Please create an account to participate in the Slashdot moderation system


Forgot your password?
Privacy Data Storage Portables Security United States Hardware

Securing Your Notebook Against US Customs 1021

Posted by timothy
from the best-interests-at-heart dept.
Nethemas the Great points out a piece from Bruce Schneier running in the UK's Guardian newspaper with some tips for international travelers on securing notebook computers for border crossings. A taste of the brief article: "Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. ... Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."
This discussion has been archived. No new comments can be posted.

Securing Your Notebook Against US Customs

Comments Filter:
  • Re:Dual Boot (Score:1, Insightful)

    by Anonymous Coward on Thursday May 15, 2008 @12:26PM (#23419332)
    are border agents so dumb to not diferentiate a dual boot from a simple windows ?
  • Yup (Score:5, Insightful)

    by alexborges (313924) on Thursday May 15, 2008 @12:28PM (#23419370)
    I got it in my biweekly dose of Cryptogram and found it disheartening. The GOD of security says: all you can do is make sure they wont find anything that will mess you up.

    The sad thing is that citizens think this idiotic idea of checking laptops at airports serve any kind of law enforcement objective other than generalized panic and further diminishment of democratic values such as the right to privacy.

    This is your government fucking people up (and "people" can be foreigners or locals entering the country), attempting to find in informations traces of delincuent activity that, if youre a two bit moron you know you can save it anyhow, in a mostly anonymous fashion on google's, yahoo's or microsoft's servers for free, and any number of services that are available today.

    True criminals simply have huge botnets and hidden servers behind the huge pr0n/spam nets and they DO NOT carry incriminating evidence with them and EVEN IF THEY DID, how in hell is a custom's agent going to find them?

    I mean, i have a better solution than that of bruce: change your initab so initdefault is 3, make sure that that level does NOT turn on the wifi card or any networking at all, change your shell to ASH (hopefully temporarilly) and let them have the root password, who cares.... good luck, mister customs agent.
  • A naive suggestion (Score:5, Insightful)

    by rumith (983060) on Thursday May 15, 2008 @12:29PM (#23419378)
    1. Upload all of your data on a web host with SFTP support and lots of bandwidth.
    2. Purge your hard drive.
    3. Be politeness incarnate to the customs officer and get through fast.
    4. Once inside, use any available network at your disposal to download all of your data back.

    The downsides? You probably won't be able to work in the airplane, but is it worth it now that the Customs are being so much trouble?

  • Re:Dual Boot (Score:5, Insightful)

    by ColdWetDog (752185) * on Thursday May 15, 2008 @12:30PM (#23419408) Homepage
    Likely "pretty good". It all depends on how nosy the Customs Agents want to be. The vast majority of the time, they just stare at the laptop, maybe make you boot it (but that's TSA's responsibility, really) and let you wander off. The issue is that you don't know when the Agent 1) had a bad night 2) thinks you're a smartass / druggie / on The List or 3) anything else (no probable cause here).

    If they want to clone your hard drive and disassemble it later, your secondary boot OS is going to stick out. Not that it is unusual for anyone to have more than one OS on a hard drive, but it won't be hidden. Remember, they essentially have physical control of the computer. "They" win. Unfortunately, it comes down to 1) security by obscurity or 2) nothing to hide.

    Roll up your sleeves and bend over.

  • by AmazingRuss (555076) on Thursday May 15, 2008 @12:30PM (#23419410)
    I quit flying a couple years ago after being repeatedly hassled by TSA troglodytes. Looks like I may never get to fly again. Maybe if enough of us stop flying, the airline industry will set its lobbyists to get this fixed. Chances are slim though. Why lobby to get your customers back when you can just lobby for handouts?
  • CF/SD cards? (Score:3, Insightful)

    by future assassin (639396) on Thursday May 15, 2008 @12:31PM (#23419432) Homepage
    Maybe depending on the amount of data you have you could store it onto a CF/SD card and put it into your camera? There has to some way of storing the data on the memory card so that the camera will not see those files but still leave enough space to take a few shots of the customs agents.

  • by Tim C (15259) on Thursday May 15, 2008 @12:34PM (#23419456)
    But if they have the right to search it and you refuse to cooperate, then what choices do they have other than to seize the laptop (arguably you've given them cause by refusing to cooperate) or refuse you entry?

    Otherwise what you're saying is that they have the right to search it, you have the right to refuse, and they have no legal powers to try to enforce their right - in other words, they don't have the right at all.
  • Re:Dual Boot (Score:2, Insightful)

    by Anonymous Coward on Thursday May 15, 2008 @12:35PM (#23419492)

    are border agents so dumb to not diferentiate a dual boot from a simple windows ?
  • by Anonymous Coward on Thursday May 15, 2008 @12:39PM (#23419548)

    So your best defence is to clean up your laptop. A customs agent can't read what you don't have ... Delete everything you don't absolutely need. And use a secure file erasure program to do it. While you're at it, delete your browser's cookies, cache and browsing history. It's nobody's business what websites you've visited. And turn your computer off - don't just put it to sleep - before you go through customs; that deletes other things ... Some companies now give their employees forensically clean laptops for travel, and have them download any sensitive data over a virtual private network once they've entered the country ... I know this all sounds like work, and that it's easier to just ignore everything here and hope you don't get searched.
    Me: Sorry boss, I would have loved to get that client report/presentation/proposal done on the flight like we talked about, but I had to spend all my time forensically cleaning the laptop in preparation for customs.

    Boss: WTF???
  • Re:Dual Boot (Score:5, Insightful)

    by Altus (1034) on Thursday May 15, 2008 @12:41PM (#23419570) Homepage
    if your under suspicion for who you are then you are pretty well fucked. But if your just worried about a random security search and wanting to keep certain data private you only need to get past that first step because they will not spend the money to dig deeper even if they do copy your hard drive.

    if you are a known individual (person of interest) and you expect to be stopped at the border, don't carry sensitive material with you. Hell, just mail a flash drive.
  • by Altus (1034) on Thursday May 15, 2008 @12:43PM (#23419606) Homepage

    I have been denied access to countries for less than not providing a password. They can pretty much turn you away because they feel like it.
  • by Junior J. Junior III (192702) on Thursday May 15, 2008 @12:45PM (#23419642) Homepage

    Set up a Windows partition and a Linux partition, set it to boot to Windows by default, keep all your data on the Linux partition. How well would that work, I wonder.
    Probably pretty well unless they're doing full-disk imaging, in which case the Linux partition is still in their hands when you walk away. Best thing to do is not to take a *computer* with you when you travel, but rather take a *terminal* with you (or find one), and use a secure connection to your computer, safely still at home, and then access your data, accounts, apps, etc. over that secure connection.
  • Re:Yup (Score:3, Insightful)

    by squidfood (149212) on Thursday May 15, 2008 @12:46PM (#23419656)

    further diminishment of democratic values such as the right to privacy.

    I'm as libertarian free-rights paranoid as the next slashdotter (while not quite), but a healthy dose of history here. Customs, border crossings, etc. have never had anything to do with democratic values, check out all your local 17th century smuggling legends sometime. There's never been anything there to diminish.

    Picking battles, I'd concentrate on what happens internally, domestic flights, internal travel, etc. and not worry about this one so much (cue "thin end of the wedge" argument).

  • Re:TrueCrypt (Score:5, Insightful)

    by Frosty Piss (770223) on Thursday May 15, 2008 @12:47PM (#23419682)
    People here keep talking about encrypting your files. Fine, but the second the Customs Guy figures out you have encrypted content on your laptop, you can kiss it good bye. They *will* keep it. You may not see it again for several years.

    If you're going to carry stuff over the border you don't wan't The Man to look at, put it on a thumb drive and attach it to your keys.

  • by rsborg (111459) on Thursday May 15, 2008 @12:48PM (#23419700) Homepage

    So first, they would have to know you even have something encrypted (which is just a guess if they see TrueCrypt installed).
    On OSX, disk utility will create encrypted disk images for you, so every mac user potentially has encrypted content (apparently Vista also has something similar).

    Furthermore, you could also make TrueCrypt portable on XP, putting it, and possibly even your encrypted volume on a USB Key. Include this with a simple file rename and extension change and you'll have hidden encrypted content.

  • Re:Dual Boot (Score:5, Insightful)

    by electrictroy (912290) on Thursday May 15, 2008 @12:49PM (#23419706)
    >>>"The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."

    Sounds like a small price to pay in order to protect my right to liberty. Just because the government demands access does not mean I have to comply.

    Other people have paid a far higher price for liberty ("the full measure of devotion" aka death).

  • Re:Problem? (Score:3, Insightful)

    by shentino (1139071) on Thursday May 15, 2008 @12:49PM (#23419716)
    Yes it's wrong to buck the system and cause trouble for other people.

    However, I advocate cooperation simply because conniption causes more porblems than it solves. I would protest this however I could, legally, by picketing or voting or radio station callins.

    Just because it's wrong to buck a system doesn't make the system right.

    We have a bill of rights for a reason, and getting all panicky and security crazed is just going to let someone powerful step in and take over.

    If you give up your freedom, you invite a tyrant. Trusting the government to do everything right only works with saints, which humans most definitely aren't. It's why we have checks and balances.

  • by arthurpaliden (939626) on Thursday May 15, 2008 @12:50PM (#23419728)
    Have all your US and overseas clients meet each other in Toronto, Vancouver or anywhere in Canada for that matter.
  • Re:Problem? (Score:2, Insightful)

    by japhering (564929) on Thursday May 15, 2008 @12:54PM (#23419808)

    What's the problem here? Is this a matter of principle or is there something to hide?

    The problem is that it is plan and simple grab to take away our rights under the 4th amendment without any probably cause or do process.

    Not to mention that it does NOTHING to improve the security of our borders.

    And it is seemingly becoming the new standard by which TSA agents get laptops for friends and family members. Confiscate the laptop, telling the poor smuck that it will be returned shortly after the disk is cloned for professional examination. Voila, laptop never comes back.. lots of cases and complaints on file of this particular situation.
  • Principles (Score:3, Insightful)

    by pryoplasm (809342) on Thursday May 15, 2008 @12:55PM (#23419844)
    Things like privacy are sacred to some people, and unimportant to others. People who advocate that they have nothing to hide is all well for them, however it does not apply to every single person in the world.

    And it does not necessarily have to be work related, or something proprietary that can be stolen and sold for cash. Perhaps it is embarassing information on the person, private pictures of family, or something else that is legal and legitimate to keep private. If you have no problem forceing big brother on yourself, that is ok. That just doesn't work for everybody...
  • by thestuckmud (955767) on Thursday May 15, 2008 @12:56PM (#23419862)

    Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. As they should be able to. Any sovereign nation has the right to control who and what enters the country.
    Not according to the Fourth Amendment to the US constitution: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...

    This amendment exists to protect citizens from a government that may object to the content they create or possess. Maybe someone can explain why the act of entering the country nullifies my constitutional rights.
  • Re:Dual Boot (Score:1, Insightful)

    by goaliemn (19761) on Thursday May 15, 2008 @12:57PM (#23419888) Homepage
    If you feel you want to become an unemployable martyr, by all means, do it.

    With a criminal record, after being detained by customs, you'll have a tough time finding a decent job. Your life will be hard at the border crossing, but it will be for many years afterwards as well.
  • by CogDissident (951207) on Thursday May 15, 2008 @12:59PM (#23419958)
    I'd suggest against the horse porn, it "is" technically illegal in the US.

    I personally would use the tubgirl "taste the rainbow" picture as a desktop icon. You need to use both a disturbing visual, and a (semi-common) catchphrase that will trigger that visual to further torment them.
  • by SnapShot (171582) on Thursday May 15, 2008 @01:00PM (#23419970)
    It just might work. It their eyes are bleeding they can't read your sensitive data.
  • by Anonymous Coward on Thursday May 15, 2008 @01:02PM (#23419994)

    This amendment exists to protect citizens from a government that may object to the content they create or possess. Maybe someone can explain why the act of entering the country nullifies my constitutional rights.

    This is why the recent supreme court ruling matters, even if the GP doesn't know it. They ruled that computers files are not your papers. Silly I know, but that's why they can search.
  • by goaliemn (19761) on Thursday May 15, 2008 @01:05PM (#23420046) Homepage
    This isn't the TSA.. its customs. A huge difference.. They can do this if you're crossing in a car, on a bus, on a horse, on foot, etc... They've had this "right" since the country was formed, and older countries have had it for much longer.
  • Re:Problem? (Score:5, Insightful)

    by ledow (319597) on Thursday May 15, 2008 @01:09PM (#23420136) Homepage
    My own opinions on your blinkeredness shall remain unsaid. I'm sure you can guess them.

    First, I'm not American. I have visited but these incidents literally remove the country from the list of viable or "safe" foreign countries I could travel to.

    "I carry corporate source, designs and some customer data on my laptop. Yes, it would be a problem if it were made public. I encrypt it, but do not hide it. I see no reason that a border guard, a TSA guard or even the (whisper) NSA would choose to give it to a competitor if they had it."

    -Several thousand dollars.
    - Industrial espionage.
    Even in the UK, some staff at airports have been caught selling on items stolen from baggage, there's nothing to stop a corrupt official doing so. By giving them to ability and "legitimate" reason to search ANY laptop for ANY reason, it's inviting problems.

    - A letter from Microsoft offering a reward for non-licensed or pirate software.
    - Anything that could accidentally tag you as a terrorist.
    Customs officer browsing through my web history: You read wikileaks lately? We'll have that as evidence of, in your own words, being an anarchist.
    - THIS POST. Say I took a laptop with a copy of my posting history to slashdot to the US... they could EASILY use this very post against me. Evidence of "wanting to avoid customs" or some such rubbish.

    "What's the problem here? Is this a matter of principle or is there something to hide?"

    Neither. It's my data. You have no right to go through it without reasonable suspicion FIRST. And then in a certified, supervised way to ensure you keep within your stated use of the data. No other civilised country in the world currently does this and the UK has been dealing with terrorism for FAR, FAR longer than the US has (a UK airport security expert was told that he was "being paranoid" before 9/11 when he visited a US airport and complained about their lax security - within days he was on BBC News recounting the tale because 9/11 happened).

    My workplace cannot even throw a hard drive out with having it professionally destroyed, whether it's been exposed to confidential data or not. What makes you think I can let a customs officer copy it without MASSIVE assurances of everywhere the data could end up? The chances are I'd be in a questioning room while all the copying was going on.

    "Consider how important your data is to a customs official. News flash: I'd bet a lot that they don't give a rat's ass what you've got, as long as it's not illegal. If it's illegal, then the problem is totally different and you have no right to complain about it."

    Define illegal. I think you'll find it depends on jurisdiction, for a start, and includes such things as data protection laws. This is the problem.

    As a business, I would be required to NOT TAKE SOME DATA into the US because of this - UK and EU data protection laws means that I *can't* let anyone see it, whether or not it's "secret". If your salesman is going to have to break British law to make a sale in the US, then he's not going to GO to the US. Or he'll have to take the steps mentioned in this article.

    Say my office gave me a laptop with copy of Windows that was installed from a pirate key... that's "illegal". I could get detained *without reasonable suspicion* and possibly convicted because of that. Say I *don't know* the password to an "encrypted-looking" file on the laptop (like, I don't know, say a database contained within a business program accessed only by Word macros or company-created utilities - I have seen many such systems loaded on laptops for employee use). I'm detained until I release it.

    It's not that I have anything illegal under US law - the US is not the world, though. Things that the US does are considered illegal in other countries. Let's not go too far down that avenue because it's just too easy to get into country-bashing.

    It's that the US customs have no reason to demand inspections without reasonable suspicion. They certainly s
  • by Deadplant (212273) on Thursday May 15, 2008 @01:09PM (#23420152)

    Any sovereign nation has the right to control who and what enters the country.
    Well, that's one opinion.

    I would say that most sovereign nations have the power, not the right, to control who and what enters the country.

  • by Hoplite3 (671379) on Thursday May 15, 2008 @01:11PM (#23420188)
    I've suggested this before, but I think it should be repeated.

    You should also put something mildly embarrassing in the shadow drive. Something so that when the customs dude sees it, he can construct a plausible narrative of why you encrypted it. Naked pictures of a girl who could be your girlfriend (but definitely looks over the age of majority in the country you're flying to), steamy love letters that aren't over the top, evidence of a fake affair. Nothing illegal, just "improper." Bonus points if you blush when the customs agent sees them.
  • Re:Dual Boot (Score:5, Insightful)

    by belmolis (702863) <billposer&alum,mit,edu> on Thursday May 15, 2008 @01:14PM (#23420260) Homepage

    Being detained by customs does not give you a criminal record. If you're a non-citizen, it may indeed cause trouble in entering the country again. To get a criminal record, you must be tried and convicted of a crime.

  • by ZeroPly (881915) on Thursday May 15, 2008 @01:15PM (#23420276)
    It's actually relatively easy to find TrueCrypt volumes assuming that you know you're searching for one - they contain completely random data and are thus distinguishable from most other files. Remember that most compressed files (ZIP, MP3) have easily distinguished patterns, so when you find a large file with no pattern and random data, you can be fairly certain you're looking at an encrypted partition.

    Luckily, that doesn't matter one iota. Hidden volumes in TrueCrypt are specifically for this very reason. Assuming you admit that you use TC and show someone the contents of the "dummy" volume, there is no way for someone to determine the existence of the hidden volume.

  • We have arrived! (Score:5, Insightful)

    by erroneus (253617) on Thursday May 15, 2008 @01:20PM (#23420362) Homepage
    Some would say we have arrived long ago, but this is certainly a telling mark.

    We are discussing "hiding legal and unincriminating" stuff so that we don't get hassled by government police. We have gone far beyond the "if you don't have anything to hide, you have nothing to fear" argument where now, even when you don't you have plenty to fear... in this case, potential loss of ability to work!!

    They have been going too far for a while, but this is a point at which even the most common person can appreciate and understand the problem with this.

    If the EFF were buying "public awareness" ad time on TV, radio and print (I haven't seen any if they already are) I'd donate $100 each month from now until "we've won" whatever that means. I'm sick of this.
  • by the plant doctor (842044) on Thursday May 15, 2008 @01:21PM (#23420408)

    Whaaa? So the Constitution doesn't apply to me as a US citizen is what you're saying? I thought the constitution applied to citizens, not a place.

    So apparetly it only applies to people on US soil? With the way things have gone lately I guess it shouldn't surprise me, but it does, or more disappoints me.

    That said, I've never had issues coming back through customs. They've never even glanced at my laptop let alone asked to handle it.

  • by Cairnarvon (901868) on Thursday May 15, 2008 @01:27PM (#23420526) Homepage
    Whenever someone talks about standing up to whatever injustice in some way, someone always comes along to point out the people they're standing up to won't like that.
    No shit, Sherlock. That's sort of the point.

    If nobody ever stands up to this kind of bullshit, even in these kinds of small ways, it's only going to get worse and we're *all* going to spend a lot more time in tiny cold waiting rooms whenever we try to get anything done.
  • by rthille (8526) <{web-slashdot} {at} {}> on Thursday May 15, 2008 @01:27PM (#23420528) Homepage Journal
    Does that mean I can shoot the border agent and not be prosecuted under American laws?

    Try not to confuse 'legal fictions' with reality :-)
  • by Anonymous Coward on Thursday May 15, 2008 @01:28PM (#23420548)
    You obviously haven't crossed the border a lot. I have. As a guest in the US, you don't get lippy with the border guys. You have no rights in that little room.

    US border cops are not subject to oversight. Decisions are final and can be based on their gut feel. Unless you're an international big wig and can pull some strings with the ruling US gov't, you're out of luck.

    I have seen at least a half dozen people arbitrarily get taken into the strip search room at the Peace Bridge in Buffalo. And this was before 9/11.

  • Obvious solution (Score:4, Insightful)

    by Sir_Lewk (967686) <[sirlewk] [at] []> on Thursday May 15, 2008 @01:29PM (#23420576)
    ipods. I mean, come on, they're nothing more than several dozen GB thumbdrives, you can easily put all your stuff on there and carry it with you without suspicion.
  • by dazedNconfuzed (154242) on Thursday May 15, 2008 @01:30PM (#23420612)
    (volumes cannot be distinguished from random data)

    Aye, there's the rub.

    Most files CAN be distinguished from random data. If not outright human-readable (text, XML, etc.), they start with header data which can be visually recognized with a little experience. File sizes are predictably reflective of the directory context. Browsing the rest of a file's content usually reveals non-random components.

    TrueCrypt claiming to be indistinguishable from "random data" is kinda like the hotel security guy who was checking out my activity when I was bored (playing with video camera menu settings, waiting for someone) in a hotel lounge. It was obvious he was hotel security because he didn't have any official-looking paraphanalia AND was dressed in "I'm trying to blend in but don't know how" attire. It was obvious he was checking out my activity because he wandered close, looked around like he was looking for someone, and left - when there was absolutely nobody else in the lounge. And from his "I'm not hotel security, no really" dress & demeanor, I knew something would come of it - manifest a few minutes later when the Federal Marshals showed up.

    A TrueCrypt file (or partition) hits the "uncanny valley" realm: it tries so hard to blend in that we become keenly & deeply aware that it doesn't; the deep-seated human mechanism for sensing "something is wrong here" kicks in.

    It stands out precisely because it so completely doesn't.
  • by noidentity (188756) on Thursday May 15, 2008 @01:32PM (#23420634)

    See TinyURLs are evil URLs []. Why does the URL length matter when linking on the web? For example, the link above has a fairly long URL, but it's not a problem. There's no reason to use a URL shortening service for links on web pages.

    The reason such services should only be used where actually necessary, like in print or when verbally relaying a URL, is that they are a good way to hide the site. By using them unnecessarily for web links, users become less wary of them, making it easier for malicious uses. It's the same reason banks and similar entities should not send email with links to their site.

  • by Pros_n_Cons (535669) on Thursday May 15, 2008 @01:38PM (#23420770)
    This is exactly it.
    America is just now doing this? I was returned from Canada and they searched my luggage, laptop, read private conversations, opened letters all cause i was going to be staying 2 months which was too long of a vacation/job for them apparently. The guy was just a prick and didn't want anyone taking jobs. Canada is terrible for this but on Slashdot everything is the big bad USA. I'm so sick of the slant on slashdot. All countries do this its their right to refuse what type of people in their country. Some agents turn away illegal Mexicans cause they're scared of them taking jobs, some customs agents dont like the idea of a foreigner getting paid more than them.
  • by Anonymous Coward on Thursday May 15, 2008 @01:46PM (#23420954)

