Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cellphones Government Privacy

Should International Travelers Leave Their Phones At Home? (freecodecamp.com) 514

Long-time Slashdot reader Toe, The sums up what he learned from freeCodeCamp's Quincy Larson: "Before you travel internationally, wipe your phone or bring/rent/buy a clean one." Larson's article is titled "I'll never bring my phone on an international flight again. Neither should you." All the security in the world can't save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password... Companies like Elcomsoft make 'forensic software' that can suck down all your photos, contacts -- even passwords for your email and social media accounts -- in a matter of minutes.... If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they're getting their passport swiped... And with this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone -- and fighting for your privacy in court -- will be a completely moot point.
The article warns Americans that their constitutional protections don't apply because "the U.S. border isn't technically the U.S.," calling it "a sort of legal no-man's-land. You have very few rights there." Larson points out this also affects Canadians, but argues that "You can't hand over a device that you don't have."
This discussion has been archived. No new comments can be posted.

Should International Travelers Leave Their Phones At Home?

Comments Filter:
  • Ways around this (Score:5, Interesting)

    by Anaerin ( 905998 ) on Saturday February 18, 2017 @07:41PM (#53893837)
    Depending on how long you're staying, you could send your phone via courier to meet you at your destination. Of course, then you have to trust the courier company and the customs agents handling the package.
    • by taustin ( 171655 ) on Saturday February 18, 2017 @08:07PM (#53893951) Homepage Journal

      Since they don't have the password, you have to trust them a lot less.

    • by quenda ( 644621 ) on Saturday February 18, 2017 @08:45PM (#53894097)

      Simpler way: just don't visit the United States.
      As a bonus, you will miss all the other airport humiliations: mass-fingerprinting, world's worst security theatre (you want my shoes off?), and risk of arbitrary refusal of entry without right of appeal or even explanation.
            If you want a dose of American culture and natural beauty, just go to Canada instead. Niagara Falls looks better from that side anyway :)

      Are there any other countries where this sort of thing goes on?

      • Re:Ways around this (Score:4, Informative)

        by Anonymous Coward on Saturday February 18, 2017 @08:57PM (#53894139)

        Be careful, American border patrol was just given authority to conduct is security theatre in Canadian airports too, courtesy of Joe Trudeau.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Be careful, American border patrol was just given authority to conduct is security theatre in Canadian airports too, courtesy of Joe Trudeau.

          Yep. And this is a whole lot scarier than being asked to give up your phone and password. The fact that you can't just say "I've changed my mind" and turn around and walk away on CANADIAN SOIL, is fucking chilling.

          • Re: Ways around this (Score:2, Informative)

            by Anonymous Coward

            It's only if you're US bound however.

            • Re: (Score:3, Informative)

              This has been the case for many years. US Border Control agents clear airline passengers at Pearson Airport before you get to the US departures area gates. (Has nothing to do with Justin Trudeau. )

        • Re:Ways around this (Score:5, Informative)

          by Solandri ( 704621 ) on Sunday February 19, 2017 @01:21AM (#53894919)
          That wasn't a change, it was maintaining the status quo. The U.S. operates several extra-territorial checkpoints in Canada (and other countries). If you're leaving certain Canadian airports for a flight to the U.S., you clear U.S. customs and immigration while in Canada. This simplifies things at the U.S. end (there are a lot fewer Canadian airports than U.S. airports, so fewer staff are needed this way), as well as allows Canadian flights to travel directly to U.S. airports without any U.S. customs and immigration presence.

          The program has been in operation since the 1950s [wikipedia.org]. Absent any disagreement on immigration policies, it is logistically the more efficient way to operate.
          • Re:Ways around this (Score:5, Informative)

            by Anonymous Coward on Sunday February 19, 2017 @12:35PM (#53896031)

            You missed the important detail.

            The previous status quo:
                  If the US border officials didn't want to let you in, they could not detain you and you were free to turn around and walk away.

            Now, people can get detained/held on Canadian soil by US border officials without the freedom to leave.

            Big difference. Not at all the status quo.

      • by Anonymous Coward

        Canada's customs agents also take away phones and read data off of them.

      • by Anonymous Coward on Saturday February 18, 2017 @09:47PM (#53894301)

        Yep. Sorry America, but until you stop acting like an abusive boyfriend, pawing through peoples personal texts, contacts and photos, you are on MY no-fly list.

