Hard drives and airports - question of legallity

 
0
 

Hi,

I have a friend who raised this question and it really got me wondering. I'm not so familiar with laws but basically he's going abroad on a holiday and of course is taking his laptop + ext hard drives with him. The problem (or is it?) is that he's concerned about having .mp3 and .avi files which were torrented and from what I saw the legallity of these files is questionable (as there were a lot of movies and tv series etc.)

He's worried about being searched and with the tightened airport security these days fears what would happen if his items were to be searched and hardware storage devices pryed into. What exactly is the ruling on these matters I.E in that condition if he was found with this material what would the Airport security/whoever is in authority do about it?

 
0
 

Don't worry about it -- airport security are just too busy to thoroughly search all the files on everyone's computers. All they want to see is that the computer is indeed a computer by turning it on to make it work. They don't really csre about what's on the computer unless the person's name is on some sort of watch list.

 
-2
 

Tell them to put this code into a notepad file change the password where it says:

cls 
@ECHO OFF 
title FolderLocker
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK 
if NOT EXIST MyFolder goto MDMyFolder 
:CONFIRM 
echo Are you sure to lock this folder? (Y/N) 
set/p "cho=>" 
if %cho%==Y goto LOCK 
if %cho%==y goto LOCK 
if %cho%==n goto END 
if %cho%==N goto END 
echo Invalid choice. 
goto CONFIRM 
:LOCK 
ren MyFolder "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" 
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" 
echo Folder locked 
goto End 
:UNLOCK 
echo Enter password to Unlock Your Secure Folder 
set/p "pass=>" 
if NOT %pass%== ************YOURPASSWORD************ goto FAIL 
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" 
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" MyFolder 
echo Folder Unlocked successfully 
goto End 
:FAIL 
echo Invalid password 
goto end 
:MDMyFolder
md MyFolder
echo MyFolder created successfully 
goto End 
:End

Then save the file as .bat and run it. Drag all the hidden files into this folder and run the code again. It will hide the folder, when they want to get there files tell them to run the file and enter the password they set, then boom there is their Hope this helps.

 
0
 

Or you can just create a TrueCrypt folder and stick the media files in there. While it is true that most airport officials are too busy (and too untrained) to thoroughly search a laptop, if you get singled out for any reason (I was once for being in possession oa a weapon of mass fruit - I forgot to declare an apple), that could lead to extra special attention in which case a laptop may be seized and searched because some underpaid grunt was having a bad day.

 
0
 

I forgot to declare an apple

That sounds like our border's Bio Security Policy here in New Zealand ;)

I've heard of people buying a 1TB HDD and making an innocent 500GB Windows partition on it, then making a TrueCrypt (or even just Linux) partition which occupying the remaining space. They store all of the files they don't want Border Security to find in the non-Windows partition. If Border Security takes your laptop, it'll boot up into Windows, and the only partition Windows will show will be the innocent one, so they find nothing you don't want them to. I've even heard of people using a similar technique on external HDDs, but putting 500GB decals and labels onto a 1TB drive so it's really authentic. The things some people will do...

Nothing wrong with techniques like these - perhaps you have fully legal files, but just want privacy - interlectual property for example.

 
0
 

I have been told that when entering the US, customs officials can insist that you reveal the password for an engrypted file or partition. I am not aware if anyone has successfully challenged the legality of this, for example, by claiming that the encrypted information contains priviledged lawyer-client communications. I do know that TrueCrypt provides a method of creating a second, hidden container within a TrueCrypt file in the event that you are forced to reveal a password. I suppose there are always other methods such as creating a TrueCrypt partition, then modifying the partition table manually so that it shows as RAW. There are always workarounds. However, never underestimate the power of computer forensic tools.

 
0
 

I have been told that when entering the US, customs officials can insist that you reveal the password for an engrypted file or partition.

Surely that can't be legal... I mean it is the US, but come on... it can't be legal, can it? Sure they can ask and insist all they want, you're never legally obliged, are you?

However, never underestimate the power of computer forensic tools.

By the same token, computer forensic experts should never underestimate the advanced computer user ;)

 
0
 

From How to Secure Your Laptop Before Crossing the Border

Do you regularly travel to the U.S. on business? If you take confidential information of any kind with you, take heed: US policy allows offers of Customs and Border Protection (CBP) to search and confiscate computers, phones, personal digital assistants, cameras, digital music players and other data-storing devices. Operating under the U.S. Policy Regarding Border Search of Information, agents have also downloaded the contents of entire computer hard drives and other storage media for later review. (Note: similar situations occur at the borders of other countries as well.)

For many travelers, CBP reassurances that confidential data is handled carefully ring hollow. And travelers who resist searches, even by insisting that such searches would require a warrant and probable cause if conducted within the United States, can be detained, sent back to their country of origin or otherwise grievously inconvenienced.
These recent developments have many legal experts and others asserting that the "border privacy" playing field is undeniably tilted in favour of border agents.

This article suggests 10 steps you can take to shield sensitive information, like that protected by solicitor-client privilege, when crossing the border. Each one comes with caveats, the most important of which is that there are no guarantees. You should consult an IT security expert to help you choose the best options for your needs.

And Laptop Searches at the Border: What the Revised U.S. Guidelines Say

In summary...

U.S. Customs officers have the authority to search and detain any device capable of storing electronic information for any reason; they can examine the electronic device without the traveller present; they can copy from the device or "detain" the device; and they do not need to obtain the traveller's consent to conduct the search. "Electronic devices" can include computers, BlackBerrys or similar devices, cell phones, travel drives, DVDs and CD-ROMs, cameras, music and other electronic media players.

Surely that can't be legal... I mean it is the US, but come on... it can't be legal, can it?

Since the passing of the Patriot Act your actual rights have been severely curtailed. As far as I can tell, the government's definition of legal is now "whatever the hell we want to do". Remember Nixon's "if the president does it then it isn't illegal"?

 
0
 

What about securing with RAR with a password and setting that particular file's view to hidden, and not revealing the password for the RAR out. IF you've been pulled over for something silly like undeclared fruit and you refused to reveal your password. How easily would that be crackable?

 
0
 

You saw the part about "detained or sent back to their country of origin"? How happy would you be if you flew from (for example) England to New York, then were sent back home because you refused to reveal a password? Would you be happy because your password was uncrackable? I know this is unlikely, but the possibility exists. I occasionally have problems crossing into the US because I have mild Tourette's so I appear nervous and fidgety at times. Kinda makes me a target to the right official. And I almost always travel with my laptop.

 
0
 

Copy and zip up the files you're worried about, e-mail them to yourself,or upload to the cloud, remove them from the drive, and get them back at your destination.

 
2
 

I have been told that when entering the US, customs officials can insist that you reveal the password for an engrypted file or partition. I am not aware if anyone has successfully challenged the legality of this, for example, by claiming that the encrypted information contains priviledged lawyer-client communications.

you'd just be detained even longer and probably end up with a terrorism charge just to get you to cooperate.

best way to avoid trouble is to have nothing to hide, so no pirated stuff, no pr0n, and no bomb making plans.

 
0
 

I have been told that when entering the US, customs officials can insist that you reveal the password for an engrypted file or partition.

And if you refuse...

you'd just be detained even longer and probably end up with a terrorism charge just to get you to cooperate.

That's an amazing exercise in futility. I would be very surprised if modern governments and especially intelligence organizations would be so unaware of obvious techniques for keeping secrets. I mean, if you really want to keep encrypted data safe then it can be safe to a degree second only to your own private thoughts.

If you are in a position to demand that someone give you the key to some encrypted data then you should either expect that the data is unimportant or else you are being given a key that will cause the decryption to only reveal an unimportant part of the encrypted data that was put there just for you to find in this situation.

Never underestimate the power of computer forensic tools.

Modern encryption can laugh at the power of computer forensic tools. Every bit you add to the length of your key doubles the time it would take to break your encryption. If you want to encrypt something that can't be decrypted by force within your lifetime, then you can have that. If you want to be sure the sun has died before your encryption can be broken, that's just a few bits more.

The person who makes the encryption always wins because that person makes the rules and that person has no reason to play fair. You couldn't even make laws calling for restrictions on encryption techniques. I mean, a government might pass a law demanding that all encryptions play by rules of the government's choosing, then intelligence organizations might expect to be able to legally act upon finding an encrypted file that used some illegal encryption technique that might be hiding something.

They might expect that for a few seconds until they thought about it and realized that encrypted files could be disguised to look like innocent files. How long would it take terrorists to write encryption software to encrypt files into bad fan fiction? It will be a truly terrifying future when people get convicted for possession of fan fiction so bad that a jury is convinced beyond a reasonable doubt that it could only be an encrypted terrorist message.

 
1
 

If you want to be sure the sun has died before your encryption can be broken, that's just a few bits more.

There's always a chance their first attempt will be correct. It's small, but it's always there, so you can't quite be 100% sure that the sun will have died.

 
2
 

Someone I don't know was given an encrypted hard disk and a USB stick containing the keys. The hard disk had a glass platter. He was instructed to hide the USB stick somewhere safe, and 'accidentally' drop the hard disk if challenged. The glass platter would break and any data would be unrecoverable.

Unfortuantely it wasn't his lucky day, and when customs pulled him over he dropped the USB stick instead. I guess he must have been walking funny.

 
0
 

He was instructed to hide the USB stick somewhere safe, and 'accidentally' drop the hard disk if challenged.

That is so much more pitiful than an intelligence organization trying to force someone to give up a key. At least you can admire the perseverance of intelligence organizations. They know that the deck is stacked against them and they have no real hope of ever discovering important encrypted secrets, but they still struggle against the odds. They ask the terrorists to give up the key because it is the only hope of finding the secrets.

On the other hand we have people smuggling encrypted secrets, the people who have limitless resources and every imaginable advantage. It is mind-blowing that such people would resort to such crude tactics, especially wasting a perfectly good hard disk.

 
1
 

Why would terrorists resort to trying to smuggle any kind of data, encrypted or otherwise, across international borders on physical media? This is just stupid. All you have to do is encrypt it or hide it using steganography and park it online on a server somewhere - even as an attachment to a draft message in hotmail. Then you can access it from anywhere. No need to arouse the curiosity of a border guard with a physical device. If you use a technique like bit slicing you can divvy up the data into physically separate packages and store it online in several different places. If you do that then the data can't possibly be decrypted without having all the pieces and knowing how they go together.

 
0
 

At least with physical media you know who has access to it. You can't really know what goes on in the internet. Hotmail might be secretly working against you. Even if they can't decrypt your messages, a collaboration of internet servers could track down everyone who accesses your encrypted files and build a list of suspects.

Because modern encryption is so invincible, it must naturally highlight the weak points in other parts of the system. The only chance for anyone to read on your messages is before they are encrypted and after they are decrypted, which means you need to avoid being spied upon, but you can only do that if you are anonymous, and you can only remain anonymous if (A) no one suspects your messages or any of your allies, or (B) no one can trace the path of messages to and from your allies.

The best way to obfuscate the path of a secret message is to have it travel through multiple media. A radio signal can be traced to its source easily, but only while the signal is being broadcast. A wire can be traced at any time, but it takes time proportional to the length of the wire. If the wire leads to a radio receiver, and by the time the wire is traced the signal has stopped, then the source of the message is impossible to trace any further. So if you want to be very safe, you want to send your encrypted messages along a journey of many legs, by internet, by radio, by wire, by physical medium discreetly passed among multiple couriers, and by any other media you can imagine.

 
0
 

hey, if the opposition expects you to do something, do something so completely different they'll never suspect it were you even if they discover it.
I'd call that smart, not embarrassing ;)

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article