open to being searched at the border. (Print and electronic records could improperly contain classified material or show a relationship to known terrorists, whatever...it's not a simple search for immediately apparent dangerous items.)

However, to contradict my previous statement, I do have a concern about the electronic age's efficiencies of scale, and we may have to begin addressing some of this.

Ie, warrantless surveillance of an individual in public is permitted. A cop can follow or watch anyone not in an area protected by REP, even without suspicion. And you could say surveillance cameras are simply a way for cops to expand their efficiency in places where surveillance is legal. This is, at least in part, because cops are few compared to the population, and we naturally assume they're going to do what they're charged with--catch and deter criminality. However, cameras enable an efficiency that becomes intrusive, IMHO, even in public. If there were enough cops to shadow every US citizen in public all the time, I think the SCOTUS would re-think what criteria are necessary for a cop to watch someone. Cameras make that a possibility.

Similarly, seizing, recording, and cross-referencing every telephone # on everyone's cell phone as they cross the border gets into dangerous territory for me. So where do we start drawing lines? I think the search at the border should perhaps be partitioned from intelligence-gathering operations...then again, you lead to absurd territory there, where one part of the government can't legally talk to another, even if there's a potentially imminent threat.

There are technological work-arounds for some of this stuff, too, though. Companies with trade info they wish to keep entirely private no longer store it on employee laptops...they store it on encrypted websites.

 

[syadasti]

However, to contradict my previous statement, I do have a concern about the electronic age's efficiencies of scale, and we may have to begin addressing some of this.

Ie, warrantless surveillance of an individual in public is permitted. A cop can follow or watch anyone not in an area protected by REP, even without suspicion. And you could say surveillance cameras are simply a way for cops to expand their efficiency in places where surveillance is legal. This is, at least in part, because cops are few compared to the population, and we naturally assume they're going to do what they're charged with--catch and deter criminality. However, cameras enable an efficiency that becomes intrusive, IMHO, even in public. If there were enough cops to shadow every US citizen in public all the time, I think the SCOTUS would re-think what criteria are necessary for a cop to watch someone. Cameras make that a possibility.

Similarly, seizing, recording, and cross-referencing every telephone # on everyone's cell phone as they cross the border gets into dangerous territory for me. So where do we start drawing lines? I think the search at the border should perhaps be partitioned from intelligence-gathering operations...then again, you lead to absurd territory there, where one part of the government can't legally talk to another, even if there's a potentially imminent threat.

There are technological work-arounds for some of this stuff, too, though. Companies with trade info they wish to keep entirely private no longer store it on employee laptops...they store it on encrypted websites.

Privacy in the US is gone already so its not surprising.

For our communication infrastructure its all traffic not just traffic at the border. Telecoms will probably get immunity. The government already scans all US network traffic at the regional switches. They don't use top secret equipment either:

http://blog.wired.com/27BStroke6/att_klein_wired.pdf

http://www.pbs.org/now/shows/307/mark-klein.html

http://en.wikipedia.org/wiki/Narus - http://www.narus.com/solutions/intercept.html

http://www.narus.com/products/index.html

 

[jimmydean]

I would never consent to search my drive, though. You can turn it on, scan it for explosives, but I'm not letting anyone browse files without a warrent.

 

[MikeD]

I would never consent to search my drive, though. You can turn it on, scan it for explosives, but I'm not letting anyone browse files without a warrent.

Then you're not entering the country.

Why is your hard drive different than a locked box of papers? Don't you think it's acceptable for the border officials to look in a locked container in someone's luggage? (And turn away someone who does not consent to such a search if they can't open it?)

Like I said, the border search is NOT a limited search for immediately apparent dangerous items.

The electronic format of your information does NOT privilege it, and there is NO legally established REP at the border. Never has been--this isn't something new.

 

[syadasti]

If you setup your HDD multiboot with some encrypted partitions you'd probably throw people for a loop on multiple levels - ie use a boot loader with a commented out boot option and leave the sensitive information in another OS with encrypted file system that windows won't see and/or in a hidden partition that requires a proprietary application to access. You could change the boot process however it suits the application so the OS with the information and application you need is not normally visible.

You could probably setup a script to run boot and nuke after a number of unsuccessful logins attempts (similar to the default blackberry security policy).

Organizations/companies with sense keep their sensitive information off laptops and lock them down to begin with and shut down risky services like USBSTOR/etc.

USB storage is so common these days - people should just store their sensitive information in unlikely places like their iPOD/MP3 player/iPhone or a small easily hidden flash memory chip/USB stick.

Here are some various free Internet privacy tools - especially good for use on unknown public networks like open wifi/hotel ethernet/etc.

EFF's Tor:
http://www.torproject.org/torusers.html.en
http://xerobank.com/xB_browser.html (AKA Torpark)
http://archetwist.com/opera/operator

JAP:
http://anon.inf.tu-dresden.de/index_en.html

Spammy one (they probably sell information/access to various companies/government, heh):
http://anchorfree.com/downloads/hotspot-shield/

 

[jimmydean]

Then you're not entering the country.

Why is your hard drive different than a locked box of papers? Don't you think it's acceptable for the border officials to look in a locked container in someone's luggage? (And turn away someone who does not consent to such a search if they can't open it?)

If they have probable cause, then I am all for it. If a cop pulls me over for speeding, I expect to get a ticket, but a body search is out of the question unless he has reason to suspect me of something more.

If I was denied entry because I stood by my right to protection from illegal search, then I wouldn't be entering the country. If for some reason they feel and can prove to me they have a reason to look, then I would let them.

But I'm not about to let some board jackass look over all my sh!t because he feels he needs to.

 

[$tinkle]

found this part interesting:

The magistrate judge, Jerome J. Niedermeier of Federal District Court in Burlington, Vt., used an analogy from Supreme Court precedent. It is one thing to require a defendant to surrender a key to a safe and another to make him reveal its combination.

The government can make you provide samples of your blood, handwriting and the sound of your voice. It can make you put on a shirt or stand in a lineup. But it cannot make you testify about facts or beliefs that may incriminate you, Judge Niedermeier said.

it's a fine line, with drastic implications

 

[Silver]

They ask for a password, you just use the Alberto Gonzales "I'm a retard and I don't recall" patented legal defense.

 

[ohio]

Then you're not entering the country.

Why is your hard drive different than a locked box of papers? Don't you think it's acceptable for the border officials to look in a locked container in someone's luggage? (And turn away someone who does not consent to such a search if they can't open it?)

Like I said, the border search is NOT a limited search for immediately apparent dangerous items.

Legitimate question not accusation: so confidential papers, including trade secrets and (as mentioned) news sources/leads, etc. are all subject to search? Seems to me that for a US citizen re-entering the US, search of information (papers, docs, files, etc.), rather than objects/materials (drugs, explosives, contraband), should require a warrant and thorough process to protect valuable information and maintain it's integrity and traceability.

 

[LordOpie]

If you setup your HDD multiboot with some encrypted partitions you'd probably throw people for a loop on multiple levels -...

This is my problem with searching a laptop. You need people on staff who can defeat the various methods that anyone who seriously wants to keep stuff hidden has taken such steps.

If you're an idiot TSA, then you can't know enough and then it's a waste of time and an invasion of basic privacy.

 

[H8R]

If they have probable cause, then I am all for it. If a cop pulls me over for speeding, I expect to get a ticket, but a body search is out of the question unless he has reason to suspect me of something more.

If I was denied entry because I stood by my right to protection from illegal search, then I wouldn't be entering the country. If for some reason they feel and can prove to me they have a reason to look, then I would let them.

But I'm not about to let some board jackass look over all my sh!t because he feels he needs to.

This is a border crossing. Once you submit to crossing a border, you're fvcked. They can search you any way they deem fit. You have granted them their warrant by crossing.

Hard drives are no more private than a suitcase full of porn mags in this case.

 

[jimmydean]

Legitimate question not accusation: so confidential papers, including trade secrets and (as mentioned) news sources/leads, etc. are all subject to search? Seems to me that for a US citizen re-entering the US, search of information (papers, docs, files, etc.), rather than objects/materials (drugs, explosives, contraband), should require a warrant and thorough process to protect valuable information and maintain it's integrity and traceability.

That was my view. Not saying that if I had plans to the Death Star that it isn't along the same lines as a bomb headed for the Death Star. But unless you have reason to search beyond "it's not a bomb", then you'd better back that up.

 

[$tinkle]

This is my problem with searching a laptop. You need people on staff who can defeat the various methods that anyone who seriously wants to keep stuff hidden has taken such steps.

If you're an idiot TSA, then you can't know enough and then it's a waste of time and an invasion of basic privacy.

in other words, the search will probably catch a few indescribably vile pedos, but any legitimate threat to nat'l security would go undiscovered (nuke secrets, especially).

awesome.

 

[LordOpie]

in other words, the search will probably catch a few indescribably vile pedos, but any legitimate threat to nat'l security would go undiscovered (nuke secrets, especially).

awesome.

It sounds like that, doesn't it?

 

[Silver]

Legitimate question not accusation: so confidential papers, including trade secrets and (as mentioned) news sources/leads, etc. are all subject to search? Seems to me that for a US citizen re-entering the US, search of information (papers, docs, files, etc.), rather than objects/materials (drugs, explosives, contraband), should require a warrant and thorough process to protect valuable information and maintain it's integrity and traceability.

Actually, if you don't extend that past US citizens, a policy like this more strictly enforced could in the future have grave impacts on our economy.

 

[LordOpie]

so if you have a GB USB drive on your keychain, will they inspect that?

 

[LordOpie]

Will they inspect iPods? Cell phones?

 

[Westy]

in other words, the search will probably catch a few indescribably vile pedos, but any legitimate threat to nat'l security would go undiscovered (nuke secrets, especially).

awesome.

Unless nuke secrets were stored in a folder called Lesbian_Jello_Fight

 

[$tinkle]

so if you have a GB USB drive on your keychain, will they inspect that?

be funny as hell to have a virus autorun.
just sayin, that could be a cheap way to thwart them

 

[Silver]

in other words, the search will probably catch a few indescribably vile pedos, but any legitimate threat to nat'l security would go undiscovered (nuke secrets, especially).

awesome.

What do you think airplane security does? Bombs seems to roll through, but god help you if you try to get a little baggie of blow on the plane for the pilot...

 

[$tinkle]

Unless nuke secrets were stored in a folder called Lesbian_Jello_Fight

uh-oh, i need to move something from my 'GOP Talking Points Memo' folder immediately.

brb.

 

[N8 v2.0]

Privacy in the US is gone already so its not surprising.

There is no "right to privacy" in the US Constitution nor Bill of Rights what so ever...

it's myth.

get over it.

move on.

dont look at kiddie pr0|\|

 

[LordOpie]

be funny as hell to have a virus autorun.
just sayin, that could be a cheap way to thwart them

good idea.

See, in the world of espionage, we all here are kind of dumb compared to those who do it for millions of dollars and we're finding ways to defeat the stupid system.

 

[Silver]

uh-oh, i need to move something from my 'GOP Talking Points Memo' folder immediately.

brb.

You've got Haggard video, don't you? You dirty boy...

 

[MikeD]

There is no "right to privacy" in the US Constitution nor Bill of Rights what so ever...

it's myth.

get over it.

move on.

dont look at kiddie pr0|\|

Actually, case law says that there is indeed a right to privacy protected by the Constitution.

It just doesn't exist in anything you bring across the border. Jimmydean, this means any bored jackass at the border can look at whatever they want to that you're carrying. Electronic or paper or stone.

THEY DO NOT NEED PROBABLE CAUSE. PC is required to intrude on a reasonable expectation of privacy. By well-established law, you don't enjoy REP crossing the border. US citizens included. (Especially since US citizens are actually the people who commit espionage at the behest of foreign powers, because they have access to to classified info that foreigners don't.)

Ohio, your trade secrets are an open book at the border. Many companies have developed a technical work-around by keeping info on encrypted websites. This way, employees have access, but don't need to transport it somewhere where it can be searched, as the info remains protected by the corporation's REP. (As I best understand it...I know corporations can have the legal standing of an individual legally, and so enjoy at least some right to privacy.)

 

[MikeD]

That was my view. Not saying that if I had plans to the Death Star that it isn't along the same lines as a bomb headed for the Death Star. But unless you have reason to search beyond "it's not a bomb", then you'd better back that up.

Just to be entirely clear, the border search is NOT a simple search for weapons or dangerous items. It's for contraband of any kind. This includes information. Physical or electronic. And the US government does not need to show any particular reason in order to search an individual crossing the border.

 

[ohio]

Ohio, your trade secrets are an open book at the border.

Roger that, so I should store grandma's secret gefilte fish recipe in my Gmail rather than on my computer.

 

[H8R]

Actually, case law says that there is indeed a right to privacy protected by the Constitution.

It just doesn't exist in anything you bring across the border. Jimmydean, this means any bored jackass at the border can look at whatever they want to that you're carrying. Electronic or paper or stone.

THEY DO NOT NEED PROBABLE CAUSE. PC is required to intrude on a reasonable expectation of privacy. By well-established law, you don't enjoy REP crossing the border. US citizens included. (Especially since US citizens are actually the people who commit espionage at the behest of foreign powers, because they have access to to classified info that foreigners don't.)

Ohio, your trade secrets are an open book at the border. Many companies have developed a technical work-around by keeping info on encrypted websites. This way, employees have access, but don't need to transport it somewhere where it can be searched, as the info remains protected by the corporation's REP. (As I best understand it...I know corporations can have the legal standing of an individual legally, and so enjoy at least some right to privacy.)

