18 May 2008
Bruce Schneier has an article in The Guardian that describes some strategies to keep your data private when crossing borders. What do you want customs agents to see when you bring your laptop, USB drive, mobile phone, or PDA across a border?
Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you’re entering the country. They can take your computer and download its entire contents, or keep it for several days.
Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won’t work here. The border agent is likely to start this whole process with a “please type in your password”. Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.
You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key – even if you also encrypt your entire hard drive – and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk (from pgp.com). TrueCrypt (truecrypt.org) is also good, and free.
The article goes on to talk about the importance of using strong passwords, as well as the limits of depending on strong passwords to protect encrypted data.
Edited to add (19 May 2008): The quoted sections of the Guardian article have been trimmed due to a complaint from one of the editors.
21 November 2007
Unfortunately, it’s impossible to control your personal information at all times. Companies and governments that store personal data sometimes screw up in the worst way:
The British government struggled Wednesday to explain its loss of computer disks containing detailed personal information on 25 million Britons [about 40% of the population], including an unknown number of bank account identifiers, in what analysts described as potentially the most significant privacy breach of the digital era.
You can’t do much when something like this happens. One thing you can do, however, is make sure your passwords are strong.
Experts said the information could allow crimes beyond identity theft. Some people use the name of a child or part of an address as a password on a bank account, so the combination of these details could allow someone to break their code.
23 October 2007
How do you feel about this? From an NYTimes article, Privacy Lost: These Phones Can Find You:
Two new questions arise, courtesy of the latest advancement in cellphone technology: Do you want your friends, family, or colleagues to know where you are at any given time? And do you want to know where they are?
4 September 2007
Interesting Wired News article on why people won’t pay for protection from privacy intrusions.
Privacy is fast becoming the trendy concept in online marketing. An increasing number of companies are flaunting the steps they’ve taken to protect the privacy of their customers. But studies suggest consumers won’t pay even 25 cents to protect their data.
Later, one of the people interviewed explains why he thinks this is the case:
The thing about consumer privacy is it’s really a death from a thousand cuts. With any given click or any given web page the loss of information is usually very subtle. The fact that you may get more spam or pay more for flowers because you live in a wealthy ZIP code are just single drops in a tsunami of privacy violations.
Too bad. I certainly sympathize sometimes with the sense of hopelessness about keeping my privacy that many people experience. And, for some, perhaps the costs of combating privacy concerns are higher than the costs from losing one’s privacy.
28 March 2007
Update (30 April 2007): Rogers is through answering my emails. In their latest message to me, they implied that they had said all they wanted to and that further questions should be directed to The Office of the Privacy Commissioner of Canada:
The Office of the Privacy Commissioner of Canada oversees Rogers’ personal information handling practices. If your privacy concerns are not addressed to your satisfaction by Rogers you may contact the Office of the Privacy Commissioner of Canada for further guidance
So, Rogers doesn’t want to consider the subject further. The reasoning is this: if the Privacy Commissioner thinks Rogers handles privacy adequately, so should Rogers’ customers.