Securing my data for international travel

By Regus Patoff, Anonymous Person

I have a complicated international trip coming up, and I want to protect my private information from border officials. Abroad or in the US, border officials can and do abuse their discretionary power to interrogate travelers, seize electronic devices, demand passwords, and generally inquire into matters unrelated to border safety. This post summarizes my plan. Later I’ll let you know how it went.

 

I’m hard to find online

I started preparing by making my Twitter account anonymous and taking down my personal blog. Now I don’t pop up in Google, so I’m protected from a casual search on my name. It took a full year for my name to fade off of Google, so start this in advance if you want to do it.

I’m not a “target”

I am not important enough to need to worry about state security agencies, and this post isn’t for people who are. . I just want to provide zero information to border guards. All they need to know is that I’m not carrying weapons on a flight, and beyond that, in matters of my heart and mind, they can piss off. My border crossings double as resistance to the erosion of my legal and human rights.

I carry a lot of electronic equipment with me when I travel, though no more that what a typical business traveler might. Basically, a phone, a tablet, and a laptop, though no laptop on this trip . I’m leaving behind many computer services that I need to stay in touch with:

  • A computer server providing websites for myself and others, and also DNS. I need administrative access to that even when traveling.
  • Hidden Tor services that I host.
  • Other various backup services hosted by a major cloud services provider.
  • My personal email hosted by another cloud services provider.
  • A backup email provider, a big one, just in case.
  • My private cloud that I host, full of information that I like to have available all the time and on any device, but which I don’t want to trust to a vendor.

Devices I’m taking along

These are the devices I’ll be carrying:

  • An Android phone (cell and Wi-Fi connectivity, with an add-on SD-card for storage). Serves as a phone, of course, but also as a music player.
  • An Android tablet (Wi-Fi connectivity, with an add-on SD-card for storage). This, with an accessory keyboard and mouse, serves as a full-service computer substitute, an ebook reader, and a mapping+navigation device.

Why Android?

I know that iOS devices are regarded as more secure by the extremely careful and/or extremely threatened. I’m not an Android expert who can improvise my own iOS-equivalent security. However, I am not trying to defend myself against intelligence services at the border, I’m just trying to beat border guards. Stock Android with encryption will work. I prefer Android because I like to tinker, so that’s what I’m taking. Loyal iOS users reading this will have no trouble translating its suggestions into the language of their favorite mobile platform.

I’m also carrying a philosophy

Don’t be a hostage to your stuff. My travel devices are cheap and/or old enough to make losing them to government seizure acceptable. It’s the data that matters.

Sensitive data

My data protection strategy is to keep my sensitive data in the cloud where I can access it when it is safe to do so. My sensitive data in this case includes:

  • Contacts
  • Email
  • Calendar
  • Bookmarks
  • Browser history
  • Passwords
  • Cryptographic keys
  • Photographs

Backups

I’ll be keeping data of this sort in the cloud (private or public) and accessing them through secure connections (HTTPS, SSH) or by secure synchronization services (Android sync, Google Drive, Mozilla sync). I also store configuration profiles for important applications (for example, email) so I don’t have to remember them. I have made several layers of backups for everything, in several locations, including my private cloud and a virtual machine I pay a cloud services provider for. If the sync services fail or I lose my devices, I’ll be able to access my important data from any Internet-connected computer.

Passwords

Passwords are a problem. I use around one hundred strong, random passwords for various websites and services, which means I have to use a password manager to keep track of them. I don’t care much for the hosted password management services, so I run my own and sync its database through my private cloud. My Android devices automatically sync up with my password database.

However, to be truly independent of particular devices and safe from government seizure, I need to carry a few strong but unforgettable passwords in my head. I use one to access my private cloud, where everything important is stored. I have another memorized password for my password database, which is itself encrypted, and one more for my backup email account. In general, the correct-battery-horse-staple (https://xkcd.com/936/) method of password building is the way to go for these master, memorized passwords.

Non-sensitive data

In addition to the sensitive data, I’ll be carrying some relatively bulky, non-sensitive stuff:

  • Music files
  • Map files
  • Ebooks

I’ll keep this data on the external MicroSD cards in each device, unencrypted. I’ll avoid carrying anything controversial. These things are already backed up at home, but are too bulky to sync if I lose them. Worst case scenario, I can’t listen to LCD Soundsystem on the funicular. It’s something of a technical trick, though, to keep sensitive data from being saved to those cards by the ever-helpful Android operating system.

