Slashdot Mirror
The Failing Right of Laptop Privacy
davidwr writes "Wired has an interesting editorial on laptop searches and seizures. It raises some interesting issues, including employee rights against police searches in the workplace, routine vs. non-routine searches at ports of entry, and police use of unrelated data found in a database search. The article ends saying: 'Of course, there's a chance that the courts will not recognize the different scope of privacy interests at stake in computer searches, or will not be adept at crafting a rule that gives enough leeway and guidance to law enforcement, while also protecting privacy. At that point, the Constitution may fail us, and we will have to turn to Congress to create rules that are better adapted for the information age.'"
The constitution certainly left the building back in the age of the new deal, possibly even as early as aliens and sedition.
When the day comes that the Constitution can no longer protect us in the information age, we have a Congress actually interested and willing to step in on behalf of the people.
Message contains 1 attachment: spam.gif
"we will have to turn to Congress to create rules that are better adapted for the information age.'"
Turn to congress for help in protecting our liberties? Haha, that's a good one. He must be new here.
...encryption.
TrueCrypt or PGPDisk or....
So keep your sensitive personal data on a server at home, where the protections against warrantless search and seizure are more clearly defined, and take with you on your laptop only what you need. Also there are all sorts of ways to remotely access your at-home data securely (DNS Forwarder/VPN, etc). That way your data is there when YOU need it and not sitting on your portable when you are crossing borders or sitting in your employer's office.
I have made it quite clear to contractors that their laptops will be subject to scrutiny prior to their being permitted to access our corporate LAN, as well there my be periodic spot-checks, especially if I suspect that a laptop might have become infected with something nasty.
You're using her as bait, Master!
Disk encryption. You can get TrueCrypt for free and encrypt a partition with a hidden partition inside. Keep it on a USB drive or external hard drive. See you in about five years after the NSA's supercomputer has been trying to decrypt it.
Of course, in the US today they'll probably just disappear you to GITMO while they work on it.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
It doesn't matter if you're worried about a snooping government, script kiddies, nosy roommates or family members, or anybody else you don't want looking at your data. In this day and age, there really is no substitute for encryption, and there's also really no excuse to not be using it, given the amount of options (many of them free, as in speech and beer) available today. There's no reason to leave things like tax returns, sensitive work projects, etc. sitting out in the open.
One of the best things that I've done recently is to wipe and randomize a 40-gig partition on one of my drives and set up a 256-bit AES-encrypted ext3 filesystem. Unless I enter my lengthy passphrase, there is no way to mount the volume, much less look at its contents. Barring some unforseen weakness in AES, this is now data that nobody but me will ever see (unless I do something silly like forget to unmount it).
It is, in many ways, a brave new world, but people need to know that there are things they can do to protect themselves. This, of course, is not news to the Slashdot crowd, but it is something that the less-clueful public needs to hear about.
We're going down, in a spiral to the ground
or will not be adept at crafting a rule that gives enough leeway and guidance to law enforcement
A perfectly good non-electronic equivalent situation already exists: Personal diaries.
Would the readily-apparent evidence suffice to justify confiscating and reading someone's diary?
If not, then stay the hell away from my laptop.
My airport must really not like me. They not only said, "take your laptop out of its bag", they decided to say "turn it on". I did, flipped to FreeBSD, and as soon as they saw a command prompt they called in the dogs.
"At that point, the Constitution may fail us, and we will have to turn to Congress to create rules that are better adapted for the information age."
Is it possible to mod the article +1 Funny?
wow, can she whine any more? Laptop is owned by her employer... It was bought for her use, NOT for her as a personal item. So now she gets her panties in a bunch when she realizes her employer has the right to do whatever they want with that computer. Guess what, it is theirs! Just because you scattered your useless garbage all over the HD doesn't make it yours. If you want privacy, buy a personal laptop, and then it becomes much, much harder for someone to take a look at it.
Here is someone who could easily afford their own computer. She should keep her private data on her own computer, not her work computer. What's so hard to understand about that?
Even if her own computer is too expensive for her, how much does a USB key cost these days? Combined with Firefox Portable and Thunderbird Portable (and others) this provides a simple and elegant solution.
The real "Libtards" are the Libertarians!
Living document? Constitution? What are you trying to hide? You must be a terrorist if you are trying to hide behind the constitution.
If you had nothing to hide, you'd have no qualms about us inspecting your computers, listening on your phone calls, and being searched when we feel like it.
What are you trying to hide?
Fight Spammers!
At that point, the Constitution may fail us, and we will have to turn to Congress to create rules that are better adapted for the information age.
... I'd not hold your breath. When they passed the DMCA and the Patriot Act I lost all hope of Congress ever being willing or able to legislate us out of this mess, given that they're most of the reason that we're in it.
Nonsense. The Constitution hasn't "failed us", it is our commitment to honoring its provisions that has wavered. The Constitution is just as relevant and meaningful now as it was two centuries ago. Furthermore, I would argue that it is more important than ever that we observe Constitutional law and hold our elected (and unelected!) officials accountable for their deviances from it.
So far as Congress crafting better rules for the Information Age is concerned
The higher the technology, the sharper that two-edged sword.
He references a Court Decision in regards to an employee's expectation of privacy on the employers computer in which the court determined that the hardware was owned by the employer and provided for the employees use to the employers benefit. That's right the company owned the computer and the employee used it to fulfill their day2day job duties. During an internal investigation of either a harasment or other issue, they discovered the emoployee had downloaded and saved porn on their computer and fired them.
Idiot sued (damn lawyers) and the courts ruled that the employee had no expectation of privacy on the computer becuase it was provided by the company for the companies benefit, not theirs.
Now where the article is flat wrong is the statement that the police could then just walk in and begin searching a companies computers without a warrant. BUZZ Flat wrong as the computers belong to the company and it has just as much protection under the search&seizure rules as you and me. Simply put, for the police to search a companies computers, they damn well better have a warrant or you'll have every corporation telling the Cheif and Judge you idiots, you're out of office because we can't trust you to protect us as you're supposed to. That's right the political fallout would kill any officers carreer and a judge that allowed any of that information to be admitted into a courtroom would be out the door and disbarred for the same reason.
Would the readily-apparent evidence suffice to justify confiscating and reading someone's diary?
The airport case in question, you are screwed. The courts reasoned that searches at airports are routine, so just about anything goes. They should be ashamed of themselves. Until they come to their senses, I suggest you keep your diary, paper or electronic at home. The electronic one is easier to access, but you better move it around by ground transport.
Friends don't help friends install M$ junk.
1) password strength is important (and used only 1 thing)
2) If they can HEAR you type it, they can guess it
3) They can install a keyloggers of many kinds
4) ENCRYPT YOUR SWAP FILE-- don't assume that memory is locked
5) Encrypted swap implementation has to properly handle the keys
6) You must be in control of the information, 3rd parties can give into probable cause
7) Using a rare filesystem has gotten people off in some cases
8) Beware of wireless keyboards
9) Some forms of security without government back doors may become a crime in the future. (I watched CSPAN in the late 90s it came up more than you think.)
10) Obstruction charges for not unlocking it for them will become common.
11) Flash RAM can't be securely wiped from what I've read
12) RAM leaves traces. The longer data stays the more "burned" in the traces are for that data.
13) Nobody is thinking about planting "evidence." Fine encrypt your drive, I can plant jpegs on a different mount point, browser cache, the company servers.
14) Nobody things about identity security when they are reasonably anonymous. User cje posted a bunch of "evidence" online from the library trying to hide his tracks...
15) IT guy can use access to do just about anything. Its probably been done but nobody caught them so it didn't make the news.
Feeling any safer?
Democracy Now! - uncensored, anti-establishment news
> I see the skin as a natural barrier, and would prefer to go Amish rather than be some ghoulish cyborg
Seconded.
You two both misspelled "totally awesome and sweet." You might consider a spelling-and-grammar implant.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
With TPM, I won't have the keys to at least one section of my own computer's hard drive. Trusted computing at its finest.
This "ghoulish cyborg" thing you speak of...
:P
Does this give me the ability to shoot lasers out of my eyes?
Or at least the ability to at least surf naughty websites wirelessly without the need for a laptop?
I dunno, I might go for it. I let things get under my skin all the time anyway
My laptop computer was purchased by Stanford, but my whole life is stored on it. ...
In short, my computer is my most private possession. I have other things that are more dear, but no one item could tell you more about me than this machine.
In short: you're an idiot and are abusing company property to meet your own personal demands. The company didn't provide you with that laptop to store your own personal life on it, the idea behind it was actually to make you more mobile while still having the access and means to do your work. Nothing more, nothing less.
You're also one of those idiots who comes crying to his sysadmin when things suddenly don't work anymore and I, the sysadmin, gets to go through a lot of utter shit which simply shouldn't have been installed on that laptop in the first place! My team quickly found a simple remedy for all that though; we convinced the management board to get 1 brand of laptops and try to keep things decently alike. Company policy: synchronize your laptop with the company network before giving it to us to do maintenance. That process only syncs the company data. And we fix things by simply restoring a pre-made image. Then we sync the new laptop with the userprofile on the network and all is back to normal. Except the junk the user put on it ofcourse.
Sure we've had a few complaints from people just like you. To which our question has always been: "Why do you think you got that laptop? Answer: To keep the data which is currently on it, the company doesn't give a hoot about your kid photo's. We don't mind you store it on the laptop, but don't come crying to us that they're now gone. Has it ever occured to you that you could have gotten a laptop or computer of your own for that stuff?". Harsh? Yes. And in all honosty I do feel sorry for this particular employee. But if we're not harsh then what'll be next? "could you please look at my laptop, for some reason doomIII doesn't work and I need that to relief some stress in the weekends". Give me a fucking break....
So, to put it simple: when I, the sysadmin responsible for that laptop of yours, am allowed to speak on behalf of the company and grant the goverment access to that laptop then you really have nothing to complain about. Its not yours. In this context, technically speaking, its mine.
Every time you talk rights with a US citizen they bash the Europeans for having no constitution which protects them... Well how does that do any good when the US government simply circumvents the constitution? Isn't it illegal, with the DMCA and all, to circumvent stuff? :-)
Well, out of the Bill of Rights, Amendments 1, 7, and 8 make absolute statements prohibiting certain acts of Congress (e.g. "Congress shall make no law..."); Amendments 2, 4, 9, and 10 refer to "the people" which could mean all people or 'the people of the United States' (i.e., citizens); and Amendments 5 and 6 use language referring to "no person" or "the accused," which can only mean that they apply to all people, not just citizens. (And for completeness, Amendment 3 would only be relevant for people who owned property in the US.)
The relevant Amendment in this situation, the 4th, is one of those that refer to "the people:"
In my opinion, that ought to cover non-citizens too, but I'm not a Supreme Court Justice. Take from that what you will.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Why bother with naughty websites when, if you're implanting stuff anyway, you could just put in an artificial gland that would release endorphins (or whatever) on command?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
1 - Separate work and private laptops
I carry mine to work and don't plug it into the network
I don't use the work machine for any internet searches, I use my laptop through cell card
2 - Separate your data sets
Carry your sensitive data on something other than laptop
I carry mine on a CD, they can't call that a bomb
3 - If they want to search it...
Ask "What exactly are you looking for?" and write down the answer!
If they say its just a routine inspection let them look, don't let them open files
If they want to see a file ask for the warrant
If they insist ask (don't) demand to see a supervisor
4 - Be nice, calm, and ask the supervisor to witness
Any search (with understanding you are under protest) as there is no warrant.
Ask the supervisor for a full accounting of all files opened/accessed prior to boot/power on
(this is critical as they cant log all files accessed during boot)
5 - Best of all, don't give them a reason to search it
-- I am the NRA, enough said...
before someone beats me to it (unless it has already happened).... Truecrypt hidden volumes? I doubt that the average airline security thug knows enough about the method to find anything, and one could always encrypt practically everything on the drive regardless of whether one had anything to hide - it's the principle of it! When Congress and the Constitution fail to protect digital privacy, perhaps it is better to take matters into one's own hands.
quia potentia mens mentis
My laptop computer was purchased by Stanford, but my whole life is stored on it. [...] In short, my computer is my most private possession.
