Canadian Border Patrol Charge Traveler With 'Obstruction' For Refusing To Give Up His Phone Password
from the don't-travel-to-canada dept
I've traveled to many different countries in my life and the only time I've ever had any trouble at all at a border crossing was flying into Canada for a conference one time. I was pulled out of the line and sent to a special side room where I was quizzed about the real reasons I was coming to Canada. They couldn't believe I was speaking at a conference, because I didn't have a paper invite, and had to dig through my emails to show them it in email (thankfully, I stored my emails locally and didn't need internet access). When I tell that story it shocks some people, as Canada has always had a reputation as a fairly easy border to cross -- especially for Americans.But apparently the Canadians are stepping up their crazy antagonism at the border. The latest story involve Alain Philippon, a Canadian citizen who was returning from a trip to the Dominican Republic. Upon landing in Halifax he was ordered to cough up the password to his smartphone, and upon refusing, was charged with obstructing border officials:
A Quebec man charged with obstructing border officials by refusing to give up his smartphone password says he will fight the charge.In the US, there have been a number of cases concerning searches of computers and electronic devices at the border, with an unfortunately large number saying that you really don't have privacy rights at the border. Of course, it's not universal, as at least one important court has ruled otherwise. Up in Canada, however, there apparently hasn't been much caselaw on this issue, so assuming Philippon fights this, it could make for a very interesting case.
[....]
Philippon had arrived in Halifax on a flight from Puerto Plata in the Dominican Republic. He's been charged under section 153.1 (b) of the Customs Act for hindering or preventing border officers from performing their role under the act.
According to the CBSA, the minimum fine for the offence is $1,000, with a maximum fine of $25,000 and the possibility of a year in jail.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: alain philippon, border, border search, canada, encryption, mobile phone, passwords, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
http://www.dailymail.co.uk/news/article-2681620/Computer-student-suspected-hacking-police-websi tes-jailed-refusing-hand-password-authorities.html
[ link to this | view in chronology ]
Re: Re:
I don't know that it would be one or the other. It seems likely they would both charge him with one or more felonies and seize his stuff.
[ link to this | view in chronology ]
Re:
Not at the border. The U.S. border is a constitution-free zone where constitutional rights don't apply.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Hello, Harper's office?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
FTFY
[ link to this | view in chronology ]
Another of my co-workers was an idiot when they started to question him, asking him "could a Canadian do the job you're here to do". The co-worker basically said "well yeah I guess I'm just taking a job away from a good hard working Canadian", and was denied entry to Canada.
[ link to this | view in chronology ]
Re:
It's routine for Canadian citizens driving to Florida for winter vacation to be stopped and shaken down by the police. Since the US Gov't now allows for money and property to be confiscated a lot of Canadian citizens are suddenly finding themselves with no car or cash on the side of the highway. We hear of and read these stories almost daily in the Canadian press-of course there's going to be retaliation by the Canadian version of TSA/Homeland Security. And, it will get worse, if Trudeau becomes PM expect the next POTUS and his entourage to get the "treatment" when he comes to Canada on official business.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
at least still alive
[ link to this | view in chronology ]
Re: at least still alive
[ link to this | view in chronology ]
Glenn Greenwald's husband's refusal to reveal his password resulted in the US/UK government [apparently] cracking it open almost instantly, suggesting that either he was a fool who used a very weak password (or maybe relying the Windows XP password?) -- or governments have some extremely powerful computers at their disposal. .... More likely the latter.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
If you're crossing a border, you might want to remove all cloud service apps and any signs that you use one.
[ link to this | view in chronology ]
Re: Re: Re:
The odds of randomly catching someone is so infinitesimal it's a waste of time.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Those email, DropBox and other cloud accounts are all accessed from my phone. That's the whole *point* of cloud services, letting me access them from anywhere.
Even with separate passwords, it's not a big leap from demanding your phone password to demanding the passwords for services set up on your phone. For many people, the demanded password to get into their phone will provide access to their email, cloud and social media accounts with no further security checks needed.
Many people - especially those who provide tech support - have other people's passwords and other personal information. Handing it all to border officials - who knows where it will go from there - is a big deal. The government doesn't have a great record for keeping data secret.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
roll your own. don't depend on free cloud services
flatten & reinstall before you leave.
and one "app" to rule them all: the web browser. no bookmarks, never remember history/delete on exit; problem solved
not that i have anything to hide, but its NONE OF THEIR BUSINESS what i do
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Funny you should mention that. I have a static IP address with my own web server and mail/calendar/document server. (It has an excellent web interface.) I have a network drive - one of those "own your own cloud" devices - also accessible via an app across the internet.
But my phone and table log into the mail/calendar/document server, protected only by both device's passwords. Once a border official has those passwords, they have access to a whole lot of information not actually on the devices.
The official could also load the app for the drive, but I've told that to NOT store the password. Still, if the official can demand the password for the phone, he can demand passwords for apps on the phone.
Your solution is what I've said above: If you're crossing a border, you might want to remove all email accounts, cloud service apps and any signs that you use one.
A border official will find the lack of email accounts and other apps "suspicious."
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Create an email account with one of the free providers, and use it for those web services where you need an email account to create an account with them, like on-line stores.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
If governments can use hacker practices against us, we can respond with the defences previously used against hackers.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: great new-gee-whiz thing called the intarwebz
[ link to this | view in chronology ]
Re: Re: great new-gee-whiz thing called the intarwebz
With apple or Android you could just wipe out the phone before you get to the border.
Show the agents a completely fresh install and then do a restore when you get somewhere with wifi.
[ link to this | view in chronology ]
Re:
A quick Google search shows numerous stenography apps on all major portable OSes. I'm not sure how good/effective they actually are, but they certainly seem to exist.
"More likely the latter."
Nope, he simply had the typical layman's approach to security:
http://arstechnica.com/tech-policy/2013/08/partner-of-nsa-leaks-reporter-carried-paper-with -password-says-uk/
As ever, the weak link was the human factor. I'm sure they have some capabilities, but brute force against good encryption is never the first option.
http://xkcd.com/538/
[ link to this | view in chronology ]
Re:
All of them. Tablets/phones are computers, just with a phone system attached, and if the phone is Android then it's Linux -- and you can do all the same partitioning tricks, etc. that you can do on any other Linux computer.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
There probably are some things you can't do, but I haven't found them yet. However, you can't do them with the stock ROM out of the box. You need to root the device, and from there you can replace the crippled versions of important Linux binaries with the real ones. I also have recompiled a number of desktop linux tools and run them on my phone without issue.
In other words, if you treat your tablet/phone as if it were a general purpose computer, then it behaves like a general purpose computer.
[ link to this | view in chronology ]
"Customs is seeking the automatic right to require people to disclose passwords to their electronic devices when entering New Zealand.
Failing to do so without reasonable excuse should be an offence punishable by three months prison, Customs has suggested.
It said the power would be useful in helping detect objectionable material and evidence of other offending, such as drugs offences, as well as to verify people's travel plans."
more
http://www.stuff.co.nz/technology/digital-living/66980041/customs-password-plan-slammed-b y-labour-greens
[ link to this | view in chronology ]
Re:
A three month prison sentence for refusal to hand over your electronics and everything they are connected to to border agents simply because they feel like browsing? Nothing in NZ is worth that risk.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
(You are right, of course.)
[ link to this | view in chronology ]
Re: Re:
oh crap, i live here...
ain't no such thing as 'unreasonable search/seizure' any more...
[ link to this | view in chronology ]
Re: Re:
Maybe just leave the electronics at home (would the phone even work there?) or factory reset before landing.
[ link to this | view in chronology ]
Re: No need to leave electronics at home
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
There, at least, the judge was firmly of the opinion that compelling an individual to divulge their password was unacceptable.
But of course, things are different at the border.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Odds are they'd just toss you in a cell for a few hours to 'refresh your memory'.
[ link to this | view in chronology ]
Re: Re:
Unless you're prime minister Harper or his government. then it's self-evident.
[ link to this | view in chronology ]
Re: Re:
One word: waterboarding.
Just waterboard the guy to within an inch of his life, and especially after months or years of that, and he'll be confessing everything he knows, as well as a lot of made-up things, but talk he will. When all his forcibly-extracted confessions lead to dead ends, then he's obviously lying --and therefore innocent-- and can be released to make room for the next waterboardee.
... and the next, and the next, and the next, until you finally find someone whose confessions of crime actually pan out -- proving that torture works!
[ link to this | view in chronology ]
Prior to crossing the border,
When Dudley Do-Right turns on your phone, bzzt & it's erased!
Once you cross the border, tell Apple/Google that you've found it again prior to turning it on.
[ link to this | view in chronology ]
Re: Prior to crossing the border,
Doesn't that permanently brick an iPhone?
[ link to this | view in chronology ]
Bruce Schneier's Border Crossing Tips
Technically, this key doesn't directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive -- that's how the software allows multiple users.
So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.
Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won't be able to recover your hard drive without it.
Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.
Step Four: Board your plane normally and use your computer for the whole flight.
Step Five: Before you land, delete the key you normally use.
At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There's no need to lie to the customs official; you can even show him a copy of this article if he doesn't believe you.
Step Six: When you're safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.
https://www.schneier.com/blog/archives/2009/07/laptop_security.html
[ link to this | view in chronology ]
[ link to this | view in chronology ]
But yeah, a judge ruled not long ago that cops were not allowed to search your phone in the US, in Canada the opposite happened. We have something that should be even better than the Bill of Rights, the Canadian Charter of Freedom and Liberties which is attached to the Constitution...but Harper just ignores it, he somehow gets away with it, because his base are in a way even more repugnant than the Republican base. Be glad that creep can't be President of the US. His hubris knows no bounds, thankfully he spent most of his reign in a minority government being blocked at every oppurtunity. He'd be so pissed off to end up in minority again this October that he would probably start playing his cards more rashly and have Canadians hate him even more. Remember,the guy got in with a 38% vote with a majority government in 2011, he doesn't represent Canada or Canadian values at all, considering most who vote for him don't even know why. The first time he got in as minority it was only "for a change! we want change! 16 years of the Liberals is too much!". Well, I hope they see what a really evil sonofabitch they voted randomly in for the sake of change.
[ link to this | view in chronology ]