selfishgene: Crossing Borders with Laptops and PDAs

Gavin (

selfishgene) wrote,
@ 2008-05-16 13:25:00

Crossing Borders with Laptops and PDAs
Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days.
Read the link at the bottom of the article too.
Truecrypt seems reliable. I haven't used their whole disk encryption yet, but the volume encryption appears solid. You may have to securely wipe your drive and send the data on an encrypted flash card to your destination. The data can be uploaded in country. When you leave rebuild the card and wipe the disk again.
If you use a laptop at all, you need to up your paranoia level. Government and freelance criminals are becoming aware of the valuable nature of laptop data. Phone and PDA are even more vulnerable. Consider a separate cheap phone for border crossing. I don't think any popular PDAs support serious encryption, so don't send them via mail.
I don't know if anyone is still unaware of this but deleting or wiping or encrypting data is utterly insufficient unless your entire drive is included. Operating systems and applications write 'slack' and 'cache' data all over the disk, even against protocol.

(Post a new comment)

boffo
2008-05-16 06:02 pm UTC (link)

When they seize your laptop, can they also legally compel you to provide passwords?

Are there software packages that will let you switch your laptop to a secure mode which localizes all data and possibly uses an entirely separate OS, but when you are in unsecure mode hides the very existence of the secure mode?

In other words, can you set up your laptop so that someone searching it wouldn't find anything interesting, and also wouldn't find any indication that anything interesting existed?

(Reply to this) (Thread)

selfishgene
2008-05-16 06:42 pm UTC (link)

It's not clear whether forcing a password is regarded as a 5th Amendment violation or not. As a practical matter they can confiscate your laptop and hold you for hours. Non citizens entering the US will probably be denied entry for refusing to give a password. Other countries may be even more severe.
You can set up a hidden drive which will look like random bytes. Unfortunately many drives are prerecorded with a specific pattern. Your random bytes might be interpreted as evidence of a hidden partition. I suspect most customs employees are too clueless but they may have a trained specialist on hand. If they specifically ask you if you have a hidden drive, you face the choice of telling an outright lie to a federal agent or admitting to it. If your lie is exposed later, you could end up like Martha Stewart.
I think the only solutions are to cross the border without your data. You can send an encrypted card via mail or download on a secure link later from your home/business machine.

(Reply to this) (Parent)(Thread)

smandal
2008-05-16 11:46 pm UTC (link)

I hadn't thought of this -- free space on the partition may be "too" random. I don't know if this applies in Linux, and would cause a problem with TrueCrypt.

As for caches and such, there are two vulnerabilities in Linux: swap space and hardware level caches. The former can be cleaned quickly with an encrypted reformat, and the latter by turning off (as opposed to hibernating) the machine. If you have enough RAM, you only need swap for hibernation which you can do without while traveling.

(Reply to this) (Parent)

madfilkentist
2008-05-16 06:44 pm UTC (link)

Whether or not they can "legally" make you give your password, the existence of data which they can't decrypt may annoy border goons enough that they'll take your computer from you if you don't decrypt it for them.

There are several ways around this. One is to put your sensitive files with strong encryption onto a server, so there's nothing on your computer to grab.

Another trick is to put your important business data in an obscurely located encrypted file, perhaps on a second account. Also put some mild porn in a conspicuous place on your computer, in encrypted form, and act very embarrassed when they make you decrypt it. They'll have found something, so they may not dig for more.

(Reply to this) (Parent)(Thread)

	zarex 2008-05-16 06:54 pm UTC (link)
	That porn thing is a really good idea. It would give them some "success" as well as explain the presence of the truecrypt software. (Reply to this) (Parent)

ilcylic
2008-05-16 07:03 pm UTC (link)

The first solution is the correct one. VPN software to access anything you need, and have a perfectly clean laptop. Make sure you've got a "restore" image for the OS, too, so you can blank slate your laptop again when it's time to go back.

It's always best to be able to avoid relying on obfuscation, and to be able to be scrupulously honest with people who can fuck you for lying to them, even if what they are asking is none of their business. Especially since just saying "I'm not telling you" opens you up to having your hardware seized indefinitely.

Enough OEM installs include a "repair" option that it's nothing out of the ordinary to have such an image on your machine.

I also strongly recommend the use of a serious disk blanking tool (20 - 30 overwrites) before re-ghosting your OS, to prevent anything being left for deep forensics. It just takes time, and the consequences are databreach to untrained border monkeys.

(Reply to this) (Parent)(Thread)

	ilcylic 2008-05-16 07:03 pm UTC (link)
	Ironically, this means that having a smaller drive is better, since you are never going to store a lot of stuff on the machine anyway, and it will make reimaging a shorter process. (Reply to this) (Parent)

	zarex 2008-05-19 04:16 pm UTC (link)
	You're right, but unfortunately this really isn't practical in general. I really would like a reasonable solution that doesn't include "don't travel with the info". It appears that the encryption discussed is a good one. (Reply to this) (Parent)

zarex
2008-05-16 06:51 pm UTC (link)

They can try to get you to disclose passwords, though there was a recent case that stated you didn't have the obligation to under the 5th amendment. But good luck getting home on time.

Truecrypt can hide encrypted volumes/partitions effectively, and they are undetectable if set up right. Even non-hidden volumes can't be distinguished from noise. So I'd say keep your laptop running normally, without encryption, and keep the goodies in a hidden encrypted container.

Then you'd just look like every other traveler with nothing suspicious.

(Reply to this) (Parent)

	the23 2008-05-16 08:28 pm UTC (link)
	there are plenty of other countries to visit. now that i've left it simply doesn't seem worth the hassle to go back. if fancy a little north american holiday it would be so much easier to go canada instead. my kid's american grandparents aren't going to see their grandson very often! (Reply to this)

contrariandoer
2008-05-17 06:41 pm UTC (link)

There are plenty of ways to hide information, such as running Linux
and encrypting files in one of the partitions and then making it
not mounted while booting up. This way, all they can see are
regular boring files.

Also, I am wondering if it is possible to get the custom agents
to sign a non-disclosure agreement and make them accountable for
leaking my trade secret when they express their interest to search
my laptop.

(Reply to this) (Thread)

selfishgene
2008-05-19 03:38 pm UTC (link)

1. They are starting to rip entire disks to their servers. At that point it can be examined at leisure. I doubt they will use brute force decryption on everyone, but you can't simply assume they won't pick on you. Most of the agents are probably clueless, but they may have some real experts on staff.
2. When did anyone make a FedGov employee accountable for anything? Did you see any government agents punished for their carelessness after 9/11 or Hurricane Katrina?

(Reply to this) (Parent)(Thread)

	zarex 2008-05-19 04:17 pm UTC (link)
	They won't break encryption from Truecrypt or similar packages, regardless of the resources they throw at it. It's good strong encryption, and has been thoroughly reviewed. (Reply to this) (Parent)(Thread)

	selfishgene 2008-05-19 10:02 pm UTC (link)
	As long as your password is good. (Reply to this) (Parent)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs