Securing my data for international travel II: Aftermath

By Regus Patoff, Anonymous Person

[For Part I, see https://seattleprivacy.org/securing-my-data-for-international-travel/.]

So, I returned alive from my trip and I have much to report. First, I’ll disclose the countries I visited:

  • The United Kingdom.  Despite its legal history of fostering civil liberties, the present-day UK consistently favors perceived national security over free-speech protections. When I travel there, I worry about its key disclosure laws.
  • Russia. Authoritarian kleptocracy, long history of civil repression and, nowadays, rampant public/private corruption. I say all this with affection.
  • Mongolia, a sparsely populated country of 6 million people transitioning from Soviet satellite to non-aligned parliamentary democracy. It’s a strange mix of residual police state and aspiring rust-belt capitalism.
  • China. Economic superpower with global aspirations, and operator of the world’s most comprehensive system of censorship and domestic surveillance.

And let us not forget the United States. The problem with US border crossings is the supposed legality of detaining taciturn, rude, or otherwise suspicious citizens and seizing their electronic devices for study. Think 50 shades of gray coercion, and don’t think about the 4th Amendment.

Border Experiences

Despite all fears going into this, I had no data-related problems at any of the borders. The officials showed no interest in my devices beyond being startled by my over-stuffed electronic organizer bag. The varying protocols for laptops (do take them out, don’t take them out), metal items, shoes, etc., were no weirder or more inconsistent than in the US. Obviously, if I had provoked a secondary screening at any of checkpoints, my experience would have been different.

The single incident of interest was my travel companion’s apparently random interrogation (carried out discreetly in The Small Room) in a provincial Russian airport. The official, in plainclothes, young, smart, ironic, and courtly, with excellent English, was not a normal border goon. He asked the usual border questions (where are you going, what do you do for a living, etc.) along with a strange one: “Have you encountered any other people like me, who ask a lot of questions?”

The final border crossing, back into the US was unusually easy, especially considering the countries newly stamped on my passport. I think that my own attitude (unconcerned, curious) helped matters, and I had the attitude I did because I had prepared carefully. I had rigorously deleted all my data, per the protocol, as I was walking down the jetway. I had resolved not to be provocative or aggressive. Instead, I would be willing to answer questions about the destinations of my travel, even though it’s a verbal game when they ask, since they already know. My companion and I had also agreed that we would refuse to answer any questions about people we visited or traveled with. We found it very calming to have worked out our personal boundaries before crossing the national boundary. We knew what to do. Happily, we didn’t have to do anything.

Censorship, or, Unexpected Annoyances

My border-crossing protocol was to use Google Backups, factory-reset all my Android devices (I carried nothing else) before crossing borders, and then to restore them after entry. This worked fine in the UK and Russia, where I easily found fast and functional Internet connections to download my backups and reinstall my applications, though it was more time-consuming than when testing under more ideal conditions.

China was another matter. The Great Firewall effectively blocks the entire Google mega-system. Sometimes it doesn’t block things outright — it just throttles selected targets so severely that connections time out and fail. I could not access my backups, and I had no access to Google Play, so there was no easy way to restore my non-default apps. Since I carried a T-Mobile SIM card, I had (in theory) uncensored access to the Internet — the Chinese government avoids the bad PR of blocking visitors’ mobile connectivity. Yet with T-Mobile’s degraded (but free!) 2G roaming, it was effectively impossible to download apps over the cell network.

Even in China, there are workarounds, though first there was triage. Signal was the one thing needful, if only to keep in touch with my travel companions. Fortunately, Signal is open-source software, and it has a GitHub.com page, and, apparently, the Great Firewall tolerates GitHub. I was able to download a Signal APK and install it manually. The same approach worked for a few other apps, not always from the most reputable sources.

I learned from this experience that the Great Firewall can be breached by the technically adept, especially by privileged foreigners who suffer no reprisals for visiting inappropriate websites. All in all, China’s censorship regime is a highly effective means of domestic social control. Battling it was not a fun way to spend my vacation.

Buying Connectivity

I had expected T-Mobile’s roaming to meet all my data needs, but with the slow the connection in China, the spotty coverage in Russia, and the expense of data in Mongolia (do not even THINK about using data there), buying local SIM cards was a good idea. In China, the process was alarming. I had to be photographed, and my passport was tied to the SIM, and I had to complete a lengthy form. There was considerable confusion among the staff, but that may be the result of choosing an out-of-the-way cell-phone dealer. It took an hour and cost $20 for a couple of gigabytes of data. It was worth it, though, for the much faster load times, which made reading the news a lot more pleasant. I had to overcome my distaste for Bing, because apparently Microsoft has cut a deal with China’s censors and is freely available. It’s the only choice for most Westerners since China’s Baidu search engine is an entirely Chinese affair.

Though I didn’t use it on my brief visit, WeChat is the one indispensable app in China. Though it started as a social platform, everybody uses it now for wireless payments. This requires a bank card and some ingenuity, I am told.

During a lengthy airport delay in Russia, I bought another SIM card, this time 3 gigabytes for $6, no mugshot, just passport number, all in 5 minutes.

Camera Troubles

My biggest data headache involved my biggest chunk of data — 1000 digital photographs. I did not find a good solution for protecting and exfiltrating this much data. I suppose you could manually encrypt your photos and carry them out, but that doesn’t protect them from confiscation. Uploading is extremely time-consuming and subject to bandwidth availability. I also had the absurd problem of just off-loading the data from the camera using the crap software provided by the manufacturer (Pentax). Next time I will have adapters to allow direct offloading of the memory card to an Android device…where I can remain uncertain what to actually do with the files.

A Lesson About Apps

Restoring the devices after a border crossing took more time than expected, and in China, it was near impossible. Next time, I will keep a stash of useful Android APK installer files I can load without an Internet connection.

It’s not totally easy to find these files, but it’s a lot easier doing it beforehand in the West than from behind the Great Firewall. Nowadays, Google Play deletes an APK package after installation, so you can’t just grab your installed packages like you once could. If you download an APK manually from a website, it should end up in a Download directory in your device storage.

Let’s find some of the applications on my list:

On https://signal.org/android/apk/, Signal rather sensibly displays the following:

Do it anyway — you have special needs, and doing this makes you advanced.

  • K9 Mail

Loads of FLOSS Android apps are hosted on GitHub. You can expect to find APKs there. K-9 mail, at https://github.com/k9mail/k-9/releases, has various APKs for past, current, and future (pre-) releases.

KeePassDroid, the preferred Android implementation of the cross-platform desktop key-manager KeePass, keeps its reference APKs at https://code.google.com/archive/p/keepassdroid/downloads and I guess we have little choice but to trust Google, right?

Orbot is the Android version of Tor developed by the Guardian Project. With Tor, you can browse the Web anonymously. Within limits. Relatively slowly. And though I didn’t try this in China, you can even use Tor to pierce the Great Firewall, which is probably illegal there. You can download the latest Orbot APK directly from https://guardianproject.info/releases/orbot-latest.apk.

Avoid the numerous, random download sites with cute names like “APKsupermarket.com” [not a real site but I’m sure it will be now]. These may inject adware or spyware or outright haXX0я malware into the package and make you very sorry afterwards as you sit in a cell being enhancedly interrogated.

Securing my data for international travel

By Regus Patoff, Anonymous Person

I have a complicated international trip coming up, and I want to protect my private information from border officials. Abroad or in the US, border officials can and do abuse their discretionary power to interrogate travelers, seize electronic devices, demand passwords, and generally inquire into matters unrelated to border safety. This post summarizes my plan. Later I’ll let you know how it went.

 

I’m hard to find online

I started preparing by making my Twitter account anonymous and taking down my personal blog. Now I don’t pop up in Google, so I’m protected from a casual search on my name. It took a full year for my name to fade off of Google, so start this in advance if you want to do it.

I’m not a “target”

I am not important enough to need to worry about state security agencies, and this post isn’t for people who are. . I just want to provide zero information to border guards. All they need to know is that I’m not carrying weapons on a flight, and beyond that, in matters of my heart and mind, they can piss off. My border crossings double as resistance to the erosion of my legal and human rights.

I carry a lot of electronic equipment with me when I travel, though no more that what a typical business traveler might. Basically, a phone, a tablet, and a laptop, though no laptop on this trip . I’m leaving behind many computer services that I need to stay in touch with:

  • A computer server providing websites for myself and others, and also DNS. I need administrative access to that even when traveling.
  • Hidden Tor services that I host.
  • Other various backup services hosted by a major cloud services provider.
  • My personal email hosted by another cloud services provider.
  • A backup email provider, a big one, just in case.
  • My private cloud that I host, full of information that I like to have available all the time and on any device, but which I don’t want to trust to a vendor.

Devices I’m taking along

These are the devices I’ll be carrying:

  • An Android phone (cell and Wi-Fi connectivity, with an add-on SD-card for storage). Serves as a phone, of course, but also as a music player.
  • An Android tablet (Wi-Fi connectivity, with an add-on SD-card for storage). This, with an accessory keyboard and mouse, serves as a full-service computer substitute, an ebook reader, and a mapping+navigation device.

