This article is more than 1 year old

DHS airport spooks stalk star hacker

Why are the feds trailing Moxie Marlinspike?

Last weekend, as US-based security researcher Moxie Marlinspike snoozed during a layover at the Frankfurt Airport, he awoke to a scene straight out of a Franz Kafka novel.

“Some dude shows up with a picture of me on his cell phone, and he's just looking through the crowd at the gate until he finds me,” Marlinspike told The Register. “He takes me away [and says] 'I have some questions for you that you have to answer.'”

Eventually, the man, who identified himself as an employee of the American Consulate, permitted Marlinspike to fly home, but only after the man made a phone call to an unnamed person in Washington, DC. For Marlinspike — who as a frequent traveler had already been repeatedly subjected to secondary searches and some ominous comments from his inquisitors — the incident kicked off a series of escalating confrontations with federal officials.

A few days later, as Marlinspike was embarking on yet another business trip, he was aboard a Dominican Republic–bound plane just a few minutes from takeoff. As the door was about to be sealed, a man boarded, ran down the isle and demanded that Marlinspike deplane. Waiting in the jetway were two Transportation Security Administration officials who conducted what he says was an “extensive pat down,” even though he had already been thoroughly screened. They then permitted him to reboard and take off.

The surrealistic culmination came on Wednesday night, as Marlinspike was returning from the Dominican Republic. As he deplaned at JFK International Airport, he found two Customs and Border Protection officials at the door of the plane holding a picture of Marlinspike. With one agent in front and one behind, they led him to a customs detention room where they proceeded to grill him.

“They had instructions to pick me up and to go through my electronic data,” Marlinspike said. “Their message was pretty confusing. They said, 'You don’t have to worry about your privacy because the data will never leave the room.'”

Asked to explain, the agent added: “My boss has told me to come here and look through your stuff, but they're not willing to tell me what I'm supposed to be looking for.”

Marlinspike, who refused to surrender the encryption passphrases protecting his laptop and cellphone, was not permitted to be present while the agents examined the devices. He was eventually reunited with the electronics and permitted to fly to San Francisco, his final destination — but by then he missed his original flight.

Over the past few months, at least two other security enthusiasts have also been subjected to detentions at US borders. In July, according to CNET, Jacob Appelbaum was held for three hours while being searched and questioned by federal agents about his support for the WikiLeaks website, which he has endorsed. And earlier this month, Salon reported, an MIT researcher and friend of accused WikiLeaker Bradley Manning was detained for about 90 minutes while also being searched and questioned.

None of the three men were arrested or told they were under investigation for wrongdoing. But in an era of heightened security concerns, there's little recourse any of them can take, and there's not much they can do to prevent future occurrences.

“This is one thing that's very frustrating about Department of Homeland Security security practices,” said Marcia Hoffman, a staff attorney with the Electronic Frontier Foundation who advises clients on border detentions. “They can have a profound effect on a person's life and ability to move around, and often that person doesn't know why he or she is having such difficulty or what can be done about it.”

But unlike Appelbaum and House, Marlinspike has no obvious ties to WikiLeaks and at times has voiced criticism of the whistle-blowing site. He said the increased airport scrutiny began about two months ago, when airport officials were suddenly required to call a special DHS number before allowing him to board a plane. (Marlinspike's hacking moniker is different than the name that appears on his passport.)

The heightened scrutiny is having a hugely debilitating effect on Marlinspike's cellphone-encryption business, Whisper Systems, which caters to a large number of customers abroad.

“The Department of Homeland Security is slowly destroying my ability to run a business with international customers,” he said. “I need to be able to travel internationally without missing my connection every time, without being detained for five hours and with some assurance I'm not going to lose my laptop every time I go.”

Marlinspike says he has repeatedly asked the agents questioning him why he's being scrutinized, but has yet to get an explanation.

“They make these comments like: 'Dude, you must have really pissed somebody off,'” he said. “One customs officer last week at SFO was like, 'Listen, I'd expect someone to come to your house if I were you.' I said, 'Why do you say that,' and he's like, “Listen, when my boss' boss calls me and tells me to pick someone up, then I know something is going on.'”

A spokeswoman at the Customs and Border Patrol in Washington referred calls to John Saleh, a spokesman in the CBP's New York field office. He didn't return a phone call, and neither did officials from the DHS.

As frustrating as the experience has been for Marlinspike, he says it has come with some comic relief. One Customs agent who was trying to be helpful gave him a number to call to see if anything could be done to take him off the watch list. But when Marlinspike called it, he got a voicemail message that said the inbox was full. ®

More about

TIP US OFF

Send us news


Other stories you might like