Feeds

DHS airport spooks stalk star hacker

Why are the feds trailing Moxie Marlinspike?

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Last weekend, as US-based security researcher Moxie Marlinspike snoozed during a layover at the Frankfurt Airport, he awoke to a scene straight out of a Franz Kafka novel.

“Some dude shows up with a picture of me on his cell phone, and he's just looking through the crowd at the gate until he finds me,” Marlinspike told The Register. “He takes me away [and says] 'I have some questions for you that you have to answer.'”

Eventually, the man, who identified himself as an employee of the American Consulate, permitted Marlinspike to fly home, but only after the man made a phone call to an unnamed person in Washington, DC. For Marlinspike — who as a frequent traveler had already been repeatedly subjected to secondary searches and some ominous comments from his inquisitors — the incident kicked off a series of escalating confrontations with federal officials.

A few days later, as Marlinspike was embarking on yet another business trip, he was aboard a Dominican Republic–bound plane just a few minutes from takeoff. As the door was about to be sealed, a man boarded, ran down the isle and demanded that Marlinspike deplane. Waiting in the jetway were two Transportation Security Administration officials who conducted what he says was an “extensive pat down,” even though he had already been thoroughly screened. They then permitted him to reboard and take off.

The surrealistic culmination came on Wednesday night, as Marlinspike was returning from the Dominican Republic. As he deplaned at JFK International Airport, he found two Customs and Border Protection officials at the door of the plane holding a picture of Marlinspike. With one agent in front and one behind, they led him to a customs detention room where they proceeded to grill him.

“They had instructions to pick me up and to go through my electronic data,” Marlinspike said. “Their message was pretty confusing. They said, 'You don’t have to worry about your privacy because the data will never leave the room.'”

Asked to explain, the agent added: “My boss has told me to come here and look through your stuff, but they're not willing to tell me what I'm supposed to be looking for.”

Marlinspike, who refused to surrender the encryption passphrases protecting his laptop and cellphone, was not permitted to be present while the agents examined the devices. He was eventually reunited with the electronics and permitted to fly to San Francisco, his final destination — but by then he missed his original flight.

Over the past few months, at least two other security enthusiasts have also been subjected to detentions at US borders. In July, according to CNET, Jacob Appelbaum was held for three hours while being searched and questioned by federal agents about his support for the WikiLeaks website, which he has endorsed. And earlier this month, Salon reported, an MIT researcher and friend of accused WikiLeaker Bradley Manning was detained for about 90 minutes while also being searched and questioned.

None of the three men were arrested or told they were under investigation for wrongdoing. But in an era of heightened security concerns, there's little recourse any of them can take, and there's not much they can do to prevent future occurrences.

“This is one thing that's very frustrating about Department of Homeland Security security practices,” said Marcia Hoffman, a staff attorney with the Electronic Frontier Foundation who advises clients on border detentions. “They can have a profound effect on a person's life and ability to move around, and often that person doesn't know why he or she is having such difficulty or what can be done about it.”

But unlike Appelbaum and House, Marlinspike has no obvious ties to WikiLeaks and at times has voiced criticism of the whistle-blowing site. He said the increased airport scrutiny began about two months ago, when airport officials were suddenly required to call a special DHS number before allowing him to board a plane. (Marlinspike's hacking moniker is different than the name that appears on his passport.)

The heightened scrutiny is having a hugely debilitating effect on Marlinspike's cellphone-encryption business, Whisper Systems, which caters to a large number of customers abroad.

“The Department of Homeland Security is slowly destroying my ability to run a business with international customers,” he said. “I need to be able to travel internationally without missing my connection every time, without being detained for five hours and with some assurance I'm not going to lose my laptop every time I go.”

Marlinspike says he has repeatedly asked the agents questioning him why he's being scrutinized, but has yet to get an explanation.

“They make these comments like: 'Dude, you must have really pissed somebody off,'” he said. “One customs officer last week at SFO was like, 'Listen, I'd expect someone to come to your house if I were you.' I said, 'Why do you say that,' and he's like, “Listen, when my boss' boss calls me and tells me to pick someone up, then I know something is going on.'”

A spokeswoman at the Customs and Border Patrol in Washington referred calls to John Saleh, a spokesman in the CBP's New York field office. He didn't return a phone call, and neither did officials from the DHS.

As frustrating as the experience has been for Marlinspike, he says it has come with some comic relief. One Customs agent who was trying to be helpful gave him a number to call to see if anything could be done to take him off the watch list. But when Marlinspike called it, he got a voicemail message that said the inbox was full. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.