Why Android?

I know that iOS devices are regarded as more secure by the extremely careful and/or extremely threatened. I’m not an Android expert who can improvise my own iOS-equivalent security. However, I am not trying to defend myself against intelligence services at the border, I’m just trying to beat border guards. Stock Android with encryption will work. I prefer Android because I like to tinker, so that’s what I’m taking. Loyal iOS users reading this will have no trouble translating its suggestions into the language of their favorite mobile platform.

I’m also carrying a philosophy

Don’t be a hostage to your stuff. My travel devices are cheap and/or old enough to make losing them to government seizure acceptable. It’s the data that matters.

Sensitive data

My data protection strategy is to keep my sensitive data in the cloud where I can access it when it is safe to do so. My sensitive data in this case includes:

  • Contacts
  • Email
  • Calendar
  • Bookmarks
  • Browser history
  • Passwords
  • Cryptographic keys
  • Photographs

Backups

I’ll be keeping data of this sort in the cloud (private or public) and accessing them through secure connections (HTTPS, SSH) or by secure synchronization services (Android sync, Google Drive, Mozilla sync). I also store configuration profiles for important applications (for example, email) so I don’t have to remember them. I have made several layers of backups for everything, in several locations, including my private cloud and a virtual machine I pay a cloud services provider for. If the sync services fail or I lose my devices, I’ll be able to access my important data from any Internet-connected computer.

Passwords

Passwords are a problem. I use around one hundred strong, random passwords for various websites and services, which means I have to use a password manager to keep track of them. I don’t care much for the hosted password management services, so I run my own and sync its database through my private cloud. My Android devices automatically sync up with my password database.

However, to be truly independent of particular devices and safe from government seizure, I need to carry a few strong but unforgettable passwords in my head. I use one to access my private cloud, where everything important is stored. I have another memorized password for my password database, which is itself encrypted, and one more for my backup email account. In general, the correct-battery-horse-staple (https://xkcd.com/936/) method of password building is the way to go for these master, memorized passwords.

Non-sensitive data

In addition to the sensitive data, I’ll be carrying some relatively bulky, non-sensitive stuff:

  • Music files
  • Map files
  • Ebooks

I’ll keep this data on the external MicroSD cards in each device, unencrypted. I’ll avoid carrying anything controversial. These things are already backed up at home, but are too bulky to sync if I lose them. Worst case scenario, I can’t listen to LCD Soundsystem on the funicular. It’s something of a technical trick, though, to keep sensitive data from being saved to those cards by the ever-helpful Android operating system.

My pilot protocol

Putting all this together, here is my planned device security protocol for before and after entering a country:

  1. Before: Factory reset the devices. Do not begin device setup.[Non-random thought: Will border officials be annoyed to find a factory-reset device? I imagine the Israelis would be annoyed, or the authorities in Urumqi. An alternative would be to set up a false/alternative identity on the device, which would take planning and time. A secondary and very uninteresting Google account would do the trick. However, DO NOT GET CAUGHT LYING TO THE AUTHORITIES. When I was living in {oppressive regime}, I planned my lies very carefully and kept them effectively unfalsifiable.]
  2. After border crossing, set up the devices using Google account credentials.
  3. Choose option to restore from a cloud backup, including apps.
  4. Finish setup, and when prompted, have the device restore all apps.
  5. Retrieve email configuration from the cloud.
  6. Set up SSH keys.
  7. Re-sync browser bookmarks.
  8. Rebuild the home screen, which in my experience is not restored.

Coming soon: How this worked in a “liberal democracy” with draconian security measures, and in an “undemocratic regime” with the same.

 

On the nature of surveillance, self defense, and activism

The Seattle Privacy Coalition instructed our first anonymous group of Seattleites who are victims of abusive surveillance or at risk of becoming a victim. Overwhelmingly, the students of our first workshop were women, even though everyone that attended ranged in age, background, race, nationality, ethnicity, and sexual-orientation. Despite their differences, their commonality was their genuine care for people — society — to such a degree that their non-violent actions are considered a threat to corporate and government power.

The concern

Almost 226 years ago, our fundamental rights as Americans were ratified. Broad protections were guaranteed to us against search and seizure, something that we, as a society, now sometimes call privacy due to the large amount of our lives willingly and unwillingly propelled into digital spaces. Objection to intrusive search and seizure of physical objects has evolved into our ability to control personal information made harder by advancing and cheapening technology.

Corporations, governments, and law enforcement agencies do not have a right to abuse people by way of deploying advanced technology. They may have the ability and privilege to do so, but that ability and privilege cannot and should not become a slippery slope to control people who are exercising their government-sponsored and government-protected right to protest perceived abuses of power. What is the significance of our constitutional protections unless we act, so that our rights become right and our values proven?

Despite the stark ethical differences between rights and privileges, activists are readily harassed, stalked, physically abused, or murdered. Anyone guided by justifiability and morality can understand why we need to support this vulnerable population of people.

The workshop

In large part, surveillance self-defense is about technology and education. Similar to the practice of martial arts, self-defense is learned by empowering one’s self with knowledge and control over mind, body, and environment. Understanding technological threats and assets will help non-violent activists achieve their goals. To best achieve our objectives, we approached this training with the wisdom of a teacher and also the curiosity of a student. Everyone there had something to share and learn.

Our students were not tech-savvy. Many of them had cell phones that were merely recommended to them by family members or casual friends. One of them had a Windows phone, something even our technologists didn’t know if it employs storage encryption. Even though only one person was the facilitator over the course of almost five hours of training, various Seattle Privacy Coalition co-educators were participants of the training and regularly contributed facts, metaphors, and applied real-time research.

We started off by introducing the Seattle Privacy Coalition and notable facts about the organizers, like not being associated with law enforcement or intelligence services. A story was told to create some initial privacy empowerment and a statement about everyone’s right to identity-self-determination while  participating in the workshop.

We started our curriculum by highlighting the cause of risk, which can be characterized by a balance between threat and vulnerability. Throughout the workshop, distinctions were made by attributing the specifics of scenarios to either a threat or a vulnerability to best appreciate any given risk.

The first tool provided to our students was not software; it was an information resource, one regularly brought back into the dialogue. The Electronic Frontier Foundation‘s (EFF) online guide titled “Surveillance Self Defense” (SSD) was chosen to be our primary reference material. Their amazing and much needed work is where we got the name of our new program. We think that the EFF’s SSD should discuss the notion of a vulnerability, not just the notion of a threat when assessing risk regarding “An Introduction to Threat Modeling“.

Another SSD concern was the need for a preemptive list of jargon in each article. As you might notice, one of the Seattle Privacy Coalition’s goals is to provide constructive feedback to the EFF from our experiences with our activist and journalist students.

Graciously, one of our students enjoyed sharing the words of every acronym that we used to instruct with. It was a healthy reminder that our students need a lot of breakdown, which in effect, leads to a lot of segues. Seattle Privacy Coalition needs to include more subtle structure into our curriculum plans so not to spend as much time on segues. Segues created a condition where it became too easy for non-technologists to get lost. We regularly asked if everyone were comfortable with the previously discussed topic so people could easily ask questions.

Other over-arching concepts included the differences between active and passive surveillance, and also the differences between transport encryption and encrypted storage. The Seattle Privacy Coalition needs to add a section disusing a basic concept of encryption in our upcoming workshops.

The majority of our students were iOS and OS X users, which was slightly unfortunate since we don’t have any Apple users among the active Seattle Privacy Coalition volunteers. Creating power users out of Apple users was a clear challenge in our workshop, but we were able to educate on a few important self-defense tactics and operations.

Regardless of the lack of Apple iOS and OS X experience, we were able to cover many outstanding encryption tools. We only instructed on the use of open source tools made by The Guardian Project, Open Whisper Systems, and The Tor Project . We limited our tools training to these developers because of their commitment to human rights, attention to usability, and their verifiable skills at employing strong encryption through careful software development.

We covered topics like “data linkability” and applied its concept throughout the workshop. We covered notions of “metadata” and applied its concept throughout the workshop. We covered search and seizure laws and rights. We covered Washington state audio and video recording laws and responsibilities. We made sure every Android and iOS user had storage encryption enabled. We also discussed OTR advantages in light of the above chosen software tools.

We spent a lot of time talking about cell phone communication encryption as a matter of risk deterrence. We did this by covering basic cellular network infrastructure and various vulnerabilities. Discussing SS7 vulnerabilities, baseband processor vulnerabilities, and IMSI-catcher threat detection was a primary knowledge area that we think is critically important for activists.

With only five hours before everyone was completely wiped, we barely had enough time to cover the proper use of Tor. Regrettably, Tor was talked about only as a solution. We did not comprehensively discuss threats and vulnerabilities. We did not have enough time to include any hands-on exercises which we think is ideal for showing activists how easy it is to install and use the above mentioned software tools. We also were not able to talk about HTTPS or PKI, which would have been useful after a basic intro to encryption.

Lastly, while we were able to discuss contact management for cell phones, we did not discuss contact management for personal computers. In fact, while 5 hours is a lot of time, we had no time for talking about personal computer hardening aside from a few brief mentions of Tails Linux. The only attendees to raise their hands as being Linux users were those from the Seattle Privacy Coalition.

In Retrospect

Everyone walked away having learned many important things, and with a some healthy paranoia. Seattle Privacy Coalition volunteers learned a lot too, particularly about the nature of this specific underrepresented community in Seattle. The Seattle City Council is advised by the Citizens Technology and telecommunications Advisory Board (CTTAB), and in a couple months, CTTAB will be hosting a privacy symposium specifically looking at underrepresented communities that are often hurt by data mismanagement or surveillance. Activists are not only underrepresented, they’re often abused and misunderstood by capitalists, politicians, and journalists. We hope that these surveillance self-defense workshops will help our fellow residents, our city, and our perception of privacy moving forward.

Surveillance Self Defense for Activists, January 2015

foto_no_exif

 

Greetings Seattle activists!

Seattle Privacy Coalition is starting a new workshop in Seattle called Surveillance Self Defense, a name gratefully adopted from the Electronic Frontier Foundation’s “Tips, Tools and How-tos for Safer Online Communications“. Our workshops will be free to the public but limited in space.

Surveillance Self Defense for Activists will start in January 2015 and occur every-other month. So if you miss January’s, remember that another workshop will happen in March 2015. We are also starting Surveillance Self Defense for Journalists, which will begin in February 2015.

Our first workshop, for activists, will be on Sunday, January 18. Registration is not yet open. The time, location and curriculum will be announced when registration opens next week. Curriculum will include securing your phone and computer (and related communication) for on-the-ground activists, no matter if you’re an organizer or participant.

 

There will be no form of registration that will record who is attending, so no Facebook, Meetup, or email invites of any kind. This is done to protect the privacy of the attendees. Depending on our workshop space, we will have a limit to how many people we can accommodate. We’ll know how many people to expect based on how many anonymous surveys are submitted.

Below is a set of draft survey questions that we’ll be asking each participant to answer before they attend. They have been created with the help of Internews’ SaferJourno project. We’re putting these here now just to give you an idea of what kinds of things we’ll be educating you about:

  1. Do you use a cell phone when participating in protests?
  2. What is the operating system of the cell phone that you take to protests?
  3. Select the capabilities of said cell phone:
    1. Phone calls
    2. SMS (text messaging)
    3. Data (internet access via 2G, 3G, or 4G)
    4. Bluetooth
    5. Camera
    6. Video camera
    7. (fill in the blank)
  4. When participating in protests, what communication platforms do you use?
    1. Google Hangouts
    2. Apple iMessage
    3. SMS/texts
    4. Facebook Chat
    5. Email
    6. Twitter
    7. (fill in the blank)
  5. Do you know any differences between HTTP and HTTPS?
  6. Have you used privacy enhancing tools such as a VPN or Tor, either on a computer or on a cell phone?
  7. Have you ever sent an encrypted email before?
  8. Is your cell phone password protected?
    1. Yes, with a pin number
    2. Yes, with a password
    3. Yes, with a pattern
    4. Yes, with a fingerprint
    5. Yes, with a faceprint
    6. No
  9. Is your cell phone’s storage encrypted?
  10. Do you know what an IMSI-catcher, or “Stingray”, is?
  11. Regarding the personal computer that you use to coordinate protests, what is its operating system?
  12. Have you ever had a personal computing device seized or confiscated?
  13. Are you currently a victim of active surveillance?
  14. Do you drive, carpool, bus, bike, or walk to protests?
    1. Drive
    2. Carpool
    3. Bus
    4. Bike
    5. Walk
  15. Do you use your electronic debit, credit, and/or bus card(s) before, during, or after attending a protest?
    1. Yes, debit/credit
    2. Yes, bus (Orca) card
    3. No
  16. Do you have access to a technical specialist when you have questions about digital safety tools and practices?
  17. What topics would you like to see covered at this workshop?
  18. Will you be bringing your cell phone or laptop to the workshop? We encourage you to for our hands-on training.

Please be sure to check back here next week for registration! For organizing queries, please send an (ideally PGP encrypted) email to “yawnbox at riseup dot net”. If you’re a security or legal educator and wish to get involved, please email me.

Cheers!