Schneier on Security

A blog covering security and security technology.

« Collecting Expert Predictions about Terrorist Attacks | Main

January 11, 2012

Protecting Your Privacy at International Borders

The EFF has published a good guide.

My own advice is here and here.

Posted on January 11, 2012 at 7:15 AM • 19 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

The simplest advice is take nothing with you across any border at any time except the minimum you require to get to your hotel etc.

You arange for anything else to be sent another way.

Two reasons for this,

1, You have nothing that you don’t know about on you.
2, You don’t have any devices on which malware etc can be added to your detriment.

Oh you also have less to be stolen/mislaid and nothing for the TSA et al to scratch the backs of their heads over…

Posted by: Clive Robinson at January 11, 2012 8:53 AM

Carrying a laptop into the U.S. of A. is carrying coals to Newcastle. Just take some money and buy a new one once in, cheaply. In fact, this is what many people from this side of the pond perform routinely as a secondary purpose of their trip.

Once you have it, download the data you need. Before leaving, securely erase it. After returning, keep it or sell it – with a profit usually.

For the purpose of secure deletion: do not buy SSD disks!

Posted by: Peter A. at January 11, 2012 9:13 AM

And all these recommendations fail if they are really after you. i.e. installing some hardware bug while your laptop gets searched.

So if you are paranoid taking no device with you seems the only solution.

Posted by: ChristianO at January 11, 2012 9:39 AM

They missed one trick in a sidebar. Dr. Akina doesn’t need to ‘securely wipe’ the travel laptop, she just mails it back.

Given the fun and games involved with secure wiping and the triviality of simply FedExing it back (or, if it really is a worthless travel laptop, throwing it away) makes it pretty clear which I’d recommend.

Finally, doesn’t this just blow the lid of a very serious problem?!

Given an information economy, isn’t the idea that any information of value you bring over the border can and will be stolen outright anathematic to everyone except highwaymen??

J.

PS – And yes, if you bring over a pile of cash (over $10,000), it too can and will be stolen from you, in the name of ‘fighting drugs’. J.

Posted by: Jon at January 11, 2012 11:31 AM

I can dream, but I can suppose loading up your laptop with a bunch of lawfully purchased media files which is then taken from you and copied would expose the ICE, CPB, and DHS to monstrous copyright fines, or even get them unplugged from the Internet…

J.

Posted by: Jon at January 11, 2012 11:35 AM

What a complete pain. And every precaution, every contingency described, begets more pain. How far we’ve come.

Posted by: simon at January 11, 2012 11:54 AM

My MacBook has Lion’s pre-boot filevault encryption on the small root partition, and TrueCrypt for the remaining large user partition with my home directories, so the entire disk is encrypted.

When I travel internationally, I make a full image copy of that drive, physically remove it, and then install a clean OS into the MacBook. If I need it, I then place the original encrypted drive into a small USB enclosure. It talks only a couple of minutes to open the MacBook, swap out the drive, and close it again.

Border officials can examine the MacBook as much as they want. If they also ask to see the drive in the USB enclosure in my coat pocket, which they have not so far, I can say that it was wiped and not formatted. When I place it into the mac, it shows up as an uninitialized disk, and a window pops up asking if they want to format it, which they can. They can even keep the external USB drive, since it is encrypted and I have it backed at home.

(My backups are also TrueCrypt encrypted.)

This might seem nuts, but I work in the semiconductor and banking industries and travel globally, and my laptop is full of trade secrets and security data.

I have had my laptops previously inspected in USA, Britain, Japan, and China. I don’t see a need to hand over legal trade secrets and security data to corrupt officials without any just cause, if I want to keep my job.

Posted by: Lisa at January 11, 2012 12:30 PM

Forgot to mention, that I have to use FileVault + TrueCrypt for full disk encryption, since TrueCrypt does not provide full disk encryption on the Mac yet.

And I don’t trust that Apple Lion’s closed source FileVault does not have some secret back door for officials.

Posted by: Lisa at January 11, 2012 12:33 PM

They are missing something I pointed out a long time ago. It’s hard to securely overwrite every storage location on a system. However, there is a way to do that without doing that: ensure it’s strongly encrypted & simply loose the long, truly random key. This concept was independently discovered in an academic paper a few years back. I’ve voluntarily, and involunatirly , erased hundreds of GB worth of data using this method.

The deletion process is almost instant if digital & happens in seconds if the key is stored on paper (lighter or stove required). If a suitable algorithm & implementation is used, then the data will be truly unrecoverable. No, really, I tried my best undelete that stuff.

Posted by: Nick P at January 11, 2012 12:47 PM

… or just do what I have for the last 11 years. Don’t travel to right-wing theocracies (Pakistan, USA, Iran etc.). Can’t say I’ve missed anything.

:p

Posted by: Slarty at January 11, 2012 1:42 PM

@Lisa: “I can say that it was wiped and not formatted.”

That would be lying to a federal officer, which, just FYI, is illegal.

Posted by: Paeniteo at January 11, 2012 1:58 PM

@Slarty – or Canada, at least if you’re a Bishop

Posted by: NobodySpecial at January 11, 2012 2:08 PM

@ Lisa,

And I don’t trust that Apple Lion’s closed source FileVault does not have some secret back door for officials

It might have but then again it might have bugs or even faux bugs that are realy backdoors.

That’s the problem with complex security and software, you can easily drive yourself crazy trying to “verify and trust”.

So the best thing is to assume that all software has bugs and is thus insecure (including products that claim EmSec level security), and you have to make the choice of how to mitigate accordingly.

The usual choice for low value data items is to chain various pieces of the security systems in sequence giving you the “onion layer” model. However on most OS’s this has a fatal flaw which is the OS it’s self, because it provides the link between all the pieces.

For higher value data items it used to be “use hardware” such as “Inline Media Encryptors” but as the US Gov and others have found the hardware is made outside of their control these days and could well be “Backdoored” by foreign nationals working for their governments…

Thus as I’ve said before on a number of occasions sometimes the best way to work is not to take high value data items with you across a border, nor the hardware&OS that can be “backdoored” as you go through.

There is however another option available which you are part way to with your external USB drive, but is not an option available to all. Which is “roll your own”.

I’ve used a number of the more recent micro controlers with multiple USB ports to do this. You can buy the source to a RTOS that has multi tasking, and you can also buy the source to the USB and other stacks. You can also download for free very striped down RTOS’s and limited schedulers from the net and USB stacks and software for flash drives etc. You can thus design and build your own “Inline Media Encryptor”.

For those nervous about “flash memory” just remember provided the drive only has encrypted data on it as Nick P has pointed out if you lose the crypto key you go from “data brick” to “house brick” in one go.

There is also a further wiggle you can do (simplest with stream ciphers) which is to have the data in flash encrypted under one key, the inline hardware changes that to encrypted under the transmission key to be sent across the USB cable and the driver on the commodity computer changes that into decrypted plain text. Now the trick is to make the transmission key evolve with time and data usage such that any data a third party picks up off of the wire will be different every time.

You then pick a method of sending/agreeing the transmission key from the commodity computer driver to the inline encryptor. There are a number of well known and well described protocols for doing this.

Oh and finally just incase you think “rubber hose” analysis will be applied to you, as you presumably work for an international company you can use MofN key shares from different jurisdictions with agreed “duress codes”.

But to be honest when it gets to this level you realy should consider not moving high value data items around, and changing the working practices to suit. Simply because it removes the risk to you and others, as a hostile agency that has targeted the company is almost certainly going to know what the internal company procedures are before they grab an individual “courier”, it they know no data gets shifted by courier they will leave all the companies travlers alone.

Posted by: Clive Robinson at January 11, 2012 2:18 PM

Passwords, if written down, should be written on small slivers of paper, small enough to fit within a pill’s capsule, yet durable enough to last unpacking and repacking.

Yes, they sell bags of empty pill capsules by the hundreds or thousands for cheap, look at your local health food store.

These “capsules” containing your password(s) can be mixed in with a medicine bottle and carried on your person.

Withdrawing a capsule from a medicine bottle and swallowing it casually but quickly draws less attention than attempting to force a huge wad of paper down your throat, or ripping them up into pieces and chewing them for good measure before gulping them down.

But if you’re attacked by someone and they force you to vomit, you’re screwed either way, unless you have a fast dissolving capsule and paper medium. Rice paper wouldn’t tolerate much manhandling but there are other options.

(bad) example:
– https://secure.wikimedia.org/wikipedia/en/wiki/Rice_paper

The ultimate solution would be a V2K device for your own personal enjoyment, but that’s in the military domain for now.

A Truecrypt volume placed on an mp3 player, disguised as a track of music could work, you could combine this with stego tech too for a fake audio track or a photo mixed in other photos of the same type.

And those are some tips for the border security. I’m sure you’ve seen everything and some really strange concealment methods, I’d love to hear amusing stories if anyone has them.

Posted by: fork() at January 11, 2012 2:50 PM

@Peter A

“For the purpose of secure deletion: do not buy SSD disks!”

There was an article from a forensic IT investigator last year in which he noted the way that aggressive firmware garbage collection in modern SSDs permanently removed deleted data without operator intervention.

He said he was shocked at how much information was overwritten for good after just 10 minutes of letting the SSD sit powered up, but otherwise inactive.

So maybe SSDs are one of the most secure storage options, by default?

Posted by: Godel at January 11, 2012 4:22 PM

“Oh and finally just incase you think “rubber hose” analysis will be applied to you, as you presumably work for an international company”

I would hope those working in “sensitive” fields would already be programmed in ways of dissociation. The net is full of information on this both in military and in government fields. Most Google searches will probably bring up conspiracy theories but read between the lines, there are some good articles on the subject.

The mind “splits” and no matter how much they torture you, the information stays within you. This is often found in people with MPD.

Posted by: The Conversation at January 11, 2012 4:51 PM

I think I’d rather play it safe and not bring my laptop with me. It seems like more of a hassle than it’s worth.

Posted by: Deck Construction at January 11, 2012 5:30 PM

“If a border agent asks you to provide an account password or encryption passphrase or to decrypt data stored on your device, you don’t have to comply.”

This may be true in the USA, but almost certainly, if you’re passing through USA customs, you have or will pass through some other country’s customs with the device, and their laws may differ.

Posted by: MW at January 11, 2012 5:58 PM

@Peter A.
“Carrying a laptop into the U.S. of A. is carrying coals to Newcastle. Just take some money and buy a new one once in, cheaply.”

Fine if you’re doing this for economic reasons, but if you’re worried about security the first thing you’re going to do to a new laptop is re-install from scratch to get rid of shovel-ware, or at the very least patch it. Either way, hours of fun…

@Jon
“They missed one trick in a sidebar. Dr. Akina doesn’t need to ‘securely wipe’ the travel laptop, she just mails it back.”

And trust the courier?
The last time I send a PC via courier the insurance premiums implied they loose about one in 10 of them.

Posted by: Thomas at January 11, 2012 6:40 PM

Subscribe to comments on this entry

Post a comment

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Some very interesting solutions to international travel and protecting your privacy. Has it really come to this?

The freedom, innovation, and economic opportunity that the Internet enables is in jeopardy. Congress is considering legislation that will dramatically change your Internet experience and put an end to reddit and many other sites you use everyday. Internet experts, organizations, companies, entrepreneurs, legal experts, journalists, and individuals have repeatedly expressed how dangerous this bill is. If we do nothing, Congress will likely pass the Protect IP Act (in the Senate) or the Stop Online Piracy Act (in the House), and then the President will probably sign it into law. There are powerful forces trying to censor the Internet, and a few months ago many people thought this legislation would surely pass. However, there’s a new hope that we can defeat this dangerous legislation.

We’ve seen some amazing activism organized by redditors at /r/sopa and across the reddit community at large. You have made a difference in this fight; and as we near the next stage, and after much thought, talking with experts, and hearing the overwhelming voices from the reddit community, we have decided that we will be blacking out reddit on January 18th from 8am–8pm EST (1300–0100 UTC).

Instead of the normal glorious, user-curated chaos of reddit, we will be displaying a simple message about how the PIPA/SOPA legislation would shut down sites like reddit, link to resources to learn more, and suggest ways to take action. We will showcase the live video stream of the House hearing where Internet entrepreneurs and technical experts (including reddit co-founder Alexis “kn0thing” Ohanian) will be testifying. We will also spotlight community initiatives like meetups to visit Congressional offices, campaigns to contact companies supporting PIPA/SOPA, and other tactics.

We’re as addicted to reddit as the rest of you. Many of you stand with us against PIPA/SOPA, but we know support for a blackout isn’t unanimous. We’re not taking this action lightly. We wouldn’t do this if we didn’t believe this legislation and the forces behind it were a serious threat to reddit and the Internet as we know it. Blacking out reddit is a hard choice, but we feel focusing on a day of action is the best way we can amplify the voice of the community.

As we have seen yet again in the fight against PIPA/SOPA, the best ideas come from our community. We all have just over a week to figure out exactly what to do with our extra cycles on January 18th. Please join us in the discussion in the comments here and in /r/SOPA.

— the reddit team

Learn More

• Information on H.R.3261 – Stop Online Piracy Act at OpenCongress.org
• Information on S.968 PROTECT IP Act at OpenCongress.org
• /r/SOPA FAQ
• Problematic language in the bill pointed out by a redditor.
• Video examination of bill’s language.

Get Involved

• /r/sopa
• List of companies that have expressed support for SOPA or PIPA.
• List of tech companies, and their contact info, that have expressed support for SOPA or PIPA.
• List of companies that have expressed concern with SOPA and PIPA.
• Take Action Checklist at Stop American Censorship.
• Contact Your Representative with info and a widget to find them by EFF and Wired for Change.
• Directory of Representatives
• Senators of the 112th Congress
• Helpful info on making phone calls to your Senator or Representative.
• SOPAOpera.org keeps track of where your Congressmembers stand on PROTECT-IP and SOPA.

Messages have spread rapidly across Twitter and Facebook in the last few hours, claiming that the 1980s British popstar Adam Ant has died.

According to the messages, the musician – who had hits with songs such as “Prince Charming” and “Stand and Deliver” – died from injuries he sustained in a jet ski accident on the Turks and Caicos Islands.

Although some users are just tweeting their respects at the “news” of Adam Ant’s death, others are posting a link to what appears to be an online news report about the musician’s death.

It’s a very sad story. Or at least, it would be if it was true.

Here’s what you see if you follow the link.

Do you notice the “adam.ant” in the url? I wonder what happens if I change that to include my own name.

Well fancy that – I’m a dead musician!

Some small print, included at the bottom of the webpage in a tiny font gives the game away for anyone who hasn’t realised that the report is utterly bogus:

FAKE... THIS STORY IS 100% FAKE! this is an entertainment website, and this is a totally fake article based on zero truth and is a complete work of fiction for entertainment purposes! this story was dynamically generated using a generic 'template' and is not factual.

Of course, the sheer number of people tweeting out the link won’t have done any harm at all for the website – which presumably is earning revenue from the adverts plastered on its fictional news report.

Always think carefully before believing breaking news that someone has shared with you on the net. If a major news outlet has not confirmed it to be true, it’s possible that you could be falling for a confidence trick.

Just imagine the harm that could occur if there was malware lying in wait at the end of that salacious news story link?

No doubt this won’t be the last time that a rumour spreads quickly across the internet that a celebrity has died. Remember when Christian Slater was killed in a snowboarding accident? Or Tom Cruise fell to his death off a cliff in New Zealand? Or Johnny Depp came to a sticky end in a car crash?

It was only a matter of time before scammers took advantage of Facebook users’ disdain for the new timeline profile.

Scammers are dangling bogus instructions on how to go back to the “old” Facebook profile as bait for anti-timeline users, who are then duped into clicking like buttons, inviting friends, viewing YouTube videos, and downloading malicious files.

Facebook features have been the subject of scams before, most notably the nonexistent dislike button.

As of this writing, 16 timeline-related scam pages remain live on Facebook, and together they’ve collected a total of more than 71,000 likes.
Read the rest of this entry »