Confiscation of laptops entering the United States.

23 January 2007

Just when you thought travelling by air couldn't get any more harrowing, along comes confiscation of laptop computers when re-entering the United States. Some are never seen again; from anecdotal evidence, the hard drives are imaged for analysis. US Customs has the authority to detain people carrying portable computers and confiscate the hardware without giving a good reason, or any reason at all, for that matter. The matter of what, exactly, happens to proprietary information contained therein (encrypted or not) is still up in the air. The standard advice here is to encrypt any sensitive data, but if the folks looking over your laptop are reasonably intelligent, they'll put two and two together and demand that you turn over your keys and passphrases so they can examine the data. This is already law in the UK, and at some point the US is going to do the same thing if they can. I don't have any good advice to give here, I'm afraid. As I said, if the people looking over the contents of your laptop discover that you do have some encrypted information on the hard drive, they're going to demand the keys and passphrases to the encrypted data, and the way US law is going, they could put you in jail (or worse, declare you an enemy combatant) until you decide to cough up the data they need. My first thought was to use public key crypto (ala PGP) to encrypt sensitive files on a laptop, but only keep the public key (not the private key, which is used to decrypt the data) on the laptop. That way, if they did decide to ask you about the encrypted files you had, you honesty would not be able to give them anything useable for decryption. On the other hand, I doubt that the folks working at points of entry into the US understand how public key crypto works, and would continue demanding that you decrypt the data until doomsday; unable to do so, you'd be effectively screwed nine ways from Sunday. Seeding decoy files on the hard drive would go over about as well as claiming that you had smuggled a gun onto an airplane. If the files were large enough you could probably hide encrypted data inside collections of .mp3's or other graphics files ('corrupted files', to be deleted later), but that begs a serious question..

I'm a hardcore proponent of privacy and cryptography - regular readers know this. But is it really worth such an amazing amount of effort for privacy? It would actually be easier to just not put anything even personally sensitive on your laptop when you go travelling. It would be a better use of your time and energy to back up and erase the personal data on your laptop, overwrite the empty space on the drive (there are excellent documents on the Net - look up secure deletion), and be done with it.