Ryabitsev: Travel (Linux) laptop setup
China is not signatory to the "Personal Use Exemption" when it comes to encrypted devices, so bringing a laptop with encrypted hard drive with you is not technically legal. If the border officer does not like you for some reason and has grounds to suspect you are not being truthful about your stated reasons for entering China, you may be asked to decrypt your devices for a search. Failure to do so may result in unpleasantness, and you may be detained or fined merely on the grounds of having an encrypted device when entering the country. (As opposed to, for example, entering a country that is signatory to the personal use exemption, where just having an encrypted device is not grounds for any action. That said, it is never in your interest to make the border officer not like you for some reason. Until you are admitted to the country as a legal alien, the Geneva Convention and the Universal Declaration of Human Rights are pretty much the only legal frameworks protecting you as a person against foreign government action.) It is important to point out that you are extremely unlikely to be penalized for bringing in an encrypted laptop with you to China, as any kind of widespread zealous application of such practice would quickly shut down any business travel to China -- and this is definitely not in the government's interest."
Posted Jun 16, 2017 19:32 UTC (Fri)
by zlynx (guest, #2285)
[Link] (2 responses)
If taken literally, the AES encryption used by nearly every SSD would qualify. If you ever did a Secure Erase, the drive would be full of encrypted files that you can't access.
If your SSD had reserved, unpartitioned space, as is common for improving drive lifetime (see Samsung EVO recommendations) how could you ever prove that wasn't a hidden encrypted drive?
Silly.
Posted Jun 17, 2017 4:09 UTC (Sat)
by biergaizi (subscriber, #92498)
[Link] (1 responses)
A cryptographic device can be basically categorized as "Military/Governmental" and "Commercial", so any cryptographic devices for personal use falls info the "commerical" category. And here's the regulatory requirements for Commercial Cryptographic Devices.
---------------------
My rough translation:
COMMERCIAL CRYPTOGRAPHY REGULATIONS
Department of the State, People's Republic of China, Executive Order #273.
Article 7: Commercial Cryptographic Products shall be produced by specified national cryptography administration. Any individual or entity shall not produce Commercial Cryptographic Products.
Article 10: Commercial Cryptographic Products shall be sold by authorized national cryptography administration, if unauthorized, any individual or entity shall not sell Commercial Cryptographic Products.
Article 13: Importing cryptography products or devices with cryptographic technology, or exporting Commercial Cryptographic Products, must be registered and approved by national cryptography administration. Any entity or individual shall not sell foreign cryptography products.
Article 14: Any individual or entity shall only use Commercial Cryptographic Products authorized by national cryptography administration, shall not use self-developed or foreign-produced Cryptographic Products.
Article 24: If a foreign entity or individual uses cryptography products or devices with cryptographic technology without permission, shall be warned by public safety agency (i.e. police) and ordered for correction (of this misconduct), and cryptography products or devices with cryptographic technology shall be seized.
Article 20: If there is one of the following conducts, cryptographic products shall be seized by Business Administration, or Customs, according to national cryptography administration and specific circumstances. Any illegal income shall be seized. Serious offenses shall be punished by a fine, one to three times of the illegal income.
* a) Without specifications, producing Commercial Cryptography Products, or the produced Commercial Cryptographic Products by specified entitys, exceeded the permitted scope.
* b) Without authorization, selling Commercial Cryptography Products.
* c) Without approval, importing cryptography products or devices with cryptographic technology, importing Commercial Cryptography Products, or selling foreign cryptography products.
Selling of Commercial Cryptography Products by approved entities not in accordance with the provisions, shall be warned and ordered for correction by national cryptography administration and Business Administration.
Article 21: If there is one of the following conducts, national cryptography administration shall warn public safety (i.e. police) or national security agency, and order for correction:
* a) In research or production of Commercial Cryptography Products, violate security or confidentiality requirements.
* b) Selling, Transporting or Keeping Commercial Cryptography Products, without required corresponding security measures.
* c) Without approval, publicize or exhibit Commercial Cryptography Products in public.
* d) Unauthorized (ownership) transfer of Commercial Cryptography Products, or repair Commercial Cryptography Products by unauthorized entity.
Using self-developed or foreign-produced cryptography products, or repair Commercial Cryptography Products by unauthorized entity by national cryptography administration, if the offense is serious, cryptography products shall be seized by national cryptography administration, public safety and national security agency.
------------------------------
According to this regulation, all CPUs are illegal since there's AES, most games are illegal since there's DRM, web browsing is illegal since there's SSL/TLS, all modern operating systems are illegal, etc. Around 2000, the government released an interpretation of the regulation, said this regulation does apply only to hardware devices, not computer software. But it still can't changed the fact that Intel CPUs are illegal. And if I remembered correctly, this interpretation has expired.
Basically this regulation is the result of typical government thinking before the Crypto War. And since it is impossible to fight a Crypto War in China, this remained unchanged.
Also, like most laws and regulations in China, they are unenforceable since they render most common things illegal, so they are hardly being enforced. In case of political persecution, they can put anyone in jail with these laws.
btw, I know someone on the Internet who was too happy about his smartcard, and showed the card to everyone, later his card was seized by national security agency, but in this case I don't think it is a real threat.
My publication of this comment is illegal, since it is transferred by SSL/TLS and computed by AES-NI instruction, with a password manager protected by a OpenPGP Card.
TL;DR: Stay Calm and Let's Encrypt.
Posted Jun 17, 2017 4:13 UTC (Sat)
by biergaizi (subscriber, #92498)
[Link]
Posted Jun 16, 2017 20:38 UTC (Fri)
by gowen (guest, #23914)
[Link] (16 responses)
Try to avoid being suspiciously brown.
Posted Jun 16, 2017 22:42 UTC (Fri)
by walex (guest, #69836)
[Link] (5 responses)
* Most border posts are extraterritorial, like Guantanamo, that is not part of USA territory, and USA laws do not apply there.
Most times border officers won't press their advantage fully, but is they want to, there is little you can do. Most voters don't cross borders and think "better safe than sorry", "you can never be too safe", "safe at any cost to someone else", so them and politicians have effectively signed a blank cheque to security services, including police and border officers.
Posted Jun 17, 2017 5:27 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link] (4 responses)
> * Most border posts are extraterritorial
However, simply being within a border control zone IS enough reason to be detained and to be subjected to a search.
> * If you are not an USA citizen you have no right of entry to the USA.
Business/visitor visa holders can be denied entry on a whim with no real recourse.
> * If you are an USA citizen you have a right of re-entry, as long as you have a document that proves that you are a citizen
> * There is a long list of things that cannot be imported into the USA, some of them surprising, and where it is a felony to attempt to import them.
> * It is very easy for people to "disappear" at border posts, USA citizens or not.
Posted Jun 20, 2017 9:32 UTC (Tue)
by MKesper (subscriber, #38539)
[Link]
Please remember that even pictures of your own naked children might be considered as such. Many people from other countries might not be aware of that. See for example https://www.auswaertiges-amt.de/sid_0AE273DFF08CB718C74C2...
Posted Jun 20, 2017 15:44 UTC (Tue)
by walex (guest, #69836)
[Link]
So are foreign embassies and international organization headquarters, yet they are (to different degrees) extraterritorial too, by right of international treaty. Extraterritoriality as everybody knows is a legal concept, not geographical fact. Pointing out that most USA border crossings are usually contained geographically within USA borders is at best irrelevant.
> Airports are most definitely within the US and ALL of the US laws apply, including non-discrimination laws.
Airports, and their legal status, are not the same as the border posts within the airports, and their legal status.
>> * If you are an USA citizen you have a right of re-entry, as long as you have a document that proves that you are a citizen
That's completely ridiculous: someone who is detained "somewhere" as she claims that she is a USA citizen but has no documents to prove it, and indeed no entry documents at all, because she has "lost" her passport, brings suits in USA court to have the "top secret" camera records released to prove she had a passport, and thanks to those records, that are never "lost" either, she is released. Nice story! That might happen if her disappearance was indeed as mistake. If it was not, good luck.
>> * It is very easy for people to "disappear" at border posts, USA citizens or not.
With that right and two dollars you can buy a large latte in some places. Pointing out at theoretical rights without recognizing the chances of having them enforced is at best irrelevant.
The point is that while you can be arrested within the USA on a pretext (or on planted evidence) and then "disappear" into a malignant and opaque legal and jail system, or simply to be abducted and end up in a nice cell in the underground "detention facilities", there are still some minimal practical remedies that make that far easier to fix than"disappearing" at a border crossing. The practical status of nearly everybody at a border crossing is much the same as that of a dark skinned citizen in a police station in Tennessee in 1927, with all the 14th amendment rights that dark skinned citizen had. At a border crossing everything is stacked in favour of the authorities, whatever is or is not on your laptop or cellphone.
Posted Jun 22, 2017 18:44 UTC (Thu)
by jkingweb (subscriber, #113039)
[Link] (1 responses)
It's certainly true when preclearance happens like here in Canada: you'll go through customs outside US jurisdiction, and local territorial law applies. In the case of Canada the Charter of Rights and Freedoms and human rights legislation (which would probably apply rather than the Charter in this case) grant you significant protections while present in the country whether or not you are a citizen; for other places that have preclearance (like the UAE), you may have no particular legal protections.
Posted Jun 22, 2017 18:53 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Jun 17, 2017 1:41 UTC (Sat)
by linuxrocks123 (subscriber, #34648)
[Link] (8 responses)
Regarding what the poster above me said, US laws do apply at the border, but, when you're going through Customs, you basically have a very, VERY limited expectation of privacy, so most searches aren't considered to violate the Fourth Amendment, even if they would be totally illegal anywhere else. That may be the root of his confusion. Fifth Amendment rights, however, do apply, as does the Constitution as a whole.
Also, I'm pretty sure we don't disappear people at the border or destroy their passports. We've agreed to inform foreign consulates when we detain one of their citizens, and we do. Our own citizens have the full complement of protections against arbitrary detention with regard to Customs as anywhere else.
Posted Jun 17, 2017 8:35 UTC (Sat)
by andrey.turkin (guest, #89915)
[Link] (7 responses)
Posted Jun 17, 2017 11:53 UTC (Sat)
by nix (subscriber, #2304)
[Link] (5 responses)
However, given that the only time the government tried this in the UK it led to a massive PR disaster, I suspect they'll be very careful about doing so again. (However, Theresa May is such a paranoid control freak that I could well be wrong.)
Posted Jun 17, 2017 18:47 UTC (Sat)
by andrey.turkin (guest, #89915)
[Link] (4 responses)
Posted Jun 19, 2017 15:32 UTC (Mon)
by Wol (subscriber, #4433)
[Link] (3 responses)
The fact that you may not have (and have never had) the key is no defence.
So if I plant an encrypted file on your computer AND YOU CAN PROVE IT, you are still committing an offence for which you can be jailed ...
Cheers,
Posted Jun 19, 2017 15:54 UTC (Mon)
by farnz (subscriber, #17727)
[Link] (2 responses)
That's false - the offence in the Regulation of Investigatory Powers Act part III, which is the current law governing failure to decrypt, it is a statutory defence to demonstrate that you did not have the key at the point the decrypt order was given to you, and did not come into possession of it after the order was given to you. The exact wording is in section 53 of the Act: While the burden of proof is reversed (it's up to the recipient of the order to prove that they did not have the key), in the situation you describe, the fact that I can prove that you planted the encrypted file on my system, but not the key, is enough to act as a defence; of course, the likely outcome is a new decrypt order focused on you instead of me. I appreciate that, as someone not necessarily resident in the UK, you may be ignorant of our laws, but they are published in full on the National Archives Legislation site, and you can research them before repeating lies you've been told about them.
Posted Jun 19, 2017 22:47 UTC (Mon)
by anselm (subscriber, #2796)
[Link] (1 responses)
I don't think that's actually what this says. “A person shall be taken to have shown that he was not in possession of a key […] if the contrary is not proved beyond a reasonable doubt” means that the prosecution must prove beyond a reasonable doubt that the person was in possession of a key, or it will be assumed by default that the person wasn't. Alternatively, the person can actively provide “sufficient evidence to raise an issue” with respect to the prosecution's claim that they have a key, which is basically reasonable doubt from the other end.
Proving a negative is always difficult, and here the “person” does not have to prove conclusively that they don't have a key; they just need to poke a sufficiently large hole into the claim that they do.
Posted Jun 20, 2017 0:16 UTC (Tue)
by karkhaz (subscriber, #99844)
[Link]
I don't think it's "alternatively". The sentence you're talking about contains an "and," not an "or":
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—
So indeed, your parent is right: the onus is on the defendant to produce sufficient evidence that they are not in possession of a key, and this is _in addition to_ their possession of a key not having been shown beyond reasonable doubt by the prosecution.
Posted Jun 19, 2017 19:32 UTC (Mon)
by spaetz (guest, #32870)
[Link]
It can lead to prison time in the US too: https://www.engadget.com/2017/06/01/man-gets-180-days-in-...
Posted Jun 17, 2017 4:15 UTC (Sat)
by biergaizi (subscriber, #92498)
[Link]
Digital Privacy at the U.S Border: A New How-To Guide from EFF
Posted Jun 17, 2017 4:07 UTC (Sat)
by drag (guest, #31333)
[Link]
Posted Jun 17, 2017 5:42 UTC (Sat)
by NightMonkey (subscriber, #23051)
[Link] (13 responses)
I wish more people would get religion with sshuttle. No need for "vpn" configuration. No special device files or kernel modules. No "port forward" rules. Just ssh + iptables and all of your traffic (including DNS resolution) is forced down the ssh pipe to a server of your choice.
Posted Jun 17, 2017 16:50 UTC (Sat)
by biergaizi (subscriber, #92498)
[Link] (12 responses)
Posted Jun 17, 2017 18:24 UTC (Sat)
by drag (guest, #31333)
[Link] (9 responses)
VPNs and, I expect SSH as well, is a normal everyday thing for almost every business traveler. As is using https and other robust encryption methods. I find it unlikely that the Chinese State would have a automated process used to shut that sort of stuff down for any traveler unless they are suspected of something.
Posted Jun 17, 2017 20:48 UTC (Sat)
by misc (subscriber, #73730)
[Link] (3 responses)
I also remember a friend visiting China, and being unable to connect by ssh to the build cluster of the project we were working on. We did worked around by using another server as a jump host, but one had to wonder why the first was in some kind of blacklist, as it was back in the days before addresse recycling on cloud infra.
My teammates at Linuxcon Beijing also did express some frustration regarding Internet access, but were able to use Telegram without trouble, so I guess "it depend".
It might not be the GFW, it might just be "good enough" internet deployment, intercontinetal link being overloaded, or something else, but so far, I heard enough people complaining about crappy internet to think this is true.
And yeah, the Chinese Ministry of Communication do try to probe for Tor using active measures (like detecting bridges, etc) in the last years, so I wouldn't be surprised they do have now all kind of automation that might be buggy (or where they just do not care, see various articles on "close enough" mindset in China).
Posted Jun 17, 2017 21:22 UTC (Sat)
by halla (subscriber, #14185)
[Link] (1 responses)
That can only mean one thing, and that's that Telegram is allowed because it can be inspected. One way or another.
Heck, ancient history time... I studied Sinology in Leyden in the late eighties, early nineties, and the landline phone in my student house in the Breestraat was tapped. It was analog, so the very distinctive tick tell-tale gave the tap away. The other students in the house were only doing law, history and Dutch Literature, so I was the only one doing a sensitive subject. Also, my year group had the same experience.
Posted Jun 18, 2017 9:12 UTC (Sun)
by linuxrocks123 (subscriber, #34648)
[Link]
Posted Jun 20, 2017 11:04 UTC (Tue)
by paulj (subscriber, #341)
[Link]
I had a problem connecting to my SIP provider, but that turned out to be the European SIP provider just blacklisting Chinese IP blocks en masse.
Posted Jun 18, 2017 9:06 UTC (Sun)
by linuxrocks123 (subscriber, #34648)
[Link] (4 responses)
Posted Jun 18, 2017 14:38 UTC (Sun)
by biergaizi (subscriber, #92498)
[Link] (3 responses)
Posted Jun 19, 2017 6:40 UTC (Mon)
by pinkynotthebrain (guest, #116009)
[Link] (1 responses)
Posted Jun 20, 2017 0:48 UTC (Tue)
by biergaizi (subscriber, #92498)
[Link]
Posted Jun 29, 2017 8:05 UTC (Thu)
by linuxrocks123 (subscriber, #34648)
[Link]
Posted Jun 18, 2017 3:50 UTC (Sun)
by NightMonkey (subscriber, #23051)
[Link] (1 responses)
Posted Jun 18, 2017 5:46 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
by Office of the State Commercial Cryptography Administration
1999
Ryabitsev:Travel (Linux) laptop setup
Probably worth familiarising yourself with the procedure when you return to the USA. Long story short, they can take all your devices, copy them and will probably give them back inside a week. Be prepared to give up your encryption keys when asked, unless you're a big fan of spending long periods of time in interrogation rooms.
On return to America
On return to America
* If you are not an USA citizen you have no right of entry to the USA. It is entirely at the discretion of the borders officer, and they can detain you for any reason for any length of time.
* If you are an USA citizen you have a right of re-entry, as long as you have a document that proves that you are a citizen, but the border post is not part of USA territory, so that does not apply there. In any case if you hand over your passport to a border officer, she may "forget" that or "lose" it, and then you are no longer able to prove that you are a citizen.
* There is a long list of things that cannot be imported into the USA, some of them surprising, and where it is a felony to attempt to import them. It is very easy for border officers to plant such things on any device or baggage that you carry.
* It is very easy for people to "disappear" at border posts, USA citizens or not.
* In some difficult situations being a personal friend of a congressperson and having him come personally to "undisappear" you is the only way out.
On return to America
Not true. US borders start in the territorial waters or on the other side of a land border line. Airports are most definitely within the US and ALL of the US laws apply, including non-discrimination laws.
My lawyer's opinion is that if you are a permanent resident (a GC holder) then you are entitled to a deportation hearing before a judge (and with all the appeals afterwards), but border control officers are also free to keep you detained until the hearing.
You might be detained long enough to establish your identity but the right of entry is unconditional. And I don't think that "losing" a passport is going to happen, all the border crossings are recorded on multiple video cameras.
Simply having a "regular" forbidden item in your luggage will lead to a fine (or nothing at all), it's a misdemeanor. Felony will require obviously illegal items like drugs or child porn.
Detained people have an unconditional right to see legal council (or a consulate representative for foreigners) unless there's already an active deportation order in force.
On return to America
On return to America
> Not true. US borders start in the territorial waters or on the other side of a land border line.
> You might be detained long enough to establish your identity but the right of entry is unconditional.
> And I don't think that "losing" a passport is going to happen, all the border crossings are recorded on multiple video cameras.
> Detained people have an unconditional right to see legal council (or a consulate representative for foreigners)
On return to America
> Not true. US borders start in the territorial waters or on the other side of a land border line. Airports are most definitely within the US and ALL of the US laws apply, including non-discrimination laws.
On return to America
On return to America
On return to America
> you may be asked to decrypt your devices for a search. Failure to do so may result in unpleasantness
applies to USA and UK as well as China, with varied amount of unpleasantness. USA and China are kind of similar here: you might get detained for a while (or deported if you are not a citizen), and your device ceized for an extended period of time or forever. Failure to decrypt your device in UK may result in jail time.
On return to America
On return to America
On return to America
Wol
On return to America
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—
(a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b) the contrary is not proved beyond a reasonable doubt.
On return to America
While the burden of proof is reversed (it's up to the recipient of the order to prove that they did not have the key) […]
On return to America
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b)the contrary is not proved beyond a reasonable doubt.
On return to America
On return to America
https://www.eff.org/files/2017/03/10/digital-privacy-bord...
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
They do appear to fuck with ssh in some way. I was never actually blocked with sshuttle, but the ssh connection became so slow as to be basically unusable for anything other than an interactive session. I suspect this was traffic shaping, though I can't be sure. The reason I can't be sure is because their connection to anything hosted in another country sort of sucks. They don't have a fat enough pipe out of the country, and it shows.Ryabitsev:Travel (Linux) laptop setup
Still, I had a much happier time in subsequent trips there using softether over obfsproxy. So I do think they were fucking with ssh.
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup
Ryabitsev:Travel (Linux) laptop setup