Enter US Gets harder and harder: You might have to uncover your passwords online
The Trump administration is making a number of notable changes in the control of US customs, and the controversial veto announced a few days ago has now added a proposal that could force travelers from the vetoed countries to unveil The passwords of the online services that they use so that the security bodies check if there is something suspicious or not in them.
The measure raises a new frontal attack on user privacy, and in fact the first effects of the new customs control policies are being seen: a NASA engineer named Sidd Bikkannavar, born in the United States, was detained and his Mobile (assigned by NASA itself) confiscated … only by its name, of Indian origin. These procedures are not really new, but the problem seems to be getting worse for many of the tourists and professionals who travel to the United States, but also for the citizens of that country.
Before you travel to USA, you better leave your phone and laptop at home
As indicated in Wired, the best thing one can do in such cases – whether you are a US citizen or not – is to use “disposable devices.” Battle phones and notebooks in which you do not have your accounts synchronized or in which you operate in a limited way, and that you can format and even destroy so that in case of a control the security bodies do not find any information.
Those procedures that a security expert applied when traveling to Russia or China could now begin to apply also when traveling to the United States, where security controls are moving to a paranoid level. Following the executive order announced by Trump there has been a clear increase in cases where people who simply had names or surnames of Muslim origin were retained.
These people, says Nathan Wessler of the American Civil Liberties Union (ACLU), have seen customs agents also increasingly ask for private data, such as passwords or PIN numbers that protect access to their devices and even passwords for Their accounts in social networks, something that seems unreasonable on both sides: we can have different accounts in the same service and give the password only those “harmless”, so to speak. The measure seems not only exaggerated, but hardly effective …
Wessler is clear:
If this continues, [the United States] risked wreaking havoc with tourism and business travel to the United States. Which traveler is going to want to expose every intimate detail of his hitorial in social networks, exposing information of years of his life?
Customs as an excuse to violate our privacy
As experts have pointed out, US Customs have long been considered a unique way of violating the Fourth Amendment of the United States Constitution, which guarantees the security of persons “against arbitrary searches and detentions, be inviolable, And no guarantees should be required, but for a probable cause, supported by an oath or affirmation, and particularly describing the place to be registered and the person or things to be confiscated.”
The cases in which these records have been questionably used are numerous, and for example the cases of Laura Poitras, who made the documentary “Citizen Four” about Edward Snowden, or of Moxie Marlinspike, security researcher and co- Author of the Signal protocol.
This weekend we met another unique case, however: that of a NASA scientist named Sidd Bikkannavar who works at JPL (Jet Propulsion Laboratory) and made a trip to Patagonia in Chile on January 15 for a Solar cars, just before Trump’s takeover. Coming back from his trip on January 30 he came across the new customs controls, as they tell in The Verge.
The customs officials put him in a separate room to register his luggage and his devices. Specifically his mobile phone, which was asked for the PIN, a data that he resisted to give explaining that the mobile was not his, but of NASA, and that in fact was clearly indicated with an identifying sticker that revealed that the mobile could Contain sensitive information.
That did not matter to these security agents, who insisted until this engineer agreed to give the PIN. He did not know what they had done with the cell phone when he was returned half an hour later, but immediately switched it off and took him to the JPL experts to explain the case to them. They stayed with the mobile surprised and angry by the event, and they gave a new one, totally “clean”.
The funny thing about it is that Bikkannavar was born in the United States, but he was also enrolled in a program called Global Entry that allows certain people who have already been registered and “validated” in the customs system after their travels do not have to go through So many controls. A friend of Bikkannavar who told his case protested by the event in a tweet with thousands of retuits and “I like.”
You may also like to read another article on YellowTube: Obama wants to spend 19 billion dollars to defend America’s next big cyber attack
How can we protect ourselves from these records and this invasion of our privacy?
Security experts who have long warned of these dangers have also proposed methods to protect our data against possible customs searches, not in the United States, but in any country in which we may be subjected to such processes.
One of the most popular methods is to encrypt or encrypt the data of our devices, something that careful, will only be effective if when we go through customs we have the phone or laptop off: that requires that for registration it is necessary to enter A PIN or security password, and not only with for example the fingerprint we often have to give anyway when we go through customs control.
It is also important to keep our passwords protected and not give them to security bodies. Nathan Wessler, of the ACLU, explained that US citizens may not give those passwords and still could not be deported. They may retain your devices, but you will end up returning home (after a certain time a real bad time, of course). For non-US citizens the thing is more delicate, so maybe you should follow other advice.
For example, to warn someone that you are going through customs, and that if you do not call in a certain time is that they have been held. One of the most interesting tips is, as we said at the beginning of the article, that of traveling with auxiliary devices, not with our main ones. Carry a newly formatted laptop and phone for the trip and have it cleaned before traveling, synchronizing the data with the cloud or with other methods if necessary.
More sophisticated is the method offered by forensic computer expert Jonathan Zdziarski, who advises that we activate 2-step verification for all online services that we can, and that when we enter the country we dispose of the SIM card in our phone so that The customs agents can not enter the account because neither we can not have the SIM. We can send that SIM by mail or ask for a duplicate when you get home.
The problem with these methods, says law professor Eleizabeth Joh, is that while they effectively protect our privacy they also make us “more suspicious” in the eyes of customs agents. The decision is yours, but the fact is that the already annoying American customs are taking these controls to another level, and that is causing a new controversy.