Slashdot Mirror
Securing Your Notebook Against US Customs
Nethemas the Great points out a piece from Bruce Schneier running in the UK's Guardian newspaper with some tips for international travelers on securing notebook computers for border crossings. A taste of the brief article:
"Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. ... Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."
Set up a Windows partition and a Linux partition, set it to boot to Windows by default, keep all your data on the Linux partition. How well would that work, I wonder.
...that your desktop is the Goatse guy and you have 14 videos of horse porn set to auto-play the moment your laptop gets opened. If you're going to snoop through my stuff in public, then the whole terminal is gonna get their money's worth, you fascist bully-boys.
http://www.truecrypt.org/
* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire partition or storage device such as USB flash drive or hard drive.
* Encrypts a partition or drive where Windows is installed (pre-boot authentication).
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography â" more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Make a folder called "Terror Plans" and fill it with images of cute, cuddly kittens.
FOXTROT UNIFORM CHARLIE KILO
Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country.
... keep it for several days.
As they should be able to. Any sovereign nation has the right to control who and what enters the country.
They can
No, that would be seizing it. They need a reason to seize it. Customs can search without cause, but they cannot seize things without cause.
The border agent is likely to start this whole process with a 'please type in your password.' Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day."
Not entering your password is not grounds to refuse you entry into the country. On the other hand, lying to US customs IS grounds to ban you from entering the USA for five years.
I got it in my biweekly dose of Cryptogram and found it disheartening. The GOD of security says: all you can do is make sure they wont find anything that will mess you up.
The sad thing is that citizens think this idiotic idea of checking laptops at airports serve any kind of law enforcement objective other than generalized panic and further diminishment of democratic values such as the right to privacy.
This is your government fucking people up (and "people" can be foreigners or locals entering the country), attempting to find in informations traces of delincuent activity that, if youre a two bit moron you know you can save it anyhow, in a mostly anonymous fashion on google's, yahoo's or microsoft's servers for free, and any number of services that are available today.
True criminals simply have huge botnets and hidden servers behind the huge pr0n/spam nets and they DO NOT carry incriminating evidence with them and EVEN IF THEY DID, how in hell is a custom's agent going to find them?
I mean, i have a better solution than that of bruce: change your initab so initdefault is 3, make sure that that level does NOT turn on the wifi card or any networking at all, change your shell to ASH (hopefully temporarilly) and let them have the root password, who cares.... good luck, mister customs agent.
NO SIG
The downsides? You probably won't be able to work in the airplane, but is it worth it now that the Customs are being so much trouble?
It's actually because I need to load a device management driver that overrides the BIOS data for the hard disk, but it may actually be worth it for them to try to fiddle around at the MS-DOS prompt...
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I can't recall the name right now but one of the disk encryption utilities creates a dummy encrypted zone for just such a purpose. You make two passwords. The real one gets you your real encrypted data. And another one for entering under "duress" gets you your dummy files. They're both stored in the same encrypted space, one looks like random noise to the other, and supposedly nobody can tell they're both there. Anybody know which utility that was?
I quit flying a couple years ago after being repeatedly hassled by TSA troglodytes. Looks like I may never get to fly again. Maybe if enough of us stop flying, the airline industry will set its lobbyists to get this fixed. Chances are slim though. Why lobby to get your customers back when you can just lobby for handouts?
That is what TrueCrypt is for (but don't encrypt the entire drive). Just encrypt what needs encryptin'. Set up an encrypted volume with a shadow volume inside a regular file. Call it something that looks like a system file like MSDOS.SYS or DBLSPACE.BIN or something. (That would explain the unusually large size of the file.)
So first, they would have to know you even have something encrypted (which is just a guess if they see TrueCrypt installed). Then they'd have to know what/which files was/were encrypted (which can't be determined by examining the file). Then they'd have to ask you to mount the volume and provide the password (at which time you then provide the shadow volume password, which only contains innocuous files).
I can't be the only dummy to figure that out.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
Can customs officials refuse entry to an American Citizen? Can they banish me for refusing to divulge my password?
Maybe depending on the amount of data you have you could store it onto a CF/SD card and put it into your camera? There has to some way of storing the data on the memory card so that the camera will not see those files but still leave enough space to take a few shots of the customs agents.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
They can also image your drive. As Bruce says, the easiest way to avoid this is to not have your data on your laptop. Put it on something else.
You can bet that before I type my password for a customs agent, I'm going to talk to my company's legal department. And I'll wait in the customs office as long as it takes. Or simply forfeit the laptop and put it in the trash.
The IP on my laptop is easily worth 10x more than the value of the laptop itself.
--
$tar -xvf
Imagine the pre-computer days, when the customs could stop you, do a naked search and go through all your papers without any passwords. What could you do at that time? Just do not take the sensitive papers with you or mail them with certified mail.
I think there is no difference now. Email your files and do not put them on your laptop. That is what TFA is basically saying too.
So, IMHO, complains here won't work. The only problem that travelers have with laptop/cellphone search is inconvenience (since everybody is used to store all your files on your hard drive), but otherwise it is not any bit less legal than it was before the laptop era. And inconvenience is not any concern for authorities at all. So consider your laptop to be your briefcase and just not put any documents there that you don't want custom officers to see. End of story.
Having returned from my second trip to China, I still find it amazing that it is easier for me, as a foreigner, to enter China than it is for me, as a US citizen (born a US citizen to parents who were US citizens, etc.) to enter the US after a trip abroad.
I just pretty much walked right through in China - I handed them the entry form (one half of the two part form - the other half you give them when you leave) and they waved me through. Customs in China did not even ask to see my laptop, never mind read files or anything like that.
On returning to the US at Detroit International, I was given the 3rd degree by US Customs agents, and I'm a US Citizen. "How long were you in China?" (as if he couldn't tell by the side-by side entry/departure stamps in my passport) "What were you doing there?" (visiting friends) "What do these friends do for a living?" (A couple of college professors and a financial analyst)
This happened on both of my trips.
And I noticed that they were doing this to EVERYONE, not just me. (The plane had several hundred people on it.) I'd hate to see what they were doing to Chinese citizens entering the US.
I hope they realize that they are going to scare businesses away from the US if they keep this up.
I find it somewhat ironic that the captcha for this post is "undergo".
Just to spare the speculation, etc: I'm caucasian, of Western European descent, so no, I don't look "Middleastern" or "Asian" or anything else. Just your typical "white male".
Some of today's higher end laptops have easily removable Hard Drives (some multiple drives). It shouldn't take more than a minute or two to replace a functional secondary HD for Customs, and have the other drive tucked into your bag.
Though, they'll probably protest the phillips driver you'll have to carry to accomplish this, because you know that is a dangerous weapon.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
You see? You see? Your stupid minds! Stupid! Stupid!
No doubt they just install a rootkit/keylogger on your box after ripping your HD so after you leave their rootkit calls back and gives them your truecrypt passwords. Don't use a laptop you've lost sight of.
What is it with layered approaches? Is it because it works from cakes to network security?
Yes it's wrong to buck the system and cause trouble for other people.
However, I advocate cooperation simply because conniption causes more porblems than it solves. I would protest this however I could, legally, by picketing or voting or radio station callins.
Just because it's wrong to buck a system doesn't make the system right.
We have a bill of rights for a reason, and getting all panicky and security crazed is just going to let someone powerful step in and take over.
If you give up your freedom, you invite a tyrant. Trusting the government to do everything right only works with saints, which humans most definitely aren't. It's why we have checks and balances.
Have all your US and overseas clients meet each other in Toronto, Vancouver or anywhere in Canada for that matter.
Undetectable Steganography? Yep, there's an app fo
That's cromulent.
Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain
My Mobile phone has a 4Gb flash card the size of my little fingernail. If I had any files that I didn't want customs to see I'd keep them on there and hide it somewhere they'd never find it. Come to think of it I'd probably never find it once I got there. :)
There are a couple of ways to hide your data; one is to have two Truecrypt volumes, one hidden and one standard. This is easy, but it still lets the customs agent know you are using Truecrypt. This may not be a problem in the US (right now) but what about other countries where simply knowing about a program like Truecrypt could look suspicious?
This post on the Truecrypt forums describes a way to install two OSes, one for show, and one hidden. Unless there is a Truecrypt rescue CD or bootable USB thumbdrive inserted the system will boot to a normal Windows desktop. This method would hold up to any casual sort of inspection, such as those customs agents carry out dozens of times per day. There are a couple of traces that would need to be removed in order to actually have "plausible deniability", but to me not having the questions asked in the first place is preferable to being able to deny one of the potential answers.
It's sad that you might need to do things like this, but there are often technological solutions to social problems.
"He's more machine now than man, twisted and evil."
Your comment implies that the government and its representatives are infinitely kind and benevolent. That is not so. There is but one step from arbitrary airport search to Guantanamo. This is Slashdot. Government is evil.
The problem is that it is plan and simple grab to take away our rights under the 4th amendment without any probably cause or do process.
Not to mention that it does NOTHING to improve the security of our borders.
And it is seemingly becoming the new standard by which TSA agents get laptops for friends and family members. Confiscate the laptop, telling the poor smuck that it will be returned shortly after the disk is cloned for professional examination. Voila, laptop never comes back.. lots of cases and complaints on file of this particular situation.
Things like privacy are sacred to some people, and unimportant to others. People who advocate that they have nothing to hide is all well for them, however it does not apply to every single person in the world.
And it does not necessarily have to be work related, or something proprietary that can be stolen and sold for cash. Perhaps it is embarassing information on the person, private pictures of family, or something else that is legal and legitimate to keep private. If you have no problem forceing big brother on yourself, that is ok. That just doesn't work for everybody...
Those who live by the sword, get shot by those who live by the gun...
Dude, Sandra Bullock can crack that.
So can Tom Cruise, and that's without invoking Xenu.
FAIL.
An even better approach would be to have just a Windows partition. Then do your real work under Linux by booting from a memory stick. If you want to get really paranoid, you could keep all of your sensitive data on a separate, encrypted memory stick, camera memory card ("hidden" in your camera), phone memory card ("hidden" in your phone), etc.
Of course, you should go ahead and do some unimportant work under Windows. Play games, surf the net (safe, unimportant web sites, only, of course), keep your golf scores, etc. That way, if somebody ever does search your laptop, it won't look like a system that's just been wiped to avoid generating any evidence.
There's no point in questioning authority if you aren't going to listen to the answers.
Thats clearly a big NO for myself.
IE if I true crypt a partition, I know it will be (within all reason) safe from "offline attack" like a imaged drive. So if the agent doesn't ask, and just snoops or copies this is not helpful to them. If the agent simply asks, do you have any encrypted data, and show me all of it. Assuming your not willing to commit a felony (granted a nearly impossible felony to prove), the you have limited options not really helped by true-crypt, over just a encrypted file. IE you can either say No, in a nice way like, "I have to talk to my company lawyer for permission" or give it up.
swapping laptops helps the second person the most, cause their not telling a lie when they state either, "not that I know of" or "it's my company's equipment not mine, I cannot access anything more than..." Since the guy with the password is "in the clear" since challenges to him have to fall under the full US constitution. If the guy with the password is standing behind you, well...
My own opinions on your blinkeredness shall remain unsaid. I'm sure you can guess them.
First, I'm not American. I have visited but these incidents literally remove the country from the list of viable or "safe" foreign countries I could travel to.
"I carry corporate source, designs and some customer data on my laptop. Yes, it would be a problem if it were made public. I encrypt it, but do not hide it. I see no reason that a border guard, a TSA guard or even the (whisper) NSA would choose to give it to a competitor if they had it."
-Several thousand dollars.
- Industrial espionage.
Even in the UK, some staff at airports have been caught selling on items stolen from baggage, there's nothing to stop a corrupt official doing so. By giving them to ability and "legitimate" reason to search ANY laptop for ANY reason, it's inviting problems.
- A letter from Microsoft offering a reward for non-licensed or pirate software.
- Anything that could accidentally tag you as a terrorist.
Customs officer browsing through my web history: You read wikileaks lately? We'll have that as evidence of, in your own words, being an anarchist.
- THIS POST. Say I took a laptop with a copy of my posting history to slashdot to the US... they could EASILY use this very post against me. Evidence of "wanting to avoid customs" or some such rubbish.
"What's the problem here? Is this a matter of principle or is there something to hide?"
Neither. It's my data. You have no right to go through it without reasonable suspicion FIRST. And then in a certified, supervised way to ensure you keep within your stated use of the data. No other civilised country in the world currently does this and the UK has been dealing with terrorism for FAR, FAR longer than the US has (a UK airport security expert was told that he was "being paranoid" before 9/11 when he visited a US airport and complained about their lax security - within days he was on BBC News recounting the tale because 9/11 happened).
My workplace cannot even throw a hard drive out with having it professionally destroyed, whether it's been exposed to confidential data or not. What makes you think I can let a customs officer copy it without MASSIVE assurances of everywhere the data could end up? The chances are I'd be in a questioning room while all the copying was going on.
"Consider how important your data is to a customs official. News flash: I'd bet a lot that they don't give a rat's ass what you've got, as long as it's not illegal. If it's illegal, then the problem is totally different and you have no right to complain about it."
Define illegal. I think you'll find it depends on jurisdiction, for a start, and includes such things as data protection laws. This is the problem.
As a business, I would be required to NOT TAKE SOME DATA into the US because of this - UK and EU data protection laws means that I *can't* let anyone see it, whether or not it's "secret". If your salesman is going to have to break British law to make a sale in the US, then he's not going to GO to the US. Or he'll have to take the steps mentioned in this article.
Say my office gave me a laptop with copy of Windows that was installed from a pirate key... that's "illegal". I could get detained *without reasonable suspicion* and possibly convicted because of that. Say I *don't know* the password to an "encrypted-looking" file on the laptop (like, I don't know, say a database contained within a business program accessed only by Word macros or company-created utilities - I have seen many such systems loaded on laptops for employee use). I'm detained until I release it.
It's not that I have anything illegal under US law - the US is not the world, though. Things that the US does are considered illegal in other countries. Let's not go too far down that avenue because it's just too easy to get into country-bashing.
It's that the US customs have no reason to demand inspections without reasonable suspicion. They certainly s
Please explain to me how searching hard drives is "securing the border" when we live in the age of the internet. I don't mind a customs agent making sure that my laptop is, in fact, a laptop, but asking a marginally-trained TSA employee to examine all the data on a computer within the few minutes is like asking someone from your lawn service to do a five-minute inspection of a 2" square patch of vinyl siding to determine whether you have a mold problem in your basement.
In both cases you're asking the wrong guy to look at the wrong things, giving him no time or tools to do his "search", and then wondering why it didn't do anything to actually improve the situation. If it's illegal, then the problem is totally different and you have no right to complain about it. We have every right to complain. Since when have law and morality been linked in this country?
Some would say we have arrived long ago, but this is certainly a telling mark.
We are discussing "hiding legal and unincriminating" stuff so that we don't get hassled by government police. We have gone far beyond the "if you don't have anything to hide, you have nothing to fear" argument where now, even when you don't you have plenty to fear... in this case, potential loss of ability to work!!
They have been going too far for a while, but this is a point at which even the most common person can appreciate and understand the problem with this.
If the EFF were buying "public awareness" ad time on TV, radio and print (I haven't seen any if they already are) I'd donate $100 each month from now until "we've won" whatever that means. I'm sick of this.
Because
We have a whole plethora of words at our disposal with which to convey subtly nuanced meaning and/or sound like pompous gits, depending on the gravity and artifice of the situation. Why, the sheer range of verbal and literary shenanigans available to us is both rejuvenating and invigorating -- allowing us to express ourselves through many permutations of linguistic machinations.
I suppose we could go the 1984 route and strip out all of the words for which people think there is no longer a valid purpose. That way we'd all come down to a nice, easy level of communication, and eventually strip certain kinds of thoughts from people.
In the meantime, some of us will reinforce the veracity of our arguments and interactions with our more polysyllabic linguistic choices to more adequately articulate the lucidity of our positions on topical considerations.
Cheers
Lost at C:>. Found at C.
Using Director or some similar app, make a "movie" that looks and acts like a BSOD or a "Sad Mac with chimes of Death" play on start up. They start it up, it seems to boot fine, then suddenly it "BSOD's" or the Sad Mac comes out and DING DING DONG" and goes black.
Then you get to yell at then for fucking up your laptop, and demand they buy you a new one RIGHT NOW GOD DAMN IT. And make 'em feel guilty. "LOOK - MY COMPUTER - THEY KILLED MY COMPUTER!!!" Start to cry about how much work you just lost because those numbskulls broke your computer.
They'll close it, right quick, and give it back to you and put you on your plane and hope you shut up.
Maybe?
RS
Shoes for Industry. Shoes for the Dead.
Should have been clearer. Flying to Toronto to Buffalo; so it was effectively entering the US. US Customs are on site in Toronto Canada.
Wearing pants should always be optional.
ipods. I mean, come on, they're nothing more than several dozen GB thumbdrives, you can easily put all your stuff on there and carry it with you without suspicion.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
(volumes cannot be distinguished from random data)
Aye, there's the rub.
Most files CAN be distinguished from random data. If not outright human-readable (text, XML, etc.), they start with header data which can be visually recognized with a little experience. File sizes are predictably reflective of the directory context. Browsing the rest of a file's content usually reveals non-random components.
TrueCrypt claiming to be indistinguishable from "random data" is kinda like the hotel security guy who was checking out my activity when I was bored (playing with video camera menu settings, waiting for someone) in a hotel lounge. It was obvious he was hotel security because he didn't have any official-looking paraphanalia AND was dressed in "I'm trying to blend in but don't know how" attire. It was obvious he was checking out my activity because he wandered close, looked around like he was looking for someone, and left - when there was absolutely nobody else in the lounge. And from his "I'm not hotel security, no really" dress & demeanor, I knew something would come of it - manifest a few minutes later when the Federal Marshals showed up.
A TrueCrypt file (or partition) hits the "uncanny valley" realm: it tries so hard to blend in that we become keenly & deeply aware that it doesn't; the deep-seated human mechanism for sensing "something is wrong here" kicks in.
It stands out precisely because it so completely doesn't.
Can we get a "-1 Wrong" moderation option?
That's amazing, you'd better get that info to the 9th circuit (where the decision was made), I can't believe they'd overlook something like that...
Have you read the judgment? That might be a good place to start.
See TinyURLs are evil URLs. Why does the URL length matter when linking on the web? For example, the link above has a fairly long URL, but it's not a problem. There's no reason to use a URL shortening service for links on web pages.
The reason such services should only be used where actually necessary, like in print or when verbally relaying a URL, is that they are a good way to hide the site. By using them unnecessarily for web links, users become less wary of them, making it easier for malicious uses. It's the same reason banks and similar entities should not send email with links to their site.
Customs agents (US and Japanese) stopped me several times over the years to inspect my laptop. In every case that I can remember I was able to dodge "inspection" by simply saying that I couldn't turn my laptop on because no battery was installed (which was the truth). I would only carry a power cord in my laptop case, no batteries.
My battery was actually located in a separate carry-on; a backpack or a suitcase or some such.
I guess if they were really interested in the laptop they could've plugged it in to a wall outlet and gotten into it that way.. but they never asked to do that.
present day... present time... hahahaha...
Put all your important data on one of these - or better yet, don't rip the cable up - leave it alone so it looks like any other cable.
When information is power, privacy is freedom.
No, that would be seizing it. They need an excuse to seize it. Customs can search without cause, and they can seize things by giving an excuse.
There, fixed that for you.
Twinstiq, game news
[theory, of course]
What is this, people? Waving flags screaming "I'm hiding something!"
If I actually had something to hide, say, key NDA-restricted docs, and I HAD to carry them on me, I wouldn't put up red flags like obvious encryption or a partition with some weird-ass hippiecommie suspicious linux install. If you want to fly below radar, you need stealth.
First: a vanilla install of windows or macOS. Standard business apps, standard documents folder with typical usage, such as correspondence, presentations, expenses, etc.
Second: family photos. Friends on vacation, etc. Make them more than typical: lots of them, and innocuous. If you're too straightlaced to keep personal stuff on your computer, that's suspicious too.
Third: on a different computer, encrypt your files with decent encryption, AES or something, using strong password. Make sure the file name isn't interesting. Doesn't matter, if a professional gets the files, they'll be cracked; the point is to keep them unobserved, so this part's kind of optional.
Fourth: mask them inside innocuous files like the photos. Transfer them to your laptop. Now you're camouflaged. Smile, respect, make eye contact, be naturally a tiny bit nervous but with nothing to hide.
The secret to security? don't get caught.
[/theory]
Damn those pesky terrorists
Hidden volume
Only on Windows. On MacOS X and Linux, this is not available, for unstated reasons.
Please help metamoderate.
Next time your laptop breaks down leave the country and come back in and let the TSA figure out whats wrong. Better yet just to screw with them every time you go out of the country buy a cheap busted laptop and carry in though customs.
He gives one piece of very bad advice, on the subject of keeping your data on a big memory card and keeping it in your wallet. He says:
'If someone does discover it, you can try saying: "I don't know what's on there. My boss told me to give it to the head of the New York office."'
Never ever lie to customs guys. If they ring your boss and he denies it, or if you later change your story and say "oh yes, that's really all my files", or if you can't instantly give the address of the fictional 'New York office', then you better start relaxing in preparation for them gloving up to see if you are hiding any other memory cards.
Same with hidden partitions. If, by sheer bad luck, you do encounter a tech-savvy customs guy and he says 'have you got any hidden partitions on here?', say 'Yes'. Better than saying 'No' and having them find out later.
I'm not saying roll over and give them everything - you have rights - just don't lie.
Law enforcement has "good faith" exceptions to just about every rule in the book. Besides that, the AAs need the lawyers and guns on their side to ensure a predictable market for bubblegum teen music. Would you give that up for one shot at a paltry $222k?
