Sunday, 18 May 2008

Avoid airport hassle by hiding your data

Laptop Airport Security From The Guardian 15.5.08:

“Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. Customs and Border Patrol has not published any rules regarding this practice, and I and others have written a letter to Congress urging it to investigate and regulate this practice.

But the US is not alone. British customs agents search laptops for pornography. And there are reports on the internet of this sort of thing happening at other borders, too.”

What puzzles me is exactly what the criteria border officials use to decide which laptops to search and which to wave through. How exactly do you identify someone who is likely to have child pornography on their computers or otherwise got something to hide in the real world?  Are those searches performed purely at random?  Or, if you're of a more cynical disposition, you might be of the opinion that a person's ethnicity factors in considerably - particularly as regards perceived threats to national security.

Anyway, the article goes on to advise that simply encrypting the whole drive is not necessarily the answer here; the official will merely demand you enter the password. And while you can refuse, they too can refuse to allow you entry.

Instead, hiding your data with a hidden, encrypted partition is the way to go. PGP and TrueCrypt are two well-respected offerings as highlighted in the article. TrueCrypt is especially excellent and free, open-source software as well. There is a thorough - if a little geeky - podcast detailing the ins-and-outs of the latest version of TrueCrypt by world renowned security guru Steve Gibson as part of the Security Now section on TWiT. When I first listened to it earlier this year, I was fascinated to head that far from slowing down system performance as you might expect encryption to do, Steve found it actually increased system performance on any machine it was installed on. I have used the paid version of Steganos Safe for the past 2/3 years and find it excellent for my needs. Last year, they even made a free version available, Safe One, which limits you to creating two, 1GB encrypted drives.

Of course, there is always the option of just not carrying confidential data on your laptop when you travel across national boundaries, or encrypt it on a USB key and secret it about your person. Or, if you’re feeling very sneaky and secret-agent-ish, encrypt it on a memory card for your camera.

2 comments:

  1. I don't really know how to react... (being a law abiding citizen and all!)

    I think there is a risk of the information getting into the wrong hands. I mean, there are people (employed by the airport) who go through the luggage and steal stuff! :O

    The next question is - what can you hide? Wouldn't it look a bit dodgy if your device was totally empty?

    ReplyDelete
  2. Definitely would look dodgy, Andro. I think the advice was to remove any highly sensitive data that you don't need to take with you - not wipe everything.

    I completely agree about the whole 'information getting into the wrong hands' point that you made, particuarly when you consider the amount of theft of luggage. Taking your laptop out of its case to be scanned is one thing, booting it up to show an official the contents is less comfortable but not appalling, but letting them take a copy of the contents is surely a massive security risk.

    ReplyDelete