Canadian Border Patrol Charge Traveler With 'Obstruction' For Refusing To Give Up His Phone Password
from the don't-travel-to-canada dept
I’ve traveled to many different countries in my life and the only time I’ve ever had any trouble at all at a border crossing was flying into Canada for a conference one time. I was pulled out of the line and sent to a special side room where I was quizzed about the real reasons I was coming to Canada. They couldn’t believe I was speaking at a conference, because I didn’t have a paper invite, and had to dig through my emails to show them it in email (thankfully, I stored my emails locally and didn’t need internet access). When I tell that story it shocks some people, as Canada has always had a reputation as a fairly easy border to cross — especially for Americans.
But apparently the Canadians are stepping up their crazy antagonism at the border. The latest story involve Alain Philippon, a Canadian citizen who was returning from a trip to the Dominican Republic. Upon landing in Halifax he was ordered to cough up the password to his smartphone, and upon refusing, was charged with obstructing border officials:
A Quebec man charged with obstructing border officials by refusing to give up his smartphone password says he will fight the charge.
[….]
Philippon had arrived in Halifax on a flight from Puerto Plata in the Dominican Republic. He’s been charged under section 153.1 (b) of the Customs Act for hindering or preventing border officers from performing their role under the act.
According to the CBSA, the minimum fine for the offence is $1,000, with a maximum fine of $25,000 and the possibility of a year in jail.
In the US, there have been a number of cases concerning searches of computers and electronic devices at the border, with an unfortunately large number saying that you really don’t have privacy rights at the border. Of course, it’s not universal, as at least one important court has ruled otherwise. Up in Canada, however, there apparently hasn’t been much caselaw on this issue, so assuming Philippon fights this, it could make for a very interesting case.
Filed Under: alain philippon, border, border search, canada, encryption, mobile phone, passwords, privacy
Comments on “Canadian Border Patrol Charge Traveler With 'Obstruction' For Refusing To Give Up His Phone Password”
In US you can be compelled to give up your fingerprint, password or other “mental exercise” needs a warrant.
Re: Re:
If this were to be a US story they would not charge him with obstruction. They would either refuse him entry into the country unless he complied or they would hold the phone and any other electronics in his possession and make life hell in getting his stuff back. There is more than one we to be a dick.
Re: Re: Re:
The UK is much worse, and for at least several years, people there have been jailed for refusing to reveal passwords, one of the “features” of the country’s anti-terrorism laws.
http://www.dailymail.co.uk/news/article-2681620/Computer-student-suspected-hacking-police-websites-jailed-refusing-hand-password-authorities.html
Re: Re: Re:
If this were to be a US story they would not charge him with obstruction. They would either refuse him entry into the country unless he complied or they would hold the phone and any other electronics in his possession and make life hell in getting his stuff back.
I don’t know that it would be one or the other. It seems likely they would both charge him with one or more felonies and seize his stuff.
Re: Re:
“In US you can be compelled to give up your fingerprint, password or other “mental exercise” needs a warrant.”
Not at the border. The U.S. border is a constitution-free zone where constitutional rights don’t apply.
Monkey see, monkey do, eh?
Re: Re:
This. Many times, this.
Hello, Harper’s office?
Good for him. People should be more willing to stand up for their rights, lest they be taken away.
Re: Re:
FTFY
I’ve heard of plenty of horror stories at the Canadian border at my company. One of my co-workers was even flat out told by a Canadian border agent that if it wasn’t for NAFTA they wouldn’t have even let him in.
Another of my co-workers was an idiot when they started to question him, asking him “could a Canadian do the job you’re here to do”. The co-worker basically said “well yeah I guess I’m just taking a job away from a good hard working Canadian”, and was denied entry to Canada.
Re: Re:
Lots of Canadians are angry with the US and they retaliate by making it personal.
It’s routine for Canadian citizens driving to Florida for winter vacation to be stopped and shaken down by the police. Since the US Gov’t now allows for money and property to be confiscated a lot of Canadian citizens are suddenly finding themselves with no car or cash on the side of the highway. We hear of and read these stories almost daily in the Canadian press-of course there’s going to be retaliation by the Canadian version of TSA/Homeland Security. And, it will get worse, if Trudeau becomes PM expect the next POTUS and his entourage to get the “treatment” when he comes to Canada on official business.
Stories like these are infuriating, because from this you can tell where their trying to take us, its british imperialism/nazizism all over again, were on the cusp of history repeating itself
Re: Re:
It’s true. The War of 1812 started when the British Navy boarded American merchant vessels and demanded crew members’ smartphone passwords.
Re: Re:
GODWIN!
at least still alive
didn’t tase you to death and lie about it
Re: at least still alive
He appears to have died of 6 natural causes to the back of the head.
I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?
Glenn Greenwald’s husband’s refusal to reveal his password resulted in the US/UK government [apparently] cracking it open almost instantly, suggesting that either he was a fool who used a very weak password (or maybe relying the Windows XP password?) — or governments have some extremely powerful computers at their disposal. …. More likely the latter.
Re: Re:
why would you even try to hide things on your person? there’s this great new-gee-whiz thing called the intarwebz that allow you to transfer your data after you’ve crossed the border.
Re: Re: Re:
If they can demand your phone password, it’s not a big leap to them demanding the password to the cloud service or social media account set up on your phone.
If you’re crossing a border, you might want to remove all cloud service apps and any signs that you use one.
Re: Re: Re: Re:
But why should they even care? You’re not likely to be “smuggling” things in on your phone. The only thing that could be on your phone is ethereal proprietary IP which can just as easily be emailed, or dropboxed or transmitted any number of ways. And if did have something, Customs wouldn’t even know it if they saw it.
The odds of randomly catching someone is so infinitesimal it’s a waste of time.
Re: Re: Re:2 Re:
…can just as easily be emailed, or dropboxed or transmitted any number of ways.
Those email, DropBox and other cloud accounts are all accessed from my phone. That’s the whole point of cloud services, letting me access them from anywhere.
Even with separate passwords, it’s not a big leap from demanding your phone password to demanding the passwords for services set up on your phone. For many people, the demanded password to get into their phone will provide access to their email, cloud and social media accounts with no further security checks needed.
Many people – especially those who provide tech support – have other people’s passwords and other personal information. Handing it all to border officials – who knows where it will go from there – is a big deal. The government doesn’t have a great record for keeping data secret.
Re: Re: Re:3 Re:
the price of freedom is eternal vigilance
roll your own. don’t depend on free cloud services
flatten & reinstall before you leave.
and one “app” to rule them all: the web browser. no bookmarks, never remember history/delete on exit; problem solved
not that i have anything to hide, but its NONE OF THEIR BUSINESS what i do
Re: Re: Re:4 Re:
Re: Re: Re:5 Re:
Create an email account with one of the free providers, and use it for those web services where you need an email account to create an account with them, like on-line stores.
Re: Re: Re:6 Re:
Good idea. Create a “honeypot” to deflect unauthorized use by the, er, authorities.
If governments can use hacker practices against us, we can respond with the defences previously used against hackers.
Re: Re: Re:2 Re:
Never owned a smartphone. Is there an sftp client for one of ’em ? That’s what I’d use.
Re: Re: Re:3 Re:
Yes, there is.
Re: Re: great new-gee-whiz thing called the intarwebz
Some people need their device to do work while they travel. They could upload everything to the cloud and turn over the password to their brand spanking new, never used, clean OS install at the border in that case.
Re: Re: Re: great new-gee-whiz thing called the intarwebz
That is something I didn’t think about.
With apple or Android you could just wipe out the phone before you get to the border.
Show the agents a completely fresh install and then do a restore when you get somewhere with wifi.
Re: Re:
“I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?”
A quick Google search shows numerous stenography apps on all major portable OSes. I’m not sure how good/effective they actually are, but they certainly seem to exist.
“More likely the latter.”
Nope, he simply had the typical layman’s approach to security:
http://arstechnica.com/tech-policy/2013/08/partner-of-nsa-leaks-reporter-carried-paper-with-password-says-uk/
As ever, the weak link was the human factor. I’m sure they have some capabilities, but brute force against good encryption is never the first option.
http://xkcd.com/538/
Re: Re:
“I wonder what kind of stealth methods/software, like steganography or hidden partitions, are available to hide things on tablets/phones like you can easily do on computers?”
All of them. Tablets/phones are computers, just with a phone system attached, and if the phone is Android then it’s Linux — and you can do all the same partitioning tricks, etc. that you can do on any other Linux computer.
Re: Re: Re:
Android is Linux based and a stripped down version at that. iOS is too for that matter. You can’t do ALL of the same things but there are plenty that you can do.
Re: Re: Re: Re:
IOS is BSD derived, but has been bastardized by Apple.
Re: Re: Re:2 Re:
I misspoke there but the point is still the same. Yes iOS is BSD derived which is based on System V architecture which is different than Linux. However those differences are mostly organizational in nature rather than functionality as it relates to the topic at hand. The fact is that almost all UNIX derived systems that have not been stripped down for a specialized purpose contain those same features.
Re: Re: Re: Re:
“You can’t do ALL of the same things but there are plenty that you can do.”
There probably are some things you can’t do, but I haven’t found them yet. However, you can’t do them with the stock ROM out of the box. You need to root the device, and from there you can replace the crippled versions of important Linux binaries with the real ones. I also have recompiled a number of desktop linux tools and run them on my phone without issue.
In other words, if you treat your tablet/phone as if it were a general purpose computer, then it behaves like a general purpose computer.
Nuttiness in NZ too:
“Customs is seeking the automatic right to require people to disclose passwords to their electronic devices when entering New Zealand.
Failing to do so without reasonable excuse should be an offence punishable by three months prison, Customs has suggested.
It said the power would be useful in helping detect objectionable material and evidence of other offending, such as drugs offences, as well as to verify people’s travel plans.”
more
http://www.stuff.co.nz/technology/digital-living/66980041/customs-password-plan-slammed-by-labour-greens
Re: Re:
Note to self: Add New Zealand to ‘Never visit’ list.
A three month prison sentence for refusal to hand over your electronics and everything they are connected to to border agents simply because they feel like browsing? Nothing in NZ is worth that risk.
Re: Re: Re:
It is still just a proposal. A terrible proposal, but at least that’s all it is. So far.
Re: Re: Re: Re:
‘Yet’ is the key there though, it’s not official government policy yet, and given how insane the government over their seems to be at times, it wouldn’t be worth the risk for people to test it.
Re: Re: Re:2 Re:
Sure… scoff at my desperate and feeble attempts to find hope.
(You are right, of course.)
Re: Re: Re:
note to self: add US to ‘never visit’ list…
oh crap, i live here…
ain’t no such thing as ‘unreasonable search/seizure’ any more…
Re: Re: Re:
Note to self: Add New Zealand to ‘Never visit’ list.
Maybe just leave the electronics at home (would the phone even work there?) or factory reset before landing.
Re: Re: Re: No need to leave electronics at home
Just bring your data-free electronics and access the cloud after crossing the border. Make sure it’s totally clean with no connection to the cloud account with your REAL data. A BS account with all of your most boring family vacations and cat pictures is OK.
Re: Re: Re:
Yeah, the place seems beautiful and the kiwis I know online are all very friendly. But that changes my views about visiting the country, ever, and I don’t even have a smartphone (that is activated).
I dug around for some Canadian caselaw on this last year and all I came up with was a single Quebec Court of Appeal case: R. c. Boudreau-Fontaine.
There, at least, the judge was firmly of the opinion that compelling an individual to divulge their password was unacceptable.
But of course, things are different at the border.
Re: Re:
1990? There were no terrorists or paedophiles in 1990 !
Re: Re: Re:
Well there were rapists, remember Glenn Beck?
What if you did not know your password at the border? Say you changed it before leaving, securely transmitted it to a trusted third party, and then deleted it from your records?
Re: Re:
It’s awfully hard to prove that you don’t know something.
Re: Re: Re:
More ‘utterly impossible’, given they wouldn’t take ‘no’ or ‘I don’t know it’ for an answer.
Odds are they’d just toss you in a cell for a few hours to ‘refresh your memory’.
Re: Re: Re:
Re: Re: Re:
“It’s awfully hard to prove that you don’t know something.”
One word: waterboarding.
Just waterboard the guy to within an inch of his life, and especially after months or years of that, and he’ll be confessing everything he knows, as well as a lot of made-up things, but talk he will. When all his forcibly-extracted confessions lead to dead ends, then he’s obviously lying –and therefore innocent– and can be released to make room for the next waterboardee.
… and the next, and the next, and the next, until you finally find someone whose confessions of crime actually pan out — proving that torture works!
Prior to crossing the border,
turn your phone off & tell Apple/Google/… that it’s been stolen.
When Dudley Do-Right turns on your phone, bzzt & it’s erased!
Once you cross the border, tell Apple/Google that you’ve found it again prior to turning it on.
Re: Prior to crossing the border,
turn your phone off & tell Apple/Google/… that it’s been stolen.
Doesn’t that permanently brick an iPhone?
Bruce Schneier's Border Crossing Tips
Step One: Before you board your plane, add another key to your whole-disk encryption (it’ll probably mean adding another “user”) — and make it random. By “random,” I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don’t make it memorable. Don’t even try to memorize it.
Technically, this key doesn’t directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive — that’s how the software allows multiple users.
So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.
Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won’t be able to recover your hard drive without it.
Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.
Step Four: Board your plane normally and use your computer for the whole flight.
Step Five: Before you land, delete the key you normally use.
At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There’s no need to lie to the customs official; you can even show him a copy of this article if he doesn’t believe you.
Step Six: When you’re safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.
https://www.schneier.com/blog/archives/2009/07/laptop_security.html
It almost makes me want to put two tin cans (with an old cassette dictaphone taped to each can to record any missed messages)and a couple of hundred metres of string into a bag and then visit New Zealand. Can you imagine the fun that would occur when they open said bag?
This is all the work of that creep Stephen Harper. He’s losing ground and will most likely be out and his “Conservative” party too, when you have Albertans questioning whether they will vote Conservative or not you know he’s in deep shit.
But yeah, a judge ruled not long ago that cops were not allowed to search your phone in the US, in Canada the opposite happened. We have something that should be even better than the Bill of Rights, the Canadian Charter of Freedom and Liberties which is attached to the Constitution…but Harper just ignores it, he somehow gets away with it, because his base are in a way even more repugnant than the Republican base. Be glad that creep can’t be President of the US. His hubris knows no bounds, thankfully he spent most of his reign in a minority government being blocked at every oppurtunity. He’d be so pissed off to end up in minority again this October that he would probably start playing his cards more rashly and have Canadians hate him even more. Remember,the guy got in with a 38% vote with a majority government in 2011, he doesn’t represent Canada or Canadian values at all, considering most who vote for him don’t even know why. The first time he got in as minority it was only “for a change! we want change! 16 years of the Liberals is too much!”. Well, I hope they see what a really evil sonofabitch they voted randomly in for the sake of change.