/. -- the Free Republic of technology.
You know Sudan's on a whole other continent, right?
DRM: Terminator crops for your mind!
...you can't prove there isn't one. Neither can they prove that there is. They may argue that it's likely, but whatever.
However, it's also one of the pitfalls. They're not 100% stupid and I wouldn't put it past them to say "okay, then you won't mind if I zero out all the stuff that you claim doesn't have any data". That wouldn't take particularly long, so what is your defense going to be?
However, I don't know if they can actually write data to your machine; I think the current provisions are read-only? whatever.
And I know a few there. They were TOTAL idiots when I worked them. I have every reason to believe they remain in the same position. In fact, DHS is probably the dept, where the major qualifier for getting in, was belonging to the republican party.
Anyone who does NOT refuse a border agent's request to "type your password" is a coward and not worthy to call themselves an American IMO. It may seem like a small thing, a way to avoid being detained and hassled all day, but it's the little things like this that define the boundary of where our freedoms are being slowly stripped away.
The old Ben Franklin statement about those who would trade liberty for security comes to mind. It's a shame when people say, "It's all about the benjamins," that it's not THAT sentiment they're talking about. Stand up for your rights NOW - no matter how "inconvenient" it may be - or soon you won't have any to worry about. Sheeple, indeed. Pussies is more like it.
Buy two MicroSD cards.
Put one in a camera. Leave a whole bunch of inane pictures of it.
Use the second one as your main file store. At $20-25 for a 4GB card, they're cheap. They're also 15x11mm, so small you'll "lose" them - oops - in your checked luggage and are never going to be spotted by a bored inspector, that barely graduated highschool, watching hundreds of thousands of large bags going by.
Alternatively, stick it in a GameBoy DS. They have SD readers. Look utterly bored as you wander through, in flight toy in hand. Odds of their bothering to inspect a children's toy and find something that looks like it's supposed to be there anyway, are next to zero.
At customs, look bored, hand over your largely empty laptop and meaningless digital camera.
Let them copy off anything they feel like. Don't fight it. Don't complain. Let them think they've got everything.
Once you're back on the other side, put the other card back in, get access to your files again.
No, it won't stop them if they're utterly convinced you're a terrorist. They'll take everything apart and will eventually find that tiny thing. The abusive copying of anyone's crap, with no grounds for suspicion, is going to leave them copying junk that means nothing to them. There's simply no time to search everyone to the degree they'd find the few people with a MicroSD card. And, even if they do, it's a totally legitimate thing to do so you can claim total ignorance.
4GB should be plenty for most trip type info. Sensitive business docs should easily fit in to that. If you store porn on your laptop, leave it on an external drive at home for when you get back. If you really must have some with you, if you need more than 4GB, it's time to admit you've got issues.
I'm coming from the "land of the free" to one of those wacky socialist European countries.
I know it's hard for US residents brainwashed during the cold war, but socialism is not an alternative to freedom or even to democracy . Socialism is an alternative economic system and as such would be an alternative to capitalism .
Video files are expected to be large and thus won't arouse too much suspicion if you hide your data in them.
Just append bigg-ish data in binary format to highly compressed mpeg files.
That'll keep allow 'em to play in media players, thus avoiding suspicion.
Just remember at what index/byte point you appened it so you can snip out the "header" mpeg file.
http://www.object404.com
1. When conferences are being organized, avoid US sites right there in the planning stage. (This is already happening in my field.)
2. When travelling to a US conference, travel with a blank default install Windows or Mac box with no personal or private data on it at all. Do not carry any form of data with you (whether encrypted or not). If it is necessary to access private data, do it over an encrypted connection to the non-US based home server using a terminal session. No data is stored on the portable computer. If the hard drive is seized, there is nothing to get. (This is the solution being used by local doctors and lawyers travelling to the US where there are no privacy laws.)
Anything on your person when travelling to the US can be seized and you can be forced to give any passwords to anything encrypted.
Obama bin Laden must orgasm every single night at how spectacularly successful the 9/11 attacks were. It has to be the greatest success story of any kind thus far in the 21st century. Hate the guy all you want, he got everything he could ever want and then some.
Make a boot loader that plays islamic religious songs and displays a three minute countdown in big red digits in addition some arabic text. The bigger and older the laptop the better the effect. The only problem with this little trick is that there's a high chance you'd be offered a free and unconditional tour of one of the US military facilities along with a hands-on waterboarding demonstration.