UK/USA Customs and laptops
May 11, 2009 10:12 AM   Subscribe

Outside of porn which I am not concerned about what does UK/US customs look for on laptop computers? Specifically, I have some movies that I have 'ripped' from dvd and I wanted to know if those are something they get finicky about.
posted by occidental to Travel & Transportation (47 answers total) 3 users marked this as a favorite
 
I don't think they generally search the contents of your laptop. I just returned from a trip to the UK and no one took a second glance at my computer - it went through the x-ray machine, but that's all. I even got my bags searched returning the US, and they weren't interested in the laptop at all.
posted by backseatpilot at 10:15 AM on May 11, 2009


They don't do that anymore.
posted by Zambrano at 10:15 AM on May 11, 2009


Never seen them check it. But if you're worried TrueCrypt provides open-source strong encryption.

I'm sure you're not the only one who's brought pirate content across a border.
posted by katrielalex at 10:18 AM on May 11, 2009 [1 favorite]


I'd imagine that it's difficult for them to prove on-the-spot that those aren't "backup" copies, unless it's glaringly obvious (still has the warez-style naming, nfo file, etc) or if you have a hundred different ripped movies.

Realize that they have the right to seize and hold your laptop until you prove that what's on it is legitimate, and when that happens the laptops often get damaged or "lost".
posted by randomstriker at 10:18 AM on May 11, 2009


I think they only care about a) weapons, b) diseases you may be carrying either yourself or in fruits/meats that you want to bring in to the country, and c) whether you're smuggling large amounts of liquor/cigarettes/diamonds/etc.

I've never had anyone look at my laptop, except to make sure that it really was a laptop, and not something that would explode.
posted by kestrel251 at 10:19 AM on May 11, 2009


They won't even ask you to open it. They used to ask you to turn it on, but there are just too many of them. I estimate that over 50% of airplane passengers have a laptop. Unless you got detained and searched for some other reason (say, a gigantic brick of hash) they're not even go to notice it.
posted by GuyZero at 10:19 AM on May 11, 2009




I don't get it - did you actually 'rip' these movies from DVD? Onto your own computer? Because that's not piracy. Or are you using that as a euphemism for torrenting?

I'm sure they reserve the right at both ends to search your computer (just as you consent to body searches by flying through international airports), but I also doubt they would exercise it unless you were being stopped for another reason.
posted by Happy Dave at 10:21 AM on May 11, 2009


No experience with the UK but I travel internationally semi-frequently and no one has bothered checking my laptop. Based on a couple of AskMe comments, I have recently started truecrypting my video folder before I travel. Even if an airport security drone made you boot up, he/she wouldn't know where to look for a truecrypt archive.

You can also set it to an invisible partition if you are extra paranoid.
posted by special-k at 10:25 AM on May 11, 2009


While ripping a personally owned DVD to your hard drive is not piracy, it is a violation of the DMCA. Circumventing the copy protection on the disc to copy it is technically illegal. But in your situation I wouldn't worry too much. You may want to use TrueCrypt as katrielalex suggested to give you piece of mind though.
posted by AltReality at 10:31 AM on May 11, 2009


You could always put some obscure Live CD in the CD drive and set it up to boot from that if they turn it on. I guess it's possible that they would remove any CDs from the drive as part of their protocol, but if they don't I doubt they would have the time or expertise to go through the hassle of mounting your drives from a unix console to check them.
posted by burnmp3s at 10:32 AM on May 11, 2009


The only thing I've seen in Europe, really, is Americans being laughed at for removing their laptops from their bags and taking their shoes off. Don't worry about it.
posted by kcm at 10:32 AM on May 11, 2009 [2 favorites]


The only thing I've seen in Europe, really, is Americans being laughed at for removing their laptops from their bags and taking their shoes off. Don't worry about it.

