Sponsor Message:
Civil Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Laptop Search By TSA @ SFO  
User currently offlineJawed From United States of America, joined Sep 2006, 482 posts, RR: 0
Posted (6 years 10 months 2 weeks 5 days 22 hours ago) and read 7817 times:

http://www.washingtonpost.com/wp-dyn...le/2008/02/06/AR2008020604763.html

"... a tech engineer returning from a business trip to London objected when a federal agent asked him to type his password into his laptop computer."

How would you react? What if you are using PGP Whole Disk Encryption or TrueCrypt, would you type in the password?

[Edited 2008-02-07 23:35:31]

35 replies: All unread, showing first 25:
 
User currently offlineLeskova From Germany, joined Oct 2003, 6075 posts, RR: 70
Reply 1, posted (6 years 10 months 2 weeks 5 days 22 hours ago) and read 7807 times:



Quoting Jawed (Thread starter):
How would you react? What if you are using PGP Whole Disk Encryption or TrueCrypt, would you type in the password?

A friend has had something similar happen to him - he was returning from a business trip to Brazil when agents at MUC asked to see his business papers; he refused, it turned out to be a rather long discussion, but at the end they let him go nonetheless.

Don't know how I'd react, but I hope I'd have the reason to ask for something on the level of either a court order or reasonable grounds on why my computer or papers were subject to a search.

I find this development highly questionable... and very worrying.



Smile - it confuses people!
User currently offlineLobster From Germany, joined Oct 2008, 49 posts, RR: 0
Reply 2, posted (6 years 10 months 2 weeks 5 days 21 hours ago) and read 7787 times:

First off, the TSA has NO authority to search your laptop, papers, wallet, etc. You have every right to refuse.
There are also issues of the TSA turning things over to LEO's as the TSA is only an administrative search. The TSA was enacted SOLELY to provide security to travelers. Not to check ID's, look for fake documents, catch illegals, etc. There are a few cases in the court system now that resulted in arrests from peoples CHECKED luggage being searched and contents turned over to LEO's. Once again, your rights are disappearing. Thank you John Ashcroft, Kip Hawley, and Comrade Chertoff.

CPB on the other hand operates rather shady. I personally would refuse and would rather be arrested, and have them attempt to get a search warrant. However, if there is no reasonable suspicion, the likely hood of them finding a judge to sing off is slim. It is well within your rights, to deny a search.

Quoting Jawed (Thread starter):
What if you are using PGP Whole Disk Encryption or TrueCrypt

This is in the courts right now and a lower court has ruled you do not have to as this is a violation of your 5th Amendment rights. It's presently being appealed.


Personally, I find the attitude of our government disgusting. I looked into PGP, but don't feel like spending the money right now. Our rights are disappearing left and right and it's all in the name of "security". Disgusting and un-American.


User currently offlineTUNisia From United States of America, joined Aug 2004, 1845 posts, RR: 5
Reply 3, posted (6 years 10 months 2 weeks 5 days 21 hours ago) and read 7777 times:



Quoting Lobster (Reply 2):
Once again, your rights are disappearing. Thank you John Ashcroft, Kip Hawley, and Comrade Chertoff.

But..."think of the children!" /sarcasm

Quoting Lobster (Reply 2):
Our rights are disappearing left and right and it's all in the name of "security".

We've been warned many many many times through the years that it would happen this way. The sheep don't like to pay attention.



Someday the sun will shine down on me in some faraway place - Mahalia Jackson
User currently offlineAirTran737 From United States of America, joined Apr 2004, 3707 posts, RR: 12
Reply 4, posted (6 years 10 months 2 weeks 5 days 21 hours ago) and read 7744 times:
Support Airliners.net - become a First Class Member!



Quoting Jawed (Thread starter):
How would you react? What if you are using PGP Whole Disk Encryption or TrueCrypt, would you type in the password?

I would refuse, and use my 5th Amendment Right to self incrimination. Even though I don't have anything on my computer that could get me in trouble the government still needs just cause to make me log into it for them. I believe we are also protected from unlawful search and seizure by the 4th Amendment. I would fight them tooth and nail if they wanted to force me to give them my password. Want to look at my computer? Get a warrant and we can go from there. I will miss my flight if it means I can stick it to these bastards. This shit that our government tries to pull sometimes is way out of control. You can thank all of those who voted for the Patriot Act, the single biggest piece of crap legislation that has come into law in the last seven years (BTW I am a Republican and I hate the Patriot Act.)



Nice Trip Report!!! Great Pics, thanks for posting!!!! B747Forever
User currently offlineFWA2500 From United States of America, joined Feb 2005, 105 posts, RR: 0
Reply 5, posted (6 years 10 months 2 weeks 5 days 21 hours ago) and read 7681 times:

i see us inching our way towards nineteen eighty four....granted, we still have several yards left, but we are inching our way there none the less


ex-OH@CVG
User currently offlineChrisair From United States of America, joined Sep 2000, 2185 posts, RR: 3
Reply 6, posted (6 years 10 months 2 weeks 5 days 19 hours ago) and read 7590 times:

Not to nitpick too much, but the TSA isn't involved in this, CBP (Customs) is.

Shocking and disturbing nonetheless. Welcome to Amerika.


User currently offline2175301 From United States of America, joined May 2007, 1085 posts, RR: 0
Reply 7, posted (6 years 10 months 2 weeks 5 days 16 hours ago) and read 7450 times:

There have been several court rulings that within the US, citizens of the US do not have to provide passwords due to constitutional protections.

An foreign national entering the US - and a request from customs at the entry point may be a different matter.

There is a case going in the court systems now on where a person voluntarily entered his password - the agents say some incriminating evidence - and now the person refuses to reenter the password for the computer so that the agents have the evidence they need for a prosecution. An argument presented there is that the person has already given up their rights by voluntarily entering his password the first time and showing the information. That case is on appeal and I don't think anyone really knows how that one will end. If the case drags on long enough the person will have time to forget the password.

I had never seriously thought of encrypting my hard-drive before. But, perhaps now is the time to do so.


User currently offlineAirbazar From United States of America, joined Sep 2003, 8660 posts, RR: 10
Reply 8, posted (6 years 10 months 2 weeks 5 days 15 hours ago) and read 7346 times:



Quoting Lobster (Reply 2):
First off, the TSA has NO authority to search your laptop, papers, wallet, etc.

IIRC you cannot travel outside of the US with encryption software that has a key length greater than 64 bits.
I don't know who's job it is to enforce it but if you're caught re-entering the country with such software on your laptop and without the required authorization, you better have a good lawyer.


User currently offlineDelta11 From Germany, joined May 2007, 58 posts, RR: 0
Reply 9, posted (6 years 10 months 2 weeks 5 days 12 hours ago) and read 7197 times:

I was just reading an MSN article about teh new TSA Blog and the Laptop item came up. Well it appears TSA was doing a pilot at 10 locations. You must remove all eltric items and verify they work, such as tunring them on or signing in.

User currently offlineNorthwestair From Poland, joined Jul 2001, 650 posts, RR: 4
Reply 10, posted (6 years 10 months 2 weeks 5 days 12 hours ago) and read 7155 times:

I have no problem if the Custom Agents wants to see my laptop or cell phone. I have been detained a couple of times on my return back to the US from Europe. Most of the times it is for a couple of hours.


I don't care who you fly just as long as you fly
User currently offlineScbriml From United Kingdom, joined Jul 2003, 12894 posts, RR: 46
Reply 11, posted (6 years 10 months 2 weeks 5 days 12 hours ago) and read 7136 times:
Support Airliners.net - become a First Class Member!



Quoting Airbazar (Reply 8):
IIRC you cannot travel outside of the US with encryption software that has a key length greater than 64 bits.

I'm pretty sure the bar was raised to 128-bits several years ago.

My WiFi router at home supports 128-bit encryption.



Time flies like an arrow, but fruit flies like a banana! #44cHAMpion
User currently offlineJbernie From Australia, joined Jan 2007, 880 posts, RR: 0
Reply 12, posted (6 years 10 months 2 weeks 5 days 11 hours ago) and read 7070 times:



Quoting Delta11 (Reply 9):
I was just reading an MSN article about teh new TSA Blog and the Laptop item came up. Well it appears TSA was doing a pilot at 10 locations. You must remove all eltric items and verify they work, such as tunring them on or signing in.

At what point is proof of function obtained? I would think if you can power a device on to a login screen that is proof.

Keep in mind folks, if you are using an operating system that allows more than one login id AND those login ids can be restricted access all you would need to do is have an alternate login id that you grant almost zero access to, you can sign on to the pc with that and if required open say MS Word and thats all. If your security is setup correctly then that ID won't be able to access any data files on the system from the normal login.

Although times have changed over the past 7 years or so I was under the impression that "power on" was sufficent proof as you wouldn't power on a device knowing full well it was a bomb that you intended to use on the aircraft.

When I flew DEN-SYD-DEN at the end of 2005 I took my personal laptop with me which has a power on password, at no point during the trip was i requested to show fuinctionality, it did go through all the scanners as required.


User currently offlineA380US From United States of America, joined Mar 2007, 2358 posts, RR: 0
Reply 13, posted (6 years 10 months 2 weeks 5 days 11 hours ago) and read 7025 times:



Quoting Jawed (Thread starter):

How would you react? What if you are using PGP Whole Disk Encryption or TrueCrypt, would you type in the password?

um.. excuse me but what is this?



www.JandACosmetics.com
User currently offlineHB88 From United Kingdom, joined Sep 2005, 817 posts, RR: 31
Reply 14, posted (6 years 10 months 2 weeks 5 days 11 hours ago) and read 6976 times:

Given the way things are going, my general policy is not to travel to the US on business unless it is absolutely necessary.

My laptop contains material which I would have to refuse being examined or copied by a non-company party. It's as simple as that. I could (and probably should) lose my job if I allowed such a breach of security to occur. Can anyone seriously argue that Customs & TSA are competent to securely access confidential information and then assess what they are looking at? Once copied, confidential material is extremely difficult if not impossible to control - and that's when competent security protocols are in place.

The sensible option would be to take a clean laptop and just put the docs on an ftp server somewhere. A little slow but viable. Otherwise, put sensitive stuff on a USB stick and stuff it in an obscure pocket/laptop pouch. With capacities of micro SD cards reaching 8GB, that's ample and they are only a few mm square. Emails are a problem though for companies who don't have webmail for remote access (and hence no email being stored on your local laptop).

Otherwise - a videoconference or teleconference can avoid US travel.

I travel routinely to some quite 'difficult' countries and the US by far involves the most hassle & the most breaches of human rights (all of which are suspended when you enter the customs/immigration/security slime engine).

How can you guys in the land o' the free be allowing this sort of nonsense to go on?


User currently offlineChrisI1024 From , joined Dec 1969, posts, RR:
Reply 15, posted (6 years 10 months 2 weeks 5 days 10 hours ago) and read 6947 times:



Quoting Jbernie (Reply 12):
Keep in mind folks, if you are using an operating system that allows more than one login id AND those login ids can be restricted access all you would need to do is have an alternate login id that you grant almost zero access to, you can sign on to the pc with that and if required open say MS Word and thats all.

They can still confiscate your laptop, clone your drive, and then examine the files. Or, if they are paying attention, could ask you to log in with an account with administrative access to the laptop. If you can't or won't, confiscate and clone.

Quoting A380US (Reply 13):
um.. excuse me but what is this?

Encryption software. Punch them into Google for more info.


User currently offlineCrewchief From , joined Dec 1969, posts, RR:
Reply 16, posted (6 years 10 months 2 weeks 5 days 10 hours ago) and read 6901 times:



Quoting ChrisI1024 (Reply 15):
They can still confiscate your laptop, clone your drive, and then examine the files.

So maybe the answer is to keep all the files on a Ironkey  Wink

Actually, the issue isn't technical, it's legal. Although I'm not a lawyer, I can't imagine TSA having any right to randomly insist on viewing what's on a hard drive.


User currently offlineSBBRTech From Brazil, joined Jul 2007, 722 posts, RR: 0
Reply 17, posted (6 years 10 months 2 weeks 5 days 10 hours ago) and read 6886 times:



Quoting Airbazar (Reply 8):
IIRC you cannot travel outside of the US with encryption software that has a key length greater than 64 bits. I don't know who's job it is to enforce it but if you're caught re-entering the country with such software on your laptop and without the required authorization, you better have a good lawyer.

Really ??? That sounds creepy. Never mind the absurd of going thru the very software installed in the laptops, what about the time they'll spend doing sweep searches? Do you just stand there waiting for the guy to read your registry?



"I'm beginning to get the hang of this flying business" - C3PO
User currently offlineChrisI1024 From , joined Dec 1969, posts, RR:
Reply 18, posted (6 years 10 months 2 weeks 5 days 9 hours ago) and read 6822 times:



Quoting Airbazar (Reply 8):
IIRC you cannot travel outside of the US with encryption software that has a key length greater than 64 bits.

Not quite. A company cannot export encryption products above a certain strength because it's classified as a munition. Having some form of strong encryption on a personal laptop that you take in and out of the country isn't a problem.

Quoting Crewchief (Reply 16):
Although I'm not a lawyer, I can't imagine TSA having any right to randomly insist on viewing what's on a hard drive.

This is pretty much what's happening. If TSA/CBP decides that for whatever reason you're suspicious, they can decide to go through your stuff. Their reasoning is that just because a document is in electronic format, it doesn't exempt it from a search.


User currently offline2175301 From United States of America, joined May 2007, 1085 posts, RR: 0
Reply 19, posted (6 years 10 months 2 weeks 5 days 4 hours ago) and read 6568 times:



Quoting ChrisI1024 (Reply 15):
They can still confiscate your laptop, clone your drive, and then examine the files. Or, if they are paying attention, could ask you to log in with an account with administrative access to the laptop. If you can't or won't, confiscate and clone.

If your files are encrypted with a good encryption software they might clone your drive - but will not be able to read the files. It is true that all encryption's can be broken with enough resources. But the cost far exceeds anything of value unless you are dealing with the most sensitive secrets (think on the line of having a dedicated supercomputer for a while , perhaps weeks, to break a good encrypted file password).

Companies and people doing business with military and certain government services are required to have all work data files - and even correspondence files - encrypted on all computers.


I would not type in my password for any screening agent from any branch of the government. If you are working the the fields that require encryption you would be violating a federal statute. Even if not - it is just not a good idea.

For those looking to prove your computer is functional. May I suggest opening up solitaire of some other simple game - which will not be encrypted.

I have nothing per say secret on my personal computer... but, given the way things are going I'm beginning to think I should encrypt it just to prevent law enforcement from finding something they consider criminal.


User currently offlineAirbazar From United States of America, joined Sep 2003, 8660 posts, RR: 10
Reply 20, posted (6 years 10 months 2 weeks 4 days 16 hours ago) and read 6369 times:



Quoting Scbriml (Reply 11):
I'm pretty sure the bar was raised to 128-bits several years ago.

I think you're right.

Quoting Crewchief (Reply 16):
Although I'm not a lawyer, I can't imagine TSA having any right to randomly insist on viewing what's on a hard drive.

Why? Whether you like it or not, they have just as much right to search your laptop as they do to search your suitcase, or your internal organs  Smile

Quoting ChrisI1024 (Reply 18):
Having some form of strong encryption on a personal laptop that you take in and out of the country isn't a problem.

Oh yes it is. Just because no one bothers to look it doesn't mean it's legal. You cannot take any form of "strong" encryption outside of the country, without authorization. It's that simple. Can you imagine the loggistics of inspecting and tracking every single electronic device leaving and entering the country? That's why no one's looking for the ost part. They'll just go after the big fish instead. There are plenty of documented cases around. I stopped carrying my work laptop with me when I travel overseas, the day my employer decided to encrypt the hard disk because they couldn't give me a straight answer about what encryption is used and whether I was allowed to take it out of the country.


User currently offlineCpd From Australia, joined Jun 2008, 4881 posts, RR: 37
Reply 21, posted (6 years 10 months 2 weeks 4 days 15 hours ago) and read 6352 times:

I would object to this if it were a corporate laptop, because the customs people have not gone through the corporate security screening, how can we be certain that they are not going to do all sorts of unethical things with sensitive information.

Yes, customs people are supposed to be ethical and trustworthy, but in this day and age, anything is possible and what is to stop them selling sensitive business plans, or new product proposals to the highest bidder?

Just as security agencies are adopting a very stringent attitude towards security, so should organisations whose staff have to deal with these kinds of customs issues. Corporations should always adopt best practice security measures for their data and intellectual property for these very reasons.


User currently offlineAzhobo From United States of America, joined Jun 2007, 348 posts, RR: 0
Reply 22, posted (6 years 10 months 2 weeks 4 days 11 hours ago) and read 6217 times:



Quoting ChrisI1024 (Reply 18):
Their reasoning is that just because a document is in electronic format, it doesn't exempt it from a search.

Finally someone with some sense on the issue. How is a laptop any different then allowing them to go through your luggage from a legal standpoint? Not.

If you feel your rights are being violated for laptop search, then you should be equally adamant by standing up against them accessing your luggage, and person.

Leaving this country does allow them to have access your laptop because of export laws. Not sure about entering the US though.

HOBO


User currently offlineUzimmermann From United States of America, joined Dec 2006, 61 posts, RR: 0
Reply 23, posted (6 years 10 months 2 weeks 4 days 11 hours ago) and read 6176 times:

Here is a link for the 2000 version of the Encryption Export laws:

http://epic.org/crypto/export_controls/regs_1_00.html

One of the top parts is:

Quote:
This regulation also implements changes for encryption items made by the Wassenaar Arrangement, including: conversion of Category 5- Part 2 (Information Security) of the Commerce Control List (CCL) to a positive list; creation of a Cryptography Note and removal of encryption software from the General Software Note; decontrol of 64-bit mass market software and commodities, including components; and decontrol of certain 512-bit key management products.



User currently offlineJbernie From Australia, joined Jan 2007, 880 posts, RR: 0
Reply 24, posted (6 years 10 months 2 weeks 4 days 3 hours ago) and read 6011 times:

It would be good if there was a common international standard to demonstrate electronic device functionality so when a traveller is stopped they know what is expected of them.

It doesn't need to be anything fancy...
cell phone: power on and dial a # (no need to send just press #s)
laptop: power on, login and open any application (even solitaire  Smile)
razor/shaver: power on and activate device
music player: power on and select & start playing one song
all other devices: power on and show basic functionality

Traveller is allowed access to a power outlet in case battery is dead from use on flight. ie if you were using the laptop on flight in economy with no external power source.

Nothing too fancy.


25 Ebs757 : If I were asked to give the password to my computer I would probably give it to them to save time and energy... I have nothing to hide...except probab
26 L-188 : I think I heard a story on the news that a lot of companies when they are sending their people to the US are now sending them with wiped computers and
27 Crewchief : Although you are technically correct in saying "they have just as much right", I think the implementation of the right is the issue. They don't have
28 ChrisI1024 : Can you document this? This doesn't make sense because strong encryption products are widely available outside of the United States.
29 A380US : At first i wasn't sure if this was legal but later spoke to my lawyer and found out that they are 100% allowed to do this sounds a but ridiculous thou
30 Zippyjet : Attention TSA: you better appreciate my porn collection. Today show and tell with my laptop; tomorrow, spread those cheeks for big brother to see.
31 Nucsh : It doesn't matter whether or not you have anything to hide, it's the principle of the thing.
32 Ebs757 : Well im not going to sit there and argue with someone with tons of people in line. Its not like your gonna be like "no im not giving it to you" and t
33 Brons2 : It would be a violation of state (Texas Administrative Code, Section 202) and federal (FERPA) law for me to supply my work password to a TSA screener
34 2175301 : This practice is quite common for many companies worldwide - for any travel anywhere. But you misstate the reason. It is to avoid commercial espionag
35 Post contains links Mymiles2go : The TSA addressed this in thier blog pretty clearly over the past few days: http://www.tsa.gov/blog/2008/02/rumor-alert-laptops.html "TSA does not and
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
UPS DC8 Fire In PHL Caused By Laptop Batteries? posted Sun Jul 16 2006 04:05:14 by Mikey711MN
Where Can Search For Flights By Segments? posted Mon Feb 7 2005 22:36:34 by Alespesl
UN Security Council Chief Stopped By Miami's TSA posted Sun Jan 16 2005 02:58:59 by ARGinMIA
Woman Prefers Driving Home Instead Of TSA Search posted Mon Oct 11 2004 15:57:25 by CPH-R
All Commercial Airlines Subject To TSA Search? posted Mon Dec 16 2002 04:13:34 by FLY777UAL
Complaints Of TSA Electonic Item Searches posted Thu Feb 7 2008 07:46:02 by LTBEWR
Largest Cities NOT Served By Legacies posted Tue Feb 5 2008 07:46:14 by Cubsrule
BA's Next Fleet Decision By Year End posted Mon Feb 4 2008 02:30:13 by Scbriml
Questionable Claims By Airlines posted Fri Feb 1 2008 16:39:45 by Pa747sp
SNECMA/GE Could Have New NB Powerplant By 2015 posted Fri Feb 1 2008 16:01:02 by Stitch