Joining MetaLAB

I am beyond thrilled to announce I’ll be working with the outstanding group of scholars and artists at Harvard’s MetaLab this upcoming academic year as an affiliate, working mainly on their Library Test Kitchen project. I’m joining a team with some of my favorite makers and doers, people like Matthew Battles, Sarah Newman, and Jessica Yurkofsky, and many more that I am looking forward to meeting. I’ll still be in TN, working with them remotely and joining the team in Cambridge whenever possible.

I’ve been inspired by their work for years now, especially projects like Electric Campfire, which are right in my sweet spot of making with a goal of increased social connectivity. If you’ve not taken a look at the stuff that LTK has done, browse through and see what might inspire you.

Personally, I’m super excited to stretch my own knowledge of design and making through working with MetaLab. I’ve been consciously paying more attention to the design and making side of my brain recently, and while my instincts are not always to the artistic (I tend toward the more functional) I do have some aesthetic opinions that I like to embed in the work I do. I’m looking forward to expanding this bit of my brain.

Thank you to the gang for inviting me onboard. I’m excited to see what we can do together!

And lastly: MetaLab and Library Test Kitchen will be making an appearance at the 2018 LITA Forum in Minneapolis in November, so watch for more information about that very soon!

Blockchain & Libraries from Carnegie Mellon – Qatar

This past month I traveled to a place I wasn’t sure I’d ever visit…Doha, Qatar. I was brought to Doha for an awesome reason, to deliver the Gloriana St. Clair Distinguished Lecture in 21st Century Librarianship. The topic that I was asked to prepare remarks on was Blockchain (which I chose to broadly construe as decentralized technologies) and how it (they) might matter to the information professions in the near future. The actual title of my talk was Decentralization & Blockchain: Possibilities & Problematizations for Libraries, and the goal was to explain the technology, but also to bring to light potentials and risks that surround blockchain and decentralization technologies as they relate to libraries and information systems. There is a huge amount of potential in this technology, beyond the fintech hype and insanity of the moment. There is also risk, especially for organizations that are centered around the very notion of centralization of resources.

Here’s my lecture, along with the accompanying slides below it. If your consortium or company is interested in possibilities for blockchain in the information space and are looking for a consultant to help you understand it, I’m available.

Video

Slides

Hi! I'm Jason Griffey! I would like to ask for your Vote.

Vote Griffey!

After well over a decade of being a part of ALA and LITA, and working at (almost) every level of the division, I was asked and accepted the nomination to run for the position of Vice President/President-Elect for the Library & Information Technology Association. I’ve served as an organizer of an Interest Group, been the chair of multiple committees, served as a Director-as-Large, and spent two years as Parliamentarian for the Division. I’m excited that I have the opportunity to stand for election, and I hope that members find it worthwhile to vote for me. If you’re reading this, I hope I can count on your vote, and ask you to let your friends in LITA know that I would appreciate their vote as well.

What does this mean? If elected, it means I would spend the next three years following an arch of leadership in LITA (as Vice President, then President, and then finally Past President) at a time of what could be great change. The recently released Working Document – Exploration of Integration and Realignment Opportunities for ALCTS, LITA, and LLAMA is the beginning of a long discussion among members of the respective divisions. The TL;DR of the document is that all three divisions recognize that their individual challenges may be mitigated in part by joining forces…not an easy nor straightforward goal, but one that has the potential to strengthen the opportunities for and service to all members.

I’m excited by the opportunities a change like this represents. My time with LITA has been punctuated by efforts to make systems better for members, first as an IG chair with BIGWIG where we moved the needle on how presentations might work at the Annual conference through the Social Software Showcase, then as chair of the Programming Planning Committee where I led the team that completely revised how programming was done by moving from an entirely analog process (7 copies of your proposal plus in-person meetings at Midwinter…) to a digital one. Even now, when I’ve been tasked with re-thinking how LITA Forum works, my focus is always on what we can do to empower and reduce the friction necessary for members to be involved.

Meanwhile, the rest of the world of technology will keep marching, and I will work to maintain focus on issues that are at the heart of the future of the profession. I’ve tried to outline some of those on my Election Website, but I would LOVE to hear from members (and potential members!) about where you would like LITA to focus. If I’m elected, I’m going to need a ton of help…but I’m excited to have the opportunity to serve in this role, to work to make LITA better for members, and to hopefully chart a better course for the future of library technology.

If you have any questions for me, or just want to drop me a note about anything, I’d love to hear from you. You can @ or DM me on Twitter @griffey, or feel free to send me an email at griffey at gmail.

If you are a LITA member: I ask for your vote, and appreciate your faith in me if you do. Voting opens Monday, March 12, closes Wednesday, April 4, and you should receive details on voting in your email.

Thank you!

Beware Library Cobras…

This post is a short excerpt from my upcoming Library Technology Report on Smart Buildings. I’m just returning from attending LITA Forum 2017, and had a fantastic experience. My one disappointment was in the lack of problematization of data collection, retention, and analysis…especially as it relates to the “Internet of Things” and the coming flood of data from IoT.

This excerpt contains no solutions, only questions, concerns, and possible directions. If anyone has thoughts or would like to start a dialogue about these issues, I’d love to talk. The full Library Technology Report on Smart Libraries will be published by ALA TechSource in the next few months.


The end-game of the Internet of Things is that computing power and connectivity is so cheap that it is literally in every object manufactured. Literally everything will have the ability to be “smart”; Every chair, every table, every book, every pencil, every piece of clothing, every disposable coffee cup. Eventually the expectation will be that objects in the world know where they are and are trackable and/or addressable in some way. The way we interact with objects will likely change as a result, and our understanding of things in our spaces will become far more nuanced and details than now.

For example, once the marginal cost of sensors drops below the average cost for human-powered shelf-reading, it becomes an easy decision to sprinkle magic connectivity sensors over our books, making each of them a sensor and an agent of data collecting. Imagine, at any time, being able to query your entire collection for mis-shelved objects. Each book will be able to communicate with each book around it, with the wifi basestations in the building, with the shelves, and be able to know when they are out of place. Even more radical, maybe the entire concept of place falls away, because the book (or other object) will be able to tell the patron where it is, no matter where it happens to be shelved in the building. Ask for a book, and it will be able to not only tell you where it is, it can mesh with all the other books to lead you to it. No more “lost books” for patrons, since they will be able to look on a map and see where the book is in their house, and have it reveal itself via an augmented reality overlay for their phone.

The world of data that will be available to us in 10-20 years will be as large as we wish it to be. In fact, it may be too large for us to directly make sense of it all. My guess is that we will need to use machine learning systems to sort through the enormous mounds of data and help us understand the patterns and links between different points of data. The advantage is that if we can sort and analyze it appropriately, the data will be able to answer many, many questions about our spaces that we’ve not even dreamed of yet, hopefully allowing the designing of better, more effective and useful spaces for our patrons.

At the same time, we need to be wary of falling into measurements becoming targets. I opened the larger Report with Goodhart’s Law, credited to economist Charles Goodhart and phrased by Mary Strathern, “When a measure becomes a target, it ceases to be a good measure.” We can see this over and over, not just in libraries, but in any organization. An organization will optimize around the measures that it is rewarded by, often to negative effects in other areas. This is captured in the idea of perverse incentives, where an organization rewards the achievement of an assessment, only to realize that the achievement undermines the original goal. The classic example of this is known colloquially as the “Cobra effect”, named after the probably-apocryphal story of the British colonizers in India rewarding citizens for bringing in dead cobras in an attempt to control their deadly numbers in cities. Of course, the clever people of India were then incentivized to breed cobras in secret, in order to maximize their profits….

Libraries should be wary of the data they gather, especially as we move into the next decade or two of technological development. The combination of data being toxic to the privacy of our patrons and the risks of perverse incentives affecting decisions because of measure’s becoming targets is actively dangerous to libraries. Libraries that wish to implement a data-heavy decision making or planning process need to be extraordinarily aware of these risks, both acute and chronic. I believe strongly in the power of data analysis to build a better future for libraries and our patrons. But used poorly or unthoughtfully, and the data we choose to collect could be secretly breeding own set of cobras.

About FaceID

I’ve seen the hottest of terrible hot-takes over the last couple of days about Apple’s announcement this past Tuesday (although leaked a few days before) that their new flagship iPhone, the iPhone X, will use a biometric system involving facial identification as the secure authentication mechanism for the phone. No more TouchID, which uses your fingerprint as your “key” to unlock the phone, we are now in the world of FaceID.

Let’s get this out of the way early in this essay: biometrics are for convenience, passcodes are for security. This doesn’t mean that biometrics aren’t secure, but they are secure in a different way, against different threats, for different reasons. The swap of FaceID for TouchID does nothing to lessen the security of your device, nor does it somehow given law enforcement or government actors increased magical access to the information on your phone.

You’d have thought, from the crazed reactions I’ve seen on Twitter and in the media, that Apple had somehow neglected to think of all of the most obvious ways this can be cheated.

 

and my personal favorite

The Wired article above, by Jake Laperuque, includes the breathless passage:

And this could in theory make Apple an irresistible target for a new type of mass surveillance order. The government could issue an order to Apple with a set of targets and instructions to scan iPhones, iPads, and Macs to search for specific targets based on FaceID, and then provide the government with those targets’ location based on the GPS data of devices’ that receive a match.

If we’re throwing out possibilities…any smartphone could do that right now based on photo libraries. If there was a legal order to do so. And IF the technology company in question (either Google or Apple, if we’re sticking to mobile phones as the vector) did indeed build that functionality (which would take a long, long time) and then did employ it on their millions and millions of phones (also: long time), it would involve an enormous amount of engineering resources. Coordination of the “real” target vs family members who just happened to have photos on their phones of Target X should be fairly easy to do via behavioral profiling and secondary image analysis.

But that, like the FaceID supposition above, is bonkers to believe. If anything, FaceID is more secure in every way than the equivalent attack via standard photo libraries. If a nation-state with the power to compel Apple or Google into doing something this complicated and strange really wanted to know where you were…they wouldn’t need Apple or Google’s help to do so.

The truth of the matter is that FaceID is no less secure than the systems we have now on Apple devices (here I am not including Android devices as there are simply too many hardware makers to be certain of the security). TouchID, the fingerprint authentication process that is available for use on every current iPhone (and the new iPhone 8 and 8 plus), every current iPad, and multiple models of MacBook, uses your fingerprint as the “key” to a hash that is stored on a hardware chip known as the Secure Enclave on the phone. When you place your finger on the TouchID sensor, it isn’t taking a picture of your print, or storing your print in any way. The information that is stored in the Secure Enclave isn’t retrievable by anything except your phone. Your fingerprints aren’t being stored at Apple Headquarters on some server. There is no “master database” of the fingerprints of all iPhone users. The authentication is entirely local, as witnessed by the fact that you have to enroll your print on every iOs device separately.

FaceID appears to be exactly the same setup, with exactly the same security oversight as TouchID. It’s entirely local to the phone, and all of the information (a “hash” of information about your face…it’s really not fair to call it a “picture”) is stored on the Secure Enclave within the iPhone. We haven’t seen the full security report on FaceID and iOS 11 yet, but I am certain it will be available soon (iOS 10 and TouchID is available here). Given the other well-considered aspects of security on iOS 11 that we have seen, such as requiring a passcode before trusting an untrusted computer, I am confident that iOS 11 and FaceID will be at least as secure as their previous iterations.

Is it possible that Apple, the most valuable technology company in the world in large part due to their ability to develop hardware and software in concert with each other, completely missed something in making FaceID? Of course it’s possible. But all of the ways that technology of this sort has failed from other companies (racial bias, poor security models, data leakage) have not yet been true for TouchID. I do not believe they will be true for FaceID either.

Even setting aside the purely technical aspects, legally there is no difference in the risks of using FaceID over using TouchID. In the tweet above about police holding your phone up to your face to unlock it, it would be important to note that they can compel a fingerprint now. It is entirely legal (with a lot of “if”s and “but”s) for a police officer to force your finger onto your phone to unlock it. No warrant is necessary for that to happen. FaceID is exactly the same, as far as legal allowances and burden of proof and such, as TouchID is now. In the case of preventing law enforcement access to your phone, the only answer is a strong password and your refusal to give it to someone.

It isn’t clear to me if FaceID is going to be a good user experience…without devices in user’s hands, we have no idea. But the knee-jerk response that somehow Apple is building a massive catalog of faces is neither true, nor possible given the architectures of their hardware and software.

This isn’t to say that there isn’t some real danger somewhere:

I think Zeynep has this (as most things) exactly right. This technical implementation is really quite good. The normalization of the technology in our culture may well not be…but this is why I am so vehement about defending this positive implementation as positive. Let Apple’s method of doing this be the baseline, the absolute minimum amount of care and thought that we will accept for a system that watches us. They are doing it well and thoughtfully, so let’s understand that and not let anyone else do it poorly. And for goodness sake don’t cry wolf when technologies understand their risks and are built securely. Because just like the story, when the real wolves show up, it will be that much harder for those of us paying attention to raise the alarm.

EDIT: After writing this entire thing, I found Troy Hunt’s excellent analysis, which says many of these same things in a much better way than I. Go read that if you want further explication of my take on this, as I agree with his essay entirely.

Monoprice Mini Delta 3D Printer

The world of low-price 3D printing has been upended by Monoprice over the last several months. They’ve launched a handful of very inexpensive but well-reviewed printers at price points that basically no other manufacturer can touch.

Their latest printer, the Monoprice Mini Delta was launched earlier this year on Indiegogo, and I just received one of them. It’s a very small delta style 3D printer that’s rated to handle ABS and PLA. It has a heated bed, and more importantly, an auto-leveling feature, even if the build volume is only 120mm x 120mm (Delta printers have circular beds, which makes the bed size a diameter rather than an X/Y plane measurement). It even has wifi built in, so that prints can be sent wirelessly.

Did I mention that the printer is rumored to cost only $149? Fully assembled, ready to go out of the box.  They haven’t publicly announced retail pricing yet, but it looks like they are aiming at a $149 as the price, which will make this an amazing deal.

Even $149 is still a fair amount of money for many people, but relative to other 3D printers it is an amazing entry-level price.  For that price, you don’t get the long-term reliability of something like a Lulzbot Mini…the Monoprice Mini Delta is all metal, but is clearly not as well-built as more expensive printers. The tech support alone is going to be far, far less competent that companies that specialize in 3D printing. It’s louder, it rattles a bit, the fit and finish isn’t perfect. But in my testing, the quality of the prints it is putting out for me is much higher than one might expect given the price point.

I’ve printed a couple of Benchys at different orientations, and they have all been well within my expectations for accuracy.

All in all, this is a heck of a printer for the price. The reports online are that Monoprice is having a few issues with first-round production errors…bad control boards mostly. Those are being fixed with new machines immediately, though, so it looks like they are handling the launch and initial support problems fairly well.

I’m not yet certain if I’d recommend the Monoprice Delta Mini to libraries, as I haven’t had time to put hours and hour of printing on the thing to test its reliability. Given the overall build quality, I’m betting that this printer will need a bit of attention to keep running smoothly, which is something that libraries often can’t take the time to do. For libraries, I still recommend going with proven workhorses like the Lulzbot Mini as an entry level printer, or the Taz 6 as a high-end production machine. Even though the Delta Mini is almost 1/10th of the price of the Lulzbot Mini, I’m not convinced it’ll last 10 times as long, or print reliably 10 times as often.

What I would do is recommend the Delta Mini to librarians who are interested in playing around with the technology without a huge investment. For $150, you can have your own 3D printer to play with sitting on your desk at home….one that takes up about as much space as a large houseplant. This is the perfect sort of printer for individuals that just want to play around with printing things for the house, or their kids.

It has definitely made me set up and take notice of what Monoprice is doing in this space. I expect we’ll keep hearing from them over the next year or so with bargain-basement prices on interesting hardware. I’ll keep my eyes out.

3D Printers for Libraries, 2017 Edition

Back in 2014, I wrote a Library Technology Report for ALA entitled 3D Printers for Libraries (Creative Commons licensed version found can be found here). In the past 3 years, much has changed in the world of 3D printing: they exploded across libraryland, became cheaper and more useful, and the number of printer makers has grown like mad. So when ALA asked if I’d update the LTR for 2017, I said yes.

In it, I cover many of the changes in the 3D printing landscape, including the huge variety of new filaments and their properties. Tons of new printers, new types of control software that’s emerged since the last Report, and lots more that can help inform libraries and librarians about the possibilities for 3D printers in 2017.

I hope people find it useful and informative!

Berkman Klein Center Affiliate 2017-2018

I am honored to be included in the list of 2017-2018 Berkman Klein community members. This group of scholars, researchers, legal experts, technologists, information specialists, and more inspire me every year, and I can’t wait to meet the newest class. Here’s hoping I can continue to be worthy of inclusion in this fantastic community…the things I’ve learned over the last two years makes me incredibly excited for what’s to come in year three.

Measure the Future project goes Public Beta

Over on the Measure the Future project blog, I posted about going formally into public beta. I’m very proud of the work that’s been done to get the project to this point. I couldn’t have gotten this far without help from so many people, including especially the Alpha testers and the development team (Clinton Freeman, you’re a miracle worker). Here’s an excerpt from the longer post over on the MtF blog:

Measure the Future is also adding additional locations for installs with a new round of 4 Beta partner libraries. These additional locations (announcement soon on who those are) will give us even more feedback and will work with us to determine the best way to present this new type of library usage data. We will be answering the questions that our Beta partners want answered, so if you have questions you want our help with, please let us know. We have room for a couple more libraries in our Beta testing, and would love to work with you.

The big development goal for our Beta period is the move from local visualization of activity and attention in library spaces to a cloud-based portal that will allow for much richer visualizations. We are dedicated to making this move from local-to-cloud as privacy-focused and security-aware as possible, and so we will be taking great care in how we move forward.

Head over to read the full announcement, and visit Measure the Future to see all the code, instructions, and more that we released this weekend. There’s more to come, including a walk-though of a setup as soon as I can get some video and screen recordings together.

Personal International Infosec

This year I have a small number of international speaking engagements, and I just returned from the first of those in 2017…which means it was the first since the recent spat of increased DHS and Customs enforcement. It was also my first trip to a Muslim-majority country, and while not one on the magic list, it still made me consider my re-entry into the US and the possible attention therein. These things combined to make me far more attentive to and aware of my personal information security (infosec) than every before. This post will be an attempt to catalog the choices I made and the process I used, as well as details of what actual technological precautions I took prior to leaving and when actively crossing the border.

This trip was to the SLA Arabian Gulf Library Conference, held this year in Manama, Bahrain, where I was on a panel discussing future tech. This means flying internationally through a major city, which for me meant flights from Nashville to JFK to Doha International Airport in Qatar, then finally to Manama, Bahrain. The return was was the same, with the exception of flying back into the US via O’Hare in Chicago rather than JFK. This meant crossing into at least 2 foreign countries physically on each leg of the trip, although in Qatar I remained in the international section of the airport and didn’t go through customs and enter the country proper. Still, there were LOTS of checkpoints, which meant lots of potential checks of my luggage and technology.

Threat Model

What was my concern, and why was I thinking so hard about this prior to the trip? After all, I’m a law-abiding US citizen, and as the saying goes, if you’ve nothing to hide, why worry? First off, the “if you’ve nothing to hide” argument is dismissible, especially given the last 6 weeks of evidence of harassment and aggression at the US border. I am a citizen of the US, but I have also been very outspoken online regarding my feelings for the actions of the current administration. On top of that, information security isn’t just about the individual…it’s about everyone I’ve exchanged email with, texted, messaged on Facebook, sent a Twitter DM, and the like….the total extent of my communications and connections could, if dumped to DHS computers, theoretically harm someone that isn’t me, and that was not ok in my book. A primary goal was to prevent any data about my communications or contacts from being obtained by DHS.

DHS and Border Control has very, very broad powers when it comes to searching electronic devices at the border. I was not certain of the power granted to Border Agents in Qatar and Bahrain, but my working assumption was they had at least the powers that the US Agents did. I also assumed that the US agents would probably have better technological tools for intrusion, so if I could protect my data against that threat, I was safe for the other locations as well.

A secondary goal in my particular model was to attempt to limit the possibility for delay in my travels. If I could comply with requests up to a certain point without breaking my primary goal of data protection, that would likely result in less delay. When considering these levels of access, I thought about questions like: could I power on my devices without any data leakage? Could I unlock my devices if requested and allow the Agent to handle my phone, for instance, without risking data leakage? Could I answer questions about my device and the apps on it (or other apps in question, for instance social media accounts such as Facebook or Twitter) honestly without risking data leakage?

With all of that in mind, here’s how I secured my technology for border crossing. Your mileage may vary, as your threat model may be very different, and the manner in which you choose to answer the various questions above may be different. If everything had gone south and my devices were impounded, I’d be writing a very different post (and contacting the EFF). But for this particular trip, this is my story.

What to Take

First off, I decided quickly that I wasn’t going to travel with my MacBook Pro. I was lucky enough that I didn’t need it for this trip, because there wasn’t any work that I would be doing on the road that necessitated a general purpose computer. I had work to do, but it all involved writing…some email, some writing text for a project, some viewing of spreadsheets and analysis of them. Simple and straightforward things that luckily could easily be done with a tablet and a decent keyboard. I already had an iPad with the Apple keyboard case, which made for an easily-carried and totally capable computing device for the trip. I could load some movies and music on it, fire up a text editor, answer email, and generally communicate without issue. It’s also iOS based, which makes it enormously more secure than Mac OS from first principles.

Since both my main computing device and my phone ran the same OS, I was able to also double-up any planning and efforts in security, as any decision I made could be equally applied to both devices. This turned out to be very, very convenient, and saved me time and effort.

The first thing that I did was backup the both the iPad and iPhone to a local computer here at my house (not iCloud) and ensure that those backups were successful. I stored those backups on my home network to ensure their safety…if anything went wrong later, these would be my “clean” images that I could revert to upon returning home. Then I used Apple Configurator 2 to “pair lock” my devices to my laptop, which would remain at home.

Pair Locking

This process was best described back in 2014 by security researcher Jonathan Zdziarski. While his instructions are fairly out of date, the general idea is still there and still works in iOS 10 and Apple Configurator 2. Basically, pair-locking an iOS device is a method by which the device is flashed with a cryptographic security certificate that prevents it from allowing a connection to any computer that doesn’t have the other half of the cryptographic pair on it. This means that once locked to my laptop (which, again, wasn’t in my possession and was still at my home), my iPhone and iPad would simply refuse to connect to any other computer in the world…whether that was someone that stole it from me and and attempted to reflash it using iTunes on their computer, or whether that is a diagnostic device being used by law enforcement.

This process is designed with the concept of using it for enterprise installation of iOS devices that need high security procedures to prevent employees from being able to connect their home computer to their work phone and retrieve any information. But it works very well for the purposes of preventing any possible attacker from accessing the phone’s memory directly through it’s lightning port. This processes ensures that even if the phone is unlocked and taken from my possession, DHS or other attacker cannot dump the memory directly or examine it using typical forensic information gathering devices.

Password Manager

Once both devices were pair-locked, I was left with two freshly installed iOS devices that I needed to reload with apps and content that would be useful for me. After loading a set of games and apps that would allow me to pass the time and still get some work done, as well as media I might want to consume on the road, I loaded my password manager (I use and am very happy with 1Password) and created a very, very long and complicated vault password that there was no possibility I could remember. I recorded that password on paper (left at home in a fireproof safe) and gave it to a trusted person that had instructions not to give the password to me until I had cleared the border and only over a secured channel.

I then changed the 1Password vault password to be that password plus a phrase that I knew and could remember (a sort of salt). 1Password was set up to allow me to login with TouchID, so I could still operate normally (logging into services and such) until such a time as that TouchID credential was revoked. Once revoked, I would be completely locked out of my passwords, with no ability to access them, until through a pre-arranged time and secure channel I got the vault password from either of the mentioned trusted sources. Those trusted sources, meanwhile, couldn’t access my password vault either, since the salt was resident only in my head.

It may be obvious, but I also ensured that everything in my life that was accessed with a password had a very strong one that was held by 1Password, and that I didn’t know and couldn’t memorize even if I tried. My bank, social media, dropbox…everything that could get a password, had a very, very secure one. Any service that supported 2-factor authentication had said 2 factor turned on, with the second factor set to an authentication app that supports a PIN (or, in the case of Very Important Accounts, a physical Yubikey that was left in TN as well). This is security 101, and not directly related to my border crossing…but if you don’t have the basics covered, nothing else really matters.

Sanitization

I made sure that iOS had most iCloud sync services off….no contact syncing, no calendar syncing, really the only thing I left syncing was my photo gallery. I did not install any social media apps (no Facebook app, no Twitter app, etc) and only logged in and out on the websites in question. The browser on both devices was set to not remember passwords, and I clear cache and history regularly when traveling. As far as I could, I eliminated anything that stored conversations or messages between myself and others…no Facebook Messenger app, etc. I deleted my email app, and didn’t enter my account information for email into the standard iOS mail app.

This was, keep in mind, just for the transit period. Once in country and across borders, I could use a VPN to connect to the ‘net and download any apps needed, log into them after retrieving the password from one of the trusted sources, and effectively use both devices normally (with basic security measures in place all the time, of course).

Crossing Borders

At this point, I had a device that couldn’t be memory dumped, that had very little personal information on it, and even less information about my contacts on it. It mostly acted normally for me, because 1Password handled all of my logins and I used TouchID during daily usage…right up until I needed to cross a border. Before I did so, I deleted my TouchID credentials via Settings (by deleting the fingerprint credential), and powered-cycled my phone. Those two actions did several things all at once:

The first was that it prevented me from being able to know or retrieve any passwords for anything in my life. That’s a pretty scary situation, but I knew it was fixable in the future (this wasn’t a permanent state). It also meant that if I were asked to unlock my phone, I could do so pretty much without anything of interest being capable of access. Without the ability to dump the phone forensically, officers could ask me for passwords for accounts and I could truthfully say that I had no way of telling them, because the password manager knew them all and I didn’t. And I couldn’t give them the password vault login because I literally didn’t know it.

The idea with all of this was to create a boundary of information access beyond which, if DHS wanted to try and access, they would need to impound the phone and potentially subpoena the information from me with a warrant. My guess (which turned out to be correct) was that they would ask to have it powered on, and maybe they would ask to see it unlocked, but that would be it. If they pried further, well…I was prepared to tell them truthfully that I didn’t know, that I couldn’t know. And I would call a lawyer if detained, and proceed from there.

The worst case scenario for me was minimal delay and discomfort. I am enormously privileged in my position to be able to think about this sort of passive resistance without actual fear for bodily harm or other forms of retribution. For me, the likely worst case, even if things had escalated to asking for social media passwords, would have been the confiscation of my devices and my being detained for a time. This is assuredly not the worst case for many, and it is extraordinarily important that each person judge their own risks when deciding on security practices.

For some, it is far better to simply not carry anything. Or to carry a completely blank device. Or purchase an inexpensive device when you arrive in the country of your destination. For me, I had the ability to prepare and be ready for resistance if needed. Your mileage may, and should, vary.

Conclusion

The results of all this thought and effort? Nothing at all. Not a single bit of attention was paid to me at the various border crossings, by either US or foreign agents. On the leg of my flight leaving Qatar, I went through no fewer than 4 security checkpoints from the time I landed until getting onto the plane taking me to O’Hare, and at each one there was a baggage scanner and metal detector, agents pulling people out of line for additional screening, and the like. When I finally got to my gate, it had its own private security apparatus,  again with metal detector and baggage X-ray. At this security checkpoint, I was randomly selected for additional screening, but the agent in question (a Qatar security agent) was incredibly professional, thorough, and neither invasive nor abusive. I got a pat down (much less severe than those I’ve been given at US airports), and they asked to look inside my carryon…they even asked me to power on my iPhone and iPad. But they didn’t ask to unlock them, and they didn’t ask for passwords of any type.

When entering into the US at O’Hare, the plane was greeted by DHS agents at the gate, who asked to check passports upon exiting the plane. The agent I was greeted by barely had time to glance at my US Passport before waving me through…again, the privilege of my appearance and nationality was evidenced by the fact that several of my fellow passengers were not waved through so easily. The last thing I heard as I walked up the jetway towards Customs was a DHS Agent saying to the robed gentleman behind me “So you don’t speak very much English, huh….”

The current state of our country cannot stand. We are a nation of immigrants many peoples1, and a nation that believes in the privacy of our affairs and effects. This concern I had for my own and my friends’ information shouldn’t have been necessary. We should be able to be secure in our possessions, even and especially when those possessions are information about ourselves and our relationships to others. I do not want to be in a position where I have to threat model crossing the border of my own country. And yet, here we are.

I’d love any thoughts about the process described above, especially from security types or lawyers. Any holes or issues, any thoughts about what was useless, anything at all would be great to hear. I hope, as I so often hope these days, that all of this information never becomes applicable to you and that you never need to use it. But if you do, I hope this helped in some way.

I was called out on Twitter for my use of “immigrant” as an inclusive term for people in the US, when, of course, many US citizens ancestry is far more complicated and difficult than “they chose to come here”. It was written in haste and while it works for the emotion I was attempting to convey, it definitely undercuts the violent and difficult history of many people in the US. I’ve edited the text to reflect the meaning more clearly and left the original to indicate my change.