While border officials are given much broader search powers than other authorities, the issue of whether a Canadian border agent is entitled to demand access to the contents of Canadian's private phone or laptop has not been tested in court.The agents rely on a interpretation of the word goods from legislation written long before smartphones started storing huge amount of personal data. While there is no argument that border agents are entitled to search within people's luggage, the question of what inspection refers to remains uncertain.An agent can inspect a phone or laptop from the outside, but should they be entitled to compel someone to provide access to its content and if so under what grounds?In the United States, where the same issue has received some attention, the law allows Homeland Security to search electronic devices.Senior staff attorney at the ACLU in Northern California, Michael Risher, told The Register that there is an important distinction between the right of the authorities to search your possessions, and the ability to force someone to provide their password to gain access to an electronic device.
The former comes under Fourth Amendment rights (unreasonable searches and seizures) and the latter under the Fifth Amendment (not be compelled to be a witness against yourself).At the border, the authorities have significant leeway over fourth amendment rights, i.e. they are allowed to search your possessions, but not over fifth amendments rights, so, in Risher's eyes at least, they cannot compel you to hand over your password.There have been a number of divergent court decisions on both issues. Last year, the New York District Court upheld the policy that border authorities can search laptops and other electronic devices in a case involving graduate student Pascal Abidor, who was taken off a train entering the US at the Canadian border and had his laptop searched.Abidor and civil liberty groups sued the American government in 2010 to scrap the 2009 Homeland Security directive that allowed for laptop search even where there is no reasonable suspicion of wrongdoing. The decision was not appealed.But, Risher told us, a court in Atlanta ruled that unless the authorities had already seen material that they considered illegal, they could not compel people to grant them access to electronic devices. Those rules may also be different based on whether you are a US citizen or not.
The fact is that the law is extremely unclear. Risher saying he suspects the final compromise will come with the authorities, not able to compel people to provide access to their electronic devices, asserting their right not to allow the goods to enter the country.In other words, you don't have to hand over your password, but if you want to bring your phone into the US you may well have to. But that is all some way off and probably waiting on a Supreme Court decision some time in the future.Of course, this only covers border agents. The law takes a different stance when it comes to searches by the police.In July, the Supreme Court unanimously ruled that cops need a warrant before they can search the phones of anyone they arrest, wherever they are in America. It was a landmark ruling hailed by many as the first case of its kind in the digital era.Things do get more confusing again, though, when you consider that border agents' power extends far beyond the actual border or airport. They can act within a 100-mile zone from any edge of the US, which encompasses just about every major city in America and covers around two-thirds of the US population.
While border agents are entitled to stop people within that zone, they need to have reasonable suspicion of a crime to do so, and they would need a warrant or have probable cause to search a vehicle and your electronics.In short, if you are at a US border crossing or airport, your phone and laptop can be searched legally. If asked for your password, you can refuse but you can expect to either have your possessions impounded or be arrested. Note: that's why things like TrueCrypt with hidden volumes were invented.If you are not near a border or airport, you can refuse to let someone search or unlock your gear unless they have a warrant, but you'll probably need a lawyer to get you out of jail a few hours later. Freedom! I’ve mentioned the HDMI, audio and USB ports, but Slice also has an RJ45 for Ethernet, though only up to 100Mb/s. That’s the Pi origins showing through. There’s no Wi-Fi in the unit itself, but Five Ninjas is bundling a 2.4GHz 802.11n dongle. Power is provided by a 5V, 3A wall wart.Slice’s aforementioned remote is good. It uses Bluetooth (or something akin to it) which is easily paired to the base unit. The only disappointment is that the receiver – another wee dongle – isn’t built in, so that’s another USB port gone. Still, it’s very responsive and allows you to control the Slice without pointing at it. I could quite easily wander into the kitchen and, out of line of sight, start music playing.
However, the remote exposes the Slice’s key ‘flaw’, already hinted at by the software. This media centre is built almost entirely from off-the-shelf parts. The motherboard is custom, sure, but it’s essentially a glorified Raspberry Pi. Buy yourself a Raspberry Pi 2; install OpenElec; hook up an external HDD; buy the remote from Alibaba; and you have your own DIY Slice.You won’t get the very nice metal casing or the fun lighting effects, of course, but the latter are more gimmicks than anything: cute but by no means essential to the device’s operation. If you stream all your media, you don’t even need the internal storage.Five Ninjas is aware of this and, unlike so many other manufacturers, doesn’t pretend that there’s literally nothing like Slice on the market. There’s nothing here that, say, set-top boxes from Roku, Apple, Google or WD don’t do – other than the lighting effects and the support for a built-in HDD, of course.They do it more cheaply too, and provide access to online services like Netflix and BBC iPlayer, but offer far, far less scope for messing about with the hardware as you see fit. Indeed, Five Ninjas is quite happy if you re-flash the 4GB storage with another OS and turn it back into a Raspberry Pi. It wants Slice to be considered as hackable as the first Apple TV was.And I think that‘s why I like the Slice – and why I put ‘flaw’ in quote marks. You sense this is a media player built by unrepentant hardware and software tinkerers to put in their own living rooms and which they’ve decided to give everyone else a chance to own, too.
Five Ninjas has come up with a tasty Pi-powered media playback machine based on open source software. The hardware’s done, but the software needs a little further work and lacks access to many of the streaming services a lot of potential users have grown accustomed to. This is never going to be a mass-market proposition, but if its open source credentials and internal accessibility appeals, it’s worth a look. Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities.Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to suggest the flaws are deliberate.Hacker gang Lizard Squad crystallised the dangers – and opportunities – presented by router vulnerabilities when over the Christmas break they crafted a slick paid denial of service stresser service that operated on hacked boxes. Customers were found paying to flood targets of choice with gigabits of bandwidth stolen from what the black hats claimed were a fleet of half a million vulnerable and subsequently hacked routers.
A year earlier, security boffins at Team Cymru warned that an unknown gang had popped 300,000 routers in a week, altering the DNS settings to point to malicious web entities. Those routers were hacked through a self-propagating worm (PDF) that researchers had already warned about, but not yet seen. It used a mix of brute force password guessing of web admin consoles, cross-site request forgery, and known un-patched vulnerabilities.Arguably the most infamous hack in recent months was Check Point's so-called Misfortune Cookie discovered in December 2014. This vulnerability was thought to impact a staggering 12 million routers across 200 models from big names such as Linksys, D-Link, TP-Link, ZTE, and Huawei.Affected routers could be hijacked with a crafted cookie that allows attackers to meddle with just about everything on the units, from password theft to alterations to DNS and infection of connected devices.In October Rapid7 had chipped in with its own research, warning that NAT Port Mapping Protocol configurations in 1.2 million routers was sufficiently borked that remote attackers could spy on internal traffic.
Router security remains abysmal, especially among the cheapest brands,” says John Matherly, founder of the popular Shodan search engine, which crawls for internet-connected devices. “Backdoors, no automated patching and default usernames and passwords are just a few of the problems that many SOHO routers continue to face.”Matherly last month dug up an estimated 250,000 routers used in Spain that were using the same SSH keys, placing those configured for remote access at heightened risk.He also points to research published two days later by Entrust Solutions hacker Nabin Kc, who found 200,000 home routers contained a firmware backdoor, a flaw replicated across 10 different vendors who seemed to be re-branding a vanilla router.Matherly says badge-engineering seems a common practise for vendors that compete on price over form or function. “It seems that the rate of security problems discovered with routers is only limited by the number of security experts that take the time to analyse the devices,” he says.