Customs Proofing A Laptop
I Discovered the article Security guide to customs-proofing your laptop over at Cnet and thought it would be worth sharing it. It does not really add anything new to the discussion and if you have followed it here (Protect your date when travelling) onÂ my website or at others you might already know every point that is mentioned in it.
The article is divided into three threat levels and an introduction with some interesting background information and links. The first threat level mentions data encryption and certain aspects that have to be taken care of. It mentions for instance the fact that it is possible to read the contents of the RAM if the laptop is or has been powered on shortly before entering customs. It also advices to delete all temporary data on the system like browser cache, cookies and so forth.
Lastly it mentions the possibility that spyware could be installed on the computer while it is kept by the federal agents. The next step would be a full encryption of the system which has the advantage that everything is encrypted meaning no one can access it by simply plugging in the laptop's hard drive into another computer. This could, on the other hand, make border agents suspicious because they might think you are hiding information that they are after.
The last threat level mentions steganophy which means hiding data in other data, for example an important text document in a music track. It also refers to the use of encrypted containers on encrypted partitions. It also mentions electronically sending the data once you reached your destination or storing it on smaller memory cards that are placed in devices that do not look suspicious.
The best solution in my opinion is the secure transfer of data once you are at your destination. This ensures that nothing can be found on the laptop that could arouse suspicion It would also mean that the traveler does not have to lie if someone asks questions about the contents of the laptop.
Others suggested sending the data by overnight shipping which still leaves the chance that the package will be intercepted and analyzed but has the advantage that you cannot be questioned and asked for the password of the (hopefully) encrypted drive.Advertisement