Search and Seizure of Laptops at Airports

[RedOctober]

Hey folks - by now we've all probably heard that TSA and border patrol agents have the authority and legal backing to search your laptop with or without reasonable cause.

"Most Americans would be shocked to learn that upon their return to the U.S. from traveling abroad, the government could demand the password to their laptop, hold it for as long as it wants, pore over their documents, emails, and photographs, and examine which websites they visited –- all without any suggestion of wrongdoing

-U.S. Senator Russ Feingold; D-Wisconsin

Interesting article on the subject:
http://www.securityfocus.com/brief/832

Here's something I was thinking about:

• What if you don't provide your password?
• What if legally-restrictive confidentiality policy requires that data in your possession be managed by you, with the guarantee that the sensitive data is not exposed to outside sources? Examples in this case include Sarbanes-Oxley legislation or PCI requirements for CC.
• What legally acceptable methods can one take to make sure this can't happen? Could you, for instance, take out your laptop battery and give it to someone you are traveling with? Could you remove the RAM, thereby making the private data inaccessible?

What do you think about all of this?

 

[k1pp3r]

Here's something I was thinking about:

What if you don't provide your password?

Go straight to jail, or back where you came from, or maybe they will just take it and send you on your way.

What if legally-restrictive confidentiality policy requires that data in your possession be managed by you, with the guarantee that the sensitive data is not exposed to outside sources? Examples in this case include Sarbanes-Oxley legislation or PCI requirements for CC.

It probably shouldn't be on the laptop itself, rather a secure thunbdrive or on a file server

What legally acceptable methods can one take to make sure this can't happen? Could you, for instance, take out your laptop battery and give it to someone you are traveling with? Could you remove the RAM, thereby making the private data inaccessible?

You could ship the laptop back to the original country, that may work. Taking parts out so it does not operate will just piss them off and make them take it from you.

What do you think about all of this?

I think its BS, there should be people fighting this once the general population gets wind of it. They should only be able to boot it to confirm it doesn't blow up and then send you on your way.

Edit, your list stuff screwed up my post, lol

 

[Syndicated_Death]

I'd say that your best bet is to take the hard drive out while at home and travel with a live boot distro of linux like ubuntu. it gives you only the basic of functions really. upside is you've lost none of your data while they waste their time and our tax dollars trying to extract data from a laptop with no hdd. if you really need access to those documents make them available to yourself via secure connection back home or where ever the documents are stored.

 

[ElvisG]

How often do you travel to the middle east?

It isn't a big deal and here's why.

1) They are not going to search every single laptop.

2) The time it takes to even do a search. I'm almost certain that for them to chose someone to inspect that your on a list of some kind.

3) If your on a list and get picked. I see zero problems.

I'm a honkey and if I am coming back from Iraq, Iran, Afghanistan or any middle east country and get picked then that is the price I have to pay. They are not going to care that you have porn or warez. This is solely about terrorism.

 

[RedOctober]

I'm a honkey and if I am coming back from Iraq, Iran, Afghanistan or any middle east country and get picked then that is the price I have to pay.

From Benjamin Franklin:

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

Sorry, man. I can't agree with you there. When we start to be comfortable with inappropriate searches without just cause, we have sacrificed everything this country stands for. Ben's quote is a perfect description of this loss.

They are not going to care that you have porn or warez. This is solely about terrorism.

Actually, no. The landmark legal opinion that defined the rights for these agencies to do this stemmed from the discovery of child pornography on a travelers laptop coming into the U.S. In that situation, they had little to no credible information that they would find child porn on his laptop before searching it, only a "suspicion" based on the country he came from where child sex slavery is prevalent.

Source

-J

 

[Volcanon]

That practice ought to be illegal.

If these don't constitute unreasonable search and seizure, then there is no such thing as an unreasonable search and seizure.

 

[MrGuvernment]

why start another thread, your asking the same questions covered in the past threads made about this exact same issue.

 

[Mcot]

A beautiful elegant solution.
http://www.truecrypt.org/docs/?s=hidden-operating-system

 

[RedOctober]

why start another thread, your asking the same questions covered in the past threads made about this exact same issue.

Feel free to correct me, MrGuvernment, but I don't see the answers to my questions in other threads.

* What if you don't provide your password?
* What if legally-restrictive confidentiality policy requires that data in your possession be managed by you, with the guarantee that the sensitive data is not exposed to outside sources? Examples in this case include Sarbanes-Oxley legislation or PCI requirements for CC.
* What legally acceptable methods can one take to make sure this can't happen? Could you, for instance, take out your laptop battery and give it to someone you are traveling with? Could you remove the RAM, thereby making the private data inaccessible?

 

[RedOctober]

A beautiful elegant solution.
http://www.truecrypt.org/docs/?s=hidden-operating-system

Nice!!!

Very interesting - thanks Mcot.

 

[kydsid]

....

 

[leSLIe]

that´s why i always use TrueCrypt
we don´t want grandma´s secret Schwarzwald Cake recipe to leak out

 

[LittleMe]

This is why you run a vpn at home and keep nothing on your laptop. Then when you need to do some work, terminal into a box at your house, do whatever you need there and you're done. Just don't be stupid and edit a file you don't want them to have access to on the laptop itself.

 

[Syndicated_Death]

This is why you run a vpn at home and keep nothing on your laptop. Then when you need to do some work, terminal into a box at your house, do whatever you need there and you're done. Just don't be stupid and edit a file you don't want them to have access to on the laptop itself.

if you're using a live boot cd you can edit it on the laptop as it will only be stored in ram. once you shut the laptop off the file goes poof.

 

[Ashton]

I hate to sound like a parrot, but I agree with everyone else, keep your documents on a remote server access VIA secure encrypted connection. (failing that, a secure thumbdrive) Carry the cheepest laptop you can afford in case it gets stolen.

oh and if possible use desktop image and files on said desktop that will embarass the officer and make them regret the search (lol j/k)

Here's another twist I might add:
what if you use a laptop with biometric security? can they force you to log them in? What happens if they seize the laptop, they wont be able to get into it (especially if it's a device like the eee that uses an on-board non-removable solid-state drive)
(I'm interested in this because I'm considering upgrading my eee's webcam to accommodate iris-recognition for security)

EDIT:
Oh and DO NOT store your login credentials to said secure server on the laptop!

 

[HoppyChris]

The likely most reasonable response to this is to not give them anything to look through, as even if there is nothing to find, looking through can take a while and is a bit privacy-icky.

Private info on a secure server, VERY baseline stuff (easily re-imageable) on the laptop. If you can do that, you can easily completely wipe the drive before going through customs.

 

[Syndicated_Death]

The likely most reasonable response to this is to not give them anything to look through, as even if there is nothing to find, looking through can take a while and is a bit privacy-icky.

Private info on a secure server, VERY baseline stuff (easily re-imageable) on the laptop. If you can do that, you can easily completely wipe the drive before going through customs.

wiping the drive is only likely to make them extract it and go forensic on it.

 

[Ashton]

I think he meant wipe the sensitive files, or wipe the data partition, not the OS partition... at least I hope he meant that, otherwise, yeah, that's just raising a red flag...

 

[HoppyChris]

I think he meant wipe the sensitive files, or wipe the data partition, not the OS partition... at least I hope he meant that, otherwise, yeah, that's just raising a red flag...

Red flag? maybe. Probable cause? That's less likely.

 

[kydsid]

....

 

[RedOctober]

So there are some good, creative methods to keep data reasonably secure from prying eyes for me and you, but what about the large scale corporate laptop users? What does a corporation do about this? Remote desktop isn't really an option, as these users will typically need offline e-mail and file access. Good discussion, all...

 

[kydsid]

....

 

[utshost]

well not a surprise here... they have been able to search anything coming into the country since 1776... been on the books for a long time, they just now started to look at laptops, but they always could...

 

[The_Moves]

What about a pharmaceutical corporation? Granted patient information shouldn't be stored on the laptop, but wouldn't a corporation have to make sure no PHI was exposed before handing it over to anyone, as in clean/wipe the laptop? If not completely DOD the hard drive?

 

[kydsid]

....

 

[Cheetoz]

This is why you run a vpn at home and keep nothing on your laptop. Then when you need to do some work, terminal into a box at your house, do whatever you need there and you're done. Just don't be stupid and edit a file you don't want them to have access to on the laptop itself.

that doesn't stop them from searching your laptop, which is the main issue. Circumventing problems do not fix them.

 

[LittleMe]

that doesn't stop them from searching your laptop, which is the main issue. Circumventing problems do not fix them.

If there is nothing on the laptop, why would you care if they searched it?

 

[Cheetoz]

If there is nothing on the laptop, why would you care if they searched it?

Same reason people wouldn't want the government to install security cameras in their homes for their safety.

 

[LittleMe]

Same reason people wouldn't want the government to install security cameras in their homes for their safety.

I agree, I'd rather not have them search at all but I could really care less about them searching a laptop that boots a live linux distro with nothing on it.