Slashdot Mirror
Tips For Taking Your Laptop Into and Out of the US?
casualsax3 writes "I'm going to be taking a week long round trip from NYC to Puerto Vallarta Mexico sometime next month, and I was planning on taking my laptop with me. I'll probably want to rip a few movies and albums to the drive in order to keep busy on the flight. More important though, is that I'm also going to be taking pictures while I'm there, and storing them on the laptop. With everything in the news, I'm concerned that I'll have to show someone around the internals of my laptop coming back into the US. The pictures are potentially what upsets me the most, as I feel it's an incredible violation of my privacy. Do I actually need to worry about this? If so, should I go about hiding everything? I've heard good things about Truecrypt. Is it worth looking into or am I being overly paranoid?"
...encrypt it. Full disk encryption is relatively cheap, easy, and unobtrusive.
You gave one such example in your post.
But uh, mind if I ask: exactly what kind of pictures are you planning on taking on your vacation? ;-)
problem solved.
No one is going to search your computer other than to make sure it is a computer and not a bomb.
Throw a clean install on your laptop, and put your critical data on a server so you can just log in and download it when you arrive.
When you're about to fly back, re-upload your data and wipe the drive.
You could also just mail encrypted DVDs with substantial insurance.
Short answer: Truecrypt (as you mentioned in the summary.) Is it worth looking into? Yes. Are you being overly paranoid? No. Seriously, have you noticed the big brother trends recently? Truecrypt is very simply and effective encryption, in several forms, from simple encrypted containers to hidden O/S partitions. To take such a simple precaution is not, IMHO, overly paranoid.
http://clightnirish.wordpress.com/
Use a clean install and email the photos to yourself while you are there... or put them on an encrypted thumb drive / cd and snail mail it..
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Are you a middle eastern looking young male? A white male returning from Thailand? If so, be paranoid.
If not, no worries.
Test your net with Netalyzr
Put your files on a few small USB-sticks, or on your home server (for encrypted retrieval once you're in the country). Bring a Live-CD to boot from and then "cat /dev/random > /dev/sda".
Make sure to grow a big beard, learn a few arabic phrases and quote Allah to the security guard in customs.
Then let them have a crack at decrypting your "encrypted" drive.
Just be sure to say "Just kidding" so they don't ship you off to Guantanamo.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
If you haven't noticed lately, the DHS can search your laptop, make copies of everything on your laptop and keep it. If you are a person who loves exercising arbitrary power over people, you probably work for the DHS or another government agency.
Its really funny that a person who doesn't care about basic civil liberties is posting as AC. However, the joke is probably on me and you are just a troll. :)
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
As the old traveler's adage goes, if you can't afford to lose it, don't bring it.
Find a cheap laptop used laptop you won't have problems with ditching. Use a live cd or usb key boot solution so nothing ends up on the hard drives.
Keep your pictures on SD cards and mail them or a copy to yourself or some drop point. Encrypt them all.
...is a good offense.
If you're offended by having your privacy invaded, just make it horribly offensive for the invader as well.
With the right accessorizing and appropriate leather:latex:chainmail ratio, you can ensure even the most intrepid airport screener will breeze you through in record time.
Oh...and, yes, Truecrypt is terrific, but not nearly as fun.
I've taken my laptop across the border 4 times, my wife has done so many times more, neither of us have had our laptops searched. I've been pulled aside by customs and asked questions once, but even then they did not request to see my laptop. I think the bottom line is, if you act shady they'll look at your stuff, if you're just getting your business done then you're fine.
The laws are a travesty. The system is fubar not just beyond all recognition, but beyond all belief. However, you've got a better chance of justifying the average DMCA takedown notice then you do of having something bad happen to your laptop because of your border crossing. I do it several times a year and have never had anyone even take notice of my laptop. In fact, in all my years of international travel, I've had one complete *ass* of a border agent (at London's Luton airport) and for the most part all the others have been cordial at worst, and down right heartwarming at best. The bureaucrats need to be executed for treason and absolute scumbaggery immediately, the border agents are just people like you and me doing their (admittedly lousy) jobs.
I just came back in from a two week stay in Europe, where my travels took me through several countries there. While I was there, all the photos that I took were stored on the laptop, along with several movies that I'd ripped to the drive.
Upon my return to the states, the check-in process wasn't any different than it had been a couple of years ago. They asked no questions about my laptop, or if I even had one. The only time my laptop left my bag was when I put it through the X-ray machine.
That being said, it never hurts to encrypt your data anyway.
If you're looking here for something insightful or thought provoking, you're probably looking in the wrong place.
Put them on your iPod. I've got a 80GB Classic, and there's more than enough room there to store whatever you need, and who's going to search your music player for stuff?
Unless, of course, you're doing something naughty and arouse suspicion, in which case you're pretty boned - encrypting/obfuscating the file on the 'Pod would probably help, but if you're getting the full treatment...
What the world really needs is secure storage with a self-destruct feature - when they ask you for the password, you give them X, which wipes the drive as quickly and as thoroughly as possible. (Preferably with a "decrypting, please wait" message)
An ounce of circumvention is worth a pound of countermeasures. Don't store them on the laptop at all. Store the pictures you're taking online and you'll be able to access them from anywhere. Border patrol can't find something on your computer when it's not there. Even if that's not feasible 100% of the time, you could still make a temporary archive online while removing them from your computer. If even that has you feeling paranoid, you could always burn the files to DVD, wipe them from your computer, and stow the DVD.
Offshore laptop rentals with temporary accounts linked to offshore data are booming! What a great business model. You set up an account with the company, stuff all your crap on a server, then when you get to your destination, you pick up a laptop (maybe your "rental fees" are part of your normal monthly service account)... logging in to the laptop mounts the remote volume and download away.
meh
Memory sticks work fine, most security personnel don't even know what they are. Just remember, what ever you do, don't EVER bring a bottle of water with you!
So, wait a minute. You were worried enough about being searched that you chose to bring your "noncritical laptop" (I'm assuming that's oposed to your critical one). And you packed this laptop right next to your drug stash?
Also, last time I was on a cruise they had bomb/drug dogs checking the bags both while loading and unloading, so I'm not sure how safe it is to pack contraband on your way out of the country either. Though they weren't checking bags if you carried them onto the boat yourself so I guess that's just one more example of security theater.
If you've got an NTFS drive you could always go about it using Alternate Data Streams. What pictures? Not going to fool a forensic examiner (nothing you do will, given enough time to look) but you'd probably slide past border folks just fine without having to give up your laptop for not providing the password to an encrypted drive. Don't give them any reason to want to look any further ;)
If you're worried about having to give up the password to your encrypted drive, try Rubberhose:
http://iq.org/~proff/rubberhose.org/
Send it to your hotel DHL overnight before you leave, and do the same to get it home.
Problem solved.
Do daemons dream of electric sleep()?
Darned border search exception.
"travelers may be stopped [and searched] at . . . the border without individualized suspicion even if the stop [or search] is based largely on ethnicity[.]" United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985), United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
and
"may [...] conduct searches of the traveler's body -- including strip, body cavity, involuntary x-ray, and in some jurisdictions, patdown searches -- if the Customs officer has reasonable suspicion" to do so. United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004), United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
But I dare say you may be safe... after all, TrueCrypt has probably received a visit from No Such Agency.
Google for crypto nsa backdoor
I have been between Taiwan and the US, Shanghai and the US numerous times in the last two years carrying 2 laptops. Never been asked. In fact, the last time two weeks ago, I had two laptops, 1 for work and 1 for my personal use, and a newly purchased in Taiwan EEEPC netbook which I declared.
Everyone has seen a shell prompt and knows that computer professionals use it. If you tell them you are a developer, system administrator, etc. They don't even want to HEAR you talking over their heads. You obviously know more about that machine than them and they send you on your way.
This is my sig. There are many like it but this one is mine.
If ever a comment needed to be AC'ed it was this one. You'll probably be getting a knock at the door any moment now.
I went on a cruise last year and the day we were to disembark we had to stay in our rooms an hour while the police with drug sniffing dogs arrested several passengers for drug possession.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Insist on showing them every picture!
Also, backup the gutenberg project.
Fill up the rest of your drive with dd if="/dev/random" of="secretstuff.iso" so that if they copy your drive they at least have something they can work on decrypting.
Don't forget to bring your extra harddrives, too! I'd pay you to take some of my crashed ones... I would love for somebody to get the data off of them.
Other than that, all I can think of is for you to laugh maniacally.
When things get complex, multiply by the complex conjugate.
Or have it "crash" on boot and you'll be sent along your way with a sympathetic shrug.
The world is made by those who show up for the job.
if uve never been pulled into the us customs secondary inspection i wouldnt worry about it
ive never had my laptop scrutinized and ive been pulled into secondary inspection a few times
{ canadian programmer telecommuting in the states == working in the states }
think about who and what they are really looking for , its probably not you or your files
back in the day we didnt have no old school
Have you seen the people they are hiring at the airport security recently? You might be subject to an entirely different form of harassment, from someone who feels you are their perfect soul mate...
I know it's the hip thing to worry about Customs rifling through your laptop, but statistically, you have much better things to worry about when bringing your laptop on vacation ... among other things:
0) Forgetting to bring the AC plug adapter,
1) Customs services in the foreign country,
2) Airport security on both ends,
3) Simple theft of the laptop during the trip,
4) Putting your laptop bag down on the bus and forgetting it,
5) Spilling coffee on your keyboard at an internet cafe, and
6) Dropping your laptop on your big toe and breaking both.
Practically speaking, Customs agents can't be bothered to search individuals that aren't acting truly "hinky". I've been traveling internationally on a regular basis for business. My travel patterns certainly fit a certain "risk" profile (long stays outside the country, frequent travel, watch list name match, etc.) and I've never, in six years of this, ever had anything searched or questioned, much less seized. Practically, it's not worth worrying about.
Truecrypt provides plausible deniability - the capability to create a hidden encrypted volume within another encrypted volume, thereby allowing you to grant access to unimportant/dummy data when a password is asked for without the attacker knowing additional information even exists.
To do this you need the TrueCrypt bootloader installed, which is a dead give-away that you probably have a hidden volume. If you don't and they suspect of being a terrorist sympathizer you'll just get thrown in Gitmo until you give up your secrets.
TrueCrypt plausible deniability is useful against those who cannot employ deadly force against you.
If you're really concerned, wipe the drive, install linux on a small partition, use an encrypted network connection to upload the photos, then secure wipe the drive and install Windows XP on it for your border crossing. Better yet, get a $50 used laptop and leave it with a local school.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Go a step further. Take a 16GB flash drive, and create a 512 MB partition on it. Mount the rest of the drive using a 512 MB offset, and put your encrypted volume on that. Place a few scenery pictures on the 512 MB fat32 partition, and finally print up a label that says 512MB and stick it on there. They wouldn't even come close to seeing that there is an encrypted volume hidden on there then.
I just returned to the US last week from a month-long trip overseas. I brought my laptop along to store photos from my digital camera. The only time I had to remove my laptop from its case was at the airport (LAX) when leaving the US, when I had to put it through an X-ray machine. I didn't have to do it again when I returned (it still went through the X-ray machine). At no point was I asked about the contents of my laptop nor asked to turn it on. This was a marked improvement from 2 years ago, when I had to remove the laptop from its case and remove my shoes at every point in my journey (my trip had a connecting flight).
Which cruise line and port, if you don't mind me asking?