My pilot protocol

Putting all this together, here is my planned device security protocol for before and after entering a country:

  1. Before: Factory reset the devices. Do not begin device setup.[Non-random thought: Will border officials be annoyed to find a factory-reset device? I imagine the Israelis would be annoyed, or the authorities in Urumqi. An alternative would be to set up a false/alternative identity on the device, which would take planning and time. A secondary and very uninteresting Google account would do the trick. However, DO NOT GET CAUGHT LYING TO THE AUTHORITIES. When I was living in {oppressive regime}, I planned my lies very carefully and kept them effectively unfalsifiable.]
  2. After border crossing, set up the devices using Google account credentials.
  3. Choose option to restore from a cloud backup, including apps.
  4. Finish setup, and when prompted, have the device restore all apps.
  5. Retrieve email configuration from the cloud.
  6. Set up SSH keys.
  7. Re-sync browser bookmarks.
  8. Rebuild the home screen, which in my experience is not restored.

Coming soon: How this worked in a “liberal democracy” with draconian security measures, and in an “undemocratic regime” with the same.

 

Tell City Council that Feds Must Follow Seattle Law

Call for action: Demand transparency related to federal government surveillance in Seattle

tl,dr

Email the city and insist that city employees document cooperation with federal requests for surveillance cameras.

Details

What: Meeting of Seattle City Council Committee on Energy and Environment. Agenda:  https://seattle.legistar.com/View.ashx…

When: Tuesday, January 24, at 2 pm

Where: Council Chambers at Seattle City Hall (601 5th Avenue, at Cherry)

Why: Of interest in the agenda is item #2:

Warrantless Surveillance Cameras in Seattle: How to protect
the privacy of Seattleites and reverse the proliferation of
surveillance cameras installed by the Seattle Police
Department and Federal law enforcement agencies on SCL
polls in public space without democratic authorization or
transparency.

As many of you will know, Seattle currently has legislation about surveillance equipment on the books. Currently, however, federal agencies ignore it (because it doesn’t apply to them) and use city resources to put up their own cameras. Seattle Privacy has documented several cases where the ATF or FBI entered into informal, off-the-record, verbal agreements Seattle City Light employees allowing the placement of cameras on utility poles.

We support the committee’s study of this issue call on the committee members to back corrective legislation.

What you can do

Attend the meeting if you can, and speak out during the public comment period.

If you can’t attend, you can submit a public comment by emailing the committee members:

For example, you might feel that…

  • Any agreements between federal and city agencies regarding surveillance equipment should be written down and FOIA-able.
  • The public should know who makes the call to allow ATF cameras.
  • The lack of transparency in the city’s dealings with the federal government is at odds with our status as a sanctuary city.

We’ll be at the meeting, and hope to see you there.

ShotSpotter: There’s no lobbyist like an arms lobbyist

Seattle Privacy Coalition has blogged before about the aggressive marketing practices of ShotSpotterTM, the controversial gun-fire detection system that Seattle City Council wants to purchase. Now our friendly competitor news outlet The Intercept has blasted the story sky-high. When a sales pitch in Council Chambers is really a lobbying campaign by an international arms dealer, hold onto your wallet and your freedoms.

Here’s the Intercept article in a nutshell:

  • Despite claims to the contrary, ShotSpotter, which uses a network of microphones to pinpoint gunshots in covered areas, also records conversations going on in the vicinity. This is established fact, inasmuch as the recordings have been admitted as evidence in criminal trials.
  • ShotSpotter’s wide deployment in over 90 US cities is powered by an aggressive lobbying campaign.
    • DC lobbyist Ferguson Group, by targeting congressional delegations, has secured $7 million in federal funds to purchase ShotSpotter through Department of Justice.
    • ShotSpotter also has hired lobbying firms Squire Patton Boggs, Raben Group, Greenberg Traurig, and Mercury Group Public Affairs to sell its products at the federal, state, and city levels, including coordination with police unions.
    • Having laid the federal funding groundwork, ShotSpotter guides potential customers through the grant application process.
    • ShotSpotter cultivates revolving-door relationships with law-enforcement heavies. Senior Vice President David Chipman is a former senior official at the ATF and a former fellow to the International Association of Chiefs of Police, and New York Police Commissioner William J. Bratton did a stint as a board member before assuming his present position as one of ShotSpotter’s newest and biggest customers. (Fortunately for the American Way, he recused himself from that purchasing decision.)

The article also spotlights the silly claims by company executives that ShotSpotter is not a listening device. As one helpfully explains, “It’s an acoustic sensor. It’s not a microphone,” which you can file under Distinction Without A Difference. And, as usual, ShotSpotter can’t keep its story straight. Our Oakland friend @marymad contributes this capture from the ShotSpotter Web site:

Embedded image permalink

Just like a cell phone, eh? That explains why the 20-30 foot limit is nonsense, too. Cell phone users know that speaker-phone mode picks up anything loud enough to be picked up, regardless of distance. A conversation 100 feet away on a quiet street? No problem.

The Intercept piece concludes with this alarming assessment of the privacy issues presented by ShotSpotter’s audio surveillance:

ShotSpotter’s privacy policy claims this audio is “erased and overwritten” and “lost permanently” if its system does not sense a gunshot. However, even if this is true, the policy also states that ShotSpotter has detected and recorded “3 million incidents” over the past ten years. This also indicates the sensors report a staggering level of false alarms, and that the company has permanently recorded 18 million seconds — in other words, 5,000 hours or approximately seven months — of audio. According to a promotional document emailed to Miami city officials by ShotSpotter’s sales team, the technology allows end users to retain this audio online for two years and offline for another five.

The lessons here are not new:

  • ShotSpotter is a questionable use of money, a technical quick-fix that does little for public safety and nothing for the underlying causers of crime.
  • The company is a snake-oil merchant that constantly makes claims that defy scientific logic.
  • The ShotSpotter lobbying machine is a public menace.

 

We support the plan by Seattle City Council to closely review the money provisionally allocated to purchase ShotSpotter.

“If not for Seattle, this history would be different”

Laura Poitras’s Citizenfour reminds us that courage is local

A few days before the Seattle City Council announced its precedent-setting privacy initiative, the year’s most anticipated documentary, Citizenfour, opened at the Uptown SIFF Cinema.  Laura Poitras’s third film about the post-9/11 American security state tells the story of Edward Snowden, the NSA whistle-blower who made “dragnet surveillance” a household term.

Seattle’s step toward privacy and accountability was well-covered in the local press and also made the leap to a couple of governance trade journals. Seattle Privacy made sure that Laura Poitras herself knew what had happened here at the same time that her film was drawing capacity crowds. She sent us congratulations:

It is fitting that Seattle is first to respond – it is the home of NSA
PRISM partners such as Microsoft, as well a strong community of people
building alternatives to dragnet surveillance. These alternatives, as
well as informing and engaging with the people of Seattle, are a step
toward regaining meaningful democratic oversight relating to security
and privacy in our country.

If not for Seattle, this history would be different.

 

When the Seattle Privacy Coalition came together in early 2013, the city’s political establishment issued us the tin-foil hats reserved for people who worry about government surveillance. The disgraced, federally supervised Seattle Police Department was so used to getting its way in technology matters that it shrugged off negative public reaction to the “port security” camera network. In talks with city officials, we provoked eye-rolls and knowing smirks by suggesting that the city should pass up federal grant money that paid for boondoggles such as police drones. [Note: See the update at the end of this post. It ain’t over.]

After Snowden, the complacency was gone. Little has changed at the national or state levels — the security agencies still run Congress and the White House, Boeing still dictates to Olympia. But locally, there is movement. DHS-funded spying and cops in tanks have become issues with names: Oakland, Ferguson. The city establishment’s dread of controversy now works in favor of privacy advocates. The security lobby will have a hard time influencing every petty municipality the way it influences the federal government.

An evolving model for political action emerges from Citizenfour. In a world where democracy and the press have ceased to function at the highest levels, we watch lone individuals making fateful choices grounded in their private experience. These precise moments of integrity contrast with farcically mediated global contexts: archival footage of NSA Director Keith Alexander and National Security Director James Clapper telling extravagant lies to Congress; a frantic scrum of boom-bearing reporters around Glenn Greenwald and his partner (and taking care to edit themselves out of the film they will broadcast); or the recurring apparition of Wolf Blitzer playing Wolf Blitzer. Always there is a strong implicit case for what it real and what is not, and where personal agency lies.

“There’ll be the breaking of the ancient western code / Your private life will suddenly explode.” — Leonard Cohen

Poitras, not Snowden, is the first example of this in Citizenfour. Out of the blue, Snowden sends her an encrypted email message, an event recreated on-screen as white text unspooling in the black void of a Linux computer terminal. Disembodied in this weirdly intimate environment, an as yet anonymous Snowden tells her he is a spy, that he has classified disclosures to make, that there is great danger, and that their joint government adversary can attempt one trillion password cracks per second. Her private decision to accept this mysterious challenge leads to the events of the movie.  When she later asks “Citizenfour” why he had chosen her, He tells her, “You chose yourself.”

Poitras next tells the story of NSA veteran William Binney.  After the end of the Cold War, he developed systems to automate the collection and analysis of telecommunications metadata. Originally, the targets were foreign, but shortly after 9/11, NSA turned Binney’s work into the basis of its new program of blanket domestic surveillance. His internal protests against NSA’s lawless, ineffective, and wasteful policies went nowhere, and he soon left the agency. After being raided at gun-point in 2007 during an FBI leak investigation (in which he was later cleared), Binney gained prominence as one of the most outspoken NSA whistle-blowers prior to Snowden.

The misguided raid on Binney was provoked in part by the revelations of Mark Klein, who is not actually in the movie, though we do see a hearing from one the lawsuits that resulted. Klein was a technician for AT&T who discovered that Room 641a at 611 Folsom Street  in San Francisco was an NSA diversion site for all of AT&T’s Internet and telephone traffic. Appalled by what amounted to a tap on the entire Internet, Klein took his story to the Los Angeles Times, which refused (under government pressure) to print it. He next took it to the New York Times, which also bowed to government pressure for a year before finally publishing it in 2005.

Seattle Privacy’s co-founder Jacob Appelbaum turns up twice in the film, once before and once after his NSA reporting forced him into Berlin exile. In one segment, he presses an Occupy Wall Street audience to consider whether they have been personally under surveillance, and lists ways it could have happened — not just by means of telephones, email, and the Web, but also credit cards, travel passes, etc. He calls them canaries in a coal mine who are experiencing what everybody will experience in the near future. (As Jacob likes to say, “My present is your future,” though he now thinks the future has pretty much arrived for everyone.) The personal experience entails the universal problem, and is the key to fighting it.

We also meet Ladar Levison, the [former] proprietor of the secure email service Lavabit. Its most famous customer: Edward Snowden. Levison built an encrypted mail service that collected no information on its users, and thus had nothing to give law enforcement even when subpoenaed. Unable to identify Snowden’s correspondents in the usual way by seizing metadata, the FBI  told Levison to give up Lavabit’s master SSL encryption keys, which would allow them to uncloak the entire Lavabit customer base secretly in real time. Levison instead shut down his business rather than betray his customers’ privacy. Try to imagine that in a corporatized setting where profit is paramount and ethical concerns are actionable in civil court.

In bare outline, Snowden’s own story is that he gave up his prior life and risked life imprisonment  (or worse) to expose the actions of NSA and its partners. Most will remember his principled if fatalistic rationale from the original June 2013 interview. In Citizenfour, Snowden’s anxiety and regret become palpable. He masters his fear and steps through the hotel room door into what may be the waiting arms of a hostile government. Though Snowden repeatedly downplays his role in leaking the documents — “I’m not the story” — his choice is the story.

At Seattle Privacy, we hope to change how citizens are treated by their local government and by the police. The recent good news notwithstanding, we will continue to push the City Council to follow through on its stated intentions. We don’t want the promised oversight structure to end up a dead letter like Ordinance 124142, another privacy “first” that was passed 18 months ago and never enforced. At stake is a role for Seattle as a national model of awakened democratic government. It took bold individuals to expose the corrupt surveillance state, and it will take a bold community to prove Laura Poitras right: “If not for Seattle, this history would be different.”

Update:

Even as I wrote and published this, the City Council threatened to reverted business-as-usual by planning a budget hearing for a ShotSpotter-type system. For information about the city’s past flirtation with outdoor audio surveillance (and some sleazy video of Seattle politics at its worst) see our ShotSpotter fact sheet. Rest assured we will communicate to our leaders what we think of their renewed interest in ShotSpotter.

Shelved Seattle Police drones highlight transparency problems with surveillance equipment

As the results of a public records request recently revealed, Seattle Police Department never quite got around to sending back those drones we were all talking about back in early 2013.

Brief refresher: In early 2012, three days after then-mayoral-hopeful Bruce Harrell of Seattle City Council introduced a bill to regulate the use of drones by Seattle Police Department, then-mayor Mike McGinn one-upped his opponent by abruptly announcing an end to the drone program. McGinn also declared that the devices would be sent back to the vendor from which they were purchased.

This was a win for the public–we never asked our police to purchase flying surveillance cameras in the first place–and we celebrated it as such. But to those who were paying close enough attention, McGinn’s decree looked like political posturing.

Surveillance technology advances rapidly. The fact that SPD’s 2010-era drones, with their 15-minute battery life and inability to fly in the rain, are sitting on a shelf here in Seattle gathering dust doesn’t worry us.

We are more concerned about the continued lack of transparency in how surveillance equipment is acquired and deployed (and disabled, or not disabled), and the lack of meaningful oversight of the police department, and about the fact that our police continue to use U.S. Department Homeland Security money to purchase equipment the public doesn’t trust them to use in a constitutional manner.

Our Mayor and City Council need advice from technologists and privacy advocates to fend off the ever-encroaching surveillance state at the local level. Until we formalize a system for providing elected officials with the information they need to make good decisions, they will continue to be blind-sided by SPD’s use of their homeland security slush fund for purchases of equipment used to treat everyone as a potential suspect.

Other coverage:

The Seattle Police Dept Said It Would Get Rid of Its Drones. It Hasn’t.
by Shawn Musgrave
March 25, 2014

Seattle Police Secretly Keep Drones Despite Promise
by Mikael Thalen
March 26, 2014

Seattle Police Still Have Drones
by Ansel Hertz
March 26, 2014