Security researcher: I keep getting detained by feds

Moxie Marlinspike, who doesn't know why he is being targeted, was listed in the contacts on a seized phone of a WikiLeaks volunteer.

Moxie Marlinspike at the Black Hat conference in Las Vegas last year after presenting research on security flaws with browser implementations of SSL (Secure Sockets Layer).
Moxie Marlinspike at the Black Hat conference in Las Vegas last year after presenting research on security flaws with browser implementations of SSL (Secure Sockets Layer). Elinor Mills/CNET

A security researcher who specializes in online privacy had his laptop and cell phones temporarily seized after returning to the U.S. on an international flight last night.

Moxie Marlinspike told CNET in an interview today that he had been detained and questioned after an international flight last week and appears to be on a federal "watch list" for domestic flights too but doesn't know why.

Asked if he is a volunteer with WikiLeaks, a whistleblower Web site that the U.S. government is seeking to shut down for publishing classified Afghan war files, Marlinspike said: "Definitely not. If anything, I'm slightly critical of WikiLeaks. I question the efficacy of that project."

A WikiLeaks volunteer and security researcher, Jacob Appelbaum, was detained by U.S. agents after arriving in the U.S. on an international flight in July, as first reported by CNET. His laptop was searched and his cell phones were confiscated permanently.

"I'm friends with Jake, and his equipment was seized," said Marlinspike, who uses that name as an alias and does not divulge his legal name. "My name was in his contacts on his phone."

Other people who appeared in the address book of Appelbaum's seized cell phones also have encountered trouble at borders or in airports, Appelbaum told CNET today, declining to elaborate. (An MIT researcher friend of an Army Intelligence analyst arrested and charged with leaking classified files to WikiLeaks was detained and had equipment searched by border officials at Chicago's airport two weeks ago.)

"I'm very sorry he was in my phone book," Appelbaum said, referring to Marlinspike.

Another connection between the two that might have sparked official interest: Appelbaum mentioned Marlinspike during a speech about WikiLeaks at the Hackers on Planet Earth conference in New York in July. "I quoted him because I admire him, not because he's done something wrong," Appelbaum said.

Marlinspike said his troubles started a few months ago. Before taking domestic flights, he found he was unable to print out his boarding pass and was locked out of the self check-in kiosks until an airline representative made a phone call to get approval to override the lock, he said. He also said he is subject to secondary screenings.

Last week, while he had fallen asleep waiting at an airport gate in Frankfurt airport on a layover, a man who said he was from the U.S. consulate and who had a photo of Marlinspike on his cell phone approached him and asked him where he had been, Marlinspike said. Marlinspike told him that he had given a presentation at the Black Hat security show in Abu Dhabi and the man said he had to make a phone call to Washington, D.C. and then let him go a few minutes later, according to Marlinspike.

On Monday, Marlinspike had gone through the security check point and secondary screening and was seated on a plane at John F. Kennedy International Airport for the flight to the Dominican Republic, he said. As airline workers were preparing to shut the plane door, a TSA agent ran onto the plane and escorted Marlinspike off, he said. In the walkway that leads to the plane, two agents patted him down before allowing him to get back on the plane, he said.

Returning from that trip yesterday, Marlinspike said he was met by two Customs and Border Patrol agents at JFK. With a photo of him in hand, they escorted him into a detention area and took his computer and phones away for inspection before returning them and letting him go nearly five hours later, he said.

His laptop is encrypted and the text messages and call history on his phones are encrypted. He declined to provide his password when agents asked him for it.

The agents did not say what they were looking for or why he was being detained, according to Marlinspike, who writes encryption apps for mobile devices at his San Francisco-based company Whisper Systems.

"I have no idea what's going on, why this is happening to me," Marlinspike said. "From the questions I've had to field it seems like this is part of some larger fishing expedition. There is someone somewhere who wants access to something on my laptop or my phone and they can't just come and ask me for it. And they can't get a warrant without suspicion. So, they wait for me to travel internationally because at the border they can do anything they want."

He said he has talked to a TSA supervisor who gave him a phone number to call to inquire about his case and find out how to appeal it, but the number led to a voice mail box that was full.

A TSA spokesman said he could not access records in the computer system late today in order to comment on the matter.

Customs and Border Protection spokesman Jaime Ruiz told CNET that he could not comment on any specific case, citing the Privacy Act that protects federal government records related to individuals. "We have the authority to search on a case-by-case basis," he said, before referring the reporter to the policy information on the agency Web site.

Such border seizures of electronic equipment have been going on for years. Famed hacker Kevin Mitnick, who served five years in prison for wire and computer fraud charges, was subjected to it after a trip to Colombia two years ago.

"At this point, the DHS (Department of Homeland Security) has almost destroyed my ability to run a business with international customers," Marlinspike said. "It's impossible to travel internationally frequently when this is going to be your experience because every time you may miss your connection because you're detained, and you might lose your laptop."

Marlinspike also can't trust his equipment now that it has been in the hands of the agents, because it might have keyloggers on it or be otherwise compromised, he said. He has already replaced the working cell phone he had (the other was a test device for his application development), and he said he plans to get rid of the netbook that was inspected.

The severity of the situation was acknowledged by one of the Customs and Border Protection agents who detained him for about an hour and a half in San Francisco after a flight last week. Marlinspike asked the agent if he knew why he was being targeted. Marlinspike said the agent said no and added: "We're the equivalent of postal agents with guns...When my boss' boss tells me to pick someone up then I know something big is going on."

CNET's Declan McCullagh contributed to this report.

Updated 3:05 p.m. PST Nov. 19 to correct name of Customs and Border Protection agency.