digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Protecting Yourself From Suspicionless Searches

eff.org — EFF: HOWTO keep your laptop from being searched at the border

Bury
show profanity settings
expand all
  • isolino, on 05/02/2008, -65/+3Wow font page with 31 diggs and no comments.
    • pianomahnn, on 05/02/2008, -1/+22STAB
    • greenlight2001, on 05/02/2008, -5/+16You're a *****.
    • ism70605, on 05/02/2008, -2/+8If the digg system at one time dictated 25 diggs to make it to the front page, and now if it took 400 you would be complaining about that. You sir are simply afraid of change.
      • cawpin, on 05/02/2008, -2/+6It's not a specific NUMBER of diggs. It's an algorithm that takes into account how many diggs over an amount of time.
        • ism70605, on 05/02/2008, -4/+1Since the code is a black box. I am NOT going to write psuedo-code for how it functions. It was an example to show his fear of change.

          Sir if you know the algorithm please procure it? Thought so. Move on.
          • xino, on 05/05/2008, -0/+1I don't think he actually knows all the specifics of the algorithm, but Kevin Rose explained that much on an episode of Diggnation and other places a long time ago.
        • CCoe, on 05/02/2008, -2/+1You, sir, are the one who is the ball licker.
          • ism70605, on 05/02/2008, -2/+1You sir, are the one who lacks creative insight. Ball licker? Atleast, say something fun like 'dancing maggot eater'.
          • CCoe, on 05/03/2008, -0/+1WOOSH
    • RealmDown, on 05/02/2008, -2/+6And you need to bathe more.
    • lex0nyc, on 05/02/2008, -3/+6It's a pretty important story. WTF are you complaining about?
      • fsweep, on 05/02/2008, -2/+1How important is this story? I travel to the US several times per year and have never had to fire up my laptop. Who is being targeted here? Or is this more fearmongering?
    • AndreiOttawa, on 05/02/2008, -3/+9That's right! How do you like that?!
    • BXRWXR, on 05/02/2008, -4/+3Go drink a glass of some Haitian's urine, you useless bastard.

      Quit clogging the queue with your whinge.
    • loneBoat, on 05/02/2008, -2/+4Wow a first comment complaining about how few Diggs were required to get the story on the front page.
  • Sammiboi, on 05/02/2008, -8/+58Been to 4chan? Don't cross the border.
    • JanYpe, on 05/02/2008, -3/+54Been to 4chan? Don't leave the basement.
    • diggnidy, on 05/02/2008, -1/+11I'll just hide my laptop in an envelope...
    • pilobilus, on 05/02/2008, -0/+7When asked why the passenger was cavity searched and her laptop confiscated, a DHS representative said, "For the lulz".
  • DetpackJump, on 05/02/2008, -3/+58That wasn't very useful. The title tells you how to protect yourself, but the entire article is stuff like "Well, you could try this, but it may or may not work"
    • laserdog, on 05/02/2008, -0/+7It's not useful because there are many, many unknowns right now, and there is no actual published standard which the border agents have to follow.

      It got dugg up because the eff is trying to get congress to actually get them to define procedures so you and your laptop aren't at the mercy of a border agent's bad mood.
    • Genma, on 05/02/2008, -0/+1well what else can they do besides describe all your practical options... the govt refused to disclose the details of s&s so all we can do is guess. the only foolproof way is remote storage. if you have to have local data then always external and encrypted, keep all internal storage clean, problem solved. this is the way it should be done in practice anyway, why would you keep sensitive data accessible on something portable? so many things could happen to it, lost, stolen, damaged, etc.

      the whole thing is retarded to begin with, wtf are they really looking for. anyone who has anything they want to find isn't going to make it that easy for them to get, all this bs is just chipping away at the peoples rights.
  • ChayesFSS, on 05/02/2008, -3/+31Wow, no hidden truecrypt option? Worthless read imo. Maybe just use Drop.io and grab the files anywhere you want.
    • doctechnical, on 05/02/2008, -0/+13Given how small flash memory is nowadays it can't be that hard to hide your data physically.
      • Faasnat, on 05/02/2008, -0/+4Yeah.... now they're just going to do body cavity searches in case you're hiding that thumb drive...
        • doctechnical, on 05/02/2008, -0/+2I was thinking more along the lines of slipping an SD card between photos of your kids, but whatever floats your boat :)
          • Ryosen, on 05/03/2008, -0/+1That's why they have an x-ray machine.
        • Silentnite85, on 05/02/2008, -1/+3Man I've been doing it all wrong. Apparently I'm the only person still using 5 1/4" floppy disks. Thank god those things roll up...
        • subliminalurge, on 05/02/2008, -0/+1In that case, "thumb" drive may no longer be the best terminology.
      • Genma, on 05/02/2008, -1/+2seriously think of how many places you can put a micro sd, gigabytes of data the size of your fingernail.
      • webcrumb, on 05/02/2008, -1/+1You could get a watch with built-in storage.
    • sfrench, on 05/02/2008, -1/+6Yep, Truecrypt + Hidden Volume FTW
      http://www.truecrypt.org/docs/?s=plausible-deniabi ...
      • jeremyduffy, on 05/02/2008, -1/+3I was wondering that too. For those that don't know, Truecrypt (free encryption software), gives you the killer option of having two different views of an encrypted file depending on the password. That way, if you're forced to give up your password, they will only see the "safe" files. You keep your REAL password private.
      • ninjainvisible, on 05/02/2008, -0/+3That has to be one of the neatest things, but I suppose it defeats the purpose of them checking laptops. Why check a laptop when someone can just have this installed and/or upload something e-mail? If someone was particularly eager to bring "illegal data" (whatever that could mean or infers) into the country, they would probably not leave it for the border patrol to openly see.
    • cruelpupet, on 05/02/2008, -2/+2No, you should not hide your truecrypt volume. You need to stand up to these abuses, and say "Here is my encrypted data, go ahead try to break the encryption."
      • jeremyduffy, on 05/02/2008, -1/+1Well... Hiding it is bad for another reason. The first thing they're going to look for is a hidden file. Instead, try naming it as a font file in your windows font folder or similar.
        • Ryosen, on 05/03/2008, -0/+2A 20 GB font file??
          • jeremyduffy, on 05/06/2008, -0/+1Pray for a stupid guard. Or name it "pagefile.sys"
      • terrix, on 05/02/2008, -1/+2Hidden volumes are volumes hidden in the free space of another hidden volume, so you could give them the password to the first volume, and since the freespace looks like random data they'd have no way of knowing or proving if there was another volume hidden within it or they found all their is to see. Plausible deniability.

