Thanks to the wisdom of Homeland Security and customs, travellers may now be asked to allow screeners access to your laptops when you fly. While this is pretty shitty for obvious reasons, CNET is offering some advice on how to stop the lads from finding all your homemade tentacle anime.
1. Before going on any international trip, back up all of your important and potentially embarrassing, incriminating, or troubling data. This includes any copyrighted content which you may not be able to prove you own.
2. Create an encrypted disk image/encrypted folder of that data. This can be done with Pretty Good Privacy, Truecrypt, or software built into many operating systems.
3. Remember the password. This is very important, as if you forget it, you lose all your data.
4. Upload the encrypted data to a reliable place on the Internet (or two). Personally, I use Amazon S3, which charges 15 cents per GB-month of storage plus 17 cents per GB of data transfer.
5. Wipe your laptop clean (do this properly, or the data may be accessible after the fact with forensics software), and install a fresh copy of your OS onto it.
6. Travel. You should have no problem at U.S. Customs (or in any other country) as you won’t have anything problematic on your computer.
7. At your hotel/office, fire up your Web browser and download the encrypted data file from Amazon’s servers.
8. Decrypt the data.
I’ve actually gotten to the point where most of my in-progress work is sitting in the cloud somewhere, but if that’s not the case uploading and encryption could be the answer.
OS X users can also add a little security through obscurity by hiding their user names at login:
1. Open System Preferences -> Accounts
2. Create a dummy user to populate the screen. Put up a picture of a kitten as the desktop and some photos in iPhone.
3. Click on the lock and click on Login Options.
4. Click “Display login window as: Name and password.”
5. Login as the dummy user when asked. The rest of your accounts should be nicely hidden and inaccessible except by customs agents with a background in OS X.
UPDATED – Fixed to reflect customs doing this, not TSA screeners.
Freedom in America is now a worldwide joke.
That’s pretty elaborate for protection against the TSA. My guess is that it’s overkill. http://www.truecrypt.org/ seems to be a sufficiently secure and flexible solution to avoid the prying eyes of TSA laborers. Just don’t give ‘em the password for your encrypted section.
I think this whole idea of peering into the contents of someone’s laptop is hogwash. And I’d guess that the Supreme Court will agree sometime in the not-too-distant future. The only question is who will be willing to go to jail (or worse, immigration detention) to challenge these blatant violations of our rights.
I do believe the Court has already said that it is okay, and there is nothing to stop the TSA from confiscating your laptop, or the drive, or simply not letting you in the country until you give them the password. There is also the RAM-crack that can get around even truecrypt unless you are careful. Don’t underestimate the government’s desire to leave you with no privacy.
ram crack… as long as it’s removed from your running system while being dosed with liquid nitrogen. Check out the security now episode about the environmental conditions required for that “crack”
also, for the ram crack to work the encrypted store must already be open and decrypted. that’s not happening unless you enter your password infront of them.
Read up on the Patriot Act. If the government deems that it is to find Terrorists and protect the country it is completely legal. Not to mention the Act also lets the government define what can be terrorism…
An easier way to do this, at least for PC’s (and intel based macs i think), is to run everything on Virtual PC. have a regular OS running on your laptop which does nothing beyond running virtual PC, this way you only have one file to deal with, it keeps you from having to reload all your apps and reconfig every time you travel.
I flew to vegas this weekend and noone hassled me with my laptop. Good thing to it was full of Tera Patricks home videos if you know what I mean hahahahahaha.
I haven’t been asked to open or turn on my laptop since October 2001. And I don’t think I’ve been on a plane since before then WITHOUT a laptop. I travel a few times a month. I’m curious where you got the information that the TSA has started to look through the files on people’s laptops. Please post a link.
Also, what’s wrong with just setting up a dummy account and opening that? You could populate it with some dummy files so it looks like you actually use it.
And third, I wonder which is more awkward, having someone see what “movies” you like, or having to know what that creepy guy that just walked through your security checkpoint likes. Again. And again.
On the other hand, I worked in a video store while I was in high school and college, and it took about three porn rentals before I totally stopped caring or even paying attention to what they were renting besides making sure I got them the right movie. So really, who cares. How detailed of a search can they possibly do in the thirty seconds they have to search your laptop? Does everyone really just leave porn files all over their desktop?
This only applies to international flights..
I wonder about secure information in the first place, I work for a company that frankly the information I deal with is not public knowledge, so what they are saying is that TSA’s security clearance is higher than mine? Frankly, this just is one more show of what the airplane companies are going to flounder they treat their customers as wanted criminals instead of customers.
Wow that is a LOT of work if you actually have any programs installed on your machine. It’s not going to do you an y good when you get to Paris and download your stuff from the net when you go to try and open a spread sheet and realize Excel is sitting on the book shelf.
Better idea…Keep your funky stuff in an external disk. Hack, make it a boot disk and mail it to your hotel so it is waiting for you. IF you trust the mail that is…
who needs excel? openoffice.org
since when was porn illegal?
hostmonster.com comes out to be cheaper than amazon cloud
$6-7 for 10gigs+ a month. virtually unlimited transfer
no, amazon is $.15 a gig, which means 10 gigs would be $1.50
Plus the transfer for the data, which is $1.00 for up, then $1.70 for down, which comes out to $4.20
If you get much higher than 10 gigs, other services do come out cheaper.
The TSA is not looking through anyone’s laptop. Use common sense and it will be easy to figure out why. Don’t you think this fact would be newsworthy beyond crunchgear.com?
Guess you’re out of the loop just a little.
http://www.news.com/Police-blotter-Laptop-border-searches-OKd/2100-1030_3-6098939.html
http://www.wired.com/politics/law/news/2007/06/laptopsearches
http://weblog.infoworld.com/gripeline/archives/2008/02/laptop_searches.html
http://arstechnica.com/news.ars/post/20060727-7367.html
http://www.boingboing.net/2006/10/25/laptops-please-us-la.html
After reading through the CNET article it isn’t saying TSA is going to start doing this, it talks about customs agents in foreign countries doing this.
@ J: in response to your comment, don’t take classified documents on your next trip to Tehran, because customs agents do have the authority to check all your sh*t.
@ Dana: External disks are slow, unless you have an external SATA or SAS controller (which I haven’t seen on any laptop, but doesn’t mean it doesn’t exist).
Virtual Machine, Virtual Machine, Virtual Machine!
Actually you’re wrong. On my return flight from overseas I had 1TB of documents that were classified for one reason or another. They asked to see the hard drives, where they quickly learned I wouldn’t even take them out of the bag due to a set or Courier Orders and a Courier Card. This wasn’t a one time thing either, on following trips to various countries, they would attempt to scare me into giving up either my laptop or any external media I have, same thing applied. If you truly have sensitive info you’re authorized to transport, you’ll have the appropriate paperwork to protect it. My 2 cents
Special cases my friend. I’m sure the Pope doesn’t get frisked at customs either.
being associated with DSS or having a diplomatic passport changes how a person is treated and what their customs experience will be.
I’m just an average joe like everyone else, but if you have legitimate information that needs to be protected, then you will have access to the proper paperwork. My response is not aimed at someone who just doesn’t want someone to peek at their stuff, its aimed at the person who flat out cannot let someone look at their data. While this is a complete invasion of privacy, no argument can mask that truth, if you have nothing to hide and your life isn’t based entirely on principle, this is just another minor inconvenience
What about draining the battery or taking the battery out and carring it in a another piece of luggage?
Then they’ll probably go through your bags and find your AC adapter.
Are you suggesting that people paid to look for data can’t travel to /Users/ in Finder? Also, rebooting the Mac in Target Disk Mode sets up the unit as a FireWire hard drive. It only takes one checkbox for OS X to ignore permissions.
The correct course of action would be a hidden account and FileVault.
I think someone is confusing the TSA with Customs.
I just won’t go to naziusa.
This is a bunch of BULLSHIT. No matter what information is on my computer, i.e. anarchy, anti-establesment, blah blah. It will not kill someone. This is clearly an invasion of privacy and my rights.
For more government BS check this out. http://perfspo.com
Rick Rolling is getting old fast
@Rick: Read the related article, it’s not TSA it’s customs. when entering another country or returning to the US you pretty much have no rights until they grant you entry.
dump the rick roll, it was funny the first 500 times but now it is getting really old really fast
WTF. Upload your hdd online then redownload everything again.
Total f-ing waste of time.
Who has a connection to upload and download 100gb every time they fly. Useless.
I’ve heard that customs and TSA are both interested in your laptop. I’ve heard firsthand confirmation of customs, for example.
Goodness some of you people are tards. Its not TSA doing this. Its Dept of Homeland Security doing this at Customs inspections when you re-enter the country from abroad.
If you don’t leave the country, you dont have to worry about this.
Yet.
Yeah Ryan is right, just don’t leave China euh America.
A background in macs? Lol.
Why don’t we just say no to the TSA and advise them that a laptop is personal property. No different than coming into your home to search.
You want to search my laptop, show me the court order.
To which they will let you know that coming back into the country is not a right and you are welcome to wait until you are more ready to cooperate. There are more ways than a court order to get your permission.
It’s Customs who is suppouslly doing this, not Inmigration so you are already in the country and they’ll need a court order.
I’m pretty sure until you clear customs you are not technically in the country yet. The supreme court has ruled that there is an exception to the 4th amendment when re-entering the country.
But really I’ve never had to do more than show my passport at customs when re-entering. The fact that they can search your stuff does make me feel uncomfortable, but really I already thought they could go through all of your stuff anyways.
@ JRB You Want Entry into the country, show me your laptop…
Simple version of this article:
- take a GHOST image of your drive onto an external,
- take the file, zip it with a password with WINRAR,
- change the .zip extension to .jpg
- simply give it the HIDDEN property,
- format your PC.
When you go through customs they see a blank laptop, with a blank external.
They will have to be smart enough to find the file,
then change the extension,
then crack the password,
then have ghost img software to load the img,
then finally find your stuff.
Is the govt that smart?
Short answer: Yes they are.
When presented with a blank laptop and blank external my guess is it will raise some red flags to regular inspector guy. Regular inspector guy will then call comp-u-know-it-all guy who will then check it. It being a customs situation their other option is to seize it and inspect it further or, like AODH and Tim said, not let you into the country.
because a wiped laptop and a blank drive arent suspicious.
the first logical thing is to look for hidden files and a 5gb .jpg is a huge red flag.
That’s not a very effective way of wiping your laptop, considering that if you reload all of that sensitive information after traveling to your destination, you would then have to wipe it (clean install of OS including all of your software re-installs, wireless configurations, etc.) again — a drawn-out process which most business users either do once every Windows release or have IT do it — seeing as you would, very obviously, be going back through those checks on your way home.
Nice try with the advice, I hope you’re paid well for it.. Well, technically getting paid anything is overpriced.
Listen, this is an easy problem to fix. Simply put anything you don’t want found into a hidden folder then set it to be hidden. As far as customs agents are concerned they’re happy as long as you boot up your computer and it doesn’t say KILL WHITEY! on the desktop.
It’s much simpler to just remove the hard drive from the laptop, leave it in your desk at work. Put an Ubuntu 7.10/8.04 live CD in the CD drive and boot from that. From the CD, I can open an encrypted SSH tunnel back to my computer at home or work and access all my files with the remote desktop viewer. It’s as if I’m at my desk as long as I have a broadband connection where I’m at. If I need to open an Excel spreadsheet or a Word document, it’ll open in Excel/Word remotely or Open Office locally from the ram drive if I copy it over to the laptop.
Once I power down the computer, all data is gone.
If Customs wants to examine the laptop, sure, go ahead. There is nothing to examine except a standard Ubuntu CD in the optical drive.
If they ask you why there is no hard dive in the computer, the answer is data security. What’s not there can’t be stolen or copied. Simple.
WTF!! Has the Fourth Amendment been completely forgotten? Remember folks, it’s become a truism that when we give up a little freedom in exchange for the appearance of security, we end up both less free and less secure.
how bout just copying all ur files to old floppy disks, or better yet cd/dvd put them in cases no one will really care …..or just put it all on an ipod after encryption and listen to some music while they tinker with ur top
Why not just take the whole harddrive out of the laptop and keep it on your personal carry on baggage… Im sure theres a million excuses one can come up with as to why it wont boot up if they freak out.
Oh man, traveling with a “non-functional” laptop? Are you trying to end up in prison?
Just put an Ubuntu live CD in it. It’ll still boot from that.
As a slight improvement over the Mac OS X instructions (which I’m sure apply to XP/Vista as well), just set the dummy account with kitten photos to be the default login account. This way, the mac goes straight from power on to that user’s desktop without a login screen. Maybe put a web browser in the login items with a default startup page of ‘Myspace’, so they’ll know that you’re completely harmless.
regardless of what our traitorous supreme court says, here is what the constitution says (which renders anything they rule to the contrary null and void [their claimed right to do so is not in the constitution and thus does not exist]):
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
don’t forget it, nor that our country is in the grip of traitors to everything thousands died to protect. the tsa is their creation and needs to be abolished as it obviously is an instrument of treason.
A country willing to give up liberty for security is going to lose both.
I for one will not show them any of my electronic data on the principal of preserving my rights set by the constitution. If enough of us refuse this will clog up the system and something will have to be done to rectify the situation. Also, since this is a grey area it will be dropped with enough attention. This war on terrorism is just another way for the government to claw deeper into our lives.
heck, I have a “my warez” folder on my comp in which I store all of my questionable stuff.
If I go anywhere I 7zip it (with the pass and everything), change the name to “jpg_0067″, then change the extention to .jpg and put it in some hidden program folder.
What is the chance of them finding that?!
Yeah, if they thought I had stuff on my computer they’d find it after a few days, but just booting up my comp would tell then all is okay, even though I have (visable) programs on my computer that I cracked.
I would never take my expensive laptop abroad with me since it could be damaged, confiscated, etc. If I needed to travel abroad, I would buy a used laptop that I could care less about and take that with me. Then if customs wants to snoop or confiscate, I could care less, since it would have nothing important on it.
apparently noone here has heard of the new contraption (hardware drive) theat Bill Gates and Microsoft came up with last year that plugs into your USB, and downloads EVERYTHING on your computer in a matter of seconds/minutes. I read about this a couple days ago, and Microsoft even is having classes they put on to teach law enforcement how to use the device- Tis easier to take/steal all your info instantaneously than to sift through everything on the spot. Do we really think that they gave us this technology to be freer, without them having a way to use it to entrap us? Maybe only long enough that we felt comfortable using it :P
Your article is a good one, however the title and content is slightly misleading… you’re actually talking about Customs. TSA is a different animal and handles domestic flights only, and they don’t have the authority to search your laptop (yet, and hopefully never).
Just thought I’d let you know.
Easy… Put your “Sensitive” files on a microSD card (if your traveling with more then 8G of porn then you have other issues) pop that card in your camera and be done with it. I seriously doubt that they are going to take the time to check your camera / cell phone / pda files unless you’ve been an ass about the laptop inspection.
First off it’s not the TSA it’s customs, basically feds at the border. Second, it’s not just laptops it’s all electronics, cell phone, mp3 player, camera, etc. They have given themselves the right to search it, make a copy of it, as well as confiscate it for up to I think the time span was a month or so, i forget. So, it becomes a let us see it, or we’re copying it (your also missing your flight), or confiscating it (you’ll hopefully see it in a month).
As far as uploading the entire contents of a laptop up to a server and back down again, seems only feasible if you don’t have much data or do just like typing and spreadsheets all day. Either that or I hope that time transferring and receiving that data is billable.
It’s utterly ridiculous though. The first court ruled it was illegal, second said it was legal, third confirmed the second’s decision. The case involved a guy coming from the philippines with pictures of a certain nature. Therefore once again pedo’s and terrorist become the gateway drug for more invasive search and seizure, further erosion of 4th Amendment Rights, etc.
What exactly are you all needing to hide? Do you really have such amazing stuff on your machines?
I travel in and out of the country quite often and have never been asked to start my computer, nor have I seen or heard of anyone else being asked. You are all way too paranoid.
You are asking about a question about content and implementation, which is really just the smoke and mirrors to hide power and control.
“…it is only too typical that the ‘content’ of any medium blinds us to the character of the medium.”
“For the ‘content’ of a medium is like the juicy piece of meat carried by the burglar to distract the watchdog of the mind.”
—Marshall McLuhan
You could always just run Linux without a GUI. ;)
This is freaking rediculous…. i don’t wan’t people looking at my porn… This is invasion of privacy !
This is a rediculous joke. This will be a waist of time for the TSA just making travelers more pissed off for their stupidity in new guidelines. This should be considered an invasion of privacy.
No company will allow this, companies will stop doing business with the US
if you are a business person and you have millions of dollars worth of company info on your laptop that you need for a meeting in the US
do you really want that info in the hands of a person making $5 a hour who can easily sell it to a competitor
idiots who take their pcs to geek squad will wind up with a lot of info in the hands of a $5 a hour worker who will copy what they find interesting (many articles on digg.com about this
this is a ridiculous solution.
Yep, sooner or later they will image all HD’s before you are allowed to proceed. The department of homeland security needs every single bit of confidential corporate and financial information to keep us all “safe” of course.
Just like everything else. Turn our once proud nation into a police state all the while convincing us how our country is such a better safer place for it. “Oh you would want us to do this… it’s for you own good of course.” It’s sickening.
wow. this makes me think twice about traveling to the states this summer. what a sad state of affairs.
Create a dummy account with your name, picture and some random bullshit. Hide the real account and you are in the money. Don’t think they got 1377 h4ck0rz there.
Har, Har, Har. These extra “security” measures have already been rendered obsolete. No one who has suspicious data is going to travel with it ON them, they will either post it to themselves or keep it stored on encrypted storage on the internet. Silly Americans, one step away from democracy and another one towards fascism.
FYI; good article on wiping hard drives under a variety of OS’s.
But this is what the work server and VPN is for. On the off chance I’m going to be in a country with little or no Internet I Fed Ex a cd with that info ahead of time. It’s not optimal but my companies secrets are secret for a reason.
Sorry, forgot the link: http://www.1nova.com/blog/?p=86