Securing Your Notebook Against US Customs 1021
Nethemas the Great points out a piece from Bruce Schneier running in the UK's Guardian newspaper with some tips for international travelers on securing notebook computers for border crossings. A taste of the brief article:
"Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. ... Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."
TrueCrypt (Score:4, Informative)
* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire partition or storage device such as USB flash drive or hard drive.
* Encrypts a partition or drive where Windows is installed (pre-boot authentication).
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography â" more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Not enitrely true... (Score:2, Informative)
As they should be able to. Any sovereign nation has the right to control who and what enters the country.
They can
No, that would be seizing it. They need a reason to seize it. Customs can search without cause, but they cannot seize things without cause.
The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."
Not entering your password is not grounds to refuse you entry into the country. On the other hand, lying to US customs IS grounds to ban you from entering the USA for five years.
Re:Dual Boot (Score:5, Informative)
It depends on what, in particular, you're concerned about. As far as I know, they don't currently routinely search laptops, so it'd be speculation to guess at what a routine search they don't do would miss.
Yes it will work. (Score:5, Informative)
So first, they would have to know you even have something encrypted (which is just a guess if they see TrueCrypt installed). Then they'd have to know what/which files was/were encrypted (which can't be determined by examining the file). Then they'd have to ask you to mount the volume and provide the password (at which time you then provide the shadow volume password, which only contains innocuous files).
I can't be the only dummy to figure that out.
Depends upon how proficient they are. (Score:5, Informative)
Re:Dual Boot (Score:5, Informative)
Imagine the pre-computer days... (Score:3, Informative)
I think there is no difference now. Email your files and do not put them on your laptop. That is what TFA is basically saying too.
So, IMHO, complains here won't work. The only problem that travelers have with laptop/cellphone search is inconvenience (since everybody is used to store all your files on your hard drive), but otherwise it is not any bit less legal than it was before the laptop era. And inconvenience is not any concern for authorities at all. So consider your laptop to be your briefcase and just not put any documents there that you don't want custom officers to see. End of story.
Re:Dual Boot (Score:5, Informative)
US Customs has always been like this (Score:5, Informative)
I just pretty much walked right through in China - I handed them the entry form (one half of the two part form - the other half you give them when you leave) and they waved me through. Customs in China did not even ask to see my laptop, never mind read files or anything like that.
On returning to the US at Detroit International, I was given the 3rd degree by US Customs agents, and I'm a US Citizen. "How long were you in China?" (as if he couldn't tell by the side-by side entry/departure stamps in my passport) "What were you doing there?" (visiting friends) "What do these friends do for a living?" (A couple of college professors and a financial analyst)
This happened on both of my trips.
And I noticed that they were doing this to EVERYONE, not just me. (The plane had several hundred people on it.) I'd hate to see what they were doing to Chinese citizens entering the US.
I hope they realize that they are going to scare businesses away from the US if they keep this up.
I find it somewhat ironic that the captcha for this post is "undergo".
Re:A naive suggestion (Score:2, Informative)
Addendum:US Customs has always been like this (Score:3, Informative)
Re:Refuse you entry to the contry (Score:5, Informative)
Or another example is detain you and/or the computer until they can image the drive.
And they can confiscate contraband (your definition may vary).
Ultimately, you have the right to enter the country.
Re:Refuse you entry to the contry (Score:4, Informative)
The problem is, they could confiscate your expensive computer gear, and there's no guarantee you'd ever get it back. (There seems to be no real statute of limitations on the time these people are allowed to take to "examine" your property, if they claim a potential "security risk".)
Re:embolden? (Score:3, Informative)
Re:Dual Boot (Score:3, Informative)
Better: set up dual boot, and hide lilo or grub. Have it wait for a moment between BIOS and default OS, and if you press a certain F key combination it shows the choice; otherwise it goes right into innocent, typical-seeming Windows installation.
You'd still be subject to either having to unencrypt your real data or having the notebook confiscated if you refuse, if this is discovered - but if they don't know to look at the disk display applet in Windows, it's unlikely to be discovered. And you can disable that applet.
Truecrypt + Thumbdrive = Hidden OS (Score:5, Informative)
This post [truecrypt.org] on the Truecrypt forums describes a way to install two OSes, one for show, and one hidden. Unless there is a Truecrypt rescue CD or bootable USB thumbdrive inserted the system will boot to a normal Windows desktop. This method would hold up to any casual sort of inspection, such as those customs agents carry out dozens of times per day. There are a couple of traces that would need to be removed in order to actually have "plausible deniability", but to me not having the questions asked in the first place is preferable to being able to deny one of the potential answers.
It's sad that you might need to do things like this, but there are often technological solutions to social problems.
Re:Dual Boot (Score:5, Informative)
of course there's always deniable encryption, ie rubberhose [iq.org].
