Canadian border agents increasingly being nosey with tech

[Hellion]

On Monday, May 06, 2019 at 8:23 PM, Zodiark1593 said:

Clearly you neglected to consider my mentioning that data should be encrypted before sending it to the cloud. Even in the case of a breach or seizure, a potential attacker will still need to brute force your encrypted file(s) to get at them, which if done right, the data should be no longer relevant (to you) by the time it gets cracked.

The only proper method of security to protect data that is apparently so extremely confidential in this case would be to never put that data in the hands of anyone else.

 

Also, those mentioning encryption along with the cloud suggestion previously are of the minority.

[kirashi]

On 5/5/2019 at 1:57 PM, duncannah said:

You could use something like Hidden Volume in VeraCrypt: https://www.veracrypt.fr/en/Hidden Volume.html

Although not sure if this really works against extortion

Not sure if what works against extortion?

[Kisai]

8 hours ago, samcool55 said:

It's likely the people at the border aren't very tech savvy so if you behave like the average internet derp and allow them access while hiding the goods very well (hidden partition, maybe a 2nd drive inside the laptop or something, i dunno). I guess your chances to pass without any confiscation are bigger than locking everything and not giving them any access at all.

 

No, that's not the way you want to go about it, because you don't want to create probable cause, and the border people are not stupid. If you act stupid, you get searched. If you are too honest, you get searched.

 

Really it comes down to this:

1) Are you a high-level executive, corporate executive, IT admin or basically anyone that can be hit with a $2 hammer for your password that has access to your corporate network?

If YES, do not travel with your device. If you must travel, you use the cloud-services (eg office 365, GSuite, etc), log-out while traveling, and you use the VPN to access all other resources.

 

And yes, this is exactly what corporate people are doing, Now you need to 2FA to get any work done outside the corporate office.

 

That said, people fedex laptops, hard drives, and USB sticks all the time, if you can't live without your life's music collection when you go on a trip, then you're better off encrypting a copy of the drive and sending it ahead of you and then getting the key at your destination from the cloud.

 

But in regards to the story, the reason the devices were confiscated was because he was acting in his clients best interest (Lawyers and Doctors do this.) A Lawyer would be in trouble if he let the CBSA see privileged information. So he was stuck in a damned-if-you-do,damned-if-you-don't and any Lawyer who knows the law would sooner give up the device and write it off than let CBSA look at it.

 

[jagdtigger]

7 hours ago, ThePointblank said:

Actually, EU customs agents have similar powers; they can detain and seize personal electronic devices, and compel you to hand over the password or to unlock it for them; otherwise they have every authority to throw you in jail or deny you entry until you do so.

I meant inside... Even though some nut-jobs restored border checks they still dont do crazy stuff like this.

[Drak3]

14 hours ago, Ryan_Vickers said:

What is this North Korea?

That's the end goal, yes.

[dalekphalm]

On 5/5/2019 at 9:17 PM, valdyrgramr said:

Patriot act is based on you being a terrorist and acts as a form of less restrictive probable cause, second one is info controlled by the government, and while they might not care it's hard to argue their case in court.

Keep in mind that the US Border agents can do pretty much all the same things the Canadians can do (and possibly more, given the above mentioned acts). Not all of it is legal per se, but you'd have to fight it in court. A border agent can almost universally deny someone entry to said country.

 

So practically speaking, yes, they can confiscate a lawyers laptop who refuses to unlock it due to client confidentiality.

Will the lawyer later sue them, and win? Yes.

 

But that'll happen in Canada too.

 

But you have to go through the court process. And by that time, your name is already on some watch list. Ideally, through court, you can get all your equipment back, and get your name stricken from all records and lists, but that's still one hell of a lot of work. Not to mention if you're not a lawyer, you'd have to hire one, which isn't cheap.

 

It's basically a terrible situation to begin with.

 

I haven't traveled outside of Canada since pre-9/11 (Back in the days where we could cross into the US using nothing but a drivers license - and no, not an enhanced drivers license, a regular one), so I've often wondered what I'd do when traveling in the future.

 

But I'm white, and I don't travel to drug producing countries, so honestly I'd probably not have any problems.

On 5/6/2019 at 1:01 PM, jagdtigger said:

Im really glad we dont have e BS like this inside the EU....  I would have a crap ton of problem because all of my devices are encrypted and no way in hell im gonna gve up my password.

Inside the EU is like inside Canada. I can travel to any province in Canada without having to deal with Border Security. Just like you can travel to any EU member state. But if you leave and then return to the EU, you'll be subject to pretty much the exact same laws and powers as Canada and the US have, in this regard.