0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/879 Thanks! 1 00:00:14,510 --> 00:00:15,510 OK, 2 00:00:16,670 --> 00:00:18,349 let's get down to business. 3 00:00:18,350 --> 00:00:20,749 This is Kurt Opsahl, 4 00:00:20,750 --> 00:00:22,579 the general counsel of the office 5 00:00:24,200 --> 00:00:26,359 on here, the 6 00:00:26,360 --> 00:00:27,360 left. 7 00:00:29,480 --> 00:00:30,480 Thank you. 8 00:00:34,770 --> 00:00:37,469 There is William Bonnington 9 00:00:37,470 --> 00:00:38,490 Technologist's 10 00:00:39,540 --> 00:00:40,540 waving his hand. 11 00:00:46,250 --> 00:00:48,589 And the topic is, 12 00:00:48,590 --> 00:00:50,179 you all know, but let's say it again, 13 00:00:50,180 --> 00:00:52,609 just for principle sake, protecting 14 00:00:52,610 --> 00:00:55,879 your privacy at the border. 15 00:00:55,880 --> 00:00:57,889 So let's have a hand for the affairs and 16 00:00:57,890 --> 00:00:59,869 Kurt Opsahl and William Bonnington. 17 00:01:05,650 --> 00:01:07,719 Thank you. Thank you very 18 00:01:07,720 --> 00:01:09,159 much. Thank you all for coming out here 19 00:01:09,160 --> 00:01:10,479 this evening. 20 00:01:10,480 --> 00:01:12,459 We are here to talk about protecting your 21 00:01:12,460 --> 00:01:13,780 privacy at the border. 22 00:01:14,920 --> 00:01:15,909 As you mentioned, there were with the 23 00:01:15,910 --> 00:01:17,769 Electronic Frontier Foundation, an 24 00:01:17,770 --> 00:01:19,989 organization dedicated 25 00:01:19,990 --> 00:01:22,059 to defending your rights online. 26 00:01:22,060 --> 00:01:23,619 And one of the rights we're concerned 27 00:01:23,620 --> 00:01:24,729 about is privacy. 28 00:01:24,730 --> 00:01:28,029 And one of the places where your privacy 29 00:01:28,030 --> 00:01:30,579 can be very impacted is when you travel 30 00:01:30,580 --> 00:01:33,189 across a border, especially 31 00:01:33,190 --> 00:01:35,649 with your digital devices. 32 00:01:35,650 --> 00:01:37,629 So I think many people will probably 33 00:01:37,630 --> 00:01:39,159 understand this already. 34 00:01:39,160 --> 00:01:41,879 But I want to start out with 35 00:01:41,880 --> 00:01:42,879 of why is it important? 36 00:01:42,880 --> 00:01:45,429 Why do we care about security, 37 00:01:45,430 --> 00:01:47,979 privacy in your digital devices? 38 00:01:47,980 --> 00:01:50,949 Well, there are a window into your soul. 39 00:01:50,950 --> 00:01:52,989 What you can see in a digital device is 40 00:01:52,990 --> 00:01:54,429 every aspect of your life. 41 00:01:54,430 --> 00:01:56,589 The correspondence, you and the websites 42 00:01:56,590 --> 00:01:59,049 you've been searching, the financial 43 00:01:59,050 --> 00:02:01,479 records, your medical records. 44 00:02:01,480 --> 00:02:03,579 These are the sorts of things that if 45 00:02:03,580 --> 00:02:05,319 you give over control of your device, 46 00:02:05,320 --> 00:02:07,659 someone can look into and 47 00:02:07,660 --> 00:02:09,129 they often will have credentials or 48 00:02:09,130 --> 00:02:10,839 someone could look into other aspects of 49 00:02:10,840 --> 00:02:12,969 your life that are in the cloud 50 00:02:12,970 --> 00:02:14,169 and other servers. 51 00:02:14,170 --> 00:02:15,669 So it has a lot of very sensitive 52 00:02:15,670 --> 00:02:17,169 information. 53 00:02:17,170 --> 00:02:18,849 And in addition to the the information 54 00:02:18,850 --> 00:02:21,159 that you may feel is 55 00:02:21,160 --> 00:02:22,869 very private and sensitive for yourself, 56 00:02:22,870 --> 00:02:24,879 there's also some information which for a 57 00:02:24,880 --> 00:02:27,069 very long time in democratic societies 58 00:02:27,070 --> 00:02:28,599 has been recognized as not just 59 00:02:28,600 --> 00:02:30,549 sensitive, not just private information, 60 00:02:30,550 --> 00:02:32,859 but things that are outside of the scope 61 00:02:32,860 --> 00:02:35,289 of what would be properly obtained 62 00:02:35,290 --> 00:02:36,789 by the government, things like 63 00:02:36,790 --> 00:02:38,769 communications with your attorney, 64 00:02:38,770 --> 00:02:40,749 communications between you and your 65 00:02:40,750 --> 00:02:43,359 doctor, if you were a reporter 66 00:02:43,360 --> 00:02:45,519 or a source, communications between those 67 00:02:45,520 --> 00:02:46,539 two. 68 00:02:46,540 --> 00:02:48,699 And these are fundamental principles 69 00:02:48,700 --> 00:02:50,439 that still have a lot of value at the 70 00:02:50,440 --> 00:02:52,299 border that we don't want to sacrifice 71 00:02:52,300 --> 00:02:55,029 these human rights and these values 72 00:02:55,030 --> 00:02:56,769 just because you're exercising your right 73 00:02:56,770 --> 00:02:58,360 to travel and going across the border. 74 00:02:59,470 --> 00:03:01,569 So for purposes of discussion, what is a 75 00:03:01,570 --> 00:03:02,769 border? 76 00:03:02,770 --> 00:03:04,539 So there are many ways of thinking about 77 00:03:04,540 --> 00:03:05,829 a border. And we're not just talking 78 00:03:05,830 --> 00:03:07,149 about sort of political borders. 79 00:03:07,150 --> 00:03:09,039 Like when you go from here over to the 80 00:03:09,040 --> 00:03:10,809 Netherlands, you probably are not going 81 00:03:10,810 --> 00:03:13,149 to pass through a customs search point 82 00:03:13,150 --> 00:03:14,979 and you're not going to be implicated 83 00:03:14,980 --> 00:03:16,119 with some of the issues that we're 84 00:03:16,120 --> 00:03:17,120 raising here today. 85 00:03:18,280 --> 00:03:19,839 So it's not just the political borders, 86 00:03:19,840 --> 00:03:22,389 but it's the points of entry into 87 00:03:22,390 --> 00:03:25,269 into a zone like the Schengen zone. 88 00:03:25,270 --> 00:03:26,769 And oftentimes these things are actually 89 00:03:26,770 --> 00:03:28,269 not exactly on the border. 90 00:03:28,270 --> 00:03:30,339 For example, an airport can 91 00:03:30,340 --> 00:03:31,719 be, you know, hundreds of miles from the 92 00:03:31,720 --> 00:03:33,699 physical border, but is treated as a 93 00:03:33,700 --> 00:03:35,679 border because that's a port of entry. 94 00:03:35,680 --> 00:03:37,929 And also, in some cases, the 95 00:03:37,930 --> 00:03:39,489 border is actually at the departure 96 00:03:39,490 --> 00:03:41,559 airport so the border can be 97 00:03:41,560 --> 00:03:43,809 set up. So you go through that before 98 00:03:43,810 --> 00:03:45,849 transferring on to the plane and into the 99 00:03:45,850 --> 00:03:47,019 destination countries. 100 00:03:47,020 --> 00:03:48,279 So this is what we're talking about in 101 00:03:48,280 --> 00:03:49,299 terms of borders. 102 00:03:49,300 --> 00:03:51,339 And at these points, the government 103 00:03:51,340 --> 00:03:54,009 asserts more power and authority 104 00:03:54,010 --> 00:03:55,599 to conduct searches than they do 105 00:03:55,600 --> 00:03:57,249 throughout the rest of the country. 106 00:03:57,250 --> 00:03:59,319 However, these these 107 00:03:59,320 --> 00:04:01,539 these governmental authorities are 108 00:04:01,540 --> 00:04:03,579 not beyond the power of human rights, law 109 00:04:03,580 --> 00:04:04,959 and policy. 110 00:04:04,960 --> 00:04:07,269 Some of these rights I I've quoted here 111 00:04:07,270 --> 00:04:08,979 coming from the U.N. Declaration of Human 112 00:04:08,980 --> 00:04:11,589 Rights and from the European 113 00:04:11,590 --> 00:04:14,019 Convention on Human Rights, that 114 00:04:14,020 --> 00:04:15,309 respecting your 115 00:04:16,480 --> 00:04:18,189 privacy, your autonomy, your 116 00:04:18,190 --> 00:04:20,049 correspondents, these are things that are 117 00:04:20,050 --> 00:04:22,599 widely recognized as as fundamental 118 00:04:22,600 --> 00:04:23,949 rights. 119 00:04:23,950 --> 00:04:26,079 So here in the European Union, 120 00:04:26,080 --> 00:04:28,779 they have sort of a two standard system 121 00:04:28,780 --> 00:04:31,089 for EU citizens and others 122 00:04:31,090 --> 00:04:33,249 who have a right of travel within the 123 00:04:33,250 --> 00:04:34,869 European Union. 124 00:04:34,870 --> 00:04:37,089 You go through a minimum check and 125 00:04:37,090 --> 00:04:39,159 then if you're coming from a non-EU 126 00:04:39,160 --> 00:04:41,589 country, you're subject to a thorough 127 00:04:41,590 --> 00:04:42,789 check. 128 00:04:42,790 --> 00:04:44,889 And this is usually done in up to up 129 00:04:44,890 --> 00:04:46,779 to four stages. 130 00:04:46,780 --> 00:04:48,239 There will be pre border checks. 131 00:04:48,240 --> 00:04:50,889 So if you are traveling on an airline, 132 00:04:50,890 --> 00:04:52,719 the airline will pass through some some 133 00:04:52,720 --> 00:04:54,909 information about the passengers. 134 00:04:54,910 --> 00:04:56,979 In some cases, that information may 135 00:04:56,980 --> 00:04:59,139 also lead to a gate 136 00:04:59,140 --> 00:05:01,479 check or a 137 00:05:01,480 --> 00:05:03,759 check on the airline itself. 138 00:05:03,760 --> 00:05:04,689 And then when you get to your 139 00:05:04,690 --> 00:05:06,999 destination, they'll be a first line 140 00:05:07,000 --> 00:05:08,199 check. And you probably have all gone 141 00:05:08,200 --> 00:05:09,639 through this where you show your 142 00:05:09,640 --> 00:05:11,499 password, have usually a short 143 00:05:11,500 --> 00:05:14,379 conversation with the border agent. 144 00:05:14,380 --> 00:05:16,599 And then if all goes well, you 145 00:05:16,600 --> 00:05:17,709 go on your way. 146 00:05:18,880 --> 00:05:20,979 But sometimes it goes 147 00:05:20,980 --> 00:05:23,049 to a second line, check a more thorough 148 00:05:23,050 --> 00:05:24,969 check where they're going to do a little 149 00:05:24,970 --> 00:05:27,199 bit further investigation 150 00:05:27,200 --> 00:05:28,929 some of the triggers that lead to this 151 00:05:28,930 --> 00:05:31,029 second line. Check if there 152 00:05:31,030 --> 00:05:32,799 are some issues in that that short 153 00:05:32,800 --> 00:05:34,899 conversation that you've had, if they 154 00:05:34,900 --> 00:05:36,459 don't like the way the things were 155 00:05:36,460 --> 00:05:37,809 answered and the communication 156 00:05:37,810 --> 00:05:39,849 difficulties, if there are any 157 00:05:39,850 --> 00:05:41,939 irregularities in your documentation, if 158 00:05:41,940 --> 00:05:43,869 you know, if your visa doesn't have the 159 00:05:43,870 --> 00:05:45,009 right date or that maybe there's a 160 00:05:45,010 --> 00:05:46,299 different spelling of the name on the 161 00:05:46,300 --> 00:05:48,249 visa as the passport. 162 00:05:48,250 --> 00:05:50,379 And perhaps most importantly, they will 163 00:05:50,380 --> 00:05:51,459 do a database check. 164 00:05:51,460 --> 00:05:53,349 They'll put your information into the 165 00:05:53,350 --> 00:05:55,239 database and see if it comes back with 166 00:05:55,240 --> 00:05:57,849 any signals or if there's any mismatch 167 00:05:57,850 --> 00:05:59,889 with the computer's information, with the 168 00:05:59,890 --> 00:06:01,269 documentation you have with you. 169 00:06:01,270 --> 00:06:03,799 And these may lead to a. 170 00:06:03,800 --> 00:06:04,800 In line check. 171 00:06:05,690 --> 00:06:07,549 And in that second line check is where 172 00:06:07,550 --> 00:06:09,529 you might undergo the more thorough 173 00:06:09,530 --> 00:06:11,539 search. So you have the chart up here 174 00:06:11,540 --> 00:06:13,699 showing the percentage of 175 00:06:13,700 --> 00:06:15,859 people who, once they got to the second 176 00:06:15,860 --> 00:06:18,049 line, had a more thorough search. 177 00:06:18,050 --> 00:06:19,759 Now, this is not just device searches. 178 00:06:19,760 --> 00:06:21,109 This is any kind of the more thorough 179 00:06:21,110 --> 00:06:22,609 search. As you can see, there's actually 180 00:06:22,610 --> 00:06:23,989 quite a bit of a difference in Charles de 181 00:06:23,990 --> 00:06:26,629 Gaulle. This was in 2012, 182 00:06:26,630 --> 00:06:28,429 48 percent of those who went to the 183 00:06:28,430 --> 00:06:30,889 second line got the additional searching 184 00:06:30,890 --> 00:06:33,019 while at Frankfurt, the low 185 00:06:33,020 --> 00:06:35,269 number, only seven percent, 186 00:06:35,270 --> 00:06:38,299 got the more thorough searching. 187 00:06:38,300 --> 00:06:39,709 And also, just to give a sense of how 188 00:06:39,710 --> 00:06:41,029 that might go. 189 00:06:41,030 --> 00:06:43,789 We have a chart showing also from 2012 190 00:06:43,790 --> 00:06:45,469 how long it might be. 191 00:06:45,470 --> 00:06:47,539 So less than five minutes, up 192 00:06:47,540 --> 00:06:49,459 to one to two hours. 193 00:06:49,460 --> 00:06:50,989 And you can see the various percentage, 194 00:06:50,990 --> 00:06:53,479 therefore, for the airports, 195 00:06:53,480 --> 00:06:55,069 a lot of it being centered in the five to 196 00:06:55,070 --> 00:06:56,329 15 minute range. 197 00:06:56,330 --> 00:06:57,919 But if they find something interesting 198 00:06:57,920 --> 00:06:59,179 and if they want to go through a device 199 00:06:59,180 --> 00:07:00,889 search, you're probably looking for more 200 00:07:00,890 --> 00:07:02,399 than one to two hour range. 201 00:07:04,310 --> 00:07:06,739 Now, once you're at a particular airport, 202 00:07:06,740 --> 00:07:08,629 it is national law that is going to 203 00:07:08,630 --> 00:07:10,909 define the rules for 204 00:07:10,910 --> 00:07:13,189 what kind of search is permitted, whether 205 00:07:13,190 --> 00:07:16,249 they're allowed to demand your password. 206 00:07:16,250 --> 00:07:17,779 But there are some fundamental 207 00:07:17,780 --> 00:07:19,009 principles. 