    Transporting ANY kind of porn across a country border is usually illegal.
    [citation needed]
  • by jandrese (485) <> on Thursday May 15, 2008 @01:47PM (#23420960) Homepage Journal
    Standing up for something only works if you can inconvenience the other guy somehow. Border agents aren't paid by how many people they pass through the border, they're more than happy to let you rot out in the waiting room for hours if you try to make their job difficult. They're not even under any obligation to let you in the country unless you're a citizen returning from a trip. If you give them too much hassle they can (and will) just turn you away.
  • by Anonymous Coward on Thursday May 15, 2008 @01:57PM (#23421160)

    IANAL, but it seems to me that the customs agents are requiring travelers to break the law by disclosing data.
    No, the hypothetical traveler you described broke the law by exposing it to such hazard. Its the same reason companies subject to HIPPA and (in less-corporate countries) broader data privacy laws are still held responsible if the knowingly outsource handling of the data to companies in offshore companies without guarantee that the privacy law protections will be observed.

    Once you pass 6 years old, please stop trying to sell that "I'm just swinging my arms and if you run into them that's your own fault" BS. Eesh.
  • by gobbo (567674) <> on Thursday May 15, 2008 @01:57PM (#23421176) Journal
    [theory, of course]
    What is this, people? Waving flags screaming "I'm hiding something!"

    If I actually had something to hide, say, key NDA-restricted docs, and I HAD to carry them on me, I wouldn't put up red flags like obvious encryption or a partition with some weird-ass hippiecommie suspicious linux install. If you want to fly below radar, you need stealth.

    First: a vanilla install of windows or macOS. Standard business apps, standard documents folder with typical usage, such as correspondence, presentations, expenses, etc.

    Second: family photos. Friends on vacation, etc. Make them more than typical: lots of them, and innocuous. If you're too straightlaced to keep personal stuff on your computer, that's suspicious too.

    Third: on a different computer, encrypt your files with decent encryption, AES or something, using strong password. Make sure the file name isn't interesting. Doesn't matter, if a professional gets the files, they'll be cracked; the point is to keep them unobserved, so this part's kind of optional.

    Fourth: mask them inside innocuous files like the photos. Transfer them to your laptop. Now you're camouflaged. Smile, respect, make eye contact, be naturally a tiny bit nervous but with nothing to hide.

    The secret to security? don't get caught.

  • Re:Dual Boot (Score:4, Insightful)

    by hoggoth (414195) on Thursday May 15, 2008 @02:02PM (#23421284) Journal
    > Truecrypt can even store an encrypted volume on an unformatted unpartitioned chunk of hard drive. There's little way they can prove that that's anything other than some space you haven't allocated yet.

    Unallocated space wouldn't be filled with high-entropy random bytes. That's a tip-off that it has encrypted data.
    Of course, you certainly have deniable plausibility there.

  • Re:Dual Boot (Score:3, Insightful)

    by Cajun Hell (725246) on Thursday May 15, 2008 @02:05PM (#23421350) Homepage Journal

    If they choose to store the contents of your hard drive for later analysis, not at all.

    Well, it's a question of whether or not "later analysis" is something you wait in line for, or something that happens later when you're already through. As long as you get through relatively unmolested, and with your machine, it's not too bad if they later want to spend their time detecting that personal secrets might have been present, and then try to crack AES -- all on their own time while you're not waiting and missing your connecting flights, appointments, etc.

    As long as the machine appears to be "normal" to a superficial peek, you win. Their only countermeasure is to quarantine every entering machine for a few months, while they spend a few hundred (or thousand?) dollars (per machine) to examine them -- just to see if there's anything further to look at. Then they can mail you a letter if they want your key. In other words, the countermeasure would be so intolerable that the public wouldn't stand for it and Congress would have to take away the power.

    It depends on what, in particular, you're concerned about.

    Anything, really. As soon as bribable officials have access to your browser's password manager database or your email reader's stored login credentials, the risks resulting from the resale of the information, are so broad that there's simply no person who doesn't have something to be concerned about.

    If we give the government all our data, everyone loses, except the bad guys that they're supposedly protecting us from.

  • Very BAD advice... (Score:4, Insightful)

    by Bazman (4849) on Thursday May 15, 2008 @02:21PM (#23421708) Journal
    He gives one piece of very bad advice, on the subject of keeping your data on a big memory card and keeping it in your wallet. He says:

    'If someone does discover it, you can try saying: "I don't know what's on there. My boss told me to give it to the head of the New York office."'

      Never ever lie to customs guys. If they ring your boss and he denies it, or if you later change your story and say "oh yes, that's really all my files", or if you can't instantly give the address of the fictional 'New York office', then you better start relaxing in preparation for them gloving up to see if you are hiding any other memory cards.

      Same with hidden partitions. If, by sheer bad luck, you do encounter a tech-savvy customs guy and he says 'have you got any hidden partitions on here?', say 'Yes'. Better than saying 'No' and having them find out later.

      I'm not saying roll over and give them everything - you have rights - just don't lie.

  • Re:Dual Boot (Score:5, Insightful)

    by gordyf (23004) on Thursday May 15, 2008 @02:24PM (#23421750)
    Even as an atheist, my time here is important enough not to waste it with trampled rights.

    But otherwise, yes, you're right.
  • by Cajun Hell (725246) on Thursday May 15, 2008 @02:32PM (#23421910) Homepage Journal

    If you ARE a POI, they will probably [do a lot of shitty things]

    I guess the trick is to help make everyone a POI. Do all that crap to everyone, and 10 people will be able to enter the country per day. Then someone in power with some sense -- no wait, let's be realistic: someone in power who is tired of getting thousands of complaints per day and being the subject of a TV news show every week -- will say, "fuck it, we have to stop doing this. I just got into government for the drug and 'escort' money; I didn't run for office to be ridiculed and impeached all the time. I have a meeting with a rich industrial lobbyist in 20 minutes, and those '60 Minutes' reporters are still here in my office, asking me what my response is to the recall petition. *sigh* Julie, get me Senator Disney on the phone. We need to talk about a bill that dissolves customs. I can give him 20 more years tacked onto copyright, if he'll support this for me."

  • Re:Dual Boot (Score:3, Insightful)

    by Sancho (17056) * on Thursday May 15, 2008 @03:26PM (#23422958) Homepage
    I've oft-wished that you could have a completely transparent boot loader that used held-down keys to determine which OS to boot into (with one key to boot into a menu.)
  • Put It Elsewhere (Score:3, Insightful)

    by nick_davison (217681) on Thursday May 15, 2008 @03:48PM (#23423312)
    Buy two MicroSD cards.

    Put one in a camera. Leave a whole bunch of inane pictures of it.

    Use the second one as your main file store. At $20-25 for a 4GB card, they're cheap. They're also 15x11mm, so small you'll "lose" them - oops - in your checked luggage and are never going to be spotted by a bored inspector, that barely graduated highschool, watching hundreds of thousands of large bags going by.

    Alternatively, stick it in a GameBoy DS. They have SD readers. Look utterly bored as you wander through, in flight toy in hand. Odds of their bothering to inspect a children's toy and find something that looks like it's supposed to be there anyway, are next to zero.

    At customs, look bored, hand over your largely empty laptop and meaningless digital camera.

    Let them copy off anything they feel like. Don't fight it. Don't complain. Let them think they've got everything.

    Once you're back on the other side, put the other card back in, get access to your files again.

    No, it won't stop them if they're utterly convinced you're a terrorist. They'll take everything apart and will eventually find that tiny thing. The abusive copying of anyone's crap, with no grounds for suspicion, is going to leave them copying junk that means nothing to them. There's simply no time to search everyone to the degree they'd find the few people with a MicroSD card. And, even if they do, it's a totally legitimate thing to do so you can claim total ignorance.

    4GB should be plenty for most trip type info. Sensitive business docs should easily fit in to that. If you store porn on your laptop, leave it on an external drive at home for when you get back. If you really must have some with you, if you need more than 4GB, it's time to admit you've got issues.
  • by AK Marc (707885) on Thursday May 15, 2008 @03:57PM (#23423470)
    It is like that guy going out of the WalMart with a ladder and then the guard asked to see his receipt. Instead of just getting the receipt from his trousers' bag and showing it, the guy had to do a complete show. It does not take you more than 10 seconds and on the other side it can prevent you a lot of trouble.

    They have no right to detain you for not showing a receipt. You have no obligation to show a receipt. The worst that can happen is that they ask you to leave, something you were obviously doing anyway. If you really piss them off, they can tell you to not come back. But they can't hold you, charge you, ask you for identification, or anything else of the kind (well, they can ask for whatever they like, but you don't have to comply with any order or answer any question). They have to have evidence for that, and being an ass isn't evidence of anything other than a poor upbringing.

    Shit, it can even save your life, imagine if the guard guy was just about to go postal and decides that you are the straw that broke the camel's back and decides to fill you with pieces of lead.

    Yes, I should live my life like everyone is armed and willing to kill if I don't do everything they say. Even if, like the guards at Wal-Mart, they aren't armed.
  • by Anonymous Coward on Thursday May 15, 2008 @04:03PM (#23423586)
    You clearly don't understand what you are talking about. When you create a Truecrypt volume, the empty space is initialized with random data.

    The hidden volume that you set up is then within the the empty space of an existing Truecrypt volume. Nobody can tell without having the key whether there is a hidden volume or not since it looks exactly like the random data that the empty space was initialized with.
  • Re:TrueCrypt (Score:3, Insightful)

    by spazdor (902907) on Thursday May 15, 2008 @04:10PM (#23423698)
    or, if YOU can't prove there ISN'T one, they keep the notebook.
  • Re:Pussies (Score:2, Insightful)

    by Ant P. (974313) on Thursday May 15, 2008 @04:56PM (#23424376) Homepage

    You go first, we'll follow your example.
  • Solutions (Score:3, Insightful)

    by farbles (672915) on Thursday May 15, 2008 @05:17PM (#23424704)

    1. When conferences are being organized, avoid US sites right there in the planning stage. (This is already happening in my field.)

    2. When travelling to a US conference, travel with a blank default install Windows or Mac box with no personal or private data on it at all. Do not carry any form of data with you (whether encrypted or not). If it is necessary to access private data, do it over an encrypted connection to the non-US based home server using a terminal session. No data is stored on the portable computer. If the hard drive is seized, there is nothing to get. (This is the solution being used by local doctors and lawyers travelling to the US where there are no privacy laws.)

    Anything on your person when travelling to the US can be seized and you can be forced to give any passwords to anything encrypted.

    Obama bin Laden must orgasm every single night at how spectacularly successful the 9/11 attacks were. It has to be the greatest success story of any kind thus far in the 21st century. Hate the guy all you want, he got everything he could ever want and then some.

  • Re:TrueCrypt (Score:3, Insightful)

    by SanityInAnarchy (655584) <> on Thursday May 15, 2008 @05:34PM (#23424958) Journal
    See, the problem is, there can be an unlimited number of encrypted volumes -- they can even be nested. So no one can ever prove that there are no more hidden, encrypted volumes. If someone demands that you show them the second one, you can show them a second one -- and not the third, fourth, or fifth ones.

    So unless you're suggesting that anyone using Truecrypt, for any purpose, will be detained indefinitely, it seems like a pretty solid bet.
  • Heavy travelers (Score:1, Insightful)

    by Anonymous Coward on Thursday May 15, 2008 @06:04PM (#23425398)
    This is another reason heavy travelers should move away from the laptop.

    You can either set up a flash drive (or even an MP3 player), giving you data portability and even applications and file security if you set it up. But the best solution is to use a mobile device, like a Blackberry (I refuse to recommend the iPhone until the device has SOME form of security on it, obscurity is not security). You could also try Palm or Windows Mobile, but those seem to be more trouble than they are worth.

    The TSA drones are lucky they can figure out how to tie their shoes, so I'm sure telling them it's "just a phone" won't be much of an issue.
  • by erroneus (253617) on Thursday May 15, 2008 @06:46PM (#23425954) Homepage
    Encrypting data or not is not the issue. It's that they can and will seize your devices. They can and will copy your data. And if, on principle alone, you resist, they can and will make your life even more miserable.

    The TSA is not the government police doing the searches and seizures -- that would be Customs. TSA does not carry guns... Customs does.

    Paranoia is fear without basis in evidence of common practice. I would say there is ample evidence of common practice. Unless, of course, you call it paranoia that a speeder would be afraid he might get a ticket for speeding. In this case, the fear is based on previous examples of such unreasonable searches and seizure. In all other areas of law, this would be warrantless and identified as a fishing expedition. It is amazing that this practice has passed a court ruling in its favor.

    I'm going to leave the country in a couple of months and let me tell you, I plan on installing a new hard drive in my laptop with only the bare essentials installed on it leaving everything else at home. That's really not enough, though. If I were to be targeted by either my own government or a foreign one, I am hopeful that I can convince them to just take my hard drive and leave my expensive computer in my custody. I can't just buy new machines when some jerk decides to hold onto it for an undetermined amount of time. We're talking about expensive gear being taken without cause of suspicion and no accountability.

    I'll grant that I've never actually even been hassled by Customs before. In fact, my last three trips out of the country and my last three returns have been completely hassle-free and neither the US TSA or the foreign country's security screeners even opened my luggage or checked my carry-ons beyond an ordinary scan. But with what's going on, can anyone really count on not being hassled or having your gear taken?

    And I sure as hell don't want to have to resort to cloak-n-dagger crap just to appease screeners who have never seen Linux before.

  • Re:Dual Boot (Score:1, Insightful)

    by Anonymous Coward on Thursday May 15, 2008 @08:28PM (#23427042)
    Searching laptops at airports has nothing to do with securing our freedom, and if you think it does, you've been had and/or are extremely naive.

Don't panic.