Customs wanting power to force travellers to handover passwords and encryption keys

Forums › ICT Policies and Regulation › Customs wanting power to force travellers to handover passwords and encryption keys

1 | 2 | 3 | 4 | 5

116 posts

Master Geek
+1 received by user: 52

#1252158 6-Mar-2015 10:26

Not sure how this is supposed to work for businesses?

I have to sign a none disclosure agreement for every client I work for. That means I cannot disclose my passwords without getting in trouble and possible losing my job/career.

nzlegs

52 posts

Master Geek
+1 received by user: 9

#1252179 6-Mar-2015 10:57

I don't store anything much on then laptop other than game saves for Civ4 and Civ5 but everything else that could be considered as ummm lets call it sensitive, is stored on external USB hard drives. They are quite welcome to remove the SSD and attach it to another computer, but would they have the time, knowledge, skill?

There are also some Excel databases but nothing sensitive.

SaltyNZ

8873 posts

Uber Geek
+1 received by user: 9558

Trusted

2degrees

Lifetime subscriber

#1252211 6-Mar-2015 11:51

xpd: Lets say I do have to give up my password to my Linux installed laptop that dosent have a GUI - would I then have to show them around my files ? Or are the staff going to be trained up in all the different OS's out there and know how to tell the difference between a JPG and a JPG thats been renamed .dll to hide it.... and so on.

I guess if theyre convinced theres something being hidden theyll take it off you and hand it over to an "expert" for 6 months.......

I expect that if they couldn't find what they were looking for using potato-level skills they'd just confiscate it and send it back to someone who (hopefully) knew what they were doing.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

SaltyNZ

8873 posts

Uber Geek
+1 received by user: 9558

Trusted

2degrees

Lifetime subscriber

#1252215 6-Mar-2015 11:52

testha: Not sure how this is supposed to work for businesses?

I have to sign a none disclosure agreement for every client I work for. That means I cannot disclose my passwords without getting in trouble and possible losing my job/career.

The law cannot be trumped by a contract. If the government seized a computer with company sensitive information on it, you cannot be held liable for that.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

qyiet

454 posts

Ultimate Geek
+1 received by user: 94

Trusted

#1252217 6-Mar-2015 12:01

My BIG problem here is they are asking for the passwords themselves, not for the user to enter them. Passwords open more than just the laptop, for example a username/password combo for a Domain Joined laptop could potentially give access to VPNs, Wifi, Mail, File Servers, Other Computers within their enterprise.

Or if the traveller was using the MS account as a login to a Win 8 machine, then the customs officer has just got the info required to login to the windows market place and purchase Apps of the sort that the customs offices gets a cut of.

The second problem I have is this solves nothing. Asking the person to enter their password, and them refusing will have the same result as asking them for it and them refusing. Lets say the user did have something nasty on their laptop, but ALSO had a failsafe password to wipe the thing. In that scenario the dodgy user just gives customs the failsafe, they enter it, triggering the wipe. I can't see where this is any better than requiring the user to unlock the device on request.

Warning: reality may differ from above post

Batman

Mad Scientist
30014 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#1252219 6-Mar-2015 12:02

Not just this country.

You might travel into a country that wants to access your stuff

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

Azzura

609 posts

Ultimate Geek
+1 received by user: 224

ID Verified

#1252223 6-Mar-2015 12:04

In a perfect world I would agree....doing nothing wrong...nothing to fear.

But I am pretty sure we do not live in a perfect world... My greatest fear with this waving of our privacy ----

What about the custom agent that is having a bad day or week we run into?
What about the custom agent that really shouldn't be a custom agent?
What about the potential security holes ---- that might allow someone to store something on another device in the crowd.
Perhaps custom agents will be pressured by some kind of quota or their numbers are low versus co-workers.
Custom agent with an undiagnosed medical condition (maybe PTSD from a traumatic life experience, or w/e).

What about the innocent people that get caught up in this snare? How many innocent people are you willing to send to jail to catch a guilty person? ----- "It is better that ten guilty persons escape than that one innocent suffer"

And as said by someone else. It isn't just this country. Today in Canada -----

http://www.cbc.ca/news/canada/nova-scotia/quebec-resident-alain-philippon-to-fight-charge-for-not-giving-up-phone-password-at-airport-1.2982236

testha

116 posts

Master Geek
+1 received by user: 52

#1252243 6-Mar-2015 12:21

SaltyNZ:
testha: Not sure how this is supposed to work for businesses?

I have to sign a none disclosure agreement for every client I work for. That means I cannot disclose my passwords without getting in trouble and possible losing my job/career.

The law cannot be trumped by a contract. If the government seized a computer with company sensitive information on it, you cannot be held liable for that.

Most of my clients are government, not sure how they feel is someone without the proper clearance can ask me for my passwords and potentially get access to information.

I also carry several security tokens with me, since they can be used to securely store data outside of the device I am carrying will I have to tell them these passwords as well?

What about my password safe?

What if I forget a password?

They clearly havent thought this through.

SaltyNZ

8873 posts

Uber Geek
+1 received by user: 9558

Trusted

2degrees

Lifetime subscriber

#1252249 6-Mar-2015 12:35

testha:
I also carry several security tokens with me, since they can be used to securely store data outside of the device I am carrying will I have to tell them these passwords as well?

I suppose it depends on circumstances, but presumably, yes, if they asked for it.

What about my password safe? What if I forget a password?

They clearly havent thought this through.

Yes, that's right, it's a terrible suggestion, and it makes criminals out of innocent people. Make sure you make your submission and suggest that they at least only be allowed to demand access with a high standard of prior suspicion.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

nakedmolerat

4631 posts

Uber Geek
+1 received by user: 874

Trusted

Lifetime subscriber

#1252262 6-Mar-2015 13:14

According to the minister interview, if i heard it correct this morning, customs are allowed to request this anyways... She mentioned only 150s cases a year but later corrected by the ?custom department - 1500s cases a year where they request/access with the password. So that is like 5-6 cases a day where people are asked to surrender their password..

So why the need for law change?

If this is just going to slow down people at the airport, I won't bother taking my laptop.

qyiet

454 posts

Ultimate Geek
+1 received by user: 94

Trusted

#1252284 6-Mar-2015 13:28

nakedmolerat: So that is like 5-6 cases a day

Lets assume that each of those people had 450 gigabytes of data on them. They manage to inspect 5-6 seconds worth of data that the southern cross cable can currently move. In 1/2 an hour more data has gone through that cable alone than they can inspect in a year. Having customs 'prevent nasty data' entering NZ is just a joke.

Warning: reality may differ from above post

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

tigercorp

668 posts

Ultimate Geek
+1 received by user: 81

#1252285 6-Mar-2015 13:33

Customs could do themselves a favour by backing up their requests with decent reasons, preferably referencing transparent figures and statistics.

Rather that the current reasons of "just cos" and "we think other countries have this so we want it too".

ajobbins

5053 posts

Uber Geek
+1 received by user: 1279

Trusted

#1252288 6-Mar-2015 13:42

Perfect time to install some five eyes spyware on the devices of anyone they see fit. Would get around those pesky warrants they would need to get access to the device if the person wasn't travelling.

Twitter: ajobbins

loceff13

1089 posts

Uber Geek
+1 received by user: 340

#1252299 6-Mar-2015 13:59

I don't mind the way they currently work(ie our police or interpol request they search specific people's items based on reasonable intelligence) and think it should stay that way.

mattwnz

20520 posts

Uber Geek
+1 received by user: 4798

#1252301 6-Mar-2015 14:03

I thought banks forbid you to give your passwords to anyone. Many people have password lockers so once logged in they would have access to all your passwords.

1 | 2 | 3 | 4 | 5