[liberationtech] Travel with notebook habit

Fri Dec 28 00:49:05 PST 2012

..on Thu, Dec 27, 2012 at 07:36:16PM -0600, Matt Mackall wrote:
> On Thu, 2012-12-27 at 23:56 +0100, Radek Pilar wrote:
> > Full HDD encryption (including swap space and hibernate file) and
> > powered down or hibernated (s2disk) machine is the only way to go.
> 
> Expect that if you're a target of state oppression that your laptop WILL
> be taken away from you for hours at border crossings. This was a routine
> occurrence for me between 2001 and 2006 or so. Fortunately for me, I
> didn't warrant the big guns: the customs officers involved usually
> reported their techs being completely thwarted/baffled by my Linux
> screensaver.
> 
> However, it would be fairly straightforward to take apart a laptop,
> install a hardware keylogger inside, and reassemble it in that sort of
> timeframe, then recover your key and decrypt your laptop on your return
> trip. So unless you have some sort of tamper-proof seals on your laptop,
> you can't trust it once it leaves your physical possession.
> 
> Also note that encryption is NOT sufficient. Canadian customs officials
> have demanded that I log in to my laptop so they could peruse my photo
> collection (?!) as a condition of entering the country and/or being
> released from customs. It's easy to imagine much more severe coercion if
> the authorities are actually interested in your data. Not having a hard
> disk is excellent defense against such coercive privacy invasions but
> encryption is not. Since then, I've personally started keeping a dummy,
> empty account on my laptop for basic deniability: nothing to see here
> but my travel itinerary, can I go now?
> 
> But if the operational security or privacy of your laptop actually
> matters and you must take a laptop, I have to agree with Jacob: don't
> travel with your data. Same applies for cameras and phones.

This is why I personally think it's wise to carry just a skeleton system over
the border on a bootable USB stick, with full disk encryption.  Once on the
other side of the border, securely download the data required (as I said in last
post). 

Sticks are easier to throw away/hide and if your laptop is stolen/seized within
the country your data doesn't have to go with it - the stick's in your pocket or
in your sock when walking around. Before you cross the border again the stick
should be physically destroyed. This is better than trusting data deletion. 

It can be smart to have a stock standard Windows install on the physical
hard-disk that wakes from sleep on lid-open with a picture of you and a dog
laughing in the sunny grass. Invite them to browse around and find nothing.
Never use that Windows install, of course. Boot Debian GNU/Linux or BackTrack
Linux on the stick. 

I've been extensively questioned at the border on a few occassions over the
years /because/ my laptops don't have a Desktop as such, no icons either. Both
my arms were grabbed at the Australian border as I reached to type 'firefox' in
a terminal, to start the browser in an attempt to show them a normal looking
environment. 

Terminals at the border are not a good idea.

To avoid the machine being tampered with, invest in a solid state netbook and
super-glue the shell together. It's not a crime.

Cheers!

-- 
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE