Defending your privacy at the border

anvilfour

With the draconian laws in place in the US and UK, devices can be seized and travelers detained on a whim. If your devices are obviously encrypted the authorities in some cases can make life very difficult for you or even bring charges.

The EFF gives an excellent rundown of the problem while suggesting various strategies:

https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices

This is a topic close to my heart as I have been travelling a lot between UK and the rest of Europe in the past weeks. I've been getting by, by having a USB stick with an encrypted version of Linux installed on it which I boot from on the machines of friends and colleagues as needed.

Would love to hear how the rest of you keep your data safe.

Despite my hatred for those who say, "The best security is to live in a cave" or words to that effect there is actually compelling reason to travel without electronic devices at all, either mailing them ahead first or buying/renting them when you're on the other side.

Update : I am a little bit concerned that Microsoft's Bitlocker is considered the "gold standard" for encryption, think we need to make up our own minds!

utmbuilder

I think I saw on one of them Aussie border programs they found a CV on the guys laptop.. i was like lol what the hell

Head The Wall

Is this not encroaching on tinfoil hat territory a bit, you say "you've been getting by, by having a usb stick to boot from". How often has your data been searched when traversing citations in any country or are you just overly paranoid.

I have never had a laptop or drive searched, I've never heard of any colleagues or friends having this imposed on them nor ever seen anyone else get pulled aside while going through security

Speedwell

I worked in the IT department of a massive multinational based in the US. Neither I nor my US-based colleagues nor anyone from our foreign locations ever had our data searched, in thousands of overseas trips. I admit a lot of us geeks had read the same articles and taken various encryption precautions. After all, if you have data that is of interest to border control, it only takes once. However, if you have data that is of interest to border control, they probably already know who you are and what the "interesting" data is likely to be.

I carried a backup drive in my handbag in addition to the laptop itself. This would likely have come in handy the time I was a bit too hasty trying to get all my stuff packed up after baggage check in Heathrow T5 and the laptop went skittering about five meters into foot traffic (it miraculously survived, lol). But in the worst case scenario (my laptop being unusable) I could have worked from my backup drive on a spare computer. Some of my colleagues overnighted a USB backup of critical files to the new location. I think my boss just uploaded his stuff to the company server; he traveled back and forth from the US to the UK enough that he literally had a computer (and a desk) in both locations. Today I would probably upload temporarily to "the cloud", but I'm not an "international man of mystery", I'm just a garden-variety business analyst.

anvilfour

Head The Wall wrote: »

Is this not encroaching on tinfoil hat territory a bit, you say "you've been getting by, by having a usb stick to boot from". How often has your data been searched when traversing citations in any country or are you just overly paranoid.

I have never had a laptop or drive searched, I've never heard of any colleagues or friends having this imposed on them nor ever seen anyone else get pulled aside while going through security

Well if you've never heard of it then it can't possibly have happened. :rolleyes:


http://www.wired.com/images_blogs/threatlevel/2013/03/border.pdf

http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_detained_at_border/

https://nakedsecurity.sophos.com/2015/05/14/warrantless-laptop-seizure-at-us-borders-shouldnt-be-rubber-stamped-rules-judge/

Also a few stats for you c/o our friends at the ACLU:

Between October 2008 and June 2010, over 6,500 people traveling to and from the United States had their electronic devices searched at the border. Nearly half of these people were U.S. citizens.

You can find the original data : https://www.aclu.org/government-data-about-searches-international-travelers-laptops-and-personal-electronic-devices

By all means, take your chances though. I'd rather be certain my data is safe!

p.s You asked how often my data has been searched when going through security. As I mentioned in my post I don't carry a laptop through security any more so my total number of laptop seizures is a big fat zilch. Stop me if this is getting too technical! :-D

Asmooh

anvilfour wrote: »

With the draconian laws in place in the US and UK, devices can be seized and travelers detained on a whim. If your devices are obviously encrypted the authorities in some cases can make life very difficult for you or even bring charges.

The EFF gives an excellent rundown of the problem while suggesting various strategies:

https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices

This is a topic close to my heart as I have been travelling a lot between UK and the rest of Europe in the past weeks. I've been getting by, by having a USB stick with an encrypted version of Linux installed on it which I boot from on the machines of friends and colleagues as needed.

Would love to hear how the rest of you keep your data safe.

Despite my hatred for those who say, "The best security is to live in a cave" or words to that effect there is actually compelling reason to travel without electronic devices at all, either mailing them ahead first or buying/renting them when you're on the other side.

Update : I am a little bit concerned that Microsoft's Bitlocker is considered the "gold standard" for encryption, think we need to make up our own minds!

haha, I just ordered a new BlackBerry because of privacy and they wont get my unlock code :P

anvilfour

Asmooh wrote: »

haha, I just ordered a new BlackBerry because of privacy and they wont get my unlock code :P

Good man, just make sure they don't get their hands on your backup!

Asmooh

anvilfour wrote: »

Good man, just make sure they don't get their hands on your backup!

Holy****

I didn't know it was 2010...

"1976 days ago" and is that BBOS 5 they are talking about? gosh....nope 6.0 maybe
Lets talk about how safe [url=https://en.wikipedia.org/wiki/IOS_version_history#iOS_4
]iOS 4[/url] is.. or maybe Android 2.2 because it's 2010 isn't it?

anvilfour

Asmooh wrote: »

Holy****

I didn't know it was 2010...

"1976 days ago" and is that BBOS 5 they are talking about? gosh....nope 6.0 maybe
Lets talk about how safe iOS 4 is.. or maybe Android 2.2 because it's 2010 isn't it?

How are things different now? Do enlighten us!

A few more recent links for your viewing pleasure wherein Dutch Police are claiming they have broken blackberry encryption - this is only a month old. Blackberry are denying it.. but then they would, wouldn't they?

https://nakedsecurity.sophos.com/2016/01/13/police-say-they-can-crack-blackberry-pgp-encrypted-email/

http://www.theinquirer.net/inquirer/news/2441512/dutch-police-claim-to-have-cracked-blackberry-encryption

Also this tool provided by ElComSoft works on BlackBerry 7 OS and earlier.. you see there's this thing called updates..

Asmooh

anvilfour wrote: »

How are things different now? Do enlighten us!

So you are saying that nothing changed in those years?

First, BlackBerry OS is not even the same as BlackBerry 10, second my BlackBerry is using android funny detail or about mine

anvilfour

Asmooh wrote: »

So you are saying that nothing changed in those years?

First, BlackBerry OS is not even the same as BlackBerry 10, second my BlackBerry is using android funny detail or about mine

I noticed you conveniently ignored the fact that the tool I mentioned is in active development and can break the encryption. Might want to think about doing a little research next time before posting!

Asmooh

anvilfour wrote: »

I noticed you conveniently ignored the fact that the tool I mentioned is in active development and can break the encryption. Might want to think about doing a little research next time before posting!

I am dutch, that news article from the police? well there never have been proof of it from both sides.

Second. Nobody uses BlackBerry OS before 10, 7 is not in production anymore, the last update was in 2012.

Same is: iOS 6.0
or: Android 4.1


"Between October 2008 and June 2010"


Keep posting information from 6 years old and information about an OS which last update was in 2012...

try something with BlackBerry 10 instead.

anvilfour

Asmooh wrote: »

I am dutch, that news article from the police? well there never have been proof of it from both sides.

Second. Nobody uses BlackBerry OS before 10, 7 is not in production anymore, the last update was in 2012.

Same is: iOS 6.0
or: Android 4.1


"Between October 2008 and June 2010"


Keep posting information from 6 years old and information about an OS which last update was in 2012...

try something with BlackBerry 10 instead.