You're frightened because the Customs has always had the power to search persons and physical objects at the border without a warrant, or that someone actually thought it might be a good idea to extend the longstanding and repeatedly upheld border search exception to include data on electronic devices? If it has always been acceptable (and repeatedly upheld by the Supreme Court[1]) to search for anything else illegal at the border without a warrant, can someone make a good argument why data on one's person or in one's possession at the time of border crossing should be excluded under those same provisions?
Or are you frightened because you subscribe to the idea that the US has turned into a fascist regime, when the EU and individual European nations have their own laundry list of controversial laws and provisions attempting to grapple with how to handle electronic data in a legal sense in the continually emerging Information Age?
[1]:
United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985)
United States v. Martinez-Fuerte, 428 U.S. 543, 562-563 (1976)
United States v. Flores-Montano, 541 U.S. 149, 152-53 (2004)
United States v. Johnson, 991 F.2d 1287, 1291-92 (7th Cir. 1993)
When they boot the system, all they'll see is Windows. Windows will ignore the Linux partition(s). For anything other than an anal-probe search, this'll be enough to keep them at bay.
It's unlikely that they'll do an anal probe search unless they find something else on you that worries them.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Millions and millions of people travel with their laptops to all countries in the world. Just about no one has problems. Keep things in perspective.
Yes, you should be concerned about laptop searches and seizures as a general principle of public conduct. No, you shouldn't be at all concerned about your laptop on your trip.
On the October 6th, 2008 "This Week in Tech", Kevin Mitnik talks about how he now deals with taking his laptops in and out of the country.
TWiT 163: MitNicked
there have been a LOT of scary stories about this lately... I was concerned about the same thing... BUT... like some others have said, I have yet to see a laptop being inspected/confiscated. Two trips out of the country this year, one to Cabo, the other to Paris and Prague. No problems.
We flew into Munich, traveled by Train to Austria and returned to the US via Munich. We had no issues other than US Customs wanted to review the food items we were importing and declared. We knew that when we bought the Austrian chocolate and it took maybe an extra 5 minutes to go through the Agriculture lane for customs.
I did burn a DVD of my pictures as a backup, more in case the laptop was stollen than if US Customs wanted to retain the laptop.
Get over the paranoia and go see the world.
If you do your encryption properly, it simply can't cracked by anyone not willing to expend a lot of expensive computer time — if at all. Encryption gets broken by user sloppiness, social engineering, or (depending on your tin foil hat status) undocumented back doors. NSA magic only works in the movies.
But you are right about one's laptop getting seized and disappearing forever. The possibility of that happening would keep me from ever taking my main laptop outside the U.S., period. The existence of an encrypted file system might raise their suspicions, but they manage to get suspicious even without that.
If you have to take a laptop abroad, go out and buy a cheapie you won't mind losing. And if you decide to put your vacation photos on the laptop, you should make a point of not hiding them, so as to avoid drawing attention to yourself. Having an ICE agent see what you look like in speedos may be an embarrassing and pointless invasion of your privacy. But a little embarrassment is something you get over; becoming a "person of interest" is not.
Unless your pictures are very sensitive indeed, and it would totally screw up your life if the wrong people saw them. In that case, the last thing in the world you should be doing with them is schlepping them around on a laptop.
Now that you've escaped, why bother tunneling your way back into the Stalag^H^H^H^H^H^H Soviet^H^H^H^H^H^H U.S.?
"Flyin' in just a sweet place,
Never been known to fail..."
Regular people, just doing ordinary legal business now need to worry about this?
What the fuck is up?
Doesn't this read more like an item that one would have expected to read - historically - by someone concerned about a visit to the Soviet Union, East Germany or Argentina? Looks like the Soviets didn't lose the cold war. There are just 1st and second runners-up, with both losers in a 15 year period, no? I mean, you fuckers used to have LAWS. You used to have a Constitutional validation of basic individual rights! But, I guess there are more important things to a nation, than the consent of the governed.
In America, Soviet Union becomes YOU! You fucked up, America. And now you no longer exist in any meaningful context. The only single thing that defines you as a coherent entity within your borders is the way in which you are taxed - without representation.
I don't know if I am angry or sad. But it is sad.
"Flyin' in just a sweet place,
Never been known to fail..."
This past year we took a laptop with us to Vietnam to pick up our daughter. (We blogged from our hotel a lot. We were awake most of the time anyway.)
Our jet-lagged child's first hour in the USA was interesting. Nothing cuts through the red tape and lines more effectively than a cranky baby screaming at 160 dB.
--- The American Way of Life is not a birthright. Hell, it's not even sustainable.
why data on one's person should be excluded...
I think if the person is, for example, a lawyer, the data in question could be protected by attorney/client privilege, and therefore they could face disbarrment for disclosure, even were it done under color of authority.
I imagine, in fact, that this is a real issue for lawyers attempting to operate on behalf of the detainees at Guantanamo Bay.
But I'll also answer the question in the subject, as to why it should not simply have an exclusion cause for lawyers, instead of being struck down for everyone: because it's in my head and they have no right to search my head. What's the difference between data in your head and data encrypted with a password stored in your head? To me, the data is in your head, and the data on the hard drive is just a useful memory aid.
Oh, and if the original poster is more concerned about them getting his data than about losing the laptop, make a one time pad, make a copy of it, put the copy of it in a safe deposit box, travel outside the US, and then after encrypting the data with the OTP, destroy the OTP so it is impossible for you to comply.
-- Terry
Border agent: What is your reason for traveling today. ...
Geek: I'm talking to a company about fault-tolerant servers
...
and in this Powerpoint you'll notice that the two processors are running in
lock-step. Whereas, this comparator here looks at these two pairs of CPU's
....
Border agent: You may go.
Geek: Wait! This is the interesting part
Border agent: For the love of God, please go!
[Insert pithy quote here]
Having worked on cruise ships for several years, I can offer some advice if you'll be there a while (not just your average passenger):
* We were warned about Coast Guard inspections days in advance. The contraband was placed into film canisters, and those film canisters were washed thoroughly. They were then hidden in PUBLIC areas of the ship -- if found, it would be difficult to determine just who had put them there. As far as I know, none were ever found.
* Make friends with security. Remember that when you are on shore having fun in port, they are standing in the doorway checking everyone. They don't get to go shopping, or out to shoot pool or hit nightclubs. Something as simple as doing their shopping for them once in a while could net you one very valuable ally.
Other points should work for anyone:
* If you are trying to take goodies back OFF the ship, separate these goodies from anything personally identifiable. The way the dogs mark the bags to be checked is to piss on them, so if you see your bag is wet or sitting in a puddle at the pickup point, just walk away.
* If you are bringing goodies ONTO the ship, you should only bring enough to last you until your first port, not the whole trip -- this should make it easier to keep them on you personally and not in your luggage. Re-stock once outside the U.S. where the inspections will be much less intensive. If going to Mexico, the guys who will weave a wristband with your name in it for $5 will also happily set up a transaction for you for an appropriate fee.
* Take one more bottle of booze than you are entitled to, and DECLARE IT. Nothing looks more like cooperation than voluntarily paying $3 in taxes. If you want to take more than that, feel free -- the one extra is just a minimum to make sure you have something to declare, and even with taxes you'll generally pay less for a liter bottle on-board than for a 750ml bottle of the same thing on land. Spread the most expensive bottles around, one to a person, to be their "freebie", and pay taxes on the cheaper ones.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Didn't you ever watch Hogan's Heroes? You tunnel back in to help the others and play tricks on the commandant.
My answer to this problem is simple. Fill up your hdd with legal but really gross images. Old people doing sexy times would be a good way to go. Then, the snoopes are forced to get an eyefull of some saggy luvin! I guess you are too, to some degree. But punishing fascists is never painless!
I travel in and out of the U.S., the U.K., and Spain every couple of months with my laptop, and sometimes with an additional computer, and I have never been asked to show it to anyone nor have I seen anyone else having their laptop checked. The security in Heathrow doesn't even want the laptop taken out of the carry-on anymore, and the U.S. customs rarely looks at anything from anybody that I have seen.
So in a couple of months all the l33t slashdotters a going to be smuggly waking thru border checks, with their hidden linux partions, truecrypt archives.. And the friendly TSA worker is going to pull out a USB key that checks for all the helpful suggestions posted in these comments.
TSA worker asks you 'are there any pirate movies / mp3s on your laptop?'.. are you going to lie? how many people on the flight saw you watching 'big momma's house 3'? can you afford to be without your laptop for a couple of months?
The way your dad looked at it, this Secure Digital Card was your birthright. He'd be damned if any slopes gonna put their greasy yellow hands on his boy's birthright, so he hid it, in the one place he knew he could hide something: his ass. Five long years, he wore this solid state media device up his ass. Then when he died of dysentery, he gave me the memory card. I hid this uncomfortable piece of plastic up my ass for two years. Then, after seven years, I was sent home to my family. And now, little man, I give this Sandisk Extreme 8GB SDHC card to you.
Use two hard drives. One concealed in the luggage, or sent by Fedex/UPS/mail, fully encrypted. Backed up for case it'd be intercepted. Another one with a fresh install or known-good image in the laptop itself, so the laptop boots. That way, there's nothing to find during eventual search. You can either make the laptop some "history", so the OS looks used, or claim that it is a business machine and a fresh image is the company policy for overseas travels; many companies actually do so now, so it is a plausible legend. Also, look unimportant, a small grey corporate drone on a trip.
One lesson from an incredibly expensive joke of a "terrorist" case in Australia is that a photograph of a landmark is proof you are going to blow it up. Be careful with those holiday snapshots!
I don't know if there's anything like it in Australia but in the US we have this handbook, "The Photographer's Right", photographers started to carry. In a photography class in college I was taking when 911 happened, we heard about how photographers started to go through questioning when they were taking photos. One student there was working on a class assignment when police or private security personnel tried to confiscate his camera. It was a bizarre tyme for photographers then.
Falcon
Should there be a Law?
I dont know if its because im military or not, but ive flown to and from the US 3 times each since this bill or whatever it is was proposed, all 3 times from Germany to the US, 2 times from the US to Germany and once from the US to France...and I have never been asked for my password for my laptop. While I have nothing to hide, anything I dont want to be seen isnt on my travel laptop, but I still never been asked. This is just my experiences.
There is a bill being debated in the US Congress right now to limit impoundment of laptops to 24 hours.
And I'm sure that in order to back that up, they'll take a forwarding address from you and FedEx you the laptop immediately those 24 hours are up, lovingly packaged and at no further cost to the passenger, regardless of where you are in the world. And when FedEx loses a package (because no courier company in the whole of history has ever achieved a 0% loss rate), they'll chase FedEx up on your behalf, replacing the laptop for you if FedEx can't find it in a reasonable timespan.
Regarding the data on the lost laptop, they'll almost certainly image it before they let it go anyway, so I'm sure they'll be only too happy to copy the image to another disk and ship that to you.
And all of this will be done so quickly and efficiently you won't even miss it.
Maybe a bit of social engineering?
... damn! It's done it again! Sh*t...
Someone should make a program that's easy to install and remove that makes Windows generate a BSOD (reliably) on startup. The BSOD might just be famous enough for the security guard to recognize it.
Inspector: Can you please start up the laptop sir?
Owner: Sure thing, but it's been crashing on me lately. I've got to get my IT guy to look at
I: Haha, my laptop was doin that when my kid messed wit it.
O: That might explain it! As I recall, I let my son do his homework on it just last week and it's been acting weird since. Thanks for the tip!
I: Hey, not a problem. Actually, I'm pertty good with the interweb too, cept once I went to one of them phishing site for some fishin tips, but even when I paid the stinkin $1 fee with my credit card, there weren't no tips or nothin! Just watch yourself sir, it's a crazy web out there. On your way!