Re:Mess with them (Score:1, Informative)
More likely they monitor channels to figure out what most people believe their rights are and how to activly incite the maximum amount of FUD so that when they play word games with you and ask you to do something you have every right to refuse you will do it without question.
Now move along quietly and put your tin foil hat back on.
Re:US Customs has always been like this (Score:2, Informative)
Re:Not enitrely true... (Score:3, Informative)
Actually, they can 'detain' the laptop without cause/warrant/etc. If you would like to wait with it that's your option ---- going on 2 years for some of the people who've filed the suits that resulted in the ruling so you might want to make sure you have some vacation time stored up.
Re:Mess with them (Score:3, Informative)
Note that this study fails to consider whether the shiny side goes on the outside or the inside, and also does not explore the use of true tin foil as opposed to aluminum foil.
Re:Corporation Lawyers (Score:5, Informative)
If the IP on your laptop is worth that much, you shouldn't be carrying it outside of the country on a laptop. I worked at a company that prohibited us from carrying certain information on our laptops to some middle eastern countries, as they were known for seizing/replicating hard drives from employees in certain industries.
If anything, you may face legal issues from your employer if you're taking that valuable of information out of the country.
Re:Not enitrely true... (Score:5, Informative)
Because legally you have not entered the country until you pass through customs. Up until that point you are in international waters, so to speak.
If you're not here, you're not under the jurisdiction of our laws.
Re:Dual Boot (Score:4, Informative)
Re:Make it not boot (Score:2, Informative)
Re:Dual Boot (Score:5, Informative)
While all of that is true, nowadays being put on the "naughty list", or having a name like someone on the naughty list, or being brown-skinned is enough to effectively punish you as much as if you'd been convicted.
There has been a Canadian citizen in Sudan [www.ctv.ca] who has (had?) been trapped there because, while he had never been charged with anything, he had been suspected of doing something. He got trapped, and could come home due to being on the no-fly list. Basically, years in legal limbo.
I wouldn't assume getting detained by customs wouldn't necessarily cause you problems. When your name ends up on the unpublished, unfixable, or secret lists of people they don't want to fly
Do you really want to find out the limits of where your theoretical rights end and where your abridged, post 9-11 rights end?
Cheers
Re:Not enitrely true... (Score:2, Informative)
Not providing a password is not cause. Not providing a password is not refusing to cooperate. That was one of the rulings from the recent court case.
Cooperating is handing over the laptop to them for them to search, and you can wait for them to finish. What if the battery is dead? What if windows has crashed & won't boot? You have still cooperated.
Otherwise what you're saying is that they have the right to search it, you have the right to refuse, and they have no legal powers to try to enforce their right - in other words, they don't have the right at all.
Not at all. They have the right to search it, as is. That is their legal power. You are not required to provide a password. If it's encrypted, it's up to them to decrypt it.
You do not have the right to refuse a search at the border. If you do not want to take the chance that you will be searched at the border, then do not cross the border.
You are not required to actively assist a search. For example, Customs might think that you're smuggling something inside your tires, but you are not required to jack up your car and undo the wheel nuts. It's up to Customs to do it.
Holy Shit! (Score:2, Informative)
That's amazing, you'd better get that info to the 9th circuit (where the decision was made), I can't believe they'd overlook something like that...
Have you read the judgment? That might be a good place to start.
Need One of These (Score:5, Informative)
Re:Not enitrely true... (Score:5, Informative)
Re:Dual Boot (Score:5, Informative)
In my own case, I encrypt it (using Truecrypt - awesomest OSS program I've found in a long time) because while my family knows I keep porn on my computer, if I ever have a random car accident or something I don't want them to see exactly HOW MUCH I have on the system once they start looking through my files
Re:Dual Boot (Score:4, Informative)
or wear more tinfoil, i hear that protects against multiple vectors.
Re:Dual Boot (Score:3, Informative)
Except that you do not have such liberty while going through customs. And that is not a special thing of the USA customs. Almost every country usually has this rule where some of your basic privacy rights get removed while you are entering a country.
Remember, it was *your* choice to enter such country (either by booking a flight directly or a flight with a stop in such a country). Therefore, you must fully comply with its legislation.
That is one of the reasons I refuse to fly through the USA (even if the flight prices are around $600 usd instead of $1100... I choose not to get my ass probed in order to obtain a USA visa (even a transit visa)
Of course as I said before, such behaviour is not exclusive of the USA, therefore I think it is really smart to do what the article suggests.
I prefer a different approach however. I usually put all my data in a secure server connected to the internet and just travel with my "barebones" laptop (with only Windows or Linux installed and whatever software I must use).
When I am at my destination, I connect to the server and retrieve my files. As the author of the article says. Customs can not read what is not there.
Re:Yup (Score:2, Informative)
Completely incorrect. Many of the British actions to diminish liberty in the 1700s were directly related to enforcing customs and duties: writs of assistance, vice-admiralty courts, etc. The Founding Fathers were reacting in part against British regulation of customs and duties so many of the "democratic values" like the 4th Amendment, the requirement that trials be held in the locality where the crime was committed, etc, were in fact developed in response to customs enforcement.
The most poignant example is writs of assistance. These were open-ended search warrants that authorized the holder to conduct any search whatsoever and were issued to British customs officers in the colonies to catch smugglers. They outraged the colonists, who saw them as an affront to their liberty, and directly led to the requirement for specific search warrants in the early state constitutions and later in the 4th Amendment.
I find it most ironic that the restrictions on search warrants came in response to arbitrary customs enforcement by British customs officers, but today no restrictions at all apply to searches by American customs officers. Whatever court ruled that the 4th Amendment doesn't apply to border crossings ignored significant precedence to the contrary.
See Writ of Assistance [wikipedia.org] in Wikipedia for a pretty decent overview.
Re:Dual Boot (Score:4, Informative)
Well, to be fair, this is the exact same treatment I've had every time I've re-entered the U.S. (as a U.S. citizen). It's usually always via Boston Logan, and a few times when I arrived in the evening there weren't even any Customs officers working the Citizen's lane. You could have walked through there with a 2,000-pound bomb on a hand truck and I don't think anyone would have noticed. (Which was good, because I was pretty sure I was over my liquor quota...)
There usually is someone working Immigration (which is distinct from Customs -- Immigration is where you get your passport checked, Customs is the luggage business) but even that was just a bored, cursory lookover.
I'm not minimizing the seriousness of these inspections (I can't get my mind around how they're possibly constitutional, at least when applied to Citizens), but in practice I think you have to be doing something that attracts attention before you become a target. U.S. Customs is still largely a joke, at least if you make a modicum of effort to look like an upstanding citizen. Which is ironic, because I assume smugglers/terrorists would at least bother to do that.
Re:Not enitrely true... (Score:2, Informative)
http://law.onecle.com/constitution/amendment-04/18-border-searches.html [onecle.com]
When customs searches your bags for contraband, it is basically the same as when they search your laptop. The problem is that we tend to store much more personal, professional, or confidential information on our computers than we would ever carry around in our luggage (mostly because you know ahead of time someone will see it). I mean when was the last time you took your vibrator with you to a foreign country? It seems so much more invasive simply because of the context. Now, unless you are demanding an end to all searches at the border (which will never happen for obvious reasons) I suggest you move on to how to get around it.
As far as solutions go, I like the idea of dual booting if its your only option, but I have 3 laptops. I can always take one with nothing on it for use on the trip and check my flashdrive with the luggage. Once they start demanding the contents of the flashdrives, it will have to be remote access only.
Good luck
"Good faith" (Score:3, Informative)
Re:Dual Boot (Score:1, Informative)
Actually, the do (Score:2, Informative)
Re:Dual Boot (Score:3, Informative)
In immigration it's a little bit more annoying, but they've only ever asked fairly simple questions, even when I last year arrived for the 10th or 11th time in less than 18 months.
Socialism and freedom (Score:2, Informative)
I know it's hard for US residents brainwashed during the cold war, but socialism [m-w.com] is not an alternative to freedom [m-w.com] or even to democracy [m-w.com]. Socialism is an alternative economic system and as such would be an alternative to capitalism [m-w.com].
Interesting NY Times article (Score:1, Informative)
Re:Dual Boot (Score:3, Informative)
Re:Dual Boot (Score:3, Informative)
Or you could show your stash of pr0n that you've encrypted so your partner doesn't find out
Re:Dual Boot (Score:5, Informative)
Actually, you do:
Note that the bolded word is not "citizen!"
Re:TrueCrypt (Score:2, Informative)
It does. The hidden partitions in TrueCrypt start from the end of the file (this allows you to keep the non-hidden partition intact at the front of the file).
When you enter a password, TrueCrypt first tries to decrypt the random data at the front of the file -- and, if that doesn't look like a TrueCrypt partition, then it tries to decrypt the end of the file where the hidden partition would be.
So... what you're proposing should already be doable. Create a standard file container of size "Video + N" that contains a hidden container of size "N". Once the hidden partition is set up, simply overwrite the front of your file with the video. TrueCrypt shouldn't complain, because random noise (from the encrypted, standard partition) and a random video file should be equally unintelligible from its perspective.
Re:Suspiciously unsuspicious (Score:2, Informative)
Sorry, but TC volumes DO have a header. If you read through the documentation there's a section on backups. In it it states that you should backup your volume headers. Heck, even the GUI in KDE Linux for TC has an option to export or import a volume header.
Here's the link to the documentation on backing up volume headers: http://www.truecrypt.org/docs/?s=backing-up-volumes-and-headers [truecrypt.org]