You've had articles dated this month, if you don't want to believe them you're responsible for your own ignorance!. The software works on Blackberry 10 readily enough as far as I can see, something you'd have seen if you did your homework rather than try and look smart.

As for refusing to hand over your PIN, aside from the fact that doing so is useless once your backup is compromised, you can be compelled to do so on pain of prosecution- that's kinda the point of the thread.

Asmooh

anvilfour wrote: »

You've had articles dated this month, if you don't want to believe them you're responsible for your own ignorance!. The software works on Blackberry 10 readily enough as far as I can see, something you'd have seen if you did your homework rather than try and look smart.

As for refusing to hand over your PIN, aside from the fact that doing so is useless once your backup is compromised, you can be compelled to do so on pain of prosecution- that's kinda the point of the thread.

Yeah articles with no background and the institute refuses to comment on it.
And I did check the website, looks more like scam site.

And depending on what is on your backup, my backup is mostly nothing more than basic config with no accounts setup or anything.

if you don't want to believe them you're responsible for your own ignorance!.
Sounds like an iPhone user saying "my devices is the best and I dont care what you think"


anyway.. this is indeed going nowhere

anvilfour

Asmooh wrote: »

Yeah articles with no background and the institute refuses to comment on it.
And I did check the website, looks more like scam site.

And depending on what is on your backup, my backup is mostly nothing more than basic config with no accounts setup or anything.

if you don't want to believe them you're responsible for your own ignorance!.
Sounds like an iPhone user saying "my devices is the best and I dont care what you think"


anyway.. this is indeed going nowhere

Nope, not an iPhone owner.. owner of a USB stick using LUKS..!

I agree this is going nowhere, you seem to be trying to score points by trying to disprove evidence which shows that Blackberry device encryption can be broken.. at the end of the day though you're the one who has to go through Customs with it, and the burden of proof is on you to show it is secure, not I to show it isn't (although I have grave doubts on the matter!).

As I said though, this is beside the point, even if they do break the encryption on your backup, you can still face charges in the UK for refusing to divulge your PIN - the entire point of this thread was to avoid you having to be in this situation in the first place...

Deep sigh.

Asmooh

anvilfour wrote: »

Nope, not an iPhone owner.. owner of a USB stick using LUKS..!

I agree this is going nowhere, you seem to be trying to score points by trying to disprove evidence which shows that Blackberry device encryption can be broken.. at the end of the day though you're the one who has to go through Customs with it, and the burden of proof is on you to show it is secure, not I to show it isn't (although I have grave doubts on the matter!).

As I said though, this is beside the point, even if they do break the encryption on your backup, you can still face charges in the UK for refusing to divulge your PIN - the entire point of this thread was to avoid you having to be in this situation in the first place...

Deep sigh.

They need A court order first to be able to access your phone.
Without it they have no right for it, and to get one you need to be a suspect of anything.

They cannot just request access to phones without reason.

Khannie

I've been using full disk encryption and keeping the boot partition on a USB key which I keep with me at all times.

I got some other nice tips which I used on a recent trip to China to put people off attempting physical access.

anvilfour

Asmooh wrote: »

They need A court order first to be able to access your phone.
Without it they have no right for it, and to get one you need to be a suspect of anything.

They cannot just request access to phones without reason.

We're talking about Customs not the regular Police.

See this Canadian man who was arrested and charged for hindering a customs officer by refusing to give up his passcode:

http://www.businessinsider.com/alain-philippon-arrested-for-refusing-to-give-phone-passcode-to-cbsa-agents-2015-3

Also if you'd read the original article I posted instead of shooting your mouth off about how amazing your Blackberry is, you'd have seen it says :

"Several federal courts have considered whether the government needs any suspicion of criminal activity to search a traveler’s laptop at the U.S. border. Unfortunately, so far they have decided that the answer is no.1 Congress has also weighed several bills to protect travelers from suspicionless searches at the border, but none has yet passed."

The article also mentions that the ACLU have sued the US government in the past precisely because the searches and seizures of electronic equipment can be be done without suspicion.

The UK has similar requirements to make sure that people cooperate with Customs passing through their borders... I would suggest you take the time to look this up yourself but based on your track record I'm not optimistic.

anvilfour

bedlam wrote: »

So given that your current argument is you can be compelled to hand over your password the exact same thing can happen to your LUKS encrypted USB.


This has just turned into another "I have a specific threat model made up in my head and I am not going to tell anyone what it is but if you don't agree with it I will post links to prove how superior I am because you don't know what I really wanted a discussion about" thread.


Don't forget you asked



It may not be what you would do but it does not mean that you have to shit on someone else's practices. If you stopped going on the attack against people who don't have the same needs as you we might actually get decent discussions going on here.

I wasn't suggesting that the same thing can't happen to my USB, I was saying that refusing to hand over your Blackberry PIN is hardly the height of data security as you can be punished for the same.

I have hardly made a secret of the threat model here and it's not one I concocted - it's down to the Electronic Frontier Foundation, take it up with them if you think their focus is too narrow - speaking for myself I am happy someone is taking this issue seriously!

As for someone else's practices.. simply refusing to divulge your password isn't the ideal solution. Nor is trying to be smart by saying that you believe your device is secure when it isn't.

As for my USB stick, I didn't want to get into this for fear of being bogged down in technicalities but I actually remove the LUKS header and store it online (it's only around 1MB), before restoring it on the other side. Without the LUKS header, there are no keyslots and most importantly no salt so the drive just looks like random data, just as if it had been wiped. Happy to debate the merits of plausible deniability when it comes to encryption if you wish.


As for a decent discussion, so far I have had one person who tries to argue that because he hasn't heard of this happening ipso facto it won't happen to anyone, next I have someone who thinks that the solution at the border is just to say You can't have the PIN, so ner." It contrasts nothing to the discussion as it simply restates the problem - if you refuse to hand over your PIN, your device can be seized and in some cases you can be prosecuted.

anvilfour

Khannie wrote: »

I've been using full disk encryption and keeping the boot partition on a USB key which I keep with me at all times.

I got some other nice tips which I used on a recent trip to China to put people off attempting physical access.

Hi Khannie,

Thanks for this. Do you mind if I ask how you get the boot partition onto USB? I have tried to do this with Debian and recent iterations of Ubuntu when using the GUI installer but it fails every time.. I only got it working in Lubuntu 14.04...!

Khannie

I'm using Mint. It was fairly straightforward. If memory serves all I did was choose to install grub to the USB drive and have the UEFI partition on the USB drive too. I had to do some fluting with the bios to get it working with secure boot. I'd imagine that's different per machine (e.g. I've a Dell that I think will need secure boot disabled for it to work properly).

Actually I've found it a slight pain in the arse generally, but very good for crossing borders.

I have yet to be faced with someone telling me to unlock a device at a border crossing. Think I'd probably just allow myself get sent home tbh. Stubborn like that.

anvilfour

Khannie wrote: »

I'm using Mint. It was fairly straightforward. If memory serves all I did was choose to install grub to the USB drive and have the UEFI partition on the USB drive too. I had to do some fluting with the bios to get it working with secure boot. I'd imagine that's different per machine (e.g. I've a Dell that I think will need secure boot disabled for it to work properly).

Actually I've found it a slight pain in the arse generally, but very good for crossing borders.

I have yet to be faced with someone telling me to unlock a device at a border crossing. Think I'd probably just allow myself get sent home tbh. Stubborn like that.

Thanks Khannie - out of interest with the Bootloader being kept on USB does your device still appear encrypted? I imagine if you're using LUKS, someone could still see the header and work out you're protecting your data?

I'd love for the entire drive to be filled full of random data so you have plausible denial but haven't worked out how to do this with a Bootloader on USB yet...!

esforum

anvilfour wrote: »

Well if you've never heard of it then it can't possibly have happened. :rolleyes:


http://www.wired.com/images_blogs/threatlevel/2013/03/border.pdf

http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_detained_at_border/

https://nakedsecurity.sophos.com/2015/05/14/warrantless-laptop-seizure-at-us-borders-shouldnt-be-rubber-stamped-rules-judge/

Also a few stats for you c/o our friends at the ACLU:

Between October 2008 and June 2010, over 6,500 people traveling to and from the United States had their electronic devices searched at the border. Nearly half of these people were U.S. citizens.

You can find the original data : https://www.aclu.org/government-data-about-searches-international-travelers-laptops-and-personal-electronic-devices

By all means, take your chances though. I'd rather be certain my data is safe!

p.s You asked how often my data has been searched when going through security. As I mentioned in my post I don't carry a laptop through security any more so my total number of laptop seizures is a big fat zilch. Stop me if this is getting too technical! :-D

Would you say those stats suggest you stand a 100% chance? 10%? 1%? or probable closer to .001% chance. Bearing in mind that JFK alone had 56 million passengers pass through and the USA as a whole had 650 million. THats one in every 100,000 passengers searched by a country that alledgedly contains the strictest visa and security checks in the world.


By the way, when you say your data is safe, what do you mean? Are you suggesting that customs or the police will steal your data? How is letting a security agent look at your USB key damaging your data safety? Is there top secret files on there?

Personally I am all for security staff seeing that I intend to watch a few movies on the plane and maybe play an hour or two of football manager if it reduces the risk of being blown up. Hell, they can check out the weird fetish porn I have stashed away if need be, its about as much concern to me as them looking at my dirty week old used boxers.

I have read a few posts on yours, they always seem to center around the big brother / 1984 paranoia theme

anvilfour

esforum wrote: »

Would you say those stats suggest you stand a 100% chance? 10%? 1%? or probable closer to .001% chance. Bearing in mind that JFK alone had 56 million passengers pass through and the USA as a whole had 650 million. THats one in every 100,000 passengers searched by a country that alledgedly contains the strictest visa and security checks in the world.


By the way, when you say your data is safe, what do you mean? Are you suggesting that customs or the police will steal your data? How is letting a security agent look at your USB key damaging your data safety? Is there top secret files on there?

Personally I am all for security staff seeing that I intend to watch a few movies on the plane and maybe play an hour or two of football manager if it reduces the risk of being blown up. Hell, they can check out the weird fetish porn I have stashed away if need be, its about as much concern to me as them looking at my dirty week old used boxers.

I have read a few posts on yours, they always seem to center around the big brother / 1984 paranoia theme

...Clearly you haven't read many of my posts in that case... I post in several forums on a number of topics! When I posted in the "Toilet Game" thread wherein you describe your last visit to the bathroom using a film title, do you imagine me atop the toilet bowl in a tinfoil hat? :-D

As for the whole "nothing to hide, nothing to worry about" argument, this is conversation I've had too many times, you can see Moxie Marlinspike blow it out of the water here... http://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/

Of course if you don't feel there's any need to keep your data safe, no one is asking you to hang out on the Information Security section of boards! Walk around naked with your curtains open and your credit card number tattooed to your forehead for all I care, just don't expect the rest of us to join you.

liamo

The answer, to my mind, depends on the nature and sensitivity of any data that you might be carrying, the likelihood that it might fall into the possession of those you may not wish it to, and the consequences of that adverse possession.

Given the varying powers that some countries have (and do exercise) regarding seizing hardware, copying devices, demanding keys, etc, in some cases perhaps the safest thing is to carry no data. Instead of trying to hide, obfuscate, encrypt or otherwise put it beyond reach of the authorities, if there is no data then there is nothing to hide.

One recommendation that I've come across is to travel with a "clean" laptop, while a VPN and a Remote Desktop connection to a device in the home country could allow you to accomplish your work. I do understand the inconvenience that might accompany this.

Alternatively, data needed for local work can be downloaded once past any border controls and securely deleted before travelling again. Of course, depending on the area of travel, you may be compelled to hand over the device and reveal any keys at any time within that jurisdiction.

I don't think there's a single solution to this problem. It probably needs to be tailored to the data and the jurisdiction.

anvilfour

liamo wrote: »

The answer, to my mind, depends on the nature and sensitivity of any data that you might be carrying, the likelihood that it might fall into the possession of those you may not wish it to, and the consequences of that adverse possession.

Given the varying powers that some countries have (and do exercise) regarding seizing hardware, copying devices, demanding keys, etc, in some cases perhaps the safest thing is to carry no data. Instead of trying to hide, obfuscate, encrypt or otherwise put it beyond reach of the authorities, if there is no data then there is nothing to hide.

One recommendation that I've come across is to travel with a "clean" laptop, while a VPN and a Remote Desktop connection to a device in the home country could allow you to accomplish your work. I do understand the inconvenience that might accompany this.

Alternatively, data needed for local work can be downloaded once past any border controls and securely deleted before travelling again. Of course, depending on the area of travel, you may be compelled to hand over the device and reveal any keys at any time within that jurisdiction.

I don't think there's a single solution to this problem. It probably needs to be tailored to the data and the jurisdiction.

An intelligent and cogent summary, thank you liam!

My only issue travelling with a "clean" laptop is that it would be fairly easy for the authorities to realise what you're up to. I suppose if you're going to a country with fast, uncensored internet it wouldn't be an issue redownloading your files but I think you're right, you should really ask if you genuinely need to take the info with you.

In my own case I try to keep it to a bare minimum - my password manager and a few essential documents. Larger files I leave at home. Any photos/videos I take go onto the USB stick, I upload them only when I get back.

esforum

anvilfour wrote: »

...Clearly you haven't read many of my posts in that case... I post in several forums on a number of topics! When I posted in the "Toilet Game" thread wherein you describe your last visit to the bathroom using a film title, do you imagine me atop the toilet bowl in a tinfoil hat? :-D

As for the whole "nothing to hide, nothing to worry about" argument, this is conversation I've had too many times, you can see Moxie Marlinspike blow it out of the water here... http://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/

Of course if you don't feel there's any need to keep your data safe, no one is asking you to hang out on the Information Security section of boards! Walk around naked with your curtains open and your credit card number tattooed to your forehead for all I care, just don't expect the rest of us to join you.

didnt address my questions at all

Blowfish

liamo wrote: »

Given the varying powers that some countries have (and do exercise) regarding seizing hardware, copying devices, demanding keys, etc, in some cases perhaps the safest thing is to carry no data. Instead of trying to hide, obfuscate, encrypt or otherwise put it beyond reach of the authorities, if there is no data then there is nothing to hide.

One recommendation that I've come across is to travel with a "clean" laptop, while a VPN and a Remote Desktop connection to a device in the home country could allow you to accomplish your work. I do understand the inconvenience that might accompany this.

Alternatively, data needed for local work can be downloaded once past any border controls and securely deleted before travelling again. Of course, depending on the area of travel, you may be compelled to hand over the device and reveal any keys at any time within that jurisdiction.

That's what I tend to do, if I'm travelling the most sensitive thing on my laptop(s) is usually save games from whatever Steam Games I have installed.

Saying that, when heading to Defcon last year, I had 3 laptops a tablet and a phone, yet breezed through the airport on the way in and only got stopped on the way back because the TSA guy wanted to compliment me on my Hack Naked t-shirt.

anvilfour

esforum wrote: »

didnt address my questions at all

Actually I addressed all of them please read the post. Again, I ask you if you're not concerned about keeping your data safe, what the actual fook are you doing in the Information Security section of boards?

p.s I realised in fairness that I didn't specifically address your question about the chance of being searched at the border given that the EFF mentioned 6,500 people being searched. What you need to realise is that this is one small survey taken of American businesspeople. The number of people searched could well be higher. If like me you are currently crossing over borders multiple times, you're throwing the dice each time - by all means take your chances though, just don't expect everyone to join you in being subjected to arbitrary search and seizure!

anvilfour

Blowfish wrote: »

That's what I tend to do, if I'm travelling the most sensitive thing on my laptop(s) is usually save games from whatever Steam Games I have installed.

Saying that, when heading to Defcon last year, I had 3 laptops a tablet and a phone, yet breezed through the airport on the way in and only got stopped on the way back because the TSA guy wanted to compliment me on my Hack Naked t-shirt.

Do you Hack Naked? :-D - That said I imagine if they searched everyone on their way to Defcon surely it'd take days?

Head The Wall

Based on the links you provided it sounds to me like people that are already on watch lists or have priors get targeted. If that's the case then it's not all that strange that it happens.If you are up to something nefarious then you should be smart enough not to be carrying data that will get you in trouble.

I see this as being slightly similar to them profiling people for drug searches eg, single guy in Columbia for 3 days on his own or someone on a watch list for a reason then they'll both get pulled aside

The big question is why do you think your data is so valuable that customs will want to access it, usually people go to an effort to hide things for a reason. If that's not what you're at then you just come across as someone looking to start an argument or movement about this

Into The Blue

Speedwell wrote: »

but I'm not an "international man of mystery", I'm just a garden-variety business analyst.

That's exactly what an International Man of Mystery would say

anvilfour

Head The Wall wrote: »

Based on the links you provided it sounds to me like people that are already on watch lists or have priors get targeted. If that's the case then it's not all that strange that it happens.If you are up to something nefarious then you should be smart enough not to be carrying data that will get you in trouble.

I see this as being slightly similar to them profiling people for drug searches eg, single guy in Columbia for 3 days on his own or someone on a watch list for a reason then they'll both get pulled aside

The big question is why do you think your data is so valuable that customs will want to access it, usually people go to an effort to hide things for a reason. If that's not what you're at then you just come across as someone looking to start an argument or movement about this

I don't want to sound contrary old fellow but I think it would be a pretty poor show for people to start talking about the kind of information that they want to keep hidden. After all, if I asked you to tell me your secrets, it wouldn't be a secret any more..!

This is aside from the fact that data which appears to be innocuous enough to you, may be interpreted as something more by the Police (See the "Don't talk to Cops" video if you're in any doubt about that.)

The EFF article is fairly broad in its scope - of course some people who are targeted by intelligence agencies and Customs are criminals who are trying to conceal their activities. Others still are innocent people trying to maintain their privacy in an environment where you can subjected to arbitrary search and seizures.

Of course if you or anyone else wants to start a thread called "Why should we bother" on the basis that you don't think you'd ever have any information you want to keep private, you're welcome to do so - but again I'd have to ask why you're commenting on the Information Security section of Boards in the first place?

anvilfour

Into The Blue wrote: »

That's exactly what an International Man of Mystery would say

...or have THEY got to you too? :-D

anvilfour

esforum wrote: »

I have read a few posts on yours, they always seem to center around the big brother / 1984 paranoia theme

Dear esforum,

Since you were so upset that many of my posts in the Information Security forum seem to centre around the theme of erm... keeping information secure, I have been contributing to a thread in "Animals and Pet Issues" for people to share pictures of their own pets.

I hope this serves to reassure you. ;-)

As for the rest of us, if anyone can improve on the advice offered by the Electronic Frontier Foundation, would love to hear what you have to say.

Update :

I have also started a thread for people to share their fond memories of eating polo mints. Also a thread where people can share their favourite elevator music. Finally a thread about a postcard of a village post office in Kent, on which I'm currently bidding on eBay, as well as some useful tips for those thinking about training to be a human cannonball.