Slashdot Mirror
Tips For Taking Your Laptop Into and Out of the US?
casualsax3 writes "I'm going to be taking a week long round trip from NYC to Puerto Vallarta Mexico sometime next month, and I was planning on taking my laptop with me. I'll probably want to rip a few movies and albums to the drive in order to keep busy on the flight. More important though, is that I'm also going to be taking pictures while I'm there, and storing them on the laptop. With everything in the news, I'm concerned that I'll have to show someone around the internals of my laptop coming back into the US. The pictures are potentially what upsets me the most, as I feel it's an incredible violation of my privacy. Do I actually need to worry about this? If so, should I go about hiding everything? I've heard good things about Truecrypt. Is it worth looking into or am I being overly paranoid?"
...encrypt it. Full disk encryption is relatively cheap, easy, and unobtrusive.
You gave one such example in your post.
But uh, mind if I ask: exactly what kind of pictures are you planning on taking on your vacation? ;-)
problem solved.
keep an SD card in ur wallet
No one is going to search your computer other than to make sure it is a computer and not a bomb.
Throw a clean install on your laptop, and put your critical data on a server so you can just log in and download it when you arrive.
When you're about to fly back, re-upload your data and wipe the drive.
You could also just mail encrypted DVDs with substantial insurance.
You could offload all your photos onto a memory stick. I doubt they would search that. Especially if it's not in your carry-on.Encrypting is pretty darn easy, too. Although if they give you a hard time, you'll just have/want to decrypt it for them to take a look. Otherwise it looks real suspicious.
I'd use Truecrypt on a USB key of some sort, and use rental computers on the plane and at the destination rather than your own machine, which you leave safely at home.
Use certain Linux distros, and you can literally have your own "computer on a stick" this way.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
However, my international adventures are limited to Canada and Japan. Most recently was a trip to Tokyo last March, where I had 0 issues coming or going with the Macbook I took along for digital photo dumps. YMMV.
-Buddy of DoQ
Short answer: Truecrypt (as you mentioned in the summary.) Is it worth looking into? Yes. Are you being overly paranoid? No. Seriously, have you noticed the big brother trends recently? Truecrypt is very simply and effective encryption, in several forms, from simple encrypted containers to hidden O/S partitions. To take such a simple precaution is not, IMHO, overly paranoid.
http://clightnirish.wordpress.com/
Use a clean install and email the photos to yourself while you are there... or put them on an encrypted thumb drive / cd and snail mail it..
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Use a cruise ship as much as possible. If you leave the US on the boat and come back on the boat then they won't rummage through your shit:
On my last cruise we hid(and these were strictly for our own presonal/recreational use) 3 handles of booze, 24 Marijuana cookies, 1 small bag of marijuana buds, and my noncritical laptop in our main(heavy with clothing etc) luggage. Only the carry-on bags were searched. When coming back into the US just keep your laptop in your main luggage with your clothes and don't have any contraband on you when you get back(like I said, they won't search your laptop if its in the large luggage) as there may be a doggie sniffing.
If you are flying out of the country and flying back in, I don't know what to say except sorry, bro!
what are you taking pictures of if you are worried about them looking at them. i can just about guarantee you that they dont really care what the pics are of as long as its your personal life and not something important.
Are you a middle eastern looking young male? A white male returning from Thailand? If so, be paranoid.
If not, no worries.
Test your net with Netalyzr
Encrypt your working partition then install a 2nd OS that it defaults to without revealing your main working OS.
That way they can scan for all the information they want off of your plain jane machine and not raise any suspicions about your private data.
Put your files on a few small USB-sticks, or on your home server (for encrypted retrieval once you're in the country). Bring a Live-CD to boot from and then "cat /dev/random > /dev/sda".
Make sure to grow a big beard, learn a few arabic phrases and quote Allah to the security guard in customs.
Then let them have a crack at decrypting your "encrypted" drive.
Just be sure to say "Just kidding" so they don't ship you off to Guantanamo.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
If you haven't noticed lately, the DHS can search your laptop, make copies of everything on your laptop and keep it. If you are a person who loves exercising arbitrary power over people, you probably work for the DHS or another government agency.
Its really funny that a person who doesn't care about basic civil liberties is posting as AC. However, the joke is probably on me and you are just a troll. :)
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
As the old traveler's adage goes, if you can't afford to lose it, don't bring it.
Find a cheap laptop used laptop you won't have problems with ditching. Use a live cd or usb key boot solution so nothing ends up on the hard drives.
Keep your pictures on SD cards and mail them or a copy to yourself or some drop point. Encrypt them all.
...is a good offense.
If you're offended by having your privacy invaded, just make it horribly offensive for the invader as well.
With the right accessorizing and appropriate leather:latex:chainmail ratio, you can ensure even the most intrepid airport screener will breeze you through in record time.
Oh...and, yes, Truecrypt is terrific, but not nearly as fun.
I've taken my laptop across the border 4 times, my wife has done so many times more, neither of us have had our laptops searched. I've been pulled aside by customs and asked questions once, but even then they did not request to see my laptop. I think the bottom line is, if you act shady they'll look at your stuff, if you're just getting your business done then you're fine.
Trycrypt is a answer. It is free and they did everything correct. You can encrytpt your current data, and even add a second OS for deniablity.
If they ask you to boot the laptop you type in the password for the 2md OS and they see nothing of your main data disk, only your 2nf OS.
Ae you paranoid? Well, you better be paranoid than sorry.
Once at a shell prompt they quickly lose interest.
This is my sig. There are many like it but this one is mine.
The laws are a travesty. The system is fubar not just beyond all recognition, but beyond all belief. However, you've got a better chance of justifying the average DMCA takedown notice then you do of having something bad happen to your laptop because of your border crossing. I do it several times a year and have never had anyone even take notice of my laptop. In fact, in all my years of international travel, I've had one complete *ass* of a border agent (at London's Luton airport) and for the most part all the others have been cordial at worst, and down right heartwarming at best. The bureaucrats need to be executed for treason and absolute scumbaggery immediately, the border agents are just people like you and me doing their (admittedly lousy) jobs.
I just came back in from a two week stay in Europe, where my travels took me through several countries there. While I was there, all the photos that I took were stored on the laptop, along with several movies that I'd ripped to the drive.
Upon my return to the states, the check-in process wasn't any different than it had been a couple of years ago. They asked no questions about my laptop, or if I even had one. The only time my laptop left my bag was when I put it through the X-ray machine.
That being said, it never hurts to encrypt your data anyway.
If you're looking here for something insightful or thought provoking, you're probably looking in the wrong place.
Put them on your iPod. I've got a 80GB Classic, and there's more than enough room there to store whatever you need, and who's going to search your music player for stuff?
Unless, of course, you're doing something naughty and arouse suspicion, in which case you're pretty boned - encrypting/obfuscating the file on the 'Pod would probably help, but if you're getting the full treatment...
What the world really needs is secure storage with a self-destruct feature - when they ask you for the password, you give them X, which wipes the drive as quickly and as thoroughly as possible. (Preferably with a "decrypting, please wait" message)
There is always the tried and true method of shoving it in a condom and swallowing it...Just tell them you have a bionic stomach.
Otherwise, I think you're probably fucked. If you encrypt, you're just showing that you have something to hide, so that's a trip to GITMO.
If you don't encrypt, then people will see your deviant porn, and that's a trip to PMITA prison.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
An ounce of circumvention is worth a pound of countermeasures. Don't store them on the laptop at all. Store the pictures you're taking online and you'll be able to access them from anywhere. Border patrol can't find something on your computer when it's not there. Even if that's not feasible 100% of the time, you could still make a temporary archive online while removing them from your computer. If even that has you feeling paranoid, you could always burn the files to DVD, wipe them from your computer, and stow the DVD.
You can fit a lot of USB sticks in your anus. Probably 3 or 4 Libraries of Congress in your ass, isn't technology wonderful?!
Trolling is a art,
Offshore laptop rentals with temporary accounts linked to offshore data are booming! What a great business model. You set up an account with the company, stuff all your crap on a server, then when you get to your destination, you pick up a laptop (maybe your "rental fees" are part of your normal monthly service account)... logging in to the laptop mounts the remote volume and download away.
meh
I love it, works great. I honestly don't think full disk is what you want because they can force you to type a password to let them look around. I have a hidden truecrypt file so even if I boot up and they look around they won't see my personal data. Mostly I keep my old journal, email backups, and other stuff in encrypted file. I highly recommend truecrypt
Dan Mayer: my blog, essays, art, etc
Called email. Just email them to yourself...
That's all you need. If it doesn't work, let them have it and sue the hell out of them. The ACLU and EFF may help you.
Make sure to get a laptop built with ease of HDD removal in mind. Most business oriented laptops are built this way. I usually have a backup HDD (2nd) with a fresh install of windows and some basic apps. If your laptop is subject to search and seizure, the less data on it the better. "Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him" Cardinal Armand Jean du Plessis Richelieu (1585-1642)
Good-bye
..if you want to ensure that they take your laptop away, since you "obviously" must be hiding something. I'd advise you to leave your computer at home. Simply bring some extra memory cards for your camera, and maybe a media player of some sort if you're really going to be that bored on the flight.
Why does everyone feel the need to travel with their computer? Whenever I go on vacation, a computer screen is the last thing I want to see.
I would bet that if you move any sensitive data onto USB keys on your keychain, nobody will give them a second glance.
For every problem, there is at least one solution that is simple, neat, and wrong.
Leave the computer at home. Drink beer and enjoy yourself on vacation. Problem solved.
Even a moderately sized memory card for your camera can hold 200 pictures - can you really shoot more than that in a week?
Just buy a cheap laptop, and/or an USB stick. Put your pix on the USB key and put it in your checked bag. Nuke the laptop b4 you come back, I've typically cross the US border 3-4 times a year. I've never had a problem with carrying a USB key along with my camera. I've only brought my laptop across once, and had no problems. The thing I get questioned on is my underwater camera housing, but they just ask what it is. Then they say cool, and ask if their camera will fit. ~:-) To which I say "No, each housing is made for a specific camera." Hope this helps.
Make a spare hard drive that you can boot from, and contains totally innocuous data. Take both drives with you on vacation. Then mail the first hard drive back to yourself. Return to the U.S. with the spare hard drive in the laptop.
The point of this is not to draw suspicion to yourself, and to reduce the DHS's incentives to confiscate your laptop. If they want to see what's on it, you can show them everything - because nothing will be there. If they take your drive and image it, they won't find anything.
You don't want to use encryption, because that will draw attention to you and possibly get you put on a list. You certainly don't want to assert your fourth amendment rights - not only because it won't matter to the DHS while you're physically trying to cross the border, but also because the courts are unlikely to uphold them nowadays.
If you don't want to use a spare drive, then treat the data itself as disposable. Keep track of everything you consider private, and then wipe it from the drive before returning.
I always mod up spelling trolls.
I would think they'd be a lot less out of the norm there. Unless you're totally going for the coke & whores where the whores are 12 year old boys. Then you may want to just mail yourself the SD card.
-EB
Do you ever walk alone like a drifter in the dark?
If it's the pictures that you're worried about, archive, encrypt, and email them to yourself or upload them somewhere safe.
If you plan to take gigs and gigs of pictures, take an external hard drive with you and ship it back ahead of you. Make sure it's encrypted, too.
If you really want to test the law, simply encrypt your hard drive or store the photos in a PGP-encrypted file on the unencrypted hard drive. Remember, though, that while the 5th Amendment will probably protect you as an American citizen, it will not save you (nor your family) from the hours and hours of delay and frustration.
Colin Dean Go a year without DRM
If you've got an NTFS drive you could always go about it using Alternate Data Streams. What pictures? Not going to fool a forensic examiner (nothing you do will, given enough time to look) but you'd probably slide past border folks just fine without having to give up your laptop for not providing the password to an encrypted drive. Don't give them any reason to want to look any further ;)
If you're worried about having to give up the password to your encrypted drive, try Rubberhose:
http://iq.org/~proff/rubberhose.org/
I'd not have any movies or music on my computer that I can't provide any kind of supporting information that I am a legal owner of it, particularly with regard to movies. For an interesting listen, download the latest episode of TWIT (Laporte) where he interviews Kevin Mitnik. Mitnik pointed out that what the powers that be were most inquisitive about were 1) pirated movies, 2) pirated music, and 3) kiddie porn.
Send it to your hotel DHL overnight before you leave, and do the same to get it home.
Problem solved.
Do daemons dream of electric sleep()?
I thought the lot of you didn't bother posting to Ask and would instead post Ask questions to random sections instead, sections which might have nothing to do with the topic.
Hail Eris, full of mischief...
E pluribus sanguinem
The people who worry that about privacy, are the people have something to worry about.
It's obvious, you should be jailed. ;)
Write a script that will copy goatse, tub girl and screen shots from 2 girls 1 cup thousands of times into every directory of your hard drive.
After they check a few images, they'll stop looking.
Darned border search exception.
"travelers may be stopped [and searched] at . . . the border without individualized suspicion even if the stop [or search] is based largely on ethnicity[.]" United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985), United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
and
"may [...] conduct searches of the traveler's body -- including strip, body cavity, involuntary x-ray, and in some jurisdictions, patdown searches -- if the Customs officer has reasonable suspicion" to do so. United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004), United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
I've been back and forth to China a few times over the last 6 months and have had no issues bringing 2 laptops with me (personal and work) and getting them back to the states unchecked.
I've also heard the stories on the news and it is a bit disheartening but again, I've had zero problems myself.
Even if you encrypt, there is the thorny issue that you may need to provide your password etc... You can plead the 5th but it may not work. It's still a grey area. A better solution would be to upload your pictures to your home computer from an internet cafe or hotel etc.
Don't look Muslim.
All the pictures you need. You could even use micro SD card/cards in your mobile phone (if your mobile phone can carry micro SD cards).
I just came back from Egypt with slightly under 40 gigs of commercial photographs and had to pass through Seattle on my way home to Canada. Got asked two whole questions... where was I coming from and where was I going. Now I am your stereotypical white guy, the middle eastern looking people on the flight where without exception getting the third degree (and they where all holding American or Canadian passports).
Technology is most abused by the very people it was created to help
Before you leave home image your hard drive to dvd with no data at all, just OS and apps. Use Ghost or something like that. Put some work files on on a flash drive. Skip the ripped movies. When you are ready to return, move all your images to flash and mail them home, then re-image your hard drive with the no data image. When you go through customs let them look to their hearts content. If they ask about the really clean hard drive, tell them it company policy that not data is to be left on hard drives while traveling because of fear of theft of the laptop. Show them the flash drive with your work data on it. Keep a memory card in the camera with a couple of pictures of the beach for them to look at.
But I dare say you may be safe... after all, TrueCrypt has probably received a visit from No Such Agency.
Google for crypto nsa backdoor
I have been between Taiwan and the US, Shanghai and the US numerous times in the last two years carrying 2 laptops. Never been asked. In fact, the last time two weeks ago, I had two laptops, 1 for work and 1 for my personal use, and a newly purchased in Taiwan EEEPC netbook which I declared.
And I was concerned about the same things. Turns out that concern was needless. Mexico doesn't care what's on your laptop or in your luggage -- my luggage wasn't even seriously searched there. A Mexican Federale rifled around in my main suitcase looking for bottles of liquor and foodstuffs on my way back to the states (he only found one, haha) but that was it. They didn't even bother to check my laptop bag at all. I flew out through Atlanta, and the only searching I had to go through stateside was routine x-rays. Laptop out of the case and in a tray by itself, run through the machine, and that's it. They didn't blink when it went through.
If my experience is any indication, the only thing you'll have to worry about is getting a good wireless signal while you're there. Not that you'll want to be on your computer, it's one of the most beautiful places I've ever been. I don't think you have anything to worry about. Take your ATM and/or credit card with you too. You can use it in most places down there -- even in ATMs which dispense pesos at the current official exchange rate, meaning you won't have to haggle with anyone about how many pesos your $10 bill is worth.
Oh yeah, and you want to take the zipline tour through the jungles. That and the Catalina excursion if you can. Well worth the cost.
You can do what my company has been doing. They bought a few eeePCs at a decent price and literally keep NOTHING but a Citrix client on them. When employees cross the border, there is no liability if the netbook gets confiscated, stolen, or wiped. When they reach their destination, assuming the laptop is okay, they bring up the encrypted Citrix client and VPN into work. This way they have full access to their environment: Outlook, Internet Browsing, etc. all done through the corp network with encryption. The cost of this is minimal (a $300 netbook) as opposed to a full $1000-2000 laptop PLUS sensitive data.
Now, for personal use you could simply run an ssh tunnel. Takes, literally, just a few mouse-clicks to setup and costs nothing extra (minus the netbook).
Bottom line: The less you bring, the less risk you take.
I travel a lot. I've yet to have an issue with this.
Derek Greene
Why not just take the DVDs with you?
Kevin Mitnick was recently on TWIT 163 this past weekend discussing a recent incident he had at an airport in Atlanta, GA coming from Columbia where he was detained and ICE/Customs officials were attempting search through his property and a laptop of his. He offers some tips on what one should do before taking your laptop with you when leaving the United States.
http://twit.tv/163/
Insist on showing them every picture!
Also, backup the gutenberg project.
Fill up the rest of your drive with dd if="/dev/random" of="secretstuff.iso" so that if they copy your drive they at least have something they can work on decrypting.
Don't forget to bring your extra harddrives, too! I'd pay you to take some of my crashed ones... I would love for somebody to get the data off of them.
Other than that, all I can think of is for you to laugh maniacally.
When things get complex, multiply by the complex conjugate.
Or have it "crash" on boot and you'll be sent along your way with a sympathetic shrug.
The world is made by those who show up for the job.
I went from the US to Barbados and came back without having to show them anything on my laptop (and there are some good pics on there). I had to take it out of the case for the x-ray machine, but that's it. Have they developed technology that dupes the hd while going through the x-ray yet?
Full-disk encryption is a tad too suspicious though. Yes, yes, it should not be this way, but someone is going to ask what he is hiding. So I would rather go for partition encryption, leaving the OS functional.
Just partition the HD so that there is some space left, use it for encrypted storage and mount the partition when you need it. I think we can safely assume that no border-control enforcer knows what a partition table is, and much less how to mount it; if they did they would have better jobs. And, if they really find out, it will look just like an unformatted partition. Just say that you got the partitioning wrong, or something like that.
And for the extra paranoid, remember to encrypt swap with a password scrambled at boot and to mount /tmp on tmpfs.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
if uve never been pulled into the us customs secondary inspection i wouldnt worry about it
ive never had my laptop scrutinized and ive been pulled into secondary inspection a few times
{ canadian programmer telecommuting in the states == working in the states }
think about who and what they are really looking for , its probably not you or your files
back in the day we didnt have no old school
No one has said the simplest way. Slap any data you dont want them looking at on an external and put it in your carry on. I travel with 10-15 external usb drives, and no one says ANYTHING about them. also, because there is no chance of them being a weapon (And they go thru the xray machine), they cant legally confiscate them. Well, i mean, they could i suppose, but that would bring along a few lawsuits from my employer.. either way, they never mess with your usb drives.
"Some men just want to watch the world burn..."
Install a plain old OS on it, and NOTHING else.
So, it's a brand new laptop OS install.
Ship your other one, after backing it up of course, to your destination next day.
If you absolutely must work on the plane, just put those documents on the damn thing, work on them, get your disk and sync up after arrival.
Reverse for the trip home.
Blogging because I can...
As far as TrueCrypt is concerned, I started using it when I realized what a problem I'd have if someone stole my laptop (either at home or on the road). I now keep all my sensitive financial and personal data on an encrypted volume; the innocuous stuff is in the clear. Frankly, the risk of theft is far greater than the risk of border seizure.
If it's your photos that you're concerned about, why not just upload them to you favorite photo sharing site and delete them from the laptop?
I've been to the US a couple of times this year, the last one about 3 weeks ago to Las Vegas.
I had to take my laptop with me for several reasons, but during the security check-in in Houston no one bothered me at all about the laptop, just had to take it out of my bag for the x-ray check.
I think encryption is a great alternative, not because of Big Brother, but because your laptop might get stolen in Puerto Vallarta.
--Necesito una chela, bien fria...
I entered the US 3 months ago, and left after a week. I too had read about stories where they could search and confiscate your laptop for no reason. Since I'm a Linux user, the act of using an operating system that they don't know (i.e. everything except Windows) might cause suspicion, so I removed Linux from the boot loader and put a few photos and documents on the Windows partition as a decoy. I really didn't want to go through the trouble of formatting my Linux partition since all my important stuff are not on Windows. My business partner, who traveled with me, didn't bring his Macbook at all out of fear that it would be confiscated.
It turned out that we have been worried about nothing. There was no search. One time I forgot to remove the laptop from my backpack. They took the backpack and inspected it, and I was acting nervous because I was worried they'd confiscate the laptop. After a few minutes I got my laptop back. Nothing happened.
I've gone overseas three times in the last three years, and the customs people never even give me a second glance. Just be white, be polite, look "normal" and as long as you aren't coming from somewhere that traffics in "interesting" things, they will spend all of fifteen seconds looking you over.
The cake is a pie
...only if you don't mind an occasional cavity search. Use DHL otherwise.
I should clarify to say that the policy does mention encryption; but whether your device is encrypted is unlikely to determine whether or not it is seized.
Specifically:
(2) Assistance by Other Federal Agencies or Entities.
(a) Translation and Decryption. Officers may encounter information in documents or electronic devices that is in a foreign language and/or encrypted. To assist CBP in determining the meaning of such information, CBP may seek translation and/or decryption assistance from other Federal agencies or entities. Officers may seek such assistance absent individualized suspicion. Requests for translation and decryption assistance shall be documented.
(b) Subject Matter Assistance. Officers may encounter information in documents or electronic devices that is not in a foreign language or encrypted, but that nevertheless requires referral to subject matter experts to determine whether the information is relevant to the laws enforced and administered by CBP. With supervisory approval, officers may create and transmit a copy of information to an agency or entity for the purpose of obtaining subject matter assistance when they have reasonable suspicion of activities in violation of the laws enforced by CBP. Requests for subject matter assistance shall be documented.
Actually, reading the actual policy is probably not a bad idea for those so outraged with it (or frightened of it). Keep the longstanding border search exception in mind when reading the policy, and try to imagine how it might be in the realm of possibility that it might be reasonable to also apply the border search exception, repeatedly upheld by the Supreme Court, to data inside electronic devices as well.
Have you seen the people they are hiring at the airport security recently? You might be subject to an entirely different form of harassment, from someone who feels you are their perfect soul mate...
I'm actually waiting for this to happen to me. When it does, I plan on opening the laptop, turning it on, and letting it tumble from my hands to the floor. God bless the Dell gold full replacement warranty.
To avoid corruption, one must remain dishonest.
If you know enough about US authorities' attitudes to be worried about the border searches, then surely you also know enough about the US internal authorities to realise that it's not a safe place to visit?
Just tell your employer that you won't visit an active war zone
Many have a dual boot machine. My laptop has WinXP that I rarely use as first partition and then it's all garbage (if you don't have the passphrase).
So, I do the following: Before a journey to USA, I remove the GRUB loader, and windows just loads without questions. Who is gonna find out that I have a second encrypted partition in the 5 minutes of the search?
just get one of those 64GB thumb drives from corsair and swallow it before you return :)
Don't carry your laptop. Encryption won't help you.
you had me at #!
I know it's the hip thing to worry about Customs rifling through your laptop, but statistically, you have much better things to worry about when bringing your laptop on vacation ... among other things:
0) Forgetting to bring the AC plug adapter,
1) Customs services in the foreign country,
2) Airport security on both ends,
3) Simple theft of the laptop during the trip,
4) Putting your laptop bag down on the bus and forgetting it,
5) Spilling coffee on your keyboard at an internet cafe, and
6) Dropping your laptop on your big toe and breaking both.
Practically speaking, Customs agents can't be bothered to search individuals that aren't acting truly "hinky". I've been traveling internationally on a regular basis for business. My travel patterns certainly fit a certain "risk" profile (long stays outside the country, frequent travel, watch list name match, etc.) and I've never, in six years of this, ever had anything searched or questioned, much less seized. Practically, it's not worth worrying about.
Truecrypt provides plausible deniability - the capability to create a hidden encrypted volume within another encrypted volume, thereby allowing you to grant access to unimportant/dummy data when a password is asked for without the attacker knowing additional information even exists.
To do this you need the TrueCrypt bootloader installed, which is a dead give-away that you probably have a hidden volume. If you don't and they suspect of being a terrorist sympathizer you'll just get thrown in Gitmo until you give up your secrets.
TrueCrypt plausible deniability is useful against those who cannot employ deadly force against you.
If you're really concerned, wipe the drive, install linux on a small partition, use an encrypted network connection to upload the photos, then secure wipe the drive and install Windows XP on it for your border crossing. Better yet, get a $50 used laptop and leave it with a local school.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I just returned to the US last week from a month-long trip overseas. I brought my laptop along to store photos from my digital camera. The only time I had to remove my laptop from its case was at the airport (LAX) when leaving the US, when I had to put it through an X-ray machine. I didn't have to do it again when I returned (it still went through the X-ray machine). At no point was I asked about the contents of my laptop nor asked to turn it on. This was a marked improvement from 2 years ago, when I had to remove the laptop from its case and remove my shoes at every point in my journey (my trip had a connecting flight).
Or just say in a clear calm voice "That is not mine! I have never seen that before now!"
The only thing new in this world is the history that you don't know.[Harry Truman]
But the O.P. is presumably a US citizen.
Citizens of other nationalities cannot safely travel to, or stop over, in the US.
(Ask Maher Arar and the several other Canadians who were kidnapped at the border, and sent by US authorities to Syria to be tortured. And they are only the ones we know about.)
you had me at #!
I work for a provincial government in Canada. Pretty much every province (including mine) deals with US states on a regular basis, so we have employees going back and forth.
The policy we have now is that if you don't have to bring electronics across the border, don't. If you do have to bring a laptop, don't bring any data. We just purge everything off of it except a VPN client. Once you're across the border, you can VPN in and work on a virtual machine using remote desktop.
Its sad that its come down to this, but the US government is so rampantly paranoid that at this point its crossed the line into insanity.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
For security reasons, certain items need to be placed into plastic bags and put in checked baggage when traveling to the United States:
1. Batteries, including rechargeable ones
2. Containers of liquids
3. Osama Bin Laden
You're frightened because the Customs has always had the power to search persons and physical objects at the border without a warrant, or that someone actually thought it might be a good idea to extend the longstanding and repeatedly upheld border search exception to include data on electronic devices? If it has always been acceptable (and repeatedly upheld by the Supreme Court[1]) to search for anything else illegal at the border without a warrant, can someone make a good argument why data on one's person or in one's possession at the time of border crossing should be excluded under those same provisions?
Or are you frightened because you subscribe to the idea that the US has turned into a fascist regime, when the EU and individual European nations have their own laundry list of controversial laws and provisions attempting to grapple with how to handle electronic data in a legal sense in the continually emerging Information Age?
[1]:
United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985)
United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004)
United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
Store anything too private on a network drive or private ftp. Upload before you leave, download when you get back.
When they boot the system, all they'll see is Windows. Windows will ignore the Linux partition(s). For anything other than an anal-probe search, this'll be enough to keep them at bay.
It's unlikely that they'll do an anal probe search unless they find something else on you that worries them.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
"With the right accessorizing and appropriate leather:latex:chainmail ratio, you can ensure even the most intrepid airport screener will breeze you through in record time."
Hehe. Family photos huh?
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
for a family visit and also brought my laptop with me. For what its worth, during re-entry check at JFK, I was not searched at all, nor any questions about my laptop. The agent was actually very polite and asked "Did you enjoy your trip?" I was not looking forward to the re-entry check, but it was smooth sailing - Last time I visited Pakistan (2 years ago), upon re-entry I had to go to the special Homeland Security check room and was questioned quite a bit, but they never checked my laptop. Anyhow, considering I traveled to what is perceived as a dangerous country, I was pleasantly surprised that I was not subjected to such a scrutinizing search of my belongings. I'm guessing that the searches are somewhat random..?
Millions and millions of people travel with their laptops to all countries in the world. Just about no one has problems. Keep things in perspective.
Yes, you should be concerned about laptop searches and seizures as a general principle of public conduct. No, you shouldn't be at all concerned about your laptop on your trip.
They don't check small devices, now do they? I mean your laptop is subject to search, but what about your MP3 player? What's to stop you from imaging your laptop, stuffing the image onto to your iPod (or Neuros II if you like your portable electronics big, black, ugly and not grotesquely overpriced like I do), and replacing it with a vanilla Windows installation. Let's face it, merely running Linux could be looked upon as suspicious by some people. It looks different. A loyal, patriotic American would run Windows.
Anyhow, once you get past security, you spend a half-hour restoring your lappy and you're good to go. A 2.5" USB hard drive is about the same size as a (largish) MP3 player... are they likely to inspect, or even notice that? I doubt it.
Frankly, I suspect they are really concerned about physical security, making sure your lappy isn't packed with plastique, than what data you have on there. Demonstrating that it works is probably sufficient, unless you've been pulled aside for "special" screening, meaning they are worried about you, or more likely want to hassle you so people don't get upset when they also want to hassle the people who, for instance look Arabic, dress funny, have one way tickets paid for with cash, no luggage and are muttering to themselves, "Allah Akbar!" and writing out their wills.
You are in a maze of twisty little passages, all alike.
Try not breaking the law. You have already posted in a public forum that you plan on doing copyright violation. How smart was that? You also said what you were doing and where you were going. Why do I get the feeling that you really aren't that concerned about privacy, or you're doing something illegal that is going to draw attention anyway?
My suggestion to you at this point is to not bring your laptop at all. If you do, try bringing the actual DVDs with you and while you're at it burn your images to DVD too. They can't search those without a separate warrant.
You're being overly paranoid. As a Canadian who travels to the US a lot (and is scrutinized more than a US citizen) I can assure you, the extent of the laptop inspection is
"Please remove the laptop from it's case and put it on the conveyor belt"
Followed by an optional random swabbing.
You stand a better chance of having your insides inspected by a TSA agent than your laptop (cavity search, get it?).
Put them on a CD-ROM and mail it. Put a freakin britney spears cover on the CD if you don't want anybody looking inside; you can probably even bring it in your luggage that way without incident. I've brought laptops through US customs at least half a dozen times since 2001 without incident; I've had to take it out of the bag and once I had to open it and let it wake up so the federal douchebag could see that it wasn't running linux or some other commie operating system, but I've never been asked to open directories or files or had to surrender it for any closer inspection.
You're paranoid.
I've never had or even seen anyone having their laptop searched. They only do it if they feel you are being incredibly suspicious in the first place.. what these criteria are, we don't know (and won't ever know..) but it's safe to assume that 99.999% of people take their laptops through without incident, unless you're going through Newark, in which case you don't need to be under any suspicion.
After reading that news story I actually made sure all the stuff I had in my luggage when I came through Newark this August was ACTUALLY there (I just dumped it on a shelf and didn't bother to even untangle the cables) and it was so maybe I just missed him.
All in all, I'd be more worried about theft, or even the aircraft not plummeting from the sky because you have wireless turned on in-flight, than privacy.
On the October 6th, 2008 "This Week in Tech", Kevin Mitnik talks about how he now deals with taking his laptops in and out of the country.
TWiT 163: MitNicked
Assuming you are just taking snapshots I would not encrypt anything as that would arouse suspicion and a suspicious customs officer may invade your privacy a lot worse ways than flicking through your holiday snaps. Rubber gloves etc....
there have been a LOT of scary stories about this lately... I was concerned about the same thing... BUT... like some others have said, I have yet to see a laptop being inspected/confiscated. Two trips out of the country this year, one to Cabo, the other to Paris and Prague. No problems.
We flew into Munich, traveled by Train to Austria and returned to the US via Munich. We had no issues other than US Customs wanted to review the food items we were importing and declared. We knew that when we bought the Austrian chocolate and it took maybe an extra 5 minutes to go through the Agriculture lane for customs.
I did burn a DVD of my pictures as a backup, more in case the laptop was stollen than if US Customs wanted to retain the laptop.
Get over the paranoia and go see the world.
and only auto mount one of them.
A one time pad... with oneself. This is an excellent idea, as long as they don't subsequently search your home ;-)
I fly constantly, come back through US Customs at least once per month, have done so for over 4 years now. I have a Saudi visa on my passport and am back and forth to Qatar and Dubai as well as all over Europe. Not once has a Customs official ever done anything but say "Welcome home" upon my return to the US. Don't worry about it.
here is my idea about how to overcome the problem. When your hard drive is encrypted, with True Crypt for example, this is immediately visible to any observer. So they can take your laptop away or ask you to give out the password. Instead I would like to code a little utility, to pass the frontier :)
The main thing to notice is that encrypted data is, high entropy data with no meaning (if you don't know the algorythm and the key :).
So the idea would be to embed encrypted data in other formats that have high entropy as well, like compressed files or videos. If they try to open the video or the compressed file they will get meaningless and apparently corrupted data. So what? Haven't you ever had a corrupted video or compressed archive on your hard disk?
Obfuscate encrypted data as corrupted compressed data of some sort should fool them.
What do you think?
I fly to Ukraine or Russia every year and have never had a problem. They do check to see what I have in the computer carry bag frequently but nobody has ever requested I show them the photos on my USB Memory Sticks or even turn on the PC. Unless there is a reason, they probably won't bother.
Banjo - The more I know about Windoze, the more I love *nix
If you do your encryption properly, it simply can't cracked by anyone not willing to expend a lot of expensive computer time — if at all. Encryption gets broken by user sloppiness, social engineering, or (depending on your tin foil hat status) undocumented back doors. NSA magic only works in the movies.
But you are right about one's laptop getting seized and disappearing forever. The possibility of that happening would keep me from ever taking my main laptop outside the U.S., period. The existence of an encrypted file system might raise their suspicions, but they manage to get suspicious even without that.
If you have to take a laptop abroad, go out and buy a cheapie you won't mind losing. And if you decide to put your vacation photos on the laptop, you should make a point of not hiding them, so as to avoid drawing attention to yourself. Having an ICE agent see what you look like in speedos may be an embarrassing and pointless invasion of your privacy. But a little embarrassment is something you get over; becoming a "person of interest" is not.
Unless your pictures are very sensitive indeed, and it would totally screw up your life if the wrong people saw them. In that case, the last thing in the world you should be doing with them is schlepping them around on a laptop.
Why not just hide the living daylights out of the storage card? You can hide it inside a Reese's cup on the floor between the seat.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
An idea that I had a while back (and previously mentioned on Slashdot), but which I have never had the time to implement, is to use multiple layers of steganography and encryption over Fuse to make a plausbly-deniable encrypted volume.
The layers would be as follows:
This has advantages of being more deniable than a single large file of random data, unusable free space at the end of a volume, etc. Since the steganography layer would be storing essentially random bits, it would in theory be less succeptible to analysis which indicates that it *is* hiding information. (If you use high ISO photos, with a bunch of noise in the first place, this would probably be even better).
Can anyone think of problems (either implementation or theoretical) which I may have missed with this?
If anyone is interested in doing this with me, drop me a message... I am thinking of doing this in Python, as there seems to be a bit of encryption / steganography libraries already there... alternatively, if anyone knows of an OSS project which already does this, I would appreciate a link.
Cheers
I've travelled in and out of the US quite a lot of times in the last 12 months, and not being a US citizen you'd think they'd check better... well they don't , imagine that if they have to check everyone's hard disk, they'd take a lot of time for every board. At the most, they will ask you to turn on the laptop just to make sure it's a laptop and not a case that you use to put something else inside. Just be cool and don't start talking about privacy violations while you're waiting in line, that's the worst you can do.
The world is a tragedy to those who feel, but a comedy to those who think.
I've done this recently, not just for travelling, but for using networked, 3D accelerated games with rich multimedia that cannot enjoyably run in linux or even played without proprietary kernel drivers outside of a VM sandbox, and which blow normal security practices to bits.
What I did is create a normal linux partition, locked down but still highly usable for multimedia, gaming, and typical virtual machine usage.
Then on one of the internal partitions I created a second, entirely encrypted root partition for a second OS using LUKS. This partition is booted by connecting a USB key and booting from it instead of the normal internal MBR, then entering passwords. The second OS is reasonably secure, locked down, much more limited in functionality, and contains tools to audit the integrity of the multimedia OS and virtual machines, as well as backup and restore them. The USB key is modestly obfuscated so that by default it will boot the multimedia OS unless a sequence of keys are pressed.
At airports I boot the less-secured multimedia OS to show that it's a laptop. Casual inspection shows that it's been used recently and complete.
If someone cares enough to really dig in, notice an encrypted partition, and confiscates my laptop for that reason alone the cost of the laptop is the lower down of my list of concerns. If it happened, I'd probably switch to booting the secure OS fully from removable media like easily hidden flash memory.
If someone wants to threaten me for the secure partition's contents, including lie detectors, drugs, 'enhanced interrogation', etc.. Well that's honestly more than I am concerned with at the electronic level. But if I thought it was a real possibility and worth fighting against, I'd have some tripwire that would self-destruct the data on a particular password (perhaps obfuscated to look like a boot sequence that detects corruption and initiates a disk filesystem check), or not have any data of that importance on a typical laptop drive to begin with.
On the October 1st edition of Off the Hook, Kevin Mitnick talks about how he was recently detained in an airport because because the FBI told customs that he was under suspicion for cocaine smuggling. (A charge which he was cleared of in a matter of hours). It's a fun story to listen to, but the lessons boil down to:
1. You're still protected by the 5th Amendment if you're a U.S. citizen, even at the border. Although Mitnick consented to a search of his personal data and told the agents lots of stuff he wasn't required to, he did so with the intent of getting the whole thing cleared up so he could get out of there quicker. His lawyer later advised him that he only should have told them his basic personal information and travel plans and kept silent about everything else.
2. Don't carry any privileged, sensitive, or classified information with you when you travel. Even encrypted. In today's wired world and near-ubiquitous Internet access, there's just no excuse. You carry a "blank" trusted laptop with you and access your data remotely via an encrypted link.
3. The new boot-to-Linux-firmware feature on laptops is priceless at customs encounters. Maybe they'll pick up on it eventually (they'll probably consider it some devious deceptive thing), but for now it fools them into thinking that what they see in the flash-based Linux desktop is the whole computer.
IceT'd character would be proud.
What about magician sleight of hand? "I take out my storage card, I hand you my storage card... oh look, it's not the same one!"
What about a data cd with a Prof movie label on it? "Hmm... laptop, we'll take it. Brokeback Mountain movie, you can have that".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I'm no terrorist but this is how I do it. I personally don't trust anything. So I use a completely blank laptop and my Knoppix live CD. Then I mount my SD drive and push everything I need to save to that. Then I put my SD cards back with my camera, snap a few pictures and enjoy my flight. People only look at you weird when they ask you to turn on the laptop and it just does nothing. Either that or load DOS 6.22 on it.
Put any sensitive info (also encrypted, of course) on those little things. Extremelly easy to hide, especially if you're not targeted on any way and don't carry an adapter.
One that hath name thou can not otter
You could hide your pictures inside some porn downloaded off the internet...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Now that you've escaped, why bother tunneling your way back into the Stalag^H^H^H^H^H^H Soviet^H^H^H^H^H^H U.S.?
"Flyin' in just a sweet place,
Never been known to fail..."
I just went to Japan and back (flying in and out of Detroit), coming back on Sept 5th. So it's a pretty recent trip
I had a video camera, a still camera, and my laptop. I also took about (no joke) 1100 pictures.
Aside from all the normal security rigmarole, no-one ever looked at my laptop or cameras. I also did not see anyone else get any special attention paid to their laptops.
With going overseas, the only thing I saw as being important is that your passport is legit (and always out) and you aren't on any lists, and you go in the right line.
And don't bring back anything "funny". The people at customs and international security (generally) do not like funny from what I saw...
I did burn a DVD of the pics while there, and had most on a memory stick, as a backup. If you have internet you could do an online file storage service.
Flappinbooger isn't my real name
I travel outside the US all the time, only once (several years ago) have I ever been asked to open the laptop and turn it on. Once they saw it booting up that was all they wanted to see.
Im sure many others have horror stories about this, but for me they scan it in a separate bucket and that's pretty much it.
Buy a book. That won't break and can bend and if lost is easily replaced. If you buy second hand, you can even trow it away (or donate it) without loosing too much money. And if stolen, it is not a huge loss.
For the pictures you are going to take, buy some memory cards. Prices might be even cheaper in the USofA then where you are comming from. I have seen 2GB SD cards for 5USD and 8GBSD cards for 17USD. And if you are able to use SD, then you could even opt for microSD, which wil take no place at all. One adapter is all you need. I just put them in my wallet with my change.
Don't fight for your country, if your country does not fight for you.
Regular people, just doing ordinary legal business now need to worry about this?
What the fuck is up?
Doesn't this read more like an item that one would have expected to read - historically - by someone concerned about a visit to the Soviet Union, East Germany or Argentina? Looks like the Soviets didn't lose the cold war. There are just 1st and second runners-up, with both losers in a 15 year period, no? I mean, you fuckers used to have LAWS. You used to have a Constitutional validation of basic individual rights! But, I guess there are more important things to a nation, than the consent of the governed.
In America, Soviet Union becomes YOU! You fucked up, America. And now you no longer exist in any meaningful context. The only single thing that defines you as a coherent entity within your borders is the way in which you are taxed - without representation.
I don't know if I am angry or sad. But it is sad.
"Flyin' in just a sweet place,
Never been known to fail..."
Why not encrypt all your sensitive files and chuck them on an SD card. Put .RAW as the extension and then put the SD card in a camera. Simply chuck them back on your laptop when you've passed customs.
.
It would seem likely that USB key would be taken in for examination as well. If border security sees a key and a lock what happens when they ask you to open the door?
The border police on duty likely have no knowledge of TrueCrypt and its various technical modes (that information is above their pay grade)
That assumption strikes me as pure Geek - just a little too arrogant and careless.
Less of a problem in this particular case because I doubt any of those security agents will know what a software patent is. Still, if I use software that violates a patent in the US and if I bring a laptop with that installed into the US, am I committing a crime under US law? My country's constitution does say that I can only be tried under its laws, but I bet every country says that.
Going for the Quadratic pun: How about a fake-broken copy of Windows?
"Gee officer, I am such a dummy about computers."
See this traumatizing example for case study material.
http://www.youtube.com/watch?v=1JMuJ6Wy1j0
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This past year we took a laptop with us to Vietnam to pick up our daughter. (We blogged from our hotel a lot. We were awake most of the time anyway.)
Our jet-lagged child's first hour in the USA was interesting. Nothing cuts through the red tape and lines more effectively than a cranky baby screaming at 160 dB.
--- The American Way of Life is not a birthright. Hell, it's not even sustainable.
I will write here the same thing i said few months ago when a friend came with surprise for 'you have (if asked) to provide your encrypted volumes passphrase to enter US or you could be rejected!'... Is peolple who define these checks stupid ? Do they really think that who could have REALLY SENSITIVE / DANGEROUS data on his drive won't be able to encrypt them, store them online, and download them when inside the US ?
A far simpler, though more hardware based solution: Mail the drive to yourself.
That is to say, go out and buy another (small) hard drive for your laptop. Swap drives, and a couple of days before you leave, mail your real drive to yourself. *NOTE* Package it well!
Go through customs with a completely fresh install of XP, and pick up your real drive when you arrive at your destination.
Repeat the process in reverse coming home.
Of course this has downsides: you have to buy another hard drive, be able to switch it yourself, and you lose a couple of days of hard-drive transit time.
But on the other hand, the TSA will *never* see your data!
Ok, assuming you're not on the radar of the government, all you have to do is fool them into thinking you're a normal person.
Why not do one of the following?
1. Create a linux boot partition, but have grub not give you any time to choose (or to even see, on the screen, that grub is there) Your ext3 partitions wont show up on the windows side, and the airport guy will be none the wiser.
2. insert a micro sd card into your watch (there's room), or into a cell phone, behind the battery, or any number of nonchalant places of no interest to the airport guys. 3. Create a spanned rar file and rename each file to not have an extension and to have an ordered but uninteresting name. Count them down from 100 or something. And then disperse them into at least 3 folders, like system32 and other random places. Just remember what you ordering system is and where you put them! =p Hell, a single obfuscated zip file isn't going to set off any alarms with the TSA guys.
As long as your computer looks normal, they're not going to be as paranoid as you in figuring out where your stolen movies, music, games, enterprise software, and most importantly your porn, are at.
No need for outlandish encryption schemes. Old fashioned "walk out of the store looking like you own it" mentality is all you need.
Next: cry or act completely bummed out.
They will say "Let's restart it" and bingo: it happens again. They will let you pass. As you complain about Microsoft's craptastic OS.
Perfect.
And easy to undo.
RS
Shoes for Industry. Shoes for the Dead.
Recently I've bought a new 8 megapixel camera and with it a 2GB SD card. I was pleasantly surprised that I'm now able to store over 1000 pictures. So, goto to the US without your laptop but with your camera and while there obtain some cheap SD cards. 10 of em shouldn't cost your more then 100,- and that's over 10.000 pictures. Unless you're shooting a lot of photos it should be enough. It would also save you the trouble of carrying that laptop everywhere.
why data on one's person should be excluded...
I think if the person is, for example, a lawyer, the data in question could be protected by attorney/client privilege, and therefore they could face disbarrment for disclosure, even were it done under color of authority.
I imagine, in fact, that this is a real issue for lawyers attempting to operate on behalf of the detainees at Guantanamo Bay.
But I'll also answer the question in the subject, as to why it should not simply have an exclusion cause for lawyers, instead of being struck down for everyone: because it's in my head and they have no right to search my head. What's the difference between data in your head and data encrypted with a password stored in your head? To me, the data is in your head, and the data on the hard drive is just a useful memory aid.
Oh, and if the original poster is more concerned about them getting his data than about losing the laptop, make a one time pad, make a copy of it, put the copy of it in a safe deposit box, travel outside the US, and then after encrypting the data with the OTP, destroy the OTP so it is impossible for you to comply.
-- Terry
RS
Shoes for Industry. Shoes for the Dead.
I live in a border town, and take my laptop 'over the river' at least once a week as I use it for Microsoft Streets and Trips w/USB GPS and I've never had any questions about the contents, aside from whether or not I just bought it or was importing it (I provided the receipt upon asking).
I also had no issues taking my laptop to and from an islamic nation, travelling through 4 other countries at the same time. Nobody cared.
.
The international border is inherently a "no man's land."
Nothing is fixed or certain until you are safely across the line - one side or the other - and not always even then.
It makes perfect sense to limit your exposure.
In real life, spies hate gadgets. No matter how cleverly disguised, the gadget is always a danger. It's a lesson in survival the geek might usefully remember.
Do you even need to dump the pictures off your camera while you're still on vacation? Just buy another memory card if you're worried about space.
No sig for you!!
Store everything on the thumb drive, don't use truecrypt because you don't have anything to hide correct?
So why make it look like you do.
Alternatively contact the hotel you will stay in, UPS the laptop there then UPS it back.
My friend does this all the time to avoid border BS, and I can't express how stupid it is to check laptops...if I'm tryin gto get data in or out why would I leave it on my laptop?
FTP it, bit torrent it, mail it in a hard drive or thumb drive...but leave incriminating evidence on my laptop?
Only pedophiles are that stupid.
"If any question why we died, Tell them because our fathers lied."
Call me paranoid, but I would encrypt my data, put it on a thumb drive that looks like Mickey Mouse, and then put in a bag with a lot of other small toys. (Or upload the pix to flickr.)
"Is dis a system?" -- R. Crumb
Pack it in your backpack.
Security check? bite it, have a comfortable & pleasant conversation with the agents they want it.
don't spend a dime on encrypting shit. don't fsck around w/ yo wallet before the trip. save up some and have a nice meal or sth.
Pack up good dream and plan ahead your trip.
Trust me, i don't think its luck or anything. agents like me all the time. just keep above things in mind.
... and don't be overly paranoid :)
This year, I entered the US 4 times, I've been pulled aside 2 times, I never had to show my laptop. My colleagues have similar experiences. I can only speak about traveling between the US and Europe though.
Look, I hate that argument. In fact, I think it's one of the most disgusting, chickenshit and reflexively authority-loving mottos that only a mewling statist who pisses his pants every night in fear of a ripple in the public order would use. That said, the original poster specifically brought up his pictures as though he **knows** there is likely to be a problem. That does change things around and make even someone like me have to ask just WHAT IS he carrying?
Mike, I think you are discounting the paranoid angle here. After all this is Slashdot. There was recently an article about "compromising principles and making a facebook account thereby giving up privacy forever." I suspect this person has nothing worse than some extreme liberterian or socialistic rants, and some naked pictures of females obviously over 18. Maybe he has pictures of naked men or similar.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
You're right to be outraged about unreasonable search and seizure.
The people working on this are ACLU, EFF, I think Amnesty International, and some other similar groups. Maybe you want to forgo one of those umbrella drinks during your trip and send your favorite one a nice donation when you get home.
I've flown back and forth to Central Mexico over the last 4 years (usually about once a month) with a laptop, and I've never had immigration or customs even look twice at it. While I know they are searching some laptops and probably confiscating some I think the rate at which it's happening is probably extremely small and much smaller than the paranoid folks here on slashdot make it out to be.
In other words I think the risk of losing or even having your laptop are small enough that it really isn't worth the effort to worry about it, (unless you fit the "profile" of a terrorist that is.
Border agent: What is your reason for traveling today. ...
Geek: I'm talking to a company about fault-tolerant servers
...
and in this Powerpoint you'll notice that the two processors are running in
lock-step. Whereas, this comparator here looks at these two pairs of CPU's
....
Border agent: You may go.
Geek: Wait! This is the interesting part
Border agent: For the love of God, please go!
[Insert pithy quote here]
I am in US just now. They just wanted to pass my 2 laptops through X-rays twice when I boarded in SFO to Orlando. When I arrived in SFO, not even X-ray. Take care about your passport. I just got it stolen, and I have to wait here until the authorities of my state will move to make me a temporary one.
With a reasonably modern laptop, you have 100GB+ of storage space, TrueCrypt can pose as any file type. Even if they check ever file 1Gb or over thats still 100 files that would require checking. Somehow unless your pictures are in "My Documents/My Pictures/Porn" I doubt that an custom agent had the time.
Didn't you ever watch Hogan's Heroes? You tunnel back in to help the others and play tricks on the commandant.
First let me say that you're far less important than you think you are. Nobody is going to care about your photos. If they do, you must seem pretty sketchy.
Take some crappy holiday snapshots and stick them into "My Pictures". If they ask to see your holiday snapshots, happily show that to them without going off on some ranting libertarian diatribe. That will satisfy 99.9% of the population. Put the rest into a vmware image or something. If you get the resident TSA IT genius, you're probably getting the rubber glove treatment.
Buy a new hard drive for your laptop and do a basic minimal install on it. (If they keep your laptop, nothing to find.) Store whatever data you need on the internet somewhere (even your home/business server), travel with nothing on your HD other than the OS. Then work exclusively with online data and / or create a RAM disk for local temporary storage. Then put the data back on the network and shutdown your laptop... poof data gone. Then come back into the US.
This is becoming more and more common practice as it doesn't matter if your data is incriminating or not, it is company business and is therefore confidential.
"Computer Scientists can count to 1024 on their fingers" (non-mutant, non-mutilatated, human computer scientists)
But there are enough stories of some border guard getting into a huff if he even thinks you're hiding something from him, and confiscating the machine for later analysis. Encrypting is a good measure that they won't find anything when they do that, but you're out a laptop. Better to not give them a reason to even care.
:P Either keep the drive in the machine for the trip back so they can see a relatively clean XP install, or ditch the drive somewhere and do the grumble-gee-it-broke routine when they try to boot and it complains about no system disk.
Dual-booting is one option and, in my opinion, the best. Set up a small partition, put a clean install of XP on it, and set your BIOS to boot from that by default. Change the background and put a few totally innocent-looking, common icons on the desktop so it doesn't look so obviously fresh. Once you're through customs you put the BIOS back, lose the partition, and you're back to normal. They're not going to know about the partition where your real stuff is, and this method should work regardless of what OS you normally run.
Hell, you could even deliberately break your new XP install so when they boot it up, all it does is hang / blue-screen / throw some error and reboot again. Then you grumble and say you dropped it while on vacation and it's been doing that ever since. They're not going to give you the third degree about it, cause everyone's gone through it.
If you're really paranoid, pick up a little 10 gig 2.5" drive somewhere (they're practically giving 'em away these days) and put it in your laptop in place of your real drive. Throw XP on it, use it while you're out of the country. As for your data (e.g., pictures), either upload them or burn them to CD or DVD. Jam the DVD into your car CD player. It obviously won't play but they're not going to inspect your car stereo, especially if it's off.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
My answer to this problem is simple. Fill up your hdd with legal but really gross images. Old people doing sexy times would be a good way to go. Then, the snoopes are forced to get an eyefull of some saggy luvin! I guess you are too, to some degree. But punishing fascists is never painless!
Sorry, but if you take your laptop and any part of it is encrypted (especially if you have full disk encryption where you need to enter the password just to decrypt the drive and boot) you are GUARANTEED to get it seized because you must have "something to hide".
The only solution is to have a minimal install of windows xp (since that's what TSA drones will recognize) with NO DATA onboard. Keep all your data out on S3 (jungledisk) or some other service, and get access to it when you get to where you're going. That way if your laptop gets stolen (other than by the TSA who thinks he'd like your shiny new laptop) they don't have access to anything.
Remove anything that you are concerned about from the laptop.
Get a couple of flash thumbdrives - 16gb and 8gb versions are readily available. Carry them separate from your computer, use truecrypt.
Consider burning movies/music on DVDs. If burning pictures, use truecrypt.
Try to learn to deal with the emotions around someone snooping around your computer -- the ground troops are just doing their jobs, in long exhausting shifts, in exchange for low pay. If you want to address the problem of your privacy being abused, consider legal ways of changing the laws.
You realize of course this thread was initiated by the US Border Patrol Information Systems Agency...Keep letting them know what to look for.
Your sample size of 1 is clearly sufficient to establish a pattern.
Emailing is only workable if you are using small files otherwise on foreign sometimes useless connections uploading the photos is a problem. Solution Get some no name Mp3 player that has a cord nobody would ever find in there life, upload the photos onto the mp3 player, and toss the cord (I put mine in my gfs bag). Another solution I looked into was bringing a small screwdriver, taking a USB key and removing the casing then inserting it into the innerds of my laptop so it appears as just more computer junk.
Just put all your data on a removable volume and label it "NSA Military Phone Sex Tapes - Top Secret." Customs agents will have already heard the most juicy .mp3s and your volume will be passed over as old stuff.
I travel in and out of the U.S., the U.K., and Spain every couple of months with my laptop, and sometimes with an additional computer, and I have never been asked to show it to anyone nor have I seen anyone else having their laptop checked. The security in Heathrow doesn't even want the laptop taken out of the carry-on anymore, and the U.S. customs rarely looks at anything from anybody that I have seen.
There are a few good articles from the EFF:
EFF Answers Your Questions About Border Searches
http://www.eff.org/deeplinks/2008/05/border-search-answers
Protecting Yourself From Suspicionless Searches While Traveling
http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
...but you can't quite say the same thing about your USB device.
Here is another level of paranoia. What if they install a keylogger to snag your password after you refuse to give it?
Carry a copy of the 4th amendment.
So in a couple of months all the l33t slashdotters a going to be smuggly waking thru border checks, with their hidden linux partions, truecrypt archives.. And the friendly TSA worker is going to pull out a USB key that checks for all the helpful suggestions posted in these comments.
TSA worker asks you 'are there any pirate movies / mp3s on your laptop?'.. are you going to lie? how many people on the flight saw you watching 'big momma's house 3'? can you afford to be without your laptop for a couple of months?
I say bullocks. Okay, so you encrypt your drive with truecrypt. I imagine the exchange at the border will go something like this:
Border Agent: Okay, open your laptop and log in.
You: Okay... (logs in...)
Border Agent: Hmm, you've got TrueCrypt installed. I'm going to need you to give me the password to your hidden partition.
You: But I don't have a hidden partition (And maybe you don't. But it's irrelevant; you can't prove that you don't)
Border Agent: Why don't you just give me the password?
You: But I don't have a password; I don't have a hidden partition!
Border Agent: (taking away your laptop) You'll get this back after the NSA has cracked your hidden partition, or can prove that you don't have one. Have a nice day!
You: What!?
Border Agent: I said, have a good day.
The best bet you've got is to have a relatively clean laptop with the usual files: pictures of the kids, cookies from gmail or Yahoo, etc...
If you need to encrypt it, use steganography to hide it in your pictures of your kids, or that video you shot of dolphins at Sea World, etc... Because nothing attracts attention from law enforcement better than trying to hide something from them. The fact that you don't have a hidden partition is irrelevant; because of the fact that TrueCrypt makes no secret of this feature means that Law Enforcement is going to assume you are using it. It's their job to be suspicious...
The society for a thought-free internet welcomes you.
What's the point in lying to a law enforcement official that's questioning you? Ultimately you could land yourself in a lot of trouble, and I suspect the better border officials will have a good sense for your body language if you are lying.
Are you really required to hand over keys without a warrant? If its your employers data thats on there then you can surely hide behind a corporate policy that says you can't share your keys without a search warrant.
Honestly, i've traveled in and out of the US numerous times with laptops and never had they even ask me to so much as turn it on. If you have any data so important that it can't possibly be compromised, you probably don't need to be carrying it.
The way your dad looked at it, this Secure Digital Card was your birthright. He'd be damned if any slopes gonna put their greasy yellow hands on his boy's birthright, so he hid it, in the one place he knew he could hide something: his ass. Five long years, he wore this solid state media device up his ass. Then when he died of dysentery, he gave me the memory card. I hid this uncomfortable piece of plastic up my ass for two years. Then, after seven years, I was sent home to my family. And now, little man, I give this Sandisk Extreme 8GB SDHC card to you.
Create a bunch of hidden volumes, and fill them up with softcore porn. If they really do challenge you to give them access, you can go ahead and do it and explain that you needed to hide it from your girlfriend.
Unless you area on a watch list then they really won't care to wade through your massive collection of jpegs to find the small amount of important data.
I take 3 international trips every year (next one coming up in 3 days) and I've never been asked to turn on my laptop except on one occasion on a domestic flight in Italy 3 years ago when security (police there, actually) asked me to turn in on and log in just to make sure the laptop worked and wasn't just a fake laptop used to smuggle stuff.
There is a bill being debated in the US Congress right now to limit impoundment of laptops to 24 hours.
Those are my principles, and if you don't like them... well, I have others.
And one of the places that I brought my laptop back from was Iraq. Have never had a problem, and never had to turn the laptop on. They swab it and check for chemicals on it, and x-ray it but that is all. Of course every time I was traveling for business, and had a tools of the trade letter for my laptop.
The funny thing is I brought my laptop home from Iraq, and the only thing they gave me a hard time about was the hookah I bought in Iraq....
Go figure....
The worst part of being athiest.... You don't have anyone to talk to during orgasm!
Save yourself some trouble.
Burn them to a friggin DVD / CD and mail them home.
And yes, you are WAY too paranoid. Unless your making a snuff film, not much else would get you in some trouble in the states. (I can think of MANY things, but not many that a slashdot person would do).
You think your personal privacy is that important, eh? Serious question, as I don't give a fuck what someone finds on my laptop.... Is it privacy, paranoia, or just being a nerd?
--Toll_Free
Most states have a fixed time that they consider "speedy". In may states, that time is 60 days. Generally speaking, they cannot change that period even if you were a serial killer.
Instead, what they do is convince you to waive your right to a speedy trial so that they can "properly represent you", or some other such nonsense. Just recently, prosecutors in my county putt off a trial again and again on the basis that they "could not find" the complainant. When the defender finally stood up and mentioned "speedy trial" to the judge, the case was thrown out. But it took the defendant's lawyer to speak up... and the lawyer let them get away with two or three extensions before doing that.
Make sure to demand your rights, even to your defense attorney. Otherwise, they might not be observed.
How about one of those Eee PCs. Put your operating system, or "personal data", on a card, stick it into the card slot. Remove when not in use.
I know there are people out there who have had terrible experiences with the TSA, but the chances of this happening to you, or to any particular passenger, are absolutely tiny. In order to "qualify" for such an invasion of privacy, you'd have to be pulled aside for individual screening (I'll call that level 1 inspection), have your carry-on + laptop hand-inspected, including turning the laptop on, and then have your laptop not just turned on, but painstakingly examined (lvl 3). Frankly, if you're at lvl 3, you're probably about to get strip-searched, which means the TSA is about to see most anything that might be in the photos you want to protect.
More to the point, if you're at what I've defined as Lvl 3, refusing to work with the TSA (i.e., by refusing to decypt a TrueCrypt partition for inspection), is only going to get you in more serious trouble. At this point, you're in a room, in your skivvies, and the guy sitting across the desk does not feel overly inclined to give you a phone call or access to a lawyer. In such a situation, your absolute best bet is to smile, comply, and show the nice man whatever it is he's interested in seeing. Then get the heck out, and take what legal actions you feel are necessary *after* you're released.
In short, the reason I think you're being overly paranoid is because the likelihood of you being inspected to such a degree is extremely low--and if you *are* inspected to such a degree, it's in your own absolute best interest to comply. If flying makes you nervous, if you have a habit of joking at improper times about improper topics when nervous, or if you simply feel there's something about your appearance, dress, or manner that makes you more likely to be selected for inspection, I respectfully suggest you spend time working on these behaviors, instead of encrypting your hard drive's contents.
1.- You don't need a laptop to travel. Honest. You don't, don't become an Apple posseur. The world is not going to end if one reads a good book, watches the on flight movie or sleeps instead of continuing plugged to a damn computer.
2.- There are mobile devices that exist specifically for:
a) Watching movies.
b) Backing up memory cards (gosh, how many pictures can you take? In my last holiday I needed 2x4GB cards, which is enough for 8 hundred pictures at best quality, so the need of even this device is questionable)
3.- The world is littered with internet cafes. Use them.
4.- If your hotel does not provide internet access why are you staying there?
Honestly, the best solutions are normally the easiest ones.
IANAL but write like a drunk one.
Remove all personal data from the laptop. SFTP or SCP your photos to a friend before you come home. During the flight home, wipe your drive.
The most secure data is data that isn't there at all.
Use two hard drives. One concealed in the luggage, or sent by Fedex/UPS/mail, fully encrypted. Backed up for case it'd be intercepted. Another one with a fresh install or known-good image in the laptop itself, so the laptop boots. That way, there's nothing to find during eventual search. You can either make the laptop some "history", so the OS looks used, or claim that it is a business machine and a fresh image is the company policy for overseas travels; many companies actually do so now, so it is a plausible legend. Also, look unimportant, a small grey corporate drone on a trip.
One lesson from an incredibly expensive joke of a "terrorist" case in Australia is that a photograph of a landmark is proof you are going to blow it up. Be careful with those holiday snapshots!
I don't know if there's anything like it in Australia but in the US we have this handbook, "The Photographer's Right", photographers started to carry. In a photography class in college I was taking when 911 happened, we heard about how photographers started to go through questioning when they were taking photos. One student there was working on a class assignment when police or private security personnel tried to confiscate his camera. It was a bizarre tyme for photographers then.
Falcon
Should there be a Law?
According to briefing my boss gave me recently, Truecrypt would not help: If they really wanted to see your content they could ask you to show it to them or alternatively confiscate your laptop and decrypt it themselves.
TrueCrypt doesn't just encrypt data, it hides data. You can create a folder on a device, it works with USB Flash drives as well as harddisk drives, when someone opens the folder the folder is empty.
The latter would mean you would probably not see your laptop again.
That is scary.
Let me tell you: As a European scientist I am even more frigthened now to go or even move to the US.
I live in the US and in a few years I'd like to go to Brazil but all the stuff that's going on today makes me wary about trying to get back into the US.
Falcon
Should there be a Law?
I dont think boarder guards are so concerned about security. Heck, i'm driving down to mexico right n
User name of Casualsax3, trip to mexico, afraid to show vacation photos?
What, Date Line making Florida a bit too dangerous for you? Have to go down to mexico for your kicks? I guess Thailand would be a bit too suspicious.
Get a sub-notebook, like the Asus EEE PC. Small and cheap (starting $300 or less), built-in wifi, webcam, 3 USB ports, SD card slot, and runs on Debian or Windows. Get a slim external DVD drive for DVD movies. Get a 2GB+ SD card or USB flash drive, put your personal files there with your CHECK-IN LUGGAGES, NOT carry-on. Encrypt if you want. Use your sub-notebook (laptop) and flash storage during your trip. Before coming back to the U.S., put flash storage in CHECKED-luggage, wipe laptop to factory settings, if you need to (can be done in under 10 sec. with the EEE PC, and already has all drivers and apps loaded after factory reset), bring it with you on the plane. If customs take it, they won't know how to operate it most likely due to unfamiliarity with Debian, or they'll find nothing. If they seize it, heck, you lost barely $300. The plane ticket probably cost you more. Plus who cares, your data is safe, wrapped inside one of your pair of underwears in your checked luggage.
http://www.palmzone.net
An option is to always make the computer unbootable.
/. been lurking for years though.
The idea has always stuck with me is to install a bootloader on a flash drive. When the computer boots it will look for the bootloader on the flash drive. If the drive isn't plugged in you won't be able to boot, if it is you're fine. Just keep the flash drive somewhere hidden and inconspicuous (wife's purse or something).
Though it would be easy to get around you would need all of the following:
1. Someone at airport who knows enough about computers to know whats wrong and how to deal with it.
2. Be under enough suspicion to warrant the governments time to deal with your laptop.
3. Take the hard drive out and put it in another machine to read the data (If you're using Linux then make the drive ext3 so they'll have to find a non-windows machine to put it in).
Like many in this thread, I've heard good things about TrueCrypt, you may want to give that a shot.
Also, first time posting on
im actually facing the same situation right now..... im moving out of the country on november 3rd (western australia, and then off to Florence Italy) and i dont want people accessing my private data when i come back to visit family and stuff either. So I just got a 1TB drive, im currently encrypting it with TrueCrypt using the Hidden Volume encyption scheme thingy (technical term), and then dumping my data into it... im buying a new laptop (lets go apple.. dont let me down on the 14th!) and it'll just have a clean install of OS 10 on it.
the point isn't whats on my drive, the point is my privacy.
dreemkill.
Having passed through both international and US customs, the questions you'll get asked will vary as will their expectations, but I've never had them make me show them my photos. The most important thing is to listen carefully and do nothing without them asking - or you'll spook them. For example one agent asked me to take out my laptop, and when I stood there idle they asked me to open it and boot it for them. Once it got a desktop they thanked me and sent me on my way. The next one asked me to take my laptop out so I went to boot it and they dove saying "NOOOOO!!"
So don't act until they say ;)
BUT - you ARE travelling with this laptop, you need to be prepared for the increased risk of loss and theft:
* Bring the CD you reinstall your OS from with you! BRING IT!! A quaint town in Italy is not a good place to buy an English copy of OSX or beg someone to use their dialup and clunky machine to download Ubuntu!
* If you want to encrypt your files in case of theft, go for it. The problem with Full Disk Encryption is it does nothing for a stolen, running machine. I've had a laptop stolen from right under my fingertips - it can happen! I like to keep several TrueCrypt "disks," separated by activity, and only unlock each disk as I need it with a timeout set on TrueCrypt. That way a stolen, running machine is likely to have few or no "disks" unlocked, and it will likely lock itself back up before they come across the files.
* Backup your stuff. My favorite right now is DropBox. It works on Linux, Windows (XP and Vista), and OSX, it's dead-simple, and the first 2gb are free. Put the stuff you'd be saddest to lose most on there. Photos you take abroad, new code you write, that sort of thing. You can even put your TrueCrypt disks in DropBox.
In summary:
* Be nice to airline security
* Plan for hard drive implosion
* Plan for OS failure
* Plan for theft (even a running machine)
Keychain USB stick. With an operating system on it. It's all the rage. I have one. But don't go to the US unless you really have to. Not a good place to visit.
I travel frequently inside Europe. The only thing that they sometimes (keep in mind, sometimes) check is they ask you politely to power it up and they take a look while you're holding the laptop if its actually a real laptop. That is that it boots to some kind of desktop or user login. Its just a method to make sure the laptop battery is not made out of C-4 wired to an electronic board or that somehow the entire device is not a bomb.
My advice, I would just hibernate the device, no password, have it boot up to the desktop with a mexican themed wallpaper. Thats about as normal one would get upon returning from Mexico. Burn the data on a dvd, just to be on the safe side. And stop being so paranoid. Its this type of mentality that further enforces f**ked up policies.
A swab of my laptop tested positive for nitrogen on my way back from the Dominican Republic. This delayed the flight for 20 minutes as they reportedly poked and prodded it inside a blast container. Incidentally, they never asked about the TrueCrypt partition.
Go ahead encrypt your drive. While doing that, please bear in mind that an encrypted drive may seem more interesting to goverment agencies than just a plain "clear-text" drive with innocent pictures.
And they have probably seen amateur porn recorded in a motel many times before (in case this was your concern)
a 16GB high capacity SD card is going for around $40 bucks these days. encript 15GiB of it and leave the rest for random photos. save you data on the encrypted partition and put it back in you camera. photos pull up, data is encrypted, and hardware is clean.
--- haasta IT consultant | Web Programmer
A recent court decision has affirmed that Fifth Amendment protections apply to encrypted data ... if the password is in your head, you can't legally be forced to reveal it.
There's bad news too, judges have ruled US Customs can confiscate laptops. And if they do you don't know when, or if, you'll get it back.
Falcon
Should there be a Law?
Such a plan is an invitation for disaster and confiscation. Don't think for a second that encryption isn't a red flag.
CodeBuster is talking about using TrueCrypt though, which hides volumes so they don't even show up on the storage media whether an hdd or a flash drive. The data encrypted is in these volumes.
Falcon
Should there be a Law?
Being a foreigner from a so-called friendly nation, I'm used to the rediculous and non-privacy respecting entry into the so called land of the free. My laptop contains an OS (well, two: XP and Linux). All documents and other stuff are on the net or on SD-cards. Should I have anything to conceal, I would get data in and out of the US like I assume any criminal/terrorist would do: over the internet. Send it encrypted by mail, store it on online-backup, hell, you could even store it on gmail using GFS. In short, this is one of many US measures that only invade individual privacy/freedom of innocent civilians. The real culprits have zillions of ways around this. I can hear Osama laughing his head off in some cave in Afghanistan. I say: keep it up. Given the rate you annoy allies and the way you run your financials, it will be soon that the US is no longer of importance and there is no need to travel to the US and you can celibrate your constitution among yourselves.
And can tell you that you shouldn't really worry.
:END QUICK SUMMARY.
On top of this, I just went out of the county with my laptop as well. No problems so far (although re-entry seems to be the big issue.)
While I have not received my bar exam results, so I am not a lawyer (yet), and you should always consult a lawyer with legal questions, here is what I can tell you:
QUICK SUMMARY:
They can search your. Decryption will likely not matter much. They will likely NOT search your (sheer volumes). Searches are mainly used to find possessors of child pornography. Your risk of a search rises if there is something that leads them to believe you may possess child pornography. MOST IMPORTANT THING is to NEVER CHECK YOUR LAPTOP LUGGAGE. Airlines are worse than the government in this regard. Good luck, and IANAL. If you have more serious questions, consult an attorney.
The US has the right to search your laptop. All of it. They even have the right to copy your drive and search more later.
This sucks. Is questionable against the Fourth Amendment. And people in Congress are working on it.
For your trip, it is unlikley that you will have an issue. They do not invasively search each laptop that cross the border (even though, legally, they can).
Even if they DO search your laptop, it is unlikely they will physically open your computer. (If, however, they feel you may be trafficking drugs hidden inside . . . that's another thing.)
To give some perspective, the power to search laptops is often used to find child pornography possession. So, if you have some reason to believe the government may view you as a person who may have child pornography, then there is a greater chance you will be searched. (Yes, here, more types of profiling is legal, and the government DOES NOT need a reasonable suspicion for the search.)
Also, decryption is not necessarily a good move. Why? Because the government can get through the encryption. How?
Whole hard drive copy. Subpoena requiring you to give up your password. Things like this.
Also, it may make things take longer.
On a purely practical side, I would worry less about the government and more about your airline.
DO NOT, EVER, CHECK YOUR LAPTOP LUGGAGE! The airline has a disturbing tendency to lose luggage containing laptops. In fact, my own experiences with a lost laptop should serve some warning.
This is where encryption would be good -- encrypt private files (such as tax forms, passwords, financial files, and other important documents) that you keep on your computer so that if it is lost or stolen, no one will steal your identity.
Good luck and have a good trip.
- John
I dont know if its because im military or not, but ive flown to and from the US 3 times each since this bill or whatever it is was proposed, all 3 times from Germany to the US, 2 times from the US to Germany and once from the US to France...and I have never been asked for my password for my laptop. While I have nothing to hide, anything I dont want to be seen isnt on my travel laptop, but I still never been asked. This is just my experiences.
I tried tooling around with TrueCrypt a while ago, creating a hidden operating system and all that. I don't know if the process confused everyone, or just me, but does anyone know of any good guides out there that show you exactly what to do? Idealy I'd like to install XP or even Ubuntu on one partition, the one I'd show off to customs inspectors because it's either light on resources, confusing for them to use (hehe) or both, and have Vista on the other (laugh all you want, I like it). I've yet to find a really good step by step guide though.
I do like the idea of using a live CD and SD cards though, that'd throw um off!
...I backup everything, encrypt, put on a free web storage of some kind, take a knoppix,
...
dd if=/dev/zero of=/dev/sda bs=4k
pass the border with knoppix, leave the knoppix to them if they want, buy an other knoppix in the us, download everyting and live happy?
if they ask you why you did it, easy: i heard you were searching, i didn't want to lose my plane while you were searching, so i don't give you anything to search!
do you think it sounds too suspicious?
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
How do we fight and win against this? How do we successfully demand that the government cease and desist from such depredations NOW?
My solution is:
1. Find broadband (eg. your house, hotel with wifi, cybercafe, wifi at airport).
2. Put the data you want on a server somewhere. Protect it as required. I usually consider having it on a directory that can be only downloaded over SSH as sufficient.
3. Clean your laptop of anything dodgy. Leave shred running overnight.
4. Go through customs with clean laptop.
5. Find broadband (eg. your house, hotel with wifi, cybercafe, wifi at airport).
6. Download the files you wanted.
There's simply no need to take data on physical media through customs, provided both ends of your journey have broadband.
Andrew Oakley - www.aoakley.com
Instead, if you really need to work for your company, put a VPN client on a bootable CD and bring that with you. I don't know if Windows can be used that way, but Linux can. If you go on holiday, find something better to do than hanging over your laptop - there is a world out there to be discovered.
As for photos and videos - just keep them on memory cards till you come home, or if you are worried about customs officers looking at them, upload them to a place where can download them from later. And why bring videos and music with you at all? Read a book; or if you must, bring a media player instead of a laptop.
It is up to the individual whether they want to fight this fight, of course, but most of us probably have worthier causes to spend our energy on, when it is so easy to just roll with the blows and ignore the idiots; against stupidity even the gods fight in vain.
I find it interesting that without exception, as far as I could see, the replies here were all "hell yes, keep the government out of your laptop." One person asked what the photos would be of and didn't receive an answer that I saw.
A few days ago a friend of mine told me that on arriving on a flight from Asia at a European airport the police detained a number of single white men and checked their computers and cameras for child pornography.
How would you feel about helping such people escape detection? Or providing tips to terrorists? Is your data really that confidential? Why? Explain.
If you were to say "I am a European and I fear targeted espionage by the US government for commercial reasons" then your fears would be probably be legitimate if you worked for a large and important company competing with large and important American companies (it's happened before).
If you were to say "I am not white and my middle name is Hussein and I have spent time a muslim country" you might find yourself receiving extra attention from insecure, paranoid, uneducated people.
I have had my laptop contents checked at a European airport about 10 years ago. People were importing laptops and avoiding tax on them at the time, so I took the precaution of taking my purchase receipt with me. It was checked and the laptop was inspected. It was clear to me what happened: the guard checked the dates in the root directory on the C: drive against the invoice. He said nothing and gave it back to me. Had the dates been very different, suggesting a forged receipt I think he'd have taken a closer look and I'd have had to answer some questions.
Yes, it was mildly annoying. On the other hand, the taxes I paid contributed to his salary and he and his fellow workers apprehend drug smugglers, illegal immigrants, fleeing criminals etc. on a daily basis. At that time child pornography was not in the news. Now we find that cheap airtravel, digital cameras and poverty in some countries adds up to a magnet for some people. Thailand and Cambodia are not the only countries they visit.
I don't know about the US constitutional position re encryption but it seems to me that America's customs officials may now subject the poster to a very thorough proctological inspection on each and every occasion.
Copy all your photos to a usb flash drive or sd-card and just post them to yourself. Alternatively just upload them all to Flickr and make them private (or not). Better yet, use both methods. I woudn't bring a laptop to the states at all, use cyber-cafes to access your files and back them up on Flickr or other sites. http://pix.ie/ is another great photo site, is completely free with no upload limit. Rob
Maybe you should leave your kiddie porn at the beach instead of trying to save it to your hard-drive you freakin' loser. I don't think encryption software will help you out too much... This is based on my assumption that you obviously don't know how to hide things on a computer in the first place. I think you'd only arouse suspicion by installing an app and not having a clue about how to hide the encrypted data. Security Guards aren't rocket scientists... and apparently, neither are you.
if you put a Live Linux disk in your CD drive and put your hard drive in your checked luggage you should be fine
Bob at customs desk 3 won't be avil to tell the difrence
null
I never travel with sensitive data on my laptop, just because I don't want to loose it to anybody. That be customs or some scum snatching it. All that data is on my server back home, so I can grab it from pretty much anywhere. Might cost me a few coins to go to a Internet Cafe, is I have to, but it's still OK. I also upload my stuff to the server. IF I have something I want to hide in a hurry, I just put it in a . Dir (running Ubuntu). Yeah, it's easy to find, but people don't know how to show these Dirs in a UI anyway. I don't bother to encrypt the disk, if I feel it's not safe to cary on me, I upload it first thing.
Put your real data and OS on a bootable USB drive. Keep it separate from your laptop. Encrypt. When asked about the laptop, boot and demonstrate the installed OS if necessary.
If you are afraid they will investigate the USB drive, make a bootable SD card with your data. Keep that in the your digital camera or camera carrying case. Few would suspect your OS and data are stored there.
You could even put your data on your USB watch.
One ring to bind them - should probably have more fiber and less rings in their diet.
Maybe a bit of social engineering?
... damn! It's done it again! Sh*t...
Someone should make a program that's easy to install and remove that makes Windows generate a BSOD (reliably) on startup. The BSOD might just be famous enough for the security guard to recognize it.
Inspector: Can you please start up the laptop sir?
Owner: Sure thing, but it's been crashing on me lately. I've got to get my IT guy to look at
I: Haha, my laptop was doin that when my kid messed wit it.
O: That might explain it! As I recall, I let my son do his homework on it just last week and it's been acting weird since. Thanks for the tip!
I: Hey, not a problem. Actually, I'm pertty good with the interweb too, cept once I went to one of them phishing site for some fishin tips, but even when I paid the stinkin $1 fee with my credit card, there weren't no tips or nothin! Just watch yourself sir, it's a crazy web out there. On your way!
unless you have the original disks on you. Having "contraband pirated media files" on your drive is pretty likely to give them probable cause for a seizure. Without the original disks, there's no way to back up your story while in the airport, and even with the disks you could get unlucky. Customs has forms and things you can do so that you don't have to pay import duty on the "Made in China" camcorder you bought before you left. They may have similar forms and procedures for media you've already bought and paid for.
We are the 198 proof..
How about create a new partition in whatever OS you're in, store whatever you want on it, and don't mount it? $10 says they don't know UNIX/Linux nor how to use the Computer Management tool in Windows. If they don't see it as a drive, they can't really look at it, can they?
Now, if they confiscate it, I'm sure the person looking it over would be able to so encryption might still be useful. But it's a quick and easy solution. I do it to hide... things... from family/friends
-SaNo
Don't forget your tinfoil hat either. You won't be able to wear it through the metal detector though...
If you don't know what you're doing, you can't make mistakes.
In general you are being over paranoid, I look very middle eastern. I have been pulled aside a lot of times, once even 3 times on the same flight (talk about profiling). Anyhow, never have they looked at my laptop. They do often ask me to boot while passing through a X-ray scanner, however on the other end I just turn it off and slip it in my bag.
Further, I carry a PDA phone, has a 8GB microSD card in it, never have they looked at that.
If I was carrying nude pics of my girlfriend/wife (both), I would just encrypt them, put them on a SD card and slip it in my pocket or wallet. Of coarse, that is if I'm unable to upload them from my vacation to my online drive/server. In the later case, I just wouldn't carry them on me personally.
Alternately, I would encrypt them and slip the card back in my camera.
Having said all that, this comment may not even see the daylight.
Somehow, I think that presenting the Border Patrol with a laptop that boots into Linux is going to add a few points toward qualifying for a VIP interview. Not that I would let that force me to use Windows....
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
This plan requires a laptop, flash drive, and some blank cds.
Have a laptop fully windows, nothing suspicious. Rip your movies to it like normal.
While on vacation, rip pictures to your laptop. Reboot into nix live on your flash drive. Tar all your pics, encrypt, and write a straight encrypted image to a cd. No fs on the cd. Then write "country mix" on it.
If anyone asks, it's a country mix you burned, but it must have gotten scratched or didn't burn right or something like that.
If you really wanted to go all out, you could even make it a real 9660 image. Just leave some space at the end, and tack on the encrypted tar.
Just wipe the pics from your laptop, and noone should be any the wiser. The downside is that you'll have to download some country/pop/some-sort-of-popular-bs for your mix.
Billy Brown rides on. Yolanda Green bypasses Gary White.
I'm not exactly a frequent world traveler, but I've been to Taiwan and back recently for business and saw no sign of DHS checks on anybody going through US customs on the way out or in.
On the other hand, using encryption for private data is a good thing. I've been using TrueCrypt for all my personal and business data for over a year. It is easy to use, reliable and offers a spectrum of encryption feature from encryting and hiding volumes to simply having an encrypted file that is a virtual encrypted "drive".
Either he's breaking the law, or he's incredibly paranoid
That's a false dichotomy made by almost every moron with the "If you have nothing to hide, then you have nothing to fear."
Here's another option, maybe he wants to choose who gets to see his pictures.
The right to privacy is important. Not wanting some minimum wage power-tripping ape going through your vacation slideshow and making fun of you because he doesn't like your face doesn't make you a criminal, it makes you human.
Wanting to choose who gets to see my pics isn't paranoid, it's human.
Right NOW all the shit YOU do isn't illegal...but in 5 years, who knows?
Smarten up. Protect your right to privacy or lose a lot more than your dignity.
"I'm not a procrastinator, I'm temporally challenged"
.. before coming back to the US. Or record it to blu-ray/dvd, and ship it back home :P
After all is secured somewhere else, delete from laptop and be happy.
Buanzo Consulting - 15 Years of GNU/Linux experience, for you.
Since these kinds of inspections disgust me in principle I refuse to go to the US with any data at all, is not worth it, SSH serves me well and gives me peace of mind.
Now the problem is that carrying a freshly formatted laptop could still become a liability. What is the probability of getting detained for not carrying personal data on a laptop? Would they even notice if there are no personally identifiable data, just generic stuff? If so how much decoy data would be enough? Do you have any recommendations for what kind of stuff to take with me? Do you think an empty windows installation safe after all?
I'm not concerned about having my laptop searched, I just ASSUME they will. What I'd really like is to not be permanently tagged in a government database as Shipable-to-Guantanamo er... I mean dissident.
But... the future refused to change.
They want to find porn and/or stuff to hand over to the RIAA.
If you put movies on your laptop, delete them after you watch them or before you come home.
If you have a reasonable amount of music you should be safe.
They won't care what your pictures are unless they are pornographic.
But for absolute safety, you must save your pictures to some other device you're not carrying with you in case they decide to take it from you for whatever reason they make up. A network backup is the best bet, and using an encrypted service like JungleDisk is very smart.
Definitely image your laptop to a USB drive you leave at home before you head out, to make recovery faster.
The only ``intuitive'' interface is the nipple. After that, it's all learned.
When dealing with the Almighty Government, encryption is not the solution. Stop believing in this myth, they can find their way into your crypt vault, one way or another, if they really want to. And no, cracking the encryption is not their only tool.
With that being said, I am going to install Ubuntu 8.10 on my laptop and all my workstations as soon as it's released at the end of October. It has a very neat feature - it allows you to create a Private folder which is encrypted. You can then move things such as your Firefox files into that folder, and symlink them to the original location. Anything you move into Private gets encrypted. Very nice.
Again, this is not to "protect" my data against Three Letter Agencies, but to prevent snooping from nosy sysadmins at work, to prevent data theft if my laptop gets stolen, etc. It's not perfect, there are ways around it, but it's better than nothing.
As far as the Three Letter Agencies are concerned, I have nothing to hide. That's probably the best policy.
I have travelled to Europe for business about 40 times in the last decade. Always loaded with photographic equipment and computers. Only once was I briefly interviewed going into NL and once coming back into the US.
The original post seems overly dramatic. It is routinely much worse for non US nationals . They have to under go the disgraceful biometric scan.
How exactly are these searches done? I keep personal stuff in a small encrypted disk image on my Macbook. It's just like any other file except when you double click it, it asks for a password. Is it really even likely the TSA would look through my files that closely? I'd think they'd just go into my movies and my pictures and do a cursory exam of the filenames to make sure there's nothing suspicious. I really doubt they'd take the time to randomly image my hard drive, and if they did that they wouldn't notice the encrypted volume until I was gone anyways.
I can see it now .. Everyone listen or we'll .. *censored* ..
while holding a dildo at the flight-attendance head.
There is just no terroristic market in sex toys...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Burn a CD and mail it to yourself from Mexico. Burn another CD and put it in your bag. Even if your laptop gets searched, it's unlikely that anyone will notice either burned CD.
You've missed the whole point of my post
And you missed the whole point of my post.
Swap files which, unless the whole disk is encrypted, won't be. Files used in hibernation (Linux uses swap, not sure about Windows).
I have 2GB in my MacBook Pro, which it came with as standard more than a year ago. If I wanted to I could add another 2GB. For now at least I seriously doubt I come near maxing that. I can see doing it when I start working on multi-media. However if I wanted to I could move my swap. Windows users can also move their swap, as can Linux users.
you can't simply send a message to the operating system to say "This is now in secure mode, any user data or swapfiles must be stored in THIS location and any which are outstanding must be moved and the disk area they occupied securely wiped".
When I installed Linux, years ago, it asked me where I want the swap partition to be. I'm not positive but I'm pretty sure I also told Windows where to put swap.
This is the kind of feature corporates will demand because you can never guarantee that nobody will ever lose a key or forget their password and "your data is now toast you silly fool" is seldom an acceptable outcome to such a scenario.
Yea, I'd imagine a corporation would have a backup key.
It's also the kind of feature which is highly unlikely to be implemented in any F/OSS solution like TrueCrypt because it's a potential security risk
How is TrueCrypt riskier or potentially riskier than a closed source proprietary program? Whereas anyone can examine the source for TrueCrypt and spot possible security holes, nobody can legally see source code that's closed. And that source code can be riddled with holes. Sure some cracker may find a hole in code that's open but with thousands of others having the code the likelihood of someone else seeing is better than if the code is closed, and closing the code only stops some.
Unless the disk is heavily encrypted then any boot password can be trivially worked around
Not too long ago, last month I think, there was an article on /. about how researchers were able to recover passwords after a few minuted with the computer shutdown. A recommendation when boarding a plane was to not use a laptop at the airport.
Falcon
Should there be a Law?
Don't bring a laptop?