
What happens if authorities seize your laptop? - drucken
http://www.bbc.co.uk/news/magazine-25458533
======
joshka
"Or you can scrub your laptop clean, storing everything on an external hard
drive that you leave at home. Then you know you are safe from prying
authorities, at least at the border."

That is unless you believe that those prying authorities have the will and the
way to leave an undetectable backdoor in your laptop. Breaking the chain of
custody in any laptop today is akin to destruction of trust in that device.
Who is responsible then for paying for this damage?

~~~
nhaehnle
I would second this. We know for a fact that the NSA uses BIOS malware. I
don't believe we know for a fact that such malware is routinely installed by
border guards, but it's not a very far-fetched worry at this point.

The technical expertise required to do so is very limited as long as you don't
password-protect the BIOS: Basically, they only need to be able to plug in a
USB stick and reconfigure the BIOS to boot from it.

In other words: If you leave your laptop outside of your physical control for
even a few minutes, you may have to assume that it is totally compromised as
long as you don't have a BIOS password.

If the laptop is outside of your control for a longer period of time, you
probably have to assume that it has passed through the hands of somebody with
sufficient technological know-how to work around the BIOS password as well.

~~~
drdaeman
Isn't BIOS passwords useless?

For non-soldered but socketed BIOSes I think one can just take chip out and
put it into your wallet, possibly, covering some pins with some dissolvable
insulating substance. For soldered SPI EEPROM chips with known pinout, I think
one can reflash the chip afterwards.

~~~
daxelrod
BIOS passwords are not always useless, depending on model.

I had a Thinkpad T42 on which I managed to set a password for editing BIOS
settings that I did not remember.

I the laptop into IBM for repairs to the monitor, and as part of their repairs
they needed to get into the BIOS settings (I believe to run a diagnostic).
Their solution was to replace the entire motherboard.

~~~
drdaeman
Well, guess it were hardware types, who performed the repairs, or they just
didn't have necessary equipment (an AVR board like Arduino or PC with an old
parallel "LPT" port will suffice, hardware-wise) at hand, so it was easier for
them to solve it that way. :)

I was 99% positive the same could be achieved by messing with EEPROM. And,
indeed, less than 10 minutes of searching yielded this unsurprising result:
[http://arduino.ada-language.com/recovering-ibm-
thinkpad-t42-...](http://arduino.ada-language.com/recovering-ibm-
thinkpad-t42-bios-password-with-avr-ada-and-arduino.html)

tl;dr: Nope, T42's BIOS password is _not_ secure if you allow anyone with
necessary hardware to touch the motherboard for a minute. TPM may (depending
on the laptop model and firmware revision) prevent password recovery but will
likely not prevent anyone from resetting them - at least this seems to be the
case with Thinkpads. Next time I'll clean dust from my X300, maybe I'll
remember this thread and check its EEPROM too. :)

So, do _not_ rely on BIOS passwords as a strong security measure.

------
a3n
Activists and other "interesting" people have their own particular security
problems.

For most of the rest of us, we really have no data of any interest to the
authorities. That doesn't mean we shouldn't care about data security, if
that's important to us. But it's not the real problem with border
confiscation.

The real problem is not having your hardware or software tools at your
destination.

So don't bring any hardware or data that you can't afford to lose. Certainly
don't bring anything that you're emotionally attached to, particularly
inbound.

Either don't bring anything, and buy it all at the destination, or just bring
the cheapest stuff you can use productively, and be prepared to replace it at
the destination.

The NSA already has my email. But I'd hate to be without a camera, or phone,
or laptop, or data, or whatever other tools I was going to use at the
destination. Plan for that, it's the more likely and practical threat.

------
zacinbusiness
Is it possible to encrypt two files together with two different keys? Say I
have my class notes from freshman Latin and I have my plans to take over the
world. I encrypt them together into a single file
"dont_read_super_secret.encrypted" and if I enter "fuzzykitty98" as the key
then I see only the notes. But if I enter "downwithfreedom2000" then I see
only the diabolical plans. Is that possible?

If anyone builds this app, I'd like a slice of the pie, please :-)

~~~
valarauca1
It'd be possible but difficult.

I don't know how to do it without some kind of markup / document system (no
morning coffee yet). I figure it wouldn't be that hard.

You could use a TDMS file(v1), which each channel is an item. When ran you
give the program a password, which it checks against each channel, calculating
the salted hash of your password. When it finds a matching hash it decrypts
the document (saved as data within the channel).

This gives you a lot of plausibly defensibility because nobody understands
TDMS file structure, not even people who work with them (it is an open
standard, just nobody cares). And secondly, you decrypt the document and you
get something out, even if that something isn't exactly correct.

I could likely push out a windows version by Saturday I guess if you don't
mind it'd be using SHA-256 instead of [b/s]crypt for password checking. Maybe
future updates to include some form of internal compression + some type of
signing who last modified the document(s).

~~~
zacinbusiness
Knock yourself out. People will be buying anything that they think can keep
their data safe, so someone may as well come up with a decent solution. We can
build it and let the HN community battle test it. Split on profits can be
60/30 as you're doing the work :-)

~~~
valarauca1
Battle testing is a horrible way to prove crypto works, from the outside
looking even horribly done crypto looks secure.

~~~
zacinbusiness
Yes, comments like this actually are what I'm looking for. We need to develop
real tests.

~~~
valarauca1
The only real test is to make it open source. There isn't a lot of money in
cryto done correctly, that is closed source. Because without public audits its
impossible to know you've done it correctly, and even if you have, the public
perception will be you haven't due to its closed-source-something-to-hide
nature.

~~~
zacinbusiness
Makes sense to me. I've always wanted to get involved in a cool open source
project. Anyone want to get this started? Make it a free time activity or
something? Or are there already better solutions out there? No need to
reinvent the wheel.

~~~
valarauca1
Not in this direct line of software of the encrypt multiple documents and only
out 1 based on pass-phrase, this would be unique (as far as I can tell).

True crypt tells you how to set this up, but not do this automatically. Also
it would require you selecting which volume, not just "insert password get
document"

This would offer a higher degree of plausible-deniablity, and portability, by
making it a file its not tied to one location. The structure of the file, and
multiple hashes also grant plausable deniability why you can't just decrypt
the entire file in one go and compare the 2 documents SHA hashes.

Would it stand up in court? No. It would help avoid less tech savvy people.

------
nmc
A frightening thought: if it was practical to search _each and every device_
going through the border, they probably would do so.

Happily enough, statistical sampling techniques can make that possible [1].

[1] S. Garfinkel. Searching A Terabyte of Data in 10 minutes.
[http://simson.net/ref/2013/2013-01-07%20Forensics%20Innovati...](http://simson.net/ref/2013/2013-01-07%20Forensics%20Innovation.pdf)

------
thirdsight
I don't travel with any hardware other than a DSLR and then I mail the SD
cards home. I'll use internet cafes and my phone and that is it.

It gets broken, searched, x-rayed, fucked up and generally treated like shit.

At Zurich airport, they managed to break my old IBM T42. Had to get my company
at the time to courier a new one overnight from the UK by road which cost
£1150 just for the courier.

------
markeganfuller
"During their inspection of your laptop, the authorities will disregard files
that are not germane to their investigation, says Rosenzweig, explaining that
the official policy is to 'flush all non-criminal data'."

How exactly do they tell the difference, what if I use steganography to hide
stuff in my family pictures? They won't flush anything, they will keep
everything in case it's relevant.

------
powertower
> Between October 2008-August 2009, for example, more than _220 million people
> travelled to and from the US_ , according to Department of Homeland Security
> officials.

> During that time authorities searched about _1,000 laptops_ carried by
> travellers.

We don't live in the police state that most Snowden and Kim Dotcom supporters
here tell us that we do.

I get really tired of seeing anecdotes used to represent the average.

~~~
iaskwhy
Tangential. One of the reason I love "V for Vendetta" is how it shows how
normal it is to live under a dictatorship. Thing is, for most people, there's
almost no difference, mainly during the most recent dictatorships. But for a
very particular minority, life is very very different. I should know, I'm
currently in a country where 50 years ago there was a dictator and it's not
uncommon for normal people to claim how things were maybe better during those
decades. Well, my grandfather, tortured by the state police for being part of
an union, wouldn't agree. But for the other 99% of the population, life was,
give or take, just as it is.

~~~
powertower
> But for a very particular minority, life is very very different.

That's pretty much true for any and every society.

~~~
iaskwhy
Can you expand on that?

------
mindslight
This has been the case for some time, and I doubt the unaccountable
bureaucracy is going to change. So the only thing we can do is disrespect,
mitigate, and undermine.

Here was my ad-hoc procedure from traveling internationally a few months ago
(tourism), with a prior of not really expecting to be hassled on the way
there, but unknown for the way back:

1\. Choose the laptop I'm least likely to miss in the case it gets stolen by
JBTs, with respect to the functionality I require.

2\. Wipe(1) the first 10MB of disk (has only ever been LUKS), then one
/dev/urandom pass into the entire thing. (In retrospect, zeros may have been
better than random)

3\. Reinstall Debian, with a passphrase I don't mind giving up. Sync over only
files that I don't mind giving up.

4\. Go through Japanese customs - the only question asked was "Are you with
him?" (friend in front of me).

5a. At this point, I possess a still uncompromised machine at the destination,
with stored ssh host keys, etc. When (last-minute) prepping, this possibility
didn't quite occur to me. Not being prepared to take full advantage of this
was regrettable.

5b. (If machine had been molested, I would have not logged into my privileged
accounts at all. For the most part I didn't have to anyway, but since I wasn't
fully prepared it came in handy once or twice)

6\. For return, wipe first 10MB of disk again, then one /dev/zero pass to the
entire thing (so there was no argument that I had encrypted data). Then
mkdosfs on a whole-disk partition for derp-nothingness. (This was done with a
Debian install image written to an old flash drive I had with me for the
purpose. My only concern at this point is the hardware getting stolen.

7\. Take hard drive out of laptop so that it is a separate device. This would
most likely increase suspicion, but make them even less justified in stealing
the whole machine (not that this would stop them).

8\. Get waved through coming back through USG because laptop "searches" aren't
actually that common for people not on the primary watchlist (everyone is on
the secondary watchlist). Still, I will do the same thing next time, and think
it irresponsible to not.

There are of course improvements that could be made to this, including a small
default-booting "nothing to see here" install, with file times etc
automatically adjusted. Automatic copying of machine credentials etc when
you're at your destination. Using a separate partition instead of the flash
drive. And of course automation of the process so it's easy for everyone to do
:)

~~~
toomuchtodo
What tools could be used to boot off a trusted, non-writable USB stick to
checksum the BIOS?

Difficulty level: Macbook Air

~~~
mindslight
Well, that's a completely different problem. If you travel frequently and your
gear gets stolen for a few days at every border crossing? At the very least,
I'd look into a laptop that was easily field-strippable, and figure out how to
verify non-volatile storage with an external device, at least on return. And
never fully trust the machine again either. Note that this problem is what
TPMs purport to solve, but that doesn't help you against a major government
which will demand a backdoor from the manufacturer.

My laptop was never touched by customs - had it been, my plan was to never
trust the machine again.

Most people are in my situation - never actually getting hassled but wanting
to protect themselves now that the gloves are coming off. In the future we all
may have to deal with device quarantines of a few days at every crossing (what
a boon to local sellers!) but that's not now.

------
ludoo
Hardware is cheap in the US, I'd leave my laptop at home and get something
cheap (either a Chromebook or a used laptop), then access/transfer data and
configuration over the net.

As for my phone, if I were in a position to be worried about customs
installing backdoors, I'd prepare a recovery zip beforehand with all my data,
then download it from my own server or a secure storage, and flash it after
passing customs. Or better yet, travel with a SIM and buy a cheap Moto G, the
resale value alone once back at home would make up its US price.

------
perlpimp
Such an inconvenience. They should reimburse the cost of the laptop say to
standard tune of 3-5k government cheques and allow for you to pick up your
laptop in return for the money, if you need it.

Full on encryption, tmp lock and filesystem hashing via tripwire then is
mandatory. Fun thing is that you can screw up the malware to send all kinds
nasty shit back to them, like trojans and viruses, PIF files and EXE files and
whatever might tickle your fancy. Then get your malware do maximum damage on
their network.

After all they hacked your laptop, they engaged in illegal activity and it is
only fare for you to punish them to the fullest extent of your technical
capability.

They cannot acknowledge the fact that they hacked your laptop without a
warrant.

etc.etc.

There's tons of fun to have this way. Since people who are doing these things
are expecting you to be retarded luser and so you can set a trap and have them
fall straight into that.

Make a blog post and example of malware and how to entrap the said
trespassers, what does malware do etc.

my 2c.

------
oracuk
I have seen the corporate response of only providing remote desktops via
browser and SSL to foreign (US) deployed personnel. Means the data never
physically crosses the border.

No clear players in this market for consumers though. Where is the consumer
remote desktop via browser+SSL that doesn't rely on a US hosted cloud service?

~~~
blueskin_
>Where is the consumer remote desktop via browser+SSL that doesn't rely on a
US hosted cloud service?

The one you host on your own infrastructure?

~~~
oracuk
Which software? Remote Desktop + SSL.

I don't know of a good self-hosted combination for that.

------
pcvarmint
You can hide your (encrypted) Micro SD cards inside fake nickels:

[http://www.amazon.com/dp/B006BFCOIE](http://www.amazon.com/dp/B006BFCOIE)

But really, it's safer to not physically carry data across the border, but to
access it over VPN or another secure tunnel while abroad.

------
etanazir
oh so, we must upload custom encrypted files somewhere obscure and scrub our
electronics before traveling; then download them again after we reach our
destination. and then this border seizure non-sense is really a waste of time.

------
qwerta
There is vague sentence "Afterwards you get your laptop back ", but not much
else. Perhaps it would be worth to create serious article on subject.

Who pays for damages?

If harddrive is separated from laptop, does it get seized as well?

What if I have 100GB of random data on hdd?

Is there obligation to provide technical support to officers? Not everyone
knows howto boot FreeBSD without bootloader.

Do I get written certificate of what was seized? There could be some bitcoins
on hdd...

------
nekgrim
1\. Backup your documents on Dropbox/GDrive/Whatever (edit: can be you
personal server. You can use Truecrypt, and not upload your datas uncrypted.
The point is that you must not have the datas on your pc when you pass the
border).

2\. Wipe your PC.

Optional 2.5. Download a bunch of fake personal files.

3\. Pass the border.

4\. Access Internet.

5\. Download your datas.

~~~
Shivetya
With the recent history of topics here about the NSA having back doors into
providers of services how is uploading your data where you suggest actually
going to protect you?

If anything, I would go to the point of screwing with border agents by having
tens of thousands of pictures of my dogs, kids, flowers, and whatnot, all with
naming similar to PICnnnnn or whatever is the current default of most digital
cameras. Having them given the wrong doc type would be a nice touch too.

Of course why not store your data on a SD card and just pop it somewhere they
are not bound to look?

~~~
logfromblammo
Make sure you include a few vanilla porn pics and only slightly embarrassing
drunken party photos. If they don't find some evidence of vice, they will
suspect it was just staged data, and they might keep digging.

~~~
jasomill
When border patrol agents are looking for narcotics, do you honestly think
they pass over the guy carrying rolling papers in favor of the one carrying
nothing remotely suspicious due to lack of evidence of vice looking "staged"
in the latter case? What's different about a porn- and photo-free hard drive
full of boring business reports and uninteresting browser histories?

~~~
logfromblammo
If they are seizing and searching your laptop, it isn't because you're
violating ITAR or carrying dual-use spreadsheets. There are few legitimate
reasons why the authorities should be at all interested in the data on your
devices when you are entering an area where both free speech and privacy are
considered rights.

Among other goals, they are assembling profiles on dissenters, to be used
against them later. If you give them something that appears legal but still
potentially embarrassing, that's disinformation that might save you from a
stronger attack later.

This differs from a narcotics search in that having data on electronic devices
is not a crime. They could not perform such a search anywhere but at a border
crossing.

------
plg
Can the authorities ever compel you to provide a password?

~~~
andrewcooke
in the uk you can be imprisoned (up to 2 years) for not revealing your
password. i am surprised the bbc didn't mention that (maybe i missed it?)

[http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingd...](http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom)
(also contains details for other countries)

------
Mithaldu
So is the only correct answer to package the hdd in a sales package, then send
it and the laptop separately with UPS or DHL in and out of the country?

------
salient
From what I hear, SSD's can't be wiped completely, so be careful with such
laptops (Macbook Airs, etc).

~~~
kps
Theoretically true, but practically misleading.

Each block of flash can be written only a limited number of times, so flash
drives (SSDs, cards, USB sticks) all have more blocks than are visible as part
of the disk. Drives internally rotate active blocks in and out of the spare
pool to try to keep the number of writes to each similar ('wear levelling').
When you write to a flash drive — including trying to overwrite data to
destroy it as someone might on a magnetic disk — it will generally pull a
block from the spare pool for the new data, and put the old block in the spare
pool.

The spare pool is invisible to the OS, but it is reasonable to assume that
there are ‘secret’ commands to access it — not because some TLA demands it,
but because the hardware/firmware engineers need it for development and
debugging.

BUT there is a great big BUT. Writing flash is a two-step process. Programming
flash can only change a 1 bit to a 0. Before this, there has to be a slower
erase step, that sets the block to all 1s. In order to avoid this performance-
killing overhead on every write, flash drives erase as much as possible
(whether spare pool blocks or TRIMmed visible blocks) in the background as
soon as possible.

