Flutterby™! : DHS clarifies laptop rules

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

DHS clarifies laptop rules

2008-08-01 15:19:09.647218+00 by Dan Lyke 9 comments

DHS clarifies their rules and behavior on laptops and other electronic devices at the border of the United States:

Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons ...

ie: You take it over the border, it's theirs if they want it for as long as they want it. If you care about your data, encrypt it and send it via the internet, not on physical media.

[ related topics: Politics Privacy Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2008-08-01 16:54:27.037835+00 by: JT

If I can buy a 4G flash drive for $15, it seems like a much more viable alternative. I currently have a 2G which I barely have at 50% capacity which won't bother me a bit if it gets lost or confiscated since it's encrypted already. I previously had quite a large issue with TSA wiping my hard drive at San Antonio International (SAT) a few years ago when they didn't understand how to use or properly shut down slackware. Of course, back then I had a 16MB usb key I paid $40 for which couldn't quite hold enough to consider it a replacement.

#Comment Re: made: 2008-08-01 16:57:46.504544+00 by: meuon

The premise of Johnny Mnemonic circa 1995 was that the "net", and borders were unsecure enough to require couriers to embed data internally in "wet" devices that masqueraded as medical implants.

As I am getting ready for a lot of traveling in and out of the country, I am fighting urges to have files named 'lolita-pornXXX.mpg' that are actually just huge text files that are repetitive copies of the Constitution and the Bill of Rights on my laptop and USB drives...

And just in case anyone needs reminding:

Article the sixth [Amendment IV] - The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

So this leaves us with creative options for transporting sensitive, interesting or mundane materials:

FedEx, UPS and if digital: SSH/SCP and PGP/GPG are useful tools to transport things over the net fairly securely.

I've already been warned by the OEM about transporting some special USB dongle devices that look like USB drives that they drive DHS nuts and may be confiscated as encrypted drives, when they are actually expensive hardware based encryption/token generation devices. But thay have already had issues with DHS and now say "Fed-Ex them in advance".

It's a strange world out there, and it's going to get stranger.

And I doubt Obama OR McCain getting elected will change much.

The "Terrorists" have won. Our winning would have been having sniped/bombed/buried Osama bin Laden in Afghanistan quickly and decisively and gone back to life without all these insane and ineffective measures.

#Comment Re: made: 2008-08-01 18:04:54.563304+00 by: Dan Lyke

JT, the article makes clear that they've no compunctions at all about confiscating your flash drive as well.

Meuon, it's looking more and more like FedEx/UPS shipping of items separately from travel is the only reasonable way to deal with getting physical objects there.

And, yeah, I hate that the Bill of Rights is currently being interpreted as only applying to U.S. Citizens on U.S. soil.

#Comment Re: made: 2008-08-01 18:50:35.166344+00 by: ebradway

I would assume that "laptop" really means any kind of digital media - likely including cell phones. And after seeing what the DHS did to RepRap, FedEx'ing anything important just seems common sense.

#Comment Re: made: 2008-08-01 23:08:42.266166+00 by: JT

The point I was making is that losing a $20 thumb drive with encrypted data means a lot less to me than a $1200 laptop.

#Comment Re: made: 2008-08-01 23:46:09.644405+00 by: Dan Lyke

JT, got it.

#Comment Re: made: 2008-08-02 01:25:40.864271+00 by: meuon

JT. Will you surrender your passwords for the encrypted thumb drive?

If yes, I'm sure they won't find much but some sappy pictures of you and family having fun somewhere, and some Farkish funny images of very small dogs in cute hats.

If no, how long will the detain you.. miss your flight? miss the next one? miss all of them?

I have nothing personal to hide on my laptop, I have a lot of interesting business things they do not need copies of, but that can have as many copies as they want. I now have a few business things they can NOT have copies of. Period.

#Comment Re: made: 2008-08-02 01:56:10.539498+00 by: JT

Two passwords, one with random bs, pictures of me hiking in Tioga Pass and camping at Shamrock Lake, the other password takes you to the stuff I don't want people to find, which are much smaller files and hidden when you only use the first password.


#Comment Re: made: 2008-08-02 13:20:24.49585+00 by: meuon

Like I said.. "If yes, I'm sure they won't find much but..." And if you get someone a little higher up the food chain, they may know of TrueCrypt and other such methods.

Which leads to a new rant: I bought just a couple of cheap "Sandisk U3 Cruzer" 2gb USB sticks, which keep reinstalling their crapware (even after fdisk and reformatting, if I format to DOS instead of ext2/ext3). Which tells me there are other things running inside that thing and another memory space area. Which convinces me it is not to be trusted. As I use it for a data shuttle I need the DOS format, and the crapware keeps appearing. Note: One of the crapware functions is an "encrypt" function I don't trust either.

Which leads to my next issue.. keeping some professional paranoia to effective levels and not going too deep down the rabbit hole. Which in todays messed up world is pretty easy to do.