Travelers To New Zealand Now Face $3,000 Fines If They Don't Give Their Device Passwords To Customs Agents
from the Eye-of-Sauron-experience dept
New Zealand's "digital strip searches" of travelers' electronic devices are now backed by law. When we covered this last year, customs officials were already seizing devices and performing invasive searches. But a new twist has been added with the enactment of New Zealand's most recent customs law: compelled password production.
Travelers entering New Zealand who refuse to disclose passwords for their digital devices during forced searches could face prosecution and fines of more than $3,000, a move that border officials said Tuesday made the country the first to impose such penalties.
“We’re not aware of any other country that has legislated for the potential of a penalty to be applied if people do not divulge their passwords,” said Terry Brown, a New Zealand Customs spokesman. Border officials, he said, believe the new fine is an “appropriate remedy” aimed at balancing individuals’ privacy and national security.
There's an interesting juxtaposition in the spokesman's comments, suggesting mandatory password divulgement -- something no other free world country is doing -- is striking the right balance between privacy and national security.
The law applies to incoming visitors and returning citizens. The fine kicks in when password demands are refused, which also likely means the seizure of locked devices indefinitely. Supposedly, unlocked devices are searched for local files only -- with phones put into airplane mode -- but that's still an incredibly invasive search predicated on nothing more than someone's arrival in New Zealand.
Government officials are justifying the compelled password production with bad examples and terrible analogies. The so-called "Privacy Commissioner" tried to equate cellphones and other digital devices potentially containing thousands of personal files and communications with something containing the few belongings someone takes with them while traveling. (via Boing Boing)
Privacy Commissioner John Edwards had some influence over the drafting of the legislation and said he was "pretty comfortable" with where the law stood.
"There's a good balance between ensuring that our borders are protected ... and [that people] are not subject to unreasonable search of their devices."
"You know when you come into the country that you can be asked to open your suitcase and that a Customs officer can look at everything in there."
Socks, underwear... 700 personal photos, a few thousand personal communications… yeah, it's all pretty much the same thing. This is like saying customs can demand your house keys and dig through your belongings simply because you traveled out of New Zealand and returned home.
The inadvertent hilarity comes from the Customs Minister, who is probably even less concerned about personal privacy than the Privacy Commissioner is.
Customs Minister Kris Faafoi said the power to search electronic devices was necessary.
"A lot of the organised crime groups are becoming a lot more sophisticated in the ways they're trying to get things across the border.
"And if we do think they're up to that kind of business, then getting intelligence from smartphones and computers can be useful for a prosecution."
There are plenty of ways to get digital "things" across the border without carrying them on your person in some sort of electronic "suitcase" you know customs officials are going to take from you as soon as you enter the country. This may help catch some dumb criminals, but it's not going to have much of an effect on the "sophisticated" organized crime groups.
What will happen is lots of people not connected to any criminal enterprise will have their devices seized and searched just because. The new fine will discourage visitors from refusing Customs' advances, allowing officials to paw through their digital goods just like they do their clothing. And all the government can offer in response is that the ends justifies the means.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: borders, customs, device searches, new zealand, passwords, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
"Good thing I've already got New Zealand crossed off my list."
[ link to this | view in chronology ]
Re:
If I was a CEO or CTO, I wouldn't want to send any of my employees to NZ and potentially compromise our data. Imagine how much shit you could get into if they access confidential data from one of your clients that you signed an NDA with.
If they retain records of their findings from your search imagine the shit that could cause if someone hacks into their system and steals the data?
As for traveling there without a phone or computer, not going to happen. The employees who work for the kinds of businesses that would send them to NZ simply can't work without that stuff.
[ link to this | view in chronology ]
Re: Re:
> going to happen. The employees who work for the kinds of
> businesses that would send them to NZ simply can't work
> without that stuff.
In such situations, you upload all the relevant data ahead of time to the cloud, then give the employee an empty phone to take with them. When it's searched by Customs, there will be nothing on it, then the employee can download all the data from the cloud when she gets to her hotel in Christchurch.
[ link to this | view in chronology ]
https://www.stuff.co.nz/travel/106469801/expect-delays-full-body-xray-scanners-coming-to-ne w-zealand-airports
[ link to this | view in chronology ]
Well, I am never gonna visit now
[ link to this | view in chronology ]
Haha
[ link to this | view in chronology ]
"...getting intelligence from smartphones and computers..."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Jail time and a fine, no thanks, I won't be visiting that country.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I really want to see them unlock a phone and drugs, weapons, human trafficking victims pop out of it.
" and [that people] are not subject to unreasonable search of their devices."
Please hand me your phone & give me the password.
We need to make sure the nation is still secure and you haven't been co-opted by special interests, and we'll TOTES keep everything we copy out of your phone safe so we can troll it for a very long time.
"And if we do think they're up to that kind of business, then getting intelligence from smartphones and computers can be useful for a prosecution."
Why bother with courts or rules, we'll just play our hunches and take all their data & see if we can charge them. Why bother investigating when we can just copy everyones data as they arrive??
Fscking morons.
[ link to this | view in chronology ]
3 things
If it's just the first alternative, I don't see the point because they can either glance at the device content (and never find anything) or go through it with a comb and spend hours upon hours to go over the gigabytes of data per device. So I'm fearing the second option: copy the contents. In which case the logical follow-up quection is: "what happens to the copy?" Is it analysed? By whom? For what purpose? Is it stored? Where? How long? How can I be sure my password(s) and the copy of the data is protected from further distribution?...
Second: does that law also include access to:
- tablets?
- laptops?
- external hard disks?
- usb sticks?
- memory cards (like the one in your camera)?
- smartcards (like my company badge that contains biometric and other data about me)?
- (writeable) CD/DVD?
If not, I'm pretty sure the workaround for 'terrorists' and 'organised crime' is going to be pretty simple: backup the device to one of the above and wipe it to factory settings for border crossing. Then restore once you get through customs...
Third: what about access to encrypted data inside the device?
Does it mean I have to decrypt every last byte of data on the device? If not, then again, I don't see the point. If yes, there can be a whole list of passwords I need to provide for each and every password-protected app/file.
Who will protect that list? What guarantees do I have my passwords are not disclosed to third parties (intended or unintended)?
[ link to this | view in chronology ]
Re: 3 things
[ link to this | view in chronology ]
Re: 3 things
That's already the workaround—except you don't carry the data across the border, you bring it over the internet once you're in. Corporations and paranoid individuals are already doing that. It'll work until the authorities decide to make you fill customs forms and provide keys when "importing" packets.
[ link to this | view in chronology ]
Re: 3 things
Wasn't there a case recently where someone from the Jet Propulsion Laboratory or Lockheed cross a border and had his devices seized because he had brown skin? Yet the device was owned by the company, had company secrets, and was encrypted. Yet he got into trouble (maybe even arrested) because he refused to unencrypt data on his *company-issued* computer.
So then how how "border security" collide with national security when dealing with employees of government contractors?
[ link to this | view in chronology ]
A bit more inventiveness here!
They'll put it on a region-coded DVD so that it will not play in New Zealand. Really, nerd harder.
[ link to this | view in chronology ]
Re: A bit more inventiveness here!
Nerd better.
[ link to this | view in chronology ]
Re: Re: A bit more inventiveness here!
[ link to this | view in chronology ]
Lead by example
Then, if no problems arise* they can vote again to pass the bill for the rest of us.
*= if none of the affected politicians complains or gets outed or has secrets disclosed to the internet...
[ link to this | view in chronology ]
Re: Lead by example
Strangely enough that never seems to happen with laws like this, and the very ones pushing for eliminating privacy for everyone else get very touchy when it comes to their privacy, almost as though the 'ends justify the means' only applies when it comes to other people.
[ link to this | view in chronology ]
Re: Re: Lead by example
It may be, in part, due to the fact that the wealthy tend to look down their noses at the less fortunate as if their wealth some how makes them better and therefore they do not even have to try and be civil. In groups, these folk tend to compete with each other in their disgusting display of arrogance and hypocrisy.
[ link to this | view in chronology ]
"Striking a balance"
[ link to this | view in chronology ]
Re: "Striking a balance"
I imagine that everyone who refuses is also placed on a list of people to follow around covertly as they're clearly up to no good.
[ link to this | view in chronology ]
Re: Re: "Striking a balance"
For some people, it is, which is a bit of an injustice itself. Kind of like how (in the USA) one doesn't have to deal with the TSA when flying on a private jet.
[ link to this | view in chronology ]
Great News for Terrorists !!!
New Zealand welcomes you! While customs is busy searching grandma's and the teenager's phones, you can avoid having your digital devices strip searched for a mere $3,000.00. A small price to pay. For everything else there's mastercard.
[ link to this | view in chronology ]
semi visible handwriting on the wall
Revelation 13:16-18
God is good, technology (like money) is neutral, man has free will, satan is evil, ...and here we are.
[ link to this | view in chronology ]
Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Re: Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Re: Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Re: Re: Re: semi visible handwriting on the wall
Why did the GOP sell their souls to satan?
[ link to this | view in chronology ]
Re: Re: Re: Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Re: Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Re: Re: semi visible handwriting on the wall
[ link to this | view in chronology ]
Bad NZ government
New Zealand has an oddball government with a fragmented constitution and a weak semblance of Bill of Rights.
Official Head of State of New Zealand is Queen Elizabeth II.
There's a Bill of Rights Act (legislation), but its provisions may be legally over-ridden at the whim of the NZ legislature or courts.
NZ Bill of Rights Act guarantees everyone:
"The right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence, or otherwise" (Section 21)
U.S. has a much stricter 4th Amendment, but our 4th is just as easily ignored as that NZ "Right".
There's no firm reason why our TSA could not start tomorrow... demanding device-passwords from all airport travelers. American courts have declared (de facto) that U.S. airports are '4th Amendment-Free) zones.
[ link to this | view in chronology ]
How will this hurt business travel?
No, NZ travel will now require burner phones like drug dealers use. Oh wait...
[ link to this | view in chronology ]
Re: How will this hurt business travel?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
'... you know what, let's NOT go to New Zealand.'
The new fine will discourage visitors from refusing Customs' advances, allowing officials to paw through their digital goods just like they do their clothing.
Or, you know, discourage visitors from going to the country at all. If I knew that someone could paw through my personal data on a whim, backed by a $3,000 fine for refusal I think I'd pick another vacation spot.
[ link to this | view in chronology ]
In addition, what if there is no information on the phone for them to steal?
Even worse .. what if you have no phone?
It is very suspicious that you do not have a phone and even more suspicious if your phone lacks all your personal information for anyone to steal under duress.
[ link to this | view in chronology ]
Curiosity demands to know
[ link to this | view in chronology ]
Re: Curiosity demands to know
[ link to this | view in chronology ]
Re: Curiosity demands to know
Given the sheer number of devices searched it's all but a given that they'd eventually stumble across someone stupid enough to leave incriminating evidence on the phone, so yeah, I'm sure it has happened.
As for the motives, it's probably a mix of 'grab it ALL!' fixation, fishing expeditions, and likely a little intimidation/indoctrination as you noted, with more than a little 'Our stuff is exempt, so why would we care?' to explain the indifference towards the massive damage to privacy such actions cause.
[ link to this | view in chronology ]
Re: Curiosity demands to know
[ link to this | view in chronology ]
Re: Re: Curiosity demands to know
[ link to this | view in chronology ]
Re: Curiosity demands to know
[ link to this | view in chronology ]
So, how do they actually collect this $3,000 fine?
I'm curious if anyone has refused so far.
[ link to this | view in chronology ]
Re: So, how do they actually collect this $3,000 fine?
[ link to this | view in chronology ]
Re: So, how do they actually collect this $3,000 fine?
[ link to this | view in chronology ]
Of course
[ link to this | view in chronology ]
Re: Of course
[ link to this | view in chronology ]
this is fun
-have a random stranger set the 4 digit passcode (no peeking) on your phone right before you take off for NZ just for lolz
-like someone else said: mail your phone to NZ before you get there
-backup phone, factory reset, then go to NZ, (reinstall the data when you get out of the airport, or after leaving NZ
-email (zip files) your data to a NZ (or should that be NaZi)government employee that you know before going to NZ and make them an accomplice just for the lolz
...I could go on and on...
[ link to this | view in chronology ]
Re: this is fun
Bring an entire bag full of phones. All of which do not have their batteries charged and require like 5 different kinds of chargers among them.
[ link to this | view in chronology ]
Re: Re: this is fun
[ link to this | view in chronology ]
The Perfect Balance
[ link to this | view in chronology ]
Re: The Perfect Balance
[ link to this | view in chronology ]
Re: Re: The Perfect Balance
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Backup device. Factory Reset. Load 'empty' Apple ID or Google Account or Microsoft Account. Cross border. Give password to empty phone. Change password upon immediately exiting customs. Continue to destination. Reset and restore or continue to use dummy account until you return home. Repeat when you cross the border again.
Use something obnoxious, like KIMDOTCOMISAWESOME or NOPASSWORD as your actual password.
When you get home, call your cellular provider, advise that the Home or Power button no longer works (assuming no damage and under warranty) and they will send you a warranty replacement. Now you have a new Device ID/MEID!
Also, carry spare dead SIM and use that instead so they don't have your SIM number and leave your memory card at home.
After it's all said and done all they will have is an old MEID number, useless account information and the wrong SIM number.
[ link to this | view in chronology ]
Re:
No, only the vast majority of people as the 0.1% are not subjected to the same level of "law enforcement" that every one is. Sorta has been that way all along in that you were and still are guilty until proven innocent by very expensive mouth pieces.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Privacy vs Security
Sorry, just "balancing" this table. What were you saying about National Security and the farce of inspecting information at the border?
[ link to this | view in chronology ]
NEXT on the agenda..
AS IF, you need the WHOLE PHONE, to carry info across the border..
OH! I forgot something...Just use the internet..send everything.. Oops. LETS monitor the net also..
[ link to this | view in chronology ]
Australia to follow in 3... 2....
[ link to this | view in chronology ]
Re: Australia to follow in 3... 2....
[ link to this | view in chronology ]
Re: Re: Australia to follow in 3... 2....
[ link to this | view in chronology ]
Phone
As far as I know, there's no law against possessing an electronic device to which you do not have access.
[ link to this | view in chronology ]
Re: Phone
[ link to this | view in chronology ]
It's just an excuse
[ link to this | view in chronology ]
Legal Arse Covering
Also instead of flattening your device (most typically smartphone) just buy a cheap burner once you are in country, if your clean device leaves your line of sight unlocked do you know enough once you get it back to check nothing extra was installed quietly?
And for real tinfoil hattery, if I was a SIGINT gathering agency I would buy a couple of kiosks in major international airports and sell cheap 'improved' phones to disembarking passengers ;)
[ link to this | view in chronology ]
Could just tell people not to come there
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Better better solution: Don't go to a country where you need to go to extreme ends just to avoid having your private stuff browsed through on a whim by government agents.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Reasonable suspicion required
Your device can only be search if customs authorities have a reasonable suspicion that the device contains evidence of a crime. You're not at risk of getting your device searched "just because", as happens with the TSA.
As such, this isn't going to be an issue for most travellers. You're only generally at risk if you're doing something dodgy.
[ link to this | view in chronology ]