Stego-empty hard drives... (fwd)

Albert P. Franco, II apf2 at ctv.es
Wed Sep 23 06:53:49 PDT 1998 


>From: Jim Choate <ravage at einstein.ssz.com>
>> From: "Albert P. Franco, II" <apf2 at ctv.es>
>
>> I can't imagine that anyone that wasn't already sure that you were playing
>> tricks with the HD would be able to detect either of these on a normal
>> startup. Again I think the key is that it would vastly expensive and very
>> time consuming for customs services to make more than a cursory check. More
>> and more people are carrying notebooks with them on trips and just like
>> most bag searching has ended due to very fast, but not perfect, technology,
>> notebook scanning is limited by the very important public factor--the
>> people waiting in line behind you will tend to get very anxious. :)
>
>That's a rationale for doing TEMPEST scanning I hadn't thought of. Since it
>is time consuming and takes special training (which means higher personel
>budgets that don't amortise over time like hardware) to operate a floppy
>scanner and interpet the results there are budget forces involved.
>

I snipped the rest, but your point ignores that they still have to scan my
hard drive for what they are looking for. So TEMPEST on top of the other
measures just makes things slower. Also the vast variety of computers and
clock speeds on the market today would make a 30 byte (10-20 clock cycles
... )BIOS patch virtually undetectable. Again...UNLESS they want YOU in
particular. 

I would be more concerned about a Unix-like OS on their disk-following THEM
to bypass my BIOS to read the HD. Of course, perhaps another way around
this may be to carry a couple copies of an NDA and an Acceptance of
Liability for Damages Caused contract. Tell the stooge at the counter that
your machine contains highly valuable commercial information and that if
it's damaged in any way, shape or form he/she will be held personally
liable. Offer the two documents for his/her signature as you explain that
since the procedure they intend to use is so fool proof (the stooge is sure
to quote the party line...) this would only strengthen your case that
damage or discloser to/of contents must be a direct result of negligence or
criminal intent on the part of the stooge.

"If you can't dazzle 'em with brilliance, baffle 'em with bullshit." It
works for Clinton!

Al Franco, II

More information about the cypherpunks-legacy mailing list