RE: [dave@farber.net: [IP] more on Police Blotter: Laptop border searches OK'd]

Hum. Is it possible to make a laptop boot up with a 'fake' (thouugh usable) directory tree? Of course, if the copss do the math (and they likely won't) they might be able too detect that there's a hell of a lot of nothing somewhere on the drive, but methinks one can also put fake info about the size of the disc and remaining space too. And then of course if this confiscated laptop ever sees online, it should squeal everything it knows about what's been attempted and/or accessed (ie, to you the rightful owner, of course). And if it stays on line then one should be able to remotely retrieve even the hidden and encrypted data. meanwhile, the cops wil continue to believe that you've just got some fairly banal usiness data on there. One good thing is that I think this battle will ultimately be won in favor of privacy. The statte can't really can't afford to train cops too be crypto experts. -TD

From: Eugen Leitl To: cypherpunks@jfet.org Subject: [dave@farber.net: [IP] more on Police Blotter: Laptop border searches OK'd] Date: Fri, 28 Jul 2006 19:37:34 +0200

----- Forwarded message from David Farber -----

From: David Farber Date: Fri, 28 Jul 2006 13:32:54 -0400 To: ip@v2.listbox.com Subject: [IP] more on Police Blotter: Laptop border searches OK'd X-Mailer: Apple Mail (2.752.2) Reply-To: dave@farber.net

Begin forwarded message:

From: Roger Weeks Date: July 28, 2006 12:43:18 PM EDT To: dave@farber.net Subject: Re: [IP] more on Police Blotter: Laptop border searches OK'd

Dave -

For IP on the laptop border searches:

I'm suprised that no one else has mentioned this so far, but this type of situation is one of the many excellent reasons to use an encrypted filesystem on your laptop hard disk, and to set up other types of security.

For example, my PowerBook G4 is set up to use the built-in feature of OS X called FileVault, which encrypts the user's home directory. The home directory on OS X contains the browser cache for Safari, Firefox, and Camino, and I have to assume, any other browser cache for Opera and other browsers.

I have also set an Open Firmware boot password. See http://www.apple.com/downloads/macosx/apple/openfirmwarepassword.html for details. When I travel I never put my laptop to sleep, but rather I shut it all the way down. This is marginally less convenient, but it means that if my laptop is stolen or confiscated, the Open Firmware password will be the first thing that the attacker sees. Supposing that is broken, they will then have to deal with logging into my laptop.

My root account is disabled, like all OS X installs. I have my login preferences set to not show the usernames on the computer, so the attacker will have to guess both a login name and password.

If the attacker were to take the hard disk out of my laptop and make an image of it with forensic software, they would find an encrypted partition. I'm sure the NSA probably has the horsepower to throw at cracking AES-128 encryption, but chances are my laptop will never get to them if we're talking about local law enforcement.

For those in the Windows or Linux world, you can set a BIOS password on your laptop which is very similar to the Open Firmware boot password for Apple Hardware.

Windows XP and Windows 2003 both include support for encrypting filesystems using DESX or 3DES, via the Encrypted File System. PGP Corp sells a product called "PGP Whole Disk Encryption" for Windows 2000 & XP that uses AES-256 encryption.

Linux users can make a loopback encrypted filesystem for storing anything they wish to be encrypted. See http://www.tldp.org/HOWTO/ Cryptoloop-HOWTO/ for details.

I don't believe it is a crime in any US Federal or State law, or in Canadian law, to set passwords and use encryption. In the US, I believe that a warrant would be necessary for law enforcement to ask for your password, but I don't know if you have to comply. IANAL.

-- Roger J. Weeks Systems & Network Administrator Mendocino Community Network Now offering DSL across California

------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]