CBP Reveals How Agents Implement New Policy Not to Access Cloud Content

  • President Trump’s nominee to be Commissioner of U.S. Customs and Border Protection (CBP), Kevin McAleenan, revealed during his confirmation process how the agency implements its new policy not to access cloud content during border searches of digital devices.

    In response to written questions for the record submitted by Sen. Ron Wyden (D-OR) and other members of the Senate Finance Committee, Mr. McAleenan explained that in accordance with CBP’s new policy to access only information that is “physically resident” on a device, border agents must “ensure that network connectivity is disabled to limit access to remote systems” (page 92).

    While Mr. McAleenan did not provide details, disabling network connectivity can mean a few things, such as putting a phone or other device into “airplane mode,” or individually toggling off cellular data and Wi-Fi. It could also mean making sure a laptop is not connected to an Ethernet cable, or bringing a device into a SCIF-type room that blocks electromagnetic signals.

    This newly disclosed fact—that border agents must disable Internet connectivity before searching a digital device—provides a more complete picture of CBP’s new no-cloud-access policy.

    The public first heard of this new policy when Mr. McAleenan submitted answers to a separate set of written questions from Sen. Wyden in June 2017. In that document, Mr. McAleenan stated that CBP “issued a nationwide muster in April 2017 reminding its officers” that they may only access data “physically resident” on a device. As we explained, CBP’s 2009 policy—the operative policy on border searches of digital devices—does not prohibit border agents from searching travelers’ cloud content. Rather, that policy broadly authorizes agents to search “information encountered at the border,” which apparently would include cloud data accessed via a digital device at the border. Thus the April 2017 muster is a new policy that for the first time bars cloud searches. We welcome the muster.

    Because CBP did not make the muster itself public, we submitted a Freedom of Information Act (FOIA) request seeking the document. After filing our Alasaad v. Duke lawsuit challenging border device searches, we received a heavily redacted muster. We then filed an administrative appeal, and in response CBP released the one-page muster with significantly fewer redactions, as well as a two-page accompanying memo with some redactions.

    The redacted muster states:

    • To avoid retrieving or accessing information stored remotely and not otherwise present on the device, where available, steps such as [REDACTED] must be taken prior to search.
    • Prior to conducting the search of an electronic device, an officer will [REDACTED].

    Apparently, these muster redactions refer to what Mr. McAleenan has since said publicly: that border agents must disable Internet connectivity before searching a digital device.

    Additionally, in his most recent responses (page 89), Mr. McAleenan stated that CBP’s no-cloud-access policy goes “above and beyond [that which is] constitutionally required.” We couldn’t disagree more. While we believe that warrantless and suspicionless searches of digital data on a device violate the Fourth Amendment, warrantless and suspicionless searches of cloud data are even more intrusive. The Supreme Court in Riley v. California (2014) agreed, stating, “Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house.”

    We urge travelers to report to us (borders@eff.org) when they believe that CBP agents searched their cloud data by failing to put a device in airplane mode or otherwise ensure that the device did not have Internet access. We also urge travelers to submit a FOIA/Privacy Act request to CBP to learn additional details about what border agents might have done with their devices.

    Sen. Wyden called on Mr. McAleenan to make the entire muster public (page 92). We echo that call. Americans and other travelers have a right to know exactly how the federal government intends to protect this critical aspect of our digital privacy.


Tmux Commands

screen and tmux

A comparison of the features (or more-so just a table of notes for accessing some of those features) for GNU screen and BSD-licensed tmux.

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This - being a cheat-sheet - is just to point out the most very basic features to get you on the road.

Trust the developers and manpage writers more than me. This document is originally from 2009 when tmux was still new - since then both of these programs have had many updates and features added (not all of which have been dutifully noted here).

Action tmux screen
start a new session tmux OR
tmux new OR
tmux new-session
re-attach a detached session tmux attach OR
tmux attach-session
re-attach an attached session (detaching it from elsewhere) tmux attach -d OR
tmux attach-session -d
screen -dr
re-attach an attached session (keeping it attached elsewhere) tmux attach OR
tmux attach-session
screen -x
detach from currently attached session ^b d OR
^b :detach
^a ^d OR
^a :detach
rename-window to newname ^b , <newname> OR
^b :rename-window <newn>
^a A <newname>
list windows ^b w ^a w
list windows in chooseable menu ^a "
go to window # ^b # ^a #
go to last-active window ^b l ^a ^a
go to next window ^b n ^a n
go to previous window ^b p ^a p
see keybindings ^b ? ^a ?
list sessions ^b s OR
tmux ls OR
tmux list-sessions
screen -ls
toggle visual bell ^a ^g
create another window ^b c ^a c
exit current shell/window ^d ^d
split window/pane horizontally ^b " ^a S
split window/pane vertically ^b % ^a |
switch to other pane ^b o ^a <tab>
kill the current pane ^b x OR (logout/^D)
collapse the current pane/split (but leave processes running) ^a X
cycle location of panes ^b ^o
swap current pane with previous ^b {
swap current pane with next ^b }
show time ^b t
show numeric values of panes ^b q
toggle zoom-state of current pane (maximize/return current pane) ^b z
break the current pane out of its window (to form new window) ^b !
re-arrange current panels within same window (different layouts) ^b [space]
Kill the current window (and all panes within) ^b killw [target-window]
  • Use the same script for updating/ upgrading

    Make sure to change the versions to the latest releases:

    #!/bin/bash set -e bpcver=4.2.1 bpcxsver=0.57 rsyncbpcver=

    Scroll through the script, know what you are doing.

    Uncomment the upgrade section(s) and comment out the install section(s)

    read more
  • Again running smartctl after all is said and done:

    smartctl --all /dev/sda

    ddrescue-smartctl-after-rescue.png ddrescue-smartctl-2.png

    Yet an old drive in itself, I run the wheels off of them, and monitor regularly as anyone should.

    read more