ForeSite is your team of designers, developers, and computer consultants for technology support, web development and network repair in the Hartford, CT and Worcester, MA areas.
Laptop Border Guide*
*Color Codes inspired by the U.S. Department of Homeland Security
If you travel across national borders, it's time to customs-proof your laptop.
Customs officials have been stepping up electronic searches of laptops at the border, where travelers enjoy little privacy and have no legal grounds to object. Laptops and other electronic devices can be seized without reason, their contents copied, and the hardware returned hours or even weeks later.
Executives have been told that they must hand over their laptop to be analyzed by border police--or be barred from boarding their flight. A report from a U.S.-based marijuana activist says U.S. border guards browsed through her laptop's contents; British customs agents scan laptops for sexual material; so do their U.S. counterparts.
These procedures are entirely legal, according to court precedents so far. A U.S. federal appeals court has ruled that an in-depth analysis of a laptop's hard drive using the EnCase forensics software "was permissible without probable cause or a warrant under the border search doctrine." One lawsuit is seeking to force the government to disclose what policies it follows.
The information security implications are worrisome. Sensitive business documents can be stored in computers; lawyers may have notes protected by the attorney-client privilege; and journalists may save notes about confidential sources. Regulations like Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and Gramm-Leach-Bliley may apply. A 2006 survey of business travelers showed that almost 90 percent of them didn't know that customs officials can peruse the contents of laptops and confiscate them without giving a reason.
Fortunately, you have some technological defenses against overly snoopy border agents. Keep reading for our easy-to-understand, Homeland-Security-inspired, color-coded News.com Guide to Customs-Proofing Your Laptop. (And no, we're not responsible if you end up cooling your heels in some Burmese prison for using PGP; check local laws and use good judgment.)
Threat Level Yellow
Let's assume you've already backed up your files before traveling in case your laptop gets seized for an indefinite period of time. The next thing to know is that merely setting an account password is insufficient.
Unless you use encryption, a customs agent can simply remove your laptop's hard drive, plug it into another computer, and peruse its contents. There are plenty of programs, including Guidance Software's EnCase Forensic, that let police extract every bit of data possible from that hard drive.
To guard against that, you can set aside a section of your computer's hard drive to be encrypted. This is the simplest approach because not all the files will be encrypted; the operating system itself and, in most cases, applications you use will remain unencrypted.
For Apple OS X users, FileVault does this by seamlessly scrambling the contents of your home directory (to enable, select the Security panel in Preferences and also click the "Use secure virtual memory" option). PGP sells volume encryption software for OS X and Windows. There's also the free TrueCrypt application, which runs on Windows Vista, Windows XP, OS X, and Linux.
Most people use encrypted volumes to do things like save sensitive files--think tax returns, bank and credit card statements, medical records, and so on.
But encryption isn't enough. Research published last month ("Lest We Remember: Cold Boot Attacks on Encryption Keys") demonstrates how encryption keys can be extracted from a laptop that's placed in sleep mode when the contents are retained in RAM. They haven't released the software to extract the contents yet, but it's not terribly difficult to write and you may not want to bet your privacy on government agencies being ignorant of this attack.
The solution is to let the contents of RAM decay by turning off your computer and letting it sit for a few minutes. A test they did showed that, after five minutes, the memory contents had completely disappeared and could not be retrieved.
Turning off your computer is especially important for OS X users, at least until Apple patches a security glitch that keeps account passwords in RAM. In the default configuration, the account password is the keychain password and yields passwords to wireless networks, Web sites, accounts accessed via SSH, network-mounted volumes, etc.
There's more. You'll want to delete cookies and browser-stored passwords for Web sites. Erase the cache and Web browsing history. Securely delete files not protected by the encrypted volume so they can't be undeleted at the border. Here are still more tips.
Another problem is that if customs agents have physical possession of your laptop and you can't see what they're doing, they can install spyware. (They have the technical ability to do so; let's put aside for the moment in which circumstances they would have the legal authority to do so. Besides, in some non-democratic regimes, questions about due process are irrelevant.)
There are at least three cases in which the Feds have, with a court order, installed spyware on a suspect's computer. As encryption becomes more popular, so will the use of fedware. There may be no easy way to detect it--security software vendors generally say they will--short of booting off of a DVD or another trusted device and checking the operating system for tampering. Linux users can use a Knoppix CD or DVD for this.
Threat Level Orange
All these extra steps are irksome, and stem from the fact that
Threat Level Yellow with an encrypted volume doesn't completely
protect you.
Why not? Unix-derived systems including Apple's OS X store details about VPN usage and user login times in unencrypted form. Some applications including Thunderbird save working copies of documents in an unencrypted area (/tmp or /private/tmp) outside the home directory. And the contents of the computer's virtual memory file may be readable as well.
That brings us to Threat Level Orange, at which point you should
encrypt everything. That means you won't have to worry about
whether applications leak data outside the virtual safe of an
encrypted volume. (Read More at CNet.com)