DHS airport spooks stalk star hacker

Why are the feds trailing Moxie Marlinspike?

  • alert
  • submit to reddit

High performance access to file storage

Last weekend, as US-based security researcher Moxie Marlinspike snoozed during a layover at the Frankfurt Airport, he awoke to a scene straight out of a Franz Kafka novel.

“Some dude shows up with a picture of me on his cell phone, and he's just looking through the crowd at the gate until he finds me,” Marlinspike told The Register. “He takes me away [and says] 'I have some questions for you that you have to answer.'”

Eventually, the man, who identified himself as an employee of the American Consulate, permitted Marlinspike to fly home, but only after the man made a phone call to an unnamed person in Washington, DC. For Marlinspike — who as a frequent traveler had already been repeatedly subjected to secondary searches and some ominous comments from his inquisitors — the incident kicked off a series of escalating confrontations with federal officials.

A few days later, as Marlinspike was embarking on yet another business trip, he was aboard a Dominican Republic–bound plane just a few minutes from takeoff. As the door was about to be sealed, a man boarded, ran down the isle and demanded that Marlinspike deplane. Waiting in the jetway were two Transportation Security Administration officials who conducted what he says was an “extensive pat down,” even though he had already been thoroughly screened. They then permitted him to reboard and take off.

The surrealistic culmination came on Wednesday night, as Marlinspike was returning from the Dominican Republic. As he deplaned at JFK International Airport, he found two Customs and Border Protection officials at the door of the plane holding a picture of Marlinspike. With one agent in front and one behind, they led him to a customs detention room where they proceeded to grill him.

“They had instructions to pick me up and to go through my electronic data,” Marlinspike said. “Their message was pretty confusing. They said, 'You don’t have to worry about your privacy because the data will never leave the room.'”

Asked to explain, the agent added: “My boss has told me to come here and look through your stuff, but they're not willing to tell me what I'm supposed to be looking for.”

Marlinspike, who refused to surrender the encryption passphrases protecting his laptop and cellphone, was not permitted to be present while the agents examined the devices. He was eventually reunited with the electronics and permitted to fly to San Francisco, his final destination — but by then he missed his original flight.

Over the past few months, at least two other security enthusiasts have also been subjected to detentions at US borders. In July, according to CNET, Jacob Appelbaum was held for three hours while being searched and questioned by federal agents about his support for the WikiLeaks website, which he has endorsed. And earlier this month, Salon reported, an MIT researcher and friend of accused WikiLeaker Bradley Manning was detained for about 90 minutes while also being searched and questioned.

None of the three men were arrested or told they were under investigation for wrongdoing. But in an era of heightened security concerns, there's little recourse any of them can take, and there's not much they can do to prevent future occurrences.

“This is one thing that's very frustrating about Department of Homeland Security security practices,” said Marcia Hoffman, a staff attorney with the Electronic Frontier Foundation who advises clients on border detentions. “They can have a profound effect on a person's life and ability to move around, and often that person doesn't know why he or she is having such difficulty or what can be done about it.”

But unlike Appelbaum and House, Marlinspike has no obvious ties to WikiLeaks and at times has voiced criticism of the whistle-blowing site. He said the increased airport scrutiny began about two months ago, when airport officials were suddenly required to call a special DHS number before allowing him to board a plane. (Marlinspike's hacking moniker is different than the name that appears on his passport.)

The heightened scrutiny is having a hugely debilitating effect on Marlinspike's cellphone-encryption business, Whisper Systems, which caters to a large number of customers abroad.

“The Department of Homeland Security is slowly destroying my ability to run a business with international customers,” he said. “I need to be able to travel internationally without missing my connection every time, without being detained for five hours and with some assurance I'm not going to lose my laptop every time I go.”

Marlinspike says he has repeatedly asked the agents questioning him why he's being scrutinized, but has yet to get an explanation.

“They make these comments like: 'Dude, you must have really pissed somebody off,'” he said. “One customs officer last week at SFO was like, 'Listen, I'd expect someone to come to your house if I were you.' I said, 'Why do you say that,' and he's like, “Listen, when my boss' boss calls me and tells me to pick someone up, then I know something is going on.'”

A spokeswoman at the Customs and Border Patrol in Washington referred calls to John Saleh, a spokesman in the CBP's New York field office. He didn't return a phone call, and neither did officials from the DHS.

As frustrating as the experience has been for Marlinspike, he says it has come with some comic relief. One Customs agent who was trying to be helpful gave him a number to call to see if anything could be done to take him off the watch list. But when Marlinspike called it, he got a voicemail message that said the inbox was full. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.