The encrypted traveler

As border enforcement as using increasingly invasive tactics, a traveler that has any privacy concerns for the data that they are carrying (especially if visiting the United States) will very likely take steps to protect themselves.

Examples:

FindLaw:

The Ninth Circuit, in a decision announced this summer, has approved forensic searches of laptop computers at the border, even when the laptop’s owner spent no time outside the airport in the foreign country and was under no suspicion of possessing foreign contraband.

Washington Post:

Nabila Mango, a therapist and a U.S. citizen who has lived in the country since 1965, had just flown in from Jordan last December when, she said, she was detained at customs and her cellphone was taken from her purse. Her daughter, waiting outside San Francisco International Airport, tried repeatedly to call her during the hour and a half she was questioned. But after her phone was returned, Mango saw that records of her daughter’s calls had been erased.

A few months earlier in the same airport, a tech engineer returning from a business trip to London objected when a federal agent asked him to type his password into his laptop computer. “This laptop doesn’t belong to me,” he remembers protesting. “It belongs to my company.” Eventually, he agreed to log on and stood by as the officer copied the Web sites he had visited, said the engineer, a U.S. citizen who spoke on the condition of anonymity for fear of calling attention to himself.

Police Blotter:

What: A business traveler protests the warrantless search and seizure of his laptop by Homeland Security at the U.S.-Canada border.

When: 9th Circuit Court of Appeals rules on July 24.

Outcome: Three-judge panel unanimously says that border police may conduct random searches of laptops without search warrants or probable cause. These searches can include seizing the laptop and subjecting it to extensive forensic analysis.

Ars Technica:

Stuart Romm boarded a plane in Las Vegas on February 1, 2004. When he got off the plane in British Columbia, Canada’s Border Services Agency stopped Romm for questioning. After learning that Romm had a criminal background, Agent Keith Brown searched his laptop and discovered child porn sites in Romm’s Internet history list. Canada then bundled Romm back onto a plane to Seattle, where US Customs agents had a chance to question him further.

They also conducted a forensic scan of his hard drive and turned up images of child pornography in Romm’s browser cache. The images had been deleted (intentionally, it appears), but were recovered by an agent using software called “EnCase.” Romm then admitted to investigators that he used Google to search for child pornography, and that his “therapy” had failed to help him quit.

Why is it always the pedophile that is used as an example of why invasive measures are justified? Perhaps all civil liberties should be put to the pedotest.

Because of the perceived need for such methods in several countries, many people, including business travelers with trade secrets, choose not to travel with any data on their person at all and access their data online when they have reached their destination.

Toward this end, I would like to call to mention this excellent document produced by the ninjas who make TrueCrypt. The concept of the hidden service via tor or the hidden volume via TrueCrypt will become more and more popular as long as searches and information harvesting becomes increasingly aggressive.

One response to “The encrypted traveler

  1. Call me paranoid, but for private data I have the machine, which is essentially data-agnostic, an external drive with a crypted container, and a thumbdrive with a crypted keychain.

    I don’t know the passwords to the containers, just the passwords to the keychains. The keychains unlock the containers.

    I don’t travel with the containers unless I have to; and if I do have a need travel with the data, then I fedex the keychain to the destination. I can’t be compelled to disclose a password I don’t know, thwarting would-be interlopers.

    The upshot of this mechanism is that the passphrases used to secure the containers can be arbitrarily complex and unintelligible — since I don’t have to know them, let alone remember them, they can be of ridiculous strength.

    The downside is that an interloper presented with the data but no key might be inclined to make things very unpleasant…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s