Canadian Border Patrol Charge Traveler With 'Obstruction' For Refusing To Give Up His Phone Password

from the don't-travel-to-canada dept

Fri, Mar 6th 2015 6:11am — Mike Masnick

I've traveled to many different countries in my life and the only time I've ever had any trouble at all at a border crossing was flying into Canada for a conference one time. I was pulled out of the line and sent to a special side room where I was quizzed about the real reasons I was coming to Canada. They couldn't believe I was speaking at a conference, because I didn't have a paper invite, and had to dig through my emails to show them it in email (thankfully, I stored my emails locally and didn't need internet access). When I tell that story it shocks some people, as Canada has always had a reputation as a fairly easy border to cross -- especially for Americans.

But apparently the Canadians are stepping up their crazy antagonism at the border. The latest story involve Alain Philippon, a Canadian citizen who was returning from a trip to the Dominican Republic. Upon landing in Halifax he was ordered to cough up the password to his smartphone, and upon refusing, was charged with obstructing border officials:

A Quebec man charged with obstructing border officials by refusing to give up his smartphone password says he will fight the charge.

[....]

Philippon had arrived in Halifax on a flight from Puerto Plata in the Dominican Republic. He's been charged under section 153.1 (b) of the Customs Act for hindering or preventing border officers from performing their role under the act.

According to the CBSA, the minimum fine for the offence is $1,000, with a maximum fine of $25,000 and the possibility of a year in jail.

In the US, there have been a number of cases concerning searches of computers and electronic devices at the border, with an unfortunately large number saying that you really don't have privacy rights at the border. Of course, it's not universal, as at least one important court has ruled otherwise. Up in Canada, however, there apparently hasn't been much caselaw on this issue, so assuming Philippon fights this, it could make for a very interesting case.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alain philippon, border, border search, canada, encryption, mobile phone, passwords, privacy

57 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 6 Mar 2015 @ 6:25am

In US you can be compelled to give up your fingerprint, password or other "mental exercise" needs a warrant.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 6:26am

Monkey see, monkey do, eh?
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 6:32am

Good for him. People should be more willing to stand up for their rights, lest they be taken away.
[ link to this | view in thread ]
Shawn (profile), 6 Mar 2015 @ 6:41am

Re:
If this were to be a US story they would not charge him with obstruction. They would either refuse him entry into the country unless he complied or they would hold the phone and any other electronics in his possession and make life hell in getting his stuff back. There is more than one we to be a dick.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 6:43am

I've heard of plenty of horror stories at the Canadian border at my company. One of my co-workers was even flat out told by a Canadian border agent that if it wasn't for NAFTA they wouldn't have even let him in.

Another of my co-workers was an idiot when they started to question him, asking him "could a Canadian do the job you're here to do". The co-worker basically said "well yeah I guess I'm just taking a job away from a good hard working Canadian", and was denied entry to Canada.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 6:44am

Stories like these are infuriating, because from this you can tell where their trying to take us, its british imperialism/nazizism all over again, were on the cusp of history repeating itself
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:04am

at least still alive
didn't tase you to death and lie about it
[ link to this | view in thread ]
David (profile), 6 Mar 2015 @ 7:05am

Re:
Good for him. People have not been willing to stand up for their rights, so they have been taken away.

FTFY
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:16am

Re: at least still alive
He appears to have died of 6 natural causes to the back of the head.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:30am

I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?

Glenn Greenwald's husband's refusal to reveal his password resulted in the US/UK government [apparently] cracking it open almost instantly, suggesting that either he was a fool who used a very weak password (or maybe relying the Windows XP password?) -- or governments have some extremely powerful computers at their disposal. .... More likely the latter.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:38am

Re: Re:
The UK is much worse, and for at least several years, people there have been jailed for refusing to reveal passwords, one of the "features" of the country's anti-terrorism laws.

http://www.dailymail.co.uk/news/article-2681620/Computer-student-suspected-hacking-police-websi tes-jailed-refusing-hand-password-authorities.html
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:43am

Nuttiness in NZ too:

"Customs is seeking the automatic right to require people to disclose passwords to their electronic devices when entering New Zealand.

Failing to do so without reasonable excuse should be an offence punishable by three months prison, Customs has suggested.

It said the power would be useful in helping detect objectionable material and evidence of other offending, such as drugs offences, as well as to verify people's travel plans."

more

http://www.stuff.co.nz/technology/digital-living/66980041/customs-password-plan-slammed-b y-labour-greens
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 7:47am

Re:
why would you even try to hide things on your person? there's this great new-gee-whiz thing called the intarwebz that allow you to transfer your data after you've crossed the border.
[ link to this | view in thread ]
PaulT (profile), 6 Mar 2015 @ 7:51am

Re:
"I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?"

A quick Google search shows numerous stenography apps on all major portable OSes. I'm not sure how good/effective they actually are, but they certainly seem to exist.

"More likely the latter."

Nope, he simply had the typical layman's approach to security:

http://arstechnica.com/tech-policy/2013/08/partner-of-nsa-leaks-reporter-carried-paper-with -password-says-uk/

As ever, the weak link was the human factor. I'm sure they have some capabilities, but brute force against good encryption is never the first option.

http://xkcd.com/538/
[ link to this | view in thread ]
That One Guy (profile), 6 Mar 2015 @ 7:57am

Re:
Note to self: Add New Zealand to 'Never visit' list.

A three month prison sentence for refusal to hand over your electronics and everything they are connected to to border agents simply because they feel like browsing? Nothing in NZ is worth that risk.
[ link to this | view in thread ]
John Fenderson (profile), 6 Mar 2015 @ 8:03am

Re:
"I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?"

All of them. Tablets/phones are computers, just with a phone system attached, and if the phone is Android then it's Linux -- and you can do all the same partitioning tricks, etc. that you can do on any other Linux computer.
[ link to this | view in thread ]
Roger Strong (profile), 6 Mar 2015 @ 9:03am

Re:
It's true. The War of 1812 started when the British Navy boarded American merchant vessels and demanded crew members' smartphone passwords.
[ link to this | view in thread ]
sorrykb (profile), 6 Mar 2015 @ 9:03am

Re: Re:
It is still just a proposal. A terrible proposal, but at least that's all it is. So far.
The proposal is one of several canvassed in a discussion paper on a review of the Customs and Excise Act that was released by Customs yesterday, none of which are official government policy.

[ link to this | view in thread ]
mattshow (profile), 6 Mar 2015 @ 9:04am

I dug around for some Canadian caselaw on this last year and all I came up with was a single Quebec Court of Appeal case: R. c. Boudreau-Fontaine.

There, at least, the judge was firmly of the opinion that compelling an individual to divulge their password was unacceptable.

[39] I note that it orders the respondent to disclose his password#s# [translation] "in order to establish that the computer was connected to the Internet by Mr. Boudreau-Fontaine, thus breaching the conditions of his probation." In other words, the justice of the peace was commanding the appellant to give essential information with the specific intent of having him incriminate himself. I cannot see how the criminal law can allow such an order. It should be noted that the respondent complied with the order but that he certainly would not have done so without it, proof being that he refused to speak with the police officers about the events of September 19 when he was arrested. As the respondent wrote in his written argument, this order raises the issues of the right to silence, the right to be presumed innocent, the right not to be conscripted against oneself, and the protection against self-incrimination. Commanded to participate in the police investigation and to give crucial information, contrary to his constitutional rights, the respondent made a statement #identification of his password# that is inadmissible and that renders the subsequent seizure of the data unreasonable. In short, even had the seizure been preceded by judicial authorization, the law will not allow an order to be joined compelling the respondent to self-incriminate.

[40] In R. v. Hebert, 1990 CanLII 118 #SCC#, [1990] 2 S.C.R. 151 at para. 47, McLachlin J. writes:

... the right to silence may be postulated to reside in the notion that a person whose liberty is placed in jeopardy by the criminal process cannot be required to give evidence against himself or herself, but rather has the right to choose whether to speak or to remain silent.

[41] Without necessarily being detained, the respondent was compelled to participate in his self-incrimination and was given no choice in the matter: he had to help the police officers convict him. This approach is unacceptable.

But of course, things are different at the border.
[ link to this | view in thread ]
Roger Strong (profile), 6 Mar 2015 @ 9:12am

Re: Re:
If they can demand your phone password, it's not a big leap to them demanding the password to the cloud service or social media account set up on your phone.

If you're crossing a border, you might want to remove all cloud service apps and any signs that you use one.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 9:17am

Re:
"In US you can be compelled to give up your fingerprint, password or other "mental exercise" needs a warrant."

Not at the border. The U.S. border is a constitution-free zone where constitutional rights don't apply.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 9:26am

What if you did not know your password at the border? Say you changed it before leaving, securely transmitted it to a trusted third party, and then deleted it from your records?
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 9:31am

Re: Re: Re:
But why should they even care? You're not likely to be "smuggling" things in on your phone. The only thing that could be on your phone is ethereal proprietary IP which can just as easily be emailed, or dropboxed or transmitted any number of ways. And if did have something, Customs wouldn't even know it if they saw it.

The odds of randomly catching someone is so infinitesimal it's a waste of time.
[ link to this | view in thread ]
John Fenderson (profile), 6 Mar 2015 @ 9:40am

Re:
It's awfully hard to prove that you don't know something.
[ link to this | view in thread ]
That One Guy (profile), 6 Mar 2015 @ 9:46am

Re: Re:
More 'utterly impossible', given they wouldn't take 'no' or 'I don't know it' for an answer.

Odds are they'd just toss you in a cell for a few hours to 'refresh your memory'.
[ link to this | view in thread ]
That One Guy (profile), 6 Mar 2015 @ 9:53am

Re: Re: Re:
'Yet' is the key there though, it's not official government policy yet, and given how insane the government over their seems to be at times, it wouldn't be worth the risk for people to test it.
[ link to this | view in thread ]
anonymous me, 6 Mar 2015 @ 9:55am

Re:
This. Many times, this.

Hello, Harper's office?
[ link to this | view in thread ]
Anon, 6 Mar 2015 @ 10:22am

Re: Re:
>It's awfully hard to prove that you don't know something.

Unless you're prime minister Harper or his government. then it's self-evident.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 10:43am

Re:
1990? There were no terrorists or paedophiles in 1990 !
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 10:48am

Re: Re:
Android is Linux based and a stripped down version at that. iOS is too for that matter. You can't do ALL of the same things but there are plenty that you can do.
[ link to this | view in thread ]
Roger Strong (profile), 6 Mar 2015 @ 11:07am

Re: Re: Re: Re:
...can just as easily be emailed, or dropboxed or transmitted any number of ways.

Those email, DropBox and other cloud accounts are all accessed from my phone. That's the whole *point* of cloud services, letting me access them from anywhere.

Even with separate passwords, it's not a big leap from demanding your phone password to demanding the passwords for services set up on your phone. For many people, the demanded password to get into their phone will provide access to their email, cloud and social media accounts with no further security checks needed.

Many people - especially those who provide tech support - have other people's passwords and other personal information. Handing it all to border officials - who knows where it will go from there - is a big deal. The government doesn't have a great record for keeping data secret.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 11:12am

Prior to crossing the border,
turn your phone off & tell Apple/Google/... that it's been stolen.

When Dudley Do-Right turns on your phone, bzzt & it's erased!

Once you cross the border, tell Apple/Google that you've found it again prior to turning it on.
[ link to this | view in thread ]
sorrykb (profile), 6 Mar 2015 @ 11:28am

Re: Re: Re: Re:
Sure... scoff at my desperate and feeble attempts to find hope.

(You are right, of course.)
[ link to this | view in thread ]
art guerrilla (profile), 6 Mar 2015 @ 11:30am

Re: Re:
note to self: add US to 'never visit' list...
oh crap, i live here...

ain't no such thing as 'unreasonable search/seizure' any more...
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 11:41am

Re: Re: Re: Re: Re:
the price of freedom is eternal vigilance

roll your own. don't depend on free cloud services

flatten & reinstall before you leave.

and one "app" to rule them all: the web browser. no bookmarks, never remember history/delete on exit; problem solved

not that i have anything to hide, but its NONE OF THEIR BUSINESS what i do
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 11:49am

Re: Re: Re:
IOS is BSD derived, but has been bastardized by Apple.
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 11:57am

Re: Re: Re: Re:
I misspoke there but the point is still the same. Yes iOS is BSD derived which is based on System V architecture which is different than Linux. However those differences are mostly organizational in nature rather than functionality as it relates to the topic at hand. The fact is that almost all UNIX derived systems that have not been stripped down for a specialized purpose contain those same features.
[ link to this | view in thread ]
Roger Strong (profile), 6 Mar 2015 @ 12:51pm

Re: Re: Re: Re: Re: Re:
> roll your own. don't depend on free cloud services

Funny you should mention that. I have a static IP address with my own web server and mail/calendar/document server. (It has an excellent web interface.) I have a network drive - one of those "own your own cloud" devices - also accessible via an app across the internet.

But my phone and table log into the mail/calendar/document server, protected only by both device's passwords. Once a border official has those passwords, they have access to a whole lot of information not actually on the devices.

The official could also load the app for the drive, but I've told that to NOT store the password. Still, if the official can demand the password for the phone, he can demand passwords for apps on the phone.

Your solution is what I've said above: If you're crossing a border, you might want to remove all email accounts, cloud service apps and any signs that you use one.

A border official will find the lack of email accounts and other apps "suspicious."
[ link to this | view in thread ]
Anonymous Coward, 6 Mar 2015 @ 1:05pm

Bruce Schneier's Border Crossing Tips
Step One: Before you board your plane, add another key to your whole-disk encryption (it'll probably mean adding another "user") -- and make it random. By "random," I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don't make it memorable. Don't even try to memorize it.

Technically, this key doesn't directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive -- that's how the software allows multiple users.

So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.

Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won't be able to recover your hard drive without it.

Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.

Step Four: Board your plane normally and use your computer for the whole flight.

Step Five: Before you land, delete the key you normally use.

At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There's no need to lie to the customs official; you can even show him a copy of this article if he doesn't believe you.

Step Six: When you're safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.

https://www.schneier.com/blog/archives/2009/07/laptop_security.html
[ link to this | view in thread ]
John Fenderson (profile), 6 Mar 2015 @ 1:06pm

Re: Re: Re:
"You can't do ALL of the same things but there are plenty that you can do."

There probably are some things you can't do, but I haven't found them yet. However, you can't do them with the stock ROM out of the box. You need to root the device, and from there you can replace the crippled versions of important Linux binaries with the real ones. I also have recompiled a number of desktop linux tools and run them on my phone without issue.

In other words, if you treat your tablet/phone as if it were a general purpose computer, then it behaves like a general purpose computer.
[ link to this | view in thread ]
nasch (profile), 6 Mar 2015 @ 3:02pm

Re: Re:
If this were to be a US story they would not charge him with obstruction. They would either refuse him entry into the country unless he complied or they would hold the phone and any other electronics in his possession and make life hell in getting his stuff back.

I don't know that it would be one or the other. It seems likely they would both charge him with one or more felonies and seize his stuff.
[ link to this | view in thread ]
nasch (profile), 6 Mar 2015 @ 3:07pm

Re: Re:
Note to self: Add New Zealand to 'Never visit' list.

Maybe just leave the electronics at home (would the phone even work there?) or factory reset before landing.
[ link to this | view in thread ]
nasch (profile), 6 Mar 2015 @ 3:08pm

Re: Prior to crossing the border,
turn your phone off & tell Apple/Google/... that it's been stolen.

Doesn't that permanently brick an iPhone?
[ link to this | view in thread ]
Kronomex, 6 Mar 2015 @ 3:17pm

It almost makes me want to put two tin cans (with an old cassette dictaphone taped to each can to record any missed messages)and a couple of hundred metres of string into a bag and then visit New Zealand. Can you imagine the fun that would occur when they open said bag?
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 1:15am

Re: Re: Re: Re: Re: Re: Re:
A border official will find the lack of email accounts and other apps "suspicious."

Create an email account with one of the free providers, and use it for those web services where you need an email account to create an account with them, like on-line stores.
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 6:41am

Re:
Lots of Canadians are angry with the US and they retaliate by making it personal.

It's routine for Canadian citizens driving to Florida for winter vacation to be stopped and shaken down by the police. Since the US Gov't now allows for money and property to be confiscated a lot of Canadian citizens are suddenly finding themselves with no car or cash on the side of the highway. We hear of and read these stories almost daily in the Canadian press-of course there's going to be retaliation by the Canadian version of TSA/Homeland Security. And, it will get worse, if Trudeau becomes PM expect the next POTUS and his entourage to get the "treatment" when he comes to Canada on official business.
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 8:55am

Re: Re:
"It's awfully hard to prove that you don't know something."

One word: waterboarding.

Just waterboard the guy to within an inch of his life, and especially after months or years of that, and he'll be confessing everything he knows, as well as a lot of made-up things, but talk he will. When all his forcibly-extracted confessions lead to dead ends, then he's obviously lying --and therefore innocent-- and can be released to make room for the next waterboardee.

... and the next, and the next, and the next, until you finally find someone whose confessions of crime actually pan out -- proving that torture works!
[ link to this | view in thread ]
Roger Strong (profile), 7 Mar 2015 @ 11:57am

Re: Re: Re: Re: Re: Re: Re: Re:
Good idea. Create a "honeypot" to deflect unauthorized use by the, er, authorities.

If governments can use hacker practices against us, we can respond with the defences previously used against hackers.
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 1:33pm

This is all the work of that creep Stephen Harper. He's losing ground and will most likely be out and his "Conservative" party too, when you have Albertans questioning whether they will vote Conservative or not you know he's in deep shit.

But yeah, a judge ruled not long ago that cops were not allowed to search your phone in the US, in Canada the opposite happened. We have something that should be even better than the Bill of Rights, the Canadian Charter of Freedom and Liberties which is attached to the Constitution...but Harper just ignores it, he somehow gets away with it, because his base are in a way even more repugnant than the Republican base. Be glad that creep can't be President of the US. His hubris knows no bounds, thankfully he spent most of his reign in a minority government being blocked at every oppurtunity. He'd be so pissed off to end up in minority again this October that he would probably start playing his cards more rashly and have Canadians hate him even more. Remember,the guy got in with a 38% vote with a majority government in 2011, he doesn't represent Canada or Canadian values at all, considering most who vote for him don't even know why. The first time he got in as minority it was only "for a change! we want change! 16 years of the Liberals is too much!". Well, I hope they see what a really evil sonofabitch they voted randomly in for the sake of change.
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 1:41pm

Re: Re: Re: Re:
Never owned a smartphone. Is there an sftp client for one of 'em ? That's what I'd use.
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 1:45pm

Re: Re:
Yeah, the place seems beautiful and the kiwis I know online are all very friendly. But that changes my views about visiting the country, ever, and I don't even have a smartphone (that is activated).
[ link to this | view in thread ]
Anonymous Coward, 7 Mar 2015 @ 1:47pm

Re: Re:
Well there were rapists, remember Glenn Beck?
[ link to this | view in thread ]
Sheogorath (profile), 7 Mar 2015 @ 3:30pm

Re:
GODWIN!
[ link to this | view in thread ]
John Fenderson (profile), 9 Mar 2015 @ 8:17am

Re: Re: Re: Re: Re:
Yes, there is.
[ link to this | view in thread ]
Captive Audience, 10 Mar 2015 @ 8:19pm

Re: great new-gee-whiz thing called the intarwebz
Some people need their device to do work while they travel. They could upload everything to the cloud and turn over the password to their brand spanking new, never used, clean OS install at the border in that case.
[ link to this | view in thread ]
Captive Audience, 10 Mar 2015 @ 8:24pm

Re: No need to leave electronics at home
Just bring your data-free electronics and access the cloud after crossing the border. Make sure it's totally clean with no connection to the cloud account with your REAL data. A BS account with all of your most boring family vacations and cat pictures is OK.
[ link to this | view in thread ]
Anonymous Coward, 11 Mar 2015 @ 6:41am

Re: Re: great new-gee-whiz thing called the intarwebz
That is something I didn't think about.
With apple or Android you could just wipe out the phone before you get to the border.
Show the agents a completely fresh install and then do a restore when you get somewhere with wifi.
[ link to this | view in thread ]