208 00:07:19,010 --> 00:07:19,999 The U.S. 209 00:07:20,000 --> 00:07:22,459 Agency for Fundamental Right has 210 00:07:22,460 --> 00:07:24,619 put forth the reasons that would 211 00:07:24,620 --> 00:07:26,929 justify these additional 212 00:07:26,930 --> 00:07:28,639 searches at the border. 213 00:07:28,640 --> 00:07:30,739 Point one is to verify 214 00:07:30,740 --> 00:07:32,809 your identity, where you're 215 00:07:32,810 --> 00:07:34,699 coming from, where your nationality is, 216 00:07:34,700 --> 00:07:36,349 seeing if you're a proper person to be 217 00:07:36,350 --> 00:07:38,449 admitted. And the second reason 218 00:07:38,450 --> 00:07:40,909 would be to search for dangerous objects 219 00:07:40,910 --> 00:07:43,159 like drugs or weapons, or to 220 00:07:43,160 --> 00:07:45,079 see if there's any evidence of criminal 221 00:07:45,080 --> 00:07:47,209 activity and if that last one that is 222 00:07:47,210 --> 00:07:48,379 the most likely one, going to be the 223 00:07:48,380 --> 00:07:50,599 basis for a search of a device 224 00:07:50,600 --> 00:07:52,819 to look for some sort of evidence 225 00:07:52,820 --> 00:07:55,279 to bolster a criminal activity or 226 00:07:55,280 --> 00:07:57,679 in some cases, terrorism. 227 00:07:57,680 --> 00:07:59,749 And which brings us to an example 228 00:07:59,750 --> 00:08:01,879 from the European Union, the United 229 00:08:01,880 --> 00:08:02,329 Kingdom. 230 00:08:02,330 --> 00:08:04,069 Well, there in the European Union for the 231 00:08:04,070 --> 00:08:06,139 time being, where they have 232 00:08:06,140 --> 00:08:08,329 scheduled seven of the Terrorism 233 00:08:08,330 --> 00:08:10,519 Act. And this is a very broad power that 234 00:08:10,520 --> 00:08:13,039 has been granted to the authorities 235 00:08:13,040 --> 00:08:14,449 in the United Kingdom. 236 00:08:14,450 --> 00:08:16,489 It is limited by having a nexus to 237 00:08:16,490 --> 00:08:17,689 terrorism. 238 00:08:17,690 --> 00:08:19,879 And it was also the 239 00:08:19,880 --> 00:08:22,279 UK Court of Appeal found 240 00:08:22,280 --> 00:08:23,989 some limitations under the European 241 00:08:23,990 --> 00:08:26,279 Charter Convention for Human Rights. 242 00:08:27,320 --> 00:08:29,239 This came out of the case involving David 243 00:08:29,240 --> 00:08:31,369 Miranda, who was 244 00:08:31,370 --> 00:08:33,469 traveling between meeting Edward Snowden 245 00:08:33,470 --> 00:08:36,079 in Moscow and Glenn Greenwald 246 00:08:36,080 --> 00:08:38,359 in Brazil, was 247 00:08:38,360 --> 00:08:40,459 detained under Section seven at the 248 00:08:40,460 --> 00:08:42,558 Heathrow Airport and brought a 249 00:08:42,559 --> 00:08:44,058 challenge to that. 250 00:08:44,059 --> 00:08:45,859 The court ultimately did find that the 251 00:08:45,860 --> 00:08:48,439 detention and the interrogation were OK, 252 00:08:48,440 --> 00:08:50,570 but said that the Section seven 253 00:08:51,710 --> 00:08:53,869 did not have sufficient protections 254 00:08:53,870 --> 00:08:56,419 for the right of free expression 255 00:08:56,420 --> 00:08:58,759 because it didn't have the appropriate 256 00:08:58,760 --> 00:09:00,589 exceptions that would allow for 257 00:09:00,590 --> 00:09:02,689 journalists to communicate for sources. 258 00:09:02,690 --> 00:09:04,879 So this shows that while 259 00:09:04,880 --> 00:09:07,249 it is a powerful act, it can be tempered 260 00:09:07,250 --> 00:09:09,439 by the Convention on Human Rights. 261 00:09:09,440 --> 00:09:10,820 However, subsequently 262 00:09:12,130 --> 00:09:14,539 the border police 263 00:09:14,540 --> 00:09:16,699 in the UK have been asserting the 264 00:09:16,700 --> 00:09:18,769 right to demand passwords. 265 00:09:18,770 --> 00:09:21,379 And more recently, about a year ago, 266 00:09:21,380 --> 00:09:23,569 a man by the name of Mohammed Romine 267 00:09:24,740 --> 00:09:27,109 was asked to provide his password. 268 00:09:27,110 --> 00:09:28,699 He refused to provide and was arrested 269 00:09:28,700 --> 00:09:30,919 for that. And earlier this 270 00:09:30,920 --> 00:09:32,989 year, at September, that conviction 271 00:09:32,990 --> 00:09:34,039 was upheld. 272 00:09:34,040 --> 00:09:35,989 He plans to appeal, but this will be a 273 00:09:35,990 --> 00:09:37,309 very important case in sort of 274 00:09:37,310 --> 00:09:38,569 determining whether in the United 275 00:09:38,570 --> 00:09:41,659 Kingdom, they truly do have the power to 276 00:09:41,660 --> 00:09:43,849 invoke this law and for no other 277 00:09:43,850 --> 00:09:45,949 reason than than suspecting they want to 278 00:09:45,950 --> 00:09:48,439 see if there's any terrorism connections, 279 00:09:48,440 --> 00:09:50,299 be able to demand a password and look 280 00:09:50,300 --> 00:09:51,499 through all of your devices. 281 00:09:52,670 --> 00:09:54,349 So turning our sights a little more 282 00:09:54,350 --> 00:09:56,209 broadly around the world, a couple of 283 00:09:56,210 --> 00:09:58,009 countries to to highlight here. 284 00:09:58,010 --> 00:10:00,679 First, in the in the Commonwealth, 285 00:10:00,680 --> 00:10:02,929 Canada and Australia are 286 00:10:02,930 --> 00:10:05,239 both countries that do claim 287 00:10:05,240 --> 00:10:07,669 a right to demand 288 00:10:07,670 --> 00:10:09,349 your passwords and go through your 289 00:10:09,350 --> 00:10:11,210 devices and laptops at the border. 290 00:10:12,770 --> 00:10:15,289 The courts have not yet ruled on whether 291 00:10:15,290 --> 00:10:17,629 this is authorized under those countries 292 00:10:17,630 --> 00:10:18,709 laws. 293 00:10:18,710 --> 00:10:22,219 So at some point there may be a challenge 294 00:10:22,220 --> 00:10:23,719 to test this case. 295 00:10:23,720 --> 00:10:25,819 But in the interim, that's 296 00:10:25,820 --> 00:10:27,289 something that you might face when 297 00:10:27,290 --> 00:10:29,119 passing over these borders. 298 00:10:29,120 --> 00:10:31,999 One thing of note is the Canadian 299 00:10:32,000 --> 00:10:33,679 border police. 300 00:10:33,680 --> 00:10:35,809 They have a policy to restrict 301 00:10:35,810 --> 00:10:38,299 this to information that is on the device 302 00:10:38,300 --> 00:10:40,159 and not on the cloud. 303 00:10:40,160 --> 00:10:42,589 Now, if somebody violates a policy, 304 00:10:42,590 --> 00:10:44,029 usually you don't have much of a remedy 305 00:10:44,030 --> 00:10:45,709 about it. But it is sort of nice to know 306 00:10:45,710 --> 00:10:47,750 that they do have that that policy 307 00:10:49,160 --> 00:10:51,229 and then turning our sights a little bit 308 00:10:51,230 --> 00:10:53,779 more further afield to authoritarian 309 00:10:53,780 --> 00:10:55,429 regimes. 310 00:10:55,430 --> 00:10:57,559 And in this case is that if 311 00:10:57,560 --> 00:10:59,329 they want to search your device at a 312 00:10:59,330 --> 00:11:01,579 border, they probably can do so 313 00:11:01,580 --> 00:11:04,399 with relative impunity. 314 00:11:04,400 --> 00:11:06,529 So if you will be traveling 315 00:11:06,530 --> 00:11:09,319 to, you know, Russia, China, 316 00:11:09,320 --> 00:11:11,209 some of the more authoritarian countries 317 00:11:11,210 --> 00:11:13,999 in the Middle East, in Turkey, 318 00:11:14,000 --> 00:11:15,649 this will be a time to take some of the 319 00:11:15,650 --> 00:11:17,839 more maximum precautions 320 00:11:17,840 --> 00:11:19,909 if you think they have any 321 00:11:19,910 --> 00:11:22,009 reason to go through your devices. 322 00:11:22,010 --> 00:11:24,169 And we'll discuss a little bit how 323 00:11:24,170 --> 00:11:25,549 we might figure that out later, 324 00:11:26,720 --> 00:11:28,189 because these countries may not be 325 00:11:28,190 --> 00:11:30,499 beholden to these international human 326 00:11:30,500 --> 00:11:32,569 rights norms and there might 327 00:11:32,570 --> 00:11:34,849 not be very much that you can do to stop 328 00:11:34,850 --> 00:11:36,529 it. One of the reasons I wanted to 329 00:11:36,530 --> 00:11:38,809 highlight Turkey in here 330 00:11:38,810 --> 00:11:41,749 is that they have detained 331 00:11:41,750 --> 00:11:44,089 up to 75000 people 332 00:11:44,090 --> 00:11:46,399 for having a encrypted messaging app 333 00:11:46,400 --> 00:11:48,709 on their phones simply for having 334 00:11:48,710 --> 00:11:50,209 the app, not because they were accused of 335 00:11:50,210 --> 00:11:52,049 doing anything particular with the app. 336 00:11:53,270 --> 00:11:55,399 This was Baylock was the name 337 00:11:55,400 --> 00:11:57,169 of this messaging app. 338 00:11:57,170 --> 00:11:58,669 And so if you were to travel over that 339 00:11:58,670 --> 00:11:59,839 border and they look through your phone 340 00:11:59,840 --> 00:12:01,969 and found Baylock, that alone could 341 00:12:01,970 --> 00:12:05,089 be a reason for further detention. 342 00:12:05,090 --> 00:12:07,369 So and if you found it and 343 00:12:07,370 --> 00:12:09,769 it was very well discovered, was recently 344 00:12:09,770 --> 00:12:11,809 deleted, that also might be considered 345 00:12:11,810 --> 00:12:12,810 suspicious. 346 00:12:14,220 --> 00:12:17,209 Now, let's turn to the the United States 347 00:12:17,210 --> 00:12:19,759 in the United States these days. 348 00:12:19,760 --> 00:12:21,829 The when you come there, the customs 349 00:12:21,830 --> 00:12:23,779 agents might ask you some questions, like 350 00:12:23,780 --> 00:12:26,449 ask you to unlock your device 351 00:12:26,450 --> 00:12:28,549 to provide a device password 352 00:12:28,550 --> 00:12:30,739 to disclose your social media handles 353 00:12:30,740 --> 00:12:33,079 so they can do public searches 354 00:12:33,080 --> 00:12:34,080 about them. 355 00:12:34,970 --> 00:12:37,189 And how you can react to this depends 356 00:12:37,190 --> 00:12:39,619 a little bit on on who you are. 357 00:12:39,620 --> 00:12:40,549 If you are a U.S. 358 00:12:40,550 --> 00:12:42,679 citizen, then they cannot refuse 359 00:12:42,680 --> 00:12:44,569 entry into the country. 360 00:12:44,570 --> 00:12:46,639 So while they may seize the device, 361 00:12:46,640 --> 00:12:48,589 but ultimately you would be able to 362 00:12:48,590 --> 00:12:50,479 travel on to your destination for a 363 00:12:50,480 --> 00:12:53,419 permanent resident, also 364 00:12:53,420 --> 00:12:55,339 would be able to come into the country. 365 00:12:55,340 --> 00:12:57,169 But there would be a little bit of after 366 00:12:57,170 --> 00:12:59,269 effects because they had raise questions 367 00:12:59,270 --> 00:13:00,709 about whether you'll be able to keep that 368 00:13:00,710 --> 00:13:03,169 status as a permanent resident 369 00:13:03,170 --> 00:13:05,209 and for everybody else here, perhaps the 370 00:13:05,210 --> 00:13:07,309 majority of the room, if you are not 371 00:13:07,310 --> 00:13:09,409 one of these two categories, 372 00:13:09,410 --> 00:13:11,149 you'll be asked these questions in a 373 00:13:11,150 --> 00:13:13,309 situation where if you say no, 374 00:13:13,310 --> 00:13:14,929 they can deny entry until you have to 375 00:13:14,930 --> 00:13:16,429 turn around and go back to where you came 376 00:13:16,430 --> 00:13:18,499 from, which puts a tremendous amount 377 00:13:18,500 --> 00:13:20,659 of pressure to 378 00:13:20,660 --> 00:13:22,759 provide that access and to give up 379 00:13:22,760 --> 00:13:24,320 a little bit of your privacy rights. 380 00:13:25,400 --> 00:13:27,229 So how often is this happening? 381 00:13:27,230 --> 00:13:29,599 Well, at an increasing rate 382 00:13:29,600 --> 00:13:32,119 over the last three years, 383 00:13:32,120 --> 00:13:34,219 they have gone from 384 00:13:34,220 --> 00:13:36,979 under 5000 electronic media searches 385 00:13:36,980 --> 00:13:39,169 to on a pace this year 386 00:13:39,170 --> 00:13:41,209 for over 30000. 387 00:13:41,210 --> 00:13:43,189 So a substantial increase. 388 00:13:43,190 --> 00:13:44,869 The one thing to keep in mind is this is 389 00:13:44,870 --> 00:13:47,239 out of 400 million border 390 00:13:47,240 --> 00:13:48,259 crossings. 391 00:13:48,260 --> 00:13:50,629 So I got a purely statistical level. 392 00:13:50,630 --> 00:13:52,789 The odds are pretty low that a random 393 00:13:52,790 --> 00:13:55,249 person will have their device searched. 394 00:13:55,250 --> 00:13:57,049 But of course, this is not actually 395 00:13:57,050 --> 00:13:57,979 random. 396 00:13:57,980 --> 00:13:59,809 So whether, you know, your particular 397 00:13:59,810 --> 00:14:02,179 odds will will vary. 398 00:14:02,180 --> 00:14:03,499 In addition, the U.S. 399 00:14:03,500 --> 00:14:05,629 has started to undertake 400 00:14:05,630 --> 00:14:08,329 a program called Extreme Vetting. 401 00:14:08,330 --> 00:14:10,129 For the last several years, they have 402 00:14:10,130 --> 00:14:12,349 been collecting social media handles, 403 00:14:12,350 --> 00:14:14,509 alias and search results, and then 404 00:14:14,510 --> 00:14:16,909 providing that to the Customs 405 00:14:16,910 --> 00:14:19,309 and Border Patrol to ask questions 406 00:14:19,310 --> 00:14:21,019 about what they find. 407 00:14:21,020 --> 00:14:23,389 And Donald Trump 408 00:14:23,390 --> 00:14:25,639 has asked the DHS to expand 409 00:14:25,640 --> 00:14:28,939 this program just about a month ago. 410 00:14:28,940 --> 00:14:30,769 And this will expand to looking at things 411 00:14:30,770 --> 00:14:33,079 like your responses in public 412 00:14:33,080 --> 00:14:35,239 hearings, speeches you may have 413 00:14:35,240 --> 00:14:37,909 given at conferences, academic 414 00:14:37,910 --> 00:14:39,259 websites where you may have published a 415 00:14:39,260 --> 00:14:40,699 paper. 416 00:14:40,700 --> 00:14:42,859 And this stuff is considered sort of fair 417 00:14:42,860 --> 00:14:45,019 game to be questioned 418 00:14:45,020 --> 00:14:47,449 about as you cross the border. 419 00:14:47,450 --> 00:14:49,669 And at one time, this was focused on 420 00:14:49,670 --> 00:14:51,439 people who are coming in with immigrant 421 00:14:51,440 --> 00:14:53,929 visas, ones who were planning to stay for 422 00:14:53,930 --> 00:14:55,999 a period of time, but they 423 00:14:56,000 --> 00:14:58,129 have expanded that to more 424 00:14:58,130 --> 00:15:00,409 brief travelers. 425 00:15:00,410 --> 00:15:02,089 So how does this work within the 426 00:15:02,090 --> 00:15:04,549 constitutional and legal framework? 427 00:15:04,550 --> 00:15:06,979 Well, constitutional provisions do apply 428 00:15:06,980 --> 00:15:09,139 at the U.S. border, but there 429 00:15:09,140 --> 00:15:11,059 is this what's known as the border search 430 00:15:11,060 --> 00:15:13,189 exception, the exception that proves 431 00:15:13,190 --> 00:15:14,190 the rule. 432 00:15:14,720 --> 00:15:17,569 Routine searches do not require 433 00:15:17,570 --> 00:15:20,239 a warrant or individualized suspicion, 434 00:15:20,240 --> 00:15:22,399 but non-routine searches 435 00:15:22,400 --> 00:15:24,919 do need an additional level of suspicion. 436 00:15:24,920 --> 00:15:27,109 So what is a non-routine search? 437 00:15:27,110 --> 00:15:28,549 Well, it's defined as something which is 438 00:15:28,550 --> 00:15:30,979 highly intrusive, that impacts 439 00:15:30,980 --> 00:15:33,829 your dignity and privacy interest 440 00:15:33,830 --> 00:15:35,659 or is conducted in a particularly 441 00:15:35,660 --> 00:15:37,639 offensive manner. 442 00:15:37,640 --> 00:15:39,409 So how does that break down with device 443 00:15:39,410 --> 00:15:41,239 searches, electronic searches? 444 00:15:41,240 --> 00:15:44,059 Well, a couple of years ago in 2013, 445 00:15:44,060 --> 00:15:46,489 a court of appeal found that a forensic 446 00:15:46,490 --> 00:15:48,559 search did require this 447 00:15:48,560 --> 00:15:51,199 additional level of legal process. 448 00:15:51,200 --> 00:15:52,729 And this is a forensic search is when 449 00:15:52,730 --> 00:15:54,229 they take your device, hook it up to a 450 00:15:54,230 --> 00:15:56,359 machine, copy 451 00:15:56,360 --> 00:15:59,029 the data on it, do some analytics. 452 00:15:59,030 --> 00:16:00,799 But a manual search, you know, when they 453 00:16:00,800 --> 00:16:02,299 pick it up, flip through it. 454 00:16:03,660 --> 00:16:06,299 Just with the border agent right there 455 00:16:06,300 --> 00:16:08,729 that did not so that was the dividing 456 00:16:08,730 --> 00:16:10,919 line in 2013, but 457 00:16:10,920 --> 00:16:13,139 then in 2014, there's a Supreme 458 00:16:13,140 --> 00:16:14,759 Court case, Riley vs. 459 00:16:14,760 --> 00:16:16,829 California, where the court was looking 460 00:16:16,830 --> 00:16:18,569 at searches of phones. 461 00:16:18,570 --> 00:16:20,309 The government there was arguing that 462 00:16:20,310 --> 00:16:22,109 warrants were not necessary to search the 463 00:16:22,110 --> 00:16:24,329 phones and the court ruled 464 00:16:24,330 --> 00:16:26,609 otherwise. They said that 465 00:16:26,610 --> 00:16:28,529 they recognized that there was a lot of 466 00:16:28,530 --> 00:16:30,659 sensitive data on the phone and that 467 00:16:30,660 --> 00:16:32,609 it wasn't intrusive search that required 468 00:16:32,610 --> 00:16:33,869 a warrant. 469 00:16:33,870 --> 00:16:35,969 And we believe that that precedent 470 00:16:35,970 --> 00:16:38,549 should be applied to border searches. 471 00:16:38,550 --> 00:16:40,499 We filed a case earlier this year, 472 00:16:40,500 --> 00:16:42,329 al-Assad versus Duke, along with the 473 00:16:42,330 --> 00:16:45,059 ACLU, to challenge the warrantless 474 00:16:45,060 --> 00:16:46,509 searches at the border. 475 00:16:46,510 --> 00:16:48,299 The Trump administration has filed a 476 00:16:48,300 --> 00:16:49,859 motion to dismiss our case, which we are 477 00:16:49,860 --> 00:16:51,059 now litigating. 478 00:16:51,060 --> 00:16:52,529 So hopefully we'll be able to use that 479 00:16:52,530 --> 00:16:54,659 case and establish a precedent that 480 00:16:54,660 --> 00:16:56,699 you do need to have additional process to 481 00:16:56,700 --> 00:16:58,230 go through your devices at the border. 482 00:17:04,619 --> 00:17:07,019 And one thing where there has been some 483 00:17:07,020 --> 00:17:09,239 some limited progress is 484 00:17:09,240 --> 00:17:10,679 access to the cloud. 485 00:17:10,680 --> 00:17:12,179 So in the rilly case, the court 486 00:17:12,180 --> 00:17:14,249 recognized the use a great metaphor. 487 00:17:14,250 --> 00:17:15,719 They said the government's argument would 488 00:17:15,720 --> 00:17:17,999 be saying that it's like finding a key 489 00:17:18,000 --> 00:17:20,309 in a suspect's pocket and then arguing 490 00:17:20,310 --> 00:17:22,259 it allowed law enforcement to unlock and 491 00:17:22,260 --> 00:17:23,338 search your house. 492 00:17:23,339 --> 00:17:24,389 And that's actually a pretty good 493 00:17:24,390 --> 00:17:25,679 metaphor for what's on your phone, 494 00:17:25,680 --> 00:17:27,568 because you have a lot of credentials 495 00:17:27,569 --> 00:17:29,789 saved passwords, which 496 00:17:29,790 --> 00:17:31,859 are essentially keys that allow the 497 00:17:31,860 --> 00:17:34,349 phone or your your computer to unlock 498 00:17:34,350 --> 00:17:35,609 information that you have stored 499 00:17:35,610 --> 00:17:36,929 elsewhere on the cloud. 500 00:17:36,930 --> 00:17:38,519 And it shouldn't be because you're 501 00:17:38,520 --> 00:17:40,799 carrying it in your pocket that this 502 00:17:40,800 --> 00:17:42,989 opens up your entire life 503 00:17:42,990 --> 00:17:45,089 to to the investigatory 504 00:17:45,090 --> 00:17:45,989 agent. 505 00:17:45,990 --> 00:17:48,539 And the Customs and Border Patrol has 506 00:17:48,540 --> 00:17:50,789 said as a policy is 507 00:17:50,790 --> 00:17:52,079 only going to look at information that is 508 00:17:52,080 --> 00:17:54,509 physically resident on the device, 509 00:17:54,510 --> 00:17:55,859 keeping in mind that they'll still do 510 00:17:55,860 --> 00:17:57,389 public searches for information about 511 00:17:57,390 --> 00:17:59,159 your social media handles. 512 00:17:59,160 --> 00:18:01,469 Again, like with the Canadians, 513 00:18:01,470 --> 00:18:03,329 this is a policy. 514 00:18:03,330 --> 00:18:04,899 And so that's very important to getting 515 00:18:04,900 --> 00:18:06,929 established as the law, but as a starting 516 00:18:06,930 --> 00:18:08,489 point, at least as good, they have the 517 00:18:08,490 --> 00:18:09,490 policy. 518 00:18:10,020 --> 00:18:12,059 Another important thing to understand 519 00:18:12,060 --> 00:18:13,709 about U.S. 520 00:18:13,710 --> 00:18:15,749 law, and I think this could be applied 521 00:18:15,750 --> 00:18:18,029 elsewhere as well, is the difference 522 00:18:18,030 --> 00:18:19,659 between passwords and fingerprints. 523 00:18:19,660 --> 00:18:22,049 So many devices these days are using 524 00:18:22,050 --> 00:18:23,999 fingerprints as a method of unlocking. 525 00:18:24,000 --> 00:18:26,249 It's very convenient and it does 526 00:18:26,250 --> 00:18:27,250 allow you to 527 00:18:28,320 --> 00:18:29,909 not have to type in your password every 528 00:18:29,910 --> 00:18:31,199 time. It's very convenient. 529 00:18:31,200 --> 00:18:33,479 But the law distinguishes between 530 00:18:33,480 --> 00:18:35,159 passwords because there's a lot of laws 531 00:18:35,160 --> 00:18:36,569 in the United States and actually in many 532 00:18:36,570 --> 00:18:38,699 other countries that provide you with the 533 00:18:38,700 --> 00:18:40,889 right to remain silent and not 534 00:18:40,890 --> 00:18:42,449 answer questions from the law 535 00:18:42,450 --> 00:18:43,589 enforcement. They have to do their 536 00:18:43,590 --> 00:18:45,689 investigations, but you can't be forced 537 00:18:45,690 --> 00:18:46,679 to answer. 538 00:18:46,680 --> 00:18:48,839 And those laws are a basis for arguments. 539 00:18:48,840 --> 00:18:50,909 You don't have to provide your password. 540 00:18:50,910 --> 00:18:52,619 But some cases have found that there are 541 00:18:52,620 --> 00:18:54,809 less protections for the information 542 00:18:54,810 --> 00:18:56,669 that's on your finger. 543 00:18:56,670 --> 00:18:58,619 In addition, besides the different legal 544 00:18:58,620 --> 00:19:00,149 protections, there are some practical 545 00:19:00,150 --> 00:19:02,069 ones. If you're at the border, your 546 00:19:02,070 --> 00:19:04,679 device can be unlocked with a finger. 547 00:19:04,680 --> 00:19:06,329 The border agent could grab your finger 548 00:19:06,330 --> 00:19:08,189 and just shove it down the phone and then 549 00:19:08,190 --> 00:19:09,719 it's unlocked and you'll be arguing later 550 00:19:09,720 --> 00:19:11,219 about whether they should have had access 551 00:19:11,220 --> 00:19:13,289 and whether instead of whether they can 552 00:19:13,290 --> 00:19:14,559 have access. 553 00:19:14,560 --> 00:19:16,529 And finally, it's if they're really 554 00:19:16,530 --> 00:19:18,209 interested, the government may have 555 00:19:18,210 --> 00:19:19,739 access to your fingerprints from other 556 00:19:19,740 --> 00:19:21,959 sources and they may be able to try 557 00:19:21,960 --> 00:19:23,369 and get into the phone using that 558 00:19:23,370 --> 00:19:24,370 information. 559 00:19:25,610 --> 00:19:27,889 So as you're approaching the border, 560 00:19:27,890 --> 00:19:29,899 it's going to think, how should I 561 00:19:29,900 --> 00:19:31,549 approach this, how should it work for me? 562 00:19:31,550 --> 00:19:33,529 And it's going to depend a lot on who you 563 00:19:33,530 --> 00:19:34,849 are and how you 564 00:19:35,960 --> 00:19:37,999 how you want to react to the situation. 565 00:19:38,000 --> 00:19:39,769 So things about who you are, your 566 00:19:39,770 --> 00:19:41,899 citizenship, your residence, your 567 00:19:41,900 --> 00:19:44,389 immigration status will 568 00:19:44,390 --> 00:19:45,889 affect your thinking and what your 569 00:19:45,890 --> 00:19:47,899 chances are of getting searched and how 570 00:19:47,900 --> 00:19:49,429 you react to it. 571 00:19:49,430 --> 00:19:51,499 You're more likely to be 572 00:19:51,500 --> 00:19:52,639 subject to certain, depending on your 573 00:19:52,640 --> 00:19:54,559 travel history. If you've been to 574 00:19:54,560 --> 00:19:56,209 countries that are associated with 575 00:19:56,210 --> 00:19:57,529 terrorism, for example, 576 00:19:58,550 --> 00:20:00,109 your history with law enforcement, you 577 00:20:00,110 --> 00:20:01,009 have an arrest record. 578 00:20:01,010 --> 00:20:02,809 If you have convictions, these will 579 00:20:02,810 --> 00:20:04,579 increase the likelihood of being 580 00:20:04,580 --> 00:20:06,439 subjected to a search. 581 00:20:06,440 --> 00:20:08,299 And then when you're trying to decide how 582 00:20:08,300 --> 00:20:09,829 you would deal with a search, you're 583 00:20:09,830 --> 00:20:11,449 going have to weigh some factors about 584 00:20:11,450 --> 00:20:13,909 your tolerance for hassle and delay 585 00:20:13,910 --> 00:20:15,679 versus your desire to make a statement 586 00:20:15,680 --> 00:20:16,609 and stand up for your rights. 587 00:20:16,610 --> 00:20:18,079 And these can be very tough personal 588 00:20:18,080 --> 00:20:20,239 choices. If you make the decision to 589 00:20:20,240 --> 00:20:22,519 push back on a search, you may 590 00:20:22,520 --> 00:20:24,649 suffer some some consequences that you're 591 00:20:24,650 --> 00:20:27,169 going to have to have to deal with. 592 00:20:27,170 --> 00:20:28,909 The second way that you should be looking 593 00:20:28,910 --> 00:20:30,529 at when you're when you're deciding how 594 00:20:30,530 --> 00:20:32,419 to react to the border and what to do is 595 00:20:32,420 --> 00:20:33,949 think about the information that you're 596 00:20:33,950 --> 00:20:35,689 carrying with you. 597 00:20:35,690 --> 00:20:37,969 How sensitive is that data? 598 00:20:37,970 --> 00:20:40,129 What is the risk that you would 599 00:20:40,130 --> 00:20:41,809 face if the data was seized? 600 00:20:41,810 --> 00:20:43,909 Both the risk that if they if 601 00:20:43,910 --> 00:20:46,489 the government got access to that data 602 00:20:46,490 --> 00:20:48,559 and also your risk of having loss of 603 00:20:48,560 --> 00:20:49,159 access to that. 604 00:20:49,160 --> 00:20:50,509 And if you didn't have a backup, for 605 00:20:50,510 --> 00:20:52,339 example, and you didn't get your device 606 00:20:52,340 --> 00:20:54,469 back, do you need the 607 00:20:54,470 --> 00:20:56,569 information when you get to the far side 608 00:20:56,570 --> 00:20:58,669 of the border or if you 609 00:20:58,670 --> 00:21:00,829 have the information and you can put it 610 00:21:00,830 --> 00:21:02,749 on the cloud, will you be able to get 611 00:21:02,750 --> 00:21:04,639 that information through the network that 612 00:21:04,640 --> 00:21:07,009 will be available on the far side of the 613 00:21:07,010 --> 00:21:08,629 border? The quality both in terms of how 614 00:21:08,630 --> 00:21:10,909 fast they are or whether, like in 615 00:21:10,910 --> 00:21:13,399 some cases, there is heavy government 616 00:21:13,400 --> 00:21:15,589 surveillance on those networks. 617 00:21:17,290 --> 00:21:19,659 So before you arrive at the border, 618 00:21:19,660 --> 00:21:20,679 you've got to think through some of these 619 00:21:20,680 --> 00:21:22,269 issues, you might want to talk with your 620 00:21:22,270 --> 00:21:24,609 employer about your work devices. 621 00:21:24,610 --> 00:21:26,349 They may have policies about whether you 622 00:21:26,350 --> 00:21:28,449 should be taking it over a border, may 623 00:21:28,450 --> 00:21:31,239 ask for some information to be deleted, 624 00:21:31,240 --> 00:21:33,969 may say you should or shouldn't provide 625 00:21:33,970 --> 00:21:36,329 passwords if asked, 626 00:21:36,330 --> 00:21:38,139 and think about protecting what you carry 627 00:21:38,140 --> 00:21:39,219 about. They're going to talk a little bit 628 00:21:39,220 --> 00:21:41,139 more of this when we get to Bill section 629 00:21:41,140 --> 00:21:42,519 talking about technical protections, but 630 00:21:42,520 --> 00:21:44,739 things like backups, encryption, strong 631 00:21:44,740 --> 00:21:46,929 passwords, then think about your 632 00:21:46,930 --> 00:21:49,049 online presence for 633 00:21:49,050 --> 00:21:51,159 for your devices, log 634 00:21:51,160 --> 00:21:53,379 out, remove credentials so that 635 00:21:53,380 --> 00:21:55,359 if they don't have a policy about looking 636 00:21:55,360 --> 00:21:57,279 in the cloud, they would have to at least 637 00:21:57,280 --> 00:21:59,709 require or ask for passwords 638 00:21:59,710 --> 00:22:01,389 before they can do it. So it's tamper 639 00:22:01,390 --> 00:22:03,039 evident in that way. 640 00:22:03,040 --> 00:22:05,109 Also, put yourself in private browsing 641 00:22:05,110 --> 00:22:06,729 mode. So if they're looking through your 642 00:22:06,730 --> 00:22:08,900 Web history, they won't be there. 643 00:22:10,030 --> 00:22:12,129 You also may consider looking 644 00:22:12,130 --> 00:22:14,109 at your publicly available information 645 00:22:14,110 --> 00:22:16,449 and shifting it to private, 646 00:22:16,450 --> 00:22:19,269 making it friends only on Facebook or 647 00:22:19,270 --> 00:22:21,729 going to a private account on Twitter 648 00:22:21,730 --> 00:22:22,990 and most importantly. 649 00:22:24,270 --> 00:22:26,459 Don't bring it if 650 00:22:26,460 --> 00:22:28,379 they don't have it, they can't take it at 651 00:22:28,380 --> 00:22:30,479 the border, so consider leaving 652 00:22:30,480 --> 00:22:31,889 your devices at home if you're not going 653 00:22:31,890 --> 00:22:32,879 to need them. 654 00:22:32,880 --> 00:22:34,469 Maybe you can if you need a computer, but 655 00:22:34,470 --> 00:22:35,939 you don't need your home computer. 656 00:22:35,940 --> 00:22:37,859 Consider bringing a temporary device like 657 00:22:37,860 --> 00:22:39,989 a Chromebook or a burner phone. 658 00:22:39,990 --> 00:22:41,969 If you don't need the data that's on your 659 00:22:41,970 --> 00:22:43,799 device, delete it. 660 00:22:43,800 --> 00:22:46,079 If you do need the data, consider moving 661 00:22:46,080 --> 00:22:48,329 it to the cloud and then picking it up 662 00:22:48,330 --> 00:22:49,739 when you get to the far side. 663 00:22:51,030 --> 00:22:53,489 Then as you come to the border, 664 00:22:53,490 --> 00:22:55,739 it's important as first to plan ahead, 665 00:22:55,740 --> 00:22:57,779 have an idea of what you want to do 666 00:22:57,780 --> 00:22:59,729 there, how you would react to various 667 00:22:59,730 --> 00:23:00,719 scenarios. 668 00:23:00,720 --> 00:23:03,119 So you're not making a decision when 669 00:23:03,120 --> 00:23:05,219 under this very 670 00:23:05,220 --> 00:23:06,809 tough situation where you're under a lot 671 00:23:06,810 --> 00:23:08,789 of pressure of making a decision on the 672 00:23:08,790 --> 00:23:10,979 fly, but have a good idea what you want 673 00:23:10,980 --> 00:23:12,929 to do when you're having the 674 00:23:12,930 --> 00:23:13,859 interactions. 675 00:23:13,860 --> 00:23:15,300 Be polite and respectful. 676 00:23:16,800 --> 00:23:18,869 Escalating the situation can lead 677 00:23:18,870 --> 00:23:20,819 to two further problems that aren't 678 00:23:20,820 --> 00:23:22,409 necessary. 679 00:23:22,410 --> 00:23:24,569 Importantly, don't lie to the 680 00:23:24,570 --> 00:23:25,619 border agents. 681 00:23:25,620 --> 00:23:27,059 There are a lot of countries, probably 682 00:23:27,060 --> 00:23:29,969 almost all will have separate crimes 683 00:23:29,970 --> 00:23:32,129 for giving false information or lying 684 00:23:32,130 --> 00:23:34,679 to governmental authorities. 685 00:23:34,680 --> 00:23:35,969 And that means that they'll have 686 00:23:35,970 --> 00:23:38,429 something over you even 687 00:23:38,430 --> 00:23:40,349 if there is nothing, nothing else they 688 00:23:40,350 --> 00:23:42,449 have for telling something that was 689 00:23:42,450 --> 00:23:44,720 untrue while talking to the border agent, 690 00:23:45,780 --> 00:23:47,309 don't physically interfere with the 691 00:23:47,310 --> 00:23:49,139 search. It's probably not going to work 692 00:23:49,140 --> 00:23:51,179 out. They have a lot of ability to stop 693 00:23:51,180 --> 00:23:53,429 physical interference unless 694 00:23:53,430 --> 00:23:55,020 perhaps you're Jason Bourne 695 00:23:56,490 --> 00:23:59,489 and you're right, 696 00:23:59,490 --> 00:24:00,569 one of them. Well, we'll talk about 697 00:24:00,570 --> 00:24:01,739 consent in a second. 698 00:24:01,740 --> 00:24:03,479 But if they seize your device physically 699 00:24:03,480 --> 00:24:04,949 from you, it's hard to say that you 700 00:24:04,950 --> 00:24:06,539 consented to give it to them so you can 701 00:24:06,540 --> 00:24:08,459 help preserve your rights. 702 00:24:08,460 --> 00:24:10,079 And then if something does happen as it's 703 00:24:10,080 --> 00:24:12,209 going down and you want to do 704 00:24:12,210 --> 00:24:14,349 something about it later, document 705 00:24:14,350 --> 00:24:16,439 it, get names, badge numbers, 706 00:24:16,440 --> 00:24:18,299 agencies, get a receipt for their 707 00:24:18,300 --> 00:24:20,369 property, they'll give you the more power 708 00:24:20,370 --> 00:24:21,960 to do something about it later. 709 00:24:23,270 --> 00:24:25,249 Now, now I want to turn to the consent, 710 00:24:25,250 --> 00:24:26,779 first of all, there's something that 711 00:24:26,780 --> 00:24:28,729 often happens when the border agents are 712 00:24:28,730 --> 00:24:29,749 talking to you. 713 00:24:29,750 --> 00:24:31,709 They'll phrase things in the form of a 714 00:24:31,710 --> 00:24:33,109 polite question. 715 00:24:33,110 --> 00:24:34,639 You know, would you like to give me your 716 00:24:34,640 --> 00:24:35,539 password? 717 00:24:35,540 --> 00:24:36,859 Can I see your device? 718 00:24:38,000 --> 00:24:40,129 And if you hand it over in 719 00:24:40,130 --> 00:24:42,319 response to that, they'll say, oh, it 720 00:24:42,320 --> 00:24:44,569 was consent. You have waived your rights 721 00:24:44,570 --> 00:24:45,949 if you want to challenge it later. 722 00:24:45,950 --> 00:24:47,989 Well, you gave it up. 723 00:24:47,990 --> 00:24:50,179 So in some cases 724 00:24:50,180 --> 00:24:51,409 you might want to clarify. 725 00:24:51,410 --> 00:24:52,939 Well, is that an order? 726 00:24:52,940 --> 00:24:54,889 Am I required to do this or is that a 727 00:24:54,890 --> 00:24:57,229 request? Now, they say it's a request. 728 00:24:57,230 --> 00:24:58,399 No, thank you. 729 00:24:58,400 --> 00:25:00,619 If they say it's an order, well, then 730 00:25:00,620 --> 00:25:01,819 you're going to get to choose your own 731 00:25:01,820 --> 00:25:03,049 adventure. 732 00:25:03,050 --> 00:25:05,569 You can choose to comply with the order. 733 00:25:05,570 --> 00:25:07,189 And this will mean they'll have access to 734 00:25:07,190 --> 00:25:08,190 your device. 735 00:25:09,110 --> 00:25:10,849 You have more limited legal options 736 00:25:10,850 --> 00:25:12,409 later, be more about trying to get them 737 00:25:12,410 --> 00:25:14,539 to delete the data or remove it 738 00:25:14,540 --> 00:25:16,099 from their systems as opposed to not get 739 00:25:16,100 --> 00:25:17,100 it in the first place. 740 00:25:18,170 --> 00:25:20,029 But you'll probably be able to much more 741 00:25:20,030 --> 00:25:21,529 quickly go on your way, make your 742 00:25:21,530 --> 00:25:23,629 connecting flight, go to that conference 743 00:25:23,630 --> 00:25:24,710 that you were going to attend, 744 00:25:25,790 --> 00:25:27,529 or you can refuse to comply. 745 00:25:27,530 --> 00:25:29,449 Stand up for your rights. 746 00:25:29,450 --> 00:25:31,609 And that can provide you greater legal 747 00:25:31,610 --> 00:25:33,469 options. Right, because you can challenge 748 00:25:33,470 --> 00:25:35,749 their ability to and they can challenge 749 00:25:35,750 --> 00:25:37,249 their ability to get into your rights by 750 00:25:37,250 --> 00:25:38,989 not providing the password until has been 751 00:25:38,990 --> 00:25:41,269 adjudicated in a court of law. 752 00:25:41,270 --> 00:25:43,429 But this comes with consequences. 753 00:25:43,430 --> 00:25:45,139 This may escalate the situation. 754 00:25:45,140 --> 00:25:46,609 The device may be seized. 755 00:25:46,610 --> 00:25:48,079 You may have future trouble the next time 756 00:25:48,080 --> 00:25:50,119 you're going over a border. 757 00:25:50,120 --> 00:25:51,799 So these are difficult choices and will 758 00:25:51,800 --> 00:25:54,499 depend on your particular circumstance. 759 00:25:54,500 --> 00:25:56,689 And then after the border, 760 00:25:56,690 --> 00:26:00,049 again, document what has happened 761 00:26:00,050 --> 00:26:02,539 in some if your freedom of information 762 00:26:02,540 --> 00:26:04,399 laws in your jurisdiction, you might want 763 00:26:04,400 --> 00:26:05,989 to use those to get more information 764 00:26:05,990 --> 00:26:07,549 about what happened, see what public 765 00:26:07,550 --> 00:26:09,259 records could be provided. 766 00:26:09,260 --> 00:26:11,539 And another important thing, if 767 00:26:11,540 --> 00:26:13,189 you did make that choice to hand over 768 00:26:13,190 --> 00:26:15,799 your password, change it, 769 00:26:15,800 --> 00:26:17,869 they will keep that password and it will 770 00:26:17,870 --> 00:26:20,029 be available to them for future border 771 00:26:20,030 --> 00:26:22,279 crossings. And if it's a password to 772 00:26:22,280 --> 00:26:23,729 publicly available or, you know, 773 00:26:23,730 --> 00:26:26,329 websites, they may use it to go on there. 774 00:26:26,330 --> 00:26:28,219 So change any passwords that they may 775 00:26:28,220 --> 00:26:30,319 have gotten access to as soon as you get 776 00:26:30,320 --> 00:26:32,779 your as soon as you can. 777 00:26:32,780 --> 00:26:34,189 And with that, I'll turn it over to Bill 778 00:26:34,190 --> 00:26:35,569 to talk a little bit more about technical 779 00:26:35,570 --> 00:26:36,650 measures to protect yourself. 780 00:26:44,820 --> 00:26:46,229 Thanks very much, Kurt. 781 00:26:46,230 --> 00:26:48,479 Yeah, so in addition to the legal 782 00:26:48,480 --> 00:26:50,999 protections that you have at the border, 783 00:26:51,000 --> 00:26:52,379 there are some technical measures that 784 00:26:52,380 --> 00:26:54,689 you can take to protect yourself in 785 00:26:54,690 --> 00:26:56,939 general, as Kurt said, 786 00:26:56,940 --> 00:26:59,159 that the best thing is to not 787 00:26:59,160 --> 00:27:00,479 bring your device with you. 788 00:27:00,480 --> 00:27:01,769 If you don't have your device with you in 789 00:27:01,770 --> 00:27:03,599 the first place and there's no data that 790 00:27:03,600 --> 00:27:04,739 they can get from it. 791 00:27:04,740 --> 00:27:06,239 In addition, you'll have the benefit of 792 00:27:06,240 --> 00:27:07,949 not being able to be contacted by your 793 00:27:07,950 --> 00:27:08,950 boss. 794 00:27:10,080 --> 00:27:12,449 You can also use temporary devices 795 00:27:12,450 --> 00:27:14,219 and that may also provide some 796 00:27:14,220 --> 00:27:17,819 protection. You don't have legal measures 797 00:27:17,820 --> 00:27:19,889 you don't have you don't have your apps 798 00:27:19,890 --> 00:27:21,599 that are installed in your device logged 799 00:27:21,600 --> 00:27:24,899 into various accounts like Twitter 800 00:27:24,900 --> 00:27:26,099 or Facebook. 801 00:27:26,100 --> 00:27:28,289 Then they can force your fingerprint onto 802 00:27:28,290 --> 00:27:30,359 that device and have 803 00:27:30,360 --> 00:27:32,729 your information immediately. 804 00:27:32,730 --> 00:27:35,069 But, you know, if you do choose to 805 00:27:35,070 --> 00:27:37,289 actually bring your device with you, 806 00:27:37,290 --> 00:27:39,539 then there are some things, some measures 807 00:27:39,540 --> 00:27:41,729 that you can take if you do them 808 00:27:41,730 --> 00:27:43,799 right to protect the data that's on 809 00:27:43,800 --> 00:27:44,849 those devices. 810 00:27:47,050 --> 00:27:49,299 So just kind of go into some of the 811 00:27:49,300 --> 00:27:51,699 capabilities, the technical capabilities 812 00:27:51,700 --> 00:27:54,069 that are the border 813 00:27:54,070 --> 00:27:56,529 agents are able to get from your device. 814 00:27:56,530 --> 00:27:58,989 This is a slide from a 815 00:27:58,990 --> 00:28:01,239 company's website called Cellebrite. 