Skip navigation

The terrors of travelling with data

One thing that hasn't been given enough attention by the public is the recent discovery of regulations that the U.S. Department of Homeland Security border agents now have the power to seize travellers' electronic devices, such as hard drives, flash drives, cellphones, iPods, pagers and beepers, as well as video and audio tapes, books, pamphlets and other written material. They can make copies of their contents and examine them at their leisure, and share the contents with other U.S. government agencies.

Of course they're looking only for terrorists, but with the current hysteria about copyright, they might get enthusiastic and pass on your collection of MP3 songs and whatever else you've got to the appropriate justice officials.

The news gave my Panel of Learned Geeks quite a turn, and their responses were, appropriately, technological.

One suggested keeping passwords memorized, and not on the computer; that notion was shot down pretty quickly when everyone agreed  that refusal to give up a password is no defence when it comes to the War on Terror.

More curious is the question of what happens if your data is not stored directly on your laptop, but accessible via a virtual private network, or something even simpler, such as a logon and password on a website. Once the bad guys get clued into this, they might very well do the same, especially with information on servers overseas. Would suspicious laptop-carriers then be forced to divulge connectivity information, thereby violating a corporate policy of secrecy?

“Providing access to my corporate network would place me in violation of my employment contract and nondisclosure agreement,” wrote one member. “It would also place me in violation of nondisclosure agreements with public and private U.S. companies, securities laws, computer access laws, and other such things.” 

Another responded this way: “I will give [the DHS] every single password needed to access and decrypt anything that I can. Hey, I'll even give them my password for my company computer.  What's that?  Doesn't work?  The password must have changed.  Here's the number of our security director. Call him and convince him he should disclose the password.”

One part of the discussion approached this issue philosophically. What, exactly, do you have when you have “data”? It was summed it up this way: “Until someone comes up with definitions of what ‘a person possessing data' or a device ‘holding data' actually means, this is going to be a freakin' mess. Common law concepts that apply to possession of physical objects just do not apply whatsoever to data. Data is a representation, not a physical object itself.”

Then there were scornful suggestions:

“Here's another idea.  Swap laptops with someone else.  He doesn't have your passwords and you don't have his.  Just don't go through together.”

Another idea: “Don't bring a laptop.  Rent one down there and download a live CD with your system on it.  Or bring an empty laptop or one with nothing but DOS 2.1 or Minix on it.  I still have a Plan 9 boot disk around here somewhere. I'm pretty sure we can always out-stupid them.”

One raised the scary prospect of BlackBerry users: “Should you have to explain a wrong number that linked you to a crime organization?”

Is this all paranoia? Anyone who has been stopped by an officious U.S. border guard with an attitude will quickly tell you it's not. Any protest of the legality of what they're doing is a virtual admission of guilt and they will bring down the wrath of their government on your head.

One panel member, a security expert, told this story:

“I was on a client site doing incident response in the U.S. and I had to explain to the people I was subcontracting to that I had to secure-delete everything from my machine before heading home as I had no way of knowing the full extent of what was hidden in the directories and Web caches of the machines I copied to mine for security analysis. I had used removable media for almost everything, and the people understood my discomfort at transporting data I wasn't sure of across an international border. I would advise the same to anyone else who routinely handles data from dodgy sources.” 

He concluded with an understatement: “We do indeed live in interesting times.”

  1. Craig Jenkins from Toronto, Canada writes: They don't mind if you store remotely and access it in the States because they can monitor the data incoming. When you carry it across they have no other way (well almost no other way).
  2. brown trout from Canada writes: Does this mean they can simply confiscate your laptop for no valid reason other than the agent is in a bad mood?

    Will the Canadian Government install the same procedure to send a message to US business people about how ridiculous some of these measures have become?
  3. J Hare from Saskatoon, Canada writes: Data is a physical thing. It is magnetic waves encoded on a hard drive or other such media. To say it is a representation or "not physical" is to forget what we are dealing with. If you carried an encoded message accross the border, the country in question would like to know what it is saying. Same with a computer. The fact that no-one could figure out how to get at their data without involving a physical device only goes to prove this point.

    James Hare
  4. Ted Parkinson from Kitchener, Canada writes: This is pretty freaky and just plain wrong. But fortunately it's rarely invoked. Just be nice to the border guards and answer all their questions honestly. :-)
  5. AG Bear from Canada writes: I've complained on G&M forums about this issue before. I'm glad to see it's starting to become noticed. It's very serious. Ted Parkinson, I have been harassed by a power-tripping US border guard even though I was as polite as ever and answered all his questions truthfully (with documents to answer every question and prove every claim). This is one more tool for them to use to make visitors' lives miserable. ... and they wonder why they have a recession.
  6. C Sandi from Sonoma, United States writes: To what length will they go to get "data" from an individual. The next step.
    After all, we possess information in our heads, don't we?
    And you do know how they get that data, don't we? May even get a free trip to another country to get it. You do know that up there your RCMP will help this country's HLS in any way they can
    Pay attention!
  7. Daryl Rybotycki from Calgary, Canada writes: Frankly, I have no need to travel to the US now. Watching the policy changes I face as a Canadian in the US, I have had less and less desire to go south of the border as well. Currently I have no plans to go to or even fly over US soil to other destinations until things get much better down there! As Canadians, our privileges of favored trading partner and ally have been increasingly restricted. Before, it was quick, easy and painless to travel to the US for a day of fun as a tourist. Now, we need Passports and are subject to increasingly tougher search and seizure tactics where everyday household items are taken without recourse, or apparent remorse. Years ago (aka before 911) you only had to worry about entering the US with fruit or maybe Cuban Cigars for personal use if you drove or flew there for a trip. Now sadly, your USB memory stick worn around your neck, or on your key chain is a possible terrorist threat. As well these common electrical laptops, music players, recorded CDs, digital cell phones, blackberries, digital cameras and camcorders, etc. are also possible terrorist items of interest to Border Agents as you cross the border. Who would have imagined that consumer electronic and computer stores that sell electronic tools and toys are selling terrorist items?!? Just when did we change from being friends on American soil to becoming the enemy? Will we get to the point when the US border effectively closes to all tourist traffic? Will they talk of building a wall to keep us out like they have with Mexico? I mean, who knows; maybe even commenting negative about this policy here on this public web site will put us all on some sort of US black list... Does that last sentence make you shudder or laugh, and why? My final question is: will a possible change of political parties in the White House bring a reversal of these increasingly draconian policies or will things get worse until the US is no longer our friend and ally?
  8. Bill Needle from Canada writes: non of these work arounds is going to get you through customs. If you are trying to cross the border and you say you don't have the password to a lap top in your possession it is either going to be confiscated or you will be turned away from the border or both. Have any of these 'learned men' actually ever tried being coy or arguing with a US customs agent. good luck. They don't need even need a reason to refuse you entry. It's completely their call.
  9. S Van GOOGLE from Wallis And Futuna Islands writes: a very interesting article, and definitely something to think about. It is unlikely that many would be stopped and have their data checked. It mostly appears to be Canadians of non-white skin unfortunately and embarrassingly. We are Australians and we have to get visa's all the time, so are often the only white skinned people in a room of Canadians of Indian, Iraqi, Indonesian descent who appear to speak better English than us, have appropriate documentation, and are even 1st generation well educated Canadians.

    The Border Guard Power trip is something many Canadians never see, but yes those that have you answer everything honestly and you will have no choice but to say "YES SIR"..

    I'm sure this post has been flagged by our friends in Richmond Virginia..
  10. J Hare from Saskatoon, Canada writes: One thing to keep in mind is as technology increases in speed and power, currently it is impractical to shadow all travelers hard drives as it would take to long, but thats the crux, currently. Once this becomes an easy thing to do (less then 2 minuites) bet on that becoming a regular thing. Shadow the drive then link that to info in your passport. Yes, currently not possible but they've said that about a lot of things with computers haven't they?

    James Hare
  11. andy c from Canada writes: not to defend the polcy or anything (my opinon: it sucks) but when the memory in my camera or cell phone can hold more data then my desktop 10 years ago i can see where governments may be worried.
  12. andy c from Canada writes: not to defend the polcy or anything (my opinon: it sucks) but when the memory in my camera or cell phone can hold more data then my desktop 10 years ago i can see where governments may be worried.
  13. Alistair McLaughlin from Canada writes: Big deal. Canadian border guards have always had this right. I have family members who are CBSA officers, and they've arrested people for having child porn on their laptops, or on little flash drives that they've checked out, based on nothing more than suspicion or "a hunch". Yet some of you sound alarmed that the US is now doing what our guys have been doing for years.
  14. Julie Wellington from Canada writes: its not even this bad when you visit China or Cuba, what gives ?
  15. Simon Neytt from Canada writes: I was at a technology conference and I came across a company called Datalocking (www.datalocking.com)(They have a Markham office 1-888-253-1195) and they specialize in data privacy and security not only for desktops and laptops, but Blackberry's as well. Very interesting business model because they not implement data encryption and privacy technologies, but the offer assistance in the legal aspects of data privacy and security, which from what this article needs to be a service offered.

Comments are closed

Thanks for your interest in commenting on this article, however we are no longer accepting submissions. If you would like, you may send a letter to the editor.

Report an abusive comment to our editorial staff

close

Alert us about this comment

Please let us know if this reader’s comment breaks the editor's rules and is obscene, abusive, threatening, unlawful, harassing, defamatory, profane or racially offensive by selecting the appropriate option to describe the problem.

Do not use this to complain about comments that don’t break the rules, for example those comments that you disagree with or contain spelling errors or multiple postings.

Back to Kapica's Cyberia

Kapica's Cyberia

Jack Kapica has been writing on technology for the past 15 years for The Globe and Mail, and has been working exclusively for the on-line Globe since 2001. In his Cyberia blog, he writes news, makes comments, looks at rumours, and offers opinions on culture and developments in technology.

Blogroll

javax.servlet.ServletException: Processing template "tgamv3/v5/story/WBStory.html" with config "null"
	at GIS.Servlets.HTMLTemplate.processRequest(HTMLTemplate.java:231)
	at GIS.Servlets.HTMLTemplate.doGet(HTMLTemplate.java:137)
	at GIS.Servlets.StoryHTMLTemplate.doGet(StoryHTMLTemplate.java:96)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
	at GIS.Common.Servlet.service(Servlet.java:106)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
	at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:95)
	at com.caucho.server.http.Invocation.service(Invocation.java:291)
	at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
	at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
	at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
	at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
	at java.lang.Thread.run(Thread.java:662)

Nested exception: GIS.Common.GICheckedException: Other exception in file: '/opt/GIS/HTML_Templates/tgamv3/v5/story/WBStory.html'  while processing select element with added parms:{}
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1511)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:945)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Servlets.HTMLTemplate.generate(HTMLTemplate.java:316)
	at GIS.Servlets.HTMLTemplate.processRequest(HTMLTemplate.java:222)
	at GIS.Servlets.HTMLTemplate.doGet(HTMLTemplate.java:137)
	at GIS.Servlets.StoryHTMLTemplate.doGet(StoryHTMLTemplate.java:96)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
	at GIS.Common.Servlet.service(Servlet.java:106)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
	at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:95)
	at com.caucho.server.http.Invocation.service(Invocation.java:291)
	at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
	at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
	at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
	at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
	at java.lang.Thread.run(Thread.java:662)

Nested exception: GIS.Common.GICheckedException: Other exception  while processing transformation element with added parms:{cacheTime=5000, type=xsl, url=/usr/local/web_htdocs/tgamv3/v5/includes/content/blogs/blogroll-gam.opml}
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1625)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Jel.JELSelectProducer.emitChoiceNode(JELSelectProducer.java:48)
	at GIS.Jel.JELSelectOneProducer.generate(JELSelectOneProducer.java:92)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1502)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:945)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Servlets.HTMLTemplate.generate(HTMLTemplate.java:316)
	at GIS.Servlets.HTMLTemplate.processRequest(HTMLTemplate.java:222)
	at GIS.Servlets.HTMLTemplate.doGet(HTMLTemplate.java:137)
	at GIS.Servlets.StoryHTMLTemplate.doGet(StoryHTMLTemplate.java:96)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
	at GIS.Common.Servlet.service(Servlet.java:106)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
	at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:95)
	at com.caucho.server.http.Invocation.service(Invocation.java:291)
	at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
	at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
	at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
	at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
	at java.lang.Thread.run(Thread.java:662)

Nested exception: java.lang.ClassCastException: org.apache.xerces.dom.ElementNSImpl cannot be cast to com.caucho.xml.QElement
	at com.caucho.xsl.Generator.getXslLocal(Generator.java:2141)
	at com.caucho.xsl.Generator.generate(Generator.java:294)
	at com.caucho.xsl.AbstractStylesheetFactory.generate(AbstractStylesheetFactory.java:819)
	at com.caucho.xsl.AbstractStylesheetFactory.newTemplates(AbstractStylesheetFactory.java:437)
	at com.caucho.xsl.AbstractStylesheetFactory.newTransformer(AbstractStylesheetFactory.java:312)
	at GIS.Universal.XMLTransformer.transform(XMLTransformer.java:262)
	at GIS.Universal.XMLTransformer.transform(XMLTransformer.java:166)
	at GIS.HTMLComments.HTMLProducers.XSLProducer.generate(XSLProducer.java:85)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1615)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Jel.JELSelectProducer.emitChoiceNode(JELSelectProducer.java:48)
	at GIS.Jel.JELSelectOneProducer.generate(JELSelectOneProducer.java:92)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1502)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:945)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Servlets.HTMLTemplate.generate(HTMLTemplate.java:316)
	at GIS.Servlets.HTMLTemplate.processRequest(HTMLTemplate.java:222)
	at GIS.Servlets.HTMLTemplate.doGet(HTMLTemplate.java:137)
	at GIS.Servlets.StoryHTMLTemplate.doGet(StoryHTMLTemplate.java:96)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
	at GIS.Common.Servlet.service(Servlet.java:106)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
	at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:95)
	at com.caucho.server.http.Invocation.service(Invocation.java:291)
	at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
	at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
	at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
	at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
	at java.lang.Thread.run(Thread.java:662)

Nested exception: java.lang.ClassCastException: org.apache.xerces.dom.ElementNSImpl cannot be cast to com.caucho.xml.QElement
	at com.caucho.xsl.Generator.getXslLocal(Generator.java:2141)
	at com.caucho.xsl.Generator.generate(Generator.java:294)
	at com.caucho.xsl.AbstractStylesheetFactory.generate(AbstractStylesheetFactory.java:819)
	at com.caucho.xsl.AbstractStylesheetFactory.newTemplates(AbstractStylesheetFactory.java:437)
	at com.caucho.xsl.AbstractStylesheetFactory.newTransformer(AbstractStylesheetFactory.java:312)
	at GIS.Universal.XMLTransformer.transform(XMLTransformer.java:262)
	at GIS.Universal.XMLTransformer.transform(XMLTransformer.java:166)
	at GIS.HTMLComments.HTMLProducers.XSLProducer.generate(XSLProducer.java:85)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1615)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Jel.JELSelectProducer.emitChoiceNode(JELSelectProducer.java:48)
	at GIS.Jel.JELSelectOneProducer.generate(JELSelectOneProducer.java:92)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:1502)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:945)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:782)
	at GIS.Common.HTMLTemplateParser.parse(HTMLTemplateParser.java:751)
	at GIS.Common.HTMLTemplateParser.generate(HTMLTemplateParser.java:476)
	at GIS.Servlets.HTMLTemplate.generate(HTMLTemplate.java:316)
	at GIS.Servlets.HTMLTemplate.processRequest(HTMLTemplate.java:222)
	at GIS.Servlets.HTMLTemplate.doGet(HTMLTemplate.java:137)
	at GIS.Servlets.StoryHTMLTemplate.doGet(StoryHTMLTemplate.java:96)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:126)
	at GIS.Common.Servlet.service(Servlet.java:106)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
	at com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:95)
	at com.caucho.server.http.Invocation.service(Invocation.java:291)
	at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
	at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
	at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
	at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
	at java.lang.Thread.run(Thread.java:662)