Securing my data for international travel II: Aftermath

By Regus Patoff, Anonymous Person

[For Part I, see https://seattleprivacy.org/securing-my-data-for-international-travel/.]

So, I returned alive from my trip and I have much to report. First, I’ll disclose the countries I visited:

  • The United Kingdom.  Despite its legal history of fostering civil liberties, the present-day UK consistently favors perceived national security over free-speech protections. When I travel there, I worry about its key disclosure laws.
  • Russia. Authoritarian kleptocracy, long history of civil repression and, nowadays, rampant public/private corruption. I say all this with affection.
  • Mongolia, a sparsely populated country of 6 million people transitioning from Soviet satellite to non-aligned parliamentary democracy. It’s a strange mix of residual police state and aspiring rust-belt capitalism.
  • China. Economic superpower with global aspirations, and operator of the world’s most comprehensive system of censorship and domestic surveillance.

And let us not forget the United States. The problem with US border crossings is the supposed legality of detaining taciturn, rude, or otherwise suspicious citizens and seizing their electronic devices for study. Think 50 shades of gray coercion, and don’t think about the 4th Amendment.

Border Experiences

Despite all fears going into this, I had no data-related problems at any of the borders. The officials showed no interest in my devices beyond being startled by my over-stuffed electronic organizer bag. The varying protocols for laptops (do take them out, don’t take them out), metal items, shoes, etc., were no weirder or more inconsistent than in the US. Obviously, if I had provoked a secondary screening at any of checkpoints, my experience would have been different.

The single incident of interest was my travel companion’s apparently random interrogation (carried out discreetly in The Small Room) in a provincial Russian airport. The official, in plainclothes, young, smart, ironic, and courtly, with excellent English, was not a normal border goon. He asked the usual border questions (where are you going, what do you do for a living, etc.) along with a strange one: “Have you encountered any other people like me, who ask a lot of questions?”

The final border crossing, back into the US was unusually easy, especially considering the countries newly stamped on my passport. I think that my own attitude (unconcerned, curious) helped matters, and I had the attitude I did because I had prepared carefully. I had rigorously deleted all my data, per the protocol, as I was walking down the jetway. I had resolved not to be provocative or aggressive. Instead, I would be willing to answer questions about the destinations of my travel, even though it’s a verbal game when they ask, since they already know. My companion and I had also agreed that we would refuse to answer any questions about people we visited or traveled with. We found it very calming to have worked out our personal boundaries before crossing the national boundary. We knew what to do. Happily, we didn’t have to do anything.

Censorship, or, Unexpected Annoyances

My border-crossing protocol was to use Google Backups, factory-reset all my Android devices (I carried nothing else) before crossing borders, and then to restore them after entry. This worked fine in the UK and Russia, where I easily found fast and functional Internet connections to download my backups and reinstall my applications, though it was more time-consuming than when testing under more ideal conditions.

China was another matter. The Great Firewall effectively blocks the entire Google mega-system. Sometimes it doesn’t block things outright — it just throttles selected targets so severely that connections time out and fail. I could not access my backups, and I had no access to Google Play, so there was no easy way to restore my non-default apps. Since I carried a T-Mobile SIM card, I had (in theory) uncensored access to the Internet — the Chinese government avoids the bad PR of blocking visitors’ mobile connectivity. Yet with T-Mobile’s degraded (but free!) 2G roaming, it was effectively impossible to download apps over the cell network.

Even in China, there are workarounds, though first there was triage. Signal was the one thing needful, if only to keep in touch with my travel companions. Fortunately, Signal is open-source software, and it has a GitHub.com page, and, apparently, the Great Firewall tolerates GitHub. I was able to download a Signal APK and install it manually. The same approach worked for a few other apps, not always from the most reputable sources.

I learned from this experience that the Great Firewall can be breached by the technically adept, especially by privileged foreigners who suffer no reprisals for visiting inappropriate websites. All in all, China’s censorship regime is a highly effective means of domestic social control. Battling it was not a fun way to spend my vacation.

Buying Connectivity

I had expected T-Mobile’s roaming to meet all my data needs, but with the slow the connection in China, the spotty coverage in Russia, and the expense of data in Mongolia (do not even THINK about using data there), buying local SIM cards was a good idea. In China, the process was alarming. I had to be photographed, and my passport was tied to the SIM, and I had to complete a lengthy form. There was considerable confusion among the staff, but that may be the result of choosing an out-of-the-way cell-phone dealer. It took an hour and cost $20 for a couple of gigabytes of data. It was worth it, though, for the much faster load times, which made reading the news a lot more pleasant. I had to overcome my distaste for Bing, because apparently Microsoft has cut a deal with China’s censors and is freely available. It’s the only choice for most Westerners since China’s Baidu search engine is an entirely Chinese affair.

Though I didn’t use it on my brief visit, WeChat is the one indispensable app in China. Though it started as a social platform, everybody uses it now for wireless payments. This requires a bank card and some ingenuity, I am told.

During a lengthy airport delay in Russia, I bought another SIM card, this time 3 gigabytes for $6, no mugshot, just passport number, all in 5 minutes.

Camera Troubles

My biggest data headache involved my biggest chunk of data — 1000 digital photographs. I did not find a good solution for protecting and exfiltrating this much data. I suppose you could manually encrypt your photos and carry them out, but that doesn’t protect them from confiscation. Uploading is extremely time-consuming and subject to bandwidth availability. I also had the absurd problem of just off-loading the data from the camera using the crap software provided by the manufacturer (Pentax). Next time I will have adapters to allow direct offloading of the memory card to an Android device…where I can remain uncertain what to actually do with the files.

A Lesson About Apps

Restoring the devices after a border crossing took more time than expected, and in China, it was near impossible. Next time, I will keep a stash of useful Android APK installer files I can load without an Internet connection.

It’s not totally easy to find these files, but it’s a lot easier doing it beforehand in the West than from behind the Great Firewall. Nowadays, Google Play deletes an APK package after installation, so you can’t just grab your installed packages like you once could. If you download an APK manually from a website, it should end up in a Download directory in your device storage.

Let’s find some of the applications on my list:

On https://signal.org/android/apk/, Signal rather sensibly displays the following:

Do it anyway — you have special needs, and doing this makes you advanced.

  • K9 Mail

Loads of FLOSS Android apps are hosted on GitHub. You can expect to find APKs there. K-9 mail, at https://github.com/k9mail/k-9/releases, has various APKs for past, current, and future (pre-) releases.

KeePassDroid, the preferred Android implementation of the cross-platform desktop key-manager KeePass, keeps its reference APKs at https://code.google.com/archive/p/keepassdroid/downloads and I guess we have little choice but to trust Google, right?

Orbot is the Android version of Tor developed by the Guardian Project. With Tor, you can browse the Web anonymously. Within limits. Relatively slowly. And though I didn’t try this in China, you can even use Tor to pierce the Great Firewall, which is probably illegal there. You can download the latest Orbot APK directly from https://guardianproject.info/releases/orbot-latest.apk.

Avoid the numerous, random download sites with cute names like “APKsupermarket.com” [not a real site but I’m sure it will be now]. These may inject adware or spyware or outright haXX0я malware into the package and make you very sorry afterwards as you sit in a cell being enhancedly interrogated.

Securing my data for international travel

By Regus Patoff, Anonymous Person

I have a complicated international trip coming up, and I want to protect my private information from border officials. Abroad or in the US, border officials can and do abuse their discretionary power to interrogate travelers, seize electronic devices, demand passwords, and generally inquire into matters unrelated to border safety. This post summarizes my plan. Later I’ll let you know how it went.

 

I’m hard to find online

I started preparing by making my Twitter account anonymous and taking down my personal blog. Now I don’t pop up in Google, so I’m protected from a casual search on my name. It took a full year for my name to fade off of Google, so start this in advance if you want to do it.

I’m not a “target”

I am not important enough to need to worry about state security agencies, and this post isn’t for people who are. . I just want to provide zero information to border guards. All they need to know is that I’m not carrying weapons on a flight, and beyond that, in matters of my heart and mind, they can piss off. My border crossings double as resistance to the erosion of my legal and human rights.

I carry a lot of electronic equipment with me when I travel, though no more that what a typical business traveler might. Basically, a phone, a tablet, and a laptop, though no laptop on this trip . I’m leaving behind many computer services that I need to stay in touch with:

  • A computer server providing websites for myself and others, and also DNS. I need administrative access to that even when traveling.
  • Hidden Tor services that I host.
  • Other various backup services hosted by a major cloud services provider.
  • My personal email hosted by another cloud services provider.
  • A backup email provider, a big one, just in case.
  • My private cloud that I host, full of information that I like to have available all the time and on any device, but which I don’t want to trust to a vendor.

Devices I’m taking along

These are the devices I’ll be carrying:

  • An Android phone (cell and Wi-Fi connectivity, with an add-on SD-card for storage). Serves as a phone, of course, but also as a music player.
  • An Android tablet (Wi-Fi connectivity, with an add-on SD-card for storage). This, with an accessory keyboard and mouse, serves as a full-service computer substitute, an ebook reader, and a mapping+navigation device.

Why Android?

I know that iOS devices are regarded as more secure by the extremely careful and/or extremely threatened. I’m not an Android expert who can improvise my own iOS-equivalent security. However, I am not trying to defend myself against intelligence services at the border, I’m just trying to beat border guards. Stock Android with encryption will work. I prefer Android because I like to tinker, so that’s what I’m taking. Loyal iOS users reading this will have no trouble translating its suggestions into the language of their favorite mobile platform.

I’m also carrying a philosophy

Don’t be a hostage to your stuff. My travel devices are cheap and/or old enough to make losing them to government seizure acceptable. It’s the data that matters.

Sensitive data

My data protection strategy is to keep my sensitive data in the cloud where I can access it when it is safe to do so. My sensitive data in this case includes:

  • Contacts
  • Email
  • Calendar
  • Bookmarks
  • Browser history
  • Passwords
  • Cryptographic keys
  • Photographs

Backups

I’ll be keeping data of this sort in the cloud (private or public) and accessing them through secure connections (HTTPS, SSH) or by secure synchronization services (Android sync, Google Drive, Mozilla sync). I also store configuration profiles for important applications (for example, email) so I don’t have to remember them. I have made several layers of backups for everything, in several locations, including my private cloud and a virtual machine I pay a cloud services provider for. If the sync services fail or I lose my devices, I’ll be able to access my important data from any Internet-connected computer.

Passwords

Passwords are a problem. I use around one hundred strong, random passwords for various websites and services, which means I have to use a password manager to keep track of them. I don’t care much for the hosted password management services, so I run my own and sync its database through my private cloud. My Android devices automatically sync up with my password database.

However, to be truly independent of particular devices and safe from government seizure, I need to carry a few strong but unforgettable passwords in my head. I use one to access my private cloud, where everything important is stored. I have another memorized password for my password database, which is itself encrypted, and one more for my backup email account. In general, the correct-battery-horse-staple (https://xkcd.com/936/) method of password building is the way to go for these master, memorized passwords.

Non-sensitive data

In addition to the sensitive data, I’ll be carrying some relatively bulky, non-sensitive stuff:

  • Music files
  • Map files
  • Ebooks

I’ll keep this data on the external MicroSD cards in each device, unencrypted. I’ll avoid carrying anything controversial. These things are already backed up at home, but are too bulky to sync if I lose them. Worst case scenario, I can’t listen to LCD Soundsystem on the funicular. It’s something of a technical trick, though, to keep sensitive data from being saved to those cards by the ever-helpful Android operating system.

My pilot protocol

Putting all this together, here is my planned device security protocol for before and after entering a country:

  1. Before: Factory reset the devices. Do not begin device setup.[Non-random thought: Will border officials be annoyed to find a factory-reset device? I imagine the Israelis would be annoyed, or the authorities in Urumqi. An alternative would be to set up a false/alternative identity on the device, which would take planning and time. A secondary and very uninteresting Google account would do the trick. However, DO NOT GET CAUGHT LYING TO THE AUTHORITIES. When I was living in {oppressive regime}, I planned my lies very carefully and kept them effectively unfalsifiable.]
  2. After border crossing, set up the devices using Google account credentials.
  3. Choose option to restore from a cloud backup, including apps.
  4. Finish setup, and when prompted, have the device restore all apps.
  5. Retrieve email configuration from the cloud.
  6. Set up SSH keys.
  7. Re-sync browser bookmarks.
  8. Rebuild the home screen, which in my experience is not restored.

Coming soon: How this worked in a “liberal democracy” with draconian security measures, and in an “undemocratic regime” with the same.

 

Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats

 

Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats

 

In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.

Tell City Council that Feds Must Follow Seattle Law

Call for action: Demand transparency related to federal government surveillance in Seattle

tl,dr

Email the city and insist that city employees document cooperation with federal requests for surveillance cameras.

Details

What: Meeting of Seattle City Council Committee on Energy and Environment. Agenda:  https://seattle.legistar.com/View.ashx…

When: Tuesday, January 24, at 2 pm

Where: Council Chambers at Seattle City Hall (601 5th Avenue, at Cherry)

Why: Of interest in the agenda is item #2:

Warrantless Surveillance Cameras in Seattle: How to protect
the privacy of Seattleites and reverse the proliferation of
surveillance cameras installed by the Seattle Police
Department and Federal law enforcement agencies on SCL
polls in public space without democratic authorization or
transparency.

As many of you will know, Seattle currently has legislation about surveillance equipment on the books. Currently, however, federal agencies ignore it (because it doesn’t apply to them) and use city resources to put up their own cameras. Seattle Privacy has documented several cases where the ATF or FBI entered into informal, off-the-record, verbal agreements Seattle City Light employees allowing the placement of cameras on utility poles.

We support the committee’s study of this issue call on the committee members to back corrective legislation.

What you can do

Attend the meeting if you can, and speak out during the public comment period.

If you can’t attend, you can submit a public comment by emailing the committee members:

For example, you might feel that…

  • Any agreements between federal and city agencies regarding surveillance equipment should be written down and FOIA-able.
  • The public should know who makes the call to allow ATF cameras.
  • The lack of transparency in the city’s dealings with the federal government is at odds with our status as a sanctuary city.

We’ll be at the meeting, and hope to see you there.