If your most private possession is owned by someone else, the police are not even close to your worst worry.
First, there are several new cases that suggest that agents can search computers at the border
No, that's not accurate. The cases state that agents may make a search a requirement for crossing the border with the computer. You have the right to refuse the search and ship the computer back the way you came.
Second, a recent case in the 9th U.S. Circuit Court of Appeals has held that private employees have no reasonable expectation of privacy
This has been true since the country's inception. Nor is it difficult to understand: Its not the employee's office or the employee's computer. They're not even under contract to you the way an apartment or hotel room would be. These things belong to the employer and the employer has a right to grant a warrantless search of its posessions just as you have the right to permit the police to search your house if you so choose.
The employer also has a right to refuse a warrantless search, you as you would of your posessions. The difference is: why would the employer want to? If you're breaking the law at work, they want to know about it just as much as the police do.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Did anyone else notice the lack of understanding of the separation of powers here?
The court's job is to interpret the laws. The Congress' job is to make the laws. The executive branch enforces them. The court should not be "crafting rules". Their job is to determine whether or not the executive branch (read: cops) violated the law. This sets precedence for further legal cases, but does NOT create new rules (read: laws).
Freakin' activist judges are part of the problem, not the solution.
Other than this text, there is no discernible information contained in this sig.
And you've been mislead by the media into thinking that judges aren't supposed to make law. In fact, in a common law system, that is part of a judge's job and has been since before the U.S. was founded.
I am not a lawyer. This post does not constitute any form of legal advice.
The overwhelming response of the sysadmins, and many others, is, it's the employer's computer, therefore everything on it is available to the employer (ie. no expectation of privacy as confirmed by 9th Circuit). But there is another perspective that might be reasonably argued (Of course, IANAL; I am a media theory researcher and prof).
If we consider that electronic stuff (hardware, software and data) as containers within containers, the hardware might be owned by the employer, and the employer might have a right to see what containers are placed on the hardware. However, many of those containers (files) might contain so-called intellectual property that belongs to the person herself. The employer has no right to that (leaving aside, for the moment, contracts in which the individual stupidly gives all IP rights to the employer, even for private, non-work-related, non-compensated creations). The mere fact of physical location does not give the employer the right of unwarranted search. For example, the person's purse happens to be located in the desk drawer of the employer-supplied desk, within the employer's office. The employer does not have the right to search the purse, nor take possession of its contents. By analogy, I would argue that the content of personal data files (not necessarily the wrapper that is the file structure itself) is off-limits to the employer.
In short: the employer has the right (according to court ruling) to see the files on their property, but not necessarily the file content. The courts have not distinguished among respective ownerships of the hardware, the data structures, and the data contents. This distinction is something that will eventually be tested in court, I expect.
Like other posters, I agree that the employer could demand immediate return of the laptop and the individual would lose all of her personal information, and therefore the person must assume that risk of loss, encryption or no encryption. And I use my own laptop for my work - the employer does not have the right to access my machine. If they want my work (which they do) they agree to my terms. Every so often I hear the dire warning of the IT department about not providing me support. But then again, I've had occasion to fix some of the messes on other users' computers that were "supported" by the IT department.
What you've got here is a deliberate attempt to muddy the waters of searching laptops... they're arguing is that you shouldn't worry about your work laptop being searched because it's not yours, and usually work disallows you from putting private data on there anyway. There's two problems with that. First, if it's a work laptop the TSA is searching, YOU are not the owner, especially if you are following the rules, what would you do with an encrypted volume or such work put on there to keep your email or company financial data private if your laptop was stolen? The second fallacy is that the TSA is saying if it's not your "work" laptop you somehow shouldn't be traveling with personal private data... that's the biggest form of bullshit ever. It's the whole "you incriminate yourself" by brining private material into a public place that's going on more and more lately... and that is 10 ways from wrong.. The founding fathers clearly knew what they wrote, in 1776 you would take crates of personal stuff along on trips.. often guys like George Washington or Ben Franklin were away from their homes on travel for MONTHS at a time... personal property is just that...personal... demanding that it remain personal is not some "license" to perform a search because you ask they not look there... that's exactly what unreasonable search is.. especially when the search is unrequested in a public place.