The whole question seems to be a way to hide the proverbial white elephant. Why would the border police want to look at my PC's content anyway (apart from proving that it really work and is not just a cleverly disguised bomb, or drug stash). If I would smuggle illegal "whatshamacallits" the only reason to do it on my PC and travel through the border instead of using the internet would be because the internet "borders" would be watched "better" than the physical borders. So it seems that either: "Whatshamacallits" smuggler are better informed than I am and KNOW that the <your favorite big brother> is reading ALL their encrypted anonymised e-mail. (and of course mine and yours and everybodys, because how would they know otherwise). Or it is not an efficient way to stop "Whatshamacallits" smuggler and then it seems it is just a way to hassle random people, since booting your PC letting the officer sniff around to find "Whatshamacallits" will take a significant amount of time, probably enough the make you miss your plane, train connection or what ever. (I guess using non Microsoft OS will be a way to agravate the nice officer that has not been trained on your platform). It also prompts a question: If I have a virtual "on-line" disk somewhere (lets say just to seem really suspicious it is hosted in transdniestrian moldova) I go to the US with my "clean PC", and then sit down and remote mount my "on-line" disk. Does it mean that now the US border control can legally inspect my data as it enters the US without any warrant ? Since it would actually be just a "continuation" of the search that they "might have made" on my PC when I crossed the border. [ps] ------------------- - In truth we are not moving to a "big brother state" it is just a conspiration launched by the pharma industry to sell more anti paranoia pills - but of course "they" would say that ;-) Le dimanche 30 juillet 2006 ` 18:04 -0400, David Farber a icrit :

Begin forwarded message:

From: Andrew Grosso Date: July 30, 2006 4:58:41 PM EDT To: dave@farber.net Subject: Re: [IP] Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]

As a former Assistant U.S. Attorney, allow me to comment.

Information may be obtained by the government from a person in one of four ways: (1) it is voluntarily provided; (2) by regulation in a heavily regulated industry; (3) by subpoena; and (4) by a search and seizure warrant. We are concerned with number 3, the subpoena.

A person can refuse to produce incriminating information in response to a subpoena under the Fifth Amendment. Please note that the password is not protected. If it is written down somewhere, the document on which it is written is not protected by the privilege. The *act* of producing the document or the password itself *may* be privileged, if such an act is itself incriminating. For example, if the password was used in a crime, and the fact that you have the password in your possession tends to show that you participated or conspired in the crime, and then the Fifth Amendment privilege is applicable to protect you from implicating yourself in the crime. The Government *can* immunize you to the limited extent necessary to obtain the password - it cannot then use the fact that it got the password from you in order to prosecute you. This is known as "Doe" immunity, and there is an extensive line of cases that has developed in this area. Webster Hubbell, the former Associate Attorney General who was convicted of tax fraud by Ken Starr's IC Office, eventually had his conviction vacated because Starr's legal team failed to follow the rules when they obtained, from him (by subpoena), his tax records.

If the government is not investigating a crime, then it may use an administrative or civil subpoena to try and get the password. If the witness invokes the Fifth Amendment, then the government can immunize that person and compel production.

The second point, above, concerning a regulated industry, applies to such areas as Medicare and Medicaid, Government contractors for procurement matters, industrial health and safety mattes, environmental concerns, etc. The same analysis as above would apply.

Border searches are a different animal, since the government has the right to inspect items crossing the border without a warrant. However, if the password is in the traveler's head, then that is not an "item" that can be inspected at the border. The information on the laptop might very well be such an item, however, and if the only way to convince the government to allow you to cross the border is to show the border guards what is on the laptop, then the traveler might very well face the choice of turning on the laptop and opening files,, using the password, or not crossing the border. I do not believe that, even here, the traveler would have to produce the password itself.

Andrew Grosso, Esq. Andrew Grosso & Associates 1250 Connecticut Avenue, NW, Suite 200 Washington, D.C. 20036 (202) 261-3593 Email: Agrosso@acm.org Web Site: www.GrossoLaw.com ----- Original Message ----- From: David Farber To: ip@v2.listbox.com Sent: Friday, July 28, 2006 2:26 PM Subject: [IP] Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]

Begin forwarded message:

From: "Patrick W. Gilmore" Date: July 28, 2006 2:11:45 PM EDT To: dave@farber.net Cc: "Patrick W. Gilmore" Subject: Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]

On Jul 28, 2006, at 1:32 PM, David Farber wrote:

...

I don't believe it is a crime in any US Federal or State law, or in Canadian law, to set passwords and use encryption. In the US, I believe that a warrant would be necessary for law enforcement to ask for your password, but I don't know if you have to comply. IANAL.

That is a good question - Can you be compelled to give up a password? Would you mind posting it to IP, I am interested in the answer.

Seems there might be some 'self-incriminatory' arguments here. Perhaps even an "unreasonable search" argument. But IANAL.

------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]