816 00:28:01,240 --> 00:28:03,639 And Cellebrite is a forensic analysis 817 00:28:03,640 --> 00:28:06,069 company. What they do is 818 00:28:06,070 --> 00:28:08,619 they, you know, basically create software 819 00:28:08,620 --> 00:28:10,839 for law enforcement to take 820 00:28:10,840 --> 00:28:12,969 Android devices and use the geotag 821 00:28:12,970 --> 00:28:15,099 interface to image those devices and 822 00:28:15,100 --> 00:28:17,139 get data off of them. 823 00:28:17,140 --> 00:28:18,579 Not only do they do this for law 824 00:28:18,580 --> 00:28:20,229 enforcement, where they say right on the 825 00:28:20,230 --> 00:28:22,269 website that they're operating in 100 826 00:28:22,270 --> 00:28:24,459 countries across the world 827 00:28:24,460 --> 00:28:26,679 working with border patrols to do this. 828 00:28:26,680 --> 00:28:28,389 So we know that they're doing this at the 829 00:28:28,390 --> 00:28:29,390 border as well. 830 00:28:31,420 --> 00:28:33,159 And you can see the kind of different 831 00:28:33,160 --> 00:28:35,349 categories is an actual Cellebrite 832 00:28:35,350 --> 00:28:37,539 report that they've generated 833 00:28:37,540 --> 00:28:39,339 from an image from a cell phone. 834 00:28:39,340 --> 00:28:41,739 And, you know, you can this is a 835 00:28:41,740 --> 00:28:43,809 categorized by calendar call 836 00:28:43,810 --> 00:28:45,759 logs, these different things that they 837 00:28:45,760 --> 00:28:47,919 can get from your device after imaging it 838 00:28:47,920 --> 00:28:49,869 and analyzing it. 839 00:28:49,870 --> 00:28:51,729 It's important to kind of look at the 840 00:28:51,730 --> 00:28:54,249 right side of the column because 841 00:28:54,250 --> 00:28:56,439 you can see that there are numerous 842 00:28:56,440 --> 00:28:58,629 categories that have deleted items. 843 00:28:58,630 --> 00:29:00,999 So not only can they get the files, 844 00:29:01,000 --> 00:29:03,189 contacts, events 845 00:29:03,190 --> 00:29:05,469 that you have currently stored on 846 00:29:05,470 --> 00:29:07,479 your device, but they can also get those 847 00:29:07,480 --> 00:29:09,039 that you've deleted in the past. 848 00:29:09,040 --> 00:29:10,719 And we'll go over some protections 849 00:29:10,720 --> 00:29:11,720 against that as well. 850 00:29:13,210 --> 00:29:14,919 So the most powerful thing that you can 851 00:29:14,920 --> 00:29:17,319 do in general to protect your devices 852 00:29:17,320 --> 00:29:19,629 when crossing the border is employing 853 00:29:19,630 --> 00:29:21,699 full disk encryption, it's 854 00:29:21,700 --> 00:29:23,829 an extremely powerful measure 855 00:29:23,830 --> 00:29:26,259 to, you know, have your devices encrypted 856 00:29:26,260 --> 00:29:27,939 as you cross the border in general. 857 00:29:27,940 --> 00:29:29,529 And the important part is that this 858 00:29:29,530 --> 00:29:31,379 protects your data at rest. 859 00:29:31,380 --> 00:29:33,519 It does not protect your data when 860 00:29:33,520 --> 00:29:36,469 you're transferring it over a website. 861 00:29:36,470 --> 00:29:37,929 That's a different mechanism. 862 00:29:37,930 --> 00:29:40,419 So this is encrypting all the files 863 00:29:40,420 --> 00:29:42,399 on your device when you're crossing the 864 00:29:42,400 --> 00:29:44,499 border, although the 865 00:29:44,500 --> 00:29:46,240 device, the devices, files 866 00:29:47,590 --> 00:29:49,929 and you know, it's only as important 867 00:29:49,930 --> 00:29:52,179 as it only as secure 868 00:29:52,180 --> 00:29:54,429 as the power of the passphrase that you 869 00:29:54,430 --> 00:29:56,559 choose to encrypt that device 870 00:29:56,560 --> 00:29:57,560 with. 871 00:29:58,150 --> 00:30:00,519 In most cases, the screen 872 00:30:00,520 --> 00:30:02,919 unlock is a different passphrase 873 00:30:02,920 --> 00:30:04,869 from the from the 874 00:30:05,920 --> 00:30:07,629 full disk encryption passphrase. 875 00:30:07,630 --> 00:30:09,099 So you need to be aware of that. 876 00:30:09,100 --> 00:30:11,169 This is especially true with 877 00:30:11,170 --> 00:30:13,359 desktop devices and not 878 00:30:13,360 --> 00:30:15,039 so much with mobile devices in general. 879 00:30:17,840 --> 00:30:20,809 So certain devices 880 00:30:20,810 --> 00:30:22,939 have this separate code processor 881 00:30:22,940 --> 00:30:25,519 that actually increases the security 882 00:30:25,520 --> 00:30:28,279 that you have at boot time 883 00:30:28,280 --> 00:30:30,679 when you're entering your encryption 884 00:30:30,680 --> 00:30:32,809 passphrase, one of the things that 885 00:30:32,810 --> 00:30:34,879 it can do is it can 886 00:30:34,880 --> 00:30:37,519 basically throttle the number of attempts 887 00:30:37,520 --> 00:30:39,619 that a third party can use when 888 00:30:39,620 --> 00:30:40,759 they're guessing, when they're actually 889 00:30:40,760 --> 00:30:43,069 trying to go through the guesses 890 00:30:43,070 --> 00:30:45,269 of your device passphrase, which can, you 891 00:30:45,270 --> 00:30:47,239 know, lengthen the amount of time that it 892 00:30:47,240 --> 00:30:50,299 takes after each subsequent try 893 00:30:50,300 --> 00:30:52,489 and and slow it down if 894 00:30:52,490 --> 00:30:54,410 you have numerous incorrect 895 00:30:55,520 --> 00:30:57,529 attempts. And also, it can lock the 896 00:30:57,530 --> 00:31:00,079 device after a certain number of tries. 897 00:31:00,080 --> 00:31:03,049 I think with iOS, it's about 10 tries 898 00:31:03,050 --> 00:31:06,019 and make it that device, 899 00:31:06,020 --> 00:31:08,599 you know, not actually capable 900 00:31:08,600 --> 00:31:10,999 of unleashing the contents 901 00:31:11,000 --> 00:31:13,459 and unlocking device. 902 00:31:13,460 --> 00:31:16,799 This is due to a piece of 903 00:31:16,800 --> 00:31:19,279 a code processor that's on 904 00:31:19,280 --> 00:31:21,499 every iPhone since the five is 905 00:31:21,500 --> 00:31:23,389 called the Secure Enclave. 906 00:31:23,390 --> 00:31:25,819 And with the second clave does is 907 00:31:25,820 --> 00:31:28,069 it takes that pain or passphrase that 908 00:31:28,070 --> 00:31:30,829 you have chosen and entangles 909 00:31:30,830 --> 00:31:32,989 it or mixes it 910 00:31:32,990 --> 00:31:35,089 with several different things that are 911 00:31:35,090 --> 00:31:37,279 stored in a secure enclave itself. 912 00:31:38,300 --> 00:31:40,039 These are sources. 913 00:31:40,040 --> 00:31:42,199 This is key material that is stored in 914 00:31:42,200 --> 00:31:44,539 the UID that's burned into the secure 915 00:31:44,540 --> 00:31:46,939 enclave at manufacture time, 916 00:31:46,940 --> 00:31:49,429 as well as a guide, which is 917 00:31:49,430 --> 00:31:50,539 basically flash. 918 00:31:50,540 --> 00:31:52,759 And you can change, but you can't read 919 00:31:52,760 --> 00:31:54,859 the contact contents off of the 920 00:31:54,860 --> 00:31:56,299 secure enclave. 921 00:31:56,300 --> 00:31:58,189 And that's where this kind of 922 00:31:58,190 --> 00:32:00,499 exfiltration resistance property comes 923 00:32:00,500 --> 00:32:01,500 from. 924 00:32:02,750 --> 00:32:04,309 So when you want to choose a good 925 00:32:04,310 --> 00:32:06,859 passphrase, you really want to 926 00:32:06,860 --> 00:32:08,959 look for a strong 927 00:32:08,960 --> 00:32:10,819 pasteurize, is that because these are 928 00:32:10,820 --> 00:32:13,219 critical for actually securing 929 00:32:13,220 --> 00:32:15,499 the device in a proper 930 00:32:15,500 --> 00:32:16,849 way? 931 00:32:16,850 --> 00:32:18,859 In modern situations with modern 932 00:32:18,860 --> 00:32:20,659 hardware, trillions and trillions of 933 00:32:20,660 --> 00:32:22,789 guesses can be tried in a very, very 934 00:32:22,790 --> 00:32:24,739 short period of time. 935 00:32:24,740 --> 00:32:26,599 They use huge word lists and complex 936 00:32:26,600 --> 00:32:29,059 combinatorics to make it so that 937 00:32:29,060 --> 00:32:31,429 they can brute force your passphrase 938 00:32:31,430 --> 00:32:33,319 and get the contents. 939 00:32:33,320 --> 00:32:35,629 So what we recommend is using 940 00:32:35,630 --> 00:32:38,119 five or six random words 941 00:32:38,120 --> 00:32:40,279 in order to choose your 942 00:32:40,280 --> 00:32:41,299 passphrase. 943 00:32:41,300 --> 00:32:43,069 This is pretty resilient against those 944 00:32:43,070 --> 00:32:44,689 brute force attacks. 945 00:32:44,690 --> 00:32:46,819 And again, it can kind of be a very 946 00:32:46,820 --> 00:32:48,439 memorable phrase to you. 947 00:32:48,440 --> 00:32:50,449 You have five or six different words. 948 00:32:50,450 --> 00:32:52,129 Then you can create a story, weave a 949 00:32:52,130 --> 00:32:54,289 story about how that passphrase 950 00:32:54,290 --> 00:32:55,609 works. 951 00:32:55,610 --> 00:32:57,709 A great example is CCDs, 952 00:32:57,710 --> 00:32:59,839 correct horse battery staple 953 00:32:59,840 --> 00:33:01,219 comic that you probably are familiar 954 00:33:01,220 --> 00:33:02,220 with. 955 00:33:03,860 --> 00:33:05,419 In addition, you can kind of look at our 956 00:33:05,420 --> 00:33:07,579 website and get a good list 957 00:33:07,580 --> 00:33:09,769 of diese phrase passwords that 958 00:33:09,770 --> 00:33:12,379 you can use and look into the methodology 959 00:33:12,380 --> 00:33:14,029 of how to generate these phrases. 960 00:33:16,250 --> 00:33:18,529 So with device encryption, there's 961 00:33:18,530 --> 00:33:21,259 a mobile support across the board 962 00:33:21,260 --> 00:33:23,329 for device encryption pretty much at 963 00:33:23,330 --> 00:33:25,579 this point, Android has 964 00:33:25,580 --> 00:33:28,879 implanted partial support since 2013, 965 00:33:28,880 --> 00:33:30,140 Android six point zero 966 00:33:31,250 --> 00:33:33,379 implemented. It's only 967 00:33:33,380 --> 00:33:35,269 if Google Apps are able to basically, 968 00:33:35,270 --> 00:33:37,429 since Android SOC 969 00:33:37,430 --> 00:33:39,799 is an open source operating 970 00:33:39,800 --> 00:33:41,599 system, anyone can take it and implement 971 00:33:41,600 --> 00:33:43,879 it. But if you have Google Apps installed 972 00:33:43,880 --> 00:33:45,109 on that device as a contractual 973 00:33:45,110 --> 00:33:47,719 obligation to to actually 974 00:33:47,720 --> 00:33:50,239 implement secure and 975 00:33:50,240 --> 00:33:52,429 Folder's encryption and iOS has 976 00:33:52,430 --> 00:33:54,739 had it for a long time since 977 00:33:54,740 --> 00:33:57,559 ever since the iPhone 3GS 978 00:33:57,560 --> 00:33:59,659 and iPod touches have it with 979 00:33:59,660 --> 00:34:01,549 a third generation later. 980 00:34:01,550 --> 00:34:03,139 This is kind of what it looks like on 981 00:34:03,140 --> 00:34:04,399 different OEMs. 982 00:34:04,400 --> 00:34:06,679 On the left, we have an 983 00:34:06,680 --> 00:34:09,198 Amazon fire, HD 10, 984 00:34:09,199 --> 00:34:11,479 and on the right we have a five X 985 00:34:11,480 --> 00:34:12,948 device. And you can kind of see that 986 00:34:12,949 --> 00:34:15,529 there are different UX 987 00:34:15,530 --> 00:34:17,658 indicators that your phone has 988 00:34:17,659 --> 00:34:18,659 Foldes encryption. 989 00:34:20,190 --> 00:34:22,379 And in general and desktop OS 990 00:34:22,380 --> 00:34:24,569 environments, you can see that ever 991 00:34:24,570 --> 00:34:26,759 since 2013, this has been widely 992 00:34:26,760 --> 00:34:29,218 supported by Windows 993 00:34:29,219 --> 00:34:31,379 and and Mac OS and 994 00:34:31,380 --> 00:34:33,059 also Linux has had it for a very long 995 00:34:33,060 --> 00:34:35,158 time in most distributions 996 00:34:35,159 --> 00:34:36,869 that's been available ever since the mid 997 00:34:36,870 --> 00:34:37,870 2000s. 998 00:34:40,350 --> 00:34:42,329 So the important thing to know when 999 00:34:42,330 --> 00:34:44,488 you're using this encryption is not 1000 00:34:44,489 --> 00:34:47,488 to forget your passphrase, 1001 00:34:47,489 --> 00:34:49,138 because if you forget your passphrase, in 1002 00:34:49,139 --> 00:34:51,149 most cases, you actually aren't going to 1003 00:34:51,150 --> 00:34:53,459 be able to access the data in general 1004 00:34:53,460 --> 00:34:55,229 that stored on that device. 1005 00:34:55,230 --> 00:34:57,359 Some tools, like a bit longer 1006 00:34:57,360 --> 00:34:59,819 on Windows will allow you to 1007 00:34:59,820 --> 00:35:02,369 to kind of transfer your passphrase 1008 00:35:02,370 --> 00:35:05,269 to windows and 1009 00:35:05,270 --> 00:35:07,559 to to let Microsoft know 1010 00:35:07,560 --> 00:35:08,549 what it is. 1011 00:35:08,550 --> 00:35:10,589 And, you know, that means, of course, 1012 00:35:10,590 --> 00:35:11,939 that if you're letting Microsoft know 1013 00:35:11,940 --> 00:35:13,349 what it is and they can unlock the 1014 00:35:13,350 --> 00:35:14,999 contents of your laptop. 1015 00:35:15,000 --> 00:35:17,069 So you should if 1016 00:35:17,070 --> 00:35:19,619 you want to use this, keep in mind that 1017 00:35:19,620 --> 00:35:21,239 you have to be really comfortable with 1018 00:35:21,240 --> 00:35:23,069 Microsoft being able to access all your 1019 00:35:23,070 --> 00:35:24,070 data. 1020 00:35:25,680 --> 00:35:28,049 One thing that you can do is also turn 1021 00:35:28,050 --> 00:35:30,029 off the fingerprint unlock, as Curt 1022 00:35:30,030 --> 00:35:31,409 mentioned. 1023 00:35:31,410 --> 00:35:33,209 But, you know, one thing that is probably 1024 00:35:33,210 --> 00:35:34,649 more effective is actually turning your 1025 00:35:34,650 --> 00:35:35,789 device off. 1026 00:35:35,790 --> 00:35:37,949 And when you turn on your device off and 1027 00:35:37,950 --> 00:35:40,079 then bring it back up, you 1028 00:35:40,080 --> 00:35:41,849 can turn it off before you cross the 1029 00:35:41,850 --> 00:35:43,829 border, bring it back up when you cross 1030 00:35:43,830 --> 00:35:46,139 the border, and it'll prompt you again 1031 00:35:46,140 --> 00:35:47,939 for your folder's encryption passphrase 1032 00:35:47,940 --> 00:35:50,159 and it'll bypass the, you 1033 00:35:50,160 --> 00:35:51,689 know, the screen unlock that in your 1034 00:35:51,690 --> 00:35:52,690 fingerprint. 