[IP] more on Police Blotter: Laptop border searches OK'd

Fri Jul 28 12:43:18 PDT 2006

Dave -

For IP on the laptop border searches:

I'm suprised that no one else has mentioned this so far, but this
type of situation is one of the many excellent reasons to use an
encrypted filesystem on your laptop hard disk, and to set up other
types of security.

For example, my PowerBook G4 is set up to use the built-in feature of
OS X called FileVault, which encrypts the user's home directory.  The
home directory on OS X contains the browser cache for Safari,
Firefox, and Camino, and I have to assume, any other browser cache
for Opera and other browsers.

I have also set an Open Firmware boot password.  See
http://www.apple.com/downloads/macosx/apple/openfirmwarepassword.html
for details.  When I travel I never put my laptop to sleep, but
rather I shut it all the way down.  This is marginally less
convenient, but it means that if my laptop is stolen or confiscated,
the Open Firmware password will be the first thing that the attacker
sees.  Supposing that is broken, they will then have to deal with
logging into my laptop.

My root account is disabled, like all OS X installs.  I have my login
preferences set to not show the usernames on the computer, so the
attacker will have to guess both a login name and password.

If the attacker were to take the hard disk out of my laptop and make
an image of it with forensic software, they would find an encrypted
partition.  I'm sure the NSA probably has the horsepower to throw at
cracking AES-128 encryption, but chances are my laptop will never get
to them if we're talking about local law enforcement.

For those in the Windows or Linux world, you can set a BIOS password
on your laptop which is very similar to the Open Firmware boot
password for Apple Hardware.

Windows XP and Windows 2003 both include support for encrypting
filesystems using DESX or 3DES, via the Encrypted File System.  PGP
Corp sells a product called "PGP Whole Disk Encryption" for Windows
2000 & XP that uses AES-256 encryption.

Linux users can make a loopback encrypted filesystem for storing
anything they wish to be encrypted.  See http://www.tldp.org/HOWTO/
Cryptoloop-HOWTO/ for details.

I don't believe it is a crime in any US Federal or State law, or in
Canadian law, to set passwords and use encryption.  In the US, I
believe that a warrant would be necessary for law enforcement to ask
for your password, but I don't know if you have to comply.  IANAL.

--
Roger J. Weeks
Systems & Network Administrator
Mendocino Community Network
Now offering DSL across California

-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]