Customs wanting power to force travellers to handover passwords and encryption keys

Forums › ICT Policies and Regulation › Customs wanting power to force travellers to handover passwords and encryption keys

1 | 2 | 3 | 4 | 5

freitasm

BDFL - Memuneh
79263 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1252623 7-Mar-2015 11:40

JimmyH: In a past life I had a secondment involving working with sensitive information, for which I had to hold a security clearance. We were supplied with laptops with encryption by the employer. It was a dismissable offence for me to disclose the information in question, or even discuss it with someone who didn't have a clearance. It was also a dismissable offence to give anyone my password. Certainly my market value would have been severely damaged.

I am pretty sure that a run of the mill Customs officer doesn't hold such a security clearance.

Therefore, I think I would have been in a world of hurt if I had handed over the password to anyone.

(but no, put the tinfoil hats away, the job was nothing to do with any spook agency).

I hope someone is putting these kind of questions in a submission...

Rikkitic

Awrrr
18659 posts

Uber Geek

Lifetime subscriber

#1252796 7-Mar-2015 16:06

So bad guy wants to bring CP and bomb-making instructions into NZ:

1. Bad guy encrypts nefarious content and uploads to cyberlocker.

2. Bad guy skips past Customs, nothing digital to declare.

3. Bad guy launches Tor, downloads and decrypts nefarious content, spreads mayhem throughout the land.

Customs say they are trying to upgrade to the 21st century but it seems to me they are still wallowing in the 19th. Who is going to be dumb enough to physically bring any seriously compromising content into the country when it is so easy to do it virtually? Surely even Customs must have heard of the Internet by now? I just don’t understand what the point of this even is.

Plesse igmore amd axxept applogies in adbance fir anu typos

alexx

867 posts

Ultimate Geek

#1253077 7-Mar-2015 23:50

The pc / mac has two users - User A and User B.
User A is the normal user.
User B is another user that runs a startup script to delete certain files.
The cleanup script also fixes timestamps and cleans itself up, so that it's impossible to prove that it ever deleted anything.
At customs you have the option which username and password to provide.

This might catch a few people with copied DVDs, but really it's just an IQ test to catch a few dumb criminals. The smart ones have many ways to circumvent this if it ever becomes law.

#include <standard.disclaimer>

Batman

Mad Scientist
29761 posts

Uber Geek

Trusted

Lifetime subscriber

#1253631 8-Mar-2015 22:42

joker97: Not just this country.

You might travel into a country that wants to access your stuff

http://www.cnet.com/news/man-charged-for-refusing-to-give-up-phone-passcode-to-canadian-border-agents/

geoffwnz

1587 posts

Uber Geek

ID Verified

#1253812 9-Mar-2015 10:33

I am pretty sure that a run of the mill Customs officer doesn't hold such a security clearance.

Yep, I believe they do. And possibly higher than you do depending on their roles within Customs.

MotorDrive Rallying

Lazarui

136 posts

Master Geek

#1256539 11-Mar-2015 18:32

JimmyH: In a past life I had a secondment involving working with sensitive information, for which I had to hold a security clearance. We were supplied with laptops with encryption by the employer. It was a dismissable offence for me to disclose the information in question, or even discuss it with someone who didn't have a clearance. It was also a dismissable offence to give anyone my password. Certainly my market value would have been severely damaged.

I am pretty sure that a run of the mill Customs officer doesn't hold such a security clearance.

Therefore, I think I would have been in a world of hurt if I had handed over the password to anyone.

(but no, put the tinfoil hats away, the job was nothing to do with any spook agency).

I don't believe this to be a real issue, your employer will be well aware of what countries would have a search and seizure law for digital devices in this case and have a strict policy of telling you what countries you can fly through with your laptop if they consider the government searching the laptop an issue.

My issue with it still exists though 'cause the law itself is as bad as the three strike law written for Copyright infringement from a technological standpoint it does not make sense. It looks as they all do written by someone who does not understand the technology they are trying to police. I have no problem with submitting for search at the border, providing there is a reason for doing so and the people involved are competent, Random checks of digital devices is just silly pointless and will waste a lot of time in an already arduous process.

Here is the next issue: Is there going to be a team of people on the border who know how and what to search for? Unlikely.

nathan

5695 posts

Uber Geek
Inactive user

#1256550 11-Mar-2015 18:53

Image your machine and analyse it later

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

nathan

5695 posts

Uber Geek
Inactive user

#1256551 11-Mar-2015 18:55

I have been to a country for work where I was issued a new laptop with a new image to use while in the country. I was only to use that device in country and not once I had finished my week working there. Then once I brought that laptop back into my source country is was shredded. It was easier to do that than figure out if state sponsored actors had done stuff to it.

Ragnor

8219 posts

Uber Geek

Trusted

#1256562 11-Mar-2015 19:15

Yeah this policy seems pointless as hell, it's not going to catch any real bad guys.

Giving them your Microsoft Account password or Google Account password since those are needed to sign in to some devices gives them way too much access (any site you use single sign on / oauth), I don't think that's a good idea.

1 | 2 | 3 | 4 | 5