1035 00:35:53,460 --> 00:35:55,589 This also means that it's going 1036 00:35:55,590 --> 00:35:58,619 to prevent, you know, DMA attacks, 1037 00:35:58,620 --> 00:36:00,779 direct memory access attacks or zero 1038 00:36:00,780 --> 00:36:03,299 days on screen unlock 1039 00:36:03,300 --> 00:36:04,739 programs. 1040 00:36:04,740 --> 00:36:06,989 But of course, this really only works if 1041 00:36:06,990 --> 00:36:09,569 you have a password set 1042 00:36:09,570 --> 00:36:10,859 at all. 1043 00:36:10,860 --> 00:36:13,229 And you might remember 1044 00:36:13,230 --> 00:36:14,230 this. 1045 00:36:16,420 --> 00:36:18,789 So moving on from Foldes, encryption 1046 00:36:18,790 --> 00:36:21,049 passphrase is and and 1047 00:36:21,050 --> 00:36:23,079 disk encryption, there's also a mechanism 1048 00:36:23,080 --> 00:36:25,179 called trusted boot and 1049 00:36:25,180 --> 00:36:26,229 it's a way to ensure that the boot 1050 00:36:26,230 --> 00:36:28,749 process in general is verified 1051 00:36:28,750 --> 00:36:30,729 and trusted by the operating system. 1052 00:36:30,730 --> 00:36:32,949 So it goes all the way 1053 00:36:32,950 --> 00:36:35,469 from, you know, the pre boot sequence 1054 00:36:35,470 --> 00:36:37,449 to the operating system, loading, loading 1055 00:36:37,450 --> 00:36:38,349 itself. 1056 00:36:38,350 --> 00:36:40,599 And this requires some kind 1057 00:36:40,600 --> 00:36:42,909 of a hardware trusted platform module 1058 00:36:42,910 --> 00:36:45,039 or equivalent piece of hardware 1059 00:36:45,040 --> 00:36:47,019 that's built into the device that's 1060 00:36:47,020 --> 00:36:48,549 separate from the CPU. 1061 00:36:48,550 --> 00:36:50,949 And this, you know, verify 1062 00:36:50,950 --> 00:36:53,739 the boot sequence all the way to the OS 1063 00:36:53,740 --> 00:36:55,509 and it can kind of provide this neat 1064 00:36:55,510 --> 00:36:57,669 thing called remote attestation 1065 00:36:57,670 --> 00:36:59,979 that lets you know as a user 1066 00:36:59,980 --> 00:37:02,229 that the boot process has been 1067 00:37:02,230 --> 00:37:03,369 secured. 1068 00:37:03,370 --> 00:37:05,679 One of the most clever implementations 1069 00:37:05,680 --> 00:37:08,499 trusted Vuit was 1070 00:37:08,500 --> 00:37:10,959 demonstrated by Trimodal Hudson 1071 00:37:10,960 --> 00:37:13,209 last year at C.C.C., and it uses 1072 00:37:13,210 --> 00:37:15,339 this thing called trusted platform 1073 00:37:15,340 --> 00:37:17,499 module Time-Based 1074 00:37:17,500 --> 00:37:18,849 one time password. 1075 00:37:18,850 --> 00:37:20,469 And what this does, and this is an 1076 00:37:20,470 --> 00:37:22,839 example of it, you have 1077 00:37:22,840 --> 00:37:24,949 the seed for the one 1078 00:37:24,950 --> 00:37:27,249 time the top that's actually 1079 00:37:27,250 --> 00:37:29,919 encoded in the TPM 1080 00:37:29,920 --> 00:37:31,899 and then it attached the boot process 1081 00:37:31,900 --> 00:37:33,789 generates a one time password, which you 1082 00:37:33,790 --> 00:37:35,859 can verify with an Android app 1083 00:37:35,860 --> 00:37:37,179 like Google authenticator. 1084 00:37:37,180 --> 00:37:38,409 I thought that was a really cool 1085 00:37:38,410 --> 00:37:39,410 implementation. 1086 00:37:41,350 --> 00:37:42,969 There's mobile support for a trusted 1087 00:37:42,970 --> 00:37:44,439 route as well. 1088 00:37:44,440 --> 00:37:46,329 There's iOS is low level bootloader, 1089 00:37:46,330 --> 00:37:48,189 which which bootstraps iView, which 1090 00:37:48,190 --> 00:37:50,289 routes into the operating system itself, 1091 00:37:50,290 --> 00:37:51,669 and Android four point four. 1092 00:37:51,670 --> 00:37:53,979 And later it's called Verified Bhoot, 1093 00:37:53,980 --> 00:37:55,869 and it uses the trusted execution, 1094 00:37:55,870 --> 00:37:58,119 environment and Android devices in some 1095 00:37:58,120 --> 00:37:59,529 cases where they're available. 1096 00:37:59,530 --> 00:38:01,629 So you can check if your device has 1097 00:38:01,630 --> 00:38:04,089 this and and is equivalent 1098 00:38:04,090 --> 00:38:05,769 to be. 1099 00:38:05,770 --> 00:38:07,359 One thing to keep in mind about that, 1100 00:38:07,360 --> 00:38:09,429 though, is that software 1101 00:38:09,430 --> 00:38:11,529 support for trusted boot 1102 00:38:11,530 --> 00:38:14,409 is only available in two 1103 00:38:14,410 --> 00:38:16,629 different Android operating systems. 1104 00:38:16,630 --> 00:38:18,609 One is Stock Android and two is Copper 1105 00:38:18,610 --> 00:38:20,799 Head OS, which has a very high level 1106 00:38:20,800 --> 00:38:22,629 of security. If you're using something 1107 00:38:22,630 --> 00:38:24,459 like lineage OS, you won't get the 1108 00:38:24,460 --> 00:38:26,289 benefits of trust that view. 1109 00:38:26,290 --> 00:38:28,209 And on the right here, we have kind of a 1110 00:38:28,210 --> 00:38:30,609 graph which shows what the brute process 1111 00:38:30,610 --> 00:38:32,799 looks like in these various 1112 00:38:32,800 --> 00:38:34,569 different configurations. 1113 00:38:34,570 --> 00:38:36,369 And if you've loaded a third party from. 1114 00:38:38,110 --> 00:38:39,999 So, you know, entrusted with desktop 1115 00:38:40,000 --> 00:38:41,799 support for Windows eight has this thing 1116 00:38:41,800 --> 00:38:43,899 called secure, but what's important to 1117 00:38:43,900 --> 00:38:46,119 keep in mind about security is that, 1118 00:38:46,120 --> 00:38:48,729 well, it's an UNFI standard 1119 00:38:48,730 --> 00:38:51,039 that Windows uses and it's not trusted, 1120 00:38:51,040 --> 00:38:54,249 but it doesn't secure against 1121 00:38:54,250 --> 00:38:55,779 local attackers trusted. 1122 00:38:55,780 --> 00:38:57,789 It does Windows eight. 1123 00:38:57,790 --> 00:38:59,889 And a security mechanism really doesn't. 1124 00:38:59,890 --> 00:39:01,599 And it's not intended to you. 1125 00:39:01,600 --> 00:39:03,969 It's good against remote attacks, but 1126 00:39:03,970 --> 00:39:06,099 it's not going to 1127 00:39:06,100 --> 00:39:09,069 protect you much if you're at the border. 1128 00:39:09,070 --> 00:39:10,839 Linux supports various different 1129 00:39:10,840 --> 00:39:13,209 destroyer's that have 1130 00:39:13,210 --> 00:39:15,279 trusted Bhoot available 1131 00:39:15,280 --> 00:39:17,589 for them. You can use self-denying keys 1132 00:39:17,590 --> 00:39:19,449 in many cases, but you should check on 1133 00:39:19,450 --> 00:39:21,189 your hardware support if it's available 1134 00:39:21,190 --> 00:39:23,319 for you. Chrome OS has had this built 1135 00:39:23,320 --> 00:39:25,719 in since the beginning and 1136 00:39:25,720 --> 00:39:28,119 in the form of it's called verified bude, 1137 00:39:28,120 --> 00:39:31,359 just like it's available in Android. 1138 00:39:31,360 --> 00:39:33,249 Verified boot has gotten better over time 1139 00:39:33,250 --> 00:39:35,349 against local attacks and 1140 00:39:35,350 --> 00:39:38,769 Mac OS has secure boot available 1141 00:39:38,770 --> 00:39:40,869 on an iMac pro. 1142 00:39:40,870 --> 00:39:43,479 But if you're at the border, I-Max 1143 00:39:43,480 --> 00:39:45,669 aren't really used 1144 00:39:45,670 --> 00:39:48,009 for travel very much unless 1145 00:39:48,010 --> 00:39:49,510 you're very audacious. 1146 00:39:53,310 --> 00:39:55,499 So security lesin, you can kind of 1147 00:39:55,500 --> 00:39:57,569 see the security Legian method that 1148 00:39:57,570 --> 00:40:00,299 Elliott on Mr. Robot uses by microwaving 1149 00:40:00,300 --> 00:40:01,889 his hard drives. 1150 00:40:01,890 --> 00:40:03,509 But if you're not as enterprising as 1151 00:40:03,510 --> 00:40:04,859 Eliot and you might want to bring those 1152 00:40:04,860 --> 00:40:06,000 devices over the border, 1153 00:40:07,020 --> 00:40:08,279 then you can use security. 1154 00:40:08,280 --> 00:40:09,280 Leyshon. 1155 00:40:10,020 --> 00:40:11,969 And what's important here is that 1156 00:40:11,970 --> 00:40:14,459 security Lesin, you know, is 1157 00:40:14,460 --> 00:40:16,169 very different from a simple deletion. 1158 00:40:16,170 --> 00:40:17,849 You simply delete a file on your hard 1159 00:40:17,850 --> 00:40:19,769 drive, then that's not going to do much. 1160 00:40:19,770 --> 00:40:21,749 It just change it just erases the lines 1161 00:40:21,750 --> 00:40:23,759 around it, saying this is a file. 1162 00:40:23,760 --> 00:40:26,099 All the data in those files are actually 1163 00:40:26,100 --> 00:40:27,299 still there. 1164 00:40:27,300 --> 00:40:29,519 So, you know, border agents have 1165 00:40:29,520 --> 00:40:31,529 these complicated forensic tools and even 1166 00:40:31,530 --> 00:40:34,179 simple tools can get those files back. 1167 00:40:34,180 --> 00:40:36,329 But border agents have things 1168 00:40:36,330 --> 00:40:38,759 like Cellebrite, as I mentioned before, 1169 00:40:38,760 --> 00:40:40,439 and they can recover the deleted files, 1170 00:40:40,440 --> 00:40:42,749 emails, contacts, et cetera. 1171 00:40:42,750 --> 00:40:45,449 And so security should be really be used 1172 00:40:45,450 --> 00:40:48,119 if you want to remove those files. 1173 00:40:48,120 --> 00:40:50,189 And there are various tools that 1174 00:40:50,190 --> 00:40:51,359 you can use to do it. 1175 00:40:51,360 --> 00:40:52,890 But there are also some caveats. 1176 00:40:54,240 --> 00:40:56,309 And, you know, when we're talking 1177 00:40:56,310 --> 00:40:58,859 about secure deletion, you think about 1178 00:40:58,860 --> 00:41:01,469 things like factory reset or formatting, 1179 00:41:01,470 --> 00:41:02,459 factory reset. 1180 00:41:02,460 --> 00:41:04,649 It depends. It may or may not 1181 00:41:04,650 --> 00:41:07,199 actually remove the data securely 1182 00:41:07,200 --> 00:41:08,789 from your device. 1183 00:41:08,790 --> 00:41:10,949 It depends on your OS and it depends on 1184 00:41:10,950 --> 00:41:12,839 if you have full disk encryption enabled 1185 00:41:12,840 --> 00:41:14,399 in the first place. 1186 00:41:14,400 --> 00:41:15,859 So that's important to keep in mind. 1187 00:41:15,860 --> 00:41:18,269 Factory reset often 1188 00:41:18,270 --> 00:41:20,519 doesn't cover things like if you have, 1189 00:41:20,520 --> 00:41:23,309 for instance, a SSD 1190 00:41:23,310 --> 00:41:25,379 that's entered into your phone 1191 00:41:25,380 --> 00:41:27,299 and you do a factory reset, it's not 1192 00:41:27,300 --> 00:41:29,699 going to oftentimes delete the data 1193 00:41:29,700 --> 00:41:31,439 in that phone. So that's kind of 1194 00:41:31,440 --> 00:41:32,640 something that you should keep in mind. 1195 00:41:33,660 --> 00:41:35,999 Secure deletion is quite easy on laptops, 1196 00:41:36,000 --> 00:41:38,189 but sometimes it's hard to find 1197 00:41:38,190 --> 00:41:40,439 tools that work well on mobile 1198 00:41:40,440 --> 00:41:42,030 platforms or tablets. 1199 00:41:43,430 --> 00:41:45,229 In addition, when you're talking about 1200 00:41:45,230 --> 00:41:47,299 USB flash drives, 1201 00:41:47,300 --> 00:41:49,819 SSD memory cards and the like, 1202 00:41:49,820 --> 00:41:51,199 they implement something called where 1203 00:41:51,200 --> 00:41:53,209 leveling, which means that when you're 1204 00:41:53,210 --> 00:41:55,309 doing it writes and reads to 1205 00:41:55,310 --> 00:41:57,469 those cards the kind of spread 1206 00:41:57,470 --> 00:41:59,779 them across the Solid-State. 1207 00:41:59,780 --> 00:42:02,179 And that means that the OS has no way 1208 00:42:02,180 --> 00:42:04,369 to introspect to learn about 1209 00:42:04,370 --> 00:42:06,709 where on the SSD those bytes 1210 00:42:06,710 --> 00:42:08,269 are being actually stored. 1211 00:42:08,270 --> 00:42:10,519 So they can't you can't use programs 1212 00:42:10,520 --> 00:42:12,199 that do you secure deletion on these. 1213 00:42:12,200 --> 00:42:13,759 So that's kind of something that, you 1214 00:42:13,760 --> 00:42:16,159 know, you can't reliably do for 1215 00:42:16,160 --> 00:42:18,139 SSD, memory cards and the like. 1216 00:42:19,550 --> 00:42:20,479 You know, when we're talking about 1217 00:42:20,480 --> 00:42:22,969 formatting, there are two 1218 00:42:22,970 --> 00:42:24,829 definitions of formatting, two different 1219 00:42:24,830 --> 00:42:26,629 things when we're talking about there's 1220 00:42:26,630 --> 00:42:28,249 something called a high level format, 1221 00:42:28,250 --> 00:42:30,439 which definitely does not delete the data 1222 00:42:30,440 --> 00:42:32,269 that you want to securely delete. 1223 00:42:32,270 --> 00:42:33,889 And then there's low level formatting, 1224 00:42:33,890 --> 00:42:35,959 which by and large, will be the data that 1225 00:42:35,960 --> 00:42:37,880 we really want to get rid of. 1226 00:42:40,190 --> 00:42:41,819 And some of the tools and particular 1227 00:42:41,820 --> 00:42:43,279 deletion. 1228 00:42:43,280 --> 00:42:44,899 So there's a distinction between the 1229 00:42:44,900 --> 00:42:46,219 individual files that you might want to 1230 00:42:46,220 --> 00:42:47,899 delete. And then there's free space that 1231 00:42:47,900 --> 00:42:49,459 you want to delete. 1232 00:42:49,460 --> 00:42:51,769 Linux has tools like scrub and scrub 1233 00:42:51,770 --> 00:42:54,199 is good with the dash argument. 1234 00:42:54,200 --> 00:42:56,419 If you want to override all the free 1235 00:42:56,420 --> 00:42:59,059 space with with 060 1236 00:42:59,060 --> 00:43:00,949 out that free space. 1237 00:43:00,950 --> 00:43:02,719 And it can also be used for individual 1238 00:43:02,720 --> 00:43:05,569 files. Wife is another tool. 1239 00:43:05,570 --> 00:43:07,639 But both Linux and Windows 1240 00:43:07,640 --> 00:43:10,369 have a utility called Bletch Bot, 1241 00:43:10,370 --> 00:43:12,469 which we can delete not 1242 00:43:12,470 --> 00:43:14,749 only individual files, but also things 1243 00:43:14,750 --> 00:43:16,759 that you might not even think about, like 1244 00:43:16,760 --> 00:43:19,069 browser history, thumbnails, 1245 00:43:19,070 --> 00:43:21,169 cache of of, you 1246 00:43:21,170 --> 00:43:22,369 know, different programs that you have 1247 00:43:22,370 --> 00:43:23,539 installed. 1248 00:43:23,540 --> 00:43:25,699 So this is this is kind of a good way 1249 00:43:25,700 --> 00:43:27,439 to get down to the things that you might 1250 00:43:27,440 --> 00:43:28,819 forget about. 1251 00:43:28,820 --> 00:43:30,559 But again, it might be imperfect to you 1252 00:43:30,560 --> 00:43:32,869 so you can look into how well 1253 00:43:32,870 --> 00:43:33,870 it works. 1254 00:43:34,880 --> 00:43:37,369 And finally, for mobile devices, 1255 00:43:37,370 --> 00:43:39,529 I think that the best thing is to 1256 00:43:39,530 --> 00:43:41,599 actually use disk encryption and this 1257 00:43:41,600 --> 00:43:43,669 can be used as a kind of a way 1258 00:43:43,670 --> 00:43:45,469 to do secure deletion. 1259 00:43:45,470 --> 00:43:48,319 So if you have your full disk encrypted, 1260 00:43:48,320 --> 00:43:50,209 then you actually, you know, make it 1261 00:43:50,210 --> 00:43:52,339 unreadable unless you have, you 1262 00:43:52,340 --> 00:43:54,439 know, for instance, that passphrase 1263 00:43:54,440 --> 00:43:56,329 often the way that disk encryption works 1264 00:43:56,330 --> 00:43:59,089 is that you use a passphrase 1265 00:43:59,090 --> 00:44:01,819 to unlock a short esky 1266 00:44:01,820 --> 00:44:04,189 in the beginning of a partition 1267 00:44:04,190 --> 00:44:05,179 and then, like, go. 1268 00:44:05,180 --> 00:44:07,609 And then it actually uses that then to 1269 00:44:07,610 --> 00:44:10,099 decrypt the entire drive. 1270 00:44:10,100 --> 00:44:12,079 But if you use if you wipe that 1271 00:44:12,080 --> 00:44:13,759 decryption key in the beginning of the 1272 00:44:13,760 --> 00:44:16,009 drive, then this will 1273 00:44:16,010 --> 00:44:18,889 make the data fully unavailable. 1274 00:44:18,890 --> 00:44:21,079 So that's one way to actually make 1275 00:44:21,080 --> 00:44:22,759 sure that your files are securely 1276 00:44:22,760 --> 00:44:24,079 deleted. 1277 00:44:24,080 --> 00:44:25,529 This is kind of built into what's called 1278 00:44:25,530 --> 00:44:27,649 a factory reset in iOS and also 1279 00:44:27,650 --> 00:44:29,839 power wash on Chrome books and 1280 00:44:29,840 --> 00:44:31,819 Linux. This can be achieved by formatting 1281 00:44:31,820 --> 00:44:34,369 your hard drive and just reinstalling 1282 00:44:34,370 --> 00:44:36,559 it from, you know, another copy 1283 00:44:36,560 --> 00:44:37,560 of it. 1284 00:44:38,810 --> 00:44:40,969 And finally, cloud storage, cloud 1285 00:44:40,970 --> 00:44:43,219 storage is a good way to basically 1286 00:44:43,220 --> 00:44:45,439 move those vital files off 1287 00:44:45,440 --> 00:44:47,509 of the device that you want 1288 00:44:47,510 --> 00:44:49,939 to be somewhere else and often 1289 00:44:49,940 --> 00:44:51,889 is the case that if you upload it to the 1290 00:44:51,890 --> 00:44:54,079 cloud and you have less legal protections 1291 00:44:54,080 --> 00:44:55,489 than having it on your device, but when 1292 00:44:55,490 --> 00:44:57,229 you're crossing the border, this actually 1293 00:44:57,230 --> 00:44:58,369 might be the reverse. 1294 00:44:58,370 --> 00:45:00,259 You might have better protections when 1295 00:45:00,260 --> 00:45:02,579 you're crossing the border, if you have 1296 00:45:02,580 --> 00:45:04,759 your your contents of various 1297 00:45:04,760 --> 00:45:06,829 files on the cloud instead. 1298 00:45:06,830 --> 00:45:08,329 So this is kind of a process of data 1299 00:45:08,330 --> 00:45:10,009 minimization. 1300 00:45:10,010 --> 00:45:12,349 And and, you know, you can kind of hide 1301 00:45:12,350 --> 00:45:14,659 the files from receiving border guards 1302 00:45:14,660 --> 00:45:16,999 and also kind of makes it better 1303 00:45:17,000 --> 00:45:18,439 for theft when traveling abroad. 1304 00:45:19,940 --> 00:45:21,799 But of course, there is no cloud, there 1305 00:45:21,800 --> 00:45:23,179 are just other people's computers. 1306 00:45:24,930 --> 00:45:26,699 Any cloud storage, we have risks, you 1307 00:45:26,700 --> 00:45:28,709 have the risk of a government coming and 1308 00:45:28,710 --> 00:45:30,959 issuing a subpoena to a third 1309 00:45:30,960 --> 00:45:32,909 party, to you, to your cloud provider, 1310 00:45:32,910 --> 00:45:35,009 and it's them saying fork over the 1311 00:45:35,010 --> 00:45:37,289 data and that can be very dangerous. 1312 00:45:37,290 --> 00:45:39,389 I can actually get your data to the 1313 00:45:39,390 --> 00:45:41,039 government. Hackers don't need a 1314 00:45:41,040 --> 00:45:42,659 subpoena. They can just hack into the 1315 00:45:42,660 --> 00:45:43,889 cloud servers and get that deal 1316 00:45:43,890 --> 00:45:44,890 themselves. 1317 00:45:45,600 --> 00:45:48,179 And also, the unfortunate 1318 00:45:48,180 --> 00:45:50,429 fact is that most cloud providers only 1319 00:45:50,430 --> 00:45:52,559 offer encryption when uploading it 1320 00:45:52,560 --> 00:45:54,899 in-transit to, you know, 1321 00:45:54,900 --> 00:45:56,189 something like Dropbox. 1322 00:45:56,190 --> 00:45:58,259 And it's just sitting there for all 1323 00:45:58,260 --> 00:46:00,449 to see in the in the server 1324 00:46:00,450 --> 00:46:02,789 side when you have it actually on Dropbox 1325 00:46:02,790 --> 00:46:03,790 itself. 1326 00:46:04,500 --> 00:46:07,109 So, you know, there are some services 1327 00:46:07,110 --> 00:46:09,569 that offer client side encryption 1328 00:46:09,570 --> 00:46:11,639 where you encrypt the files on your 1329 00:46:11,640 --> 00:46:13,649 local device before ever sending it up to 1330 00:46:13,650 --> 00:46:14,639 the cloud. 1331 00:46:14,640 --> 00:46:17,099 And this is often called zero knowledge 1332 00:46:17,100 --> 00:46:18,869 in the industry as kind of a weird 1333 00:46:18,870 --> 00:46:20,909 terminology, because it's different from 1334 00:46:20,910 --> 00:46:22,529 zero knowledge, proof that you might need 1335 00:46:22,530 --> 00:46:24,569 know from cryptography. 1336 00:46:24,570 --> 00:46:26,489 It provides protection against, again, 1337 00:46:26,490 --> 00:46:27,869 governments and hackers. 1338 00:46:27,870 --> 00:46:29,339 But you should really remember to back up 1339 00:46:29,340 --> 00:46:31,049 and remember your key material and 1340 00:46:31,050 --> 00:46:32,999 passphrase if you're using this method. 1341 00:46:34,540 --> 00:46:35,859 So here's a kind of chart of the 1342 00:46:35,860 --> 00:46:38,889 different services that offer 1343 00:46:38,890 --> 00:46:40,869 client side encryption and do not offer 1344 00:46:40,870 --> 00:46:42,909 it, you'll notice that the most popular 1345 00:46:42,910 --> 00:46:45,369 services don't actually offer 1346 00:46:45,370 --> 00:46:46,329 clients and encryption. 1347 00:46:46,330 --> 00:46:48,219 Then you have to use some of the lesser 1348 00:46:48,220 --> 00:46:50,589 known services in order to 1349 00:46:50,590 --> 00:46:52,809 really get the best protection 1350 00:46:52,810 --> 00:46:55,149 for your cloud backups. 1351 00:46:55,150 --> 00:46:57,129 And finally, you can use a self hosted 1352 00:46:57,130 --> 00:47:00,069 service like own cloud or next cloud 1353 00:47:00,070 --> 00:47:02,259 if you're not trusting cloud services in 1354 00:47:02,260 --> 00:47:04,569 general and just want to host your own 1355 00:47:04,570 --> 00:47:07,479 way to back up your your files. 1356 00:47:07,480 --> 00:47:09,429 And this comes with some, you know, 1357 00:47:09,430 --> 00:47:11,619 advantages and disadvantages. 1358 00:47:11,620 --> 00:47:13,869 One advantage is that I call it subpena 1359 00:47:13,870 --> 00:47:16,119 resilience, which means that you 1360 00:47:16,120 --> 00:47:17,679 will have the subpoena come to you 1361 00:47:17,680 --> 00:47:19,119 directly so you'll actually know about 1362 00:47:19,120 --> 00:47:20,739 it, whereas your cloud service provider 1363 00:47:20,740 --> 00:47:21,930 might actually never tell you. 1364 00:47:23,140 --> 00:47:25,239 And the other thing is that with 1365 00:47:25,240 --> 00:47:27,219 your own cloud and next cloud, they have 1366 00:47:27,220 --> 00:47:29,439 a service that allows you to 1367 00:47:29,440 --> 00:47:31,569 use client side encryption as of 1368 00:47:31,570 --> 00:47:33,759 next cloud 11, which is coming 1369 00:47:33,760 --> 00:47:36,069 out in some point next year. 1370 00:47:36,070 --> 00:47:37,419 They're going to offer clients any 1371 00:47:37,420 --> 00:47:38,829 encryption as a default. 1372 00:47:38,830 --> 00:47:41,799 So that's a kind of great way to 1373 00:47:41,800 --> 00:47:43,749 protect your data by yourself in a way 1374 00:47:43,750 --> 00:47:44,750 that you control. 1375 00:47:45,700 --> 00:47:47,589 But one kind of really important 1376 00:47:47,590 --> 00:47:49,719 consideration to keep in mind is that you 1377 00:47:49,720 --> 00:47:52,179 want a GPS enabled on your server 1378 00:47:52,180 --> 00:47:54,879 when you're using these cloud services, 1379 00:47:54,880 --> 00:47:55,880 if you're self hosting. 1380 00:47:58,060 --> 00:48:00,399 So some of the takeaways from this 1381 00:48:00,400 --> 00:48:02,559 is that, you know, best defense is not 1382 00:48:02,560 --> 00:48:04,479 to bring your device with you. 1383 00:48:04,480 --> 00:48:05,889 You know, you might kind of be a little 1384 00:48:05,890 --> 00:48:07,149 bit less stressed out if you just don't 1385 00:48:07,150 --> 00:48:08,259 have that device with you in the first 1386 00:48:08,260 --> 00:48:09,260 place. 1387 00:48:09,670 --> 00:48:12,009 Secondly, if you do choose to, 1388 00:48:12,010 --> 00:48:13,999 you know, bring your device with you, use 1389 00:48:14,000 --> 00:48:16,059 Foldes encryption, use a trusted 1390 00:48:16,060 --> 00:48:18,129 boot, you know, a computer that 1391 00:48:18,130 --> 00:48:20,949 enables trusted bruddah, has it built in 1392 00:48:20,950 --> 00:48:23,169 and, you know, employ some data 1393 00:48:23,170 --> 00:48:25,239 minimization practices 1394 00:48:25,240 --> 00:48:26,919 that can offer some powerful full 1395 00:48:26,920 --> 00:48:29,139 protections for your data in 1396 00:48:29,140 --> 00:48:30,669 general. 1397 00:48:30,670 --> 00:48:32,799 So with that, thanks very much. 1398 00:48:32,800 --> 00:48:34,089 And I think we're going to turn it over 1399 00:48:34,090 --> 00:48:35,619 to you. Questions. 1400 00:48:35,620 --> 00:48:36,789 All right. Thank you. Thank you, 1401 00:48:36,790 --> 00:48:37,790 everybody. 1402 00:48:51,050 --> 00:48:52,820 Well, thank you very much. 1403 00:48:54,020 --> 00:48:55,609 That was great advice. 1404 00:48:55,610 --> 00:48:58,309 OK, we'll have a short Q&A. 1405 00:48:58,310 --> 00:48:59,930 We have about eight minutes, 1406 00:49:00,980 --> 00:49:01,980 so. 1407 00:49:05,960 --> 00:49:08,089 People queuing up on 1408 00:49:08,090 --> 00:49:09,090 the mix. 1409 00:49:11,200 --> 00:49:14,169 Here, here you are, sorry, excuse me. 1410 00:49:14,170 --> 00:49:15,099 So first one. 1411 00:49:15,100 --> 00:49:17,109 Number three, please, one sentence with a 1412 00:49:17,110 --> 00:49:18,239 question mark at the end. 1413 00:49:18,240 --> 00:49:19,240 Right. 1414 00:49:19,920 --> 00:49:21,699 What can you tell us about the devices 1415 00:49:21,700 --> 00:49:23,169 being bugged at the border? 1416 00:49:23,170 --> 00:49:25,239 So spy programs putting on it? 1417 00:49:26,500 --> 00:49:28,539 Yeah. So if you have some kind of a 1418 00:49:28,540 --> 00:49:30,649 trusted mechanism, then if they can 1419 00:49:30,650 --> 00:49:32,049 get it into the operating system level, 1420 00:49:32,050 --> 00:49:33,939 then, you know, some spyware that is 1421 00:49:33,940 --> 00:49:35,679 installed, the operating system level, 1422 00:49:35,680 --> 00:49:36,819 they can't actually get to you in the 1423 00:49:36,820 --> 00:49:37,309 first place. 1424 00:49:37,310 --> 00:49:38,389 So that's a good protection. 1425 00:49:39,850 --> 00:49:41,679 OK, hang on. 1426 00:49:41,680 --> 00:49:43,119 There's a question from the Internet. 1427 00:49:45,090 --> 00:49:46,649 Yes, thank you. 1428 00:49:46,650 --> 00:49:48,809 Do you think it's a good idea to have 1429 00:49:48,810 --> 00:49:50,879 a dummy account or a dummy profile on 1430 00:49:50,880 --> 00:49:51,880 a device? 1431 00:49:52,960 --> 00:49:55,059 One of the challenges with having a 1432 00:49:55,060 --> 00:49:57,369 dummy account or dummy profile is 1433 00:49:57,370 --> 00:50:00,189 that in the context of discussing it, 1434 00:50:00,190 --> 00:50:02,139 you may be put in a position where you 1435 00:50:02,140 --> 00:50:04,389 would be giving false information to the 1436 00:50:04,390 --> 00:50:05,499 border agent. 1437 00:50:05,500 --> 00:50:07,059 And then if it was discovered that there 1438 00:50:07,060 --> 00:50:09,279 was a different account, then 1439 00:50:09,280 --> 00:50:11,409 you would have potentially 1440 00:50:11,410 --> 00:50:13,479 open yourself up to a penalty for 1441 00:50:13,480 --> 00:50:15,789 giving that false information that then 1442 00:50:15,790 --> 00:50:17,859 could be used to give tremendous 1443 00:50:17,860 --> 00:50:19,929 pressure upon you to access 1444 00:50:19,930 --> 00:50:22,029 the rest of the device as you might be 1445 00:50:22,030 --> 00:50:24,130 facing some jail time. 1446 00:50:25,840 --> 00:50:27,909 OK, let's try the mic on the 1447 00:50:27,910 --> 00:50:29,260 left side, please. 1448 00:50:30,280 --> 00:50:32,289 You said you you said do not lie to 1449 00:50:32,290 --> 00:50:33,290 border agents. 1450 00:50:34,280 --> 00:50:36,459 What about claiming I just forgot my 1451 00:50:36,460 --> 00:50:38,829 password? And what about saying it's 200? 1452 00:50:38,830 --> 00:50:40,969 Correct us on a random sheet of paper I 1453 00:50:40,970 --> 00:50:42,259 my bed. 1454 00:50:42,260 --> 00:50:44,079 Well, one of the things we do what we do 1455 00:50:44,080 --> 00:50:46,029 actually not know your password. 1456 00:50:46,030 --> 00:50:47,050 Right. So if you 1457 00:50:48,100 --> 00:50:49,599 still stand by, don't lie to the border 1458 00:50:49,600 --> 00:50:51,909 agents. But you 1459 00:50:51,910 --> 00:50:54,069 if you actually don't know your password, 1460 00:50:54,070 --> 00:50:55,509 then you can truthfully say that. 1461 00:50:55,510 --> 00:50:57,159 And then perhaps when you get to the far 1462 00:50:57,160 --> 00:50:59,499 side, you could have some other mechanism 1463 00:50:59,500 --> 00:51:01,539 of getting that 200 character password to 1464 00:51:01,540 --> 00:51:04,149 you so you could unlock your device. 1465 00:51:04,150 --> 00:51:06,639 So that may enable you to 1466 00:51:06,640 --> 00:51:08,409 be truthful about it and not be able to 1467 00:51:08,410 --> 00:51:10,089 give up the information. 1468 00:51:10,090 --> 00:51:11,199 Keep in mind that if you're in a 1469 00:51:11,200 --> 00:51:13,359 situation where if they don't 1470 00:51:13,360 --> 00:51:15,879 like your answers, they can refuse 1471 00:51:15,880 --> 00:51:17,499 to have you come into the country. 1472 00:51:17,500 --> 00:51:19,359 They may do so even though you say you 1473 00:51:19,360 --> 00:51:21,459 don't you don't have and they may 1474 00:51:21,460 --> 00:51:23,679 not care why you can't give it into them, 1475 00:51:23,680 --> 00:51:25,449 but be dissatisfied enough to turn you 1476 00:51:25,450 --> 00:51:26,450 away. 1477 00:51:27,100 --> 00:51:28,009 OK, thank you. 1478 00:51:28,010 --> 00:51:29,010 Over here, please. 1479 00:51:29,890 --> 00:51:32,439 There's a deep erasing. 1480 00:51:32,440 --> 00:51:34,779 I just wanted to comment that 1481 00:51:34,780 --> 00:51:36,789 if you delete your files and then write a 1482 00:51:36,790 --> 00:51:39,039 random file over the whole disk, you 1483 00:51:39,040 --> 00:51:41,619 will get most of the 1484 00:51:41,620 --> 00:51:43,899 solid state data covid 1485 00:51:43,900 --> 00:51:44,949 and replaced. 1486 00:51:44,950 --> 00:51:47,019 But my actual question is, do you know 1487 00:51:47,020 --> 00:51:49,899 if there are already forensic tools 1488 00:51:49,900 --> 00:51:52,779 that can retrieve 1489 00:51:52,780 --> 00:51:55,759 the data that's stored? 1490 00:51:55,760 --> 00:51:58,309 After I've trimmed my data 1491 00:51:58,310 --> 00:52:00,619 and it's still on the state side 1492 00:52:00,620 --> 00:52:03,199 on the SSD drive, can I read that out 1493 00:52:03,200 --> 00:52:05,179 by? Do you mean security delete? 1494 00:52:05,180 --> 00:52:07,459 No, no. I mean, when I delete 1495 00:52:07,460 --> 00:52:09,589 my files, the trim system 1496 00:52:09,590 --> 00:52:12,019 will just tell the SSD 1497 00:52:12,020 --> 00:52:13,939 that these blocks are not used anymore, 1498 00:52:13,940 --> 00:52:16,639 but they are still set 1499 00:52:16,640 --> 00:52:18,419 on the solid state side. 1500 00:52:18,420 --> 00:52:20,479 So do you know if forensic 1501 00:52:20,480 --> 00:52:22,849 tools can actually ask 1502 00:52:22,850 --> 00:52:23,809 the SSD? 1503 00:52:23,810 --> 00:52:25,639 Hey, tell me what's hidden there that you 1504 00:52:25,640 --> 00:52:27,919 marked deleted, but what you still have 1505 00:52:27,920 --> 00:52:29,989 programed in so that I can 1506 00:52:29,990 --> 00:52:30,990 retrieve the data. 1507 00:52:31,940 --> 00:52:33,949 If that wouldn't be available, then I 1508 00:52:33,950 --> 00:52:35,779 wouldn't have to do the extra erase that 1509 00:52:35,780 --> 00:52:37,939 are just the extra overwrite that 1510 00:52:37,940 --> 00:52:38,929 I just suggested. 1511 00:52:38,930 --> 00:52:41,149 Yeah. So I'm not aware 1512 00:52:41,150 --> 00:52:42,229 of any tools like that. 1513 00:52:42,230 --> 00:52:44,329 One thing to know about SSD is that 1514 00:52:44,330 --> 00:52:45,499 they have embedded firmware in them 1515 00:52:45,500 --> 00:52:46,429 themselves. 1516 00:52:46,430 --> 00:52:48,739 So you can continue to see 1517 00:52:48,740 --> 00:52:50,869 an SSD card that actually 1518 00:52:50,870 --> 00:52:53,149 kind of accelerates any data 1519 00:52:53,150 --> 00:52:54,859 that you write to it, to some kind of 1520 00:52:54,860 --> 00:52:56,659 hidden extra partition. 1521 00:52:56,660 --> 00:52:58,669 I think Buddy Hwang actually has done a 1522 00:52:58,670 --> 00:52:59,989 lot of research on that. 1523 00:52:59,990 --> 00:53:01,609 So if you want to look into that, that's 1524 00:53:01,610 --> 00:53:02,810 a good place to start. 1525 00:53:04,630 --> 00:53:05,739 OK, thank you. 1526 00:53:05,740 --> 00:53:07,839 Another question from the Internet, 1527 00:53:07,840 --> 00:53:09,759 thank you for just a brief comment and 1528 00:53:09,760 --> 00:53:11,319 well-equipped has been missed on your 1529 00:53:11,320 --> 00:53:13,449 list of encryption tools. 1530 00:53:13,450 --> 00:53:15,549 And then the question, do you know, 1531 00:53:15,550 --> 00:53:17,709 is your knowledge Cloud claimed for 1532 00:53:17,710 --> 00:53:19,959 a common cloud provider, maybe 1533 00:53:19,960 --> 00:53:22,059 even open source, so that we can see 1534 00:53:22,060 --> 00:53:23,060 that it actually encrypt? 1535 00:53:24,760 --> 00:53:27,339 So for the common 1536 00:53:27,340 --> 00:53:29,589 cloud provider that uses client side 1537 00:53:29,590 --> 00:53:31,959 encryption, you know, 1538 00:53:31,960 --> 00:53:34,149 they're the main ones that you might 1539 00:53:34,150 --> 00:53:35,469 have heard of, you know, your whole 1540 00:53:35,470 --> 00:53:37,449 family might have heard about don't 1541 00:53:37,450 --> 00:53:39,609 really offer it in general. 1542 00:53:39,610 --> 00:53:42,849 But if you have a semaphore 1543 00:53:42,850 --> 00:53:44,979 and or, you know, if you use Spider 1544 00:53:44,980 --> 00:53:47,259 Oaks programs and they are 1545 00:53:47,260 --> 00:53:49,959 kind of well vetted 1546 00:53:49,960 --> 00:53:52,059 system for doing client side 1547 00:53:52,060 --> 00:53:54,339 encryption, backup backups 1548 00:53:54,340 --> 00:53:55,340 on the cloud. 1549 00:53:57,350 --> 00:53:58,789 OK, thank you. 1550 00:53:58,790 --> 00:54:00,989 One more question on the left side here. 1551 00:54:02,360 --> 00:54:04,639 So my question is less 1552 00:54:04,640 --> 00:54:06,259 technical, maybe more legal. 1553 00:54:06,260 --> 00:54:08,419 I was wondering regarding 1554 00:54:08,420 --> 00:54:10,579 being careful about consent and 1555 00:54:10,580 --> 00:54:12,679 kind of choosing your own adventure, 1556 00:54:12,680 --> 00:54:14,899 is there a distinction, 1557 00:54:14,900 --> 00:54:16,609 any meaningful distinction between 1558 00:54:16,610 --> 00:54:18,799 complying with a search and consenting? 1559 00:54:18,800 --> 00:54:20,959 Can you say? You know, I understand 1560 00:54:20,960 --> 00:54:23,479 that you're ordering me to submit 1561 00:54:23,480 --> 00:54:25,699 a password and submit a phone. 1562 00:54:25,700 --> 00:54:27,979 I'm going to comply with that 1563 00:54:27,980 --> 00:54:30,589 under, you know, under duress, not 1564 00:54:30,590 --> 00:54:32,779 not consenting to keep your legal options 1565 00:54:32,780 --> 00:54:34,249 available in the future. 1566 00:54:34,250 --> 00:54:36,319 Yeah, I think there there are 1567 00:54:36,320 --> 00:54:38,449 important distinctions. And I think in 1568 00:54:38,450 --> 00:54:42,019 the truth is, even if somebody 1569 00:54:42,020 --> 00:54:43,819 gives what appears to be consent under 1570 00:54:43,820 --> 00:54:45,589 the circumstances, there's actually some 1571 00:54:45,590 --> 00:54:46,999 pretty good arguments that that's not a 1572 00:54:47,000 --> 00:54:47,959 freely given consent. 1573 00:54:47,960 --> 00:54:49,309 You're under tremendous pressure. 1574 00:54:49,310 --> 00:54:51,499 You're being kept away from 1575 00:54:51,500 --> 00:54:53,719 other forms of communications. 1576 00:54:53,720 --> 00:54:56,029 It is a situation in which the 1577 00:54:56,030 --> 00:54:58,039 custom agents have tremendous power over 1578 00:54:58,040 --> 00:54:59,269 you. 1579 00:54:59,270 --> 00:55:01,369 And so I think that even if 1580 00:55:01,370 --> 00:55:03,859 you if you said, you know, 1581 00:55:03,860 --> 00:55:05,630 I'm not consenting, but here you go, 1582 00:55:07,100 --> 00:55:08,719 you could certainly argue that that 1583 00:55:08,720 --> 00:55:09,709 wasn't consent. 1584 00:55:09,710 --> 00:55:11,329 And I think there are circumstances and 1585 00:55:11,330 --> 00:55:13,399 we like, fine, you know, you 1586 00:55:13,400 --> 00:55:14,479 could say that you weren't really 1587 00:55:14,480 --> 00:55:15,649 consenting to that. 1588 00:55:15,650 --> 00:55:18,229 But the more clearly you say 1589 00:55:18,230 --> 00:55:20,329 that you're not consenting or the 1590 00:55:20,330 --> 00:55:22,969 more clearly you clarify 1591 00:55:22,970 --> 00:55:25,249 whether it is a request or an order 1592 00:55:25,250 --> 00:55:27,139 that could help your situation later, 1593 00:55:27,140 --> 00:55:29,239 especially if you are able to clarify 1594 00:55:29,240 --> 00:55:32,179 that it is just a request and thereby 1595 00:55:32,180 --> 00:55:33,180 say no. 1596 00:55:34,010 --> 00:55:36,769 We'll take one final question 1597 00:55:36,770 --> 00:55:39,319 just before all the frustration 1598 00:55:39,320 --> 00:55:40,369 breaks out. 1599 00:55:40,370 --> 00:55:42,589 Kurtz and Williams said they'll be 1600 00:55:42,590 --> 00:55:44,779 at your fifth stand, which 1601 00:55:44,780 --> 00:55:47,299 is in level plus one on the 1602 00:55:47,300 --> 00:55:48,199 scale. 1603 00:55:48,200 --> 00:55:51,019 So if you people have questions 1604 00:55:51,020 --> 00:55:52,099 going after will take. 1605 00:55:52,100 --> 00:55:54,379 Sorry, one final question on 1606 00:55:54,380 --> 00:55:56,089 the right side. 1607 00:55:56,090 --> 00:55:58,339 Yes. Adding on top of the 1608 00:55:58,340 --> 00:56:00,149 dummy account question, I'd like to ask 1609 00:56:00,150 --> 00:56:02,419 if you can recommend a program that 1610 00:56:02,420 --> 00:56:04,459 automatically does which death accounts 1611 00:56:04,460 --> 00:56:06,709 based on which password I enter into 1612 00:56:06,710 --> 00:56:07,710 my device. 1613 00:56:08,690 --> 00:56:10,939 Yeah. So a plausible deniability 1614 00:56:10,940 --> 00:56:12,799 kind of schema. 1615 00:56:12,800 --> 00:56:14,539 I believe that there are those givens out 1616 00:56:14,540 --> 00:56:16,789 there, but I think it probably 1617 00:56:16,790 --> 00:56:18,079 has an opinion about whether you should 1618 00:56:18,080 --> 00:56:18,979 use them or not. 1619 00:56:18,980 --> 00:56:21,349 I mean, as I say, the same issue as 1620 00:56:21,350 --> 00:56:23,359 before. You're you're taking a risk by 1621 00:56:23,360 --> 00:56:24,769 trying to do that. And that is the risk 1622 00:56:24,770 --> 00:56:26,899 that if that is discovered, that is 1623 00:56:26,900 --> 00:56:29,509 really suspicious to them and 1624 00:56:29,510 --> 00:56:31,399 so that that highly escalates the matter. 1625 00:56:31,400 --> 00:56:34,069 So you're you're trading off this 1626 00:56:34,070 --> 00:56:36,319 possibility that you'll be able to 1627 00:56:36,320 --> 00:56:38,719 appear to be cooperative 1628 00:56:38,720 --> 00:56:40,999 and not have them access to 1629 00:56:41,000 --> 00:56:43,279 the the true information against 1630 00:56:43,280 --> 00:56:45,379 the possibility that 1631 00:56:45,380 --> 00:56:47,509 they discover that something funny is 1632 00:56:47,510 --> 00:56:48,649 going on, you know, after they put it 1633 00:56:48,650 --> 00:56:50,959 through the Cellebrite or whatnot. 1634 00:56:50,960 --> 00:56:52,849 And see, there's a lot of data that 1635 00:56:52,850 --> 00:56:54,919 they're not able to access and then 1636 00:56:54,920 --> 00:56:57,199 the consequences ratchet 1637 00:56:57,200 --> 00:56:59,509 up. So I think that 1638 00:56:59,510 --> 00:57:00,950 it's a relatively 1639 00:57:02,300 --> 00:57:04,549 high risk if something goes wrong, 1640 00:57:04,550 --> 00:57:06,109 that it will be treated as a very 1641 00:57:06,110 --> 00:57:07,459 suspicious person. 1642 00:57:07,460 --> 00:57:10,369 Know that there is another software 1643 00:57:10,370 --> 00:57:12,889 that Backtrack uses 1644 00:57:12,890 --> 00:57:15,049 that if you enter certain parts like 1645 00:57:15,050 --> 00:57:17,329 blocks passphrase, then it'll instead 1646 00:57:17,330 --> 00:57:19,879 delete the contents of your device 1647 00:57:19,880 --> 00:57:21,799 again and not at the border. 1648 00:57:21,800 --> 00:57:23,509 They would find that extremely 1649 00:57:23,510 --> 00:57:24,510 suspicious. 1650 00:57:25,640 --> 00:57:27,109 Just saying it's out there. 1651 00:57:27,110 --> 00:57:28,129 OK, thank you. 1652 00:57:28,130 --> 00:57:30,379 I'm afraid we have to close this now. 1653 00:57:30,380 --> 00:57:32,599 Let's give a final big hand for 1654 00:57:32,600 --> 00:57:34,729 Kirkup and William 1655 00:57:34,730 --> 00:57:34,909 you. 1656 00:57:34,910 --> 00:57:35,910 Thank you, everybody.