Re: Peter Swire: No, You Can't Search My Laptop

[David Farber <dave () farber net>]

________________________________________
From: Jeff Nye [jpn213 () gmail com]
Sent: Monday, August 04, 2008 5:01 PM
To: gordon () twiceasgood net
Cc: David Farber
Subject: Re: [IP] Re: Peter Swire: No, You Can't Search My Laptop

Hi Gordon,

If you're willing to expose a port on your home network, then from
your destination you could use scp to transfer the VM to your location
using password authentication.  Then you do not have to trust a third
party.

I still don't understand the goal of the CBP search policy.  Suppose I
arrive at the border with a laptop or 100 DVDs full of random looking
data.  That data could be noise or it could be encrypted nuclear
secrets.  As far as I can tell, CBP has no way to distinguish between
the two cases because the data could have been XORed with a one time
pad.  If CBP asks me whether the DVDs contain any encrypted data, they
lose because I can (a) lie, or (b) correctly answer "yes" and provide
a "key" that is the XOR of my data with a stream of zeros.  I don't
see an effective response from CBP for either choice.

So I'm puzzled why they're putting people through the hassle.

Jeff



On Mon, Aug 4, 2008 at 3:17 PM, David Farber <dave () farber net> wrote:
> ________________________________________
> From: Gordon Syme [gordon () twiceasgood net]
> Sent: Monday, August 04, 2008 2:58 PM
> To: David Farber
> Subject: Re: [IP] Re:     Peter Swire: No, You Can't Search My Laptop
>
> I'm starting to think that the only "safe" way to get your laptop into the US
> would be to create a VM containing your chosen OS and data and then leave this
> at home. Travel without a laptop until you arrive at your destination.
>
> At this point you can acquire a machine, generate a keypair and export the
> public key. A trusted third party then encrypts the VM and makes it available
> for download, probably with a service like Amazon's S3.
>
> The VM can contain all your actual data contained in encrypted volumes to
> minimise the risk of having to trust a third party (though this would require
> transporting a private key inside the VM).
>
> This way you avoid the problem of taking data through the border and also of
> taking a password through with you, the keys don't exist yet so how could you
> reveal the password? Nothing carried through and nothing concealed.
>
> It's an awful lot of work to get around the risk of border searches (and the
> associated data grabbing) and skirts around the problem rather than tackling it
> head-on through legal means. I suspect that there are definite business cases
> for going to this effort though.
>
> -Gordon



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com