        You could also leave some porn or pictures of your 'g/f' to distract the agents in the first fake volume or another folder. They'll think they hit the jack pot and forget about looking for something dangerous or won't find what you are keeping private in the hidden volume or elsewhere.

        I listen to Security Now, they discuss this stuff all the time, plus if you ever travel to China you get paranoid.
      • tomz17, on 05/02/2008, -1/+2And they will say, "bend over sir, we need to perform a full cavity search".... You are NOT going to win once you are in that situation. Pick your battles carefully. Want to do something productive? Write your congress critter.
    • terrix, on 05/02/2008, -1/+3Not to mention you can make the Trucrypt volume a seemingly innocuous file, like a .iso or thumbs.db or .tmp file in your system folders. Something that would totally be over looked and not be suspect if it contains indecipherable data.
    • rmxz, on 05/02/2008, -1/+3If you're using TrueCrypt - don't they assume you use the 2 levels of encryption feature. Otherwise you'd be using one of the simper (bitlocker (vista) or dm-crypt (linux)) tools.

      I imagine they'll simply ask you for both passwords, and if you don't provide them then you're just as suspect as someone who doesn't give them an encryption key at all.
      • doctechnical, on 05/04/2008, -0/+1Make your password the admission of a crime: "I stole a cookie from 7-11". Now they can't get it from you without violating the 5th. Bada=bing
  • therealkdog, on 05/02/2008, -3/+31Im wiping my ass with the Bill of Rights and LOVING it.

    *extends middle finger to the government*


    • mtwoar, on 05/02/2008, -1/+16If you are extending your middle finger while wiping, then you are still getting ***** a bit by the government. :)

      I know a bit crude. Sorry.
    • Rotzooi, on 05/02/2008, -2/+4George W, that you?
    • tocsy, on 05/02/2008, -0/+4Yeah, I've been wondering, how the HELL is this constitutional? Whatever happened to "unlawful search or seizure?"
      • grunion, on 05/02/2008, -0/+4The physical machine can be inspected as part of an "administrative search" - permitted by the 4th Amendment. The information on it though, is questionable. If I were a border patrol officer (and I'm not), I could easily open a book or notepad you carried. I think part or the logic is that the computer is no different than those sorts of things, though the scope of information on the laptop should, in my mind, render it as private as a home. I keep information on my laptop that I would not make available to anyone outside my home. If my laptop is stolen, I'm likely making a claim against my home-owner's insurance. I'd say the laptop is an extension of my home, just like my car is. You may look at the item all you want (and through any clear portions), but to examine the contents without suspicion is verboten.

        I wonder what would happen if you were to travel with a locked diary. Would the same search guidelines come into play?
      • tnoy, on 05/02/2008, -1/+4You're not technically in the US until you've passed through customs.
  • fotbr, on 05/02/2008, -5/+23FedEX / UPS / DHL your harddrive back, travel with a non-functional computer. Problem solved.
    • drlha, on 05/02/2008, -6/+9Except when they ask you to power it on at security, and you have to explain why you have a non-functioning laptop with you.
      • RealmDown, on 05/02/2008, -3/+13No you don't.
        • doctechnical, on 05/02/2008, -4/+6And they don't have to let on the plane, either.
      • kent1146, on 05/02/2008, -2/+13It will still power on and go through the BIOS screen. It will just give an error saying that the primary hard drive, or the boot drive, cannot be found. But just showing that it is on for a few seconds, and that the screen is changing, should be sufficient to get through security.
        • Seth024, on 05/02/2008, -4/+1I guess most border agents would expect Windows to pop up if it's not a laptop with an Apple logo. Image booting into Knoppix or OpenSuse.
          Agent: Where is Windows?
          Me: I don't have windows.
          Agent: Orly?
    • orangefly, on 05/02/2008, -2/+6exactly....i also have ubuntu installed on my flash drive....the most portable computer possible, as long as you have access to a pc....has everything i need and costs nothing to ship....
    • todddavid48, on 05/02/2008, -1/+8It will still need to pass though customs if you ship it.
      • goomba323, on 05/02/2008, -3/+8But they won't simply search a harddrive, and they can't simply search a shell of a computer, so I think this might actually make sense.
        • Silentnite85, on 05/02/2008, -2/+2So your saying that they would go so far as to boot up everyone's computer at the border to make sure its working and scan the harddrive, but NOT search a HDD by itself? Seems more like they'd plug it in and scan it just like any other.
      • fotbr, on 05/04/2008, -0/+1Most shipped items simply get x-rayed or sniffed for dugs.
  • timla, on 05/02/2008, -2/+17All they talk about is encrypting the whole hard drive, why not just encrypt the files containing sensitive data?

    There a programs that will let you mount an encrypted file as a hard drive. All the agent is going to see if a large binary file. Rename the to ".exe" and casual observation will be that it is a binary file.
    • ism70605, on 05/02/2008, -1/+9That is not going to work buddy. Simple programs can look for the magic number and recognize the file. From wikipedia "The Unix utility program file can read and interpret magic numbers from files, and indeed, the file which is used to parse the information is called magic. The Windows utility TrID has a similar purpose."

