Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 2

Borders & Cybersecurity

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How you doing today in this episode of the show? We're going to talk about physical borders and digital security. So there was a reason to CBC news article around toronto-based lawyer. Right? Who came I was away from Canada for quite a while and then came back and when he came back and cross the border and when he landed me onto did the customs and cross the border to re enter into Canada.

He was asked for his passwords to his digital devices. He refused Canadian Border Services, then sees the devices and told them that they would attempt to brute-force the passwords and search the devices at their Leisure am and gave him a receipt for them and off he went and of course now, he's in an uproar violation of your rights.

The problem is and I'm not a lawyer yet again. I need that is like a permanent bar on the show underneath. You know, we've got the tagline we get the website Mark and see is mwm and then the episode number that's reverse probably but what I really need is a thing saying you don't pay this guy may have some security expertise but is not a lawyer and I'm so not a lawyer just some opinions from what I've seen And I'm in really I don't need to be a lawyer to communicate this to you because I think this is really fascinating at but here are the facts as I see them in my opinion sprinkled on top of the fact is when you are approaching a border different laws apply.

Globally. There are two main scenarios when you approach a border as a citizen returning into your own countries of crossing your own border on your own soil and as a foreigner approaching another country now what people tend to forget is that you was a foreign. So if I'm a Canadian and I am going into the UK when I arrive on UK soil and present myself at the border.

I am in a foreign country asking for permission to enter now, there are agreements between different countries about what that means and what different things are around there. But at the end of the day, you're a foreigner asking to come in right? You're knocking on somebody's door. Can I come into your house please and they make the decision whether you can or can't On their principles based on their guiding laws based on an agreement between your country's yada yada yada, but almost every single Border in this day and age has a huge amount of leeway for the border to search anything coming across and this is designed on its surface to stop Contraband to stop drugs to stop weapons to stop that kind of stuff coming across the country, but then we're reasoning is most countries have the ability to pretty much search whatever they want.

That's crossing their borders. Now the second Center the first scenario where your citizen returning back to your own country. There are some exceptions in there may be some different or additional protections on top of what the other day. You're still crossing a border and the easiest way to think about this for all of us non-lawyers out.

There is that borders are essentially like, you know, being an international waters out at Sea. There's not many rules. You don't have as many rights as you think you do. So it's best to take precautions. Now what I want to talk about in this episode of the show and what the article that I read really brought up to me at his that people seem to be really bad at modeling their risk.

So in this case the lawyer said, I don't want you searching these devices because I have solicitor-client privilege information on there that you're not legally allowed to see and of course the Border Services Agency responses while we've trained our people to avoid looking at that kind of thing. Let me tell you as a friend Zack investigator that doesn't fly.

It is extremely difficult to actively avoid something that you don't know is there I mean even if you do know it's there you are not going to take somebody's word for it to the lawyer can't say well don't look at file named ABCDE cuz that's under per client privilege when in fact that could be the exact same thing that you don't mean in a scenario hypothetical scenario.

They might want to be hiding from the authorities so you can't actually not find this information really cbsa should say the policy is if it's information. Just found out of professional training and courtesy of it is forgotten and excluded from future searches, but from a threat model perspective in this is really what I wanted to dive into on this episode.

Was that a threat modeling for the stuff is really interesting knowing that the border is a basically no go zone is a gray zone for your privacy in your sort of Rights around on search and seizure. You should take that into account your threat modeling for this particular case, if the lawyer had sensitive information that they didn't want anybody else seeing encrypting those files to a really high degree.

We're only he had the complex password if you wanted to try to risk that is far as I'm contesting not providing his password to those legal files. But again in that case you better have a different password for your systems that you do for your data access because I don't think it again.

I'm not a lawyer. I don't think that that would flies an argument of echo. I have one password that covers everything so you can't see anything. However, you might might and again not a lawyer you might have the basis for an hour. I meant if you said well here's my my legal files are encrypted at with a separate password that I will not provide you but here is access to the rest of system.

If you were looking for something in particular for the issue altogether sanitizer devices before you cross the border if this is part of your threat model, are you worried about this stuff? Well, then, you know, if you want to protect your data don't travel across the physical border with copies of your data and I think people don't really truly realize the amount of risk the exposure they have for their smartphone or their tablet.

These are wired up to pretty much every account you have in your life. So if you think about your smartphone right on your smartphone, you're probably banking you've got your personal email probably work email a ton of photos. Your social networks are all logged in and all the stuff is all actively login.

So they give if they can access your core OS on the device if they sign into your device, they probably have access to all this stuff right out of the gate unless you add additional protection saying like I use my face ID every So having this is basically a map to your life.

When you cross the border. Are you willing to take that risk? Some people are some people aren't again with everything and information security. I think you really need to make sure this is an explicit decision now with the cloud services with the ability to backup data. It's really easy to either sanitizer main device and then cross the border with it and then reload the day to you need or better yet.

Take a whole different set of devices on the go. Do you really need all your data with you when you were traveling so I go on vacation they take all their work one of their main phone when they go on vacation like you really need that on vacation. I'm here is a great opportunity for a low-cost or two burner and just flip your sim card over if you got a great plan or get a temporary one when you're wherever you are.

I'm and then you can access your personal email if you need to and your photos and then that way you've reduced your data footprint is your crossing the border. This is not designed to help you hide information from the authorities or get. Play with anything. I think it's just the reality of you need to understand that there are certain risks and when it comes to the Border there are legal risks because you're doing a physical Transit into somebody's country or transition between countries back to your own and I could now in this day in age because of the value of the information your smartphone and the value of 2 that to all sorts of legitimate investigations that puts your personal privacy at risk and you need to take steps to potentially protect that if that's what you decide again.

No clear-cut answer here. And again, I'm not a lawyer but I think it's something you really need to think of and that was the first thing that really hit me when I read that article about in CBC was like, wow that person does not understand risk modeling for them not to understand and I realize border laws sort of a fringe area of law that most lawyers might not touch but to not understand the challenges in the risks their own information.

That's that was disappointing to me because I think that's something that everybody needs to be aware of. Transiting across the border if you're in a scenario where your regularly exposing your data, and if you've got your cell phone with you, you probably are you need to understand the risks of carrying this little guy around especially when you're Crossing International Forest.

What do you think? Let me know hit me up at Mark NCAA in the comments down below and is always by email me at Mark n. CA how do you handle crossing the border with all of your digital information? Do you worry about it? Do you take precautions? Let's share.

Let's all learn from this. Look forward to having this discussion with you and seeing you on the next show. Morning, everybody. How you doing today in this episode of the show? We're going to talk about physical borders and digital security. So there was a reason to CBC news article around toronto-based lawyer.

Right? Who came I was away from Canada for quite a while and then came back and when he came back and cross the border and when he landed me onto did the customs and cross the border to re enter into Canada. He was asked for his passwords to his digital devices.

He refused Canadian Border Services, then sees the devices and told them that they would attempt to brute-force the passwords and search the devices at their Leisure am and gave him a receipt for them and off he went and of course now, he's in an uproar violation of your rights.

The problem is and I'm not a lawyer yet again. I need that is like a permanent bar on the show underneath. You know, we've got the tagline we get the website Mark and see is mwm and then the episode number that's reverse probably but what I really need is a thing saying you don't pay this guy may have some security expertise but is not a lawyer and I'm so not a lawyer just some opinions from what I've seen And I'm in really I don't need to be a lawyer to communicate this to you because I think this is really fascinating at but here are the facts as I see them in my opinion sprinkled on top of the fact is when you are approaching a border different laws apply.

Globally. There are two main scenarios when you approach a border as a citizen returning into your own countries of crossing your own border on your own soil and as a foreigner approaching another country now what people tend to forget is that you was a foreign. So if I'm a Canadian and I am going into the UK when I arrive on UK soil and present myself at the border.

I am in a foreign country asking for permission to enter now, there are agreements between different countries about what that means and what different things are around there. But at the end of the day, you're a foreigner asking to come in right? You're knocking on somebody's door. Can I come into your house please and they make the decision whether you can or can't On their principles based on their guiding laws based on an agreement between your country's yada yada yada, but almost every single Border in this day and age has a huge amount of leeway for the border to search anything coming across and this is designed on its surface to stop Contraband to stop drugs to stop weapons to stop that kind of stuff coming across the country, but then we're reasoning is most countries have the ability to pretty much search whatever they want.

That's crossing their borders. Now the second Center the first scenario where your citizen returning back to your own country. There are some exceptions in there may be some different or additional protections on top of what the other day. You're still crossing a border and the easiest way to think about this for all of us non-lawyers out.

There is that borders are essentially like, you know, being an international waters out at Sea. There's not many rules. You don't have as many rights as you think you do. So it's best to take precautions. Now what I want to talk about in this episode of the show and what the article that I read really brought up to me at his that people seem to be really bad at modeling their risk.

So in this case the lawyer said, I don't want you searching these devices because I have solicitor-client privilege information on there that you're not legally allowed to see and of course the Border Services Agency responses while we've trained our people to avoid looking at that kind of thing. Let me tell you as a friend Zack investigator that doesn't fly.

It is extremely difficult to actively avoid something that you don't know is there I mean even if you do know it's there you are not going to take somebody's word for it to the lawyer can't say well don't look at file named ABCDE cuz that's under per client privilege when in fact that could be the exact same thing that you don't mean in a scenario hypothetical scenario.

They might want to be hiding from the authorities so you can't actually not find this information really cbsa should say the policy is if it's information. Just found out of professional training and courtesy of it is forgotten and excluded from future searches, but from a threat model perspective in this is really what I wanted to dive into on this episode.

Was that a threat modeling for the stuff is really interesting knowing that the border is a basically no go zone is a gray zone for your privacy in your sort of Rights around on search and seizure. You should take that into account your threat modeling for this particular case, if the lawyer had sensitive information that they didn't want anybody else seeing encrypting those files to a really high degree.

We're only he had the complex password if you wanted to try to risk that is far as I'm contesting not providing his password to those legal files. But again in that case you better have a different password for your systems that you do for your data access because I don't think it again.

I'm not a lawyer. I don't think that that would flies an argument of echo. I have one password that covers everything so you can't see anything. However, you might might and again not a lawyer you might have the basis for an hour. I meant if you said well here's my my legal files are encrypted at with a separate password that I will not provide you but here is access to the rest of system.

If you were looking for something in particular for the issue altogether sanitizer devices before you cross the border if this is part of your threat model, are you worried about this stuff? Well, then, you know, if you want to protect your data don't travel across the physical border with copies of your data and I think people don't really truly realize the amount of risk the exposure they have for their smartphone or their tablet.

These are wired up to pretty much every account you have in your life. So if you think about your smartphone right on your smartphone, you're probably banking you've got your personal email probably work email a ton of photos. Your social networks are all logged in and all the stuff is all actively login.

So they give if they can access your core OS on the device if they sign into your device, they probably have access to all this stuff right out of the gate unless you add additional protection saying like I use my face ID every So having this is basically a map to your life.

When you cross the border. Are you willing to take that risk? Some people are some people aren't again with everything and information security. I think you really need to make sure this is an explicit decision now with the cloud services with the ability to backup data. It's really easy to either sanitizer main device and then cross the border with it and then reload the day to you need or better yet.

Take a whole different set of devices on the go. Do you really need all your data with you when you were traveling so I go on vacation they take all their work one of their main phone when they go on vacation like you really need that on vacation. I'm here is a great opportunity for a low-cost or two burner and just flip your sim card over if you got a great plan or get a temporary one when you're wherever you are.

I'm and then you can access your personal email if you need to and your photos and then that way you've reduced your data footprint is your crossing the border. This is not designed to help you hide information from the authorities or get. Play with anything. I think it's just the reality of you need to understand that there are certain risks and when it comes to the Border there are legal risks because you're doing a physical Transit into somebody's country or transition between countries back to your own and I could now in this day in age because of the value of the information your smartphone and the value of 2 that to all sorts of legitimate investigations that puts your personal privacy at risk and you need to take steps to potentially protect that if that's what you decide again.

No clear-cut answer here. And again, I'm not a lawyer but I think it's something you really need to think of and that was the first thing that really hit me when I read that article about in CBC was like, wow that person does not understand risk modeling for them not to understand and I realize border laws sort of a fringe area of law that most lawyers might not touch but to not understand the challenges in the risks their own information.

That's that was disappointing to me because I think that's something that everybody needs to be aware of. Transiting across the border if you're in a scenario where your regularly exposing your data, and if you've got your cell phone with you, you probably are you need to understand the risks of carrying this little guy around especially when you're Crossing International Forest.

What do you think? Let me know hit me up at Mark NCAA in the comments down below and is always by email me at Mark n. CA how do you handle crossing the border with all of your digital information? Do you worry about it? Do you take precautions? Let's share.

Let's all learn from this. Look forward to having this discussion with you and seeing you on the next show.