Reason Magazine

kilroy|8.28.09 @ 10:55AM|#

http://www.truecrypt.org/

jtuf|8.28.09 @ 10:55AM|#

My old rabbi used to get searched every time he went to Russia. Of course, back then, it was the Soviet customs agents who did the searching.

ktc2|8.28.09 @ 10:55AM|#

It's for the children!

Why do you hate children?!

|8.28.09 @ 10:56AM|#

This policy is complete horsehit. No one shows up at the border with terrorist plans on their laptop. Yes, you will catch the occasional pervert but that is about it. They always talk about how they can get all of this information to aid investigations. That is bullshit. The information on a laptop, like numbers and names, only means something. if you already suspect the guy is a criminal, in which case you can get a warrent.

Yes, I suppose that we will occasionally get the one in a million shot of the guy who has Osama Bin Ladin's satillite phone number in his contract list. But to get that one guy we have to violate the privacy of millions of people. It is hardly worth it.

The continuation of this policy shows the idiocy of people who voted for Obama knowing he was an economic leftist but thinking that he would somehow be better on civil rights than the Republicans. Sorry, Obama just gives up Bush era disregard for privacy with a big heaping helping of socialized medicine and multi-trillion rather than billion dollar deficits to wash it down.

|8.28.09 @ 10:59AM|#

The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.

Newspeak; it's real, and it's HERE.

|8.28.09 @ 11:01AM|#

I live on my laptop, so I would never dare take it on an international flight, just on the off chance they decided to search it and then get it back to me at their leisure. I'd have to buy a secondary laptop and transfer only what I needed for the trip. That way I could handle not having it for a few days/weeks.

Remember, the Supreme Court says you have no 4th Amendment rights while crossing the border. Thanks, SCOTUS!

|8.28.09 @ 11:06AM|#

Epi,

I wouldn't worry. They only searched 46 laptops last year. They can't search every or even a significant portion of the laptops crossing the border.

That makes this policy even more infuriating. If they did it to everyone, they would at least be uniform and have a hope of catching a few bad guys. As it is, it is just a license for CBP to fuck with you that provides no tangible security benefit.

Also, this is a lot worse than the NSA wiretapping program. I consider someone going through my compter and e-mail without a warrent or suspicion to be a lot worse than listening to the odd phone call.

T|8.28.09 @ 11:06AM|#

http://www.truecrypt.org/

And go with the hidden volume approach. Give them the BS password and whistle cheerfully as you go on your way.

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing.

|8.28.09 @ 11:10AM|#

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing.

Of course. But if they don't like your face (and I imagine you suffer from that a lot), they decide to take your laptop for "further inspection" and then maybe you get it back in a few weeks.

That's why, even if there is very little of this going on, I'd still want to use a secondary laptop, because you never know when some petty DHS tyrant is going to decide to fuck with you.

|8.28.09 @ 11:10AM|#

"And go with the hidden volume approach. Give them the BS password and whistle cheerfully as you go on your way.

Seriously, anybody with an ounce of sense can defeat the kind of cursory inspection they're doing."

That will just cause them to seize it and send it back to the lab to let their computer forensic trolls go after it. Good luck getting it back.

T|8.28.09 @ 11:10AM|#

Of course, that doesn't mean that should be allowed to do the inspection. But given the well established case law that the border trumps the Constitution, best to protect yourself.

T|8.28.09 @ 11:14AM|#

That will just cause them to seize it and send it back to the lab to let their computer forensic trolls go after it. Good luck getting it back.

John, I suggest you read up on how the whole system works. You have two passwords for your encrypted volumes. One opens one set of files, the other opens up another set of files. Set up some dummy crap in one volume and give them that password. Your real data remains secure in the other volume, which is invisible to the OS. They can't search what they don't know exists, and giving them a password shows you're a dutiful citizen with nothing to hide.

|8.28.09 @ 11:14AM|#

I want a laptop with 20g of ram, and a 2g hard drive. With a memory card slot. Can somebody get on that for me?

Linux, of course.

|8.28.09 @ 11:17AM|#

Ok T. Then maybe it would work. Of course it is not like terrorist and criminals won't do the same thing further rendering this already useless and offensive program useless.

Vehical Driver|8.28.09 @ 11:22AM|#

This is so stupid. It is trivial to encrypt your data in a way that would require a CIA supercomputer working weeks to decrypt it... assuming you aren't using a one time pad, in which case it is impossible to decrypt it.

|8.28.09 @ 11:26AM|#

T, I don't want to give government forensics people too much credit, but any system like truecrypt is out there and they'd know about it, and how to look for it. Just because it's invisible to the OS doesn't mean the file system on the hard drive doesn't know about it.

I would think that if they bothered to bring in a laptop, things like truecrypt are the first thing they'd look for. I would.

That's why I say you get a cheap ass secondary laptop, and put on it only what you need for the trip. If by some chance it gets taken for inspection, you don't care nearly as much.

T|8.28.09 @ 11:28AM|#

Of course it is not like terrorist and criminals won't do the same thing further rendering this already useless and offensive program useless.

Yup. It's not even security theatre, it's a straight up fishing expedition. I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it.

|8.28.09 @ 11:30AM|#

any system like truecrypt is out there and they'd know about it, and how to look for it.

At one point, I believe, the government was trying to force anybody who makes a commercial encryption system to give them the key; what happened with that?

kilroy|8.28.09 @ 11:30AM|#

"in which case it is impossible to decrypt it."

If you can decrypt it, someone else can decrypt it. It just may take an extremely long time.

kilroy|8.28.09 @ 11:36AM|#

Encryption technology is still considered munitions by the US. You need permission to export any cryptographic system, the software or hardware that performs the encryption. Keys are usually generated during the use of a cryptosystem not a part of the system itself.

For practical purposes all the main systems are available from non-US sources.

T|8.28.09 @ 11:40AM|#

Epi,

Just like every other government agency, if they've decided to fuck with you hard enough, you're hosed. They'll just snatch the box and you're screwed. (Should I stress again the importance of backups?) But using the hidden volume approach gives the appearance of cooperation, which may get you and your laptop out of there together.

Alternatively, keep your data on an SD card. It shouldn't set off a metal detector, so you should be able to skate right through customs with it with no one the wiser.

While the policy is reprehensible and (IMHO) unconstitutional, it's damn near trivial to avoid running afoul of it if you know it's there.

alan|8.28.09 @ 11:41AM|#

Set up some dummy crap in one volume and give them that password. Your real data remains secure in the other volume, which is invisible to the OS. They can't search what they don't know exists, and giving them a password shows you're a dutiful citizen with nothing to hide.

An alternative compact sized OS on a flash drive (say Damn Small Linux for examining Windows, or my personal favorite, you can find here www.menuetos.net for anything else) will bypass any particular OS protections.

But say if you have data that you are really paranoid about, like The REAL Aarchist Cookbook, you could convert the text to an .ntx file, scramble this text with a simple program you write yourself, so long as you can keep it in your head the necessary means of getting it back to the original sequence, copy the print to a series of jpegs, dig out your Family Guy First Season DVD you would not ever watch again if you had to, paste the jpegs every 11.03 second sequences eleven minutes into the seventh episode so no one who bums it from you would ever even see the info flick by (avoid any scene emphasizing Louis boobs some people go for that sort of thing), and you still get busted because some under achiever at the DHS actually has talent and notices that you have an obsession with prime numbers.

|8.28.09 @ 11:42AM|#

You need permission to export any cryptographic system, the software or hardware that performs the encryption.

So if you are attempting to leave the country with encryption software on your laptop, you're a terrorist spy. I feel safer, already.

|8.28.09 @ 11:43AM|#

Yup. It's not even security theatre, it's a straight up fishing expedition. I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it.

The fact that there's this enormous back door (why would you put anything on a laptop you're traveling with when you can just get to it through a VPN anywhere in the world) is the proof that the whole thing is either implemented by IT idiots or is just an excuse for a fishing expedition. It's clearly not intended to find terrorists or protect the country.

T|8.28.09 @ 11:46AM|#

Encryption technology is still considered munitions by the US. You need permission to export any cryptographic system, the software or hardware that performs the encryption. Keys are usually generated during the use of a cryptosystem not a part of the system itself.

Didn't the whole PGP case blow that argument to shreds? Yeah, the compiled software is tech but the source is protected under the 1st amendment.

T|8.28.09 @ 11:51AM|#

alan,

Read this for the full explanation of the hidden volume concept.

And yes, I'm this paranoid most days of the year. My wife is never going to find everything if I die unexpectedly. I suppose I should make some arrangements for that eventuality.

|8.28.09 @ 11:53AM|#

While the policy is reprehensible and (IMHO) unconstitutional, it's damn near trivial to avoid running afoul of it if you know it's there.

We're talking at cross-purposes. I understand how to encrypt and protect data. My point was very simple: if I take my super-expensive 1080p/Blu-ray/802.11n multimedia laptop through a border check, and for any reason they decide to confiscate it for a check, I am fucked. The same applies to anyone who tends to live and work off of a single primary laptop. Like a guy going through customs with a MacBook Air that he does everything on, and having them say "this looks weird, we might have to confiscate it" (this actually happened).

Encrypt, don't encrypt, whatever. But I would never take a laptop I cared about through a border check.

Meta4|8.28.09 @ 11:54AM|#

"I know several companies that will not let employees travel out of the country with laptops anymore because of it. They do internet file transfers or ship the laptops to the destination to avoid it."

That's how it is where I work.

Meta4|8.28.09 @ 11:55AM|#

BTW, for some reason, the nine-year-old riding the subway link won't let me post.

jtuf|8.28.09 @ 12:05PM|#

Yes, I suppose that we will occasionally get the one in a million shot of the guy who has Osama Bin Ladin's satillite phone number in his contract list. But to get that one guy we have to violate the privacy of millions of people. It is hardly worth it.

I am very tempted to buy an address book, write "Al Qaeda Contacts" on the cover, and then take the train to Montreal with it hanging from my neck in clear view.

T|8.28.09 @ 12:09PM|#

My point was very simple: if I take my super-expensive 1080p/Blu-ray/802.11n multimedia laptop through a border check, and for any reason they decide to confiscate it for a check, I am fucked.

True enough. Most of my travel is business, and when this policy became public last year I told my boss I wasn't fighting with DHS over the company's laptop. DHS wants it, they can have it. I'd probably feel differently if I had a nice personal laptop, but my Acer netbook verges on being disposable.

|8.28.09 @ 12:12PM|#

BTW, for some reason, the nine-year-old riding the subway link won't let me post.

Terrorist!

alan|8.28.09 @ 12:12PM|#

T.,

I would be careful about relying on encryption, further into the link you provided, it doesn't sound like it would be that difficult to get at the secondary volume if you are looking for it which is likely SOP for The Man, given the public availability of this info:

Note: When you enter a pre-boot authentication password, the TrueCrypt Boot Loader first attempts to decrypt (using the entered password) the last 512 bytes of the first logical track of the system drive (where encrypted master key data for non-hidden encrypted system partitions/drives are normally stored). If it fails and if there is a partition behind the boot partition, the TrueCrypt Boot Loader (even if there is actually no hidden volume on the drive) automatically tries to decrypt (using the same entered password again) the area of the first partition behind the boot partition where the encrypted header of a possible hidden volume might be stored. Note that TrueCrypt never knows if there is a hidden volume in advance (the hidden volume header cannot be identified, as it appears to consist entirely of random data). If the header is successfully decrypted (for information on how TrueCrypt determines that it was successfully decrypted, see the section Encryption Scheme), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset). For further technical details, see the section Encryption Scheme in the chapter Technical Details.

|8.28.09 @ 12:15PM|#

jtuf,

How about forming an informal social club and call it Al Qaeda? We could then give out "Al Quada" ID cards and honoray postions. You could be "Al Quada Communications Director" and I could be "Director of Munitions and Chemical Supplies" and so forth. And every member gets a embossed leather day book marked "Al Quada Contacts" with a complete listing of all members, positions and phone numbers. And we will call quarterly meetings and label them "blowups". That way everyone can have a day book with "September 13, 2009, Al Quada Blowup in Las Vegas marked in the day book.

T|8.28.09 @ 12:22PM|#

alan,

How does that make it easier to find? They'd have to have the hidden volume password in the first place. The boot loader is going to execute the same sequence whether or not there's a hidden volume. Given true crypt uses a 256 bit key, a brute force attack isn't feasible to do on every laptop that comes across the border.

alan|8.28.09 @ 12:24PM|#

Yet another reason bipartisanship needs to be stabbed right in the middle of its mangled, octogenarian eye

alan|8.28.09 @ 12:31PM|#

The boot loader is going to execute the same sequence whether or not there's a hidden volume. Given true crypt uses a 256 bit key, a brute force attack isn't feasible to do on every laptop that comes across the border.

TrueCrypt is open source, how difficult would it be to write a version that follows a different protocol to read out the volume?

T|8.28.09 @ 12:37PM|#

TrueCrypt is open source, how difficult would it be to write a version that follows a different protocol to read out the volume?

Huh? You can use any program, but the algorithm and the key have to be the same. No key, no decrypt, practically speaking.

alan|8.28.09 @ 12:40PM|#

I should have said 'spit out the volume'. It would still be encrypted but not be mistaken for random noise.

