Securing my data for international travel II: Aftermath

By Regus Patoff, Anonymous Person

[For Part I, see https://seattleprivacy.org/securing-my-data-for-international-travel/.]

So, I returned alive from my trip and I have much to report. First, I’ll disclose the countries I visited:

  • The United Kingdom.  Despite its legal history of fostering civil liberties, the present-day UK consistently favors perceived national security over free-speech protections. When I travel there, I worry about its key disclosure laws.
  • Russia. Authoritarian kleptocracy, long history of civil repression and, nowadays, rampant public/private corruption. I say all this with affection.
  • Mongolia, a sparsely populated country of 6 million people transitioning from Soviet satellite to non-aligned parliamentary democracy. It’s a strange mix of residual police state and aspiring rust-belt capitalism.
  • China. Economic superpower with global aspirations, and operator of the world’s most comprehensive system of censorship and domestic surveillance.

And let us not forget the United States. The problem with US border crossings is the supposed legality of detaining taciturn, rude, or otherwise suspicious citizens and seizing their electronic devices for study. Think 50 shades of gray coercion, and don’t think about the 4th Amendment.

Border Experiences

Despite all fears going into this, I had no data-related problems at any of the borders. The officials showed no interest in my devices beyond being startled by my over-stuffed electronic organizer bag. The varying protocols for laptops (do take them out, don’t take them out), metal items, shoes, etc., were no weirder or more inconsistent than in the US. Obviously, if I had provoked a secondary screening at any of checkpoints, my experience would have been different.

The single incident of interest was my travel companion’s apparently random interrogation (carried out discreetly in The Small Room) in a provincial Russian airport. The official, in plainclothes, young, smart, ironic, and courtly, with excellent English, was not a normal border goon. He asked the usual border questions (where are you going, what do you do for a living, etc.) along with a strange one: “Have you encountered any other people like me, who ask a lot of questions?”

The final border crossing, back into the US was unusually easy, especially considering the countries newly stamped on my passport. I think that my own attitude (unconcerned, curious) helped matters, and I had the attitude I did because I had prepared carefully. I had rigorously deleted all my data, per the protocol, as I was walking down the jetway. I had resolved not to be provocative or aggressive. Instead, I would be willing to answer questions about the destinations of my travel, even though it’s a verbal game when they ask, since they already know. My companion and I had also agreed that we would refuse to answer any questions about people we visited or traveled with. We found it very calming to have worked out our personal boundaries before crossing the national boundary. We knew what to do. Happily, we didn’t have to do anything.

Censorship, or, Unexpected Annoyances

My border-crossing protocol was to use Google Backups, factory-reset all my Android devices (I carried nothing else) before crossing borders, and then to restore them after entry. This worked fine in the UK and Russia, where I easily found fast and functional Internet connections to download my backups and reinstall my applications, though it was more time-consuming than when testing under more ideal conditions.

China was another matter. The Great Firewall effectively blocks the entire Google mega-system. Sometimes it doesn’t block things outright — it just throttles selected targets so severely that connections time out and fail. I could not access my backups, and I had no access to Google Play, so there was no easy way to restore my non-default apps. Since I carried a T-Mobile SIM card, I had (in theory) uncensored access to the Internet — the Chinese government avoids the bad PR of blocking visitors’ mobile connectivity. Yet with T-Mobile’s degraded (but free!) 2G roaming, it was effectively impossible to download apps over the cell network.

Even in China, there are workarounds, though first there was triage. Signal was the one thing needful, if only to keep in touch with my travel companions. Fortunately, Signal is open-source software, and it has a GitHub.com page, and, apparently, the Great Firewall tolerates GitHub. I was able to download a Signal APK and install it manually. The same approach worked for a few other apps, not always from the most reputable sources.

I learned from this experience that the Great Firewall can be breached by the technically adept, especially by privileged foreigners who suffer no reprisals for visiting inappropriate websites. All in all, China’s censorship regime is a highly effective means of domestic social control. Battling it was not a fun way to spend my vacation.

Buying Connectivity

I had expected T-Mobile’s roaming to meet all my data needs, but with the slow the connection in China, the spotty coverage in Russia, and the expense of data in Mongolia (do not even THINK about using data there), buying local SIM cards was a good idea. In China, the process was alarming. I had to be photographed, and my passport was tied to the SIM, and I had to complete a lengthy form. There was considerable confusion among the staff, but that may be the result of choosing an out-of-the-way cell-phone dealer. It took an hour and cost $20 for a couple of gigabytes of data. It was worth it, though, for the much faster load times, which made reading the news a lot more pleasant. I had to overcome my distaste for Bing, because apparently Microsoft has cut a deal with China’s censors and is freely available. It’s the only choice for most Westerners since China’s Baidu search engine is an entirely Chinese affair.

Though I didn’t use it on my brief visit, WeChat is the one indispensable app in China. Though it started as a social platform, everybody uses it now for wireless payments. This requires a bank card and some ingenuity, I am told.

During a lengthy airport delay in Russia, I bought another SIM card, this time 3 gigabytes for $6, no mugshot, just passport number, all in 5 minutes.

Camera Troubles

My biggest data headache involved my biggest chunk of data — 1000 digital photographs. I did not find a good solution for protecting and exfiltrating this much data. I suppose you could manually encrypt your photos and carry them out, but that doesn’t protect them from confiscation. Uploading is extremely time-consuming and subject to bandwidth availability. I also had the absurd problem of just off-loading the data from the camera using the crap software provided by the manufacturer (Pentax). Next time I will have adapters to allow direct offloading of the memory card to an Android device…where I can remain uncertain what to actually do with the files.

A Lesson About Apps

Restoring the devices after a border crossing took more time than expected, and in China, it was near impossible. Next time, I will keep a stash of useful Android APK installer files I can load without an Internet connection.

It’s not totally easy to find these files, but it’s a lot easier doing it beforehand in the West than from behind the Great Firewall. Nowadays, Google Play deletes an APK package after installation, so you can’t just grab your installed packages like you once could. If you download an APK manually from a website, it should end up in a Download directory in your device storage.

Let’s find some of the applications on my list:

On https://signal.org/android/apk/, Signal rather sensibly displays the following:

Do it anyway — you have special needs, and doing this makes you advanced.

  • K9 Mail

Loads of FLOSS Android apps are hosted on GitHub. You can expect to find APKs there. K-9 mail, at https://github.com/k9mail/k-9/releases, has various APKs for past, current, and future (pre-) releases.

KeePassDroid, the preferred Android implementation of the cross-platform desktop key-manager KeePass, keeps its reference APKs at https://code.google.com/archive/p/keepassdroid/downloads and I guess we have little choice but to trust Google, right?

Orbot is the Android version of Tor developed by the Guardian Project. With Tor, you can browse the Web anonymously. Within limits. Relatively slowly. And though I didn’t try this in China, you can even use Tor to pierce the Great Firewall, which is probably illegal there. You can download the latest Orbot APK directly from https://guardianproject.info/releases/orbot-latest.apk.

Avoid the numerous, random download sites with cute names like “APKsupermarket.com” [not a real site but I’m sure it will be now]. These may inject adware or spyware or outright haXX0я malware into the package and make you very sorry afterwards as you sit in a cell being enhancedly interrogated.

TA3M Seattle for March 2018: Securing the 2020 Election Process

March 19 @ 6:30 pm – 9:00 pm

SURF Incubator
999 3rd Ave Suite 700
Seattle, 98104 United States

6:30 – 7 Casual chat, Cryptoparty / PGP key exchange / Signal
Verification, Intro slide(s)

We’ll have pizza! **

============

Speaker: Dave Dittrich

The United States Intelligence Community has published their assessment that Russia interfered in the 2016 federal election cycle including compromise of campaign communications in key Senate, House of Representatives, and Presidential races. These compromised communications resulted in public leaks that were amplified on social media using the same kinds of botnets that we have seen used for years for distributed denial of service (DDoS), spamming, and “dropper” attacks distributing malware of all types.

While the Department of Justice has now indicted thirteen Russians for conspiring to manipulate voters’ perceptions, the response by those in the U.S. to date to harden aspects of the 2018 election has focused primarily on two key areas: “fake news” and botnet amplification, and replacement of electronic vote recording and tabulation systems with more secure systems or going back to paper ballots (as was done in the March 2018 Dutch parliamentary election.)

This talk looks at two aspects of the election process that are not
getting as much attention or mitigation activity, and how a software platform familiar to the operational security community (who use it on a daily basis for fighting cyber-crime) can serve as the foundation for addressing this gap.

https://medium.com/@dave.dittrich/securing-the-2020-election-process-part-1-96bab810cb8e
https://medium.com/@dave.dittrich/securing-the-2020-election-process-part-2-962ed2aff69e

A call for action!
* Help identify sources of funding, or organizations who would be interested in supporting deployment of a system as described in the articles above, and in the talk.

* Help identify or create a non-profit organization in your voting district to get involved in implementing, managing, and supporting an instance of the system described above. This includes programmers, site reliability engineers, people who understand operational security (OPSEC) techniques (e.g., the Surveillance Self Defense guides published by the Electronic Frontier Foundation) and can help others learn how to improve their security posture while getting their jobs done.
* Get involved in assembling, writing, editing, and organizing the kind of documentation described by the Verified Voting Foundation and NIST to prepare for contingencies.

* Call your legislators at both the state and federal levels and urge them to extend (not reduce) periods of early voting and simplify voter registration so that there is more time during an active election to identify problems with voter roles, or deal with disruptions to voter sign-in operations, ensuring that every U.S. citizen can cast their vote and trust their vote is counted.

Speaker Bio:

Dave has been deeply involved in cyber-crime investigation and response since the mid-1990s. His motto is “Dealing with the Advanced Persistent Threat before it was even a thing.” His last project at the UW was a Department of Homeland Security contract to assemble open source software components that can be used by State, Local, Territorial and Tribal government groups to build small-scale distributed systems for monitoring security events. The products of this project were released as open source Ansible playbooks, software repositories, and extensive documentation. Dave is currently working on a Comcast grant project that uses this platform as a working example of how to deal with secrets (passwords, API tokens, private keys) in open source software development projects.

Homepage: https://staff.washington.edu/dittrich
Honeynet Blog: https://www.honeynet.org/blog/64
Medium: https://medium.com/@dave.dittrich/

=============

Pizza sponsored by Cloudflare.

https://blog.cloudflare.com/cloudflare-wants-to-buy-your-meetup-group-pizza/

Be prepared that there will be an opt-out group photo, taken from the back of the room to fulfill the sponsorship requirements.

More on Threat Modeling Privacy

Recently, we shared a privacy threat model which was centered on the people of Seattle, rather than on the technologies they use.

Because of that, we had different scoping decisions than I’ve made previously. I’m working through what those scoping decisions mean.

First, we cataloged how data is being gathered. We didn’t get to “what can go wrong?” We didn’t ask about secondary uses or transfers — yet. I think that was a right call for the first project, because the secondary data flows are a can of worms, and drawing them would, frankly, look like a can of worms. We know that most of the data gathered by most of these systems is weakly protected from government agencies. Understanding what secondary data flows can happen will be quite challenging. Many organizations don’t disclose them beyond saying “we share your data to deliver and improve the service,” those that do go farther disclose little about the specifics of what data is transferred to who. So I’d like advice: how would you tackle secondary data flows?

Second, we didn’t systematically look at the question of what could go wrong. Each of those examinations could be roughly the size and effort of a product threat model. Each requires an understanding of a person’s risk profile: victims of intimate partner violence are at risk differently than immigrants. We suspect there’s models there, and working on them is a collaborative task. I’d like advice here. Are there good models of different groups and their concerns on which we could draw?

(Cross-posted to my personal blog.)

TA3M February 2018: Privacy Threat Modeling for The Seattleite

February 19 @ 6:30 pm – 9:00 pm

SURF Incubator
999 3rd Ave Suite 700
Seattle, 98104 United States

6:30 – 7 Casual chat, Cryptoparty / PGP key exchange / Signal
Verification, Intro slide(s)

We’ll have pizza! **

============

Privacy Threat Modeling for The Seattleite

Speaker: Adam Shostack

Seattle Privacy Coalition, led by Adam Shostack and #6 worked through 2017 developing a privacy threat model for an average person in Seattle. If you are an activist, journalist, lawyer, politician etc – these baseline threats still apply. Where and how is privacy violated during the every day activities of someone who lives and/or works in or near Seattle? What can be done to mitigate or protect one’s privacy?

  • Model and categorize the ways data are collected (for example, government vs non-government, is there an opt-out, what does it cost?).
  • Create an inventory of things people do and ways data is gathered to form a set of building blocks, from which to do further analysis.
  • Get to a method, process, or tool that can be applied by different target groups with different threat models effectively and help us think about more holistic defenses.
  • Ultimately, to inform, influence, and identify areas for intervention.

Project homepage: https://seattleprivacy.org/threat-modeling/

Initial post: https://seattleprivacy.org/introducing-threat-modeling-for-seattlites/

Latest update: https://seattleprivacy.org/threat-modeling-the-privacy-of-seattle-residents/

Exciting recent news – Seattle Privacy Coalition was formed around the incident of Seattle Police Department acquiring a drone, and the creation of a DOD subsidized surveillance mesh network. The drone was promptly removed (to LA – sorry LA), but the mesh network remained.. ostensibly unused, until now, finally:

https://www.seattletimes.com/seattle-news/surveillance-system-or-public-safety-tool-seattle-dismantles-controversial-wireless-mesh-network/

Speaker Bio:

Adam is a consultant, entrepreneur, technologist, author and game designer. He’s a member of the BlackHat Review Board, and helped found the CVE and many other things. He’s currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security

=============

Pizza sponsored by Cloudflare.

https://blog.cloudflare.com/cloudflare-wants-to-buy-your-meetup-group-pizza/

Be prepared that there will be an opt-out group photo, taken from the back of the room to fulfill the sponsorship requirements.