Encrypt the data (probably easiest way is to use encrypted 7z archive), memorize the password, upload the encrypted data into any cloud storage (e.g. Google Drive) and don't care about disclosing anything on your devices.
For work data such as the lawyer in the article I would recommend go one step further and not having the password in the first place. You can achieve this by for example having the server admin at work remotely unlock the device at request, have hardware tokens at trusted locations, or software that provide similar effect. No amount of $5 wrench or legal threats can change the situation as it not in your hand to give them access, and you can helpfully give the path forward for the officers to follow. Even better if you have a written company policy with you which spells out that employees don't have capability to unlock devices during travel.
For confidential work data, unless there is a reason it needs to be used disconnected from the internet, it would be better if it was simply never on the laptop at all. The workplace could just use virtual desktops that never leave the company’s IT infrastructure, but are remotely logged on to from whatever device users need to work from.
How 5 dollar wrench won't work in this case? Isn't administrator going to follow his order, so he can made to call the administrator and reset keys etc..?
The value of the trick is just in pushing access control outside the situation.
Border services generally have extensive but constrained powers - in the US, they're limited in how far from a border they can exercise authority. So they don't get to arrest the administrator directly, or go and confiscate an access key sitting in Edmonton. They can still demand that whoever is at the border arrange for unlocking, and can probably seize the device if they're refused. But the threat "we'll lock you up until you open the device" is potentially legal, while "we'll lock you up because as a hostage until somebody else opens this" has far less merit. (Obviously, none of this applies if you go someplace where actual hostage takings might happen.)
If the administrator says "I need physical access to unlock that" or "our firm's policy says I can only open devices once they're at one of our offices being used for billable hours", there's no one handy to apply the wrench to. At that point, confiscate-and-image is as much access as anyone can hope to get.
This assumes you can get the wrench close enough to the admin. If they are in another country, one that is outside of your jurisdiction you'll have a hard time applying your wrench.
The usefulness of this "trick" relies on not having the _data_.
They aren't going to hit me with a wrench for the decryption password to a cloud-stored blob that's not on the device (and ideally, one they don't know about. Remember the password and the location of the data. Remember to secure-delete it from your device though. There should be an easy "prep for border crossing" checklist that includes this.)
Like, leave a private key at home and encrypt your drive with the public key before crossing the border? Yeah, at that point you are powerless to do anything until you are at home.
But what's the difference? The end result is the same: your device(s) are confiscated and they attempt to brute force the password. Telling an officer that you cannot give them the password because you did some techno-mumbo-jumbo is just going to piss them off and make them assume you have "something to hide" because "no honest person would go to those lengths".
Yes. This thread is full of people proposing inventive technical solutions to genuinely prohibit your own access to the device while you're going through customs, as if border patrol a) knows the difference and b) gives a damn. These are all functionally equivalent to "Um, I forgot my password." (Or, if you wish for a more plausible but equally ineffective excuse, "This is actually my mother's laptop; I'm bringing it to her and I don't know the password.")
If an LEO (claims to) need access to something and you give him a dead end, it's his job to assume you're lying and find the next legal option available to him.
The real question you should be asking yourselves isn't "How would you outsmart the caveman cop in this situation?" Rather, it's "What can/will you do, as a citizen, to resist the erosion of our civil liberties?" Sadly, I have no easy answers here.
> it's his job to assume you're lying and find the next legal option available to him.
Not sure where you live, but in the US it's actually his first and foremost responsibility to uphold a constitution that says that people are free from unreasonable searches and seizures.
Well, in a country with a for-profit, for-"performance" law enforcement system, where prosecutors are paid by how many people they put in jail and cops are paid by how many traffic tickets they write, do you really think some paper from 1787 is going to have much influence on a TSA agent if their paycheck depends on sorting out as many "bad guys" as possible?
The Canadian constitution (specifically the part of it called the Charter of Rights and Freedoms) guarantees the same right, however, constitutional rights in Canada are granted only up to "reasonable limits". Those limits are determined by the Supreme Court.
You're right. I missed an important part of the comment I was replying to: you need to say something about "company policy" or "company lawyers", now you're playing in the both the social and technical realm.
Nothing justifies an honest person going to great lengths to do some weird thing quite like "company policy".
Nothing makes officers think twice like the mention of lawyers backed by Apple / Google levels of money.
This only works if you trust egress border crossing more than ingress. Otherwise you might as well not bring your laptop along in the first place as it'd be an encrypted deadweight.
This action can be flagged as suspicious as well, triggering a deeper investigation into the traveler.
