The Failing Right of Laptop Privacy

davidwr writes "Wired has an interesting editorial on laptop searches and seizures. It raises some interesting issues, including employee rights against police searches in the workplace, routine vs. non-routine searches at ports of entry, and police use of unrelated data found in a database search. The article ends saying: 'Of course, there's a chance that the courts will not recognize the different scope of privacy interests at stake in computer searches, or will not be adept at crafting a rule that gives enough leeway and guidance to law enforcement, while also protecting privacy. At that point, the Constitution may fail us, and we will have to turn to Congress to create rules that are better adapted for the information age.'"

At that point, the Constitution may fail us

[by Anonymous Coward]

The constitution certainly left the building back in the age of the new deal, possibly even as early as aliens and sedition.

Re:At that point, the Constitution may fail us

[genrader (563784)]

AMEN. The New Deal was not the last of the Constitution though. Alien and Sedition Acts were bad, as were many other things, but the death of the Constitution was in 1913, when Congress took away its own power to coin money and gave it to a private bank, as well as the introduction of the income tax and the end of Senators being elected by states. The only reason we have it so good now is because of our wariness of tyranny and the great age of capitalism, but that will all end when the right tyrant comes along.

Re:

[The Warlock (701535)]

the introduction of the income tax and the end of Senators being elected by states.

Oh, what bullshit. Look, if the constitution wasn't supposed to be amended, then Article Five wouldn't be there in the first place, would it?

Re:

[RexRhino (769423)]

Oh, what bullshit. Look, if the constitution wasn't supposed to be amended, then Article Five wouldn't be there in the first place, would it?

Sure, the constitution can be amended... but much like prohibition, eliminating state legislators from electing senators sucks, amendment or not.

Re:At that point, the Constitution may fail us

[k1e0x (1040314)]

Word.

1913 was the *start* of us loosing our rights but with the recent stuff (patriot act, land seizures, warrant less wire taping, military tribunals) its all gone now.

I cant think of a single part of the bill of rights that we still have.

Why is speech "limited" at political rallies or universities? Why is hate speech a crime? ..because the 1st Amendment is meaningless.

Why are there gun laws restricting firearms? ..because the 2nd Amendment is meaningless.

The 3rd.. is possibly impractical.. and also probably meaningless as well.. but if not, the feds will find a way to make it legal.

The government can search practically anything they want now? Laptops, Phone records, E-Mail, you name it, why? ..because the 4th Amendment is meaningless.

How can the City of New London takes peoples land and give it to Pfizer? ..because the 5th Amendment is meaningless.

Why is José Padilla been in jail for 4 years being tortured, when his case is still pre-trail? ..because the 6th (and 8th) Amendment, are meaningless.

Why does just about everyone accused of mutable crimes seek a plea bargain for a lesser offence instead of standing up for there rights? Why does the state tack on so many charges with extreme punishment (101 years for spamming)? ..because the 7th Amendment is -basically- meaningless.

Why is a man being sentenced to 101 years for spamming? Why is another man sentenced (and denied appeal) to 50 years in prison for selling pot? Why are children being convicted of molesting each other? ..because the 8th Amendment is meaningless.

Why does the government have the power to do anything we don't specially say they don't have or can pick apart and widdle down the other rights we have? Why is it the people reserve no rights beyond what's listed in the constitution .. that or what the government allows? ..because the 9th and 10th Amendments are meaningless.

We have a "vestige" of the construction.. we don't actually have enforceable rights in the same sense as they were written. The Ed Brown case is part of this, the court would not allow him to use constructional law in his court. read that again.. you can't use the construction.. the highest law on of land in a U.S. federal court. The judges swear an oath to it but its entirely irreverent anymore.

Re:

[Mr. Slippery (47854)]

I'd almost argue this. After all, there's no reason a person needs a main battle tank, or a series of cruise missiles, sitting in their backyard.

Can you "bear" a main battle tank or a cruise missile? No.

"Arms", in historical context, meant guns that were carried by a soldier. The term was understood to be distinct from "cannon", big-ass guns that were not something a man would "keep and bear".

If a weapon is something that an infantryman would carry into battle, it falls within the rightful scope of

Re:

[budgenator (254554)]

Are you implying that we should have universal military service like Switzerland and Israel? That would keep the militia organized and well regulated.

Re:

[falconwolf (725481)]

There's also the part about it being for an organized militia. You left that out.

The second admendment does not say firearms are limited to a militia, it specifically states the right of the people to keep and bear Arms, shall not be infringed. [usconstitution.net] People have the right. It make perfect sense when you consider the Founding Fathers were concerned about a tyrannical government, when only the government has firearms and not the people, it invites the government to become tyrannical. that's what happened in 1

Re:At that point, the Constitution may fail us

[falconwolf (725481)]

Why is José Padilla been in jail for 4 years being tortured, when his case is still pre-trail? ..because the 6th (and 8th) Amendment, are meaningless.

He's admitted to blowing up a civilian airplane and is a fugitive from Venezuela.

That's not Jose Padilla [wikipedia.org], Padilla was the so called dirty bommber arrested at Chicago's OHara airport. The one you're think of that blew up that airplane, Cubana Flight 455 [wikipedia.org] is Luis Posada Carriles [wikipedia.org], a Cuban living in Miami as a free man. Venezuela has repeatedly asked the US for his extradiction but the US refuses to hand him over.

Falcon

Re:

[westlake (615356)]

The New Deal was not the last of the Constitution though. Alien and Sedition Acts were bad, as were many other things, but the death of the Constitution was in 1913, when Congress took away its own power to coin money and gave it to a private bank, as well as the introduction of the income tax and the end of Senators being elected by states

Pfui.

You both sound like you would be more comfortable with a hereditary House of Lords

---or is it the Corporate State of Microsoft?

The late nineteenth century Senat

And Hopefully...

[photomonkey (987563)]

When the day comes that the Constitution can no longer protect us in the information age, we have a Congress actually interested and willing to step in on behalf of the people.

'Hopefully' is one way to put.

[Elemenope (905108)]

For myself, though, I must admit reading the last sentence of the summary more like this:

"At that point, the Constitution may fail us, and we will be screwed."

Re:And Hopefully...

[kfg (145172)]

Democracy is a device that ensures we shall be governed no better than we deserve. -G.B. Shaw

KFG

Re:And Hopefully...

[kfg (145172)]

Democracy is a device that ensures we shall be governed no better than the majority deserves.

Shaw used the royal "we" and his observation was directed at your point. Democratic forms of government at best serve the lowest common demoniator (which is something rather different than the majority). At worst it is, of course, nothing more than a self-satisfied lynch mob.

Which is why the framers gave us a Congress instead of a democracy (they knew about Athens), under a constitution (they knew about Rome). They anticipated Shaw's further observation that anyone who robs Peter to pay Paul can always count on the support of Paul.

It is not the fault of Congress if the least common denominator has demanded more and more democracy while deserving it less and less.

It is the fundamental premise of our governmental philosophy that the government will be corrupted and that it is the responsibility of The People, freemen all, to see to their own freedoms.

Where The People demand the "freedom" to be endentured in order that they may be "free" to watch Survivor and Big Brother on a really big TV, that is the freedom they will get.

Freedom is messy and uncomfortable. The People would rather be comfortable serfs than uncomfortable freemen, in numbers far greater than a simple majority. Let's call it, ooooooooh (pulling a number out of my ass that probably isn't too far wrong) - 98%.

Give me liberty, or give me. . .ooooooooooooooo, shiney!

KFG

Re:And Hopefully...

[zCyl (14362)]

When the day comes that the Constitution can no longer protect us in the information age

Uh, but it does, and plainly so. Not only is a laptop part of a person's "effects" as protected explicitly in the fourth amendment, but the contents of a laptop are ones papers. The search of papers inside of a laptop is thus the same as the search of papers inside of an envelope. The transmission of a paper via email is no different than the transmission of a paper via postal mail. The constitution plainly and clearly provides protection for this, and it is simply a question of whether the courts will acknowledge this now, or come to their senses later. It is not exactly a matter of interpretation when the language is that clear.

Re:

[cptgrudge (177113)]

Perhaps we'll just need to bring the papers and effects closer to our "person" in the interim. How many people might get a little bio-engineered implant that holds a relatively large amount of data? Access it over bluetooth, direct via your mind, or something else.

