CBP Reveals How Agents Implement New Policy Not to Access Cloud Content



  • President Trump:undefined:’:undefined:s nominee to be Commissioner of U.S. Customs and Border Protection (CBP), Kevin McAleenan, revealed during hisconfirmation process how the agency implements its new policynot to access cloud content during border searches of digital devices.

    In response towritten questions for the record submitted by Sen. Ron Wyden (D-OR) and other members of the Senate Finance Committee, Mr. McAleenan explained that in accordance with CBP:undefined:’:undefined:s new policy to access only information that is :undefined:“:undefined:physically resident:undefined:”:undefined: on a device, border agents must :undefined:“:undefined:ensure that network connectivity is disabled to limit access to remote systems:undefined:”:undefined: (page 92).

    While Mr. McAleenan did not provide details, disabling network connectivity can mean a few things, such as putting a phone or other device into :undefined:“:undefined:airplane mode,:undefined:”:undefined: or individually toggling off cellular data and Wi-Fi. It could also mean making sure a laptop is not connected to an Ethernet cable, or bringing a device into aSCIF-type room that blocks electromagnetic signals.

    This newly disclosed fact:undefined:—:undefined:that border agents must disable Internet connectivity before searching a digital device:undefined:—:undefined:provides a more complete picture of CBP:undefined:’:undefined:s new no-cloud-access policy.

    The public first heard of this new policy when Mr. McAleenan submitted answers to a separate set of written questions from Sen. Wyden in June 2017. In thatdocument, Mr. McAleenan stated that CBP :undefined:“:undefined:issued a nationwide muster in April 2017 reminding its officers:undefined:”:undefined: that they may only access data :undefined:“:undefined:physically resident:undefined:”:undefined: on a device.As we explained,CBP:undefined:’:undefined:s 2009 policy:undefined:—:undefined:the operative policy on border searches of digital devices:undefined:—:undefined:does not prohibit border agents from searching travelers:undefined:’:undefined: cloud content. Rather, that policy broadly authorizes agents to search :undefined:“:undefined:information encountered at the border,:undefined:”:undefined: which apparently would include cloud data accessed via a digital device at the border. Thus the April 2017 muster is a new policy that for the first time bars cloud searches. We welcome the muster.

    Because CBP did not make the muster itself public, we submitted a Freedom of Information Act (FOIA) request seeking the document. After filing ourAlasaad v. Duke lawsuit challenging border device searches, we received a heavily redacted muster. We then filed an administrative appeal, and in response CBP released theone-page muster with significantly fewer redactions, as well as a two-page accompanying memo with some redactions.

    The redacted muster states:

    • To avoid retrieving or accessing information stored remotely and not otherwise present on the device, where available, steps such as [REDACTED] must be taken prior to search.
    • Prior to conducting the search of an electronic device, an officer will [REDACTED].

    Apparently, these muster redactions refer to what Mr. McAleenan has since said publicly: that border agents must disable Internet connectivity before searching a digital device.

    Additionally, in hismost recent responses (page 89), Mr. McAleenan stated that CBP:undefined:’:undefined:s no-cloud-access policy goes :undefined:“:undefined:above and beyond [that which is] constitutionally required.:undefined:”:undefined: We couldn:undefined:’:undefined:t disagree more. While we believe that warrantless and suspicionless searches of digital dataon a device violate theFourth Amendment, warrantless and suspicionless searches ofcloud data are even more intrusive. The Supreme Court inRiley v. California (2014) agreed, stating, :undefined:“:undefined:Such a search would be like finding a key in a suspect:undefined:’:undefined:s pocket and arguing that it allowed law enforcement to unlock and search a house.:undefined:”:undefined:

    We urge travelers to report to us (borders@eff.org) when they believe that CBP agents searched their cloud data by failing to put a device in airplane mode or otherwise ensure that the device did not have Internet access. We also urge travelers to submit aFOIA/Privacy Act request to CBP to learn additional details about what border agents might have done with their devices.

    Sen. Wyden called on Mr. McAleenan tomake the entire muster public (page 92). We echo that call. Americans and other travelers have a right to know exactly how the federal government intends to protect this critical aspect of our digital privacy.

    https://www.eff.org/deeplinks/2017/11/cbp-reveals-how-agents-implement-new-policy-not-access-cloud-content


 



  • Make ISO from DVD

    In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM

    Find out which device the DVD is:

    lsblk

    Output:

    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5

    Therefore /dev/sr0 is the location , or disk to be made into an ISO

    I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.

    dd if=/dev/sr0 of=win10.iso

    Where if=Input file and of=output file

    I chill out and do something else while the image is being copied/created, and the final output:

    8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s

    Fin!

    read more
  • Recreate postrgresql database template encode to ASCII

    UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

    Now we can drop it:

    DROP DATABASE template1;

    Create database from template0, with a new default encoding:

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;

    read more
});