Since 2009, U.S. Customs and Border Protection agents have been allowed to search electronic devices carried by citizens or noncitizens as they cross the border into the United States from other countries. More recently, Homeland Security Secretary John Kelly suggested this digital vetting should also include harvesting social media passwords. Kelly’s proposal prompted legal and technology experts to respond with an open letter expressing deep concern about any policy that demands that individuals violate the “first rule of online security”: Do not share your passwords.
Travelers themselves responded, too, looking for ways to avoid surrendering their device passwords to federal agents. One approach – what we might call the “Nothing To See Here” method – tries to make a device unsearchable by erasing the hard drive before travel, uninstalling social media apps, letting the device’s battery charge run out or even wiping the device if an emergency or “duress” password was entered.
The “I’d Love To Comply, But I Can’t” approach involves exotic solutions like installing two-factor authentication on the device or social media account, and then making the second factor (such as a passcode or digital key) available only in a remote location. Retrieving the second factor would require a warrant and travel outside the border crossing.
These methods are dangerous because they put an already stressed traveler in the position of defying law enforcement at the border, a legal environment that is designed to support the government and not the traveler. Following this advice properly also requires careful execution of technical skills that most travelers don’t have. And the degree of advance planning and preparation required might itself be considered a sign of suspicious activity requiring deeper scrutiny by border officials.
But it’s tempting to wonder: Could computer scientists and software designers like me create a better password system? Can we make “I’d Love To Comply, But I Can’t” the only possible answer for every traveler? In short, can we create passwords even their owners don’t know?