It's not always feasible, but the most secure way to protect clients'/employers' data is to encrypt the laptop and phone and ship to your destination via standard shipping services, then ship them back the same way before leaving for home. Carry a well used but non-critical burner laptop ($50 Chromebook off Craigslist) and/or phone ($20 Walmart smartphone) with you that won't wreck your world if it's confiscated and searched. If it is seized, take your receipt and go on about your business. When you get to your destination your actual devices will be waiting for you. You can safely forget about the burner devices.
Your advice to mail ahead your secure computer is not good. Mailed electronics are just as susceptible to search, if not more so, as what you keep with you.
I think the reality we have to grapple with, regardless of rights violated, is that if you want to cross a nation border, it's best to assume that all nations involved will end up with a copy of all the data (hopefully encrypted) you move across that border. In the face of that scenario, how do we proceed?
Unless you are under an active investigation, the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border.
Still, if you are paranoid enough you can mitigate the danger of your data falling into unsecured hands (at the border or by mail intercept) by using an encrypted shadow volume:
> the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border
Isn't "mailing a laptop" now counted as sending dangerous goods, due to the battery?[0]
If so, the chances of it being subject to interception and/or search might well be far higher than someone just carrying a laptop in hand luggage across an international border.
I've just had a look on my favourite parcel shipping site and found this wording in their terms:
> RESTRICTED ITEMS
The following items are deemed unsuitable for shipment by our services, and are therefore restricted. Any of these items being sent may result in surcharges, delays or confiscation by authorities where appropriate. No damage cover is available with these items:
> [a long list of stuff, including laptops]
So, who here would be happy to ship their laptop internationally without damage cover?
It's much easier for a policeman to demand the password to decrypt data when he has you in custody at customs than when it is searched by the mailman.
You're confusing "not perfect" with "not good". There's an old saying: when outrunning a bear, you don't have to be the fastest guy, you just have to be faster than the slowest guy.
> It's much easier for a policeman to demand the password to decrypt data when he has you in custody at customs than when it is searched by the mailman.
is that really true? I would expect that they can just perform hardware tampering when you're not present when searching in mailed items, but given that customs might use racial profiling to target you at airport, you may be better off mailing the computer securely, such as using tamper-proof or tamper-evident stickers/bags.
Dragnet demanding your password at the border is something we know they do - there are loads of witnesses saying they were asked for passwords at borders. Dragnet hardware tampering of electronics in the mail is not something we know they do.
I've only seen two articles claiming evidence of physical tampering - like a hoax about Dell from 2005 [1] and Bloomberg's dodgy story about spy chips from last year [2] - neither of which seems truthy, and neither of which involved mail interdiction.
(Of course, it's widely suspected mailed hardware can be tampered with, but most of the claims/speculation I've read has been about targeted tampering, not dragnet)
>I would expect that they can just perform hardware tampering when you're not present
On what legal authority?
The border search exemption is about searching, not tampering.
The issue is more that border agents are taking advantage of a law written before the age of computers to use powers the founders probably never intended.
I seriously doubt that there's any legal basis to bug a computer just because it was shipped internationally.
So if the threat model is being asked for your password, not being present when the device crosses is a good mitigation.
(If you've done enough bad things they government is targeting you specifically, YMMV)
> Unless you are under an active investigation, the chances of your mailed laptop or phone being intercepted and searched are far, far less than if they are on your person at the border.
Inbound international mail is also subject to search by customs, that doesn't just happen to stuff the owner carries across the border.
> most secure way ... encrypt the laptop and phone and ship to your destination via standard shipping services
Absolutely not. Any time your hardware is physically out of your control is a time when someone could install a hardware keylogger or replace your ethernet card with one that exfiltrates data or whatever.
The most secure option is to travel with an encrypted hdd/phone on you with no way to decrypt them, and separately acquire the private key (e.g. via shipping a secure hardware token which is made to be tamper resistant to a trusted friend at your destination).
If the devices leave your control for more than a few minutes, consider the hardware compromised and never unlock them again.
Laptops simply are not made to be highly resistant to an attacker with physical access, whereas hardware keys are, so it's not a good idea to ship them.
If you do ship them, you'll have to do a physical examination for suspicious hardware at your destination, (as you presumably did when you first received them if you're that paranoid), and it's damn hard to find a good lab for that in some countries.
Your advice is good as a way that's secure for most people's threat models, but it is a far cry from being the most secure solution, and I'd argue it's much less secure than simply carrying them with you.
Carry a computer with encrypted data but don't use it; remove the hard drive to copy the data to another computer in order to decrypt the data with the separate key. Discard the old hard drive and old computer afterward.
