..on Thu, Dec 27, 2012 at 07:36:16PM -0600, Matt Mackall wrote:

On Thu, 2012-12-27 at 23:56 +0100, Radek Pilar wrote:

...

Full HDD encryption (including swap space and hibernate file) and powered down or hibernated (s2disk) machine is the only way to go.

Expect that if you're a target of state oppression that your laptop WILL be taken away from you for hours at border crossings. This was a routine occurrence for me between 2001 and 2006 or so. Fortunately for me, I didn't warrant the big guns: the customs officers involved usually reported their techs being completely thwarted/baffled by my Linux screensaver.

However, it would be fairly straightforward to take apart a laptop, install a hardware keylogger inside, and reassemble it in that sort of timeframe, then recover your key and decrypt your laptop on your return trip. So unless you have some sort of tamper-proof seals on your laptop, you can't trust it once it leaves your physical possession.

Also note that encryption is NOT sufficient. Canadian customs officials have demanded that I log in to my laptop so they could peruse my photo collection (?!) as a condition of entering the country and/or being released from customs. It's easy to imagine much more severe coercion if the authorities are actually interested in your data. Not having a hard disk is excellent defense against such coercive privacy invasions but encryption is not. Since then, I've personally started keeping a dummy, empty account on my laptop for basic deniability: nothing to see here but my travel itinerary, can I go now?

But if the operational security or privacy of your laptop actually matters and you must take a laptop, I have to agree with Jacob: don't travel with your data. Same applies for cameras and phones.

This is why I personally think it's wise to carry just a skeleton system over the border on a bootable USB stick, with full disk encryption. Once on the other side of the border, securely download the data required (as I said in last post). Sticks are easier to throw away/hide and if your laptop is stolen/seized within the country your data doesn't have to go with it - the stick's in your pocket or in your sock when walking around. Before you cross the border again the stick should be physically destroyed. This is better than trusting data deletion. It can be smart to have a stock standard Windows install on the physical hard-disk that wakes from sleep on lid-open with a picture of you and a dog laughing in the sunny grass. Invite them to browse around and find nothing. Never use that Windows install, of course. Boot Debian GNU/Linux or BackTrack Linux on the stick. I've been extensively questioned at the border on a few occassions over the years /because/ my laptops don't have a Desktop as such, no icons either. Both my arms were grabbed at the Australian border as I reached to type 'firefox' in a terminal, to start the browser in an attempt to show them a normal looking environment. Terminals at the border are not a good idea. To avoid the machine being tampered with, invest in a solid state netbook and super-glue the shell together. It's not a crime. Cheers! -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE