Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices

[6853395]

Here are two documents pertaining to Keeping your data safe at the US Border with regards to devices, etc.

1. How to keep your data safe at the US border
2. Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (PDF)

Informative reading and highly recommended if you travel with a computers and have any type of digital data or media on you.

 

I've combed through the documents and if you're an informal user, the following are what I find to be the salient points:

• Cloud Computing
• Clear History and Cashe
• Secure Empty Trash

Also, you practically have no rights at if they want to search your data.  They can inspect anything and confiscate your items.  Being uncooperative, including to provide passwords to open computers, can be used against you.

 

Prepare ahead of time before entering, or re-entering, the US Border. 

[philobert]

The question that comes to mind is, "what might you have on your computer that would cause a problem?"

 

just curious. but I don't think a few pictures of boobs and such can cause that much harm

 

 

(I did not read all of the material.  next to do.)

 

cheers

 

bert

[6853395]

Bert, I would recommend reading the 25-page document.

 

(I did not read all of the material.  next to do.)

 

There's no question you could possibly have that's not in there.

 

As for what, my view is better play is safe than sorry and when in doubt, leave it out.  Cloud file storage is easily accessible these days.

 

I would definitely get this off your ToDo list before your next departure or re-entry.  Start putting things you need in the cloud now.

[rainman333]

what are some good secure delete programs for windows 7? thanks

[s77656769]

My policy for border crossings is simple.  Backup to the cloud and wipe the devices.  Restore when back home.  If you have too much video / photos when you are going to have trouble getting this uploaded tho.

 

I just take my phone, and have a clean backup that I restore after I wipe things.  The wipe for my phone is fill the various partitions with random data, then make new file systems.  Media cards I delete everything, make a new file system, and fill with random data.

 

I also have an email address that I can put on customs forms if I can't avoid it, and is the same one I use for travel bookings so it matches the airline data.  I don't use that email address for anything else.

 

This is a rather extreme, but it is the best I can conceive, and I have a rooted android phone because that is what I need to achieve a full wipe.  Full wipe is a PITA tho.

[sundapp]

Except daddy USA can monitor everything you upload to the cloud. Don't you guys read the news these days ?

[Hockeydude]

Here are two documents pertaining to Keeping your data safe at the US Border with regards to devices, etc.

1. How to keep your data safe at the US border
2. Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (PDF)

Informative reading and highly recommended if you travel with a computers and have any type of digital data or media on you.

 

I've combed through the documents and if you're an informal user, the following are what I find to be the salient points:

• Cloud Computing
• Clear History and Cashe
• Secure Empty Trash

Also, you practically have no rights at if they want to search your data.  They can inspect anything and confiscate your items.  Being uncooperative, including to provide passwords to open computers, can be used against you.

 

Prepare ahead of time before entering, or re-entering, the US Border. 

 

I know the NSA is creapin' in on everyone's privacy, but I've never even thought to try and "protect" my data entering the country.  Who the hell would actually ask to look on my phone or computer and why?

[Taeng Mo]

so , what do you Guys do to prevent illegal Aliens?

[s77656769]

Except daddy USA can monitor everything you upload to the cloud. Don't you guys read the news these days ?

 

Good encryption before upload if you are that way inclined. You could also use a private cloud you maintain and secure. Use different user ids between traveling and normal use, so user ids collected by travel companies and border control are different from your normal id, or ids.

 

The point isn't total privacy, but to avoid carrying data that is subject to search at the border, and the best way to avoid them finding anything is not to have anything to find.

[s77656769]

I know the NSA is creapin' in on everyone's privacy, but I've never even thought to try and "protect" my data entering the country.  Who the hell would actually ask to look on my phone or computer and why?

 

Border control agent do it all the time, certainly in many western nations. They look for incriminating photos and data. Just the wasted time can cause you to miss a connecting flight, our even more hassle is if they decide to retain your computer for later analysis, so you might get it back in a few months if you are lucky.

[altec123]

The government can break any encryption and if you upload thing to a "cloud" via the internet they can get that to.  The best thing to do is to not have anything illegal on your computer.  They do not care about porn as long as it involves adults.  Give them the passwords if they request them and cooperate.  Give them any reason to suspect that you are hiding anything or being cute and kiss your computer, phone or whatever goodbye.  

[Capna]

Border control agent do it all the time, certainly in many western nations. They look for incriminating photos and data. Just the wasted time can cause you to miss a connecting flight, our even more hassle is if they decide to retain your computer for later analysis, so you might get it back in a few months if you are lucky.

 

What you're describing is a worst-case scenario, not the "all the time" scenario.  I've been through customs dozens of times, I've had my vehicle searched a few times, but computers never.  I'm not saying it doesn't happen because Customs and Border Protection is within their right to search, but it's never happened to me, and I've never seen or heard of it happening to anyone I know.

 

It's legal to produce, perform in, and keep pornography, assuming your models are over 18, and pornography production is not considered prostitution.  However, strangely, importing pornography is illegal, so it's best to us cloud services for that.  You don't really want to keep it on your hard drive /in Thailand/ either, because the Thai authorities can search your computer at any time, not just at the border.

 

As for the NSA, they have collected 56,000 communiqués (e-mails, etc) over the past 3 years that are not connected with Terror.  56,000 out of billions over 3 years.  That's actually not a bad ratio; the odds of you being affected is minuscule, and the NSA isn't really concerned with porn either.

[6853395]

Except daddy USA can monitor everything you upload to the cloud. Don't you guys read the news these days ?

 

For purposes of this thread, this is isolated to physical devices at the border in case you're pulled aside for further review.  It's about the devices on hand and if you read through the documents linked above, it's about not getting your devices confiscated or having questionable data on hand.

 

The NSA concerns are mutually exclusive from this matter of physical device transport and probably a discussion for a separate topic.

[gogo dog]

what are some good secure delete programs for windows 7? thanks

 

Not tried it with Windoze 7 but used this a lot in the past http://eraser.heidi.ie/

 

Except daddy USA can monitor everything you upload to the cloud. Don't you guys read the news these days ?

 

Not if it's strongly encrypted before you upload it.

[manarak]

The question that comes to mind is, "what might you have on your computer that would cause a problem?"

 

just curious. but I don't think a few pictures of boobs and such can cause that much harm

 

 

(I did not read all of the material.  next to do.)

 

cheers

 

bert

you would be surprised.

 

the most obvious:

 

let's suppose you took some pictures of your over-18 but young looking barfine... and let's say the officers (who mostly only see overweight whales in their daily lives in the US) are firmly convinced the girl on the pics is younger than 18...

[Ebdude]

I had my computer searched at US customs and it was due to the quick reply I gave to the customs officer who first looks at everybody's passports.  She looked at my passport and asked if I had been in Cambodia.  I said no and she sent me to a special station where they searched my computer and found nothing.

  I once did a visa run to Cambodia.  They had you wait in a casino between the borders with a free buffet and then go back.  So I never was in Cambodia, but had the stamp in my passport. 

 

I guess she thought I lied and was thus suspicious.

 

 A waste of about a half hour for all of us.

[Gone with the wind]

I had my computer searched at US customs and it was due to the quick reply I gave to the customs officer who first looks at everybody's passports.  She looked at my passport and asked if I had been in Cambodia.  I said no and she sent me to a special station where they searched my computer and found nothing.

  I once did a visa run to Cambodia.  They had you wait in a casino between the borders with a free buffet and then go back.  So I never was in Cambodia, but had the stamp in my passport. 

 

I guess she thought I lied and was thus suspicious.

 

 A waste of about a half hour for all of us.

 

So you did go to Cambodia since you had stamps.

From there point of view they probably thought you were trying to deceive them in some way.

May have been much quicker if you just explained the visa run thing to them.

[ricktoronto]

The government can break any encryption and if you upload thing to a "cloud" via the internet they can get that to.  The best thing to do is to not have anything illegal on your computer.  They do not care about porn as long as it involves adults.  Give them the passwords if they request them and cooperate.  Give them any reason to suspect that you are hiding anything or being cute and kiss your computer, phone or whatever goodbye.  

Actually they can't break "any" encryption.

 

The US government dropped a case against a South American who used TrueCrypt to encrypt a hard drive and refused to provide the password. After literally months at the NSA they dropped the case and returned the drive.

 

They rely on 256 AES encryption for the same reason that they cannot break it. This assumes you don't use 1234 or "password" for the password, which many do.

 

You can set up a TrueCrypt encrypted file that has a folder within a folder and with two different passphrases such that when you are asked to give your password, you give them the first one which opens the file to provide a few harmless files and a lot of free space. That free space contains another drive with your content. It is easy, open source and free. The presence of the second encrypted container within the first is undetectable. Just random bits and bytes.

[LeonSandcastle]

Coming back to the USA for almost a year in Thailand, coming through immigration was a horrible experience that I'd just as soon forget. I had 2 suitcases which they went through (of course they found nothing), the idiot kept asking a boatload of questions, and if they weren't satisfied with the first answer would press on for more information. It was very time consuming and the custom agents were rude and condescending. At the finale the guy said welcome back while giving me a hostile last glance(as they would say "mean muggin' me lol)

[manarak]

Actually they can't break "any" encryption.

 

The US government dropped a case against a South American who used TrueCrypt to encrypt a hard drive and refused to provide the password. After literally months at the NSA they dropped the case and returned the drive.

 

They rely on 256 AES encryption for the same reason that they cannot break it. This assumes you don't use 1234 or "password" for the password, which many do.

 

You can set up a TrueCrypt encrypted file that has a folder within a folder and with two different passphrases such that when you are asked to give your password, you give them the first one which opens the file to provide a few harmless files and a lot of free space. That free space contains another drive with your content. It is easy, open source and free. The presence of the second encrypted container within the first is undetectable. Just random bits and bytes.

they can break it.

They just wouldn't waste computing resources on a very-low-priority target.

[ricktoronto]

they can break it.

They just wouldn't waste computing resources on a very-low-priority target.

This was a very high priority target.

 

The time needed to break this level of encryption would take in the tens of thousands of years if not more.

 

Certainly for Joe Mook with some porn done properly they will not even find it if you follow the instructions on hidden volumes and don't admit to the other volume.

[manarak]

This was a very high priority target.

 

The time needed to break this level of encryption would take in the tens of thousands of years if not more.

 

Certainly for Joe Mook with some porn done properly they will not even find it if you follow the instructions on hidden volumes and don't admit to the other volume.

Is this the case you are refering to:

http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/

 

One important detail is that the South American was not in the USA and was not required by Brazilian Law to reveal the passphrase.

 

And I don't think this case was high priority enough to commit an NSA supercomputer to it.

 

Also consider this:

http://nsa.gov1.info/utah-data-center/

 

Our Target: 256-bit AESThe Advanced Encryption Standard (AES) algorithm is used worldwide to encrypt electronic data on hard drives, email systems, and web browsers. The AES 256-bit encryption key is the standard for top-secret US government communications. Computer experts have estimated it would take longer than the age of the universe to break the code using a trial-and-error brute force attack with today's computing technology.

 

In 2004, the NSA launched a plan to use the Multiprogram Research Facility in Oak Ridge, Tennessee to build a classified supercomputer designed specifically for cryptanalysis targeting the AES algorithm. Recently, our classified NSA Oak Ridge facility made a stunning breakthrough that is leading us on a path towards building the first exaflop machine (1 quintillion instructions per second) by 2018. This will give us the capability to break the AES encryption key within an actionable time period and allow us to read and process stored encrypted domestic data as well as foreign diplomatic and military communications.

 

This comes from the NSA's website - why would they publicly confess not being able to break AES? because they can already break it...

[CyberPro]

they can break it.

They just wouldn't waste computing resources on a very-low-priority target.

 

Agreed, although why use just AES when you can use multiple algorithms? The traveler may no longer be living when a good passphrase/encryption algorithm is cracked but who wants to lose their media? It's better not to cross borders with questionable content on media.

 

even the FBI was not able to decrypt a TrueCrypt volume after a year of trying.

 

http://www.truecrypt.org/faq

 

Individual algorithms supported by TrueCrypt are AES, Serpent, and Twofish. Additionally, five different combinations of cascaded algorithms are available: AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. The cryptographic hash functions used by TrueCrypt are RIPEMD-160, SHA-512, and Whirlpool.

 

http://en.wikipedia.org/wiki/TrueCrypt

[mobo76]

The statue of 'Liberty' turns out to be a total tormentor not to mention torturer for its own fellow citizens.

 

[lyku69]

Here are two documents pertaining to Keeping your data safe at the US Border with regards to devices, etc.

1. How to keep your data safe at the US border
2. Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (PDF)

Informative reading and highly recommended if you travel with a computers and have any type of digital data or media on you.

 

I've combed through the documents and if you're an informal user, the following are what I find to be the salient points:

• Cloud Computing
• Clear History and Cashe
• Secure Empty Trash

Also, you practically have no rights at if they want to search your data.  They can inspect anything and confiscate your items.  Being uncooperative, including to provide passwords to open computers, can be used against you.

 

Prepare ahead of time before entering, or re-entering, the US Border. 

A second option:

- Visit a computer tech and purchase a cheap refurbished laptop prior to your trip.

(I bought one for $150.00 which worked just fine for my needs)

- Enjoy your trip, uploading files to a cloud server from your SD card equipped camera as you go.

- At the end of your trip, before you leave, destroy the SD card (they are inexpensive).

- Reformat your laptop, reinstall Windows and give it to a deserving "friend". (Use it to barter with the locals perhaps)

- OR borrow a hammer, smash the laptop into a billion pieces and throw the remains into the garbage.

 

The same process would apply if you intend to use a phone to take pictures.

 

I know this sounds a bit drastic but it certainly eliminates any potential problems at airports.

For me peace of mind is worth the minimal costs.