DHS airport spooks stalk star hacker

Why are the feds trailing Moxie Marlinspike?

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Last weekend, as US-based security researcher Moxie Marlinspike snoozed during a layover at the Frankfurt Airport, he awoke to a scene straight out of a Franz Kafka novel.

“Some dude shows up with a picture of me on his cell phone, and he's just looking through the crowd at the gate until he finds me,” Marlinspike told The Register. “He takes me away [and says] 'I have some questions for you that you have to answer.'”

Eventually, the man, who identified himself as an employee of the American Consulate, permitted Marlinspike to fly home, but only after the man made a phone call to an unnamed person in Washington, DC. For Marlinspike — who as a frequent traveler had already been repeatedly subjected to secondary searches and some ominous comments from his inquisitors — the incident kicked off a series of escalating confrontations with federal officials.

A few days later, as Marlinspike was embarking on yet another business trip, he was aboard a Dominican Republic–bound plane just a few minutes from takeoff. As the door was about to be sealed, a man boarded, ran down the isle and demanded that Marlinspike deplane. Waiting in the jetway were two Transportation Security Administration officials who conducted what he says was an “extensive pat down,” even though he had already been thoroughly screened. They then permitted him to reboard and take off.

The surrealistic culmination came on Wednesday night, as Marlinspike was returning from the Dominican Republic. As he deplaned at JFK International Airport, he found two Customs and Border Protection officials at the door of the plane holding a picture of Marlinspike. With one agent in front and one behind, they led him to a customs detention room where they proceeded to grill him.

“They had instructions to pick me up and to go through my electronic data,” Marlinspike said. “Their message was pretty confusing. They said, 'You don’t have to worry about your privacy because the data will never leave the room.'”

Asked to explain, the agent added: “My boss has told me to come here and look through your stuff, but they're not willing to tell me what I'm supposed to be looking for.”

Marlinspike, who refused to surrender the encryption passphrases protecting his laptop and cellphone, was not permitted to be present while the agents examined the devices. He was eventually reunited with the electronics and permitted to fly to San Francisco, his final destination — but by then he missed his original flight.

Over the past few months, at least two other security enthusiasts have also been subjected to detentions at US borders. In July, according to CNET, Jacob Appelbaum was held for three hours while being searched and questioned by federal agents about his support for the WikiLeaks website, which he has endorsed. And earlier this month, Salon reported, an MIT researcher and friend of accused WikiLeaker Bradley Manning was detained for about 90 minutes while also being searched and questioned.

None of the three men were arrested or told they were under investigation for wrongdoing. But in an era of heightened security concerns, there's little recourse any of them can take, and there's not much they can do to prevent future occurrences.

“This is one thing that's very frustrating about Department of Homeland Security security practices,” said Marcia Hoffman, a staff attorney with the Electronic Frontier Foundation who advises clients on border detentions. “They can have a profound effect on a person's life and ability to move around, and often that person doesn't know why he or she is having such difficulty or what can be done about it.”

But unlike Appelbaum and House, Marlinspike has no obvious ties to WikiLeaks and at times has voiced criticism of the whistle-blowing site. He said the increased airport scrutiny began about two months ago, when airport officials were suddenly required to call a special DHS number before allowing him to board a plane. (Marlinspike's hacking moniker is different than the name that appears on his passport.)

The heightened scrutiny is having a hugely debilitating effect on Marlinspike's cellphone-encryption business, Whisper Systems, which caters to a large number of customers abroad.

“The Department of Homeland Security is slowly destroying my ability to run a business with international customers,” he said. “I need to be able to travel internationally without missing my connection every time, without being detained for five hours and with some assurance I'm not going to lose my laptop every time I go.”

Marlinspike says he has repeatedly asked the agents questioning him why he's being scrutinized, but has yet to get an explanation.

“They make these comments like: 'Dude, you must have really pissed somebody off,'” he said. “One customs officer last week at SFO was like, 'Listen, I'd expect someone to come to your house if I were you.' I said, 'Why do you say that,' and he's like, “Listen, when my boss' boss calls me and tells me to pick someone up, then I know something is going on.'”

A spokeswoman at the Customs and Border Patrol in Washington referred calls to John Saleh, a spokesman in the CBP's New York field office. He didn't return a phone call, and neither did officials from the DHS.

As frustrating as the experience has been for Marlinspike, he says it has come with some comic relief. One Customs agent who was trying to be helpful gave him a number to call to see if anything could be done to take him off the watch list. But when Marlinspike called it, he got a voicemail message that said the inbox was full. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.