JB|8.28.09 @ 12:44PM|#

So Reason writers and commenters, still want to worship that Obama cock?

This fucker is just like Bush except that he is so much worse and has a deficit 4x as large.

Fuck Obama and fuck all of you that supported him.

Doug|8.28.09 @ 12:46PM|#

One word: virtualization. Virtualize your machine then do a clean OS install. Move your virtual machine off the physical machine when you cross the border. Piece of cake.

|8.28.09 @ 1:06PM|#

Posts like this are when I really miss joe.

|8.28.09 @ 1:16PM|#

This is why tourism to the US has dropped 18%.

What percentage of major international conferences now take place on US soil? zero.

Here in Canada, most teenagers take their first trip to Europe, not the United States. We're worried about being "disappeared" in transit and sent to some Syrian prison for torture.

Mikey|8.28.09 @ 1:18PM|#

The only time I've ever been hassled about my laptop was when I was entering Canada. Germany, no problem; USA, no problem; Canada, some dude with a protective vest and rather large machine gun wanted to know an awful lot about my laptop (personally owned or company owned? can my employer view it? do I have movies on it? etc).

They didn't take it, but geeze, what a hassle.

Solanum|8.28.09 @ 1:19PM|#

Posts like this are when I really miss joe.

Posts like this are exactly why joe isn't here anymore. Good riddance.

|8.28.09 @ 1:37PM|#

Here in Canada, most teenagers take their first trip to Europe, not the United States. We're worried about being "disappeared" in transit and sent to some Syrian prison for torture.

Thats a pretty ridiculous statement. Most teenagers spend thousands of dollars on their first trip to go to Europe rather than the couple hundred bucks it would take to go anywhere in the US? I doubt it. Maybe if you said Mexico or something for spring break, but Europe? gimme a break.

|8.28.09 @ 1:49PM|#

A scenario I've always envisioned, whilst going through an airport security checkpoint:

TSA guy: Sir, could you please open up and turn on your laptop.

Me: Sure. I just need to see evidence of your current Secret clearance.

TSA guy: ...

Me: Sorry. I'd be violating UCMJ if I did that then, and then you could be arrested as a spy.

TSA guy: ...

Alas, I deleted all that stuff (like I was supposed to) when I left the army.

Ebeneezer Scrooge|8.28.09 @ 2:21PM|#

At one point, I believe, the government was trying to force anybody who makes a commercial encryption system to give them the key; what happened with that?

Whatever the final deal that was cut --er imposed? would they do that? -- there is a reason why I don't use encryption software from US sources.

Ebeneezer Scrooge|8.28.09 @ 2:22PM|#

btw, pgp is at least as obtuse to use as ever. But I wouldn't trust it for anything I cared about.

|8.28.09 @ 2:25PM|#

Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States.

That's crap, since it's trivial to get whatever you need via a secure internet connection at your destination.

If it's true that they only searched 46 laptops last year (from an earlier comment) then this tells me that they're not "screening materials," they're searching the belongings of somebody they already think is sketchy for whatever reason. If that's the case, then why the need for the "at will" policy?

If the real goal here is to find kiddie porn, then this seems like a horribly inefficient way of going about it...

Paul|8.28.09 @ 2:36PM|#

http://www.truecrypt.org/

Kilroy, nice try, except law enforcement can jail your ass if you don't hand over the key.

Nope, the only way is to have dead-man's data destruction. If you don't put in the right password, a background task starts a secure delete on anything you want gone.

I swear all those models are over 18.

Paul|8.28.09 @ 2:40PM|#

What percentage of those "46 laptops" they searched turned up with terrorists or contraband porn?

JB|8.28.09 @ 3:33PM|#

I went through customs coming back from Amsterdam and I was the only person from my flight that was pulled aside for a thorough luggage search. I was well-dressed, but mid 20s guy coming back from Amsterdam.

I had leftover European funny money and I spent the last of it on a few porno magazines at the airport. Customs dude flips through them and says "All normal. No kids or animals."

The one time I was traveling with porn and the one time I've been searched at customs. I think my main thought was "Good. Better them search me than the person who brought pot with them."

Paul|8.28.09 @ 3:42PM|#

"All normal. No kids or animals."

It's my understanding that when one goes in to Amsterdam, they'll check to make sure you only have kids or animals, and anything normal will be confiscated.

|8.28.09 @ 4:32PM|#

@ T:

Just like every other government agency, if they've decided to fuck with you hard enough, you're hosed. They'll just snatch the box and you're screwed.

Ok, someone really needs to get laid this weekend...