• Happy holidays, folks! Thanks to each and every one of you for being part of the Tom's Hardware community!

DHS Introduces Rules for Airport Laptop Checks

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
Yep if your going to travel, encrypt the drive and use a long complex password, you can remove the encryption later, don't use a password that can be brute forced

use a long one

they cant force you to give up encryption keys but they can brute force

be sure the device is off and battery removed as you can recover encryption keys from memory up to 5 minutes in some cases after the laptop has been powered off, so turn it off and remove battery for about 5-10 minutes before packing the laptop up

if they really want the data on the PC let then spend a few thousand dollars in hiring someone to attempt to crack it

I have never had my equipment searched but if it ever is, they would have a hard time getting past the encryption only to find out that theres like multiple other encrypted drives and files in the pc, with nothing in them :)

isn't disappointment great :)

it is like those Russian dolls toys where when you open it it is the same exact doll just smaller until when you reach the last one and nothing :)


if theres a limit to the time they can hold a item then do that, put encrypted volumes in your ipods, pocket pc's pda' PSP' cellphones and any other device that holds data. it will be a great way you waste their time

you don't need anything in them it will still show up as random data in a hex editor

if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped

it is an invasion of privacy, especially if other humans are looking at your content

how many times have you seen on the news about people sending a computer to a repair shop and the workers will start looking through their personal files

imagine giving your system to people whose job is to look through your stuff, it is a privacy problem

if they replaced the human workers with hamsters or squirrels who have no interest in out personal stuff then I will be a little more ok with the searching but the way it is now, it has to stop, it is just a major inconvenience to anyone who goes through with it
 
but hey, it keeps us all safe
Click to expand...

I laughed so hard I almost shit in my pants.

This is still BS. My coworkers and I have to travel with laptops and blank drives quite often to perform forensic data collections and we have had instances were Totally Stupid Annoying officers confiscated blank hard drives and never returned them. We can not wait 30 days for our equipment to be returned either we need it immediately. So far we have not had an instance where they have confiscated a client original; not sure what to do when that happens.


 
suspected of having evil data in your harddrive that enable you to take over the plane!! i couldnt find a REAL good reason that allow the evil empire to take over your harddrive
 
Encryption and Setting a user password on your laptop is a must for private files. I would never log into my computer for these guys much less as mentioned above unencrypt personal files for the Federal Government. Use those super computers and go to town, make em work.
 
if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped
Click to expand...
Actually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.
 
Yep - Encryption is the key. If you've got a laptop, use whole disk encryption with a really good, long passphrase. Any sensitive files can be further protected inside of TrueCrypt container files. Use the passfile feature on TrueCrypt, which should essentially remove brute force from the table as a decryption option, provided "they" don't get your passfile. How to prevent that? Leave the passfile at home with a trusted party who will email it to you once you confirm that you're safely at your destination, and safely past the border. If you're worried that your passfile might be intercepted in transmission, then keep another (unused) maximum entropy passfile within the encrypted container and change the passfile to that one before your return trip. Leave it with another trusted party to email back to you upon your return (or just leave it at home before you leave in the first place). Under NO circunstances carry the clear text passfile with you. Yes, this will render you data inaccessible until someone send it to you, but its inaccessible to EVERYONE.

And now for the how to piss off DHS department ... Use TrueCrypt to create a number of encrypted containers with strong passwords and maximum entropy passfiles. Then destroy the passfiles. Idealy ensure that the passfiles never actually existed in cleartext on any media your carrying wit you, but at least do a secure erase on them. Now you've got a number of encrypted containers, which can ONLY be accessed by brute force ... but you used maximum entropy passfiles to encrypt the volume header. That should suck up quite a few cycles on someone's supercomputer, and if they ever do get in, they'll find exactly ... nothing.
 
[citation][nom]Honis[/nom]Actually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.[/citation]

then we will just have to boycott the airlines and border checks, use portal guns to get where we need to go :)

or if needed you can also fill your portable medias free space with tons of the most disturbing non illegal content you can find and make all the workers scared to randomly check laptops with out a really good reason :)

anyway this will eventually ruin the economy further

most major companies do not use the internet or mail when transporting highly sensitive information, and theres no trusting a someone else to look at it who isn't in the company, trust me giving the chance a worker getting $13 an hour wont resist copying info from a company computer if that information could be worth millions, companies will just avoid doing business with the US.

those places go crazy about protecting the privacy of them self and their workers, if you even try to go to a private area or ask a worker for any information not giving out to you from the start, you can probably get arrested, why not extend some of that privacy our way, or level the playing field, if you can look through our stuff then we can look through your stuff at will.
 
What the hell?! The Airports can do that?! Well... I better hide my porn. But seriously , I dont want them going around on my computer and fucking up the settings and deleting stuff. If I ever go anywhere I'm going to HEAVILY encrypt my computer. And I'm going to bitch about not being able to use it for the 7 days I'm gone in another state. In fact if I'd have to go through all that trouble I'll just mail the damn thing to the place I'm staying then fly after it gets there.
 
I have been detained for more the 1h after the custom agent found a box of floppy disks. I was searched and the plane was delayed more then 30 min because of me. The big question is when and where this happen?
It happened on the fly to Moscow from formal socialist country in 1988. I was sure that I will never going to experience police state when I move to USA, but congratulations every one USA now is no better then USSR just 20 years ago.

There is absolutely no difference if they seize you computer for 30 days or for ever. They need only few minutes to copy entire drive and unlimited time to break the encryption sooner or later. And until I see the source code of Windows I am going to believe that there is backdoor put for them. The only encryption program I trust is TrueCrypt, but it is limited by the under lying OS. There is no way to guaranty that your encryption key was not stored by Windows into the swap file.

I agree that equipment should be searched for concealed weapons and explosives, but snooping inside my data has no justification at all. I would like to ask everybody to thing for a moment and answer to the following questions:
1. If terrorist is coming to the country with laptop, the custom holds the laptop, but lets the terrorist enter the country, how this improves our security?
2. If the government is allowed to hold your computers for data examination, should the government be allowed to hold anyone for 30 days for interrogation to find out what information we are holding in our heads? (Note the brain is much easier to crack!)
 
One Word: Paranoia

46 out of 221 Million people had something of interest.

If the entire population of the planet, 6 billion people, crossed the border with devices in hand there would only be about 1300 intensive searches. Much ado about nothing.

You have nothing of value or interest on your devices.

Remove youR tin foil hat.
 
[citation][nom]GenKhan2[/nom]One Word: Paranoia46 out of 221 Million people had something of interest.If the entire population of the planet, 6 billion people, crossed the border with devices in hand there would only be about 1300 intensive searches. Much ado about nothing. You have nothing of value or interest on your devices. Remove youR tin foil hat.[/citation]

yeah... ya know what? I'm just gonna totally stop worrying about the privacy of my data. Because you said so, and because i'm confident that all ppl empolyed by the US government adhere to rules and good moral standards.. and they would never do/take anything for their own personal gain either.

...TH comments need to have a eyeroll emote
 
Sal-e... don't run a swap file if you believe the key is stored there.

And, everyone else... FedEx your electronics to your destination.
 
Someone missed the whole point. The Fourth Amendment to the United States Constitution is the part of the Bill of Rights which guards against unreasonable searches and seizures.

The key issue here is that the DHS, or any law enforcement agency, needs reasonable cause to search and seize a computer. It is these FREEDOMS that the war on terror seeks to protect. Why would our government betray its citizens and the spirit of the constitution in such a way? It seems unconstitutional.
 
[citation][nom]otacon[/nom]How do I know that? I used to work for the TSA. 1,000 out of 221,000,000 coming into the USA....what are the odds you're going to get picked? Sheesh some people are idiots... give me a thumbs down I don't care... some of you people are nuts.[/citation]

[citation][nom]otacon[/nom]If you're coming into this country with a fully encrypted latop AND they picked you for some reason to go over your laptop?...LOL you won't get the laptop back until they read the files and if they can't?... it will have some kind of "accident" and you'll never get it back. Just put the files on a thumb drive and stick it in your check bagged... this isn't rocket science.[/citation]
Thank you for providing the prof. That is exactly why TSA should not be allowed to do this on first place.
 
but hey, it keeps us all safe.
Click to expand...
Good thing you're Irish or else I'd say you'd qualify to be a perfect American citizen with that statement.

I'm sure terrorists will keep laptops or other media devices full of evidence against them and get caught cause the DHS is so effective in it's job. But hey, whatever helps you sleep at night right?
 
One note about truecrypt, the documentation states that disk defragmentation software can pose problems for encrypted volumes: http://www.truecrypt.org/docs/ "look up defragmentation". with respect to thumbdrives, I wouldn't doubt that at some point they'll use x-ray machines with enough resolution to see them in your luggage, open them up and seize those too. Some day in the future the US government may require all storage devices have a hardware based backdoor for the government (NSA, CIA, FBI) to get past any and all encryption, this couldn't work for optical media. Since many thumb drives have built in encryption, I wouldn't doubt a requirement on any device made or sold in the US which is capable of storing digital information must have a means of recording encryption keys, passphrases/files, etc. I can also see new legislation requiring the US Postal Service and any courier companies handling electronic devices to permit searching and data copying of storage media. Several months ago I watched a TV show on PBS in the US on the NSA. After 9/11 the NSA started a program of collecting information on US citizens. They put in splitters in AT&T fiber optic cables at the switching stations in the US as those cables came in from Asia and Europe. The copied every bit, yes bit as in eight bits in a byte, of data that came across. They store 9PB, petabytes of data on americans each month, that's 12 filing cabinets of info each month on every american. Now they are just trying to crab more. In Canada, ISP's must now allow the RCMP to intercept all internet traffic. This kind of thing makes a wanna live in a log cabin abscent of all technology.
 
The laptop i use when going on holiday has a battery span shorter then the boot time of windows 😀 ... guess that would mean i cant log in and thus lose my laptop at the border ?

Would i be able to claim theft at my insurance company if DHS unlawfully (no clear suspicion)takes my laptop ?

This might be my tinfoilhat speaking but if any one at the border wants to check my laptop for anything i would just turn around.
I have been to some pretty scary places in the world and not once they asked me to turn on my laptop and login!
They just asked me to power it on to see that it in fact is a working laptop not a case of C4 which is better then using runtgen on my hardware.

And even so ... we all know that "important" data is smuggled by those with "diplomatic" immunity any way.
 
Hmmm.... I went to the US a few years ago with my boss for a conference with one of your carriers. Of course, I had both laptops in my carryon, boss-types can't be bothered...(not really fair, boss had every allowed square inch of his carry-on stuffed)

Anyway, we waited for the interminable line to slowly shuffle forward, finally got up to the 'search' area. TSA guy takes one look at two laptops, and starts giving me the quiz... Politely enough, but... OK, I was grumpy. It is a long flight from Sydney, AUS. One of the questions asked was 'what are the passwords for the laptops?' I explained that there were no passwords, that the laptops only had an OS on them. Raised eyebrows. 'Not providing the passwords is a violation of american law, and you could go to jail be fined or be refused entry.'

In the end they confiscated the laptops but allowed me to pass through. Found my luggage, found my boss, and we got a taxi to our hotel. 'What do we do now?' boss asks. 'Plan b. You sleep, I'll grab a taxi and buy us two more, and new os's, then spend the rest of the day getting everything set up...'

We never saw the laptops again, never got any contact further from TSA. And it became policy that no one from our company took a company provided laptop, PDA, whatever on any trips to the US.

Last thing I did prior to going to the airport was upload all new files on our new laptops back to home servers, download a known good drive wipe utility, and wiped both drives. All night. (I slept...) On the way out of our rooms, we left the laptops with a note to the cleaning staff, 'Consider these laptops part of your tip.'
 
croc: ... did the dame in red return ? ... was it the cook with the doorbell in the cellar? would the tip explode in time for breakfast ?

Dude you should write short story's or some.
 
Love for a bud to check my comp...
"WTF is this freak into!?!? 18 girls, a hamster, a horse, 1 cup.. all at once? Is that possible?? Just give the guy back his damned laptop!!"
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom