Department of Homeland Security Copying Personal Data and Stealing Laptop Computers from Travelers
February 8th, 2008Via: Washington Post:
“I was assured that my laptop would be given back to me in 10 or 15 days,” said Udy, who continues to fly into and out of the United States. She said the federal agent copied her log-on and password, and asked her to show him a recent document and how she gains access to Microsoft Word. She was asked to pull up her e-mail but could not because of lack of Internet access. With ACTE’s help, she pressed for relief. More than a year later, Udy has received neither her laptop nor an explanation.
ACTE last year filed a Freedom of Information Act request to press the government for information on what happens to data seized from laptops and other electronic devices. “Is it destroyed right then and there if the person is in fact just a regular business traveler?” Gurley asked. “People are quite concerned. They don’t want proprietary business information floating, not knowing where it has landed or where it is going. It increases the anxiety level.”
Udy has changed all her work passwords and no longer banks online. Her company, Radius, has tightened its data policies so that traveling employees must access company information remotely via an encrypted channel, and their laptops must contain no company information.
At least two major global corporations, one American and one Dutch, have told their executives not to carry confidential business material on laptops on overseas trips, Gurley said. In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.
The U.S. government has argued in a pending court case that its authority to protect the country’s border extends to looking at information stored in electronic devices such as laptops without any suspicion of a crime. In border searches, it regards a laptop the same as a suitcase.
(FWIW, I would have thought this would go under “Police State”.)
It’s just another little thing to instill a dollop more fear, with the ultimate goal of cowing the populace. Truly, these guys are masters of “boiling the frog”.
Ok, that’s it.. I’m never bringing my laptop again on a flight.. I had heard about this laptop searching business about a year ago, I thought it was either a rumor or it was just extremely rare.. but after having read this.. that’s it, I’m not taking any chances!! No laptop.. or, have a laptop with literally nothing installed on it, and just pop in a Ubuntu Live Boot CD when you need to use a computer at your destination.. and access data via an encrypted VPN tunnel back to your house/data… this is really sick guys.. what’s on your laptop is like peeking inside someone’s entire personal life and brain.
@ anothernut
It could have been police state, surveillance, social engineering… I just get sick of ticking so many boxes sometimes.
@ Mark
Climb aboard the Cryptogon time machine back to 2006 where I suggested taking laptops without harddrives installed:
https://cryptogon.com/archives/2006_10_01_blogarchive_month.html#116174017641673187
…Consider traveling using a laptop without a hard drive installed. When you need to do work, boot a live-CD OS and use a virtual session on some server located in a free country. Let the f*ckers at the airport examine your laptop until the cows come home. What are they going to find on a computer with no hard drive?
Or, maybe a laptop without a hard drive installed will win you instant enemy combatant status…
Have a nice flight…
You can reduce the risk of unwanted parties accessing your data by storing it on an encrypted filesystem. That way if your laptop gets full cavity searched by TSA, lost, stolen, or otherwise disappeared, the chances of disclosure are significantly reduced. I also recommend this strategy for home computer systems since burglars often steal computers containing all sorts of sensitive personal information that can used for identity theft, blackmail, and all sorts of confidence games.
You still have to use good passwords, have good physical security to ensure that nobody has installed a keystroke logger or hidden camera to steal your passwords, etc.