Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Appeals Court: Border electronics searches are okay

From: David Farber <dave () farber net>
Date: Thu, 24 Apr 2008 09:45:39 -0700

________________________________________
From: Dave Crocker [dhc2 () dcrocker net]
Sent: Thursday, April 24, 2008 12:39 PM
To: David Farber
Cc: ip; EEkid () aol com; Richard Forno
Subject: Re: [IP] Re:   Appeals Court: Border electronics searches are okay

Folks,

Worrying about inspections at borders is titillating but probably distracts
discussion from the larger and more pervasive examples of unwanted inspection
of data on a laptop: physical theft or loss.

Protect against that, in a way that is viable on a daily basis, and the border
concern is automatically also dealt with.

So it's fine to have concern over border inspection serve to motivate efforts
at protecting mobile data privacy, but it probably should not guide design.

We've seen the same distinction for developing trust-based mechanisms to
"fight" spam and other abuse.  Good for motivation, bad for design.

The design needs to solve things in a way that fits into daily use, rather
than being tailored too specifically for special use cases.  And no matter how
much you cross borders, it's a special case, compared with the rest of your
laptop use.

As with so many other security issues, in the case of laptop privacy, the core
technical challenge is almost certainly a human factors one.

Keeping data on a peripheral that is removed is inconvenient and really
doesn't solve the problem, since the peripheral is also subject to inspection.
  And for a large enough amount of data, the i/o rate is not good enough or
the storage choices are too limtied.  Or both. So it is not likely to scale
into widespread use.

Having file or disk encryption performed automatically certainly sounds
appealing, but it creates the question of how the data are unlocked.  If it is
convenient enough for daily use by mass-market users, does it really provide
meaningful protection?

So, for example, having login (boot-time or waking from sleep/hibernation)
also unlock the data is extremely appealing, since it creates no new
human-factors effort.  But does it provide protection against a laptop stolen
when you step away from it for a few seconds?  Does it need to?

I think this translates into the question of granularity for the user activity
that controls the crypto.  Does the human factors check take place at the
right times to be useful while still being tolerable?

d/

David Farber wrote:

depends on if you can hide it. Better, I think, is a very small size flash

drive that you keep all your private stuff on encrypted and "hidden"


Dave
________________________________________
From: EEkid () aol com [EEkid () aol com]
Sent: Wednesday, April 23, 2008 7:40 PM
To: David Farber
Subject: Re: [IP] Appeals Court: Border electronics searches are okay

Dr. Farber,

I've noticed that it's very easy to remove the hard drive on some laptops.

Particularly the Dell's I've owned. Removing two screws and the hard drive
slides out connected to a plastic drawer like holder. It can easily fit in a
pants or jacket pocket.


--

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: