Ask Slashdot: Securing a Journalist's Laptop Against a Police Search?

Bruce66423 writes: In the light of the British police's seizure of a BBC laptop what is the right configuration and practices to ensure that such a seizure provides zero information to the cops? This post from Thursday might be a good place for some ideas, but that one's expressly about securing a Chromebook; what would you advise for securing a more conventional laptop? (Or desktop, for that matter.)

Laptop

[fyngyrz]

Don't store your information on the laptop in the first place. Just use it as an editing and remote-access tool over a secure connection or to a USB stick you don't expose to search procedures.

That's about the best you can do, short of memorizing everything.

Encrypt the laptop, and you could lose it. Just let them search it top to bottom, then when they're done and you're wherever you're going, wipe the hard drive, reinstall your OS, and carry on.

It's really not a great idea to carry information you need to be secure around with you.

Re:Laptop

[Jane+Q.+Public]

Micro SD AND Truecrypt.

Re:Laptop

Absolutely this. If the data isn't there to seize, then they can't seize it. SSH to another box (or a proxy) and then X/RDP to a machine that has your stuff. Even if your laptop gets confiscated/stolen/broken you don't lose the data, and they can't retrieve anything from it unless you give them the path to get in. You don't smuggle cards or drives of stuff that can be decrypted with enough time and energy.

When Mitnick was on the run for all those years, that was exactly the method he used. The only thing that screwed him at the end was he went to servers unencrypted, so he was vulnerable to a MITM at the end. Tunneling everything over SSH or a VPN with replay detection/protection would protect you for the most part.

Don't have anything for them to find

[Todd+Knarr]

Best bet is simply not to have anything for them to find. Store your data on a thumb drive (that you'll carry or ship separately) or upload it to your own server or a service like Google Drive or Dropbox, encrypting it or not first, all depending on how sensitive the information is. Delete it or secure-wipe it or wipe the whole drive and do a complete factory restore on your laptop depending on how invasive you think the search might be. Then let the cops search all they want, they won't find what isn't there.

NB: Linux makes a better platform for this than Windows. On Windows bits of your files can end up in the oddest places to be found during a scan of the drive. On Linux it's easy to set up a separate partition where all your data will go and be certain it didn't leave traces anywhere else, and that partition can be secure-wiped and reformatted without messing up the OS installation in the process. Plus the cops are less likely to be familiar with Linux, and you can play the dumb-non-techie card of "I dunno, it's whatever the guys in IT put on it. I just follow the instructions to run my programs and everything works.".

Re:Don't have anything for them to find

[LVSlushdat]

Tell me my tinfoil hat is on too tight if you want, but I *strongly* suspect its NOT going to be *too* far in the future when those of us who refuse to use Windows and use Linux instead will be charged with violation of a yet-to-be-passed law, but one that is almost surely to be passed by the authoritarian thugs that currently infest most governments. For all we know, this sneaky Transpacific Partnership abortion thats making its way thru the halls of congress may have the beginnings of such in it, and since we, the unwashed plebes, are not privy to its contents, heaven only knows what is in it. Both the US and UK are diving at a faster and faster rate down towards blatant totalitarianism.. When you look at the many traffic analylsises that have been on Microsoft's latest offering, you start to wonder if they've not gone into partnership with the NSA to fill up that giant datacenter in Utah with everything you do on your Windows machine. This being the main reason I suspect it won't be too long before those of us who don't suck at the MS tit, will be persecuted for using an OS that doesn't feed the MS/NSA behemoth... Before you accuse me of being paranoid, stop and think about what I said.... Glad I'm 65 and not a youngster growing up in this ever-increasing totalitarian world...

Re:How about this...

> Unlike common criminals, try cooperating with the police. You'll be better off in the end for it generally.

Sigh... Dont Talk to Police

Re:Securing your laptop? Only one way

[ArmoredDragon]

I personally use Windows EFS on my entire c:\user\myname folder, and that whole folder is backed up to a zero knowledge storage provider. I do this for my desktop and laptop.

Unless you save documents outside of that folder (which by default, 99% of all applications store it somewhere in that folder) then it's not likely to be retrievable.

AFAIK, Windows EFS uses AES-256 as a block cipher, with RSA-2048 or ECC-256 for key escrow (you can do up to RSA-16,384, or ECC-512.) AFAIK not even the NSA is able to crack either of those. The weakest link would be your password, with shorter passwords being easy to break (complexity, i.e. mix of case, special characters, numbers, isn't anywhere near as important as length) so use one that's 15 characters or longer.

Re:Securing your laptop? Only one way

[BlueStrat]

The only reliable way to protect your data from government thugs is to change the government such that there are no government thugs wanting your data.

Anything else is a band-aid and temporary at best.

Strat.

Re:Securing your laptop? Only one way

[clovis]

The only reliable way to protect your data from government thugs is to change the government such that there are no government thugs wanting your data.

Anything else is a band-aid and temporary at best.

Strat.

That is the final step in the process.
Step one is getting people to realize there's a problem.
And that's why journalists need to have their information protected, and that's why the goons want to get their hands on it.