Slashdot Mirror
Tips For Taking Your Laptop Into and Out of the US?
casualsax3 writes "I'm going to be taking a week long round trip from NYC to Puerto Vallarta Mexico sometime next month, and I was planning on taking my laptop with me. I'll probably want to rip a few movies and albums to the drive in order to keep busy on the flight. More important though, is that I'm also going to be taking pictures while I'm there, and storing them on the laptop. With everything in the news, I'm concerned that I'll have to show someone around the internals of my laptop coming back into the US. The pictures are potentially what upsets me the most, as I feel it's an incredible violation of my privacy. Do I actually need to worry about this? If so, should I go about hiding everything? I've heard good things about Truecrypt. Is it worth looking into or am I being overly paranoid?"
...encrypt it. Full disk encryption is relatively cheap, easy, and unobtrusive.
You gave one such example in your post.
But uh, mind if I ask: exactly what kind of pictures are you planning on taking on your vacation? ;-)
problem solved.
keep an SD card in ur wallet
No one is going to search your computer other than to make sure it is a computer and not a bomb.
Throw a clean install on your laptop, and put your critical data on a server so you can just log in and download it when you arrive.
When you're about to fly back, re-upload your data and wipe the drive.
You could also just mail encrypted DVDs with substantial insurance.
You could offload all your photos onto a memory stick. I doubt they would search that. Especially if it's not in your carry-on.Encrypting is pretty darn easy, too. Although if they give you a hard time, you'll just have/want to decrypt it for them to take a look. Otherwise it looks real suspicious.
Install linux, set grub to boot into windows straight away. Put what you want on your linux partitions. Fix grub when you're in the US and reboot into linux.
I'd use Truecrypt on a USB key of some sort, and use rental computers on the plane and at the destination rather than your own machine, which you leave safely at home.
Use certain Linux distros, and you can literally have your own "computer on a stick" this way.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
However, my international adventures are limited to Canada and Japan. Most recently was a trip to Tokyo last March, where I had 0 issues coming or going with the Macbook I took along for digital photo dumps. YMMV.
-Buddy of DoQ
Short answer: Truecrypt (as you mentioned in the summary.) Is it worth looking into? Yes. Are you being overly paranoid? No. Seriously, have you noticed the big brother trends recently? Truecrypt is very simply and effective encryption, in several forms, from simple encrypted containers to hidden O/S partitions. To take such a simple precaution is not, IMHO, overly paranoid.
http://clightnirish.wordpress.com/
Use a clean install and email the photos to yourself while you are there... or put them on an encrypted thumb drive / cd and snail mail it..
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
I've never had anyone inspect my laptop, let alone demand it be turned on and proceed to rifle through my personal files. You could probably zip up your photos and rename the extension and nobody would be the wiser.
Get a grip, man.
Don't know what the criteria for the search is, but FWIW, I've been in and out of the US at least six times in the past two years, and never had my laptop searched. Never seen it happen to anyone either.
Use a cruise ship as much as possible. If you leave the US on the boat and come back on the boat then they won't rummage through your shit:
On my last cruise we hid(and these were strictly for our own presonal/recreational use) 3 handles of booze, 24 Marijuana cookies, 1 small bag of marijuana buds, and my noncritical laptop in our main(heavy with clothing etc) luggage. Only the carry-on bags were searched. When coming back into the US just keep your laptop in your main luggage with your clothes and don't have any contraband on you when you get back(like I said, they won't search your laptop if its in the large luggage) as there may be a doggie sniffing.
If you are flying out of the country and flying back in, I don't know what to say except sorry, bro!
what are you taking pictures of if you are worried about them looking at them. i can just about guarantee you that they dont really care what the pics are of as long as its your personal life and not something important.
Are you a middle eastern looking young male? A white male returning from Thailand? If so, be paranoid.
If not, no worries.
Test your net with Netalyzr
Encrypt your working partition then install a 2nd OS that it defaults to without revealing your main working OS.
That way they can scan for all the information they want off of your plain jane machine and not raise any suspicions about your private data.
Put your files on a few small USB-sticks, or on your home server (for encrypted retrieval once you're in the country). Bring a Live-CD to boot from and then "cat /dev/random > /dev/sda".
Make sure to grow a big beard, learn a few arabic phrases and quote Allah to the security guard in customs.
Then let them have a crack at decrypting your "encrypted" drive.
Just be sure to say "Just kidding" so they don't ship you off to Guantanamo.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
If you haven't noticed lately, the DHS can search your laptop, make copies of everything on your laptop and keep it. If you are a person who loves exercising arbitrary power over people, you probably work for the DHS or another government agency.
Its really funny that a person who doesn't care about basic civil liberties is posting as AC. However, the joke is probably on me and you are just a troll. :)
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
As the old traveler's adage goes, if you can't afford to lose it, don't bring it.
Find a cheap laptop used laptop you won't have problems with ditching. Use a live cd or usb key boot solution so nothing ends up on the hard drives.
Keep your pictures on SD cards and mail them or a copy to yourself or some drop point. Encrypt them all.
...is a good offense.
If you're offended by having your privacy invaded, just make it horribly offensive for the invader as well.
With the right accessorizing and appropriate leather:latex:chainmail ratio, you can ensure even the most intrepid airport screener will breeze you through in record time.
Oh...and, yes, Truecrypt is terrific, but not nearly as fun.
Set your background wallpaper to goatse, tubgirl, or lemonparty. It will disgust the jack booted border control types and I've found at airports and such, it's a great way to meet feelow linux users and others for bathroom sex.
I've taken my laptop across the border 4 times, my wife has done so many times more, neither of us have had our laptops searched. I've been pulled aside by customs and asked questions once, but even then they did not request to see my laptop. I think the bottom line is, if you act shady they'll look at your stuff, if you're just getting your business done then you're fine.
Trycrypt is a answer. It is free and they did everything correct. You can encrytpt your current data, and even add a second OS for deniablity.
If they ask you to boot the laptop you type in the password for the 2md OS and they see nothing of your main data disk, only your 2nf OS.
Ae you paranoid? Well, you better be paranoid than sorry.
Once at a shell prompt they quickly lose interest.
This is my sig. There are many like it but this one is mine.
The laws are a travesty. The system is fubar not just beyond all recognition, but beyond all belief. However, you've got a better chance of justifying the average DMCA takedown notice then you do of having something bad happen to your laptop because of your border crossing. I do it several times a year and have never had anyone even take notice of my laptop. In fact, in all my years of international travel, I've had one complete *ass* of a border agent (at London's Luton airport) and for the most part all the others have been cordial at worst, and down right heartwarming at best. The bureaucrats need to be executed for treason and absolute scumbaggery immediately, the border agents are just people like you and me doing their (admittedly lousy) jobs.
I just came back in from a two week stay in Europe, where my travels took me through several countries there. While I was there, all the photos that I took were stored on the laptop, along with several movies that I'd ripped to the drive.
Upon my return to the states, the check-in process wasn't any different than it had been a couple of years ago. They asked no questions about my laptop, or if I even had one. The only time my laptop left my bag was when I put it through the X-ray machine.
That being said, it never hurts to encrypt your data anyway.
If you're looking here for something insightful or thought provoking, you're probably looking in the wrong place.
Put them on your iPod. I've got a 80GB Classic, and there's more than enough room there to store whatever you need, and who's going to search your music player for stuff?
Unless, of course, you're doing something naughty and arouse suspicion, in which case you're pretty boned - encrypting/obfuscating the file on the 'Pod would probably help, but if you're getting the full treatment...
What the world really needs is secure storage with a self-destruct feature - when they ask you for the password, you give them X, which wipes the drive as quickly and as thoroughly as possible. (Preferably with a "decrypting, please wait" message)
There is always the tried and true method of shoving it in a condom and swallowing it...Just tell them you have a bionic stomach.
Otherwise, I think you're probably fucked. If you encrypt, you're just showing that you have something to hide, so that's a trip to GITMO.
If you don't encrypt, then people will see your deviant porn, and that's a trip to PMITA prison.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Bring a few GBs of random data with you. Have a copy back home. Don't let them copy them, but allow them to look at them, using your computer w you around. When you arrive, xor your photos w the random data and put the result on the laptop. Erase the random data. Go back home. Xor with your backup back home of the random data. At any given time, they will only be able to get random data, and/or prevent you from bringing any photos, not getting to see the photos. Unless they breake in to your house. If that is really an issue, get someone to safekeep the random data back home and phone you if it gets stolen.
Don't just encrypt your drive. They can take your laptop indefinitely; and if the whole disk is encrypted, they probably will. My recommendation is to use truecrypt, encrypt the files you want to protect, and remove them from your hard drive. Put them on SD cards, with innocuous filenames, along with unencrypted photos, and store them with your digital camera. Or do something similar. The key is to encrypt the files, and hide the encrypted files where they won't look. Another option is to give the encrypted files garbage filenames and put them in your internet cache directory, or some other temp storage.
Unless you are already under investigation by the US government then there is very little chance that you will have to show anyone anything.
I travel into and out of the US on a periodic basis and the only thing that I have had to do on rare occasions is power up that laptop, but I think it has been years since I've had to do that.
I am just back from a month vacation in the US. At not one security checkpoint they asked me to poweron my laptop.And i passed several checkpoints at different US airports. But maybe I was just lucky :)
No, message. The subject line was the joke. Move along.
-- Prepared at the direction of, or to be sent to Legal Counsel, in anticipation of litigation. Attorney Client Pri
An ounce of circumvention is worth a pound of countermeasures. Don't store them on the laptop at all. Store the pictures you're taking online and you'll be able to access them from anywhere. Border patrol can't find something on your computer when it's not there. Even if that's not feasible 100% of the time, you could still make a temporary archive online while removing them from your computer. If even that has you feeling paranoid, you could always burn the files to DVD, wipe them from your computer, and stow the DVD.
Your going to the gay boy toy capital of the world and plan to take photos eh. And your worried about customs being able to see what "photos" you have stored on your laptop. I dont buy it one bit.
Your just another perv looking to hide your stuff and was hoping /. would help you out.
I hope you get caught, strung up and beaten.
I believe, that coming into the country, the customs agency should have the right to search you and your belongings. I don't believe that they should have the right to sieze any of your belongins without probable cause.
I spent the last five years traveling around the world, typically taking 2 trips a month out of the U.S. to other places. Outside of Saudi Arabia, I've never even had to open a bag for a quick look, although in Saudi Arabia I was more concerned with having my pony-tail chopped off. The current policy of potentially having a laptop siezed is asinine. However, I don't know anyone who has ever had this happen to them and I know a lot of people who travel in and out of the country on a regular basis.
While it's possible for it to happen to you it is extremely unlikely. If you're that concerned about it then encrypt the contents and be done with it.
I'd be more concerned about the 10,000 laptops lost or stolen every week (more bs about this can be found here: http://www.pcworld.com/businesscenter/article/147739/laptops_lost_like_hot_cakes_at_us_airports.html) than for a customs agent to have enough interest in me to 1) look at my laptop and 2) to want to keep it.
You can fit a lot of USB sticks in your anus. Probably 3 or 4 Libraries of Congress in your ass, isn't technology wonderful?!
Trolling is a art,
Offshore laptop rentals with temporary accounts linked to offshore data are booming! What a great business model. You set up an account with the company, stuff all your crap on a server, then when you get to your destination, you pick up a laptop (maybe your "rental fees" are part of your normal monthly service account)... logging in to the laptop mounts the remote volume and download away.
meh
I love it, works great. I honestly don't think full disk is what you want because they can force you to type a password to let them look around. I have a hidden truecrypt file so even if I boot up and they look around they won't see my personal data. Mostly I keep my old journal, email backups, and other stuff in encrypted file. I highly recommend truecrypt
Dan Mayer: my blog, essays, art, etc
Called email. Just email them to yourself...
They're going to copy all the data over, and search for it for kiddie porn and other junk. You can perform drive encryption and claim the 5th, but they're going to confiscate it from you since if the 4th doesn't apply, nor will the 5th. You're out a laptop and since it's DHS, and above the law; the only way to get it back is by the liberal execution of the 2nd; hiring a lawyer is probably not economically viable. However, if 30 or 40 DHS personell were to be killed in a raid to get some guys laptop back, I do not believe there would be a public outlash, although getting the mass media to report anything truthfully would be difficult.
If you were to go that route, you'd need a couple of buds, a good .308 winchester rifle to pin them down in an open area, a couple of bernelli M3's with a good slug load, M1911; IIIA body armor should be sufficient to take the slug although you can find interceptor on E-bay. Spare the techs, as miserable as they are and as much as they deserve it, they hate their job.
Best advice; leave your laptop at home, buy a stack of MicroSD cards on newegg and hide them in your wallet. A specops wallet
http://www.uscav.com/ProductInfo.aspx?productid=16869&utm_medium=shoppingengine&utm_source=googlebase&cm_mmc=Google%20Base-_-Products-_-SF-_-V1
is cheap, less expensive than paying for a broken laptop, has hidden compartments, and its pretty hard for even the dumbest security guard to destroy a MicroSD card.
That's all you need. If it doesn't work, let them have it and sue the hell out of them. The ACLU and EFF may help you.
Make sure to get a laptop built with ease of HDD removal in mind. Most business oriented laptops are built this way. I usually have a backup HDD (2nd) with a fresh install of windows and some basic apps. If your laptop is subject to search and seizure, the less data on it the better. "Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him" Cardinal Armand Jean du Plessis Richelieu (1585-1642)
Good-bye
You can fit a lot of USB sticks in your anus. Probably 3 or 4 Libraries of Congress in your ass, isn't technology wonderful?!
The one time goatse is on topic and you forget to link it? Seriously?
Oh well, if anything should miss it's fifteen minutes in the limelight it's that image.
Here's a tip about going in to Mexico: only bring a single laptop. A traveller is allowed to bring a single laptop into Mexico for free. I flew into Cabo San Lucas with my work laptop and an EEEPC and they charged me over $100 tax for the second laptop, ostensibly in case I sell it they get their tax.
..if you want to ensure that they take your laptop away, since you "obviously" must be hiding something. I'd advise you to leave your computer at home. Simply bring some extra memory cards for your camera, and maybe a media player of some sort if you're really going to be that bored on the flight.
Why does everyone feel the need to travel with their computer? Whenever I go on vacation, a computer screen is the last thing I want to see.
I would bet that if you move any sensitive data onto USB keys on your keychain, nobody will give them a second glance.
For every problem, there is at least one solution that is simple, neat, and wrong.
Trucrypt has a way of encrypting that makes it safe. It has "hidden" encryption. What this means is that you have two "parts". One on which you put sensitive-looking files that you don't actually care about, and the other where you put your naked pictures (or whatever). Then, if they force you to decrypt, you give them the password that decrypts ONLY the sensitive-looking parts that you don't mind much.
There's no way to distinguish the other part from random data, and, seriously, there is no way to decrypt it without the password (contrary to what we see in movies) or spending a few years with a few thousand computers trying on passwords until they get it.
Leave the computer at home. Drink beer and enjoy yourself on vacation. Problem solved.
Even a moderately sized memory card for your camera can hold 200 pictures - can you really shoot more than that in a week?
Just buy a cheap laptop, and/or an USB stick. Put your pix on the USB key and put it in your checked bag. Nuke the laptop b4 you come back, I've typically cross the US border 3-4 times a year. I've never had a problem with carrying a USB key along with my camera. I've only brought my laptop across once, and had no problems. The thing I get questioned on is my underwater camera housing, but they just ask what it is. Then they say cool, and ask if their camera will fit. ~:-) To which I say "No, each housing is made for a specific camera." Hope this helps.
stick a thumb drive up your ass...
Make a spare hard drive that you can boot from, and contains totally innocuous data. Take both drives with you on vacation. Then mail the first hard drive back to yourself. Return to the U.S. with the spare hard drive in the laptop.
The point of this is not to draw suspicion to yourself, and to reduce the DHS's incentives to confiscate your laptop. If they want to see what's on it, you can show them everything - because nothing will be there. If they take your drive and image it, they won't find anything.
You don't want to use encryption, because that will draw attention to you and possibly get you put on a list. You certainly don't want to assert your fourth amendment rights - not only because it won't matter to the DHS while you're physically trying to cross the border, but also because the courts are unlikely to uphold them nowadays.
If you don't want to use a spare drive, then treat the data itself as disposable. Keep track of everything you consider private, and then wipe it from the drive before returning.
I always mod up spelling trolls.
I would think they'd be a lot less out of the norm there. Unless you're totally going for the coke & whores where the whores are 12 year old boys. Then you may want to just mail yourself the SD card.
-EB
Do you ever walk alone like a drifter in the dark?
If it's the pictures that you're worried about, archive, encrypt, and email them to yourself or upload them somewhere safe.
If you plan to take gigs and gigs of pictures, take an external hard drive with you and ship it back ahead of you. Make sure it's encrypted, too.
If you really want to test the law, simply encrypt your hard drive or store the photos in a PGP-encrypted file on the unencrypted hard drive. Remember, though, that while the 5th Amendment will probably protect you as an American citizen, it will not save you (nor your family) from the hours and hours of delay and frustration.
Colin Dean Go a year without DRM
If you've got an NTFS drive you could always go about it using Alternate Data Streams. What pictures? Not going to fool a forensic examiner (nothing you do will, given enough time to look) but you'd probably slide past border folks just fine without having to give up your laptop for not providing the password to an encrypted drive. Don't give them any reason to want to look any further ;)
If you're worried about having to give up the password to your encrypted drive, try Rubberhose:
http://iq.org/~proff/rubberhose.org/
I'd not have any movies or music on my computer that I can't provide any kind of supporting information that I am a legal owner of it, particularly with regard to movies. For an interesting listen, download the latest episode of TWIT (Laporte) where he interviews Kevin Mitnik. Mitnik pointed out that what the powers that be were most inquisitive about were 1) pirated movies, 2) pirated music, and 3) kiddie porn.
Send it to your hotel DHL overnight before you leave, and do the same to get it home.
Problem solved.
Do daemons dream of electric sleep()?
I thought the lot of you didn't bother posting to Ask and would instead post Ask questions to random sections instead, sections which might have nothing to do with the topic.
Hail Eris, full of mischief...
E pluribus sanguinem
The people who worry that about privacy, are the people have something to worry about.
It's obvious, you should be jailed. ;)
Write a script that will copy goatse, tub girl and screen shots from 2 girls 1 cup thousands of times into every directory of your hard drive.
After they check a few images, they'll stop looking.
At the rate the US financials are going (the number doesn't even fit the live counter anymore) it won't be long before the US simply can't afford it anymore to pester its visitors. At that time they would need all the visitors they can get to get some (real) moneyflow going.
I for one refuse to bother with those 3rd world -like politics where the "Grand Nation" allows itself to treat everyone like criminals when they see fit.
Darned border search exception.
"travelers may be stopped [and searched] at . . . the border without individualized suspicion even if the stop [or search] is based largely on ethnicity[.]" United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985), United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
and
"may [...] conduct searches of the traveler's body -- including strip, body cavity, involuntary x-ray, and in some jurisdictions, patdown searches -- if the Customs officer has reasonable suspicion" to do so. United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004), United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
I've been back and forth to China a few times over the last 6 months and have had no issues bringing 2 laptops with me (personal and work) and getting them back to the states unchecked.
I've also heard the stories on the news and it is a bit disheartening but again, I've had zero problems myself.
Even if you encrypt, there is the thorny issue that you may need to provide your password etc... You can plead the 5th but it may not work. It's still a grey area. A better solution would be to upload your pictures to your home computer from an internet cafe or hotel etc.
Not now, you're not. We are watching you.
And you think I'm gonna post with my real name?
Don't look Muslim.
All the pictures you need. You could even use micro SD card/cards in your mobile phone (if your mobile phone can carry micro SD cards).
I just came back from Egypt with slightly under 40 gigs of commercial photographs and had to pass through Seattle on my way home to Canada. Got asked two whole questions... where was I coming from and where was I going. Now I am your stereotypical white guy, the middle eastern looking people on the flight where without exception getting the third degree (and they where all holding American or Canadian passports).
Technology is most abused by the very people it was created to help
Before you leave home image your hard drive to dvd with no data at all, just OS and apps. Use Ghost or something like that. Put some work files on on a flash drive. Skip the ripped movies. When you are ready to return, move all your images to flash and mail them home, then re-image your hard drive with the no data image. When you go through customs let them look to their hearts content. If they ask about the really clean hard drive, tell them it company policy that not data is to be left on hard drives while traveling because of fear of theft of the laptop. Show them the flash drive with your work data on it. Keep a memory card in the camera with a couple of pictures of the beach for them to look at.
But I dare say you may be safe... after all, TrueCrypt has probably received a visit from No Such Agency.
Google for crypto nsa backdoor
I have been between Taiwan and the US, Shanghai and the US numerous times in the last two years carrying 2 laptops. Never been asked. In fact, the last time two weeks ago, I had two laptops, 1 for work and 1 for my personal use, and a newly purchased in Taiwan EEEPC netbook which I declared.
And I was concerned about the same things. Turns out that concern was needless. Mexico doesn't care what's on your laptop or in your luggage -- my luggage wasn't even seriously searched there. A Mexican Federale rifled around in my main suitcase looking for bottles of liquor and foodstuffs on my way back to the states (he only found one, haha) but that was it. They didn't even bother to check my laptop bag at all. I flew out through Atlanta, and the only searching I had to go through stateside was routine x-rays. Laptop out of the case and in a tray by itself, run through the machine, and that's it. They didn't blink when it went through.
If my experience is any indication, the only thing you'll have to worry about is getting a good wireless signal while you're there. Not that you'll want to be on your computer, it's one of the most beautiful places I've ever been. I don't think you have anything to worry about. Take your ATM and/or credit card with you too. You can use it in most places down there -- even in ATMs which dispense pesos at the current official exchange rate, meaning you won't have to haggle with anyone about how many pesos your $10 bill is worth.
Oh yeah, and you want to take the zipline tour through the jungles. That and the Catalina excursion if you can. Well worth the cost.
You can do what my company has been doing. They bought a few eeePCs at a decent price and literally keep NOTHING but a Citrix client on them. When employees cross the border, there is no liability if the netbook gets confiscated, stolen, or wiped. When they reach their destination, assuming the laptop is okay, they bring up the encrypted Citrix client and VPN into work. This way they have full access to their environment: Outlook, Internet Browsing, etc. all done through the corp network with encryption. The cost of this is minimal (a $300 netbook) as opposed to a full $1000-2000 laptop PLUS sensitive data.
Now, for personal use you could simply run an ssh tunnel. Takes, literally, just a few mouse-clicks to setup and costs nothing extra (minus the netbook).
Bottom line: The less you bring, the less risk you take.
I travel a lot. I've yet to have an issue with this.
Derek Greene
Why not just take the DVDs with you?
Kevin Mitnick was recently on TWIT 163 this past weekend discussing a recent incident he had at an airport in Atlanta, GA coming from Columbia where he was detained and ICE/Customs officials were attempting search through his property and a laptop of his. He offers some tips on what one should do before taking your laptop with you when leaving the United States.
http://twit.tv/163/
Insist on showing them every picture!
Also, backup the gutenberg project.
Fill up the rest of your drive with dd if="/dev/random" of="secretstuff.iso" so that if they copy your drive they at least have something they can work on decrypting.
Don't forget to bring your extra harddrives, too! I'd pay you to take some of my crashed ones... I would love for somebody to get the data off of them.
Other than that, all I can think of is for you to laugh maniacally.
When things get complex, multiply by the complex conjugate.
Or have it "crash" on boot and you'll be sent along your way with a sympathetic shrug.
The world is made by those who show up for the job.
Just write a script to rename the files from IMG12345.jpg to 12345. I'm sure they won't know what the file is, because it has no extension.
I went from the US to Barbados and came back without having to show them anything on my laptop (and there are some good pics on there). I had to take it out of the case for the x-ray machine, but that's it. Have they developed technology that dupes the hd while going through the x-ray yet?
I ended up going to korea with a 1TB external stuffed with movies. Personally I wouldn't worry about it... I ended up going to japan and then back to korea in the same trip. 4 Security checks and no problem.
may i suggest a microSD card? unless you're gonna have a full body cavity search - you have nothing to fear.
1. Buy a few Micro-SD cards. Preferably without any "size" labels on them, and/or make new labels that indicate a smaller size. This won't fool any experts, but it will pass a cursory check.
2. Create 2 partitions on each, the first one small (eg. 32MB) with a FAT32 partition. This is what will pop-up when someone puts the card into a system. If you create a custom label for the disk, put the size of this partition on the label.
3. Create one encrypted image _smaller_ than the size of the second partition -- preferably a sparse filesystem if you can manage it, and a second encrypted image the size of the remaining space. Fill them up, the first with "junk" data, and the second with your real, hidden data.
4. Concatenate your encrypted images and 'dd' them to the second partition.
5. Wipe all the original data and encrypted archives from your harddrive.
With a MicroSD card, it is a lot easier to hide it than the larger cards. Besides the physical size, the reduced components contain less metal. If someone tries to look at the card with a cursory glance, it will just show small filesystem. If someone notices that the card is, in fact bigger, or that it contains a couple filesystems, you can claim that it is a swap partition. If you are more honest, say that it has an encrypted filesystem, and offer to decrypt it for them. When they open it, they will see your "junk" data. Having a sparse filesystem is good here, because you can make it look like the filesystem is larger than it really is, concealing the second encrypted filesystem. If they do realize there is a third filesystem, then you're pretty screwed...
Full-disk encryption is a tad too suspicious though. Yes, yes, it should not be this way, but someone is going to ask what he is hiding. So I would rather go for partition encryption, leaving the OS functional.
Just partition the HD so that there is some space left, use it for encrypted storage and mount the partition when you need it. I think we can safely assume that no border-control enforcer knows what a partition table is, and much less how to mount it; if they did they would have better jobs. And, if they really find out, it will look just like an unformatted partition. Just say that you got the partitioning wrong, or something like that.
And for the extra paranoid, remember to encrypt swap with a password scrambled at boot and to mount /tmp on tmpfs.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
if uve never been pulled into the us customs secondary inspection i wouldnt worry about it
ive never had my laptop scrutinized and ive been pulled into secondary inspection a few times
{ canadian programmer telecommuting in the states == working in the states }
think about who and what they are really looking for , its probably not you or your files
back in the day we didnt have no old school
No one has said the simplest way. Slap any data you dont want them looking at on an external and put it in your carry on. I travel with 10-15 external usb drives, and no one says ANYTHING about them. also, because there is no chance of them being a weapon (And they go thru the xray machine), they cant legally confiscate them. Well, i mean, they could i suppose, but that would bring along a few lawsuits from my employer.. either way, they never mess with your usb drives.
"Some men just want to watch the world burn..."
Install a plain old OS on it, and NOTHING else.
So, it's a brand new laptop OS install.
Ship your other one, after backing it up of course, to your destination next day.
If you absolutely must work on the plane, just put those documents on the damn thing, work on them, get your disk and sync up after arrival.
Reverse for the trip home.
Blogging because I can...
Keep your laptop clean. Just OS and applications.
Use external drive or USB stick for all your data.
As far as TrueCrypt is concerned, I started using it when I realized what a problem I'd have if someone stole my laptop (either at home or on the road). I now keep all my sensitive financial and personal data on an encrypted volume; the innocuous stuff is in the clear. Frankly, the risk of theft is far greater than the risk of border seizure.
If it's your photos that you're concerned about, why not just upload them to you favorite photo sharing site and delete them from the laptop?
Truecrypt is a great option, make a truecrypt file to hold all your pictures. Then move it into your windows directory and rename it "Harmless.dll".
If your worried that they will see truecrypt and demand you decrypt a something; create a second truecrypt file in the default location and put some scans of tax documents.
I've been to the US a couple of times this year, the last one about 3 weeks ago to Las Vegas.
I had to take my laptop with me for several reasons, but during the security check-in in Houston no one bothered me at all about the laptop, just had to take it out of my bag for the x-ray check.
I think encryption is a great alternative, not because of Big Brother, but because your laptop might get stolen in Puerto Vallarta.
--Necesito una chela, bien fria...
Just don't take it along buddy. :)
slashdot rocks
I entered the US 3 months ago, and left after a week. I too had read about stories where they could search and confiscate your laptop for no reason. Since I'm a Linux user, the act of using an operating system that they don't know (i.e. everything except Windows) might cause suspicion, so I removed Linux from the boot loader and put a few photos and documents on the Windows partition as a decoy. I really didn't want to go through the trouble of formatting my Linux partition since all my important stuff are not on Windows. My business partner, who traveled with me, didn't bring his Macbook at all out of fear that it would be confiscated.
It turned out that we have been worried about nothing. There was no search. One time I forgot to remove the laptop from my backpack. They took the backpack and inspected it, and I was acting nervous because I was worried they'd confiscate the laptop. After a few minutes I got my laptop back. Nothing happened.
Use goatse in Splashy for some nice mind gaming :)
I've taken my laptop out of the country on several occasions, and despite being searched on a number of occasions, they have never tried to get onto my laptop.
I've gone overseas three times in the last three years, and the customs people never even give me a second glance. Just be white, be polite, look "normal" and as long as you aren't coming from somewhere that traffics in "interesting" things, they will spend all of fifteen seconds looking you over.
The cake is a pie
Put the one you really care about in your suitcase. Odds are that if you get inspected, they won't look at anything beyond the drive that's in your laptop. Personally I would never encrypt anything, it won't enhance your privacy, it will ensure that you get even more deeply investigated.
FWIW I've been back and forth between the US and the UK several times a year since 9/11 and I've never had even the slightest bit of interest taken in my laptop... touch wood.
...only if you don't mind an occasional cavity search. Use DHL otherwise.
I should clarify to say that the policy does mention encryption; but whether your device is encrypted is unlikely to determine whether or not it is seized.
Specifically:
(2) Assistance by Other Federal Agencies or Entities.
(a) Translation and Decryption. Officers may encounter information in documents or electronic devices that is in a foreign language and/or encrypted. To assist CBP in determining the meaning of such information, CBP may seek translation and/or decryption assistance from other Federal agencies or entities. Officers may seek such assistance absent individualized suspicion. Requests for translation and decryption assistance shall be documented.
(b) Subject Matter Assistance. Officers may encounter information in documents or electronic devices that is not in a foreign language or encrypted, but that nevertheless requires referral to subject matter experts to determine whether the information is relevant to the laws enforced and administered by CBP. With supervisory approval, officers may create and transmit a copy of information to an agency or entity for the purpose of obtaining subject matter assistance when they have reasonable suspicion of activities in violation of the laws enforced by CBP. Requests for subject matter assistance shall be documented.
Actually, reading the actual policy is probably not a bad idea for those so outraged with it (or frightened of it). Keep the longstanding border search exception in mind when reading the policy, and try to imagine how it might be in the realm of possibility that it might be reasonable to also apply the border search exception, repeatedly upheld by the Supreme Court, to data inside electronic devices as well.
Have you seen the people they are hiring at the airport security recently? You might be subject to an entirely different form of harassment, from someone who feels you are their perfect soul mate...
Get yourself an 8GB microSD card or two or three and a card reader if your laptop doesnt have one built in. They don't set off metal detectors and can be carried easily in your front pocket or shirt pocket or in your socks or wherever makes you happy. Although honestly I have passed through customs at least a dozen times since 9/11 with laptops, mp3 players, cell phones and all kind of electronic goodies and never once been asked to actually turn one on or let someone from security examine it. But I still keep all my work and personal documents on microSD just in case that ever changes.
I'm actually waiting for this to happen to me. When it does, I plan on opening the laptop, turning it on, and letting it tumble from my hands to the floor. God bless the Dell gold full replacement warranty.
To avoid corruption, one must remain dishonest.
If you know enough about US authorities' attitudes to be worried about the border searches, then surely you also know enough about the US internal authorities to realise that it's not a safe place to visit?
Just tell your employer that you won't visit an active war zone
Many have a dual boot machine. My laptop has WinXP that I rarely use as first partition and then it's all garbage (if you don't have the passphrase).
So, I do the following: Before a journey to USA, I remove the GRUB loader, and windows just loads without questions. Who is gonna find out that I have a second encrypted partition in the 5 minutes of the search?
I was once smuggling some books into a country that did not permit such books.
Sure enough, I got searched and questioned.
What I was doing was illegal and I got busted. I don't mind because those laws are stupid and as it is often said - information wants to be free.
At worst they were going to confiscate "my" belongings and destroy them. I got 'lucky' as I was also carrying relief supplies (clothing for children to mask the books).
I now run my life on encryption and assume everything I do on the net is tracked and logged.
Depending on how much you believe in what you are doing you will take risks.
For family photos? Mail a backup to yourself (encrypted) and take your encrypted laptop with you or mail it back. Insure it and at worst, you'll have a backup and only have lost the hardware.
Look, I hate that argument. In fact, I think it's one of the most disgusting, chickenshit and reflexively authority-loving mottos that only a mewling statist who pisses his pants every night in fear of a ripple in the public order would use. That said, the original poster specifically brought up his pictures as though he **knows** there is likely to be a problem. That does change things around and make even someone like me have to ask just WHAT IS he carrying?
Either he's breaking the law, or he's incredibly paranoid, since most border agents really wouldn't care unless they found a ton of pictures of kids that obviously have no connection to him on his laptop, really sick pornography or pictures showing you high fiving a terrorist in front of a nuclear power plant. The way I read it was that he's pretty sure that he'd get in trouble, even with a pretty reasonable customs agent. Remember, Customs and the TSA are two separate agencies; Customs doesn't tend to waste its time on the minute bullshit that the TSA wastes its time with.
just get one of those 64GB thumb drives from corsair and swallow it before you return :)
I have entered the us from mexico a few times by bus and car. Once, they asked me to turn on my laptop but the border agent just looked at the icons on the desktop and that was it. There was mo detailed examination of my files. Also, when entering by car, they will ask you to not take your cell phone with you to the waiting room so you might want to erase text messages etc.
My pockets have never been searched so you could easily "smuggle" a thumb drive or laptop harddrive in your pocket. Just have another harddrive with a clean install of windows to put in your laptop so that they do not become suspicious.
Sending your stuff by DHL/UPS/Whatever is just plain stupid. It will cost you $$$ because we are talking about an international shipment.
Don't carry your laptop. Encryption won't help you.
you had me at #!
I know it's the hip thing to worry about Customs rifling through your laptop, but statistically, you have much better things to worry about when bringing your laptop on vacation ... among other things:
0) Forgetting to bring the AC plug adapter,
1) Customs services in the foreign country,
2) Airport security on both ends,
3) Simple theft of the laptop during the trip,
4) Putting your laptop bag down on the bus and forgetting it,
5) Spilling coffee on your keyboard at an internet cafe, and
6) Dropping your laptop on your big toe and breaking both.
Practically speaking, Customs agents can't be bothered to search individuals that aren't acting truly "hinky". I've been traveling internationally on a regular basis for business. My travel patterns certainly fit a certain "risk" profile (long stays outside the country, frequent travel, watch list name match, etc.) and I've never, in six years of this, ever had anything searched or questioned, much less seized. Practically, it's not worth worrying about.
I traveled to Morocco and Spain last Summer. They didn't give a crap about my laptop. They honestly didn't even ask me anything about it. The only things they cared about was if I brought any weed back(Morocco grows a lot) or trained to become a terrorist in a Mosque.
dude don't be so paranoid. i look middle eastern/mediterranean (phenotypic blending of my mixed russian, mexican, native american ancestry) and get pulled aside for questioning every time i fly. they never go through the contents of my computer; they're interested in making sure it's actually just a computer.
Truecrypt provides plausible deniability - the capability to create a hidden encrypted volume within another encrypted volume, thereby allowing you to grant access to unimportant/dummy data when a password is asked for without the attacker knowing additional information even exists.
To do this you need the TrueCrypt bootloader installed, which is a dead give-away that you probably have a hidden volume. If you don't and they suspect of being a terrorist sympathizer you'll just get thrown in Gitmo until you give up your secrets.
TrueCrypt plausible deniability is useful against those who cannot employ deadly force against you.
If you're really concerned, wipe the drive, install linux on a small partition, use an encrypted network connection to upload the photos, then secure wipe the drive and install Windows XP on it for your border crossing. Better yet, get a $50 used laptop and leave it with a local school.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
What you need is plausible deniability. You can achieve it easily with the hidden volumes option of Truecrypt. You encrypt your HD two times, the first with a dummy filesystem & password that you can show in case of inspection, the other, with another password, to do your stuff. The cool thing is that you can even use two different encryption algorithms. Bye
I just returned to the US last week from a month-long trip overseas. I brought my laptop along to store photos from my digital camera. The only time I had to remove my laptop from its case was at the airport (LAX) when leaving the US, when I had to put it through an X-ray machine. I didn't have to do it again when I returned (it still went through the X-ray machine). At no point was I asked about the contents of my laptop nor asked to turn it on. This was a marked improvement from 2 years ago, when I had to remove the laptop from its case and remove my shoes at every point in my journey (my trip had a connecting flight).
Or just say in a clear calm voice "That is not mine! I have never seen that before now!"
The only thing new in this world is the history that you don't know.[Harry Truman]
But the O.P. is presumably a US citizen.
Citizens of other nationalities cannot safely travel to, or stop over, in the US.
(Ask Maher Arar and the several other Canadians who were kidnapped at the border, and sent by US authorities to Syria to be tortured. And they are only the ones we know about.)
you had me at #!
I work for a provincial government in Canada. Pretty much every province (including mine) deals with US states on a regular basis, so we have employees going back and forth.
The policy we have now is that if you don't have to bring electronics across the border, don't. If you do have to bring a laptop, don't bring any data. We just purge everything off of it except a VPN client. Once you're across the border, you can VPN in and work on a virtual machine using remote desktop.
Its sad that its come down to this, but the US government is so rampantly paranoid that at this point its crossed the line into insanity.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
For security reasons, certain items need to be placed into plastic bags and put in checked baggage when traveling to the United States:
1. Batteries, including rechargeable ones
2. Containers of liquids
3. Osama Bin Laden
You're frightened because the Customs has always had the power to search persons and physical objects at the border without a warrant, or that someone actually thought it might be a good idea to extend the longstanding and repeatedly upheld border search exception to include data on electronic devices? If it has always been acceptable (and repeatedly upheld by the Supreme Court[1]) to search for anything else illegal at the border without a warrant, can someone make a good argument why data on one's person or in one's possession at the time of border crossing should be excluded under those same provisions?
Or are you frightened because you subscribe to the idea that the US has turned into a fascist regime, when the EU and individual European nations have their own laundry list of controversial laws and provisions attempting to grapple with how to handle electronic data in a legal sense in the continually emerging Information Age?
[1]:
United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985)
United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004)
United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
Store anything too private on a network drive or private ftp. Upload before you leave, download when you get back.
Not me. I have never been more embarrassed to be an American as I am now. I thought we had the Constitution to protect us. No, wait, W fixed all that when he created the DHS, they have no stinkin' rules.
Every time you call tech support, a little kitten dies.
When they boot the system, all they'll see is Windows. Windows will ignore the Linux partition(s). For anything other than an anal-probe search, this'll be enough to keep them at bay.
It's unlikely that they'll do an anal probe search unless they find something else on you that worries them.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
"With the right accessorizing and appropriate leather:latex:chainmail ratio, you can ensure even the most intrepid airport screener will breeze you through in record time."
Hehe. Family photos huh?
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
Get a 2 gig usb key, stick on some assorted word documents and MP3's, bang all your pictures in an archive, rename it to something inconspicuous like 2007 Oct rep.dat then stick the USB stick on your car keys.
They would have to spot that you had the stick, decide to check it, find the random file suspicious, and then not buy your line that its a dump from the corporate database or something.
for a family visit and also brought my laptop with me. For what its worth, during re-entry check at JFK, I was not searched at all, nor any questions about my laptop. The agent was actually very polite and asked "Did you enjoy your trip?" I was not looking forward to the re-entry check, but it was smooth sailing - Last time I visited Pakistan (2 years ago), upon re-entry I had to go to the special Homeland Security check room and was questioned quite a bit, but they never checked my laptop. Anyhow, considering I traveled to what is perceived as a dangerous country, I was pleasantly surprised that I was not subjected to such a scrutinizing search of my belongings. I'm guessing that the searches are somewhat random..?
Millions and millions of people travel with their laptops to all countries in the world. Just about no one has problems. Keep things in perspective.
Yes, you should be concerned about laptop searches and seizures as a general principle of public conduct. No, you shouldn't be at all concerned about your laptop on your trip.
Don't bring your laptop. In fact, don't come at all. America doesn't want you here.
They don't check small devices, now do they? I mean your laptop is subject to search, but what about your MP3 player? What's to stop you from imaging your laptop, stuffing the image onto to your iPod (or Neuros II if you like your portable electronics big, black, ugly and not grotesquely overpriced like I do), and replacing it with a vanilla Windows installation. Let's face it, merely running Linux could be looked upon as suspicious by some people. It looks different. A loyal, patriotic American would run Windows.
Anyhow, once you get past security, you spend a half-hour restoring your lappy and you're good to go. A 2.5" USB hard drive is about the same size as a (largish) MP3 player... are they likely to inspect, or even notice that? I doubt it.
Frankly, I suspect they are really concerned about physical security, making sure your lappy isn't packed with plastique, than what data you have on there. Demonstrating that it works is probably sufficient, unless you've been pulled aside for "special" screening, meaning they are worried about you, or more likely want to hassle you so people don't get upset when they also want to hassle the people who, for instance look Arabic, dress funny, have one way tickets paid for with cash, no luggage and are muttering to themselves, "Allah Akbar!" and writing out their wills.
You are in a maze of twisty little passages, all alike.
Try not breaking the law. You have already posted in a public forum that you plan on doing copyright violation. How smart was that? You also said what you were doing and where you were going. Why do I get the feeling that you really aren't that concerned about privacy, or you're doing something illegal that is going to draw attention anyway?
My suggestion to you at this point is to not bring your laptop at all. If you do, try bringing the actual DVDs with you and while you're at it burn your images to DVD too. They can't search those without a separate warrant.
Just go, take your laptop and use it as you would.
Every extra step you do to hide your data in the laptop (if at all they check) will increase the suspision.
Have the laptop contain nothing but a pretty blank install. Store all your data on a network share. If you want, you can encrypt the connection. Much better solution than using encryption on your drive, risking a bye-bye to your laptop and your data at the customs office. (By the way, in the current political climate, I wouldn't go into the US if I could at all avoid it, but I realise there may be people who don't have a choice in the matter.)
You're being overly paranoid. As a Canadian who travels to the US a lot (and is scrutinized more than a US citizen) I can assure you, the extent of the laptop inspection is
"Please remove the laptop from it's case and put it on the conveyor belt"
Followed by an optional random swabbing.
You stand a better chance of having your insides inspected by a TSA agent than your laptop (cavity search, get it?).
Put them on a CD-ROM and mail it. Put a freakin britney spears cover on the CD if you don't want anybody looking inside; you can probably even bring it in your luggage that way without incident. I've brought laptops through US customs at least half a dozen times since 2001 without incident; I've had to take it out of the bag and once I had to open it and let it wake up so the federal douchebag could see that it wasn't running linux or some other commie operating system, but I've never been asked to open directories or files or had to surrender it for any closer inspection.
You're paranoid.
I've never had or even seen anyone having their laptop searched. They only do it if they feel you are being incredibly suspicious in the first place.. what these criteria are, we don't know (and won't ever know..) but it's safe to assume that 99.999% of people take their laptops through without incident, unless you're going through Newark, in which case you don't need to be under any suspicion.
After reading that news story I actually made sure all the stuff I had in my luggage when I came through Newark this August was ACTUALLY there (I just dumped it on a shelf and didn't bother to even untangle the cables) and it was so maybe I just missed him.
All in all, I'd be more worried about theft, or even the aircraft not plummeting from the sky because you have wireless turned on in-flight, than privacy.