      And here is an example of it at work!:

      aland:~ anonymous$ file /Users/anonymous/.wine/drive_c/Program Files/uTorrent/uTorrent.exe
      /Users/anonymous/.wine/drive_c/Program Files/uTorrent/uTorrent.exe: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

      aland:~ anonymous$ file /Users/anonymous/hdisk_enc.exe
      /Users/anonymous/hdisk_enc.exe: data
      • doctechnical, on 05/02/2008, -1/+2So you slap an executable "header" in front of the encrypted data. Something like LockNote.
        • ism70605, on 05/02/2008, -1/+4Executables have a set file size and checksum. So a checksum needs to be added. And then nothing will want to mount that file, so then it needs to be removed. Also this file would contain invalid opcodes so it would likely still be detected that it wasn't an executable.
        • doctechnical, on 05/02/2008, -0/+1It can be done programmatically. One program adds the header (proper checksums and all) to the binary blob, another (or maybe the same) takes it back off. You could even have the executable section do something interesting, like playing a little flash game. Hide in plain sight.
          • ism70605, on 05/02/2008, -0/+1A 30 gig flash game. How quaint... That isn't going to raise suspicion.
          • subliminalurge, on 05/02/2008, -1/+3"A 30 gig flash game. How quaint... That isn't going to raise suspicion."

            Hey, I just said I was a programmer. I never claimed I was a *good* programmer. Anyone care to give me some tips on how to make my code a little more efficient?
      • krets, on 05/02/2008, -3/+1I'm not your buddy, pal.
    • ism70605, on 05/02/2008, -0/+5I also forgot to say it doesn't need to be casual. These people aren't going to sit and read every little bit of you harddrive. They are going to most likely dump it and run automated tool. A tool to view the file type can be easily scripted. It is actually a simple command line(this one only works on BSD):

      find / | xargs file > contents_of_harddrisk.txt

      The linux one should go something like
      file / -print0 | xargs -0i file {} > contents_of_harddrisk.txt

      And Windows can do that same thing. But I am unfamiliar with that.
      • ism70605, on 05/02/2008, -1/+3should be:
        find / -print0 | xargs -0i file {} > contents_of_harddrisk.txt
    • webcrumb, on 05/02/2008, -1/+2It's fairly simple. Use Truecrypt and put the file in your Google Earth cache directory.

      Yes, it's a data file. And your point is?
      • ism70605, on 05/02/2008, -1/+2It is 30 gigs it is a "data" file. As nearly every file has a header, it can easily be deduced is a massive chunk of encrypted files. But I will admit your idea is fairly decent.

        kudos
  • alpha94, on 05/02/2008, -1/+17This doesn't tell you anything about how to not actually be searched.
    • dood, on 05/02/2008, -1/+4Yeah, I was expecting to see something about how to legally avoid being searched. The core theme of this article is "You can't protect yourself from being searched." Disappointed. I think it needs a new title: "How to avoid revealing data to border guards."
      • MsArtGeek, on 05/06/2008, -0/+1Is that the fault of the article? I thought the whole point of the ruling, and why it's creating the accompanying uproar, is that the only way to guarantee not having your laptop subject to search is to not go through Customs with it.
  • insanecee, on 05/02/2008, -3/+29Here: Protecting Yourself From Suspicionless Searcheseff.org — EFF: HOWTO keep your laptop from being searched at the border.

    Tuck laptop underarm, ***** run, do the heisman on the guards, and keep going till your out of range of
    a. eyes
    b. taser
    c. Niko Bellic
    d. Hillary Clinton's coffee making ability

    • cawpin, on 05/02/2008, -1/+2Unless you can clear a mile in under 10 seconds you're not out of range.
  • AndreiOttawa, on 05/02/2008, -1/+23Just use TrueCrypt with 2 levels of encryption. One password reveals bogus files, another-actual data. The size of encrypted volume remains the same, so there is no way to tell how much actual data is inside the volume.
    • rmxz, on 05/02/2008, -2/+2If you're using TrueCrypt - they'd assume you use the 2 levels of encryption feature. Otherwise you'd be using one of the simper (bitlocker (vista) or dm-crypt (linux)) tools.

      They simply ask you for both passwords, and if you don't provide them then you're just as suspect as someone who doesn't give them an encryption key at all.
      • AndreiOttawa, on 05/05/2008, -0/+1There is no way they can prove that there are 2 different passwords. I'm using TrueCrypt on a couple of computers and so far only used one level of encryption.
  • RedHatMatt, on 05/02/2008, -1/+17Another option is to create a virtual machine in an encrypted container on the machine. This way when you boot it will look like a clean install, but you can then type in your password and access a virtual machine with all your data. You lose a little performance, but gain security.
    • peterlisanti, on 05/02/2008, -1/+8and you lose a bunch of HDD space, but an interesting idea.
      +1
    • sodoh, on 05/02/2008, -0/+6What people fail to realise is that customs will copy the whole machine. If they think anything is suspect about the machine they will just take the machine. They claim that you get the laptop back in 10-15 days but most reports are that it will be last you ever see of it.
    • doshindude, on 05/02/2008, -1/+2A little performance? dude, you lose a TON of speed when you go virtual.
  • ncc74656m, on 05/02/2008, -2/+26Encrypt, encrypt, encrypt!!!

    Hidden partitions or FDE (Full Disk Encryption) is your ONLY chance. They cannot coerce you to provide your password except under order of a judge. If pressed, just "forget" your password. And make sure you have backups of EVERYTHING at home.

    Even the concept of "but I have nothing to hide" doesn't garauntee a thing. It may not be a crime today, but it damn sure could be tomorrow.
    • ChayesFSS, on 05/02/2008, -1/+5Your 'ONLY' chance? I don't think so, makes it look as though you have something to hide. Again, a hidden truecrypt container is your BEST option if you must take the data with you.
      • ncc74656m, on 05/02/2008, -1/+3Remember, the fact that you encrypt your drives is only circumstantial evidence. They cannot use that to bring any formal charges that would result in your data being divulged. The best they can do is turn you away entirely, or take your laptop.

        In either case, you can either see a consulate in whatever country you're in, or you can sue the government for the laptop back.
        • cyberwarriorx, on 05/02/2008, -0/+2Well, it's nice you have options to get your laptop back, etc. if things go sour, personally I wouldn't even want to get into a situation where I have to resort to suing. It's too time consuming, costly and stressful.
    • AndreiOttawa, on 05/02/2008, -0/+2Well, problem here is that if a customs agent cannot perform a search (look at your encrypted files) there is a chance that you and your laptop will not be allowed through the border. Border agent have a lot of power and you really don't want to piss them off.
      • ncc74656m, on 05/02/2008, -0/+6Remember, they cannot take permanent possession of your device. There is a functionality for you to retrieve your laptop afterwards. Since mine is a company laptop, I don't care how long they have it. Since I keep some (limited) personal data on the device, it is in my best interest to keep it all secured, regardless of the concerns of the gov't involved in it.
    • warriorscot, on 05/02/2008, -0/+2Only works in the US, other countries can legally require you to surrender your password, they are less likely to ask for it in the first place but still if they did you would.
  • geck, on 05/02/2008, -2/+74Anyone else notice how we bringing freedom to other countries, while ours are being taken away day by day...
    • flamingduck, on 05/02/2008, -1/+210-4
    • rficwizard, on 05/02/2008, -3/+9No, what other countries are we bringing freedom to?
      • redxxx, on 05/02/2008, -0/+1Anarchy is a form freedom.
      • geck, on 05/02/2008, -0/+1have you ever heard of....................Operation Iraqi Freedom?
        • rficwizard, on 05/02/2008, -0/+3Yes, I have. I also have heard of the PATRIOT Act. The current administration has a real knack for double-speak. The name doesn't create the reality.
        • Marijuana, on 05/03/2008, -0/+1I've heard of O.I.L: Operation Iraqi Liberation
    • djheini, on 05/02/2008, -0/+1Duh, where else would we get the freedom to give to other countries. Soon, maybe we'll run out of freedom and have to start deficit spending freedom to give away.
    • Virgule, on 05/02/2008, -0/+1They gotta take it from somewhere >_>
    • rinote, on 05/02/2008, -0/+2Guys, it's a cunning plan. The terrorists hate us for our freedoms. If we give the terrorists our freedoms, they'll hate themselves and self-destruct! My logic is flawless!
  • kaiser10951, on 05/02/2008, -6/+2FedEx anyone?
  • BMR777, on 05/02/2008, -1/+13There should be a special live Linux CD for this. Simply pop in the CD and boot. Rather than mounting your real hard drive, it mounts a fake, or only a certain partition. Most agents probably would not realize 1) What Linux is and 2) That what they are seeing is not really your files, but a decoy.
    • ncc74656m, on 05/02/2008, -1/+9Actually, you have a valid point, only one better. Use Linux, plain and simple. Much better encryption/file hiding capability.
    • jstone, on 05/02/2008, -1/+6Even better idea: Partition a hard-drive to split it into two standard sizes (e.x: split a 100GB drive into 80GB and 20GB). Dual-boot Linux and Windows, with GRUB set to boot Windows automatically in one or two seconds unless you go into the menu. Keep the Windows installation 'clean', and keep all the important files on the Linux partition. Windows won't see the Linux partitions, so it will look like your hard drive is clean.
      • mithrasinvictus, on 05/02/2008, -0/+4Remove the delay completely and use a usb-key for booting/changing the delay back. But i'm afraid they'll be copying entire drives soon.
  • bordo, on 05/02/2008, -1/+39I think it is completely ridiculous that we even have to discuss this issue in the first place. Where is this world headed?
    • ncc74656m, on 05/02/2008, -0/+14It's not ridiculous. It's sad and pathetic.
    • Digger1218, on 05/02/2008, -3/+10ARE YOU SUGGESTING THAT 9/11 DIDN'T CHANGE EVERYTHING? BECAUSE 9/11 CHANGED EVERYTHING BORDO! 9/11 CHANGED EVERYTHING! 9/11 9/11 9/11

      /sarcasm
    • dukeochutney, on 05/02/2008, -0/+5fascism much
  • gleongelpi, on 05/02/2008, -16/+5I hope the American people get what they deserve: a highly intrusive totalitarian regime. I'm an old man. So it does not much matter to me. But before I die, I'd like to see a nuclear war or a system that throws millions in jails and a shattered economy. You have earned it.
    • iloveazngurlzs, on 05/02/2008, -5/+9how would you say the american people earned? Because we really had a massive and influential choice in the attrocities that The American Government has committed?

      The ignorance of the old and young astound me
      • jgzman, on 05/02/2008, -1/+2Because we elected Bush not once, but twice, and have failed to do ANYTHING about the horrible things he is doing to our country, and the rest of the world.
    • buggles, on 05/02/2008, -7/+8Spoken like a bitter and jealous European who surrendered over their rights decades ago. I'm guessing European since a communist wouldn't even be allowed to voice a personal opinion and the muslims aren't even allowed on the internet.
      Must suck to carry around so much hate. I pity you.
      • Pixelante, on 05/02/2008, -1/+2Why bother to wonder who or what gleongelpi is? A turd by any name or nationality is still a piece of ***** and as such he'll be stepped upon and squashed. The only trouble will be scraping him off the sole.
    • Digger1218, on 05/02/2008, -3/+6I hope you die alone and angry.
    • tbechtx, on 05/02/2008, -3/+3You my friend are one SICK *****! We aren't perfect by any means but we don't sit on our asses and whine.
  • buggles, on 05/02/2008, -0/+14Wouldn't disclosure of passwords and granting unauthorized access to corporate systems violate SOX regulations?
  • iloveazngurlzs, on 05/02/2008, -3/+2just take out your hard drive. store it else where, fedex it, keep it in your pocket doesn't matter.
    • laserdog, on 05/02/2008, -2/+3Just buy a second hard drive for your laptop that has a "clean" install.

      Then buy a USB floppy drive, hollow out the insides, and put your real hard drive in there when travelling.
    • adml_shake, on 05/02/2008, -0/+1Well then you get to enjoy the "Fingers of Justice" as they call you a liar and make you bend over to search for possible hiding places.
  • celotil, on 05/02/2008, -3/+16I've seen quite a few people here talk about encryption but the problem is that you want to remove suspicion, not arouse it.

    Think about it from the point of view of a TSA guy/gal. They don't know that you might be an innocuous traveller who encrypts their data for the sake of keeping it secret even if your laptop falls into the wrong hands. They probably just assume that anyone with valuable data is either, a) not carrying that data around with them, or b) keeping their laptop so close to their person that they'd have to be a complete dumbass to lose it.

    "Only Terrorists and Child Pornographers encrypt data, since only hackers working on nefarious deeds would need to keep any ***** secret from US. We're part of the government, aren't we, and why would people want to hide ***** from us unless it was illegal."

    The only way to get data from point A to point B without arousing suspicion is for it to either never pass through customs as a recognisable form of data - and hey, if you can't explain what that massive pile of binary ***** is then that'll look suspicious - or get it across the border using the Internet - direct https link to your home/work PC should work well enough.

    TSA guys/gals are paid and trained to be paranoid. You can't beat them at that game, so don't play it in the first place. If you want to sneak data across the border then simply own a set of keys, watch, or otherwise simple metal device that has a provision to insert a tiny rectangular sliver inside it, load up a 4GB (or larger) Micro or Mini SD card, and sneak the data across - separate from anything that may look like a computer or cellphone.

    It's not something you're legally obligated to declare, and you know that when they boot your laptop they're not going to find anything that you don't want them to see, and they won't find anything that may cause them to detain you.
    • celotil, on 05/02/2008, -2/+11Okay, digg me down if you must but I consider it a mindless act of thoughtless ignorance when an explanation is not presented as a counterpoint to my argument.

      Would it not be less suspicious to boot up a laptop that has a blend of work and play, family pictures and minor documents explaining company policy, music in iTunes, and some third-party apps, then to boot a laptop that is apparently devoid of anything other than a basic installation of Windows/Mac OS X/Linux and yet has a rather large chunk of HDD space taken up by "random binary bits"?
      • TheShad0w, on 05/02/2008, -0/+12I agree to what your statement says. But I don't agree with your option. I shouldn't have to hide my data on my person just so I can carry it with me. If I have personal or confidential data on my machine I should have the right to protect it. If they don't like that I have encrypted files on my system thats their problem. If its that much of a concern they can go get a damn court order. I'm tired of having my rights stripped away. It is none of my concern that these TSA people are brainwashed with patriotism.
        • vxgvxg, on 05/02/2008, -0/+1The border exception to the Fourth Amendment means they don't need a court order. They can seize your laptop, do a forensic scan of it, and/or turn you away from entry for whatever reason or suspicion. Anything you try to bring over the border can be fully searched.
      • rpapi100, on 05/02/2008, -1/+2great comments. Dugg.
    • dukeochutney, on 05/02/2008, -0/+2thats fine and all and i don't care if our fascist gov't sees my personal stuff but i do care if they see confidential work related items. so no i will be encrypting and staying in SOX compliance and keeping my job. i can handle being detained but not losing my job and having a bad rep.
    • tomz17, on 05/02/2008, -1/+2The BEST way to smuggle data across is to hide it in plainsight on your computer... Truecrypt allows for hidden volumes within encrypted containers (read up on it). There are hundreds of other steganographic techniques for hiding data in innocuous things like images, music, text, etc.. Unless you know the scheme, it will take thousands of professional man-hours to comb through an entire hard drive. Even then, cryptographic schemes like the hidden volume feature of truecrypt offer complete plausible deniability. (You can never prove the hidden volume even exists without knowing the particular key for that volume)
  • TWriter, on 05/02/2008, -1/+3Or you could do what the government employees in high-security areas do: keep all data on a removeable drive. The laptop is a plain-vanilla machine, just like new. You keep your special apps and data on a removeable drive, such as a Firewire drive, and keep that secure. In government offices those drives have to be disconnected and stored in a locked drawer when you leave your desk for more than 10 minutes. You should be able to get a small drive and tuck it into your luggage somewhere unobtrusive.
    • ncc74656m, on 05/02/2008, -1/+4Which is still x-rayed and can easily be located.
  • ChzPlz, on 05/02/2008, -5/+1encrypt your hard drive
  • tbechtx, on 05/02/2008, -2/+24Write your congressmen and senators! This is America! We shouldn't have to put up with such Fascist policies as this under any circumstances! If this is truely taking place we should all be outraged and mad as hell. The Fourth Amendment protects us all against unreasonable government intrusions.
    • ncc74656m, on 05/02/2008, -0/+6They just choose not to define this as unreasonable. Sucks, don't it?
    • Digger1218, on 05/02/2008, -0/+1I don't think you understand the word fascism. This is more of a police state tactic.
      • tbechtx, on 05/02/2008, -1/+5Semantics! What ever category you want to plop it into it is wrong and we as citizens of the United States of America should not bury our heads and just move on. I assure you if this is allowed to continue over time, you'll really be shocked at the whittling down of our rights in the future under the guise of national security.
        • Digger1218, on 05/02/2008, -1/+1I'm not contesting that these tactics are pointless, wrong and violations of the constitution. But fascism is largely concerned with nationalism. State control often comes along as well, but an oppressive state is not unique to fascism. If we were a fascist country, we wouldn't have nearly as much immigration or anywhere near as diverse of a culture.
    • adml_shake, on 05/02/2008, -1/+5Most people don't have enough money to get their Congressmen and Senators attention.
  • jo42, on 05/02/2008, -3/+21Everyone is missing the simplest and easiest solution to this issue - also known as the secret pass phrase. As you approach the border agent, simply declare "Heil Bush!" in a patriotic manner. You will be allowed to pass with no problems.
    • ncc74656m, on 05/02/2008, -2/+2Tempted to bury for Nazi reference, because as of yet, he's not quite there (if this stuff continues is another story), but the message remains intact.
    • PopcornDave, on 05/02/2008, -1/+1Nice try, but that's not going to work after Jan 20, 2009 - presuming Zombie McCain doesn't get elected.
      • webcrumb, on 05/02/2008, -1/+1Want to bet?
        • PopcornDave, on 05/02/2008, -1/+1Sure, I'll bite. You honestly think that if either Obama or Clinton get elected a "Heil Bush" is going to get you through customs with a free pass?
  • eklass, on 05/02/2008, -1/+6there's a far simpler solution: use a USB flash drive
    encrypt it with truecrypt if you want, but honestly, simply not having it on the computer probably does wonders. with 32GB drives commercially available for a couple hundred bucks, there are few travelers who would need even close to this much space
    • rficwizard, on 05/02/2008, -0/+6Why wouldn't a USB drive be searched? You have to assume that ANY method of transporting data will be searched. You are basically talking about security through obscurity (they don't know I have my data on USB drive), which is not really a solution (they will learn to look for USB drives).
      • natertots, on 05/02/2008, -1/+4you can always hide the USB drive up your ass.
      • PopcornDave, on 05/02/2008, -0/+2Because unless you're being completely physically searched, you can keep a USB stick in your pocket.
    • RoshanK, on 05/02/2008, -1/+9You could get a 32 gb SD card and apart from a few normal pictures i don't think that your data files would show up if it were in a camera at the moment.
  • ProjectGSX, on 05/02/2008, -1/+56set goatse as your desktop image and let them have at it.
  • bentaisan, on 05/02/2008, -1/+4I guess I am a bit naive, but I thought that sufficient protection against this would be to present the border agent with a copy of the Bill of Rights. I totally oppose property seizures before a person has been found guilty of anything.

    Property seizure makes most of the rights in the Bill of Rights irrelevant, because if one exercises those rights, a rookie cop can take your house, car, computer, etc and accuse it of a crime. Since inanimate objects have a hard time putting up a defense, they often cannot get off.
    • sodoh, on 05/02/2008, -1/+4Customs area is not US soil. With the new laws the bill of rights don't mean anything because they can do whatever they like when your not in the USA.

      Here is a timeline to get you started.
      http://www.cooperativeresearch.org/timeline.jsp?ci ...
      • bentaisan, on 05/02/2008, -1/+0I always wondered what would happen if I took off and hopped the rope. I am sure they would seize the laptop...show us your papers
  • carrtoonist, on 05/02/2008, -1/+13I like the plausible deniability angle. My encryption key is 20 digits long and written on something which would not come with me when I travel. If I had to access the encrypted data I couldn't, regardless of what repercussion I would face.

    I wish their was an encryption program that you had two keys for. One for accessing the data and one for hopelessly scrambling it, I would bring the one for hopelessly scrambling it with me. "I don't know sir, that's never happened before, maybe the hard drive is corrupted"
    • sodoh, on 05/02/2008, -5/+2While the article says you don't have to decrypt the data, if you don't then you can expect the following to happen.

      1. They will keep your laptop/device.
      2. You will most likely be detained. If your not American then you will have no rights because your not on American soil yet.
      3. You will get put on the no-fly list.

      • sodoh, on 05/02/2008, -1/+3Sure bury my comment if you want but if you do even a small bit of research you will find that I am not only correct but this has been going on since 2002. In some cases when the stories hit US mainstream news the rest of the world knew about it weeks ago.

        Burying criticism rather then fixing the injustices is what has gotten the USA into the mess it currently is in. I've lived in USA for a few years and have many friends there. I can say with a straight face the crap going on in the USA today is not what American ideals are (something I'd expect more of Iran, North Korea). It is just a shame that it is being allowed to happen.

    • taladon, on 05/02/2008, -1/+7Hmm, there are "self-destructing" usb sticks out there that can permanently bork themselves by deleting the on chip encryption keys after x number of failed password attempts. Ironkey.com sells one for example (No connection to them other than I think they make a cool product)
    • ubuwalker31, on 05/02/2008, -0/+4Under the current legal regime, if you have sensitive documents, your best bet is not to store them on any device crossing the border. I'd recommend the following procedure: 1) Start with a clean install of Windows/Linux after conducting a secure wipe of the hard drive; 2) Add non-sensitive items to the hard drive, like family photos, papers, etc; 3) Email sensitive documents in a TrueCrypt container to a one time email address; 4) Download and use files overseas making sure to run truecrypt on the usb; 5) Delete the container file using a program like Eraser.
  • b04155, on 05/02/2008, -0/+6All this and to think when I used to courier classified documents I'd just toss them into my bookbag. I was young enough at the time and my bosses thought it'd be better if I dressed in jeans and t-shirts with a bookbag instead of a suit and official looking transport case. Seriously, who'd think a 19yo walking around town would be carrying sensitive data for national security.
    /A long, long time ago...
  • sodoh, on 05/02/2008, -5/+2The intial news is years old and been discussed to death elsewhere. The article is also wrong. The core points are this...

    1. If they search they will take a copy of everything on your drive. It is not just simply a program running through your drive.
    2. If they find anything encrypted then your required by law (or lack of law) to hand over the passwords or face detention.
    3. Semi-worse they will just take your laptop/device.
    4. US customs areas in airports is not designated US soil and as such if you get arrested they can detain you for like forever without any rights (even if your start/final destination is not the USA). There have been numerous reports of this.
    5. If you don't comply you get put on the no-fly list as well.

    If your American you might get away with points 2+4 but 3+5 will happen if you don't comply with decrypting data.

    The best way to protect your data is just not to bring your laptop through customs.
    • geck, on 05/02/2008, -0/+0What about cell phones that usually contain lots of email and photos?
    • Patapoofski, on 05/02/2008, -0/+3Its the EFF. The mission statement of the company is to promote privacy and security. They have a HUGE track record. Check yourself before you make blanket comments like "the article is just wrong".
  • doctechnical, on 05/02/2008, -1/+15This was posted on Digg a little while ago - it shows how to make a "sawed-off USB cable" into a thumb drive (essentially embedding the flash memory into the end of the cable.
    Now, who's going to search a *cable*?

    http://www.evilmadscientist.com/article.php/usbkey
    • Draakan, on 05/02/2008, -1/+3I wonder if there would be money in that. You could make those wireless mice that use a bluetooth stick into a usb drive. They usually have a spot to hold the stick in the mouse. No one would think it was a place to store data...just a mouse.
    • ahuxley, on 05/03/2008, -0/+1Welcome to the Soviet Union.
  • puschhacz, on 05/02/2008, -1/+1little hidden unmounted by default partition under Linux, no entry in fstab even, how this works?
    • redxxx, on 05/02/2008, -1/+2depends on how they copy the content of the drive. Assuming they are competent, it won't work, because they will make an image of the whole drive regardless of how the partitions are configured(they'd be using the fstab created by their live cd). Pretty much the only they could use the same process for all OSs anyway.
  • rufusdog, on 05/02/2008, -1/+2Why would you physically carry this kind of data with you through customs when you could just encrypt it and upload it securely to a server in your home? This is like worrying about how to encrypt a burned CD; Why bother?
  • itsthemechanic, on 05/02/2008, -0/+16Simple: just avoid the U.S. I refuse to work for any company that wants to send me there for business or training, and spent my hard earned Euros elsewhere.
  • flipmeat, on 05/02/2008, -1/+3On a Mac, if your HD has more than one partition, you can eject the non-boot partition(s). You could also create a bogus user account, and... they're reading this, aren't they?
  • absurdist, on 05/02/2008, -1/+16Uhm... I cross the border at least monthly, both leaving and returning the U.S. I've been everywhere from Mexico to Europe to the Middle East. Not once have I ever had a customs agent even glance at my laptop or USB keys. I have a feeling that someone is blowing the likelihood of such a search WAY out of proportion.
    • PopcornDave, on 05/02/2008, -0/+4It's like everything else. If the agent thinks you look guilty you're going to be scrutinized. I remember travelling to Europe back in the 70's and the people hassled the most were the kids with the long hair and the backpacks.
      I suspect it also depends on where you're going to and coming from that raises the level of scrutiny. My guess is that you're going to be more carefully scrutinized if you're coming from Thailand or someplace similar rather than Europe or South America.
    • Cornloaf, on 05/02/2008, -1/+12I was traveling back and forth from Asia (China, Taiwan, S. Korea, and Philippines) to San Francisco/Los Angeles about 1-2 times a month from Oct 2006 - Dec 2007. In April 2007 I was pulled aside in San Francisco just as I was about to leave the secure area. The agent removed my laptop, PSP, and two USB keys. I was already familiar with the Border Search Doctrine so when he asked me to login to the laptop I did. He was clicking around for about 10-15 minutes and asked me where I came from, what I was doing there, if I hacked my PSP yet, etc. At first I was nervous because I had about 5 Gig of tv shows on there. I had some videos called Forbidden Transmission from some cable public access channel and those set off some flags. I explained what it was and he clicked a few more things. He asked me if I had an pictures from the Philippines. I told him there should be two folders in My Pictures. One was work and one was fun. At this point I finally got relaxed because I realized he was looking for illegal porn, and didn't care about all my movies and TV shows. I told him there was a picture of me with some girls. He said "yeah, I think I just found it" to which I replied "She's hot, isn't she?" He kinda laughed and handed everything back to me and even helped pack the items back into their proper places. He started asking about the PSP and what you can do when it is hacked. Turns out he was going on vacation for a couple weeks and was thinking about getting one. I got home and checked the registry to see what files he was searching for and basically he looked for *.avi, *.mov, *.jpg, "porn", "sex" and then a few acronyms that I never saw before. I am assuming that they are used by child pornographers to describe their stuff.

      About a month later I saw the same customs officer when coming back to SFO. I asked him if he bought his PSP yet and he said he did. I almost thought about asking him if he hacked it yet, but didn't want to get flagged for another inspection!
      • Cornloaf, on 05/02/2008, -1/+8By the way, all of my confidential files were stored in an encrypted folder that is mapped as if it was a network drive. When he searched my computer, it defaulted to the C: drive because it appeared that the Y: drive was disconnected. I have to login to the Wave Systems Document manager with my fingerprint in order to mount that drive. :)
  • asspants, on 05/02/2008, -1/+7I heard they like to use special tools that they keep on thumb drives when they do these searches. Next time I cross the border, I'm going to take apart my laptop and re-wire the +5v line to all 4 pins of every USB header.
    • SupaFupa, on 05/02/2008, -1/+3That wouldn't work. You wouldnt be passing any current because all of the pins were at the same voltage. But swapping ground and 5v might do the trick.
      • asspants, on 05/02/2008, -1/+3the shield is ground
      • asspants, on 05/02/2008, -1/+2but if you're SURE it wouldnt work, lets try it on your thumb drive, come over to my workshop and we will run a test.
    • RuthlessPirate, on 05/02/2008, -1/+4Or get a 12v source straight off the power supply... that could be fun.
      • asspants, on 05/02/2008, -1/+3well most laptops get 19v from the power brick that gets stepped down to 12v, but i think even if we took 12v as you suggested, it would let the magic smoke out and cause obvious damage to their key. keeping the voltage low would simply cause it to not work ever again and they wouldnt have a clue what was wrong until they tried 3 or 4 different keys.
  • spyd3rweb, on 05/02/2008, -4/+2This is ridiculously simple, but couldn't you just remove the hard drive from your laptop, and either a) mail it to yourself, or b) stuff it deep in your luggage.
  • SupaFupa, on 05/02/2008, -4/+1If you are travelling with someone else, give them the battery and power cord. If they can't power it, they can't search it
  • Birukun, on 05/02/2008, -0/+1Steganography
    Encrypt AND hide all you data in those pics you took on your last vacation. CBP may be looking right at your data and not even know it. Run the executable to read it from a hidden partition on your camera's smart card. (carried in your camera when crossing the border)
  • edmcguirk, on 05/02/2008, -1/+2Apparently there is a stenography program for MP3 files but then you run a risk of being asked to prove you paid for all the MP3 files. There should be a stenography program for video files. You could hide data inside off the air recordings.
    I would imagine that you could blow a 1.5 gig one hour video file up to 3 gig without attracting much attention.
    • TeatimeGrommit, on 05/02/2008, -2/+4US Customs doesn't give a ***** if you paid for those MP3s. Conspiracy theories are fun, and it's amusing to think that all evil is connected through the powers of the Bush - Satan duo but the fact is the RIAA doesn't have the authority to stop you in an airport.
      • edmcguirk, on 05/05/2008, -0/+1When someone is looking for a reason to mess with you, they can pick on any questionable thing they can think of. The RIAA has no influence on the US Customs but if you are hiding data inside MP3 files, you probably have many and they might be larger than normal. If Customs has any suspicions, they can claim any excuse they want and one excuse might be to ask about the legitimacy of your MP3 collection.

        The goal here is to appear as innocuous as possible. You do not want to demonstrate that you know how to hide files by having any encrypted disk partitions and you do not want to look out of the ordinary with a massive collection of MP3s. It would be much more innocent to have a couple of episodes of a TV show for viewing on your trip.
  • MrFurious2k, on 05/02/2008, -6/+2As annoying as it is to have a TSA rummaging through your collection of hotwife pornography, I think a better choice would be to search for a solution that allows them to do their job (i.e. stop terrorists) and leave innocent travelers alone. Setting up an adversarial relationship with the people we expect to weed out the undesirables entering the country doesn't seem like it does either of us any good.

    I saw the comment where someone said, "I shouldn't have to allow them to search through my stuff." While I agree with that sentiment, we also have to work within the reality where the world is full of evil people who'll use the same tools we do to hurt as many as they can. I know a lot of people are sick of 9/11 and want to downplay the significance, but realistically if we just pretend 9/11 didn't happen it doesn't change the fact that we're no longer protected by the oceans. Terrorists are still very active and intend to cause as much egregious destruction to us as they can. When they do, they won’t give two ***** about whether you voted for Bush, Gore, Kerry, Harry Potter, or Homer Simpson. They’ll kill you just the same.

    The best solution is one that allows travelers to be unmolested, maintain their rights, and filter out terrorists. I can't believe that with all the smart people here we can't come up with a better solution than saying, "***** you border agents, I'm encrypting my files."
    • Silentnite85, on 05/02/2008, -1/+3Where is that solution? So far all we see is the opportunity for massive civil rights violations.
      • MrFurious2k, on 05/02/2008, -2/+1Good question. All I'm seeing here is basically an arms race between those of us who don't want our civil rights infringed upon and those who are supposed to ensure our safety. My point was that there is no attempt here to figure out a equitable solution on either side and that's a problem for everyone involved.
    • Spire3660, on 05/02/2008, -1/+1What is wrong with encypting your files?
    • Goodanswer, on 05/03/2008, -1/+1Since no one else here has the balls to tell you that 9/11 was not what it appeared to be, and you bought it, hook line and sinker with the rest of America.
  • andyb747, on 05/02/2008, -1/+5I usually hire a mule and make him move my sensitive data stuffed in his anal cavity. If you spend more $ on a good mule you dont even have remove the drive from the laptop they'll shove the whole thing up their ass, them mules.
  • nickert0n, on 05/02/2008, -2/+1http://digg.com/political_opinion/What_a_wonderful ...
  • NMVK, on 05/02/2008, -1/+0http://intel.crownintelligence.com/index.php?title ...
  • stix213, on 05/02/2008, -0/+1I say hide all your secret crap in your NIC eeproms :) Not even the big bad government is gonna check your eeprom data!
  • jeremyduffy, on 05/02/2008, -2/+2wait a minute. So I can just put an allegedly illegal file (like downloaded music) in my encrypted file and then claim the fifth to prevent giving up my password?
    • tomz17, on 05/02/2008, -0/+5Yes! Bill of Rights FTW...

      --BUT-- not at the border... in that case, you don't have to give them the password, and they don't have to let you into the country. Furthermore, they can confiscate any hardware they deem questionable.


      P.S. I think I know where you were going with this... but the problem with your scheme is that the primary evidence used to obtain subpoenas in RIAA/MPAA hearings is usually the act of making available (in other words being logged into a peer to peer network and uploading the files to a RIAA or MPAA mole). The presence of the files on your hard drive after the fact is just icing on the cake. The presence of an encrypted drive is certainly not incriminating, but won't help your case either!
  • Krpano, on 05/02/2008, -2/+1If you multi-boot, just remove the OS where you keep your "dirty" stuffs from the boot menu and/or make the other OS (linux) boot directly.
    I doubt any border agent will notice something.
    Wont really protect much but will avoid any fast search.
  • WhatsUpWithJack, on 05/02/2008, -0/+3I think we need a few lab rats to go out and test different methods of data encryption/hiding and report back to digg with the results.... if they can make it out of guantanamo bay that is...
    • TeatimeGrommit, on 05/02/2008, -0/+4A few million lab-rats, that is. You'd have to go in and out of the country many times before being pulled for a random complete search. hmmm... Or two lab rats that look like they're from the Middle East and say "Allah Akbar" just loud enough to be overheard...
  • tnoy, on 05/02/2008, -0/+1I'm going to start traveling with encrypted copies of the Constitution.

    THAT would lead to a good laugh.
  • Fetching more discussions...
    Show 51 - 60 of 60 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.