[Cryptography] detention and/or seizure if you don't give your passphrase to US CBP

[John Denker]

Hi --

US Customs and Border Patrol (CBP) claims unlimited authority, not
restricted by the Constitution, at "points of entry".  They also
claim near-unlimited authority within a "reasonable distance" of
any land or sea boundary of the US.  They have unilaterally decided
that 100 miles sounds "reasonable" to them.  Two-thirds of all
people in the US live within this 100-mile zone.

This leads to problems with password-protected and/or encrypted
devices.  These problems are not hypothetical:

> A U.S.-born scientist was detained at the Houston airport until he 
> gave customs agents the passcode to his work-issued device.

The rest of the story (1600 words) by Kaveh Waddell is at: 
   https://www.theatlantic.com/technology/archive/2017/02/a-nasa-engineer-is-required-to-unlock-his-phone-at-the-border/516489/

The story correctly quotes CBP policy:

>> CONSEQUENCES OF FAILURE TO PROVIDE INFORMATION:
>>  Collection of this information is mandatory at 
>> the time that CBP or ICE seeks to copy information from the 
>> electronic device.  Failure to provide information to assist 
>> CBP or ICE in the copying of information from the electronic
>> device may result in its detention and/or seizure. 

Reference:
  https://www.cbp.gov/sites/default/files/documents/inspection-electronic-devices-tearsheet.pdf

==============

This leads to some hypothetical but entirely plausible situations
with considerable downside potential:

  1)  Suppose your battery dies while you're on a day trip to
   Tijuana.  Your device gets seized.

  2) Suppose you are on vacation. You give your phone and laptop
   to your family to take home while you go on ahead, or stay
   behind.  Your spouse and children miss their flight while
   CBP tries to extract the passphrase from them.  Then the
   devices get seized.

  3) Suppose your devices contains random numbers that you
   cannot possibly decode, such as are attached below.  You
   miss your flight, and your devices get seized.


-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQIMA9jh5gIisxa+ARAAljDxUjMtrbNWN1YPIaZcR6VHbsR7aMIOB+6b+bhkezFm
//qWMoSE4A3nY0RqdhJCHxJMvgBnQDQtMTAW+omV0oDm/QAf34YAV3kF/VPTAuGQ
vByn6uDDaV5Dyvkn2UYnQqDxbdtxq9LUhg9UExr0Xruv62BHJUSLs8Xc5WEEVoYa
nteG2KBq4bvALr7aLx8379ynCgk5qTf+8zOni/CEFXoraWJ9cYkNTutS9AotV8Pm
JiobisaJOGeH/cKPH+FLy7/6mjfFe3YADs9C9oGy1EtSngXj5yRwe/EKJ2SLOA4Z
mLkvxtOQvKWQzItfZuHrdJ73Yu18YD8MHx0YABERRQpUehVR/TMrRr9CZYwIcbXu
Lpbk1TjBj5E1g5KJGUWVFEM/fwTwPsRPp3DwBHFYhFmLYzcS9ii/CtriDo05WJwS
RUFVm09nNC9poshZZ4SW9uHPUDXP4m60Qk5wA+7bjOj3yXOtalQ3CRWnZBtzji11
neAFpVxk5Fgb7MhbNO5kqk+4EirueB9XkFeDdxt6X4H0e7dFh2URPiceZDzUU22+
n+uFrCoRuIibP536SuAwqGNg3Y8OJdLVwQDc/b/Y81uDr1Y0zOMYBij9rBwm9KXl
f+mzfWHtKky0tLnzJUkbwXiq0aQAFFalEB1BkT2Jc/8QusYXrfNJ83aeee05vIXS
6QFdoZNsqNtgvEAD1Zabv2D6W/3t89Gb5BSbzbMtG6p2hzZDy41cfu1mLuW59Y9o
+jN53FdpsvaijHvY5e8JVLpxuHU49TfqV7V99BRKHnaAID8vxeQp/U22lBUhNS7/
qFdbCABjuHvg9MISpOsVFU2W4IvwuTiimPEc9RxvZDhARV5QayVAH9v4WXxogxEH
FY7UsPleDImb5HoOQ3c0jXEZQJNvUF3zrSBJdMPg2t2qk+DFyIQXGXloXNCciFEP
w/G+OPFiPEvmWHaKL7OGLw5DXoulXbyP7SjDC1iplIuk7eqgoIpKnF908gyS3YxB
oGeFvpRH28en8NrskcvRB7oDNPxQTDSxKZCfOKkXPTiotU3qNG6gpStdMBDzAViE
EcivJqcSlJF72WPsNqdT78qOsGCGw6hoZK63UVjKMHI1TQNHXKVTrhhOfA+zAkdA
SjR+YHtatDVzpIrrTUN9LqY2ZxJglqdwoTxe6AweguXOAUVWURNR5FEsnKz2lJn5
WTW6s959SmLH8mqBq1ReM/YiJ9n2jyeqHJKmSMTaRWwBl8UxS1OOJ7Gf2U+BSKB5
TlLONsiGm0TXI0f3cB9P8/7dEOR1ljMe97PE7O/dgXmO0CJ/Gv4qDEFcFUUa8ot/
vLyJhB6yFAVwTdB6pd3VH2uFVu+cGAVV8JETkP8Ja9KjPzMgadiW0F6rHGVuiKpM
xRLISy+jTjsq1w0icFMMAqXMl0n3mn1n/aj/WVHTly5uCNPqUqBBasOdzBs4mx31
BA==
=JuaO
-----END PGP MESSAGE-----


The previous PGP block started out as 512 bytes from a high-grade
random number generator, although you could not possibly prove
that.  Also, it was public-key encoded to a recipient for whom
no private key has ever existed, although you could not possibly
prove that.