Thank you for eloquently posting what I posted before.

 

[MikeD]

Well, I posted it before THAT, so there...

 

[MikeD]

Roger that, so I should store grandma's secret gefilte fish recipe in my Gmail rather than on my computer.

I'd recommend keeping it exclusively in your jew-horde, since it's protected by the Illuminati. That's even better than REP.

 

[jimmydean]

Just to be entirely clear, the border search is NOT a simple search for weapons or dangerous items. It's for contraband of any kind. This includes information. Physical or electronic. And the US government does not need to show any particular reason in order to search an individual crossing the border.

So what's with the case of encryption? If my gear is password protected, I don't have to supply them with a password.

http://www.news.com/8301-13578_3-9834495-38.html

It looks to other Supreme Court cases saying Americans can't be forced to give "compelled testimonial communications" and argues the Fifth Amendment must apply to encryption passphrases as well.

Not that I have anything to hide, I just feel that as an American, I should have rights. I know the current administration feels differently, but whatever.

Note to self: Keep sh!t on the Linux partition and force boot XP at the border.

 

[MikeD]

So what's with the case of encryption? If my gear is password protected, I don't have to supply them with a password.

http://www.news.com/8301-13578_3-9834495-38.html



Not that I have anything to hide, I just feel that as an American, I should have rights. I know the current administration feels differently, but whatever.

Note to self: Keep sh!t on the Linux partition and force boot XP at the border.

Yes, you DO have to give your password in order to cross the border. Just like you have to open a lock. If you can't or won't open a lock, that item, at least, isn't crossing the border. Same with a laptop.

What's protected by the Fifth is being compelled to give a password. The search at the border is voluntary; it's just a condition of entry to the country. They can't forcibly search you--they can only keep you out pending your consent.

This is a correct legal decision--if they let you in the country, but fail to document the illegal content while you give consent to search, you can withhold consent later and can't be compelled to offer any testimony which would incriminate yourself. And they could be stuck with a box they can't access to prove you've done anything wrong.

And this has NOTHING to do with the current administration. It is OLD law applied to new technology. Your rights don't change just because a convenient method of storing lots of information becomes common. This cuts both ways.

(However, see my thoughts on digital economies of scale in my initial commentary--I think there are issues related to the government's ability to copy and store massive amounts of information in an extremely short time...)

 

[N8 v2.0]

I've heard that you dont take your sensitive info on your laptop to Israel...

if you think our customs is intrusive.. you have no idea.

 

[H8R]

Like I said - you submit yourself to being completely fvcked when you cross a border.

I've had dogs in my vehicle, every thing in my posession dumped on the side of the road, soap, shampoo and toothpaste, bottles of vitamins, every single item searched thoroughly for HOURS. They can take as long as they want, and if everything isn't perfect, all i's dotted and t's crossed, they can spin you around and send you back.

I've even been stripped searched in Europe. (no glove, thank GOD)

No reason, some border detective just wanted to make sure I had no heroin taped to my nuts I guess.


Tip: when crossing a border, dont be in a rock band.

 

[syadasti]

There is a very easy solution to PC searches - use web applications (webmail, google docs, etc) or even a webOS (ajaxWindows) for sensitive content (of course you better host the web app/OS yourself if its really important)- you will just have to clear your cache and/or nothing will be on your machine in some cases. More and more applications are moving this way - it was already mentioned for corporate but the end user can now even do this.

There is always terminal server/remote desktop, VNC, GoToMyPC too - you can keep your sensitive stuff at home as long as bandwidth is good and secure with SSL, SSH, PPTP, IPSec, whatever. You laptop will just be thin client with nothing on it.

 

[MikeD]

I've heard that you dont take your sensitive info on your laptop to Israel...

if you think our customs is intrusive.. you have no idea.

Especially Ohio and that recipe...

 

[ohio]

There is a very easy solution to PC searches - use web applications

Exactly, that's why I keep both grandma's recipes and my kiddie pron on the company server.

 

[H8R]

Exactly, that's why I keep both grandma's recipes and my kiddie pron on the company server.

"grandma's recipes" being the title of the worst senior citizen scat porn ever made.

 

[valve bouncer]

If you're an idiot TSA, then you can't know enough and then it's a waste of time and an invasion of basic privacy.

If the TSA want to search your laptop tell them to go stick their head up a dead bears bum. Once they ascertain your laptop is not a bomb then what's on it is no concern of theirs, they aren't law enforcement no matter how tough they act.