more on Police Blotter: Laptop border searches OK'd

[David Farber <dave () farber net>]

Begin forwarded message:

From: Roger Weeks <rjw () mcn org>
Date: July 28, 2006 12:43:18 PM EDT
To: dave () farber net
Subject: Re: [IP] more on Police Blotter: Laptop border searches OK'd

Dave -

For IP on the laptop border searches:

I'm suprised that no one else has mentioned this so far, but this  
type of situation is one of the many excellent reasons to use an  
encrypted filesystem on your laptop hard disk, and to set up other  
types of security.

For example, my PowerBook G4 is set up to use the built-in feature of  
OS X called FileVault, which encrypts the user's home directory.  The  
home directory on OS X contains the browser cache for Safari,  
Firefox, and Camino, and I have to assume, any other browser cache  
for Opera and other browsers.

I have also set an Open Firmware boot password.  See
http://www.apple.com/downloads/macosx/apple/openfirmwarepassword.html
for details.  When I travel I never put my laptop to sleep, but  
rather I shut it all the way down.  This is marginally less  
convenient, but it means that if my laptop is stolen or confiscated,  
the Open Firmware password will be the first thing that the attacker  
sees.  Supposing that is broken, they will then have to deal with  
logging into my laptop.

My root account is disabled, like all OS X installs.  I have my login  
preferences set to not show the usernames on the computer, so the  
attacker will have to guess both a login name and password.

If the attacker were to take the hard disk out of my laptop and make  
an image of it with forensic software, they would find an encrypted  
partition.  I'm sure the NSA probably has the horsepower to throw at  
cracking AES-128 encryption, but chances are my laptop will never get  
to them if we're talking about local law enforcement.

For those in the Windows or Linux world, you can set a BIOS password  
on your laptop which is very similar to the Open Firmware boot  
password for Apple Hardware.

Windows XP and Windows 2003 both include support for encrypting  
filesystems using DESX or 3DES, via the Encrypted File System.  PGP  
Corp sells a product called "PGP Whole Disk Encryption" for Windows  
2000 & XP that uses AES-256 encryption.

Linux users can make a loopback encrypted filesystem for storing  
anything they wish to be encrypted.  See http://www.tldp.org/HOWTO/ 
Cryptoloop-HOWTO/ for details.

I don't believe it is a crime in any US Federal or State law, or in  
Canadian law, to set passwords and use encryption.  In the US, I  
believe that a warrant would be necessary for law enforcement to ask  
for your password, but I don't know if you have to comply.  IANAL.

--
Roger J. Weeks
Systems & Network Administrator
Mendocino Community Network
Now offering DSL across California



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/