Do not use a single key; require several keys that are with different people, combined only in the way that you know how. Ensure the people are present to notice if the police try to come in.
By paraphrasing my comment as you did, you avoided the point I was making. What I proposed is the easiest and most secure way for a normal traveler not already under suspicion to avoid losing/exposing potential client and employer data to a foreign government during a border confiscation. By no means is it 100% foolproof and I never claimed it was. As I said elsewhere in the thread, if you're already the subject of an investigation your mailed package will be intercepted, but that's an entirely different conversation.
In short, the scope of my comment was avoiding a border seizure during travel, not 100% securing your devices from being compromised, which is an impossible goal short of just not using any devices, period.
>This action can be flagged as suspicious as well, triggering a deeper investigation into the traveler.
Whenever I travel internationally on business and need a laptop, I'm required by company policy to bring a laptop freshly wiped by IT instead of my normal laptop.
Or just set up a rental service for overseas computing. Good thing about non-programmers is they don’t need three days to get 300 pieces of software installed and configured on a new machine.
The problem here is knowing where all the files are. Are you sure you could list all the places eg ms word stores cached copies of your document? And that you’d be able to overwrite the data from copies that have since been unlinked from the filesystem?
Encryption is a better solution, always. It’s easier to forget a passphrase and render the key useless, especially if you’re using a SSD where the controller has no obligation to actually overwrite a cell that you’re trying to shred.
My understanding is that shred hasn't been reliable for many years now due to smarter and less predictable firmware in modern storage devices. Basically, you can't trust that your SSD deleted the data it said it did, or that it writes data to the place you told it.
So far as I know, wiping free space is a feature that has been available for many years in free utility suites and even recovery software (CCleaner, etc). I believe it's also directly available in Windows' Disk Cleanup utility; on Linux you call just use dd to fill the disk. This isn't as secure as a multiple wipe, but it can also be done multiple times; on Linux you can alternately use tr or some such to tell dd to write ones instead of /dev/zero.
Wiping free space doesn’t wipe the original location of a remapped sector. AFAIK, nothing will short of low level format, which you can’t do these days.
I'm not sure if it's feature of all modern SSD or Samsung ones, but I know that those SSD use AES internally for all data (not for encryption specifically, but because they need random bits for better storage and encryption is just a bonus). User usually does not deal with it, as it's handled in firmware, but BIOS have the option to securely erase the disk which just generates new key instantly and then, obviously, it's not possible to recover any data from old sectors.
Discover that your password has ended up in a swap file one day and hasn't been overwritten, and chrome left you logged into Google drive. I wouldn't trust this approach not to fail by accident.
Let the computer you used for encryption and uploading at home.. Take an empty/new notebook/smartphone with you to show at the border?
edit: place a big random data file, which looks like encrypted data on your alibi notebook. Refuse to give password and let the government lab try to find the password..
> Let the computer you used for encryption and uploading at home.. Take an empty/new notebook/smartphone with you to show at the border?
This is certainly safer, though maybe not possible on the return trip (where you're returning from someplace where you only have access to your laptop). If you need to be this careful, maybe it's best to do your work after livebooting into tails or something like that.
> edit: place a big random data file, which looks like encrypted data on your alibi notebook. Refuse to give password and let the government lab try to find the password..
Am realizing that not so long ago, saying that entering a democratic nation was riskyer if, just a few seconds before customs, you had entered in a command line:
head -c 1000000000 /dev/urandom | openssl enc -aes-256-cbc -a > risky.1Giga.file
would have been considered tin-foil-hatty, and now we're just getting use to it
> don't care about disclosing anything on your devices.
I'm not sure this is good advice. I think it's almost certainly better to have an unblemished record of assertion than a mixed record of assertion and acquiescence. Surely the latter appears far more suspicious.
I don't know about the US, but here in The Netherlands the technical cops are aware of cold boot attack. As a lawyer crossing a border you should use a device with a secure enclave, and have the device off. Or better: don't cross the border with your device.
Wouldn't it just make more sense to keep all the data encrypted on a cloud service and not travel with any of the data physically? One step further would be to not travel with any devices at all, and just purchase something after crossing the border.
That’s the idea behind 1password’s travel mode. Ostensibly you could do that for an entire device, but the easier you make it for yourself, the easier it is to write legislation saying you have to undo what you did. (Depends on the various jurisdictional constitutionalities of that kind of provision, but still.)
Rather than an encrypted archive, would an encrypted, hidden partition not work better? Anything sensitive goes on there, have it unmounted and invisible, leave the rest of the system as is let 'em login and search what they see.
Unless that disk had a low-level factory wipe afterward, some amount of that data will still be on the disk somewhere, and law enforcement has all the tools needed to recover it.
This post is about western countries. The vast majority of western countries will not literally torture you to death, in order to get rando citizen's phone passwords.
Encryption works great for this usecase, that almost everyone in this thread will be using it for.
People being tortured for their personal phone password by a rando border guard in basically any country, just isn't something that happens, despite what the internet memes would lead you to believe.
Even in supposedly bad countries, I really doubt that this "attack vector" is something that happens frequently.
How long can you be detained? And under what conditions? More than a few hours will get the vast majority of people cooperating. I suspect they could detain you for 24 hours, or even several days, but I don't know what the legal limit is for detaining a citizen at the border of their own country.
And for quite a lot of other people, even not being personally detained, but having to acquire new devices is inconvenient enough to compel cooperation. Who wants to buy new devices? Who has a need for two sets? It'd only be a cost of business for someone who does a decent amount of traveling and has confidential information to protect.
But then, that's a trap too because why should people need a reason? Why are only people with business/legal confidential information a protected class?
> How long can you be detained? And under what conditions
The answer is not very long. I'd call "a couple days" to be not a big deal, and not at all equivalent to being tortured to death, like the person I was responding to was implying would happen.
So yes, encryption does work, and all that will happen to you is that you could be moderately inconvenienced.
But even that I would expect to be rare. Most border security would just look at your computer, or whatever, not find anything on it (because the thing you show them just looks like an empty computer), and move on their way.
The narrative that I was responding to was this idea that technology solutions can always be bypassed, by torture or something, therefore technology solutions are worthless. And that's just not true.
An extremely effective technology solutions to an incompetent border guard that is interrogating you is for all your devices to just appear like there isn't anything on them, like a new factory default computer that you just bought.
A guard will just look at that, not see anything, and then move on to the rest of his crappy job.
> . Say 5 hour detention then they ask again. Then detention again. Repeat.
Ok, and does this happen in real life?
The answer is no. It does not. In almost any western country in the world, the low paid border security guards are not detaining people in mass for days on end.
This stuff just isn't really happening to any large degree.
The example you gave was of someone who was suspected of murder.
The amount of people who are in the population of "people suspected of murder, and are jailed for not giving up their password", is a very small population size.
So as long as the government makes a pinky promise to never use their power elsewhere it's okay? Think at least a little about the future. They might be doing it now for a good cause, but how long is that going to last? There's nothing stopping them from jailing anybody who refuses to give up their password, because what's jailable is the act of not giving up your password.
> So as long as the government makes a pinky promise to never use their power elsewhere it's okay?
I never made any claims about what is or it is not OK.
The only claim that I am making is that this whole "XKCD wrench meme" is dumb, and that encryption actually works really well for the vast majority of people in the vast majority of usecases.
That's all. Encryption works, and you are not going to be tortured, or locked up forever, because you refused the order of a low paid border guard.
Such situations are extremely rare, and it is annoying that people keep bringing them up when they basically don't happen to anyone.
the parent isn't saying to encrypt your drives, they're saying to encrypt your data and store it separately from your computer - essentially treat any devices you're carrying across the border as compromised before you even reach the border.
If I'm understanding vbezhenar correctly, the implied step after uploading the encrypted file to a cloud storage service is to securely delete it from the computer you're carrying. Then, the authorities won't know that there is anything to beat out of you with their $5 wrench.
Yeah, but you still get beat with the $5 wrench. And if it was going to work in compelling you to give the password, it will still be pretty effective getting you to provide access to the cloud storage and the encryption password to it.
A couple of people would get beaten with the wrench the first few times it happened, but after a few weeks and a few high profile cases from Fortune 500 employees of "my CIO is the only one with the key", they'd move on to other targets or other methods.
I'm not saying any of this is likely. But, as the topic was raised, if they break you and you start talking, you will volunteer the information. They don't need to know before hand.
That said, the most practical scenario here is to keep your important files secured somewhere else, cloud or elsewhere, and when they ask you to unlock your phone or laptop you say "Sure!" Because there's nothing to find and you're compliant and helpful so they quickly let you go after a proforma search.
Yeah, there is no James Bond outside the books and screen. But thermorectal cryptanalysis is out there and still beats most of cyphers with ease. And it's not letal!
But it will not work if you do not know the password. (It can also be time locked with false data; they don't know whether or not it is the real data.)
Sounds like this lawyer arrived at the same plan I did:
Refuse the request, file a lawsuit, and contact the media when released to shame the government that saw fit to violate my rights.