If they get your password can't they just turn of travle mode for you? Or wait until you do the same? I don't know that there is a technical answer here accept wiping your phone/laptop before you go through customes.
The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.
Wiping your stuff does no good at all. As pointed out in the article, they know who is on the flight hours before you land. They'll know you have a Facebook profile. The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them. Ignorance isn't an escape clause.
Which is, I think, the same problem Maciel's solution faces. Border patrol can possibly just see that you've enabled "trip mode" (by the anemic presence) and put you back on a plane. You're welcome to try again after your trip mode expires, but if they want to see your account, there is, as sure as mathematical logic, no possible "out". Anything you do to deny them that access can be grounds to refuse you entry (if you're a non-citizen).
You're right that the only real solution is a political one. Unfortunately, there are no political solutions to any problem anymore. Not in the US at least. The days when government was even interested in solving problems are gone and I doubt they're ever coming back.
If you're an at-risk traveler, you'd enable travel-lock pretty much as soon as you decide on your itinerary, potentially before you ever get on an airline manifest.
The thing I think I see a lot of people missing here is that travel-lock doesn't wipe or disable your accounts; it just restricts history and breadth. For a lot of people, I think these services will get easier and more pleasant to use while travel-locked, so it's relatively painless to give yourself a generous margin before departing and after arriving.
Sure. But a setting that said "always on mobile" and another one where they schedule it for me based on my airline emails makes uptake faster.
And I want that when I'm traveling anywhere.
[later] we want to normalize the idea that access permission to our data is context aware based on what we are doing. To me this is true independent of border crossings. For instance there are things I want in the cloud for backup purposes that I don't want be able to access from anywhere but home normally.
Into their gmail accounts? That seems a little unlikely short of 'looking for any excuse to deny you entry' and there's no technical defense against that.
> The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them.
No, that's not how it works. Border agents are entitled to "search" your laptop. They can't force you to retrieve arbitrary data from a remote server.
All this with the caveat that they can, of course, refuse non-citizens for basically any reason.
> The difference between having a laptop already logged into Facebook and a wiped laptop with no data is quite literally the time it takes them to tell you to type in the password for them.
I have no idea what most of my passwords are. They're complex strings of ASCII stored in an encrypted file on my personal machine and a few backups. If I travel internationally, I can just leave my personal machine at home.
I don't think that gets you entry into the country though. There's not much difference between can't and won't. I suppose, that if you were a citizen, you could take that up with a judge, but if you're not, you don't even get the opportunity.
> To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it’s set. There’s no sense in having a ‘trip mode’ if the person demanding your password can simply switch it off, or coerce you into switching it off.
The point is to make it impossible even for the owner to disable the lock, so there isn't even a conversation to be had about whether you're a phone call away from getting a family member, friend, or neighbor to read off the passcode to open access to the account.
What about a location or IP-lock? That way the only way to unlock it is to literally bring it to a location inside the US, where Constitutional protections do apply.
Then if border agents really want to get in to a particular individual's device, they'll just detain them (or seize their device) until trip mode automatically turns off.
They would be required to detain people for an indeterminate amount of time, potentially weeks. The idea is that it's impractical (and also illegal) for them to do that. If enough people travel-locked their accounts, invasive social media monitoring would be off the table.
Indeterminate? Being a non-citizen with a one way ticket is already pretty good cause for being subject to high scrutiny - this would likely tip the balance in favor of refusal.
Most people have return tickets. So (and don't think for a second I'm in favor of this) they'd know exactly how long your detention would need to be.
Would they? If someone is traveling for a week and presets their social media account to be in travel mode for 1 week, wouldn't they then just need to be detained for a week until the lock expired?
My gut feeling is that non-US citizens are more likely to be affected by this CBP policy than US citizens. Don't get me wrong here, happy if some solutions works for some subset of people, but as a non-US citizen I want something that works for me.
Hey, you have any easy solution: never ever visit the US. The overwhelming majority of non-citizens passing through the border are on some kind of temporary visit, so it's relatively easy to choose to stay the hell away.
That's a very defeatist position (not to mention that this policy is emulated, or will be soon emulated by many other countries). Isolationisms won't help neither the political situation in the world at large, nor the situation in the US right now. The US is a great place to visit, a great place to do business in, and a great place to live in. Not to mention that many, many people that are affected by this policy are non-citizens that are in the process of becoming a citizen (either formally, or not started yet). Or many are employees of some US company living in some other country.
My parents and my partner are in the US. They have lived there for 27 years, but I am not a US citizen. Are you telling me that I should just give up on my family?
A significant part of why things are bad for non-resident aliens is that protecting your social media accounts is abnormal, so doing it flags you as an anomaly.
But that's not because people don't want to protect their social media accounts. You could probably make decent money with a "travel lock" product that groomed your accounts this way, in fact. The reason nobody does it is that the big cloud services don't offer this as a built-in feature.
So this is a case, it seems to me, where helping citizens will have a knock-on effect of also helping non-resident aliens.
No, but they can "tip off" law enforcement who will tap you on the shoulder as soon as you leave the customs area and start the clock again, with different rules.
> The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.
Considering the tiny percentage of Americans that travel overseas or even hold passports, I'm not sure a political solution is realistic. I think we might be outnumbered by the people who don't care about such privacy issues because it will never affect them.
The real solution is a political one where we speak up and legeislate and litigate that the 4th amendment applies a the border.