

Laptop security while crossing borders - mbrubeck
http://www.schneier.com/blog/archives/2009/07/laptop_security.html

======
mindslight
It also seems prudent to obfuscate your GRUB screen and have it quickly
default to Windows to avoid in-depth scrutiny (do the front-line thugs really
know any better?). It seems that once you've become an exception by telling
them that you can't/won't decrypt a volume, your laptop is probably getting
stolen regardless.

~~~
imajes
agreed. email i just sent to Scheiner:

Bruce,

I like what you came up with - but it has a really large problem in that, if
you are stopped and compelled to show your computer, you would become a
combatant by refusing to share information. You would immediately be seen as a
risk, get arrested, and then compelled to give up the name of an accomplice.
However, as you know, most of this is just theater- since you have nothing to
hide, the only real problem is the "in plain sight" provisions that could get
you in trouble for having a couple of downloaded movies on your desktop.

So how about this?

Get a larger than required laptop disk, and partition it, with one size being
a tradtional, smaller size. 250 or 120GB perhaps.

On the larger partition, stick your fave OS, work etc.

On the smaller, put a plain win xp install, with some fake data and so on.
Outlook with generated emails that look reasonably fresh and so forth.

Then, have a boot loader that can be configured to autoboot to either system
unless a special key combination is entered on system start.

This way, once you're done with your flight, you can encrypt your partition
and reboot into your "clean" system. Then, if you get stopped, you can happily
show the system. At that point, there really would not be any evidence for any
further search, so you would not easily be detained. You could also go further
by ensuring your clean system didn't see the other partition, and that you had
a sticker showing the hard drive size being the same as the smaller partition.

Ghost Drives.

simpler and safer than having to risk your machine.

~~~
pmorici
There is no point in altering the laptop hard drives sticker. If they have
gone through the trouble of opening the hatch to see that they are likely
going to just remove the drive and hook it up to their equipment at which
point it's going to be obvious there's more than meets the eye.

~~~
imajes
doubt it. given that new macs can show the harddrive with the simple removal
of a panel, i can see lots of "front line" cops try and make sure 1+1 = 2.
Would have to go to a lab to prove that it'd been partitioned, and that costs
money and requires warrants.

------
markpercival
I think Schneier's making a very dangerous and ignorant suggestion with his
latest post. He's not a lawyer, and yet he's dispensing advice that deals more
with legal issues than security ones.

There are two things that can happen when they ask to search your encrypted
laptop - you can decline, or you can give them the key. If you decline, no
matter what cockamamie reason you give, you're going to be dealing with a
legal matter, most likely seizure and possibly detainment.

Think about it, you get the same result by politely declining and asking for a
lawyer.

Bruce's 'solution' doesn't solve anything. The outcome is the same, only now
you have on record how you went to great lengths to prevent the border agents
from reading what was on your laptop. Whereas, if you just shut the fuck up
and wait for a lawyer, you can get legal advice before you say something
really stupid.

As for privileged communications, does he really believe that if they could
legally compel you to divulge the key, that they couldn't do the same to your
wife?

The legal system is not a logical system like your computer. Clever hacks
don't always work.

------
tptacek
If you were considering doing this, you might as well just DHL your encrypted
laptop to your location. Business travelers already ship critical stuff
instead of carrying it.

~~~
a-priori
Or you could send the key by letter mail to your destination instead of using
a third party.

~~~
mbrubeck
That's also suggested in the article, with one potential downside (you may not
know if your letter fails to arrive on time).

~~~
a-priori
Ah, thanks. I missed that paragraph.

------
geebee
Does anyone have a personal experience with getting their laptop searched?

I carried my laptop around between the US, Germany, and France earlier this
year, and no customs officials seemed even remotely interested in my laptop.
Other people I've talked to said the same thing... not saying it doesn't
happen, though - anyone got some input here?

~~~
iuguy
There are plenty of countries (particularly in the middle east) that will
search your laptop for no reason, particularly if you don't fit their idea of
what constitutes a laptop user (e.g. you carry two).

FTR I've had my laptop checked in the Americas, Europe, Middle East and
AsiaPac.

------
ews
Ok, (very very frequent) international traveller here, this is my advice:

Have two users on your machine :

User you with all your goodies (xmonad, etc) on /home/you , home mounted on a
different partition than / user alarm with a fake very visible and easy to use
gnome / emails mounted on /user/home/alarm

On the gnome init session of the user alarm , create a bash script to be
called as soon as you log into that account with the following content:

dd if=/dev/random of=/dev/partition_where_you_mounted_real_home ; rm
this_script (if you want)

------
27182818284
Before fingerprint scanners were as common in laptops as they are now, you
could totally freak out border guards. The fingerprint scanner would give them
the impression they were working with some really high-level, VIP person. Now,
of course, it has less of an effect or no effect as a lot more machines have
them.

------
lionhearted
I really don't like getting searched. I used to travel a lot, and often am in
a really big hurry leaving the airport - sometimes I overnight somewhere,
landing at 6AM and a meeting in a city center at 10AM. I've gotten searched
maybe a dozen times, on something like 300ish flights (including connections)
in my life. It's always a royal pain in the ass.

But it's happening less! Being into testing and what not, I tried paying
attention to how much scrutiny I got from security and border officials based
on how I was dressed.

Gregarious clothing - white jeans, boutique stuff, baby blues and purples and
pinks and such - more attention to me.

Neutral clothing - less.

Business casual - very little.

Taking it a step further, I got a new passport about 20 months ago. I had the
passport photo taken in suit and tie, replacing my old casual passport photo I
got in my late teens. That combined with dressing upscale business casual-ish
means way less searches. I used to get searched all the damn time when I had
long hair and was wearing gregarious clothing. Last year I made 20-some round-
trips with however many connections, and only got searched once - when I
accidentally was wearing a knee-length, blue Japanese synthetic fur-trimmed
ridiculous jacket from a Shinsaibashi-Suji boutique. And I looked down at
myself and sighed, because I usually change to a more casual/upscale jacket
and pack the rest. I was just being careless that day.

They mostly search people on gut instinct - I've never had any real problems,
except I don't like having 20-90 minutes of my life wasted.

~~~
geebee
I don't like getting searched either. A long time back, when I was thirteen
and moved back to the US with my family after living in France for a year, we
had to do the full-on customs interview. They let us take our Mac home, but we
had to come back to the customs office a week later to prove that we'd
purchased it in the US. Fortunately, computers aren't exactly considered
exotic and expensive things anymore.

I had a little apprehension taking my laptop over to Europe and back, mainly
because it would feel very uncomfortable to have someone open up my computer
and click around. And I really don't need a lecture from a customs agent about
my lack of unit tests, heh.

But ultimately, I'd guess that almost all business travelers carry a laptop
these days, and since electronic communication doesn't need to travel
physically on a laptop anyway, it seems like one of the lowest priorities for
a customs agent. It's easy to get in a huff, but ultimately, many of them
actually _want_ to do their jobs well, and wasting time on laptop searches
would probably be a major distraction from what they view as their real work,
anyway.

------
lucifer
This whole process is vulnerable to the water boarding attack.