Of course, there are a lot of steps between that technology and reality, but I think forcing a person into surgery to get at some data which may or may not be hidden away inside of them would rub a lot of people the wrong way.

You must be a terrorist!

[www.sorehands.com (142825)]

Living document? Constitution? What are you trying to hide? You must be a terrorist if you are trying to hide behind the constitution.

If you had nothing to hide, you'd have no qualms about us inspecting your computers, listening on your phone calls, and being searched when we feel like it.

What are you trying to hide?

Re:

[blincoln (592401)]

> I see the skin as a natural barrier, and would prefer to go Amish rather than be some ghoulish cyborg

Seconded.

You two both misspelled "totally awesome and sweet." You might consider a spelling-and-grammar implant.

Re:And Hopefully...Constitutional Plugins

[mrchaotica (681592)]

Why bother with naughty websites when, if you're implanting stuff anyway, you could just put in an artificial gland that would release endorphins (or whatever) on command?

Re:

[blincoln (592401)]

THAT's why you need absolutes in laws

Right, because modern legal language like the kind used to write EULAs and NDAs is so superior to the Constitution, which can be read and understood by normal people.

Just because modern Americans tend to be so petty and self-serving that they demand things be explained with a page of words instead of a sentence does not mean that's how things should be done.

Congress makes laws in our interest??

[by Anonymous Coward]

"we will have to turn to Congress to create rules that are better adapted for the information age.'"

Turn to congress for help in protecting our liberties? Haha, that's a good one. He must be new here.

Re:

[Divebus (860563)]

we will have to turn to Congress to create rules that are better adapted for the information age

Oh, yeah... go ahead and mod me down, but... SOLD TO THE HIGHEST BIDDER!... or most influence.

one word...

[SylvesterTheCat (321686)]

...encryption.

TrueCrypt or PGPDisk or....

Re:one word...

[Elemenope (905108)]

Many countries, such as Britain, criminalize witholding encryption keys from law enforcement to the extent that unless you are actually a terrorist with detailed and executable plans of action labeled 'evil plot' stupidly stored on your laptop, you are probably better off (in the criminal liability sense) just giving it to them. Sadly, I don't think that the US is far behind on this one, either.

Re:one word...

[dgatwood (11270)]

That's what a steganographic filesystem is for: plausible deniability. You have multiple layers of data encryption, none of which know about the lower layers, each of which stores data in the free space left behind by the upper layer. They ask you for the password, you provide the password to financial records at the first encrypted layer. For that matter, you could have an unencrypted layer on top so that there's no proof that any encrypted data even exists. In the unlikely event that they find the crypto tool, though, you have financial records at the first encrypted level. Say that there's nothing else, but under duress, admit to a second level with something a little more embarrassing (e.g. your porn collection). Keep anything that has to be kept secret at the third level.

There are two big problems, though: 1. Writes to the upper layer overwrite data at the lower layers, so the redundancy at the lower layers is pretty crucial to avoid data loss, and even then, beyond a certain point, you'll start losing data. 2. All the implementations I've seen out there are Linux-only (or at best UNIX/Linux), which makes them less than useless for most of the general public.

Re:

[MrSteveSD (801820)]

All the implementations I've seen out there are Linux-only (or at best UNIX/Linux), which makes them less than useless for most of the general public.

TrueCrypt allows for hidden volumes (i.e. encrypted areas within encrypted areas) and it's a windows program. They claim it's not possible to detect the hidden volumes, but I have to take their word for it.

Re:

[SeaFox (739806)]

TrueCrypt allows for hidden volumes (i.e. encrypted areas within encrypted areas) and it's a windows program. They claim it's not possible to detect the hidden volumes, but I have to take their word for it.

Actually, they say it is possible to detect hidden volumes [truecrypt.org] a few ways, one being if you're using a journaled filesystem on the host device. It will be possible to see changes to hard disk sectors that the directory will say are not being used by files. So the solution is not to format the source disk as N

Re:

[budgenator (254554)]

Try this senario, I'm crossing the boarder with my laptop, someone with the same name as me is an EvilTerrorist(TM) being watched. In the back room they slip in a Knoppix cd and dd my harddrive out through the ethernet port. Of course they quickly figure out that I'm the wrong guy so what do they do, the honorable thing is to dump all that data, the human thing is to be embarassed and go fishing for some dirt. At least with encryption it'll cost them some effort to be human instead of honorable.

So you're screwed with TPM, then?

[artifex2004 (766107)]

With TPM, I won't have the keys to at least one section of my own computer's hard drive. Trusted computing at its finest.

Re:

[KillerCow (213458)]

one word... ...encryption.

It's too bad that having encrypted documents (or encryption software) is probably grounds to have you "detained."

So?

[Robber Baron (112304)]

So keep your sensitive personal data on a server at home, where the protections against warrantless search and seizure are more clearly defined, and take with you on your laptop only what you need. Also there are all sorts of ways to remotely access your at-home data securely (DNS Forwarder/VPN, etc). That way your data is there when YOU need it and not sitting on your portable when you are crossing borders or sitting in your employer's office.
I have made it quite clear to contractors that their laptops will be subject to scrutiny prior to their being permitted to access our corporate LAN, as well there my be periodic spot-checks, especially if I suspect that a laptop might have become infected with something nasty.

Re:So?

[E8086 (698978)]

But there are still so many who fail to keep work out of the rest of their lives or the rest of their lives out of their work laptop. The article's author freely admints that her laptop was purchased by not her, possibly an employer. If it's not yours it's, well, not yours and anything no matter how personal you put on it is not yours. Unless you have some written agreement allowing all data stored on it to be your personal property, think lease, you don't own what's on it either. I've made it a point to NOT have a work laptop, or e-leash as it should be called as you may be expected to take it home and put in some late night or weekend unpaid time.
If you have to have carry some personal data around with you, and/or don't happen to have a secure server at home, encrypt(and hidden file) it and stick it on the non-music/video area or notes folder of an ipod. They're far more common than linux running laptops and probably far less likely to create draw unwanted attention.

airport/boarder/other security guard/storm trooper: what's that?
you: my ipod
guard: turn it on
you: ok
guard: looks good, these are not the droids we're looking for, move along

Or it may remain unnoticed and unquestioned in your pocket

Re:

[humphrm (18130)]

The article's author's presumptions are flawed, and the posters here (at least so far) are absolutely correct. There has never been a presumption of privacy in the workplace, and there has always been an exception for warrantless search and siezure at borders. That's been well known and upheld in the courts for years. So you decided to put your personal data on a company asset for which you know that no presumption of privacy exists, and that's the courts fault? Eh? How does that work, Jennifer? I fin

deliberately muddy the waters

[mabhatter654 (561290)]

What you've got here is a deliberate attempt to muddy the waters of searching laptops... they're arguing is that you shouldn't worry about your work laptop being searched because it's not yours, and usually work disallows you from putting private data on there anyway. There's two problems with that. First, if it's a work laptop the TSA is searching, YOU are not the owner, especially if you are following the rules, what would you do with an encrypted volume or such work put on there to keep your email or c

Two words

[HangingChad (677530)]

Disk encryption. You can get TrueCrypt for free and encrypt a partition with a hidden partition inside. Keep it on a USB drive or external hard drive. See you in about five years after the NSA's supercomputer has been trying to decrypt it.

Of course, in the US today they'll probably just disappear you to GITMO while they work on it.

Encryption is the only real option

[cje (33931)]

It doesn't matter if you're worried about a snooping government, script kiddies, nosy roommates or family members, or anybody else you don't want looking at your data. In this day and age, there really is no substitute for encryption, and there's also really no excuse to not be using it, given the amount of options (many of them free, as in speech and beer) available today. There's no reason to leave things like tax returns, sensitive work projects, etc. sitting out in the open.

One of the best things that I've done recently is to wipe and randomize a 40-gig partition on one of my drives and set up a 256-bit AES-encrypted ext3 filesystem. Unless I enter my lengthy passphrase, there is no way to mount the volume, much less look at its contents. Barring some unforseen weakness in AES, this is now data that nobody but me will ever see (unless I do something silly like forget to unmount it).

It is, in many ways, a brave new world, but people need to know that there are things they can do to protect themselves. This, of course, is not news to the Slashdot crowd, but it is something that the less-clueful public needs to hear about.

Re:

[by Anonymous Coward]

Real option... are you really prepared for it? Let's say you're at the border with an encrypted partition. Are you hoping they won't notice the partition? Let's say they find it.

Officer: What is this 40-gig partition here?

You: I don't know, random junk.

Officer: So you don't mind if we zero it?

You: Don't do that! It's my personal files... encrypted.

Officer: Please unlock it so we can take a look.

You: No thanks. It's just my personal files anyway.

Officer: You know, this is the equivalent of transporting a saf

Re:

[mrchaotica (681592)]

Well, out of the Bill of Rights [cornell.edu], Amendments 1, 7, and 8 make absolute statements prohibiting certain acts of Congress (e.g. "Congress shall make no law..."); Amendments 2, 4, 9, and 10 refer to "the people" which could mean all people or 'the people of the United States' (i.e., citizens); and Amendments 5 and 6 use language referring to "no person" or "the accused," which can only mean that they apply to all people, not just citizens. (And for completeness, Amendment 3 would only be relevant for people who

Re:Encryption isnt that safe

[bussdriver (620565)]

1) password strength is important (and used only 1 thing)
2) If they can HEAR you type it, they can guess it
3) They can install a keyloggers of many kinds
4) ENCRYPT YOUR SWAP FILE-- don't assume that memory is locked
5) Encrypted swap implementation has to properly handle the keys
6) You must be in control of the information, 3rd parties can give into probable cause
7) Using a rare filesystem has gotten people off in some cases
8) Beware of wireless keyboards
9) Some forms of security without government back door

Re:

[Technician (215283)]

Barring some unforseen weakness in AES, this is now data that nobody but me will ever see (unless I do something silly like forget to unmount it).


At home, the alarm drops power to the UPS which initiates a shutdown. Unexpected visitors while I am away auto lock sensitive data if I forget.

Very simple analog analogue...

[pla (258480)]

or will not be adept at crafting a rule that gives enough leeway and guidance to law enforcement

A perfectly good non-electronic equivalent situation already exists: Personal diaries.

Would the readily-apparent evidence suffice to justify confiscating and reading someone's diary?

If not, then stay the hell away from my laptop.

Don't bring it to the airport.

[twitter (104583)]

Would the readily-apparent evidence suffice to justify confiscating and reading someone's diary?

The airport case [law.com] in question, you are screwed. The courts reasoned that searches at airports are routine, so just about anything goes. They should be ashamed of themselves. Until they come to their senses, I suggest you keep your diary, paper or electronic at home. The electronic one is easier to access, but you better move it around by ground transport.

Story

[eosp (885380)]

My airport must really not like me. They not only said, "take your laptop out of its bag", they decided to say "turn it on". I did, flipped to FreeBSD, and as soon as they saw a command prompt they called in the dogs.

whiny!!!

[AmigaAvenger (210519)]

wow, can she whine any more? Laptop is owned by her employer... It was bought for her use, NOT for her as a personal item. So now she gets her panties in a bunch when she realizes her employer has the right to do whatever they want with that computer. Guess what, it is theirs! Just because you scattered your useless garbage all over the HD doesn't make it yours. If you want privacy, buy a personal laptop, and then it becomes much, much harder for someone to take a look at it.

Re:

[gstoddart (321705)]

So now she gets her panties in a bunch when she realizes her employer has the right to do whatever they want with that computer.

She's not really talking about her employer looking through the laptop. She's talking about law enforcement. If you'd RTFA, you'd find this paragraph on page 2:

I hope for the best, as I do in United States v. Ziegler, the case that found private employees have no reasonable expectation of privacy in their workplace computers. Defense attorneys have asked for a rehearing, and the

Don't be a cheapskate!

[whoever57 (658626)]

Here is someone who could easily afford their own computer. She should keep her private data on her own computer, not her work computer. What's so hard to understand about that?

Even if her own computer is too expensive for her, how much does a USB key cost these days? Combined with Firefox Portable and Thunderbird Portable (and others) this provides a simple and elegant solution.

Failed what?

[ScrewMaster (602015)]

At that point, the Constitution may fail us, and we will have to turn to Congress to create rules that are better adapted for the information age.

Nonsense. The Constitution hasn't "failed us", it is our commitment to honoring its provisions that has wavered. The Constitution is just as relevant and meaningful now as it was two centuries ago. Furthermore, I would argue that it is more important than ever that we observe Constitutional law and hold our elected (and unelected!) officials accountable for their deviances from it.

So far as Congress crafting better rules for the Information Age is concerned ... I'd not hold your breath. When they passed the DMCA and the Patriot Act I lost all hope of Congress ever being willing or able to legislate us out of this mess, given that they're most of the reason that we're in it.

A few simple thoughts

[thorkyl (739500)]

1 - Separate work and private laptops
        I carry mine to work and don't plug it into the network
        I don't use the work machine for any internet searches, I use my laptop through cell card

2 - Separate your data sets
        Carry your sensitive data on something other than laptop
        I carry mine on a CD, they can't call that a bomb

3 - If they want to search it...
        Ask "What exactly are you looking for?" and write down the answer!
        If they say its just a routine inspection let them look, don't let them open files
        If they want to see a file ask for the warrant
        If they insist ask (don't) demand to see a supervisor

4 - Be nice, calm, and ask the supervisor to witness
        Any search (with understanding you are under protest) as there is no warrant.
        Ask the supervisor for a full accounting of all files opened/accessed prior to boot/power on
                (this is critical as they cant log all files accessed during boot)

5 - Best of all, don't give them a reason to search it

Doofus

[Spazmania (174582)]

My laptop computer was purchased by Stanford, but my whole life is stored on it. [...] In short, my computer is my most private possession.

If your most private possession is owned by someone else, the police are not even close to your worst worry.

First, there are several new cases that suggest that agents can search computers at the border

No, that's not accurate. The cases state that agents may make a search a requirement for crossing the border with the computer. You have the right to refuse the search and ship the computer back the way you came.

Second, a recent case in the 9th U.S. Circuit Court of Appeals has held that private employees have no reasonable expectation of privacy

This has been true since the country's inception. Nor is it difficult to understand: Its not the employee's office or the employee's computer. They're not even under contract to you the way an apartment or hotel room would be. These things belong to the employer and the employer has a right to grant a warrantless search of its posessions just as you have the right to permit the police to search your house if you so choose.

The employer also has a right to refuse a warrantless search, you as you would of your posessions. The difference is: why would the employer want to? If you're breaking the law at work, they want to know about it just as much as the police do.

Another Perspective on Personal Data

[McLuhanesque (176628)]

The overwhelming response of the sysadmins, and many others, is, it's the employer's computer, therefore everything on it is available to the employer (ie. no expectation of privacy as confirmed by 9th Circuit). But there is another perspective that might be reasonably argued (Of course, IANAL; I am a media theory researcher and prof).

If we consider that electronic stuff (hardware, software and data) as containers within containers, the hardware might be owned by the employer, and the employer might have a right to see what containers are placed on the hardware. However, many of those containers (files) might contain so-called intellectual property that belongs to the person herself. The employer has no right to that (leaving aside, for the moment, contracts in which the individual stupidly gives all IP rights to the employer, even for private, non-work-related, non-compensated creations). The mere fact of physical location does not give the employer the right of unwarranted search. For example, the person's purse happens to be located in the desk drawer of the employer-supplied desk, within the employer's office. The employer does not have the right to search the purse, nor take possession of its contents. By analogy, I would argue that the content of personal data files (not necessarily the wrapper that is the file structure itself) is off-limits to the employer.

In short: the employer has the right (according to court ruling) to see the files on their property, but not necessarily the file content. The courts have not distinguished among respective ownerships of the hardware, the data structures, and the data contents. This distinction is something that will eventually be tested in court, I expect.

Like other posters, I agree that the employer could demand immediate return of the laptop and the individual would lose all of her personal information, and therefore the person must assume that risk of loss, encryption or no encryption. And I use my own laptop for my work - the employer does not have the right to access my machine. If they want my work (which they do) they agree to my terms. Every so often I hear the dire warning of the IT department about not providing me support. But then again, I've had occasion to fix some of the messes on other users' computers that were "supported" by the IT department.