EFF on securing digital information when crossing the border

The Electronic Frontier Foundation, long-time defenders of the common man’s rights in the electronic realm, has published a guide to keeping your digital devices private when entering the United States. It seems the defenders of freedom and liberty (ICE, DHS, TSA, and CBP) are able to take a few freedoms with your liberty at a border crossing by seizing your devices and copies of the data they store for up to five days. This requires no suspicion of wrongdoing, and copies of this data may be shared with other agencies thereby negating the five day limit.

Do you have a reason to protect your digital property? This is discussed in the paper. It may be confidential information, by way of a business contract or professional relationship (Doctors, Lawyers, Journalists, etc.). Or you may just want to keep your privacy on principle. No matter what your stance, the EFF has covered all the bases in this intriguing read. We think the best advice they give is to make an encrypted backup of your data on the internet, blank your computer before the border crossing, and restore it when you get to your destination. If you don’t have the data with you, it can’t be compromised. It that’s not an option, they have plenty of guidelines on cryptographic techniques.

[via Twitter]


  1. Sam says:

    Hey Mike !

    Your work is wonderful !!!
    Could you please create a video tutorial about this bug for us : “Nginx PHP code execution via FastCGI”

    this is very important
    Thanks a lot dude !

  2. arthur92710 says:

    Wow, I never knew they could do that.
    I would expect that from North Korea, not the US.
    Sad, sad.

  3. Right... says:

    Simple solution: Encrypt and Dropbox all your data, then format your devices prior to travel.

    Simpler solution: Vote.

    • DoktorJ says:

      Vote for who? I don’t see any politicians trumpeting electronic freedom, at least not any politicians with even the slightest chance of being elected.

      • Atwas911 says:

        Yes.. Vote.. Vote on electronic voting machines, machines that every other day a new video is released showing exploits, machines that engineers have testified before congress on the dangers of using these machines, the risk of faked elections, and undetectable tampering.

        How can one even begin to assume we still have a choice?

  4. N0LKK says:

    Just a sad part of the be afraid, be very afraid, United States of America post 9/11/2001. When,if, it’s ever brought up by the elected managers, it’s generally in the form of partisan politics :(

  5. anyone says:

    well if you are carrying sensitive data around expecting it to be safe for whatever reason, shame on you.

  6. m!nus says:

    And if you wanna know if your data was copied: Put some bomb blueprints on your devices. At your own risk of course..

  7. Jeff says:

    The “blank it out and pull it from the Internet at the other side” solutions ignore the realities of bandwidth, unfortunately.

    • Whatnot says:

      And it ignores how the NSA is sniffing the internet massively, not to mention that if you do this you will be immediately on the terrorist list, so if you do don’t blank data but fill it with irrelevant data so it’s not too obvious.

    • Right... says:

      There is the remote access alternative…

      If you need access to all your data then leave your system on at home and remote into it from anywhere in the world. Sure, you don’t have access to the file locally, but do you really need it locally?

      Just pointing out how easily defeated this system is. I’d be willing to bet the only people that get in trouble are college kids with pirated music and movies on their iPads.

  8. someone says:

    Or buy some micro SD cards and put them in those hollowed out fake coins, those should be hard to detect.

  9. Matt says:

    Is it illegal to use at90usb’s as the controller for all my usb drives… and configure them to do nasty things to DMA on machines that are not my own?

    • Seph says:

      Brilliant. It wouldn’t be difficult to write hardware-side code to do that. On your machine, you could easily write a driver that captures the usb connection and sends to “hey it’s safe to play nice” command before handing over control.

  10. CrossDraw says:

    Or just keep you private stuff on a cd/dvd or a flash drive and just mail it to yourself(twice if you worry about it getting lost)…

  11. Good-ole-boy says:

    Now the terrorists will know how to keep their evil plans from the good guys because of your posting. Thanks a lot hackaday.com!

  12. Emeryth says:
  13. therian says:

    and against who this measures ? criminals will make sure to encrypt data so this pony and donkey show only to annoy and increase fear in general population

    • Kanaida says:

      Micro SDHC cards are a nice way to keep data from prying eyes :) Also that fact that every linux distro comes with a live usb ability, you can just boot off a usb stick, to their surprise have no hard drive in your laptop at all LOL. Keeping a nice little symbolic link between ~/Documents -> /media/MicroSdhc. Even if they get your USB stick, it’s not like they’ll find the micro, let alone be smart enough to put the pieces together.

      If you do keep a hard drive in there, I’d fill it with random files containing /dev/urandom. Like say piping the output from an ls command on a windows drive to get the same file system structure :) just to make them suffer a little bit lol formatted it in some strange filesystem like HFS (apple’s fs LOL, that’ll be a mind fuck)

  14. nomarx says:

    Or just stop voting for big government Marxists and “Israeli firsters.”

    But you may want to note your beloved EFF has a few lawyers who don’t want people to show an ID to vote… So much for “secure” voting…

    • N0LKK says:

      The voter ID isn’t relative to the topic at hand, if it where it addresses the least likely place where votes can be tampered with easily. The chief architects of the corrosion our US civil rights came from the right, not the left.

  15. DainBramage1991 says:

    US Citizens, once on US soil, are protected by the 4th and 14th amendments, in theory. Technically speaking, they have no right to confiscate ANYTHING without a court-ordered warrant or at the very least, probable cause (such as carrying a gun through the airport). Merely owning a digital device doesn’t appear to fall under either of these criteria.

    Actually getting those constitutional protections to work for “we the people” is a different story altogether…

  16. EqX says:

    Big Brother is watching..
    IMHO Orwill didn’t write 1984 as an instruction manual.
    Sadly the people in the USA (and many other places) are loosing their rights, their freedom and their privacy in a stunning pace.

  17. Haku says:

    It’s probably about time America officially changed the lyrics of their national anthem, “land of the free and home of the brave” ? more like “land of the oppressed and home of the paranoid”

  18. Dan says:

    DainBramage1991: I remember hearing that the 4th amendment doesn’t apply at border crossing. Maybe it had to do with you being on only halfway American soil or something (memory fails me about the details).

    In any case, it is not just your computer they can search but everything you are taking across the border, and its always been that way. It’s just that searching the computers is particularly obnoxious because there is no reason for them to do it and it is a royal headache for people who value their privacy.

  19. Eages says:

    Hold all of your sensitive information on 5″ floppies. All your secrets will be safe forever.

  20. pablo says:

    Just travel with tons of extra ‘noise’ along with your sensitive ‘signal’ – bring along tons of data that is similar to other things you have. If they want to sift through many TB of data it’s their problem.

  21. sariel says:

    find or make a special usb plug that will only work on your system. when asked about accessing data on your thumbdrive tell them good luck and laugh in their face. or if you’re really paranoid, shove said drive up your bum. when asked about the thumbdrive up your rectum, tell them you’re into kinky sex and its filled with naughty things they should punish you for.

  22. Mike says:

    No seriously. These are not the droids you are looking for…

  23. snowdruid says:

    dont know about that usb drive if it dosnt work at all they might get suspicious better would be to have a drive wich will switch memory chip given an external input like a small magnet or a photodiod you have to cover upon insertion to “boot into the secret chip”…

  24. Teripin Chaos says:

    A mate of mine had his xbox detained, they tried saying something along the likes of the drm/piracy because he downloaded a game to the HD that he got out of country, they wiped the whole HD causing all of his saves and achievement to vanish into nothing, and he couldn’t do anything about it…

  25. xorpunk says:

    I like how these ‘experts’ talk like the NSA and FSB can’t nuke RSA 2048 and AES 256 cryptext inside an hour.. they have had the resources for decades and it’s even documented..

  26. Victor says:

    xorpunk: any link to that documentation?

    • xorpunk says:


      It’s also in some books I’m too lazy to dig up..if you didn’t know the NSA has had acres of the most powerful computing in the world you probably aren’t much of a security person..this hasn’t been news since the late 70s..

      There are also legal clauses in cryptography export laws and mention in countless cryptography history books. Most recent bills show the governments potential..if they couldn’t crack AES there would be no AES, and RSA 2048 takes only slightly longer with their resources..

      I can’t prove they can do what I say, but big number factoring in blocks isn’t isn’t exactly new..

      but hey..the internet and marketing are full of ‘experts’..just believe I’m clueless and going on being a hanger on ^^

      • Jason says:

        The only relevant information that I see in there is that they measure computing power in acres instead of flops.

      • computer112 says:

        It’s also in some books I’m too lazy to dig up..if you didn’t know the NSA has had acres of the most powerful computing in the world you probably aren’t much of a security person..this hasn’t been news since the late 70s..

        NSA isn’t the only gut on this world can break/bypass RSA. Look at Lockheed Martin hacking back in 2011. RSA got f**ked up without any super or mainframe computer. Why could the attacker (or the Chinese!) do it? Cerfitication stolen. Passphrases had been stolen. Bam! Thousands of data flowed to an unknown server in Mongolia. No trace since then.

        There are also legal clauses in cryptography export laws and mention in countless cryptography history books. Most recent bills show the governments potential..if they couldn’t crack AES there would be no AES, and RSA 2048 takes only slightly longer with their resources..

        I’m sorry but there is something you missed in your points, perhaps in your 101 cryptographic lesson back in pre-school. Time to break an encryption(s).

        Don’t assume all encryptions work the same way. And also don’t assume every user out there uses the same encryptions over and over again. Perhaps you can crack single encryption each time. However something like PGP, MRPE or multi-encryptions come up. You know exactly you cannot or almost impossible to break it(them) instantly.

        Perhaps you may have the world most powerful super computers, smartest and brightest cryptographers and manpowers in your hands. You if you don’t have common sense, then you are still nothing but a high-school skid.

        but hey..the internet and marketing are full of ‘experts’..just believe I’m clueless and going on being a hanger on ^^

        Or perhaps many of these ‘experts’ are actually experienced with them, and you never experience anything.

        Get a life, also think and experience them first before you boast.

    • xorpunk says:

      enlighten me..how am I suppose to prove one of the worlds premier intelligence agencies can crack AES and RSA cryptext inside an hour, walk into a facility and video it happening?

      If you consider those acres of super computers they have had for almost 5 decades are at least moderately up-to-date and they have some of the top minds in the world, it’s not exactly rocket science to figure they have the capability..

      Also I’m talking about brute-force not cipher weaknesses…

  27. tbjr6 says:

    One thing i have always wondered was how do they actually copy the data off?

  28. pod says:

    I suggest putting a goatse wallpaper on your desktop before leaving home, it is surely going to discourage any officer willing to put his nose in your stuff

  29. JB says:

    Reading throught the document reaffirms my decission not to travel at all. I wonder how much pressure would the travel industry put on Congress (and if it would be of any effect) if enough people stopped traveling and had a significant impact on their bottom line.

  30. oodain says:

    just one more reason not to travel to the us,

    all our buisness ventures there was dropped 2 years ago and it seems we cut our losses short.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,755 other followers