IP: Another worthwhile for Corp Execs -- Computer hard disc

[Dave Farber <farber () cis upenn edu>]

Date: Sun, 23 Aug 1998 21:08:34 -0600 (MDT)
From: Colin Plumb <colin () nyx net>
To: farber () cis upenn edu


Does anyone know just *how* this scanning works?  Do they take the hard
drive out of the laptop, or interface to it somehow?  What connector do
they use?  What do they do if the laptop doesn't have that connector?
Can they deal with zip disks?  Jaz?  Syquest?  Those new 120 MB
superfloppies?  SCSI?  PCMCIA hard drives?  PCMCIA flash memory cards?


I mean, geez, if I want to smuggle data, a waveLAN with a high-gain
directional antenna will span the straits of Dover very nicely.
(Okay, maybe assuming good weather is a bit optimitic, but there's *some*.)




What I wonder is what happens when I present the customs inspector with
a thick non-disclosure agreement specifying in excruciating detail the
logging and auditing procedures for access to the data in question,
requiring that fingerprints for each individual with access be
maintained on file, along with proof of residency in a county with an
extradition treaty for trade-secret violations, that challenge
inspections of access logs be made available, with the cost to be borne
by the maintainer if any irregularities are uncovered, that liability
insurance in the about of $1,000,000 be maintained against unintentional
disclosure, etc. etc.


Of course, I have several such (slightly different) agreements with
different organizations.  Since I am a big important crypto
consulatant, they are organizations with absolutely masses of lawyers
on staff. (Heck, let on eof them be the American Bar Association.)


It would almost be fun to land in Heathrow with a fingerprint pad
and be prepared to *do* all this, while explaining to the customs
inspector that I can authorize disclosure to him/her personally, but
if he is doing this on behalf of H.M. Customs, I need to bind
H.M. Customs and need him/her to affirm in writing that he/she is
an officer of the agency empowered to make such agreements, and
present them with a frightening-looking form enumeating the penalties
for falsely representing oneself as an officer of H.M. Government.


Oh, more scary legalese ideas...


Challenge ispections cease when the disclosee has submitted a
notarized affadavit attesting to the destruction of all copies of the
secret material and handed over final copies of the access logs.


Complicated instructions to executors and heirs on the disposal
of the material in the event of the demise of the disclosee.
Even more complicated instructions in the event of the disappearance
and presumed death of the disclosee.


All this, of course, requires three disinterested witnesses.
Fortunately, such are in plentiful supply at airport customs, but they
will have to be filled in on the details of what's happening...




"*Then*, inspector, I can decrypt the files for your inspection."
(I mean, with penalties like these for accidental disclosure, of
*course* I keep it securely encrypted.)




An interesting question is whether they'd accept deletion in lieu of
disclosure, and whether they have any idea about undeletion.
(I could easily build a disk-wiper that pretended to do random overwrites,
but really just re-encrypted the data.)

-- 
        -Colin