Dec 08 2008

Searching laptops at the border

Published by at 7:18 am under Encryption,Government,Security Advisories

I rarely fly outside the US.  In fact, in the last year I’ve only done it once and will be doing so for a second time this week.  I am about as white bread American as you can get, but I still worry about having my laptops searched by the DHS.  I know the government says they only search a small fraction of all systems coming across the border, but if you’ve ever seen the hacking stickers on my Mac Book Pro, then there is a possibility that some agent out there might think that gives them a valid reason to search my laptop.  Last time I came through, they swabbed my Mac Book for explosives after all.

My personal computer has a lot of stuff on it, but nothing I’d be worried about someone else seeing, but my work laptop is a different beast all together.  I have a lot of sensitive information about clients on it, including screen shots of their software configuration, firewall configurations, policies, not to mention all the contact information and correspondence with said clients.  I doubt there’s anything I have that would shut down a business, but in the wrong hands the information I have could cause more than a few companies some late night sessions resetting passwords and changing configurations.  That’s why the drive is encrypted and I have a passphrase that’s more than 30 characters long.

So what happens if I’m stopped at the border and asked to type in my password?  If it’s my personal computer, I’ll probably say go for it and give type in the password.  But if it’s my work computer, where do I draw the line?  I’ll be coming back later in the week, I’ll be tired and want to get back to my family.  Do I say no, call my corporate council and prepare to be detained for however long it takes things to get worked out?  Do I bend my own morals and let them have what they want?  Or is there another alternative?

Seriously, I have absolutely no expectation of something like this happening.  On the other hand, it won’t hurt to have the company lawyer’s card handy as well as contact information for the Electronic Freedom Frontier.  You never know what’ll happen if I’m sleep deprived enough to get really beligerant on my way home.  Can I tell the border agent I’ve met their supreme leader, Secretary Chertoff?

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

6 responses so far

6 Responses to “Searching laptops at the border”

  1. Jimon 08 Dec 2008 at 8:07 am

    When I have traveled international, I have taken with a “clean” laptop (wipe a system with 0s to every sector, then fresh install of the OS, install apps, then don’t use it) with no data on it. Any data that I may need while I away I make sure is online for me to download in an encrypted manner.

    Before the return trip, delete the data and wipe free space with 0s.

    Other thing I have done before when I have too much data to make a download practical is take a clean system, install vmware and truecrypt. Create a truecrypt file someplace in a system location (windows WINNT\system32\hosts or Linux /etc/hosts.bin or something like that), then use that location as the storage for VMware to locate a VM. Then do all the work in the VM.

    More simple things I have heard of working is on your Mac would be locate all data outside the home dir, and turn off and delete the spotlight index. The “inspection” is largely superficial and those sorts of simple things have had some reports of working. With client data however, I would not play.

    Other things worth trying include putting a OS on a SD card, along with a pic. Then put the SD card in a camera. When the camera is checked, people see a pic and don’t think much else about it. When you are ready to use the computer, pull it out and boot your computer off of it. There are so many ways to hide data it is not even funny. Thats why this whole border searching is such a supreme joke.

    I know I overkill this stuff, but when it comes to travel with client data, there is no reason to play games. Either don’t take it, or do it the right way.

  2. Jim Corioon 08 Dec 2008 at 8:37 am

    Similar to Jim’s answer above… a little planning and diligent adherence to the process makes a fairly good solution.

    I usually place a hidden truecrypt volume on my system and in that truecrypt container I keep the VM that I run for engagements… so that my local registry is fairly clean… standard business tools like Word, Excel and such that I use for generic work. The VM contains all of the customer sensitive data including a second installation of office with Temp folders mapped to the encrypted volume.

    I think for general travellers (who require a notebook) the clean notebook is the way to go as well as the education and awareness that the machine can be checked at the border and that standards for privacy and pornography differ from country to country so they should be aware of anything that may potentially have landed on the computer.

    For those who have to travel with a working notebook (demo, presentations, tools, etc) it makes sense to put everything out of sight.

  3. anonymouson 08 Dec 2008 at 9:36 am

    you could also create a hidden operating system with truecrypt so if they ask you to open up the laptop and enter your password, you enter the password for the dummy OS while your real OS with the important data is hidden.

  4. John D.on 08 Dec 2008 at 12:07 pm

    I’m going to make a different suggestion than the rest. I’d say check with your corporate council /before/ you leave. I figure there’d be one of three responses to the question: a) we don’t have a policy/stance b) we’ll cross that road when we need to or c) here’s the corporate policy… There shouldn’t be any need to worry about this sort of thing.

    On the flip side, if you’re someone who makes policy for your company, what would you make the company policy? Should you even have client information on your laptop during a border crossing? For that matter, should you have client information on your laptop for an extended period of time, e.g. longer than you’re currently working with it?

    And on the third side of this coin as a customer/client, what would I prefer my consultants to do with my data prior to a border crossing? I figure a good chunk of folks wouldn’t consider it unless brought up. Then another chunk of folks wouldn’t want their data on your laptop during a crossing or for an extended period of time either.

  5. Greg Greenleeon 09 Dec 2008 at 1:47 pm

    There is an actual howto for Linux that requires you to boot your computer from a flash drive and if it’s not present it boots into your safe and harmless installation of windows. Its pretty cool actually.

  6. Juergen Pabelon 09 Dec 2008 at 3:12 pm

    Just an idea: Encrypt all data. Keep a copy of your cryptographic key inside the US (or mail it there). Delete the cryptographic key on your computer before the plane lands.

%d bloggers like this: