18 May 2008
Bruce Schneier has an article in The Guardian that describes some strategies to keep your data private when crossing borders. What do you want customs agents to see when you bring your laptop, USB drive, mobile phone, or PDA across a border?
Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you’re entering the country. They can take your computer and download its entire contents, or keep it for several days.
Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won’t work here. The border agent is likely to start this whole process with a “please type in your password”. Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.
You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key – even if you also encrypt your entire hard drive – and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk (from pgp.com). TrueCrypt (truecrypt.org) is also good, and free.
The article goes on to talk about the importance of using strong passwords, as well as the limits of depending on strong passwords to protect encrypted data.
Edited to add (19 May 2008): The quoted sections of the Guardian article have been trimmed due to a complaint from one of the editors.