Interesting People mailing list archives
Re: Scnneier on Crossing Borders with Laptops
From: David Farber <dave () farber net>
Date: Sun, 15 Jun 2008 10:30:11 -0700
________________________________________ From: Marc Aniballi | Personal [marcaniballi () gmail com] Sent: Sunday, June 15, 2008 12:40 PM To: David Farber; 'ip' Subject: RE: [IP] Scnneier on Crossing Borders with Laptops Hey Dave; This brings up the other (less technical) solution to the border problem – Much like the companies that have popped up to “deliver” your luggage etc. to your destination while you travel baggage-less through the airports – there is nothing wrong with FedExing your Memory Stick or even your whole notebook bag to your destination. Then you could take a good book on the flight and relax, knowing that whether or not it arrives, you won’t have to lie to any government officials! Take any security measure – place a relatively smart person in front of it; you will have a work around in short order. If humans build it, humans can hack it. The truest effect of these laws/rulings is to discourage people from experiencing their effect. If you make taking my digital equipment difficult – then I won’t take it. I’ll send it ahead. Or I’ll bring empty hardware and send the content ahead – or download it when I get there. Child pornographers already know this (except some idiots on the consumer side, who aren’t the real problem). “Terrorists” don’t need to carry anything across borders – they buy it when they get there. So – much like the concept of charging for “bit mass” vs. “bit rate,” – the gubmint says “Vee vant to check your devizes to zee iv you ‘ave any ztolen ztuff on zem.” I recently learned a lesson in marketing – the average intellectual level in North America is reading the Enquirer, if they read at all – We’ve all heard the maxims, but I had someone “brutally” make it real for me. It really shook what little hope I held for humanity. So when I see articles like these “Security Improvement” ones, or the “Monopoly wants to protect itself from evil consumers” ones; I shake my head and wonder. Obviously the decision makers fit the North American average, and apparently their market does too. I think we may already be living in an Idiocracy. Marc Aniballi This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer. From: David Farber [mailto:dave () farber net] Sent: June-15-08 10:18 AM To: ip Subject: [IP] Scnneier on Crossing Borders with Laptops Begin forwarded message: From: Randall Webmail <rvh40 () insightbb com<mailto:rvh40 () insightbb com>> Date: June 15, 2008 12:19:24 AM EDT Subject: Scnneier on Crossing Borders with Laptops Crossing Borders with Laptops and PDAs Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. Customs and Border Patrol has not published any rules regarding this practice, and I and others have written a letter to Congress urging it to investigate and regulate this practice. But the U.S. is not alone. British customs agents search laptops for pornography. And there are reports on the internet of this sort of thing happening at other borders, too. You might not like it, but it's a fact. So how do you protect yourself? Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a "please type in your password". Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day. You're going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key - even if you also encrypt your entire hard drive - and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk . TrueCrypt is also good, and free. While customs agents might poke around on your laptop, they're unlikely to find the encrypted partition. (You can make the icon invisible, for some added protection.) And if they download the contents of your hard drive to examine later, you won't care. Be sure to choose a strong encryption password. Details are too complicated for a quick tip, but basically anything easy to remember is easy to guess. Unfortunately, this isn't a perfect solution. Your computer might have left a copy of the password on the disk somewhere, and (as I also describe at the above link) smart forensic software will find it. So your best defense is to clean up your laptop. A customs agent can't read what you don't have. You don't need five years' worth of e-mail and client data. You don't need your old love letters and those photos (you know the ones I'm talking about). Delete everything you don't absolutely need. And use a secure file erasure program to do it. While you're at it, delete your browser's cookies, cache and browsing history. It's nobody's business what websites you've visited. And turn your computer off -- don't just put it to sleep -- before you go through customs; that deletes other things. Think of all this as the last thing to do before you stow your electronic devices for landing. Some companies now give their employees forensically clean laptops for travel, and have them download any sensitive data over a virtual private network once they've entered the country. They send any work back the same way, and delete everything again before crossing the border to go home. This is a good idea if you can do it. If you can't, consider putting your sensitive data on a USB drive or even a camera memory card: even 16GB cards are reasonably priced these days. Encrypt it, of course, because it's easy to lose something that small. Slip it in your pocket, and it's likely to remain unnoticed even if the customs agent pokes through your laptop. If someone does discover it, you can try saying: "I don't know what's on there. My boss told me to give it to the head of the New York office." If you've chosen a strong encryption password, you won't care if he confiscates it. Lastly, don't forget your phone and PDA. Customs agents can search those too: e-mails, your phone book, your calendar. Unfortunately, there's nothing you can do here except delete things. I know this all sounds like work, and that it's easier to just ignore everything here and hope you don't get searched. Today, the odds are in your favor. But new forensic tools are making automatic searches easier and easier, and the recent US court ruling is likely to embolden other countries. It's better to be safe than sorry. Addendum: Many people have pointed out to me that I advise people to lie to a government agent. That is, of course, illegal in the U.S. and probably most other countries -- and probably not the best advice for me to be on record as giving. So be sure you clear your story first with both your boss and the New York office. http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t or http://tinyurl.com/5ghk3j http://www.eff.org/deeplinks/2008/05/border-search-answers http://www.cnet.com/8301-13739_1-9935170-46.htmlhttp://www.news.com/8301-13578_3-9892897-38.html<http://www.cnet.com/8301-13739_1-9935170-46.htmlhttp:/www.news.com/8301-13578_3-9892897-38.html> or http://tinyurl.com/68xgz4 My password advice: http://www.schneier.com/essay-148.html This essay originally appeared in The Guardian: http://www.guardian.co.uk/technology/2008/may/15/computing.security ________________________________ Archives<http://www.listbox.com/member/archive/247/=now> [https://www.listbox.com/images/feed-icon-10x10.jpg] <http://www.listbox.com/member/archive/rss/247/> [https://www.listbox.com/images/listbox-logo-small.jpg]<http://www.listbox.com> No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 270.3.0/1503 - Release Date: 14/06/2008 6:02 PM ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Scnneier on Crossing Borders with Laptops David Farber (Jun 15)
- <Possible follow-ups>
- Re: Scnneier on Crossing Borders with Laptops David Farber (Jun 15)
- Re: Scnneier on Crossing Borders with Laptops David Farber (Jun 15)