Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's illegal not to provide your password in the UK, not sure what the rules are under these special powers in the US.


Then change your password to something that you don't actually know.

Generate a random password before your trip and print out a few copies. Take one with you and secure the remaining ones. Before you fly through the UK, change the password on your computer to the random one and destroy the printout. When you get back home use the remaining printouts to change your password back and then destroy them.


I haven't studied this law in detail, but it expect it is worded to avoid precisely this sort of manoeuvre, because the implication is quite clear - you have no right to privacy. If necessary they'd just confiscate your device and detain you on suspicion of perverting the course of justice etc, etc. they can hold you for 3 months for refusing to answer any questions they ask, including questions on your encryption scheme and how they can defeat it. They can also image all your hardware for future decryption, compromise it before returning it, etc.

I think the safer solution is not to travel with hardware you intend to use again.


I haven't studied this law either, but look at what happened to David Miranda who was in a situation very similar to the one I proposed - he was transporting information but didn't know what he was carrying (and given the people involved, the hard drives were probably encrypted).

He was detained for 9 hours and threatened with arrest during that time, but this was under terrorism laws, not encryption laws. And ultimately he was let go (sans equipment).


People have been jailed in the uk for not giving up their password. I suspect Miranda was released because they had the devices/data and had made their point, plus of course it would have become a major international incident given the news organisations involved and their involvement in the story. If he didn't have embassy staff and the guardian lawyers demanding his release, it might never have happened.


Does the UK not have anything similar to the 5th Amendment in the US? Could they ask you "Did you still a hot dog from that hotdog stand"? And force you to confess, or be faced with charges of lying to an officer?


Under normal law, yes there is a right to remain silent, at the border, no, because they have passed laws (schedule 7 of the 2000 terror act) saying they can imprison you for three months if you fail to cooperate in any way or answer any questions.


These sorts of techniques make great comments, but are nearly useless in reality.

First of all, even if you're being truthful, saying "I don't know my password" will likely not be believed. Explaining the process you went through to safeguard your password will merely elicit suspicion by a border agent. Why would you go through such pains if you had nothing to hide? And once they are suspicious of you, you will almost surely be detained and have your equipment seized.

Yes, the government might not be able to decrypt it for years, but they still have your laptop, and they are still in possession of your data, encrypted as it may be. So, I ask you, who won this little battle? It sure wasn't you.

IMHO, the only valid approach here is to host everything on an external server, and VPN / SSH into it to do your work. Don't store the connection info locally, and don't store any passwords / keys locally. Make sure no confidential files ever touch your hard drive, even in a cache. Most agents have no idea how that process works, and unless you have a shortcut on your desktop / home directory labeled "connect to home fileserver" they probably won't even think to ask you for any further info.

EDIT: Stupid spelling error. Thanks, recursive.


> Why would you go through such pains if you had nothing to hide?

Why would you not want a camera in your bathroom, if you have nothing to hide?


Please note that I personally hate the phrase "if you have nothing to hide, you have nothing to fear." I was using it in this case because many people still operate like that and because, for better or worse, I assume all 'police type' people fall into this category.

I merely figured the HN community would pick up on the sarcasm.

So please do not patronize me.


The assumption is that you are okay with having your laptop seized.

Obviously the best approach is to just not have your laptop.


FYI elicit


At this point, why are you even bringing your computer along, if you have no way to log into it?


This obviously depends on your travel plans. For the US, for example, CBP can only search your belongings on entry into the US. If you are traveling from the US -> wherever -> US then you only need to secure your laptop for your return flight.


IIRC the 5th amendment allows you to not divulge your password, unless they can prove that there is illegal content .


What if you genuinely don't remember your password? Is it in effect memory loss that's been made illegal?


The more I read about the laws in the UK, the more I appreciate the laws in the USA. We don't have everything right, but at least our system is rooted in the notion of the sanctity of individual rights. Or was.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: