Hacker News new | ask | show | jobs
by alexpw 3315 days ago
If you are refusing to enter the password, access to the device, or to disable travel mode, then good luck to you. IANAL, but the border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.

In addition to removing the data from the device, cheers, don't you also need to be able to honestly say you can not provide access to it?

Ways to honestly answer, "not possible", and mean it:

- schedule a time period where no password is accepted. - enable whitelist/blacklist zones via geolocation. - set a new password that you give to a trusted friend/coworker/spouse that you must contact to retrieve.

Some combination of the above for ease-of-use, and ploys like emailing yourself the new password after a period of time for redundancy/safety.
6 comments
URSpider94 3315 days ago
If you read the article, there is no "tell" that 1Password is in Travel Mode. The only impact is that most of your passwords are missing from the password vault, but the agent would have no way of knowing what's missing. It's not like it pops up a big "Travel Mode" banner.
link
cm2187 3315 days ago
Customs read these articles just like us. What if they ask you if travel mode is turned on? Will you lie?
link
ENGNR 3315 days ago
I was thinking this (and no I wouldn't lie to customs), but the second half of the article details how to let a remote administrator enforce these policies, ie blame your employer for wanting to secure their data from unauthorised access.

Of course the real answer is to avoid the business hostile USA (or at least the border)

link
michel-slm 3315 days ago
The definition of "border" is surprisingly vast too -- if you're within 100 miles of any "external boundary". Two thirds (!) of Americans live within this "border" area.

https://www.aclu.org/other/constitution-100-mile-border-zone

link
URSpider94 3314 days ago
This is a bit of an exaggeration, which has frequently been de-bunked. In brief, if you didn't recently cross a border, then immigration officials have no special powers within this zone.

There is, however, a "functional equivalent" of the border in every international airport that grants ICE these powers over arriving citizens (which makes sense).

https://constitutioncenter.org/blog/does-a-constitution-free...

link
Cthulhu_ 3315 days ago
Does it matter? Just say "yes", and your employer / the account manager should be the only one that should be able to disable it.
link
baby 3315 days ago
Yes, how can they prove anything?
link
yellow_postit 3315 days ago
At a guess, subpoena 1password for account and timestamp info on use of travel mode to catch someone in lying to a federal agent.
link
xg15 3315 days ago
That's the part I didn't get thought. If there is no way to tell then how exactly do you turn it off? (At some point, you want to turn it off after all)

If there is any kind of setting that lets you control travel mode, border control could just make it standard procedure to change that setting.

link
passivepinetree 3315 days ago
In the article, the author mentions that you enable/disable travel mode online. Sadly, it doesn't look like this applies to those of us who have 1Password without a monthly subscription.
link
SamBam 3315 days ago
So, if they're already in the business of demanding your passwords (otherwise this whole thing is irrelevant), why don't they just ask you to log into your 1Password account and see if you're in travel mode there?
link
macintux 3315 days ago
They could, which is why I'd recommend not having your 1Password password with you. Disable travel mode once you return home.
link
deong 3315 days ago
It doesn't really matter. If you're an American citizen, you can just refuse and they have to let you enter. They might confiscate your device, but they can't turn you away from the border.

And if you're not a US citizen, "I'm not physically able to unlock the account right now" doesn't buy you anything. There's no obligation that says if you do all you can physically do to accommodate their wishes, that you get to enter. If they want access, you either grant access or you get back on a plane. The only thing not having your 1Password credentials with you does is remove the choice of which you want to do.

link
JonoBB 3315 days ago
You can only change that setting by logging into their website. The setting is not available in the app itself.
link
e12e 3315 days ago
Well, they might have sigint indicating that you have Gmail account, a Facebook account and a WhatsApp account, for example.
link
smallnamespace 3315 days ago
For this to really work, you need to also prove to a border agent that you can't access it.

In that sense, Travel Mode sort of defeats the purpose -- all the border agent needs to know is that Travel Mode exists, and then ask you to turn it off.

link
URSpider94 3315 days ago
There is no sign in the app that you are in Travel Mode. I suppose if you are well and truly targeted and they have a really knowledgeable specialist on-hand, they could know that Travel Mode exists and ask you to disable it. But, I think that's going beyond the boundaries of a border search, which is limited to searching things that you are actually carrying across the border.
link
struppi 3315 days ago
"Are you using travel mode?"

"No"

You just lied to someone at border control. Which is an offense.

link
davidp 3315 days ago
Yep. Civil disobedience, unsurprisingly, includes breaking the law.
link
struppi 3315 days ago
Yes. If you are a US citizen. If you are not, this can mean waiting for the next pane back in handcuffs and being banned from entering the US for life.
link
Tepix 3315 days ago
Why go there in the first place? Doesn't sound very appealing.
link
dmingoddd 3315 days ago
Civil disobedience does not need you to be a citizen of America..
link
macintux 3315 days ago
"Are you using travel mode?"

"Yes"

"Disable it"

"I can't. I left my password at home, and the account is tied to an email address I do not have access to."

I suppose they tell you to go home at that point. Such a sad state of affairs.

link
jolux 3315 days ago
Yeah, but you have to login to a cloud service to turn it off, which they can't necessarily force you to do supposedly.
link
rando832 3315 days ago
> the border agent doesn't care if the data is technically in the cloud

In reality, they do. They are not asking you for every password you know and access to all the remote systems you have access to, and any that you can get access to if you ask someone, etc, etc.

link
jolux 3315 days ago
>don't you also need to be able to honestly say you can not provide access to it?

It's been said further down, but they can't possibly have carte blanche to compel that you reveal all data you have access to anywhere, which is what this would require.

link
Merovius 3315 days ago
Of course they have that carte blanche, at least if you are not a citizen (and since you are travelling internationally, I'd assume that you're not a citizen on at least one of the legs). Normally, they can ask whatever the eff they like to decide whether to grant you entry or not.

The logical conclusion here, is to decide, what is more important: Gaining entry, or keeping your data. In the first case you're just fucked. If you get searched, you have to give up your stuff (even if you can claim you can't; they can then just not let you in). In the second, just encrypt your shit, rescind your request for entry when it looks like they might be interested in you and don't give up your password.

HN makes this much too complicated, again. And forgets that this is a legal and social problem, not a technical one.

link
Bartweiss 3314 days ago
> Normally, they can ask whatever the eff they like to decide whether to grant you entry or not.

Yep. There's this tendency to say "I beat their rules, so they have to let me go!" The CBP aren't fairies, they aren't bound to stay within some narrow precommitment. At least if you're not a US citizen, these things are almost totally discretionary. Not only can they bar you for not unlocking Facebook, they can bar your for genuinely not having Facebook if they decide you're lying. When even simple truth isn't a defense, clever tech tricks don't count for anything.

In my cynical moments, this outlook strikes me as a disease caused by excess programming - living in a world of contracts and invariants blinds people to how much of the world runs on "screw you, you know what I mean."

link
dragonwriter 3314 days ago
> The TSA aren't fairies, they aren't bound to stay within some narrow precommitment. At least if you're not a US citizen, these things are almost totally discretionary.

I think you are confusing TSA with CBP here.

link
Bartweiss 3314 days ago
Thanks, fixed that.
link
mindmachinery 3315 days ago
>enable whitelist/blacklist zones via geolocation

This is exactly the approach I took with my password vault application (android only, far less well-known than 1password). I added a location-lock feature that allows the user to store a number of "safe locations" outside of which the vault simply will not decrypt, even if the correct password is entered.

The app also makes it very clear that location lock is enabled and that the user is outside of all "safe zones" and therefore will not unlock. The only way a border agent is getting access is to figure out the GPS coordinate encryption method and adding a new set into the sqlite db or physically driving to one of the safe locations and unlocking it there.

link
yAnonymous 3315 days ago
>border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.

Do they provide wifi for that? I doubt it.

link