Planning to travel? Maybe you want to think twice about bringing your laptop, your mobile phone, or even that iPod. (And if you're of Asian or Middle Eastern descent, that goes double.)
Last week in the US, the Washington Post ran a story detailing the electronic abuses international travelers have suffered at the US border. Travelers are being asked to open up their laptops, hand over their passwords, and let customs agents have their way with their hard drives -- sometimes copying the contents onto another device or even confiscating the machine outright. Some folks report receiving the same treatment for their Blackberries and mobile phones.
US customs sees your laptop as no different than your suitcase, only instead of pawing through your socks and boxers it gets to rifle your email, documents, photographs, and Web surfing histories. You say your laptop holds confidential business information, sensitive medical data, or the secret sauce that will make your company billions? Tough luck. It's all just socks and underwear to the Feds.
As security wonk and former federal prosecutor Mark Rasch notes, the dangers from this kind of digital body cavity search are far reaching:
"Your kid can be arrested because they can't prove the songs they downloaded to their iPod were legally downloaded... Lawyers run the risk of exposing sensitive information about their client. Trade secrets can be exposed to customs agents with no limit on what they can do with it. Journalists can expose sources, all because they have the audacity to cross an invisible line."
What are they looking for? Good question. So far, the US Department of Homeland Security has ignored Freedom of Information Act requests asking it to clarify its policies. Nor will it reveal its criteria for whose gear gets the full monty, though Asian and Arab individuals appear to be singled out with greater frequency.
Last week the Electronic Freedom Foundation and the Asian Law Center filed suit, demanding to know the how and why of US customs searches and what happens to the data that's confiscated. Meanwhile, some corporations have ordered employees to avoid taking confidential data with them when they travel across borders.
In a related case, a Canadian man who's a legal US resident has been accused of carrying child porn after customs officials found files with suspicious names on his laptop. By the time police arrested Sebastian Boucher, he'd encrypted his data using PGP. The government demanded he turn over his private key to unlock the data; Boucher refused, and so far the courts have upheld his Fifth Amendment right against self incrimination. That case is under appeal, and no matter which way it ultimately goes it's going to have major ramifications for all of us.
Encryption can be used to mask criminal activity. At the same time, it can also be used legitimately to protect the very things being put at risk by overzealous customs agents, like sensitive corporate or personal data. Suddenly I'm having a flashback to the 1990s debate over the Clipper chip and whether intelligence agencies should be able to have a 'back door' to access encrypted information.
To me it all boils down to this: what do you trust more, the US Constitution or the US government? When in doubt, I tend to side with the founding fathers. At a time when "national security" was far more tenuous than it is today, they enacted far reaching laws that put the rights of individuals on at least a par with the rights of the state.