If You Aren’t Doing Anything Wrong

You have nothing to hide. I found some chilling news that everybody already expected from Says Uncle. Apparently the TSA has been searching the electronic devices of travelers and going so far as to copy files and send them to third parties. From the link:

• In a span of just nine months, CBP officials searched over 1,500 electronic devices belonging to travelers. Under the current policy, they were not required to justify a single one of these searches.

• Travelers’ laptops are not the only devices at risk of being examined, detained, or seized by the government. In fact, cell phones were the most commonly searched and seized devices between October 2008 and June 2009.

• Other types of devices that were searched and detained during this time period include digital cameras, thumb drives, hard drives, and even DVDs.

• Between July 2008 and June 2009, CBP transferred electronic files found on travelers’ devices to third-party agencies almost 300 times. Over half the time, these unknown agencies asserted independent bases for retaining or seizing the transferred files. More than 80 percent of the transfers involved the CBP making copies of travelers’ files.

We need to have a chat for a second. When you have sensitive information it should be encrypted. A great tool to created encrypted partitions is TrueCrypt. It’s a great utility that even goes so far as to allow you to create hidden encrypted partitions in such a way you have plausible deniability should you be asked for the encryption key to a hidden partition (You can’t prove it’s there so they can’t hold you indefinitely if you say there isn’t one). On all of my computers my entire home directory is encrypted (Mac OS has a feature called FileVault that allows for easy home directory encryption). Furthermore important files are then put into a TrueCrypt partition.

Another option to consider when traveling with important and secure data is to not have it on any device you travel with. Put the information on a server and download it when you get to your destination. Some companies have started doing this practice. Nobody can get your data if it doesn’t exist.

Either way this is important and scary information. I know almost everybody assumed this was the case but it’s finally been confirmed. Encrypt everything, period.

2 thoughts on “If You Aren’t Doing Anything Wrong”

  1. If you encrypt when coming through customs from outside the country if you don’t give them the key they can just confiscate the equipment. Far better to travel with a laptop that just contains OS and Browsers without personal data and VPN into your data.

    1. Not have the data on the machine certainly is the best and most secure option. But in order for that scheme to work you need to have a guarantee of Internet access when you arrive at your destination. Although Internet access is pretty prevalent it’s not a 100% guarantee. Sometimes you need to travel with your data.

      That’s why TrueCrypt is nice. You can create an encrypted partition and then a hidden partition within the original. Load the first encrypted partition with important looking data that in all honesty you can live with being divulged. Then you put the actual data you want secured into the hidden partition. There isn’t a mechanism to know if there is a hidden partition, it can’t be proven. So you can decrypt the file and satisfy the TSA.

      Taken further if you run Windows you can actually have a hidden OS installation when using TrueCrypt’s full system encryption. That way you can boot your dummy OS, provide data to the TSA, and close it down without them being any wiser to the fact.

Comments are closed.