Joi Ito's Web

Joi Ito's conversation with the living web.

It should be noted that as with fingerprinting, some countries MAY demand similar action from our citizens entering their country.


------ Forwarded Message
From: rose
Date: Fri, 11 Mar 2005 08:49:32 -0800 (PST)
To: dave
Subject: "1984" has arrived! DHS demanding on site acccess to email accounts of selected incoming aliens

Hi Dave,

As an attorney, practicing in the areas of international business and immigration law, it has come to my attention through discussions with other attorneys, that DHS is pulling aside "selected" aliens at entry checkpoints and bringing them into a separate room which contains a DHS computer connected to the internet. The aliens are told to bring up their various email accounts on the screen and enter their passwords. DHS then reads the emails for information pertaining to possible unauthorized work or other matters and questions the aliens on these findings. Of course, no attorney can be present at these interrogations! People travelling to the U.S. should be aware that a possible search of them by DHS now also means a search of their email accounts!


Rose Robbins, Esq.

This means that I should probably be careful not to have any suspicious looking email on my computer either. This also creates a vulnerability for aliens entering the US because someone could send them a bunch of sketchy email that would get them in trouble when they are about to enter the US...


From: Kevin Murphy
Date: Fri, 11 Mar 2005 12:38:08 -0500
To: dave
Subject: RE: [IP] comments "1984" has arrived! DHS demanding on site access to email accounts of selected incoming aliens

I find this very difficult to believe.

How many people can remember the hostname, IP address or URL used to access their email, without the benefit of bookmarks or an preconfigured mail client? How many can even remember their password? For most people, their account and client would be set up by their employer or their ISP. They boot up Outlook and it just works. I know I couldn't provide this information, particularly after a long-haul flight, nicotine withdrawal, and standing in line at passport control for an hour.

And how would DHS know what email accounts you have, anyway?

Kevin Murphy

US Bureau Chief
San Francisco, CA 94103


Not to pooh-pooh Miss Robbins, but I couldn't find any Rose Robbins via the usual search engines. What attorney uses yahoo for their e-mail?

I'm unsure about the legitimacy of this person since there isn't much to go on, and being that I don't know them personally.

Anyone actually know Miss Robbins or can vouch?


Just updated the post with another skeptical response on the list.

Are we not missing the point here? If this is true, this is an enormous intrusion of privacy. Nothing light and funny about this.

Joi, what this means is not that you should watch what's in your email, it means you should watch your propencity, and need, to travel, and do business, in the U.S. ...


In order for this to create a vulnerability as your propose wouldn't I have to know the alien? If so, can't I already make an anonymous phone call to any and all officials stating that so-and-so alien is a baddie and they should check 'em out?

Besides ... if I try this with an email, I'd have to use something to shield my identy in order to keep the email from being traced back to me. Far easier to stop by a pay phone and make a call.

Boris, when you are in an international airport outside of the immigrations "wall" you have little or no rights. We already know this.

Anthony: True.

Oh.. another thing. Those that don't know already, 1984 already exists for the most part. It's just hidden in lots of legal terms and red tape. Perhaps I'm a cynic, but as a citizen of the US, half the things I could do ten years ago, I probably can't do now.

That, along with carrying a nail file on my nail clippers. Like you could do any damage with one of those anyways.

Joi: very true on the "wall". Heck, you're pestered coming back in, even if you are a citizen.

Joi: there's another way of being careful. Do not enter in USA anymore, which is my decision for the time going on. Finger printing, biometric passport, emails, where is the limit?

So the USA is one of the countries I no longer travel to.

IF this is true, it's just another sign of how clueless the DHS is. I personally have several email accounts. Some keep mail on a central server, and some immediately remove the email from my server when my mail client checks my mail. How would DHS know how many email accounts I have, and how am I supposed to check my POP3 accounts when the email isn't kept on the server?

It almost sounds like a password harvesting scheme. I suppose the intelligence community could somehow determine what other email addresses you have, and try your password on all of those accounts as well. Perhaps it's time for foreigners to use RSA SecurID tokens? ;)

Karl: RSA SecurID tokens. Brilliant. Totally forgot about those. Yes, I have one of those for my corporate mail. That would definitely throw a huge wrench into this network. You can't get into something that doesn't have your token.

Joi, that is no reason to simply accept such an abuse of an already horrific situation.

Color me skeptical about the email, because it fundamentally makes no sense. On the other hand, I can see them looking at blogs. I recall a case a couple of years ago with a newly-married Sasha (I don't want to put her last name in: those who know, know) moving to the UK and being stopped at the border. Blog entries were apparently referenced as evidence to keep them out.

It always cracks me up when I read things like "The aliens are told to bring up their various email accounts on the screen and enter their passwords." So, puny earthlings still using tcp/ip?

I don't find this hard to believe I hope it isn't true however. Most people know how to get their email, the problem I see is how do they know which of your accounts to access, I might have five email accounts for all they know.

I've got to agree with tom sparks, how would they know which/how many email addresses you have. The average person has at least 3 and of course, if they use pop and always get the info off the server what would be the point. That said, email is patently insecure, I have to wonder how many people planning on destroying the world would do so via email.

Maybe they do it via embedding plans in fake pr0n spam email. :p

Joi, kind of undercuts your participation in, and the results from, the 'terrorism' summit when the first thing you do after you finish you effort there, is post a very dubious sounding and unsubstantiated email.

And Julian, I would have no problem pulling up my email accounts in TCP/IP cuz they're all written in invisible bytes. Dumb DHS people wouldn't know to hold the computer over the fire...

Wake me up when Snopes runs this...

Isn't this demand to see your email more for the purpose of observing your behavior - how nervous it makes you - or, perhaps, intimidation - than it is information gathering? After all, with ECHALON, they can read your email, anyway.

That should have been echElon. Jeez.

What scares me is not that they would try to get me to open up my email, because I think this is just a scare, but that they'd take exception to something I said that seemed innocent to me.

I've heard so many horror stories of people being refused entry because the border guards didn't like the look of them. I've been told never to say that I'm 'staying with a friend' because then they will suspect you of wanting to shack up with a partner. (And god knows we can't have aliens stealing our men/women... they might try stealing our jobs next and then where will we be?) Of course, the fact that I have a partner in the US makes it even worse. What if I inadvertantly give myself away? What if they never let me in again? what if my nearly monthly visits mark me out as not following the usual tourist pattern of behaviour? What if they don't like the colour of my hair?

America - land of the free? Don't make me laugh.

Shelley, I like to post early and post often. It's much easier to get to the bottom of something like this with feedback from everyone. I can easily post an update if we establish this as a fact either way.

From DHS Web Site

What can I expect when I arrive in the U.S.?

Once at the port of entry, you will find that many of the procedures remain unchanged and are familiar to you.  For example, a U.S. Customs and Border Protection Officer still reviews your travel documents, such as a visa and passport.  The officer still asks you questions about your stay in the U.S.

What’s new under US-VISIT is that the U.S. Customs and Border Protection Officer now uses the inkless, digital fingerscanner to capture two of your fingerscans. You first place your left index finger and then your right index finger on the scanner.  The officer also takes your digital photograph.  These procedures add only seconds to the overall processing time. More information on this subject is available on the exit process guide.

The biographic and biometric data are used to match your identity against the data captured by the State Department at the time the visa was issued to ensure that you are the same person who received the visa.  In addition, your digital picture that was taken at the visa-issuing point is displayed to the U.S. Customs and Border Protection Officer for visual comparison and confirmation.

Using all these tools, the U.S. Customs and Border Protection Officer will then either admit you or conduct additional inquiries based on the verification results.  These procedures reduce fraud, identity theft, and the risk that terrorists and criminals will enter the U.S. undetected or by using stolen or fraudulent documents.

You may see a video of the entry and exit process in English or other languages.  

Simple... "No, I don't have an email address I can access from an unprotected network. Does your system have a VPN that supports DSP** authentication? I can try to connect, but I can never remember the whole 128 character key."

Though, I suppose that would make them curious what you have to hide....

** Double Secret Protocol - the Animal House of protocols.

What you have to hide as a businessman may often be important trade secrets or confidential business information.

Whether this is true or not, it would be very very bad business policy for the US government to make foreign businessmen wary of leaking confidential information on entry to the US... Of course, we have long heard stories about searches of hotel rooms by Chinese agents looking for secret company info...

In September 2002, I was Googled at the counter of Her Majesty's Immigration Control Point upon landing in Heathrow. Based partially on the results of that search engine query, I was granted leave to land. This allowed me into the European Union after being denied entry at another point of entry.

It would appear that some authorities are extending their scans of traveling passengers beyond a routine stamping of a passport. Although I'm not paranoid about this kind of use of technology, I think it's prudent to keep my bashing of the US government to a screen name that does not affiliate with a passport identity. That approach also works well if your pathway takes you down the route of a headhunter's screening process or a VC's vetting procedures.

Just my take on things.

It's standard practice to open sealed letters in your luggage as part of a check of someone who looks a bit doubtful. This happened to me back in 1992 at Minneapolis St. Paul.

"The biographic and biometric data are used to match your identity against the data captured by the State Department at the time the visa was issued to ensure that you are the same person who received the visa. In addition, your digital picture that was taken at the visa-issuing point is displayed to the U.S. Customs and Border Protection Officer for visual comparison and confirmation."

Actually there are a number of, mostly European, countries where Visa waiver forms are completed during the journey. So there is nothing to match it to......

Funny and not funny at all. It's funny to see that the US a country who doesn't give a damn about human rights, that does
kidnap people in other countries, deports them to other locations to abuse them. The same country makes such a big fuse about people entering their country. Maybe its cause they are scared like hell that people all over this planet are sick and tired of things they do all over this planet ?

9/11 changed a lot, and it opened a lot of eyes. OBL is an idiot, but he killed less people than Bush. Start thinking about this.

I don't see the country of freedom and democracy, I rather see an empire that tries to rule the world with all means,
naturally first of it is economical power, where it doesn't help some invasions will do. Human rights, get that out of the discussion. Wolfowitz should be in prison, but they try to nominate him for the world bank. This tells you where this planet is at. As long as such war criminals still are at large, what are we talking about average people's emails ? Or are the terrorist scared of terrorists ?

1 TrackBacks

Listed below are links to blogs that reference this entry: US Department of Homeland Security checking email.

TrackBack URL for this entry:

Joi wonders if the world has gotten more democratic since 9/11, a topic discussed at the Atocha memorial forum. Tough question. I think I'd say: More democracies, less democratic. More voting, less liberty.... Read More