        It's a shame, because America is a beautiful place, and Americans are some of the friendliest people I've met, but your government really needs to grow a pair. Someone once said something profound about trading liberty for security; y'all should really look into that.

      • You also have to be careful about the route the airline takes, as even if it passes through US airspace, let alone makes a stopover, you still are subject to US customs inspection.

      • Simpler way: just don't visit the United States.

        That doesn't help if you are American and want to visit some other countries. At some point you have to come back, and these border search rules apply to citizens and non-citizens alike.

    • Depending on how long you're staying, you could send your phone via courier to meet you at your destination. Of course, then you have to trust the courier company and the customs agents handling the package.

      You can't. If you have anything on your phone that you don't want getting out, you need to leave the phone at home and get a burner. And that rule applies to all countries in the world, not just the US because hate.

    • Someone should build a phone which blows up if someone tries to tamper with it.
      Wait Samsung already built one.
      Someone should just build a case for phones which makes them look like a Note 7.
      No CBP agent will try to read it.

    • Depending on how long you're staying, you could send your phone via courier to meet you at your destination. Of course, then you have to trust the courier company and the customs agents handling the package.

      Depends on whether I'm travelling on a vacation to a place where I'm not likely to regularly communicate w/ anyone (like say, a few weeks visit to Tahiti) vs visiting friends abroad, where I would be. Either case would be different.

      In the first case, I would take a blank phone, and at the country that I'm visiting, maybe rent a SIM card for the duration of the stay. Keep it w/ me, and return it when I leave. Use it only for local calls (like to the hotel or anyone I have to call while I'm there. When

  • Attack Software (Score:5, Interesting)

    by pubwvj ( 1045960 ) on Saturday February 18, 2017 @07:42PM (#53893847)

    So what happens when travelers start carrying attack hardware & software that bites back. Imagine that the border agent sticks your phone into his reader and along with your data your phone injects a virus into his system. This can be done at very low levels. Or your 'phone' might simply send out 200,000 volts of power through the connection frying boarder patrol's expensive equipment.

    Sounds like a good plot for a thriller spy movie...

    And it's all possible.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Except that you'd probably be arrested for "damaging government equipment" or, more likely since it's related to national security, terrorism.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        You don't have to be the one carrying the malware, you inject it on someone's phone while their sitting around on the public unsecured wifi on the airport.

        They can't trace it back to you, and you get a free piggyback into the government network which someone else will take the fall for? Fantastic! That's the problem with these sorts of techniques, the people who can actually do damage are simply enabled by the incompetent policies put in place by people who don't understand the technology.

        Really if anyone n

        • The attempt to harm government equipment is stupid on many levels, but right out of the gate it's stupid because the odds are extremely low of your phone even being looked at. I've never had the border agents even ask to see my computer, much less my phone. The odds are very slim they ever will so you'd be going to a lot of trouble just for nothing to happen.

    • by taustin ( 171655 )

      As is the lengthy prison term you'll be serving for obstruction of justice, one count for each person delayed by the damaged equipment.

      • by AmiMoJo ( 196126 )

        Years ago I remember reading ab anti-forensics where they talked about carefully modifying the FAT on your HDD so that it would work normally with Windows (probably XP) but when scanned with a popular forensics package would make it crash. No permanent harm done, the trained monkey operator just assumes (correctly) that the forensics software is buggy and the barrier to invading your privacy is raised.

    • 1) The volt is not a measure of power.

      2) You're not getting 200KV out of a cellphone battery.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        If you want to be a pedant learn some knowledge.

        1) Voltage isn't a measure of power, but it is a measure of ESD tolerance.

        2) You can get any voltage you want out of a cell phone battery. The only question is how many amps at that voltage.

    • Soft rubberduckie?

      Is it even possible for a phone to tell USB that it's a keyboard?

      • Yep, the USB device (aka gadget) tells the USB host (computer) what kind of device it is. Newer phones equipped with USB OTG have the hardware to work as either end of the connection.

        Some chips used in common USB memory sticks can be programmed to act as a keyboard, sending keypresses to the computer when someone plugs in the "flash drive". I built one of those myself, using a usb flash drive with my company's logo on it. If I were to leave that drive laying around the office, one of my co-workers would

    • by Kjella ( 173770 )

      So what happens when travelers start carrying attack hardware & software that bites back.

      They'll fuck you back harder.

    • So what happens when travelers start carrying attack hardware & software that bites back?

      The border guard bites back harder. So unless you are fond of cavity searches and border town lockups, I suggest you reconsider your options.

    • Or your 'phone' might simply send out 200,000 volts of power through the connection frying boarder patrol's expensive equipment.

      Sounds like a good plot for a thriller spy movie...

      And it's all possible.

      And all easily preventable. Or do you think the smart people that create such machines haven't thought about that?

  • If I recall correctly, you're obligated to let them search your phone (i.e. had it over), but you can't be compelled to give them the password. I guess they could delay you while they try to browbeat it out of you, and they presumably could confiscate the phone itself because they can't see what's on it, so it might be a high-cost stance to take.
    • by HiThere ( 15173 )

      That's what the law says.

      Now, do you want to bet the guy trying to search your phone knows, or admits knowing, the law?

    • by Imrik ( 148191 ) on Saturday February 18, 2017 @08:42PM (#53894083) Homepage

      You can't be compelled to give your password, you can however be denied permission to travel if you withhold it.

    • by AHuxley ( 892839 )
      Thats nice if a person is a citizen. If your not a citizen, a person will not get to hide things, i.e. a person is lying and will be removed.
      Most nation have seen all that legal effort by citizens. Most nations ensure everything can be searched, questions asked. Images can be looked at, recovered. Bags searched, devices accessed.
      Any expected questioned asked to anyone entering that are blocked, refused is lying. No protection is granted to lie.
      If a person is not a citizen, they don't get cove
  • Well, (Score:5, Insightful)

    by Black Dragon ( 14728 ) on Saturday February 18, 2017 @07:58PM (#53893909) Homepage

    reacting to these egregious violations of privacy by leaving your smartphone at home, or simply not having one, seems somehow inadequate. The fascists will simply keep pushing and pushing, gradually closing the net around you as they have ever since the passage of the (un)PATRIOT Act. In an actual free and open society, stealing, er excuse me "confiscating" someone's property and then demanding the victim give up their password would be illegal, and the very idea that the 4th Amendment to the United States Constitution shouldn't apply just because you are near the national border would be laughable. But we're not a free country, are we? No, not for a long time now.

  • by Anonymous Coward

    You must give border agents a key that will unlock your phone, but what if your phone had multiple levels of unlock? One key unlocks it to show a minimal contact list, texts and phone call histories of only select contacts and web history of only whitelisted sites. Sign in with a different key and suddenly your full history is available. If the filesystem is encrypted who is to know you haven't done a full unlock for the border goons.

    • by AHuxley ( 892839 )
      AC the US gov has the funds to buy software to detect any use of encryption.
      Once found? Decrypt or lie?
      If your not a US citizen the options are clear.
      If you are a US citizen, expect parallel construction https://en.wikipedia.org/wiki/... [wikipedia.org] if no questions got asked.
  • by Kozar_The_Malignant ( 738483 ) on Saturday February 18, 2017 @08:00PM (#53893923)
    This is no different from the drill for laptops. On your travel day, back up your phone, encrypt the backup, send through your by vpn to a server stateside, reset the phone to factory defaults. Download the backup when safely stateside.
    • Good thing terrorists will never think to do that.
      • by jopsen ( 885607 )

        Good thing terrorists will never think to do that.

        Yes, and it's great that all law abiding citizens do follow the lengthy procedures outlined by GP.

        IMO, if you don't uphold civil rights where every you go, whether it's the border to Canada or a cave in Afghanistan then you probably don't care about civil rights to being this. The US has consistently proven that civil rights aren't important.

    • This is no different from the drill for laptops. On your travel day, back up your phone, encrypt the backup, send through your by vpn to a server stateside, reset the phone to factory defaults. Download the backup when safely stateside.

      As soon as the customs officer sees your phone is set to factory defaults, he's going to want you to log into your accounts. That's no different from providing the password for your device.

      • As soon as the customs officer sees your phone is set to factory defaults, he's going to want you to log into your accounts. That's no different from providing the password for your device.

        What accounts?
        I have about 10 different accounts already that I use for different purposes, configuring a reset phone with one that has no useful info in it is straight forward.

  • by 93 Escort Wagon ( 326346 ) on Saturday February 18, 2017 @08:01PM (#53893927)

    I'm not sure that leaving your phone at home counts as "resistance" - it sounds more like surrendering.

    • by dbIII ( 701233 ) on Sunday February 19, 2017 @12:29AM (#53894785)
      If you want to fight them the checkpoint is the wrong place since they have all the power and will win every time. They have you by the balls figuratively and sometimes literally. You have people that are supposed to represent your views in Washington and those people control the payroll for the TSA - they are the ones you should be talking to if you want to pick a fight with the TSA.
  • If you are taking a trip to somewhere your phone requires roaming charges you should not take your phone with you.

    • If you are taking a trip to somewhere your phone requires roaming charges you should not take your phone with you.

      Indeed. In fact, a good thing to do is simply get to where you're going and buy a "burner phone". You can dump it if you choose, or keep it and hand it over to the Brown Shirts when you re-enter the US...

  • And we'll see it soon, is to have a separate password that resets the phone to a factory configuration.

    Or, even better yet, multi-user phones. Keep one user account vanilla clean, and let them have fun.

    I predict we will see one or the other this year.

    • by JazzLad ( 935151 )
      Nokia has the patent (I'm too lazy to look up a link) on multi-user phones - that's why only Android tablets (not phones) have the feature (not saying all do, my Nexus 7 did).

      I guess computers doing it for decades and phones basically being all-in-one computers wasn't enough to make this too obvious to patent ...
    • by AHuxley ( 892839 )
      Any encrypted material would be detected. US software used to scan devices would find any such use of encryption or altered file system.
      The same with any camera card or laptop.
  • Security (Score:2, Insightful)

    I don't understand why people put secure things on their phone. Use a laptop instead and leave that at home, then there's no problem. You can even access it remotely if you want.
    • by EvilSS ( 557649 )

      I don't understand why people put secure things on their phone. Use a laptop instead and leave that at home, then there's no problem. You can even access it remotely if you want.

      It's not just "secure things". Your contacts list and call history can tell heaps about you all by itself. Social media accounts (I know, no one here has them but lots of people in the real world do), photographs (which are conveniently geo-tagged), hell even your taste in music (have a stray ICP track in your music collection? Woops, you're a gang member and can be treated as such!) .

      Smart phones have a high concentration of information about us that, individually may seem innocuous but when looked at o

  • by Dare nMc ( 468959 ) on Saturday February 18, 2017 @08:23PM (#53894017)

    > You have very few rights there

    This does apply to them searching your phone, you have no choice. But it doesn't really apply to US citizens on giving up your password, if you have some time to spare that is. They cannot deny a citizen entry without cause, they can deny them their possessions or hold them for a "reasonable time." So eventually they have to allow citizens out of the constitution free zone, and into the US. Although they may be able to force you to give a fingerprint.

    Of course this only applies to US citizens and US customs. Other countries are under no such consideration. But I am not sure many have any protections from search anywhere.

    • by Mitreya ( 579078 )

      They cannot deny a citizen entry without cause, they can deny them their possessions or hold them for a "reasonable time."

      Unfortunately, few people can afford to test these rules -- as having your possessions and not "being held for a reasonable time" may be integral to keeping your job.

  • Just have a second (if iPhone) iCloud account set up with reasonable amount of apps and mail (subscribe to some mailing lists.)

    Before travelling, backup, then restore your alternate clean identity.

    After travelling, restore the correct one.

  • by mspohr ( 589790 ) on Saturday February 18, 2017 @08:46PM (#53894105)

    I've been thinking about this since the recent article where a NASA JPL US citizen employee was detained and forced to give up his password.
    I have a Chromebook. It's easy to wipe it completely to fresh out of the box factory settings. At the border, you can give them a completely blank computer. (or set up a dummy Chromebook account with nothing on it). Then when you are back safely in the US, just enter your credentials and it will download everything from the cloud and you're back in business.
    Phones are a little more difficult. You can factory reset these but your SIM card still has data. You'd need to install a decoy SIM card in it (preferably a burner SIM from some odd place where it won't work in the US). You'll have to deal with your own SIM card by hiding it or mailing it to yourself. Once you reinstall your original SIM and login, the phone apps, etc. will restore themselves.
    Either that or just buy a burner phone and ditch it before you return.

  • Stay away. (Score:5, Insightful)

    by Anonymous Coward on Saturday February 18, 2017 @08:54PM (#53894127)

    The best answer is always ECONOMIC. Stay away from the USA and travel elsewhere. If they notice a huge decline in tourism and the associated revenue they will be forced to rethink TRUMP and his policies.

    • Re:Stay away. (Score:5, Insightful)

      by Gussington ( 4512999 ) on Saturday February 18, 2017 @11:27PM (#53894617)

      The best answer is always ECONOMIC. Stay away from the USA and travel elsewhere. If they notice a huge decline in tourism and the associated revenue they will be forced to rethink TRUMP and his policies.

      Already doing this. We planned a trip there a couple of years ago but decided the authoritarian entry requirements were not something I can support with a conscience. So we went to Europe and spent our money there instead. I have friends planning a trip to the US later this year and invited us but declined for the same reasons. We're going to Indonesia instead, where despite having an autocratic pro-Muslim government, it is still more open than the US.
      Worth noting this isn't a Trump thing. It started with Bush, and was continued by Obama and now Trump too.

    • Re:Stay away. (Score:5, Interesting)

      by Spaham ( 634471 ) on Sunday February 19, 2017 @12:55AM (#53894859)

      yep !

      I even used to live there as a student.
      I'm not planning to come back any time soon now.
      Why bother with all the hassle ?

  • It is good security practice to get burner phones, new drives in laptops, and leave the tablet at home. Don't leave the country without doing it.

    This has been true for years, is nothing new, and surprised that people don't know that.

  • I'm thinking of locking systems that block access when at the border and can only be unlocked when in a civilised country or the USA :) (sorry, couldn't resist)

    Not sure if GPS is accurate enough for that though

  • Operation Quicksilver [wikipedia.org] was a WW-2 operation by Allied Army stationed in UK. They created a fake army with inflatable tanks, and cardboard barracks and painted log canons. But the deception unit also sent thousands of fake radio traffic, drove a few trucks endlessly around to create fresh tracks every night etc etc.

    We should kickstart some crowd funding to create a mod for android that recognizes a Quicksilver password. Once the quicksilver password is entered, the phone would unlock, but log in you with

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Saturday February 18, 2017 @09:34PM (#53894241)
    Comment removed based on user account deletion
  • Take old phone, factory reset it. go through customs, find free wifi. reload phone....

    The shit is getting easier and easier.

    The next step is they'll hold you up, require your google or dropbox password...

    We live in interesting times. until the "world" catches up to tech. Don't know which way things are going... 1984? Johnny Mnemonic? Blade Runner?

  • So have a phone. A new phone with a new account from back in your own nation thats account ready for your destination.
    It powers on, has a list of apps. It can be called. So any security questions about devices will fit in with what is expected of most people in 2017.
    A laptop should be new. Only have productivity apps.
    A camera should have a new card/s in it. Do not use the card. Any images on it will be looked at. Any camera deleted images can and will be recovered.
    For any paperwork use your wo
  • Encrypt the whole thing... then encrypt documents with a secondary form of encryption on the phone... Fill the documents with F-U gubment. Laugh when they say they need to take it at the border and refuse to give them the unlock codes. They'll take your phone and waste time to decrypt documents that simply tell them where to shove it. Hehehehehehe

  • I can't believe we got this far. What are you guys doing to your country? Leaving your cellphone home used to be a consideration when visiting places like North Korea.

  • by psychonaut ( 65759 ) on Sunday February 19, 2017 @04:51AM (#53895241)
    I've made scores of international trips in my life, for business and pleasure, and on only one occasion did the border guards demand access to my laptop [livejournal.com]. That was at Pyongyang International Airport in North Korea, in August of 2015. And at least the search was conducted in full view of myself -- they even asked me to do a lot of it myself, since they were completely unfamiliar with KDE and couldn't type on my Dvorak keyboard. It turns out all they were looking for were South Korean movies (which they didn't want me distributing to the locals), and as soon as it became obvious that I had none, they called off the search.

Truly simple systems... require infinite testing. -- Norman Augustine

Working...