The question is about UK/US travel. On my flight out of the UK (Heathrow) - 2 weeks ago - I was asked to remove the laptop. Same for the flight back of course.
posted by vacapinta at 10:36 AM on May 11, 2009


Is it wise to encrypt something that is relatively benign? If the effort at encryption is detected (but not broken), this would seem to raise unnecessary suspicions.
posted by Clyde Mnestra at 10:37 AM on May 11, 2009


I think that "inspecting your laptop" thing was for the US/Canada border.
posted by smackfu at 10:37 AM on May 11, 2009


I travel through Heathrow on international flights about once a month with my laptop and have done so since 2006. No one has ever asked me to open it. As of February 2009, you do have to now remove your laptop from your bag and place it through security separately.
posted by meerkatty at 10:50 AM on May 11, 2009


The only thing I've seen in Europe, really, is Americans being laughed at for removing their laptops from their bags and taking their shoes off. Don't worry about it.

London Gatwick will make you remove your laptop from your bag for the x-ray, and often will x-ray your shoes as well.

Leaving Gatwick for Australia in December 2008, my laptop was also taken aside, opened, and swabbed with a cloth that was then put into an electronic terminal - I think it was testing for drug residue. I'm British so it's not just something they do for foreigners. I wasn't asked to turn it on though.
posted by EndsOfInvention at 11:21 AM on May 11, 2009


@Clyde Mnestra: one property of strong encryption is that it is indistinguishable from random noise. You can claim you recently wiped your hard drive. In fact, you can even have a hidden drive -- a file which decrypts to two different things depending on which password you enter. Plausible deniability is important.
posted by katrielalex at 11:22 AM on May 11, 2009 [1 favorite]


The only thing I've seen in Europe, really, is Americans being laughed at for removing their laptops from their bags and taking their shoes off. Don't worry about it.

In the last 2 years I've been through Stansted, Heathrow, Gatwick, London City, Exeter, Glasgow and Newquay airports and been asked to get my laptop out of its case in each. Further to the question, they've never turned it on.
posted by biffa at 11:23 AM on May 11, 2009


Laptops DO get inspected randomly. Just because most people haven't experienced it doesn't mean that it doesn't happen. It has happened to me.

My take is that when going through customs/immigration, the authorities have a lot more power of you and your possesions than police on home soil usually do. If they want to, they can really fuck up your day. So I don't take chances.
posted by randomstriker at 11:24 AM on May 11, 2009


The only thing I've seen in Europe, really, is Americans being laughed at for removing their laptops from their bags and taking their shoes off.
Okay for the shoes. Nobody has much reason to laugh at shoeless others, though, when they're themselves fiddling with their belts, dropping their purses, watches and toothpaste and standing in each-other's ways.

As far as my experience goes, you always have to remove your laptop and check it through the machine separately, even at the smaller European airports.
posted by Namlit at 12:05 PM on May 11, 2009


Laptops DO get inspected randomly.

Perhaps. Just because they can doesn't mean that they actually do truly random searches. More likely is someone has tripped some other alarm bell and this triggers a "random" search. Partitioning and encrypting will slow them down but it won't be the TSA wand jockeys that are doing the searching so it will not stop them.

In other words, don't worry about it unless you have some other reason to believe that you will be setting off alarm bells.
posted by Pollomacho at 12:08 PM on May 11, 2009


Best answer: There's an article on Boingboing that talks about how to keep your laptop data out of customs' hands - which might be worth doing if you're concerned they'll seize it and if you have confidential info on there (like client info, or your financial info - I don't presume law enforcement is any more honorable than anyone else in terms of identity theft.) I agree with the folks who say you likely don't have anything to worry about, but here it is if you're interested.
posted by mccn at 12:16 PM on May 11, 2009


Best answer: I think people are confusing airport security with customs. The people who might search your laptop are not the doofuses standing around the X-ray machine, that you go past before you get onto a plane. The doofuses we are concerned with are the ones standing around near Passport Control, after you get off your plane, before you can go into your destination country.

At least in the U.S., these people are basically gods and can do whatever they'd like to you. (Maybe they can't have you sent somewhere and waterboarded, but I wouldn't consider anything else off the table.) If they want to comb through your laptop or confiscate it for a while and generally ruin your day, they can. Most of the time, though, they don't — but they can. If you are a Westerner, is easily the most one-sided interaction you are likely to ever have with law enforcement, in terms of how limited your rights are and how much power they have over you. And yes, they are tasked, officially anyway, with interdicting pirated movies and other forms of intellectual property theft.

Frankly, I would give serious thought to taking anything that's even remotely questionable off of your laptop (anything that you think is worth putting in a TrueCrypt volume) and FedExing it to your destination separately. That way the laptop is squeaky clean on the off chance that it gets searched. Sure, the chances of getting searched are pretty remote unless you're in some way suspicious, but given the possible downsides — almost certain delay, possible confiscation of your laptop — it seems prudent.

If you can't do that for whatever reason, I'd at least create a TrueCrypt partition on an external hard drive and keep all your movies, porn, copies of the Anarchists' Cookbook, Al Qaeda training manuals, etc. there. (If you want to watch movies on your flight, just delete them before you land.)

In all likelihood this will all feel like a waste of time, because you'll walk right through customs. But on the off chance that for whatever reason one of the Hitlerjugend decide to single you out for inspection, it'll be time well spent.
posted by Kadin2048 at 12:19 PM on May 11, 2009 [1 favorite]


Partitioning and encrypting will slow them down but it won't be the TSA wand jockeys that are doing the searching so it will not stop them.

Unless they have some sort of NSA-level secret cryptography knowledge then encryption certainly will stop them. Breaking a standard encryption algorithm like the ones used in TrueCrypt is extremely difficult, to the point where if you had the key stored somewhere non-obvious (like on the SD card you have in your digital camera) it would take dedicated supercomputers a significant amount of time (as in years) to break. And that's if they even figured out that you were using encryption, which is a non-trivial task if you disguise your encrypted data well and don't have a big TrueCrypt icon on your desktop.
posted by burnmp3s at 12:29 PM on May 11, 2009


It wouldn't work for everyone's needs, but for some situations, purchasing an inexpensive netbook for travelling might be an option.
posted by gimonca at 12:35 PM on May 11, 2009


Meaning: leave your movies, attorney-client privileged data, finances, whatever at home, only travel with what you need to travel with. Laptops do get lost or stolen.
posted by gimonca at 12:38 PM on May 11, 2009


Unless they have some sort of NSA-level secret cryptography knowledge then encryption certainly will stop them.

I don't think the claim is that they have crazy code-cracking skillz, rather that they can demand that you give them the key. My (grossly underinformed) guess is that, in their eyes, you have no more right to refuse to decrypt your data for them than you would to refuse to unlock your luggage, which is to say, none...
posted by ManInSuit at 12:43 PM on May 11, 2009


Best answer: My understanding is that a) customs can look at what they want in both the US and the UK and b) they can compel you (via the court system: jails, fines etc) to decrypt whatever is on your computer. Here is one link about customs siezing laptops and here is another one on forced decryption. Both from voice of reason Bruce Schneirer.
posted by shothotbot at 1:07 PM on May 11, 2009


mmmph, bonus Schneirer link summarizing the issue.
posted by shothotbot at 1:09 PM on May 11, 2009


My (grossly underinformed) guess is that, in their eyes, you have no more right to refuse to decrypt your data for them than you would to refuse to unlock your luggage, which is to say, none...

This is actually an unsettled point of law in the United States. There's a case working its way through the system now that may decide it, however.
posted by mr_roboto at 1:29 PM on May 11, 2009


With all this talk of encryption, it's worth pointing out that the UK govt recently awarded itself the right to demand passwords and encryption keys for any accounts or data they can't access. Refusing to hand these over is a crime in its own right.

In theory they can only do it for terrorist suspects. However, I wouldn't be shocked if bringing lots of encrypted data through customs then refusing to unlock it, is itself enough to push you onto that list.
posted by metaBugs at 1:54 PM on May 11, 2009


Best answer: My (grossly underinformed) guess is that, in their eyes, you have no more right to refuse to decrypt your data for them than you would to refuse to unlock your luggage, which is to say, none

they can compel you (via the court system: jails, fines etc) to decrypt whatever is on your computer

How do they find out that you are using encryption and/or prove that you're able to decrypt some random file on your computer though? Here's my list of possible protections:

Have your your computer boot into a fake/limited account or OS. This could be done dual-booting, using a Live CD, or logging in with a different user name and password than you normally do.

Pros:
- If customs is just going to look over your shoulder or manually check for files, you're fine.
- If customs is going to run some native-OS software to scan your system, you might be fine.

Cons:
- If they remove your hard drive or use some other method to talk to your drives directly then you're in trouble.
- They might be able to figure out that you're trying to fake them out, which could raise a red flag.

Before you leave on your trip, securely erase your free space on any of your drives, remove any suspicious files or programs that you don't need to bring with you, and make sure your machine has been powered off for at least a few minutes before it is checked (so that no ghost data can be captured from RAM).

Pros:
- These steps help you make sure you're not accidentally bringing any extra data that you don't want to bring.

Cons:
- None

Create a virtual drive in TrueCrypt or similar software that lets you save an encrypted drive in a single file using a random key. Put any files you want to be inaccessible in there, and save the key somewhere safe (anywhere but on that computer or anything else customs might seize). Save the encrypted file somewhere obscure on your drive and give it the filename random.bin. Remove TrueCrypt from your system and any other evidence that you've used it (browser history, recent documents, etc.).

Pros:
- Even if customs dumps the contents of your drive, they probably won't find your encrypted file with a normal search.
- If they do find your encrypted file, it's impossible for them decrypt it without spending years trying every possible key if you did everything properly.
- If they try to take you to court to compel you to decrypt it, you can claim that they file is randomly generated bytes that you were using to test file transfer speeds on your network. They would have no possible way of disproving that claim, other than breaking the encryption themselves or somehow proving how the file was created.

Cons:
- They might be using forensic software that automatically flags files of seemingly random data, which would help them zero in on your encrypted file.
- They might confiscate your laptop if they figure out what you are doing and don't like your explanation.
- You might have to lie if they end up taking you to court and you still don't want to give them the key.
posted by burnmp3s at 1:59 PM on May 11, 2009 [2 favorites]


Encrypting it will just prolong any possible standoff. You don't need it encrypted, you need it hidden. And there are ten thousand ways to do that.

I travel once a month or so, sometimes twice, and have never had software inspected. I have been asked to wake up a laptop a few times (to prove it is not a prop) but not in many years. Always seemed silly to me, given the x-ray machine.

A co-traveler had his digital camera inspected at customs (not security) in LA once, though, including thumbing through every photo on the memory card. It was only a minute or two, and I think it was to validate "this was a personal trip, not a business one" though I am sure if they'd found some pics of 13yo ladyboys, the results might have differed.

On the 1-in-1000 chance it comes up, "I ripped the movies to my hard disk to watch on the plane, because I didn't feel like carrying the DVDs around" would probably get you past anyone feeling you out.

I have traveled with ripped movies for many, many years.
posted by rokusan at 2:10 PM on May 11, 2009


Response by poster: Thank you everyone for the answers. In addition to my practical need I asked this question as I felt as there is very little information available on both Custom's Websites as to what is actually prohibited or what they can search for on your laptop. In my case I have nothing to hide as I own the movies, however, as pointed out above, it could be prosecuted under the DMCA but I like to think you would really have to piss off the agent for this to happen. As for my situation and after reading the articles I will probably put the films on an encrypted thumb drive and delete them after watching them. The so-called "Burn After Reading" trick.
posted by occidental at 3:31 PM on May 11, 2009


Encrypting it will just prolong any possible standoff. You don't need it encrypted, you need it hidden.

Please do enlighten us as to the difference... TrueCrypt volumes do not contain known file headers and their content is indistinguishable from randomness.

I don't think the claim is that they have crazy code-cracking skillz, rather that they can demand that you give them the key. My (grossly underinformed) guess is that, in their eyes, you have no more right to refuse to decrypt your data for them than you would to refuse to unlock your luggage, which is to say, none...

My understanding is that a) customs can look at what they want in both the US and the UK and b) they can compel you (via the court system: jails, fines etc) to decrypt whatever is on your computer.

With all this talk of encryption, it's worth pointing out that the UK govt recently awarded itself the right to demand passwords and encryption keys for any accounts or data they can't access. Refusing to hand these over is a crime in its own right.


Dubious legality and morality aside and also ignoring the impossibility of proving you haven't really forgotten the decryption key, TrueCrypt's "hidden volume" feature provide plausible deniability.

Personally, I think you're all being far too paranoid. Customs officers are stupid and I'd just set my laptop to boot into a dummy OS anyway. True they are often jobsworth cunts, but they have more important things to worry about than a couple of aXXo avis. If they pried in my private data I'd just tell them to fuck off and anyway, it would be mightily difficult for them to prove that any videos were illegally obtained.
posted by turkeyphant at 6:33 PM on May 11, 2009


turkeyphant, I hope you never have to learn the hard way how wrong you are.

#1 -- many customs officers might be stupid, but many also aren't. and there usually is at least one "expert" on call at each point of entry who is definitely smarter than you are and knows everything about Truecrypt.

#2 -- when you tell them to fuck off, there is the brute who will definitely be called over to either taser you, shove a baton in ribs or enforce an extroardinary rendition.

#3 -- you haven't entered the country until they clear you. you have no real rights. morals definitely don't apply. proof is irrelevant -- you may as well be guilty until you prove your innocence.
posted by randomstriker at 7:29 PM on May 11, 2009


Dubious legality and morality aside and also ignoring the impossibility of proving you haven't really forgotten the decryption key, TrueCrypt's "hidden volume" feature provide plausible deniability

Think long and hard before acting on logic of this sort.

This is not a game of "you can't prove that my nearly obvious use of encryption isn't some sort of accident or malicious act by a third party, so we'll all just pretend I don't know the password, right?"
posted by rr at 9:08 PM on May 11, 2009


TrueCrypt volumes do not contain known file headers and their content is indistinguishable from randomness.

I can't vouch for the research, but some folks now claim that Truecrypt volumes are easily distinguishable from randomness: That is, the presence of such volumes on a hard drive (though not their content) can be identified with "a very high probability".
posted by Dave 9 at 10:31 PM on May 11, 2009


I don't think anyone mentioned it above but there are import and export controls on some encryption software. The US requires that you obtain an export license from the Commerce Dept., Bureau of Industry and Security for some of the more powerful encryption software. Many countries have import controls for certain types of encryption. Import controls almost always are for the type of very high end software that allows you to send encrypted electronic data.

They have their own versions of the US NSA and they want to monitor communication. I don't believe that there would be either export or import controls for something like truecrypt but one reason they might search a laptop would be to see if it contains communication encryption software and, if so, what level of encryption it is capable of.

We just ran into this issue when trying to install communication encryption software on non-US employee's computers.
posted by Carbolic at 12:52 AM on May 12, 2009


So Bruce Scherner's advice is to delete everything off you hard drive and if you cant...

If you can't, consider putting your sensitive data on a USB drive or even a camera memory card: even 16GB cards are reasonably priced these days. Encrypt it, of course, because it's easy to lose something that small. Slip it in your pocket, and it's likely to remain unnoticed even if the customs agent pokes through your laptop. If someone does discover it, you can try saying: "I don't know what's on there. My boss told me to give it to the head of the New York office." If you've chosen a strong encryption password, you won't care if he confiscates it.

posted by shothotbot at 4:18 AM on May 12, 2009


I can't vouch for the research, but some folks now claim that Truecrypt volumes are easily distinguishable from randomness: That is, the presence of such volumes on a hard drive (though not their content) can be identified with "a very high probability".

Actually if you read those links it says that they are not distinguishable from randomness. They are distinguishable from 99.99% of the files on any given file system, because the vast majority of files on any given computer have things like file headers that are non-random. From the Wikipedia article:

TrueCrypt volumes do not contain known file headers and their content is indistinguishable from random, so it is difficult to prove that certain files are TrueCrypt volumes, though their presence can demonstrate and provide reasonable suspicion they contain encrypted data.

So, as I said above, if they are actively looking for encrypted files (and I have no idea if customs actually does that) then it will be relatively easy to find your TrueCrypt drive. The point is that, especially if you removed TrueCrypt from your system, saying that the data is completely random is a plausible excuse. From the TCHunt FAQ:

In addition to encrypted files, PRNGs that produce files with the attributes would be found too. Using dd with /dev/urandom as input is one example.

Using a pseudo-random number generator to create a random file is not exactly common, but I've done it before and it's not completely out of the realm of possibility. I suggested claiming it was for a network speed test, because that would be a legitimate situation where a large file of random bytes would be useful. Since customs apparently has unlimited power to deny entry for absolutely no reason that means you're never really safe, but in my opinion it would be completely unreasonable and insane for them to demand an encryption key for a file that could very well be random noise.
posted by burnmp3s at 7:10 AM on May 12, 2009


One thing I haven't seen in this thread: Can you prove that you owned that laptop before you departed from the U.S.? Ditto photography equipment, etc. Stick proof of ownership -- bill of sale or something close -- in the bag. Probably won't happen, but it could, especially if you are pulled out of line for a random check and your toy looks suspiciously new and shiny.

As for the paranoia about the security guys and laptops: Whatever dance you do to encrypt or conceal files, they can just confiscate you laptop until they're satisfied.
posted by justcorbly at 8:29 AM on May 12, 2009


many customs officers might be stupid, but many also aren't. and there usually is at least one "expert" on call at each point of entry who is definitely smarter than you are and knows everything about Truecrypt.

I highly highly doubt this. Anecdotal evidence certainly suggests otherwise.

This is not a game of "you can't prove that my nearly obvious use of encryption isn't some sort of accident or malicious act by a third party, so we'll all just pretend I don't know the password, right?"

You obviously have no idea how Truecrypt provides plausible deniability. Firstly, as has been shown several times in this thread, it's not obvious at all. Secondly, the "hidden volume" feature I mentioned earlier allows you to provide a working password without giving access to your data.
posted by turkeyphant at 9:28 AM on May 12, 2009


One thing I haven't seen in this thread: Can you prove that you owned that laptop before you departed from the U.S.? Ditto photography equipment, etc. Stick proof of ownership -- bill of sale or something close -- in the bag.

You visit the customs office in your airport as you're departing your home country, and show them your valuables. They'll make a certified list of these items and give you a copy, which you show to customs on re-entry into your home country.

This has more to do fairly applying import duties, which is different from the issue discussed so far of illegal digital content. Customs officers don't really bother with single laptops, a couple of cameras, ipods, etc because anything less than $1,000 is peanuts. If you have 100 ipods, sacks of diamonds or bricks of cash in your suitcase, that's a different matter.
posted by randomstriker at 11:06 AM on May 12, 2009


Response by poster: Check on leaving the sacks of diamonds and bricks of hashish at home, haha!

I ended up just taking a photo of my dvds on my digi camera. I decided that their systems are nothing to waste too much of my time worrying about. It would be nice if they would actually publish their policies though.
posted by occidental at 6:11 PM on May 12, 2009


Customs officers don't really bother with single laptops, a couple of cameras, ipods, etc because anything less than $1,000 is peanuts.

The US also tends to have cheap electronics, so there is less incentive to import something to avoid the import fees. Not the case in other countries, especially if they also have high taxes.
posted by smackfu at 7:29 PM on May 12, 2009


« Older argh. blech.   |   Cellphone to room speakerphone connection? Newer »
This thread is closed to new comments.