US Really Owns Your Data Now!

A while back we reported how US customs owns your data, now it’s getting even worse. 10 days ago the US appeals court gave them rights to COPY all your data without notice even if there are no suspicions.

Anyone want to talk about dilution of intellectual property? Privacy? Or just basic human rights..

In a letter dated Thursday, the group, which includes the Electronic Frontier Foundation (EFF), the American Civil Liberties Union and the Business Travel Coalition, called on the House Committee on Homeland Security to ensure searches aren’t arbitrary or overly invasive. They also urged the passage of legislation outlawing abusive searches.

The letter comes 10 days after a US appeals court ruled Customs and Border Protection (CBP) agents have the right to rummage through electronic devices even if they have no reason to suspect the hardware holds illegal contents. Not only are they free to view the files during passage; they are also permitted to copy the entire contents of a device. There are no stated policies about what can and can’t be done with the data.

I hope the government takes some notice of the letter and the worries over this legislation, it is something that would bother a lot of people. Especially those from European countries where privacy is an utmost concern and strongly protected by the government.

The lack of guidelines as to what can be done with the data are worrying too, what if you have commercially valuable or proprietary information there…can they distribute it freely after copying it from you?

Several of the groups are also providing advice to US-bound travelers carrying electronic devices. The Association of Corporate Travel Executives is encouraging members to remove photos, financial information and other personal data before leaving home. This is good advice even if you’re not traveling to the US. There is no reason to store five years worth of email on a portable machine.

In this posting, the EFF agrees that laptops, cell phones, digital cameras and other gizmos should be cleaned of any sensitive information. Then, after passing through customs, travelers can download the data they need, work on it, transmit it back and then digitally destroy the files before returning.

The post also urges the use of strong encryption to scramble sensitive data, although it warns this approach is by no means perfect. For one thing, CBP agents are free to deny entry to travelers who refuse to divulge their passwords. They may also be able to seize the laptop.

If you don’t give up YOUR passwords to YOUR private information, they can refuse you entry, isn’t that just charming?

I agree clean everything before you travel, work from online data…it may be inconvenient but it’s surely better than having the US government copy it.

Oh well, I’ve never been to the US and I’m not planning to…so here is even less reason to go.

Source: The Register

Posted in: Legal Issues, Privacy

, , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

22 Responses to US Really Owns Your Data Now!

  1. Yash Kadakia May 2, 2008 at 10:17 am #

    I will carry my secondary laptop which contains no real data; and maybe save some any important files in PGP encrypted forms in my Ipod with their extensions changed to MP3.

    I don’t understand how something so ridiculous can be allowed.

    Also; if anyone has any ideas what are the legal implications of this on an NDA.

    For e.g; say I am carrying files from a client that come under a signed NDA that nobody but my self should see them.

    If the US government finds these files; and possibly even has them stolen, who is to blame? What are the legal implications of this?

  2. Zinho May 2, 2008 at 10:21 am #

    Never travelled with passwords in clear on hdd.
    Are they also checking my fingerprint usb drive? What if I refuse to put my finger on it? I should go to US customs with a ticket ready to come back to Italy? They’re very creative and innovative at discouraging people from loving/going to the US…

  3. Nostalgia May 2, 2008 at 4:00 pm #

    question? what if u are already in the US. what to do!

  4. Yash Kadakia May 2, 2008 at 4:47 pm #

    Destroy all your data and thank your government for it ;_)

    No; but rather I would recommend hiding the data on something like a MP3 player or something. Of course keep it encrypted.

  5. Ohsoninja May 2, 2008 at 5:07 pm #

    I was browsing the EFF site earlier today and found a link that would give a bit more insight on the issue than I can do myself. Check it out:

    I cannot afford to have my laptop seized in the event that I don’t wish to provide my information so I will most likely travel with an empty laptop and download the data once I arrive at my location.

  6. Bogwitch May 2, 2008 at 8:58 pm #

    This has been well covered all over the net.
    The best solution, in my opinion, is to store the info you need in encrypted containers held on an SFTP server or web host, etc. and have your laptop with just a vanilla build but that assumes you will be able to access the data at a reasonable cost and speed.
    Alternatives seem to be carrying the data encrypted on a USB stick or, my favourite, on a microSD card, I leave the options for concealing the card as an exercise for the reader.

    The real question I have is what percentage of laptops have been ‘investigated’ in this way? I’m sure not all laptops are going under the microscope.
    I have heard anecdotally that CBP tend to be profiling so if you want to avoid having your laptop checked over it would be hugely beneficial to have pale skin and no facial hair. It would probably help to be a blonde woman, too.
    Since I have no immediate plans to travel to the US, I’m not going to worry just yet but the UK does have a tendency to follow close on the US tails.

  7. zupakomputer May 3, 2008 at 5:26 pm #

    Mmmmmm, that approach is really going to stop those intergalactic robot invaders that they’re so worried about from getting into the US states.

    ‘I’ve found a way to stop AI code! Just copy all data from electronic storage devices entering the country. I’m such a genius. They’ll never use anything like phone or power cables or satellite, or cross-continental underground rail systems. They’re not already here and never usurped our country long ago.’

    More seriously, what’s the point of that? It sounds like one of those things that they pass or allow to continue just so some people, who aren’t aware of the reality of how data is transferred, will calm down and not panic about being invaded by commies etc.

    They’re not going to find anything that can’t get in remotely.

    There’s such a two-tier system in the world today: those that know better but remain badly affected by stupidity of others but also can’t be assed bothering to explain how anything really works to those who don’t get it; and those who don’t get it but for some reason are allowed to have power-over others.

    That first lot need to take their freedoms and life more seriously, and so do the second lot.

  8. NerdCore May 3, 2008 at 11:48 pm #

    I am not really surprised that the US Government has turn to this. The United States is really paranoid about another world ware so , there theory is “prevention is better than cure” or in this case recovery. The us Government controls all the data that goes in and come out. It doesn’t matter if we put our files on a remote server in tiawan or europe. The government already have the movement of data online secured the only problem is moving the data in the country physically. Which leads to this..

    Most of this is my personal views about what is really happening but there might be a bigger conspiracy going on.

    Regards Sirus

  9. FlashPratt May 4, 2008 at 2:48 am #

    … Regardless of whether it’s “legal” or not; some asshat making me wait while he copies my hard drive is going to lead to an altercation if I’m flying somewhere.

  10. fever May 4, 2008 at 7:02 am #

    This is just proof of the stupidity of governments in general. If you stop them today they will just find there way in tommorrow, so on and so forth. Stopping the flow of data is merely an attempt at controlling or limiting freedoms of the people. This is something that has been coming for a long time.

  11. DonJouna May 4, 2008 at 7:48 am #

    Well, what I did when I last went to US is:
    1. password protect my HDD
    2. password protect BIOS and enable Enhanced security feature in BIOS
    3. encrypt all files on HDD
    4.customized BIOS so only after you type passphrase it will switch on
    and on the border pretended that I do not understand English

    Worked just fine.

  12. gt cute guy May 4, 2008 at 2:51 pm #

    i think it a total invasion of privacy, i guess in a couple of months time the US will come up a next way to know your business. i don’t need to take hard copy of my data to the US i have my own server and website its no bigie for me

  13. NNM May 5, 2008 at 5:49 am #

    USA has reached fascism. This only makes it worse.
    for you American people, revolt, protest, get thrown in jail for it! Get tortured for conspiracy and anti-patriotism! *waves flag*

  14. ZaD MoFo May 5, 2008 at 5:50 am #

    It’s difficult to measure stupidity with a yardstick but, by the numerous solutions to bypass thoses searches, this behaviour just seem a power trip for a nation on the borderline of control loss. To peek inside laptop, at random or from profile referee, US border provoque situations where they would obtain by “suspicious objections” a self approval to further search and aurgment ther suspects database.

    This is a common control trip. They have targetted your valuables. Oh yes it does matter what’s inside your data because it’s a free way to acquire them legally but in essesce, this is to have you bent to ther rules.

    Be smart and make the necessary so they do not have your data because it’s a game where they decided to win for any reason.

    You loose because you play. Just dont play. Dont play thier game.

  15. Pantagruel May 5, 2008 at 9:11 am #

    Sad, very sad. Customs officers are committing espionage on a grand scale and are backed by their government and all in the name of ‘trying to make this a safer place’. It will only result in giving terrorists more fuel and reasons to commit terrible acts against the US. Apparently the Bush administration isn’t busy enough and will create problems when they run out of ‘legal’ reasons to police the world.
    Just sick and indeed just another reason to cancel a trip to that specific part of the world.

  16. S Briesemeister May 5, 2008 at 3:58 pm #

    I’m a US citizen, about to complete my education. I’ve travelled a lot and hope to travel more, for business and pleasure.

    I understand my government’s concerns, but I think they fail to recognize the impact of their decisions. I worry we are quickly isolating ourselves.

    To me it seems, as far as business is concerned, I could pack and ship my laptop with encrypted filesystems to my destination, travelling separately from it – unless I’ve missed some news that they’re inspecting those too.

    For personal travel, it seems the only means of securing my data is to obscure it behind encryption, while allowing the system to *appear* usable without it – i.e. setting up a manually-mounted encrypted volume that stores my own data, while allowing basic function of the system without that volume being present. Truecrypt serves this purpose well.

  17. razzman May 6, 2008 at 8:33 pm #

    It’s really pathetic that the government can do ANYTHING at all they want to. “The land of the free”…yeah, right! I wouldn’t be suprised if this wasn’t a prelude to eventually doing the same thing with anybody’s information coming through the net in or out of the U.S. I know if I had the money to do so I would move to a different country and be done with all the corrupt politicians & the rest of them.

    It needs to be made more publicly aware, although that probably wouldn’t matter either unless it’s election time.

    Wonder what would happen if everybody would fill their hard drives with junk info and let them waste their time sifting through it or better yet fill their computers with “virus research” material…wouldn’t be our fault if they infected their systems with our “private” data right?

    Well, I’m gonna stop now because the more I think about how the governments treats us, it just pisses me off even more. I wish the EFF and the rest who are on our side the best of luck!

  18. Jinesh Doshi May 21, 2008 at 11:32 am #

    Which is the best encryption tool?

  19. Bogwitch May 21, 2008 at 3:22 pm #


    The best encryption, and unbreakable, is One Time Pad. The weaknesses of a one time pad are introduced with the key selection. As for a tool, there are several tools that use a one time pad, the problem is that most (all I have found) seem to want to generate key material without using a true hardware RNG and therefore are flawed from the outset.

  20. Jinesh Doshi May 22, 2008 at 1:36 pm #


    What I understadn form here is that no tool is fool proof.

  21. Bogwitch May 22, 2008 at 2:04 pm #

    That’s quite possibly true as I have yet to see a proper implementation of one time pad. The concept (I hesitate to use the word algorithm) of one time pad *IS* unbreakable.

  22. Jinesh Doshi May 23, 2008 at 7:42 am #

    Thanks for your valuable comments.