Rumors are swirling on the IT security forums about the real reasons for Marlinspike's – arguably one of the most high-profile IT security researchers in our industry – apparent problems, but US authorities are reported to be tight-lipped on the incident.
According to Elinor Mills, a reporter on CNet, Marlinspike has complained of being detained, and having his cellphone and laptop inspected, by the Department of Homeland Security (DHS).
As reported previously by Infosecurity, the security researcher hit the headlines late last year when he created an on-demand WiFi password cracking service – WPAcracker.com – using a powerful cluster of servers.
In the summer of last year he detailed a sophisticated man-in-the-middle browser attack methodology at the Black Hat security conference in Las Vegas.
CNet has linked Marlinspike's apparent harassment by the DHS with WikiLeaks Jacob Appelbaum, noting that "other people who appeared in the address book of Appelbaum's seized cell phones also have encountered trouble at borders or in airports."
Marlinspike told CNet that his problems with the DHS started a few months back when, "before taking domestic flights, he found he was unable to print out his boarding pass and was locked out of the self check-in kiosks until an airline representative made a phone call to get approval to override the lock".
"Last week, while he had fallen asleep waiting at an airport gate in Frankfurt airport on a layover, a man who said he was from the US consulate and who had a photo of Marlinspike on his cell phone approached him and asked him where he had been", Marlinspike said.
German newswires say that the government there is refusing comment on whether DHS staff have the right to detain members of the public on German territory, but Infosecurity understands that the 'airside' in international airports is treated as being similar to international waters, and therefore special rules apply.
CNet's Elinor Mills quoted a US customs and border patrol spokesperson as saying that that the US Privacy Act "protects federal government records related to individuals".
"We have the authority to search on a case-by-case basis," he told the CNet reporter.