I just traveled back from Australia through LAX with my laptop. I and others around me, all whom had laptops, none were asked any questions and the security never even looked at the laptop other than putting it through the X-ray machine. I wouldn't worry about a thing; they sure weren't
On the October 6th, 2008 "This Week in Tech", Kevin Mitnik talks about how he now deals with taking his laptops in and out of the country.
TWiT 163: MitNicked
> a week long round trip from NYC to Puerto Vallarta Mexico
Are you sure you'll be spending anytime in Mexico? Seems to me you might get to mid-Texas before you have to turn around in order to make it back in time.
Assuming you are just taking snapshots I would not encrypt anything as that would arouse suspicion and a suspicious customs officer may invade your privacy a lot worse ways than flicking through your holiday snaps. Rubber gloves etc....
there have been a LOT of scary stories about this lately... I was concerned about the same thing... BUT... like some others have said, I have yet to see a laptop being inspected/confiscated. Two trips out of the country this year, one to Cabo, the other to Paris and Prague. No problems.
We flew into Munich, traveled by Train to Austria and returned to the US via Munich. We had no issues other than US Customs wanted to review the food items we were importing and declared. We knew that when we bought the Austrian chocolate and it took maybe an extra 5 minutes to go through the Agriculture lane for customs.
I did burn a DVD of my pictures as a backup, more in case the laptop was stollen than if US Customs wanted to retain the laptop.
Get over the paranoia and go see the world.
and only auto mount one of them.
Partition your hard drive, encrypt it, remove the hard drive from the laptop, send the laptop through by itself, send the hdd thats partitioned and encrypted somewhere else
And tell them to eat dick. www.myspace.com/an_anti_hero
more info on this at www.cryptogon.com
How to beat those fascist pricks.
This is easy.. you just take a really old laptop ald load Vista on it. It will take SOOO long for the laptop to boot and access anything they will just push you right through the checkpoint rather than waste time waiting to see what's on your Laptop.
I mean who really wants to stand around and wait for a 10 minute boot time ? They are wasting your time, so turnabout is fair play waste some of theirs. It's not like they can cite you for having a slow machine,
I fly constantly, come back through US Customs at least once per month, have done so for over 4 years now. I have a Saudi visa on my passport and am back and forth to Qatar and Dubai as well as all over Europe. Not once has a Customs official ever done anything but say "Welcome home" upon my return to the US. Don't worry about it.
here is my idea about how to overcome the problem. When your hard drive is encrypted, with True Crypt for example, this is immediately visible to any observer. So they can take your laptop away or ask you to give out the password. Instead I would like to code a little utility, to pass the frontier :)
The main thing to notice is that encrypted data is, high entropy data with no meaning (if you don't know the algorythm and the key :).
So the idea would be to embed encrypted data in other formats that have high entropy as well, like compressed files or videos. If they try to open the video or the compressed file they will get meaningless and apparently corrupted data. So what? Haven't you ever had a corrupted video or compressed archive on your hard disk?
Obfuscate encrypted data as corrupted compressed data of some sort should fool them.
What do you think?
I fly to Ukraine or Russia every year and have never had a problem. They do check to see what I have in the computer carry bag frequently but nobody has ever requested I show them the photos on my USB Memory Sticks or even turn on the PC. Unless there is a reason, they probably won't bother.
Banjo - The more I know about Windoze, the more I love *nix
If you do your encryption properly, it simply can't cracked by anyone not willing to expend a lot of expensive computer time — if at all. Encryption gets broken by user sloppiness, social engineering, or (depending on your tin foil hat status) undocumented back doors. NSA magic only works in the movies.
But you are right about one's laptop getting seized and disappearing forever. The possibility of that happening would keep me from ever taking my main laptop outside the U.S., period. The existence of an encrypted file system might raise their suspicions, but they manage to get suspicious even without that.
If you have to take a laptop abroad, go out and buy a cheapie you won't mind losing. And if you decide to put your vacation photos on the laptop, you should make a point of not hiding them, so as to avoid drawing attention to yourself. Having an ICE agent see what you look like in speedos may be an embarrassing and pointless invasion of your privacy. But a little embarrassment is something you get over; becoming a "person of interest" is not.
Unless your pictures are very sensitive indeed, and it would totally screw up your life if the wrong people saw them. In that case, the last thing in the world you should be doing with them is schlepping them around on a laptop.
Why not just hide the living daylights out of the storage card? You can hide it inside a Reese's cup on the floor between the seat.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
An idea that I had a while back (and previously mentioned on Slashdot), but which I have never had the time to implement, is to use multiple layers of steganography and encryption over Fuse to make a plausbly-deniable encrypted volume.
The layers would be as follows:
This has advantages of being more deniable than a single large file of random data, unusable free space at the end of a volume, etc. Since the steganography layer would be storing essentially random bits, it would in theory be less succeptible to analysis which indicates that it *is* hiding information. (If you use high ISO photos, with a bunch of noise in the first place, this would probably be even better).
Can anyone think of problems (either implementation or theoretical) which I may have missed with this?
If anyone is interested in doing this with me, drop me a message... I am thinking of doing this in Python, as there seems to be a bit of encryption / steganography libraries already there... alternatively, if anyone knows of an OSS project which already does this, I would appreciate a link.
Cheers
I've travelled in and out of the US quite a lot of times in the last 12 months, and not being a US citizen you'd think they'd check better... well they don't , imagine that if they have to check everyone's hard disk, they'd take a lot of time for every board. At the most, they will ask you to turn on the laptop just to make sure it's a laptop and not a case that you use to put something else inside. Just be cool and don't start talking about privacy violations while you're waiting in line, that's the worst you can do.
The world is a tragedy to those who feel, but a comedy to those who think.
I've done this recently, not just for travelling, but for using networked, 3D accelerated games with rich multimedia that cannot enjoyably run in linux or even played without proprietary kernel drivers outside of a VM sandbox, and which blow normal security practices to bits.
What I did is create a normal linux partition, locked down but still highly usable for multimedia, gaming, and typical virtual machine usage.
Then on one of the internal partitions I created a second, entirely encrypted root partition for a second OS using LUKS. This partition is booted by connecting a USB key and booting from it instead of the normal internal MBR, then entering passwords. The second OS is reasonably secure, locked down, much more limited in functionality, and contains tools to audit the integrity of the multimedia OS and virtual machines, as well as backup and restore them. The USB key is modestly obfuscated so that by default it will boot the multimedia OS unless a sequence of keys are pressed.
At airports I boot the less-secured multimedia OS to show that it's a laptop. Casual inspection shows that it's been used recently and complete.
If someone cares enough to really dig in, notice an encrypted partition, and confiscates my laptop for that reason alone the cost of the laptop is the lower down of my list of concerns. If it happened, I'd probably switch to booting the secure OS fully from removable media like easily hidden flash memory.
If someone wants to threaten me for the secure partition's contents, including lie detectors, drugs, 'enhanced interrogation', etc.. Well that's honestly more than I am concerned with at the electronic level. But if I thought it was a real possibility and worth fighting against, I'd have some tripwire that would self-destruct the data on a particular password (perhaps obfuscated to look like a boot sequence that detects corruption and initiates a disk filesystem check), or not have any data of that importance on a typical laptop drive to begin with.
On the October 1st edition of Off the Hook, Kevin Mitnick talks about how he was recently detained in an airport because because the FBI told customs that he was under suspicion for cocaine smuggling. (A charge which he was cleared of in a matter of hours). It's a fun story to listen to, but the lessons boil down to:
1. You're still protected by the 5th Amendment if you're a U.S. citizen, even at the border. Although Mitnick consented to a search of his personal data and told the agents lots of stuff he wasn't required to, he did so with the intent of getting the whole thing cleared up so he could get out of there quicker. His lawyer later advised him that he only should have told them his basic personal information and travel plans and kept silent about everything else.
2. Don't carry any privileged, sensitive, or classified information with you when you travel. Even encrypted. In today's wired world and near-ubiquitous Internet access, there's just no excuse. You carry a "blank" trusted laptop with you and access your data remotely via an encrypted link.
3. The new boot-to-Linux-firmware feature on laptops is priceless at customs encounters. Maybe they'll pick up on it eventually (they'll probably consider it some devious deceptive thing), but for now it fools them into thinking that what they see in the flash-based Linux desktop is the whole computer.
...illegal searches are those who have something to hide. If you are not guilty, then you shouldn't care.
I also believe that everyone should have fingerprints and DNA on file. The right to privacy is NOT guaranteed in the the constitution.
IceT'd character would be proud.
What about magician sleight of hand? "I take out my storage card, I hand you my storage card... oh look, it's not the same one!"
What about a data cd with a Prof movie label on it? "Hmm... laptop, we'll take it. Brokeback Mountain movie, you can have that".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I'm no terrorist but this is how I do it. I personally don't trust anything. So I use a completely blank laptop and my Knoppix live CD. Then I mount my SD drive and push everything I need to save to that. Then I put my SD cards back with my camera, snap a few pictures and enjoy my flight. People only look at you weird when they ask you to turn on the laptop and it just does nothing. Either that or load DOS 6.22 on it.
Put any sensitive info (also encrypted, of course) on those little things. Extremelly easy to hide, especially if you're not targeted on any way and don't carry an adapter.
One that hath name thou can not otter
You could hide your pictures inside some porn downloaded off the internet...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Now that you've escaped, why bother tunneling your way back into the Stalag^H^H^H^H^H^H Soviet^H^H^H^H^H^H U.S.?
"Flyin' in just a sweet place,
Never been known to fail..."
I just went to Japan and back (flying in and out of Detroit), coming back on Sept 5th. So it's a pretty recent trip
I had a video camera, a still camera, and my laptop. I also took about (no joke) 1100 pictures.
Aside from all the normal security rigmarole, no-one ever looked at my laptop or cameras. I also did not see anyone else get any special attention paid to their laptops.
With going overseas, the only thing I saw as being important is that your passport is legit (and always out) and you aren't on any lists, and you go in the right line.
And don't bring back anything "funny". The people at customs and international security (generally) do not like funny from what I saw...
I did burn a DVD of the pics while there, and had most on a memory stick, as a backup. If you have internet you could do an online file storage service.
Flappinbooger isn't my real name
I travel outside the US all the time, only once (several years ago) have I ever been asked to open the laptop and turn it on. Once they saw it booting up that was all they wanted to see.
Im sure many others have horror stories about this, but for me they scan it in a separate bucket and that's pretty much it.
Buy a book. That won't break and can bend and if lost is easily replaced. If you buy second hand, you can even trow it away (or donate it) without loosing too much money. And if stolen, it is not a huge loss.
For the pictures you are going to take, buy some memory cards. Prices might be even cheaper in the USofA then where you are comming from. I have seen 2GB SD cards for 5USD and 8GBSD cards for 17USD. And if you are able to use SD, then you could even opt for microSD, which wil take no place at all. One adapter is all you need. I just put them in my wallet with my change.
Don't fight for your country, if your country does not fight for you.
Regular people, just doing ordinary legal business now need to worry about this?
What the fuck is up?
Doesn't this read more like an item that one would have expected to read - historically - by someone concerned about a visit to the Soviet Union, East Germany or Argentina? Looks like the Soviets didn't lose the cold war. There are just 1st and second runners-up, with both losers in a 15 year period, no? I mean, you fuckers used to have LAWS. You used to have a Constitutional validation of basic individual rights! But, I guess there are more important things to a nation, than the consent of the governed.
In America, Soviet Union becomes YOU! You fucked up, America. And now you no longer exist in any meaningful context. The only single thing that defines you as a coherent entity within your borders is the way in which you are taxed - without representation.
I don't know if I am angry or sad. But it is sad.
"Flyin' in just a sweet place,
Never been known to fail..."
Why not encrypt all your sensitive files and chuck them on an SD card. Put .RAW as the extension and then put the SD card in a camera. Simply chuck them back on your laptop when you've passed customs.
.
It would seem likely that USB key would be taken in for examination as well. If border security sees a key and a lock what happens when they ask you to open the door?
The border police on duty likely have no knowledge of TrueCrypt and its various technical modes (that information is above their pay grade)
That assumption strikes me as pure Geek - just a little too arrogant and careless.
Less of a problem in this particular case because I doubt any of those security agents will know what a software patent is. Still, if I use software that violates a patent in the US and if I bring a laptop with that installed into the US, am I committing a crime under US law? My country's constitution does say that I can only be tried under its laws, but I bet every country says that.
Going for the Quadratic pun: How about a fake-broken copy of Windows?
"Gee officer, I am such a dummy about computers."
See this traumatizing example for case study material.
http://www.youtube.com/watch?v=1JMuJ6Wy1j0
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This past year we took a laptop with us to Vietnam to pick up our daughter. (We blogged from our hotel a lot. We were awake most of the time anyway.)
Our jet-lagged child's first hour in the USA was interesting. Nothing cuts through the red tape and lines more effectively than a cranky baby screaming at 160 dB.
--- The American Way of Life is not a birthright. Hell, it's not even sustainable.
I will write here the same thing i said few months ago when a friend came with surprise for 'you have (if asked) to provide your encrypted volumes passphrase to enter US or you could be rejected!'... Is peolple who define these checks stupid ? Do they really think that who could have REALLY SENSITIVE / DANGEROUS data on his drive won't be able to encrypt them, store them online, and download them when inside the US ?
A far simpler, though more hardware based solution: Mail the drive to yourself.
That is to say, go out and buy another (small) hard drive for your laptop. Swap drives, and a couple of days before you leave, mail your real drive to yourself. *NOTE* Package it well!
Go through customs with a completely fresh install of XP, and pick up your real drive when you arrive at your destination.
Repeat the process in reverse coming home.
Of course this has downsides: you have to buy another hard drive, be able to switch it yourself, and you lose a couple of days of hard-drive transit time.
But on the other hand, the TSA will *never* see your data!
Ok, assuming you're not on the radar of the government, all you have to do is fool them into thinking you're a normal person.
Why not do one of the following?
1. Create a linux boot partition, but have grub not give you any time to choose (or to even see, on the screen, that grub is there) Your ext3 partitions wont show up on the windows side, and the airport guy will be none the wiser.
2. insert a micro sd card into your watch (there's room), or into a cell phone, behind the battery, or any number of nonchalant places of no interest to the airport guys. 3. Create a spanned rar file and rename each file to not have an extension and to have an ordered but uninteresting name. Count them down from 100 or something. And then disperse them into at least 3 folders, like system32 and other random places. Just remember what you ordering system is and where you put them! =p Hell, a single obfuscated zip file isn't going to set off any alarms with the TSA guys.
As long as your computer looks normal, they're not going to be as paranoid as you in figuring out where your stolen movies, music, games, enterprise software, and most importantly your porn, are at.
No need for outlandish encryption schemes. Old fashioned "walk out of the store looking like you own it" mentality is all you need.
I'd be more worried about taking my laptop into Mexico. You might be left with no laptop to take out - encrypted or otherwise.
As a matter of fact, I was in Cancun this spring for ICDE, and had to take my laptop for my presentation. I ended up checking it at the hotel front desk each and every time I left my room. It was an enormous pain in the neck. If you want to save your photos, upload them in Internet cafes, or bring extra memory cards. It's so much easier!
And I just came back from Europe, traveling with a laptop. No one was interested in it, other than the usual "take it our of the bag and put it on the security belt." Do you really think customs officers have nothing better to do than look at your photos? Puhleaze. Worry about theft in Mexico - at least that one has a decent probability of happening.
I recently travelled to Panama and took my laptop for the same reasons you are taking yours and never once was I asked to even turn in on at any point leaving the USA or coming back into the USA. Panama officials never had me so much as turn it on either.
Next: cry or act completely bummed out.
They will say "Let's restart it" and bingo: it happens again. They will let you pass. As you complain about Microsoft's craptastic OS.
Perfect.
And easy to undo.
RS
Shoes for Industry. Shoes for the Dead.
Recently I've bought a new 8 megapixel camera and with it a 2GB SD card. I was pleasantly surprised that I'm now able to store over 1000 pictures. So, goto to the US without your laptop but with your camera and while there obtain some cheap SD cards. 10 of em shouldn't cost your more then 100,- and that's over 10.000 pictures. Unless you're shooting a lot of photos it should be enough. It would also save you the trouble of carrying that laptop everywhere.
why data on one's person should be excluded...
I think if the person is, for example, a lawyer, the data in question could be protected by attorney/client privilege, and therefore they could face disbarrment for disclosure, even were it done under color of authority.
I imagine, in fact, that this is a real issue for lawyers attempting to operate on behalf of the detainees at Guantanamo Bay.
But I'll also answer the question in the subject, as to why it should not simply have an exclusion cause for lawyers, instead of being struck down for everyone: because it's in my head and they have no right to search my head. What's the difference between data in your head and data encrypted with a password stored in your head? To me, the data is in your head, and the data on the hard drive is just a useful memory aid.
Oh, and if the original poster is more concerned about them getting his data than about losing the laptop, make a one time pad, make a copy of it, put the copy of it in a safe deposit box, travel outside the US, and then after encrypting the data with the OTP, destroy the OTP so it is impossible for you to comply.
-- Terry
RS
Shoes for Industry. Shoes for the Dead.
I live in a border town, and take my laptop 'over the river' at least once a week as I use it for Microsoft Streets and Trips w/USB GPS and I've never had any questions about the contents, aside from whether or not I just bought it or was importing it (I provided the receipt upon asking).
I also had no issues taking my laptop to and from an islamic nation, travelling through 4 other countries at the same time. Nobody cared.
.
The international border is inherently a "no man's land."
Nothing is fixed or certain until you are safely across the line - one side or the other - and not always even then.
It makes perfect sense to limit your exposure.
In real life, spies hate gadgets. No matter how cleverly disguised, the gadget is always a danger. It's a lesson in survival the geek might usefully remember.
Buy the largest USB drive, 32GB with smallest footprint you can find. Go buy the largest car remote you can find. Open it and remove the guts. Place the USB drive inside the hollow cavity of the car remote and snap it back together. Attach it to the key ring with your keys. Make sure you copy all of your files on the drive before you return and remove them from your hard drive. Pass the keys and your pocket change through when you come back and offer your laptop to them for inspection. Works quite well.....
Kevin Mitnick had this exact issue and spoke about it at length on "This Week in Tech" (TWiT). Essentially he said to send the data to yourself over the internet (email it or post it) and keep your laptop clean. If you must encrypt, use something strong like TrueCrypt. US law states that they cannot persuade you to provide any passwords. TrueCrypt best practice is to place an encrypted volume inside another. That way, even if you give them a password, they won't get your more valuable/private data.
Do you even need to dump the pictures off your camera while you're still on vacation? Just buy another memory card if you're worried about space.
No sig for you!!
Store everything on the thumb drive, don't use truecrypt because you don't have anything to hide correct?
So why make it look like you do.
Alternatively contact the hotel you will stay in, UPS the laptop there then UPS it back.
My friend does this all the time to avoid border BS, and I can't express how stupid it is to check laptops...if I'm tryin gto get data in or out why would I leave it on my laptop?
FTP it, bit torrent it, mail it in a hard drive or thumb drive...but leave incriminating evidence on my laptop?
Only pedophiles are that stupid.
"If any question why we died, Tell them because our fathers lied."
Call me paranoid, but I would encrypt my data, put it on a thumb drive that looks like Mickey Mouse, and then put in a bag with a lot of other small toys. (Or upload the pix to flickr.)
"Is dis a system?" -- R. Crumb
Pack it in your backpack.
Security check? bite it, have a comfortable & pleasant conversation with the agents they want it.
don't spend a dime on encrypting shit. don't fsck around w/ yo wallet before the trip. save up some and have a nice meal or sth.
Pack up good dream and plan ahead your trip.
Trust me, i don't think its luck or anything. agents like me all the time. just keep above things in mind.
... and don't be overly paranoid :)
This year, I entered the US 4 times, I've been pulled aside 2 times, I never had to show my laptop. My colleagues have similar experiences. I can only speak about traveling between the US and Europe though.
You're right to be outraged about unreasonable search and seizure.
The people working on this are ACLU, EFF, I think Amnesty International, and some other similar groups. Maybe you want to forgo one of those umbrella drinks during your trip and send your favorite one a nice donation when you get home.
I've flown back and forth to Central Mexico over the last 4 years (usually about once a month) with a laptop, and I've never had immigration or customs even look twice at it. While I know they are searching some laptops and probably confiscating some I think the rate at which it's happening is probably extremely small and much smaller than the paranoid folks here on slashdot make it out to be.
In other words I think the risk of losing or even having your laptop are small enough that it really isn't worth the effort to worry about it, (unless you fit the "profile" of a terrorist that is.
I can't speak for international travel as I haven't traveled out of the country yet but I have traveled around the US with my laptop. Most airports don't even bother with my laptop but I have had some airports pull me aside and ask me to power on the laptop to verify that it actually works and is not some sort of explosive I guess. I don't see why border customs would be any different. Why would they care what people have on their laptops (let alone have the time to rife through all the data)? I would think they'd only be concerned that it's not being used to transport other items of concern such as explosives or drugs.
If you're rich enough to be taking a goddamned vacation right now, rich enough to be living in NEW YORK CITY and can afford the time and money to take a vacation, then you can afford to leave your laptop at home, buy one when you get there, and donate it when you're done. Why don't you just stay in Mexico, you filthy rich freak. People are hungry. People don't know if or how they are going to make their next house payment.
Buy external hard drive and mail it/put it with your luggage
Border agent: What is your reason for traveling today. ...
Geek: I'm talking to a company about fault-tolerant servers
...
and in this Powerpoint you'll notice that the two processors are running in
lock-step. Whereas, this comparator here looks at these two pairs of CPU's
....
Border agent: You may go.
Geek: Wait! This is the interesting part
Border agent: For the love of God, please go!
[Insert pithy quote here]
I regularly cross the border to go shopping in the US and always take my laptop. Not once has anyone ever asked me or bothered me about it, I have even be using it as I show my passport and not be bothered.
I am in US just now. They just wanted to pass my 2 laptops through X-rays twice when I boarded in SFO to Orlando. When I arrived in SFO, not even X-ray. Take care about your passport. I just got it stolen, and I have to wait here until the authorities of my state will move to make me a temporary one.
Just got back to the US. Had a laptop and an mp3 player. No problems. Do you think customs officers have nothing else to do other than check all laptops? You'll at least have to act weird to attract their attention.
With a reasonably modern laptop, you have 100GB+ of storage space, TrueCrypt can pose as any file type. Even if they check ever file 1Gb or over thats still 100 files that would require checking. Somehow unless your pictures are in "My Documents/My Pictures/Porn" I doubt that an custom agent had the time.
I travel into and out of the US with my laptop (including my normal photo collection and some porn videos). What's the big deal????? Quit yer whinging.
Didn't you ever watch Hogan's Heroes? You tunnel back in to help the others and play tricks on the commandant.
First let me say that you're far less important than you think you are. Nobody is going to care about your photos. If they do, you must seem pretty sketchy.
Take some crappy holiday snapshots and stick them into "My Pictures". If they ask to see your holiday snapshots, happily show that to them without going off on some ranting libertarian diatribe. That will satisfy 99.9% of the population. Put the rest into a vmware image or something. If you get the resident TSA IT genius, you're probably getting the rubber glove treatment.
is that the best chance of sneaking peeks at real terrorists laptops is to feign disinterest. If customs just made cursory checks, the terrorists would get careless, and covert agents might get a peek. Just like the NSA wiretapping (of *foreign* calls to the US, not domestic calls, and citizenship not relevant) was most effective when the bad guys didn't know they were doing it. (Thanks a lot NYT.)
Buy a new hard drive for your laptop and do a basic minimal install on it. (If they keep your laptop, nothing to find.) Store whatever data you need on the internet somewhere (even your home/business server), travel with nothing on your HD other than the OS. Then work exclusively with online data and / or create a RAM disk for local temporary storage. Then put the data back on the network and shutdown your laptop... poof data gone. Then come back into the US.
This is becoming more and more common practice as it doesn't matter if your data is incriminating or not, it is company business and is therefore confidential.
"Computer Scientists can count to 1024 on their fingers" (non-mutant, non-mutilatated, human computer scientists)
Law enforcement types are not that bright. Fighting with them is equally not bright. Hardware is cheap and encrypted online storage is too. If your concerned about your data it has no business on a portable device anyway!
If I had to travel in and out of the US regularly I would buy a laptop for inside the US and a laptop for home and store the laptop in an airport locker or in a storage unit. This would just be a vehicle to my data however as the important stuff would reside on secure storage in a politically neutral country.
The harder the government presses for "control" of something they don't understand or have rights to the more complex the encryption will become. Regardless if they want to admit it or not they don't have control over the digital world.
Good ideas: /etc/fstab).
1. Put data on a partition that doesn't automount on boot (e.g on a linux partition that isn't in
2. put the data on an ipod (usb drive). People don't usually think there is anything other than music on these.
3. put data on usb key/cdrom and mail it home. (less likely to be checked). Encrypt it if you like.
4. accept that these ppl are doing there job (which is ultimately to protect you and your fellow citizens). Go along with it. If you don't have anything to hide then you shouldn't worry. If you do have something to hide you need to get rid of it and become a better person.
Bad ideas:
1. put data on usb keys (uh people know how these work and can just put them in a laptop and check)
2. Encryption - most people don't encrypt their data so this just says that you're hiding something.
But there are enough stories of some border guard getting into a huff if he even thinks you're hiding something from him, and confiscating the machine for later analysis. Encrypting is a good measure that they won't find anything when they do that, but you're out a laptop. Better to not give them a reason to even care.
:P Either keep the drive in the machine for the trip back so they can see a relatively clean XP install, or ditch the drive somewhere and do the grumble-gee-it-broke routine when they try to boot and it complains about no system disk.
Dual-booting is one option and, in my opinion, the best. Set up a small partition, put a clean install of XP on it, and set your BIOS to boot from that by default. Change the background and put a few totally innocent-looking, common icons on the desktop so it doesn't look so obviously fresh. Once you're through customs you put the BIOS back, lose the partition, and you're back to normal. They're not going to know about the partition where your real stuff is, and this method should work regardless of what OS you normally run.
Hell, you could even deliberately break your new XP install so when they boot it up, all it does is hang / blue-screen / throw some error and reboot again. Then you grumble and say you dropped it while on vacation and it's been doing that ever since. They're not going to give you the third degree about it, cause everyone's gone through it.
If you're really paranoid, pick up a little 10 gig 2.5" drive somewhere (they're practically giving 'em away these days) and put it in your laptop in place of your real drive. Throw XP on it, use it while you're out of the country. As for your data (e.g., pictures), either upload them or burn them to CD or DVD. Jam the DVD into your car CD player. It obviously won't play but they're not going to inspect your car stereo, especially if it's off.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
My answer to this problem is simple. Fill up your hdd with legal but really gross images. Old people doing sexy times would be a good way to go. Then, the snoopes are forced to get an eyefull of some saggy luvin! I guess you are too, to some degree. But punishing fascists is never painless!
Sorry, but if you take your laptop and any part of it is encrypted (especially if you have full disk encryption where you need to enter the password just to decrypt the drive and boot) you are GUARANTEED to get it seized because you must have "something to hide".
The only solution is to have a minimal install of windows xp (since that's what TSA drones will recognize) with NO DATA onboard. Keep all your data out on S3 (jungledisk) or some other service, and get access to it when you get to where you're going. That way if your laptop gets stolen (other than by the TSA who thinks he'd like your shiny new laptop) they don't have access to anything.
Remove anything that you are concerned about from the laptop.
Get a couple of flash thumbdrives - 16gb and 8gb versions are readily available. Carry them separate from your computer, use truecrypt.
Consider burning movies/music on DVDs. If burning pictures, use truecrypt.
Try to learn to deal with the emotions around someone snooping around your computer -- the ground troops are just doing their jobs, in long exhausting shifts, in exchange for low pay. If you want to address the problem of your privacy being abused, consider legal ways of changing the laws.
You realize of course this thread was initiated by the US Border Patrol Information Systems Agency...Keep letting them know what to look for.
USB thumb drive or a few 2 gig micro SD cards in your pocket and you wont have an issue; the MicroSD are so tinny they will never show on any scan/pat down/or metal detector. What's a s gig microSD worth these days anyway?
Your sample size of 1 is clearly sufficient to establish a pattern.
Emailing is only workable if you are using small files otherwise on foreign sometimes useless connections uploading the photos is a problem. Solution Get some no name Mp3 player that has a cord nobody would ever find in there life, upload the photos onto the mp3 player, and toss the cord (I put mine in my gfs bag). Another solution I looked into was bringing a small screwdriver, taking a USB key and removing the casing then inserting it into the innerds of my laptop so it appears as just more computer junk.
Just put all your data on a removable volume and label it "NSA Military Phone Sex Tapes - Top Secret." Customs agents will have already heard the most juicy .mp3s and your volume will be passed over as old stuff.
Take your "pictures" and videos, put the on a USB stick and stick it... Somewhere they are not likely to look.
Laptop clean, problem solved....
I travel in and out of the U.S., the U.K., and Spain every couple of months with my laptop, and sometimes with an additional computer, and I have never been asked to show it to anyone nor have I seen anyone else having their laptop checked. The security in Heathrow doesn't even want the laptop taken out of the carry-on anymore, and the U.S. customs rarely looks at anything from anybody that I have seen.
While that provides wonderful protection from them actually getting your files, it does not protect YOU from invasive searches, detainment, and other things. So you really have to decide what's valuable to you.
Frankly, your best bet is to be able to prove your innocence, rather than proving that you're some kind of cryptographic genius. In other words, you actually want good steganography, so that you appear to have absolutely nothing to hide and so that you can "prove" it to them without acting nervous.
I'd recommend that:
* You only travel with a cheap laptop you can afford to lose.
* You can boot straight to something familiar like Windows and that your desktop & My Documents are nice, clean & relatively empty with only some innocent, planted files you don't care about. Similarly, clear the recent documents nonsense.
* You have no (visible) encryption programs. If you want to encrypt something, encrypt it from another computer (the laptop you carry shouldn't have ANY encryption software), put it on a USB stick or hide it in the system32 directory or something with a name like memory_dump.dat or whatever.
* Download the decryption program once you get to the other side, keep it on a USB key, and erase it when you're done.
This isn't perfect, but the idea is that you should have nothing to hide. They don't search people who aren't suspicious-looking, after all.
just rename the .jpg or .gif or whatever picture file as a .mpg or .dll or any other filename. boom no picture files, then change it back when you are through?
There are a few good articles from the EFF:
EFF Answers Your Questions About Border Searches
http://www.eff.org/deeplinks/2008/05/border-search-answers
Protecting Yourself From Suspicionless Searches While Traveling
http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
First of all chances are that the TSA folks won't do anything more than ask you to turn your laptop on to show that it's not actually a bomb (or full of drugs, or whatever).
Second, if they do want to actually look at whats on the machine which do you think is more likely result in you sitting in an interview room for six hours while your connecting flight departs without you, a bunch of picture of your girlfriend in a bikini or several MB of encrypted data that you refuse to show them?
However you might feel about the current state of affairs vis-a-via laptops and TSA; unless there is something there that can land you in court you're way better off just looking as "normal" as possible and flying under their radar.
If you want make a stand on principle regardless of the consequences then encrypt all files and put them in a folder on your desktop named "WMDs you can make at home", otherwise don't worry about it.
You say:
Or have it "crash" on boot and you'll be sent along your way with a sympathetic shrug.
I say: ... then freeze.
Ha! Have the grub menu show a Microsoft windows default boot. If the boot command line does not have a string (that you have to type in), Linux needs to silent boot and then display a Windows blue screen with some kind of good crash message
Here is another level of paranoia. What if they install a keylogger to snag your password after you refuse to give it?
Carry a copy of the 4th amendment.
Basically you're safe unless you mention that you are concerned about the issue to someone who might make that public or in some type of public forum. Since you mentioned it on /. - don't worry about it. You're screwed.
I do not understand why you are asking this question, since with the information you have, you already have the answer. You only actually need one piece of information from us, and that is whether Truecrypt is secure. The answer is yes, assuming you use it correctly. In fact, the cynic in me almost thinks that you know this very well and posed this solely to see if no one would figure out the correct answer...and the way you structured your question backs that up.
You have given three key pieces of information, including the software you intend to use...all you need to do is put them together. But I think you already know this, and what you're actually asking is "Can you figure out what I'm going to do, is it obvious, and will I get away with it?", and the answer to all of those is yes. Although no one here seems to have figured out the obvious course of action, the police most certainly has...Truecrypt has been around for over 4 years. It depends a lot on the customs agent you are lucky or unlucky enough to end up dealing with. Assuming the worst case scenario, your laptop is seized and put through an intensive search (unlikely under normal circumstances); knowing how to act is important. The key thing to remember is that for every person who actually knows how to use Truecrypt, there are many more who do not. Leave everything on defaults, and deny knowledge of any of the program's more advanced features. Do not give up your passphrase unless you absolutely have to.
And yeah...tinfoil hat....whatever. I've seen this sort of "naive" question many times before, and people who ask this kind of question nearly always have different motives to what they seem, usually aiming to discover the answers to the questions "can you figure out what I'm thinking?" or "what are the expected approaches to this?". Nice use of Socratic irony.
So in a couple of months all the l33t slashdotters a going to be smuggly waking thru border checks, with their hidden linux partions, truecrypt archives.. And the friendly TSA worker is going to pull out a USB key that checks for all the helpful suggestions posted in these comments.
TSA worker asks you 'are there any pirate movies / mp3s on your laptop?'.. are you going to lie? how many people on the flight saw you watching 'big momma's house 3'? can you afford to be without your laptop for a couple of months?
Of course, this comment list also indirectly tells you what methods do work. Which I think is what the guy who asked about all this was looking for...
I say bullocks. Okay, so you encrypt your drive with truecrypt. I imagine the exchange at the border will go something like this:
Border Agent: Okay, open your laptop and log in.
You: Okay... (logs in...)
Border Agent: Hmm, you've got TrueCrypt installed. I'm going to need you to give me the password to your hidden partition.
You: But I don't have a hidden partition (And maybe you don't. But it's irrelevant; you can't prove that you don't)
Border Agent: Why don't you just give me the password?
You: But I don't have a password; I don't have a hidden partition!
Border Agent: (taking away your laptop) You'll get this back after the NSA has cracked your hidden partition, or can prove that you don't have one. Have a nice day!
You: What!?
Border Agent: I said, have a good day.
The best bet you've got is to have a relatively clean laptop with the usual files: pictures of the kids, cookies from gmail or Yahoo, etc...
If you need to encrypt it, use steganography to hide it in your pictures of your kids, or that video you shot of dolphins at Sea World, etc... Because nothing attracts attention from law enforcement better than trying to hide something from them. The fact that you don't have a hidden partition is irrelevant; because of the fact that TrueCrypt makes no secret of this feature means that Law Enforcement is going to assume you are using it. It's their job to be suspicious...
The society for a thought-free internet welcomes you.
What's the point in lying to a law enforcement official that's questioning you? Ultimately you could land yourself in a lot of trouble, and I suspect the better border officials will have a good sense for your body language if you are lying.
Are you really required to hand over keys without a warrant? If its your employers data thats on there then you can surely hide behind a corporate policy that says you can't share your keys without a search warrant.
Honestly, i've traveled in and out of the US numerous times with laptops and never had they even ask me to so much as turn it on. If you have any data so important that it can't possibly be compromised, you probably don't need to be carrying it.
I traveled out of and back into the USA 5 times this year. Not a single time did they open my laptop, much less ask me to power it on.
a) I was clearly on vacation each time - based on the guidebooks/language books / camera I took with me. Wine brought back from Argentina. Just photos and memories from everywhere else.
b) I have an FBI file and finger prints
c) I used to work for the government with a clearance - 10+ years ago.
d) white male, graying hair.
e) new passport model with RFID - had to renew about a year ago
I use Truecrypt for all my passwords, personal data and financial data. A few programs are under truecrypt too, just because the data they need should to be encrypted too.
Hong Kong didn't search anything (that I recall) - walked pass the inspectors onto the train to Kowloon.
Argentina and Costa Rica ran everything through X-Ray machines, but seemed interested in fruits more than anything else. Leaving Costa Rica, they took my tiny bottle of hand cleaner away - too much alcohol in it they said.
YMMV
I can flat out guarantee that a number of UK based firms have instructed staff when flying to the US to delete any files that they would not want exposed - financial or competitive data, that sort of thing. I'm talking big firms. It *is* an issue, and non-US companies are very aware of it and actively avoiding it.
That said, I subbed my hard drive out of my Macbook when flying into San Francisco last week. Took me 30 minutes. I got to customs, the guy waved me through without a glance. I felt rather silly until the women I spoke to at dinner tonight explained how her father died while on holiday and she had to fly back immediately on a one way ticket. Despite being 50, white, english, married with a kid, she had the air marshall on the seat next to her for the first 30 minutes "casually enquiring" about her flight and her plans.
The moral is this. If you're white, booked a return ticket at least a week in advance with a credit card and didn't order a halal meal, you'll be fine. Otherwise, use TrueCrypt and prepare your story.
Just get a USB stick and shove it up your ass.
The way your dad looked at it, this Secure Digital Card was your birthright. He'd be damned if any slopes gonna put their greasy yellow hands on his boy's birthright, so he hid it, in the one place he knew he could hide something: his ass. Five long years, he wore this solid state media device up his ass. Then when he died of dysentery, he gave me the memory card. I hid this uncomfortable piece of plastic up my ass for two years. Then, after seven years, I was sent home to my family. And now, little man, I give this Sandisk Extreme 8GB SDHC card to you.
Create a bunch of hidden volumes, and fill them up with softcore porn. If they really do challenge you to give them access, you can go ahead and do it and explain that you needed to hide it from your girlfriend.
Unless you area on a watch list then they really won't care to wade through your massive collection of jpegs to find the small amount of important data.
I routinely take 200+ photos a day when on vacation.
Volcanoes, huge waterfalls, national monuments and the 7 natural wonders are worth more than 1 photo each.
Blogging during the trip helps me step back and remember the trip years later. Family and friends enjoy reading a page with photos while I'm gone too. I tried doing an audio blog. I suck at speaking.
About 50 photos a day are worth keeping ... filtering happens once I get home.
A 4G SD card holds 2 weeks of photos at 3M resolution, no problem.
I take 3 international trips every year (next one coming up in 3 days) and I've never been asked to turn on my laptop except on one occasion on a domestic flight in Italy 3 years ago when security (police there, actually) asked me to turn in on and log in just to make sure the laptop worked and wasn't just a fake laptop used to smuggle stuff.
There is a bill being debated in the US Congress right now to limit impoundment of laptops to 24 hours.
Those are my principles, and if you don't like them... well, I have others.
And one of the places that I brought my laptop back from was Iraq. Have never had a problem, and never had to turn the laptop on. They swab it and check for chemicals on it, and x-ray it but that is all. Of course every time I was traveling for business, and had a tools of the trade letter for my laptop.
The funny thing is I brought my laptop home from Iraq, and the only thing they gave me a hard time about was the hookah I bought in Iraq....
Go figure....
The worst part of being athiest.... You don't have anyone to talk to during orgasm!
Save yourself some trouble.
Burn them to a friggin DVD / CD and mail them home.
And yes, you are WAY too paranoid. Unless your making a snuff film, not much else would get you in some trouble in the states. (I can think of MANY things, but not many that a slashdot person would do).
You think your personal privacy is that important, eh? Serious question, as I don't give a fuck what someone finds on my laptop.... Is it privacy, paranoia, or just being a nerd?
--Toll_Free
Most states have a fixed time that they consider "speedy". In may states, that time is 60 days. Generally speaking, they cannot change that period even if you were a serial killer.
Instead, what they do is convince you to waive your right to a speedy trial so that they can "properly represent you", or some other such nonsense. Just recently, prosecutors in my county putt off a trial again and again on the basis that they "could not find" the complainant. When the defender finally stood up and mentioned "speedy trial" to the judge, the case was thrown out. But it took the defendant's lawyer to speak up... and the lawyer let them get away with two or three extensions before doing that.
Make sure to demand your rights, even to your defense attorney. Otherwise, they might not be observed.
How about one of those Eee PCs. Put your operating system, or "personal data", on a card, stick it into the card slot. Remove when not in use.
Encrypt and you will be a suspect. It was not long ago that PGP was consider munitions by our government! I guarantee that if the Homeland dweebee finds that you have encrypted files, you will be detained and interrorgated.
Do you really believe you have rights? Freedom is slavery, comrade!
I know there are people out there who have had terrible experiences with the TSA, but the chances of this happening to you, or to any particular passenger, are absolutely tiny. In order to "qualify" for such an invasion of privacy, you'd have to be pulled aside for individual screening (I'll call that level 1 inspection), have your carry-on + laptop hand-inspected, including turning the laptop on, and then have your laptop not just turned on, but painstakingly examined (lvl 3). Frankly, if you're at lvl 3, you're probably about to get strip-searched, which means the TSA is about to see most anything that might be in the photos you want to protect.
More to the point, if you're at what I've defined as Lvl 3, refusing to work with the TSA (i.e., by refusing to decypt a TrueCrypt partition for inspection), is only going to get you in more serious trouble. At this point, you're in a room, in your skivvies, and the guy sitting across the desk does not feel overly inclined to give you a phone call or access to a lawyer. In such a situation, your absolute best bet is to smile, comply, and show the nice man whatever it is he's interested in seeing. Then get the heck out, and take what legal actions you feel are necessary *after* you're released.
In short, the reason I think you're being overly paranoid is because the likelihood of you being inspected to such a degree is extremely low--and if you *are* inspected to such a degree, it's in your own absolute best interest to comply. If flying makes you nervous, if you have a habit of joking at improper times about improper topics when nervous, or if you simply feel there's something about your appearance, dress, or manner that makes you more likely to be selected for inspection, I respectfully suggest you spend time working on these behaviors, instead of encrypting your hard drive's contents.
1.- You don't need a laptop to travel. Honest. You don't, don't become an Apple posseur. The world is not going to end if one reads a good book, watches the on flight movie or sleeps instead of continuing plugged to a damn computer.
2.- There are mobile devices that exist specifically for:
a) Watching movies.
b) Backing up memory cards (gosh, how many pictures can you take? In my last holiday I needed 2x4GB cards, which is enough for 8 hundred pictures at best quality, so the need of even this device is questionable)
3.- The world is littered with internet cafes. Use them.
4.- If your hotel does not provide internet access why are you staying there?
Honestly, the best solutions are normally the easiest ones.
IANAL but write like a drunk one.
You're going on vacation. Leave the laptop at home. I'm sure you can find something else to do to entertain yourself on the plane. If you want to store your pictures, just go to a local cyber cafe and burn them to a CD/DVD.
With this of course! USB Hidden Flash Drive Watch
Openssl tools can be used its good, but only encrypts files not the filesystem.
Remove all personal data from the laptop. SFTP or SCP your photos to a friend before you come home. During the flight home, wipe your drive.
The most secure data is data that isn't there at all.
The winrar is you.
Use two hard drives. One concealed in the luggage, or sent by Fedex/UPS/mail, fully encrypted. Backed up for case it'd be intercepted. Another one with a fresh install or known-good image in the laptop itself, so the laptop boots. That way, there's nothing to find during eventual search. You can either make the laptop some "history", so the OS looks used, or claim that it is a business machine and a fresh image is the company policy for overseas travels; many companies actually do so now, so it is a plausible legend. Also, look unimportant, a small grey corporate drone on a trip.
One lesson from an incredibly expensive joke of a "terrorist" case in Australia is that a photograph of a landmark is proof you are going to blow it up. Be careful with those holiday snapshots!
I don't know if there's anything like it in Australia but in the US we have this handbook, "The Photographer's Right", photographers started to carry. In a photography class in college I was taking when 911 happened, we heard about how photographers started to go through questioning when they were taking photos. One student there was working on a class assignment when police or private security personnel tried to confiscate his camera. It was a bizarre tyme for photographers then.
Falcon
Should there be a Law?
According to briefing my boss gave me recently, Truecrypt would not help: If they really wanted to see your content they could ask you to show it to them or alternatively confiscate your laptop and decrypt it themselves.
TrueCrypt doesn't just encrypt data, it hides data. You can create a folder on a device, it works with USB Flash drives as well as harddisk drives, when someone opens the folder the folder is empty.
The latter would mean you would probably not see your laptop again.
That is scary.
Let me tell you: As a European scientist I am even more frigthened now to go or even move to the US.
I live in the US and in a few years I'd like to go to Brazil but all the stuff that's going on today makes me wary about trying to get back into the US.
Falcon
Should there be a Law?
I dont think boarder guards are so concerned about security. Heck, i'm driving down to mexico right n
User name of Casualsax3, trip to mexico, afraid to show vacation photos?
What, Date Line making Florida a bit too dangerous for you? Have to go down to mexico for your kicks? I guess Thailand would be a bit too suspicious.
Get a sub-notebook, like the Asus EEE PC. Small and cheap (starting $300 or less), built-in wifi, webcam, 3 USB ports, SD card slot, and runs on Debian or Windows. Get a slim external DVD drive for DVD movies. Get a 2GB+ SD card or USB flash drive, put your personal files there with your CHECK-IN LUGGAGES, NOT carry-on. Encrypt if you want. Use your sub-notebook (laptop) and flash storage during your trip. Before coming back to the U.S., put flash storage in CHECKED-luggage, wipe laptop to factory settings, if you need to (can be done in under 10 sec. with the EEE PC, and already has all drivers and apps loaded after factory reset), bring it with you on the plane. If customs take it, they won't know how to operate it most likely due to unfamiliarity with Debian, or they'll find nothing. If they seize it, heck, you lost barely $300. The plane ticket probably cost you more. Plus who cares, your data is safe, wrapped inside one of your pair of underwears in your checked luggage.
http://www.palmzone.net
An option is to always make the computer unbootable.
/. been lurking for years though.
The idea has always stuck with me is to install a bootloader on a flash drive. When the computer boots it will look for the bootloader on the flash drive. If the drive isn't plugged in you won't be able to boot, if it is you're fine. Just keep the flash drive somewhere hidden and inconspicuous (wife's purse or something).
Though it would be easy to get around you would need all of the following:
1. Someone at airport who knows enough about computers to know whats wrong and how to deal with it.
2. Be under enough suspicion to warrant the governments time to deal with your laptop.
3. Take the hard drive out and put it in another machine to read the data (If you're using Linux then make the drive ext3 so they'll have to find a non-windows machine to put it in).
Like many in this thread, I've heard good things about TrueCrypt, you may want to give that a shot.
Also, first time posting on
People are getting overly complex!
Do what the real smugglers do and simply swallow your contraban.
Here are the two simple steps:
1) Write your data to a small microSD memory card, then wrap it in a latex wrapper, and swallow it. (A little olive oil might help)
2) 24 hours later (after a memory 'dump') you'll be enjoying your 'warm' memories.
im actually facing the same situation right now..... im moving out of the country on november 3rd (western australia, and then off to Florence Italy) and i dont want people accessing my private data when i come back to visit family and stuff either. So I just got a 1TB drive, im currently encrypting it with TrueCrypt using the Hidden Volume encyption scheme thingy (technical term), and then dumping my data into it... im buying a new laptop (lets go apple.. dont let me down on the 14th!) and it'll just have a clean install of OS 10 on it.
the point isn't whats on my drive, the point is my privacy.
dreemkill.
Going out is no problem, coming back is. So ship the hard drive back home via UPS. Get it packed up, insure it, and ship it home. Keep the laptop with you if you want - just boot it with a USB stick that's got knoppix on it, tell them the hard drive died a while back and you don't use it any more...
Assholes can't inspect what isn't there...
Having passed through both international and US customs, the questions you'll get asked will vary as will their expectations, but I've never had them make me show them my photos. The most important thing is to listen carefully and do nothing without them asking - or you'll spook them. For example one agent asked me to take out my laptop, and when I stood there idle they asked me to open it and boot it for them. Once it got a desktop they thanked me and sent me on my way. The next one asked me to take my laptop out so I went to boot it and they dove saying "NOOOOO!!"
So don't act until they say ;)
BUT - you ARE travelling with this laptop, you need to be prepared for the increased risk of loss and theft:
* Bring the CD you reinstall your OS from with you! BRING IT!! A quaint town in Italy is not a good place to buy an English copy of OSX or beg someone to use their dialup and clunky machine to download Ubuntu!
* If you want to encrypt your files in case of theft, go for it. The problem with Full Disk Encryption is it does nothing for a stolen, running machine. I've had a laptop stolen from right under my fingertips - it can happen! I like to keep several TrueCrypt "disks," separated by activity, and only unlock each disk as I need it with a timeout set on TrueCrypt. That way a stolen, running machine is likely to have few or no "disks" unlocked, and it will likely lock itself back up before they come across the files.
* Backup your stuff. My favorite right now is DropBox. It works on Linux, Windows (XP and Vista), and OSX, it's dead-simple, and the first 2gb are free. Put the stuff you'd be saddest to lose most on there. Photos you take abroad, new code you write, that sort of thing. You can even put your TrueCrypt disks in DropBox.
In summary:
* Be nice to airline security
* Plan for hard drive implosion
* Plan for OS failure
* Plan for theft (even a running machine)
Keychain USB stick. With an operating system on it. It's all the rage. I have one. But don't go to the US unless you really have to. Not a good place to visit.
I travel frequently inside Europe. The only thing that they sometimes (keep in mind, sometimes) check is they ask you politely to power it up and they take a look while you're holding the laptop if its actually a real laptop. That is that it boots to some kind of desktop or user login. Its just a method to make sure the laptop battery is not made out of C-4 wired to an electronic board or that somehow the entire device is not a bomb.
My advice, I would just hibernate the device, no password, have it boot up to the desktop with a mexican themed wallpaper. Thats about as normal one would get upon returning from Mexico. Burn the data on a dvd, just to be on the safe side. And stop being so paranoid. Its this type of mentality that further enforces f**ked up policies.
A swab of my laptop tested positive for nitrogen on my way back from the Dominican Republic. This delayed the flight for 20 minutes as they reportedly poked and prodded it inside a blast container. Incidentally, they never asked about the TrueCrypt partition.
Go ahead encrypt your drive. While doing that, please bear in mind that an encrypted drive may seem more interesting to goverment agencies than just a plain "clear-text" drive with innocent pictures.
And they have probably seen amateur porn recorded in a motel many times before (in case this was your concern)
a 16GB high capacity SD card is going for around $40 bucks these days. encript 15GiB of it and leave the rest for random photos. save you data on the encrypted partition and put it back in you camera. photos pull up, data is encrypted, and hardware is clean.
--- haasta IT consultant | Web Programmer
A recent court decision has affirmed that Fifth Amendment protections apply to encrypted data ... if the password is in your head, you can't legally be forced to reveal it.
There's bad news too, judges have ruled US Customs can confiscate laptops. And if they do you don't know when, or if, you'll get it back.
Falcon
Should there be a Law?
Such a plan is an invitation for disaster and confiscation. Don't think for a second that encryption isn't a red flag.
CodeBuster is talking about using TrueCrypt though, which hides volumes so they don't even show up on the storage media whether an hdd or a flash drive. The data encrypted is in these volumes.
Falcon
Should there be a Law?
Being a foreigner from a so-called friendly nation, I'm used to the rediculous and non-privacy respecting entry into the so called land of the free. My laptop contains an OS (well, two: XP and Linux). All documents and other stuff are on the net or on SD-cards. Should I have anything to conceal, I would get data in and out of the US like I assume any criminal/terrorist would do: over the internet. Send it encrypted by mail, store it on online-backup, hell, you could even store it on gmail using GFS. In short, this is one of many US measures that only invade individual privacy/freedom of innocent civilians. The real culprits have zillions of ways around this. I can hear Osama laughing his head off in some cave in Afghanistan. I say: keep it up. Given the rate you annoy allies and the way you run your financials, it will be soon that the US is no longer of importance and there is no need to travel to the US and you can celibrate your constitution among yourselves.
And can tell you that you shouldn't really worry.
:END QUICK SUMMARY.
On top of this, I just went out of the county with my laptop as well. No problems so far (although re-entry seems to be the big issue.)
While I have not received my bar exam results, so I am not a lawyer (yet), and you should always consult a lawyer with legal questions, here is what I can tell you:
QUICK SUMMARY:
They can search your. Decryption will likely not matter much. They will likely NOT search your (sheer volumes). Searches are mainly used to find possessors of child pornography. Your risk of a search rises if there is something that leads them to believe you may possess child pornography. MOST IMPORTANT THING is to NEVER CHECK YOUR LAPTOP LUGGAGE. Airlines are worse than the government in this regard. Good luck, and IANAL. If you have more serious questions, consult an attorney.
The US has the right to search your laptop. All of it. They even have the right to copy your drive and search more later.
This sucks. Is questionable against the Fourth Amendment. And people in Congress are working on it.
For your trip, it is unlikley that you will have an issue. They do not invasively search each laptop that cross the border (even though, legally, they can).
Even if they DO search your laptop, it is unlikely they will physically open your computer. (If, however, they feel you may be trafficking drugs hidden inside . . . that's another thing.)
To give some perspective, the power to search laptops is often used to find child pornography possession. So, if you have some reason to believe the government may view you as a person who may have child pornography, then there is a greater chance you will be searched. (Yes, here, more types of profiling is legal, and the government DOES NOT need a reasonable suspicion for the search.)
Also, decryption is not necessarily a good move. Why? Because the government can get through the encryption. How?
Whole hard drive copy. Subpoena requiring you to give up your password. Things like this.
Also, it may make things take longer.
On a purely practical side, I would worry less about the government and more about your airline.
DO NOT, EVER, CHECK YOUR LAPTOP LUGGAGE! The airline has a disturbing tendency to lose luggage containing laptops. In fact, my own experiences with a lost laptop should serve some warning.
This is where encryption would be good -- encrypt private files (such as tax forms, passwords, financial files, and other important documents) that you keep on your computer so that if it is lost or stolen, no one will steal your identity.
Good luck and have a good trip.
- John
I dont know if its because im military or not, but ive flown to and from the US 3 times each since this bill or whatever it is was proposed, all 3 times from Germany to the US, 2 times from the US to Germany and once from the US to France...and I have never been asked for my password for my laptop. While I have nothing to hide, anything I dont want to be seen isnt on my travel laptop, but I still never been asked. This is just my experiences.
I cross the border between El Paso and Juarez every Sunday. I have never had them even ask to look at my laptop, much less been worried they'd take it from me. And I am on some DHS list as "armed and dangerous" -- I've been handcuffed and taken to "the room" several times. I have to tell them in advance that I will show up as armed and dangerous. Yet they STILL have never looked at my Macbook.
That said, perhaps by air is different than overland. Just look halfway normal and answer their questions rapidly while looking into their eyes. They are looking for "shifty" or "uncomfortable." They're worried about catching drug smugglers mainly. Or maybe fining you for not declaring stuff. Make sure you tell them everything you're bringing in, even if you took it with you from the US, and they won't bother you.
I tried tooling around with TrueCrypt a while ago, creating a hidden operating system and all that. I don't know if the process confused everyone, or just me, but does anyone know of any good guides out there that show you exactly what to do? Idealy I'd like to install XP or even Ubuntu on one partition, the one I'd show off to customs inspectors because it's either light on resources, confusing for them to use (hehe) or both, and have Vista on the other (laugh all you want, I like it). I've yet to find a really good step by step guide though.
I do like the idea of using a live CD and SD cards though, that'd throw um off!
...I backup everything, encrypt, put on a free web storage of some kind, take a knoppix,
...
dd if=/dev/zero of=/dev/sda bs=4k
pass the border with knoppix, leave the knoppix to them if they want, buy an other knoppix in the us, download everyting and live happy?
if they ask you why you did it, easy: i heard you were searching, i didn't want to lose my plane while you were searching, so i don't give you anything to search!
do you think it sounds too suspicious?
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
I really loved my last visit to the US back in 2000, took bucket loads of photos of everything, people were so great. I am so desperate to go back, visit my brother in law and get to see NYC, New England and then over LA and out to the Grand Canyon, but as a European there is no way I am setting foot in the US now as they even treat their own citizen's as criminals, let alone someone from the other side of the pond.
The very fact that their own citizens don't feel safe taking personal data in and out of the country, that they must search out industrial strength cryptography software to protect their memories and personal info.
Everytime I read another story like this, it makes me feel so sorry for the US...
Pain of Salvation : "It could have been Great America. I'm sick of a democracy, where every flaw and failure is called a right."
a lot of people there seem to have forgotten about that huge statue, near where the world trade center towers used to be.
They've forgotten that its not a statue to democracy, but to liberty.
How do we fight and win against this? How do we successfully demand that the government cease and desist from such depredations NOW?
My solution is:
1. Find broadband (eg. your house, hotel with wifi, cybercafe, wifi at airport).
2. Put the data you want on a server somewhere. Protect it as required. I usually consider having it on a directory that can be only downloaded over SSH as sufficient.
3. Clean your laptop of anything dodgy. Leave shred running overnight.
4. Go through customs with clean laptop.
5. Find broadband (eg. your house, hotel with wifi, cybercafe, wifi at airport).
6. Download the files you wanted.
There's simply no need to take data on physical media through customs, provided both ends of your journey have broadband.
Andrew Oakley - www.aoakley.com
Instead, if you really need to work for your company, put a VPN client on a bootable CD and bring that with you. I don't know if Windows can be used that way, but Linux can. If you go on holiday, find something better to do than hanging over your laptop - there is a world out there to be discovered.
As for photos and videos - just keep them on memory cards till you come home, or if you are worried about customs officers looking at them, upload them to a place where can download them from later. And why bring videos and music with you at all? Read a book; or if you must, bring a media player instead of a laptop.
It is up to the individual whether they want to fight this fight, of course, but most of us probably have worthier causes to spend our energy on, when it is so easy to just roll with the blows and ignore the idiots; against stupidity even the gods fight in vain.
You know, I was thinking the same thing. But on second thought, this guy is probably trolling.
As opposed to a week long one-way trip? What would happen at the end - execution?
encrypt your file(s). Mail them to your Google email addres en read/load them after re-entry.
I find it interesting that without exception, as far as I could see, the replies here were all "hell yes, keep the government out of your laptop." One person asked what the photos would be of and didn't receive an answer that I saw.
A few days ago a friend of mine told me that on arriving on a flight from Asia at a European airport the police detained a number of single white men and checked their computers and cameras for child pornography.
How would you feel about helping such people escape detection? Or providing tips to terrorists? Is your data really that confidential? Why? Explain.
If you were to say "I am a European and I fear targeted espionage by the US government for commercial reasons" then your fears would be probably be legitimate if you worked for a large and important company competing with large and important American companies (it's happened before).
If you were to say "I am not white and my middle name is Hussein and I have spent time a muslim country" you might find yourself receiving extra attention from insecure, paranoid, uneducated people.
I have had my laptop contents checked at a European airport about 10 years ago. People were importing laptops and avoiding tax on them at the time, so I took the precaution of taking my purchase receipt with me. It was checked and the laptop was inspected. It was clear to me what happened: the guard checked the dates in the root directory on the C: drive against the invoice. He said nothing and gave it back to me. Had the dates been very different, suggesting a forged receipt I think he'd have taken a closer look and I'd have had to answer some questions.
Yes, it was mildly annoying. On the other hand, the taxes I paid contributed to his salary and he and his fellow workers apprehend drug smugglers, illegal immigrants, fleeing criminals etc. on a daily basis. At that time child pornography was not in the news. Now we find that cheap airtravel, digital cameras and poverty in some countries adds up to a magnet for some people. Thailand and Cambodia are not the only countries they visit.
I don't know about the US constitutional position re encryption but it seems to me that America's customs officials may now subject the poster to a very thorough proctological inspection on each and every occasion.
Copy all your photos to a usb flash drive or sd-card and just post them to yourself. Alternatively just upload them all to Flickr and make them private (or not). Better yet, use both methods. I woudn't bring a laptop to the states at all, use cyber-cafes to access your files and back them up on Flickr or other sites. http://pix.ie/ is another great photo site, is completely free with no upload limit. Rob
Maybe you should leave your kiddie porn at the beach instead of trying to save it to your hard-drive you freakin' loser. I don't think encryption software will help you out too much... This is based on my assumption that you obviously don't know how to hide things on a computer in the first place. I think you'd only arouse suspicion by installing an app and not having a clue about how to hide the encrypted data. Security Guards aren't rocket scientists... and apparently, neither are you.
if you put a Live Linux disk in your CD drive and put your hard drive in your checked luggage you should be fine
Bob at customs desk 3 won't be avil to tell the difrence
null
I never travel with sensitive data on my laptop, just because I don't want to loose it to anybody. That be customs or some scum snatching it. All that data is on my server back home, so I can grab it from pretty much anywhere. Might cost me a few coins to go to a Internet Cafe, is I have to, but it's still OK. I also upload my stuff to the server. IF I have something I want to hide in a hurry, I just put it in a . Dir (running Ubuntu). Yeah, it's easy to find, but people don't know how to show these Dirs in a UI anyway. I don't bother to encrypt the disk, if I feel it's not safe to cary on me, I upload it first thing.
When I was a kid traveling through Europe with my family, the searches in German airports was really laid-back and relaxed. Nothing big.
Three soldiers would simply escort each family into a room. Two stood their watching with machine guns, while the third went through ALL of your baggage. They'd even reach into babies' diapers to look for stuff.
Now, those wacky Americans that want to look at your laptop, now they're just wackos.
Put your real data and OS on a bootable USB drive. Keep it separate from your laptop. Encrypt. When asked about the laptop, boot and demonstrate the installed OS if necessary.
If you are afraid they will investigate the USB drive, make a bootable SD card with your data. Keep that in the your digital camera or camera carrying case. Few would suspect your OS and data are stored there.
You could even put your data on your USB watch.
One ring to bind them - should probably have more fiber and less rings in their diet.
Maybe a bit of social engineering?
... damn! It's done it again! Sh*t...
Someone should make a program that's easy to install and remove that makes Windows generate a BSOD (reliably) on startup. The BSOD might just be famous enough for the security guard to recognize it.
Inspector: Can you please start up the laptop sir?
Owner: Sure thing, but it's been crashing on me lately. I've got to get my IT guy to look at
I: Haha, my laptop was doin that when my kid messed wit it.
O: That might explain it! As I recall, I let my son do his homework on it just last week and it's been acting weird since. Thanks for the tip!
I: Hey, not a problem. Actually, I'm pertty good with the interweb too, cept once I went to one of them phishing site for some fishin tips, but even when I paid the stinkin $1 fee with my credit card, there weren't no tips or nothin! Just watch yourself sir, it's a crazy web out there. On your way!
As long as you are re-encrypting the whole container to another hidden truecrypt volume or a regular volume if you can be assured your adversary won't become aware your backup exists (eg, burned on a DVD that's buried in your backyard)
It would probably be smarter to mount the hidden volume and re-encrypt the plain-text contents to another hidden volume (with a live cd or hidden OS) if you need regular backups to avoid the disk overhead of hiding the dummy contents of the first container as the usable space available to a hidden volume is much less than the container it hides in.
unless you have the original disks on you. Having "contraband pirated media files" on your drive is pretty likely to give them probable cause for a seizure. Without the original disks, there's no way to back up your story while in the airport, and even with the disks you could get unlucky. Customs has forms and things you can do so that you don't have to pay import duty on the "Made in China" camcorder you bought before you left. They may have similar forms and procedures for media you've already bought and paid for.
We are the 198 proof..
I have flown into DFW and MIA, neither place has ever given me problems with my laptop. They didn't even ask to see my laptop when I came through any of the times. I would be more concerned of a search when coming back from Europe and Asia.
How about create a new partition in whatever OS you're in, store whatever you want on it, and don't mount it? $10 says they don't know UNIX/Linux nor how to use the Computer Management tool in Windows. If they don't see it as a drive, they can't really look at it, can they?
Now, if they confiscate it, I'm sure the person looking it over would be able to so encryption might still be useful. But it's a quick and easy solution. I do it to hide... things... from family/friends
-SaNo
Recentlly Declan McCullagh put together a guide here:
http://news.cnet.com/8301-13578_3-9892897-38.html?tag=nefd.lede#fascism
Don't forget your tinfoil hat either. You won't be able to wear it through the metal detector though...
If you don't know what you're doing, you can't make mistakes.
wtf is wrong with you?
"-can you open up your suitcase, sir? -NO. IT'S NOT YOUR BUSSINES, EVEN IF MEANS SECURITY"
are you a military targets photographer?
if you have some pr0n stuff there, zip it, then add it to some jpg file. works like a charm
In general you are being over paranoid, I look very middle eastern. I have been pulled aside a lot of times, once even 3 times on the same flight (talk about profiling). Anyhow, never have they looked at my laptop. They do often ask me to boot while passing through a X-ray scanner, however on the other end I just turn it off and slip it in my bag.
Further, I carry a PDA phone, has a 8GB microSD card in it, never have they looked at that.
If I was carrying nude pics of my girlfriend/wife (both), I would just encrypt them, put them on a SD card and slip it in my pocket or wallet. Of coarse, that is if I'm unable to upload them from my vacation to my online drive/server. In the later case, I just wouldn't carry them on me personally.
Alternately, I would encrypt them and slip the card back in my camera.
Having said all that, this comment may not even see the daylight.
Well, surely there can be only one way out of this potential dilemma:
Never ever ever admit you saw Big Momma's House 3.
Somehow, I think that presenting the Border Patrol with a laptop that boots into Linux is going to add a few points toward qualifying for a VIP interview. Not that I would let that force me to use Windows....
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
As was said above, does anyone here actually travel internationally? I have been in and out of the States many times over the last couple of years, usually with two laptops in my hands. No one has been the least interested.
This plan requires a laptop, flash drive, and some blank cds.
Have a laptop fully windows, nothing suspicious. Rip your movies to it like normal.
While on vacation, rip pictures to your laptop. Reboot into nix live on your flash drive. Tar all your pics, encrypt, and write a straight encrypted image to a cd. No fs on the cd. Then write "country mix" on it.
If anyone asks, it's a country mix you burned, but it must have gotten scratched or didn't burn right or something like that.
If you really wanted to go all out, you could even make it a real 9660 image. Just leave some space at the end, and tack on the encrypted tar.
Just wipe the pics from your laptop, and noone should be any the wiser. The downside is that you'll have to download some country/pop/some-sort-of-popular-bs for your mix.
Billy Brown rides on. Yolanda Green bypasses Gary White.
I'm not exactly a frequent world traveler, but I've been to Taiwan and back recently for business and saw no sign of DHS checks on anybody going through US customs on the way out or in.
On the other hand, using encryption for private data is a good thing. I've been using TrueCrypt for all my personal and business data for over a year. It is easy to use, reliable and offers a spectrum of encryption feature from encryting and hiding volumes to simply having an encrypted file that is a virtual encrypted "drive".
Just upload your pictures to an online storage system. Then delete your photos in your HD.
put a screen grab of 2girls1cup as your desktop background, or set your OS to rickroll the person who logs in with the "user name" and "password" you give them...
.. before coming back to the US. Or record it to blu-ray/dvd, and ship it back home :P
After all is secured somewhere else, delete from laptop and be happy.
Buanzo Consulting - 15 Years of GNU/Linux experience, for you.
Since these kinds of inspections disgust me in principle I refuse to go to the US with any data at all, is not worth it, SSH serves me well and gives me peace of mind.
Now the problem is that carrying a freshly formatted laptop could still become a liability. What is the probability of getting detained for not carrying personal data on a laptop? Would they even notice if there are no personally identifiable data, just generic stuff? If so how much decoy data would be enough? Do you have any recommendations for what kind of stuff to take with me? Do you think an empty windows installation safe after all?
I'm not concerned about having my laptop searched, I just ASSUME they will. What I'd really like is to not be permanently tagged in a government database as Shipable-to-Guantanamo er... I mean dissident.
But... the future refused to change.
Why not just yank the hard drive? Tell customs that the laptop isn't working, you're just taking it home and getting it fixed later. Show that Linux/Windows/Leopard doesn't boot up properly and they will probably believe you. At home, stick the hard drive back in and go on with your life.
They want to find porn and/or stuff to hand over to the RIAA.
If you put movies on your laptop, delete them after you watch them or before you come home.
If you have a reasonable amount of music you should be safe.
They won't care what your pictures are unless they are pornographic.
But for absolute safety, you must save your pictures to some other device you're not carrying with you in case they decide to take it from you for whatever reason they make up. A network backup is the best bet, and using an encrypted service like JungleDisk is very smart.
Definitely image your laptop to a USB drive you leave at home before you head out, to make recovery faster.
The only ``intuitive'' interface is the nipple. After that, it's all learned.
Dual boot with linux & windows, store data on linux partition. Encrypt if you're paranoid.
Before you cross the border, do that format /mbr thinghy (or whatever it's called these days, I didn't use Windows for ages). Now, when you open up your computer it will look like a normal Windows machine.
They won't check more than that. Why would they?
Make sure you don't have a very expensive laptop, they might want to impound and 'lose' it.
USPS it to yourself, as AFAIW in the US it still requires a search warrant to look through/open other people's mail, and is a (big time) federal felony if done w/o said warrant.
That said you might run into problems with tariffs as the tax man is apparently, unhindered by trivial things like laws and may decide that your laptop has taxes owed on it for some reason...
My wife and I went to PV this past July, with camera and laptop and cellphones; we had no problems whatsoever neither leaving nor re-entering. Same inspection process as flying domestically. Not that that's really saying much, but no abnormal hassles...
When dealing with the Almighty Government, encryption is not the solution. Stop believing in this myth, they can find their way into your crypt vault, one way or another, if they really want to. And no, cracking the encryption is not their only tool.
With that being said, I am going to install Ubuntu 8.10 on my laptop and all my workstations as soon as it's released at the end of October. It has a very neat feature - it allows you to create a Private folder which is encrypted. You can then move things such as your Firefox files into that folder, and symlink them to the original location. Anything you move into Private gets encrypted. Very nice.
Again, this is not to "protect" my data against Three Letter Agencies, but to prevent snooping from nosy sysadmins at work, to prevent data theft if my laptop gets stolen, etc. It's not perfect, there are ways around it, but it's better than nothing.
As far as the Three Letter Agencies are concerned, I have nothing to hide. That's probably the best policy.
I have travelled to Europe for business about 40 times in the last decade. Always loaded with photographic equipment and computers. Only once was I briefly interviewed going into NL and once coming back into the US.
The original post seems overly dramatic. It is routinely much worse for non US nationals . They have to under go the disgraceful biometric scan.
How exactly are these searches done? I keep personal stuff in a small encrypted disk image on my Macbook. It's just like any other file except when you double click it, it asks for a password. Is it really even likely the TSA would look through my files that closely? I'd think they'd just go into my movies and my pictures and do a cursory exam of the filenames to make sure there's nothing suspicious. I really doubt they'd take the time to randomly image my hard drive, and if they did that they wouldn't notice the encrypted volume until I was gone anyways.
I can see it now .. Everyone listen or we'll .. *censored* ..
while holding a dildo at the flight-attendance head.
There is just no terroristic market in sex toys...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Burn a CD and mail it to yourself from Mexico. Burn another CD and put it in your bag. Even if your laptop gets searched, it's unlikely that anyone will notice either burned CD.
You've missed the whole point of my post
And you missed the whole point of my post.
Swap files which, unless the whole disk is encrypted, won't be. Files used in hibernation (Linux uses swap, not sure about Windows).
I have 2GB in my MacBook Pro, which it came with as standard more than a year ago. If I wanted to I could add another 2GB. For now at least I seriously doubt I come near maxing that. I can see doing it when I start working on multi-media. However if I wanted to I could move my swap. Windows users can also move their swap, as can Linux users.
you can't simply send a message to the operating system to say "This is now in secure mode, any user data or swapfiles must be stored in THIS location and any which are outstanding must be moved and the disk area they occupied securely wiped".
When I installed Linux, years ago, it asked me where I want the swap partition to be. I'm not positive but I'm pretty sure I also told Windows where to put swap.
This is the kind of feature corporates will demand because you can never guarantee that nobody will ever lose a key or forget their password and "your data is now toast you silly fool" is seldom an acceptable outcome to such a scenario.
Yea, I'd imagine a corporation would have a backup key.
It's also the kind of feature which is highly unlikely to be implemented in any F/OSS solution like TrueCrypt because it's a potential security risk
How is TrueCrypt riskier or potentially riskier than a closed source proprietary program? Whereas anyone can examine the source for TrueCrypt and spot possible security holes, nobody can legally see source code that's closed. And that source code can be riddled with holes. Sure some cracker may find a hole in code that's open but with thousands of others having the code the likelihood of someone else seeing is better than if the code is closed, and closing the code only stops some.
Unless the disk is heavily encrypted then any boot password can be trivially worked around
Not too long ago, last month I think, there was an article on /. about how researchers were able to recover passwords after a few minuted with the computer shutdown. A recommendation when boarding a plane was to not use a laptop at the airport.
Falcon
Should there be a Law?
http://qtv.mobitv.com/sprintTVlive.mcd Is dead.
Don't bring a laptop?