whirledtraveler

http://www.washingtonpost.com/wp-dyn...l?hpid=topnews

MikeMpls

This isn't just a laptop search ... This is hacking into 3rd party databases with pirated passwords.

Also note that Ms. Udy's laptop was seized as she was flying from the U.S. to London.

muddy

I really got my hopes up when I saw the thread title. But unfortunately this lawsuit is just to Regretably, the 9th circuit court has already said that CBP can freely rummage through your computer at the airport when you are traveling internationaly on their whim.

studentff

Even just shedding some light on the policies might provide an avenue for actions against non-policy and abusive actions by CBP.

Say what you will about border searches of laptops, but deleting files, not returning confiscated property for months or ever, and so on, are probably not sanctioned policy.

kyklin

AFAIK, 'reasonable suspicion' still applies to searches, including electronic, and although the Ninth Circuit court has not ruled on US v. Arnold, people are speculating that the court may side with the government on this one.

Deeg

Border searches generally do not require any level of suspicion whatsoever. In fact, a large number of them are entirely random. There has been a court case or two that require reasonable suspicion for seaches of laptops, but it's not well-established. Things like reasonable suspicion only come up for what are called non-routine searches, i.e. searches that extend beyond non-destructively going through your belongings.

bocastephen

As mentioned in another thread, there are products out there that will boot to an empty Linux or Windows partition if you enter one password (when being searched), while booting to the normal partition if you enter the correct password. If you're concerned about these searches (by US or foreign officials), I suggest you install and use them.

All data should be encrypted by PGP, although the government is said to have a backdoor to the algorithm, making it likely they can eventually 'hack' your password - but it would still take them a long time. All encryption products sold legally in the USA (and other countries have their own requirements), must provide some information on the algorithm to the government.

What I'd like to see is some bright kid hacking the PGP model, changing the algorithm to something slightly different, adding some extra bits of encryption, then selling this new 'illegal' version through the Internet. That would

If they seize your laptop and hold it because you refused to disclose the password, you may need to hire a lawyer to file for the return of your property...depending on the cost of the laptop, it might be easier to let it go and buy a new one, restoring from the backup you should be making at all times.

studentff

Really? Even for domestic sales (or free distribution)? Could you please provide a citation, I'm genuinely curious?

I'm aware of the past (and some present) issues with exporting encryption, but don't see how a registration process on distribution encryption tools domestically could be enforced. An extension of the govt.-registration idea is what killed Skipjack.

Actually, I'd rather not. I have a great degree of faith on symmetric-key encryption algorithms that have been vetted through public/academic peer-review (and continue to be tested more over time). E.g., AES or any of the AES final candidates (twofish, serpent, etc.).

I'd risk a lot on the unbreakability of these algorithms over a reasonable period of time (using max-size, randomly-generated keys, not low-entropy human-readable keys) even by well-funded western governments. Barring some breakthrough in computing of course.

But proper implementation of those algorithms is critical to achieving any real security, and tweaking the software or algorithm is much more likely to reduce security than increase it.

bocastephen

I did some further checking, as it's been awhile since I was involved in the debate over this product - apparently the measure to force a backdoor and key escrow on encryption products was, at least temporarily shelved - officially. Unofficially, there are still plenty of concerned users who feel that these products have either given the government a key escrow, or the ADK feature has been used to exploit a weakness and generate a backdoor key.
.....

Assuming no backdoor or key escrow exists (this topic is still under debate, though), I'd agree with you. However, many of the top encryption companies are government vendors or participate in the commercial market - if someone was to take existing technology, customize the algorithm slightly to bar any threat of backdoor/key escrow risk, and pump up the encryption bit level to 256 or even 512, it would make that product truly unbreakable by anyone.

The whole Clipper Chip threat is still out there - and that product will certainly include a built-in backdoor for the government.

goaliemn

This is one of the key things about PGP and trucrypt. They use algorithms that are in the public domain. Their strength doesn't depend on the algorithm being secret. The strength of the encryption is based on the math done by the algorithm and the strength of the key used.

You can find the algorithms and the formulas in their entirety online by doing a search for the encryption types.

mbstone

As one Slashdot poster recommended, carry lots of CDs/DVDs with random data for them to attempt to decrypt, just as some travelers carry a fake wallet to deter robbers. Carry the CDs/DVDs next to your stash of oregano.

Superguy

Just because the algorithm is published doesn't mean that it's insecure or that there are backdoors.

The algorithm for AES, arguably the most secure encryption algorithm, is widely known but hasn't been cracked yet. You have to know the key in order to break it. If the key is compromised, it's fair game.

It hasn't been brute forced yet. It would take trillions of years with a 128 bit key to brute force it, and 256 bit keys are commonly used. I haven't been able to find any evidence that AES has been broken by other means.

http://www.nist.gov/public_affairs/releases/aesq&a.htm

With the publicity of the algorithm, if there were a back door, it would have been blown open a long time ago. Especially if it was created by foreigners like AES was.

Super

Loren Pechtel

There are days I've been tempted to make a folder under "My Pictures" labeled "Kitty Porn"--and filled with exactly that: Pictures of cats having sex.

Spiff

Proud EEF supporter here.

whirledtraveler

This in particular is unconscionable. The CBP may have the legal authority to search you, but they have NO authority to search equipment that is not with you. At least, that is my understanding. It would be the equivalent of having the authority to search your friend's house because you presented yourself at the border.

Lawyers? Chime in?