Katie Moussouris, chief policy officer at HackerOne who played a major role in developing Microsoft’s Bug Bounty Program, has aired her concerns after she was not only asked to turn on her laptop (standard procedure) at France’s Charles de Gaulle airport recently, but was asked to log-in to her device. After tweeting the incident, netizens became involved in an online dispute as to what this means in terms of privacy and security.

Personnel at CDG airport took Moussouris by surprise when for the first time, she says, in countless trips abroad, she was asked to log-in to her device. While some of the comments on her Twitter account later revealed that such a request by officials is not anomalous, Moussouris felt it an invasion of her privacy. She wrote on her blog, “The security agent at the gate had me pull out my laptop, turn it on, & further asked me to type in my password, which decrypted the full disk encryption of the drive, even after she saw that it did boot up.” She added that she has never known of anyone being asked to log-in to a device, and thought the incident “very unusual”.

Twitter speculation over the incident seemed to conclude that she was targeted because she works at a company that helps organizations run vulnerability programs. Although she quickly responded by saying that none of the employees at HackerOne have “access to organizations’ confidential vulnerability reports or their sensitive data.”

Moussouris puts the incident down to sheer over-zealousness by an official, although she adds that had she been asked to start typing on her laptop then she would have certainly missed her flight in order to see the consequences when one refuses to give up data and is then forced to against their will.

While her blog post seems lighthearted she did call the entire experience “unsettling”. Respondees to her tweet were not so phlegmatic, with one comment saying that the incident was a “plain abuse of power”. While refusing to decrypt information could result in imprisonment according to 434-15-2 in the Penal Code, it would seem that there must be reasonable cause to demand the decryption and also a warrant to be issued.

Photo credit: Paurian via photopin cc