Defending The Kingdom

Bruce Schneier has an article in The Guardian that describes some strategies to keep your data private when crossing borders. What do you want customs agents to see when you bring your laptop, USB drive, mobile phone, or PDA across a border?

Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you’re entering the country. They can take your computer and download its entire contents, or keep it for several days.

[…]

Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won’t work here. The border agent is likely to start this whole process with a “please type in your password”. Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.

You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key - even if you also encrypt your entire hard drive - and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk (from pgp.com). TrueCrypt (truecrypt.org) is also good, and free.

The article goes on to talk about the importance of using strong passwords, as well as the limits of depending on strong passwords to protect encrypted data.

Edited to add (19 May 2008): The quoted sections of the Guardian article have been trimmed due to a complaint from one of the editors.

Unfortunately, it’s impossible to control your personal information at all times. Companies and governments that store personal data sometimes screw up in the worst way:

The British government struggled Wednesday to explain its loss of computer disks containing detailed personal information on 25 million Britons [about 40% of the population], including an unknown number of bank account identifiers, in what analysts described as potentially the most significant privacy breach of the digital era.

You can’t do much when something like this happens. One thing you can do, however, is make sure your passwords are strong.

Experts said the information could allow crimes beyond identity theft. Some people use the name of a child or part of an address as a password on a bank account, so the combination of these details could allow someone to break their code.

How do you feel about this? From an NYTimes article, Privacy Lost: These Phones Can Find You:

Two new questions arise, courtesy of the latest advancement in cellphone technology: Do you want your friends, family, or colleagues to know where you are at any given time? And do you want to know where they are?