Keep Your Private Data (Reasonably) Safe At The Border
In a recent post Chris Soghoian of slight paranoia fame talks about crossing international borders and protecting your privacy. Specifically Chris is talking about your privacy when it comes to data stored on a notebook computer.
The simplistic solution is to ensure your data is encrypted in some fashion, which you should be doing regardless to protect your data against loss or theft of your notebook. On a notebook running Mac OS X encryption is as easy as enabling FileVault. But as Chris points out, if you refuse to disclose your decryption password or key, you can be refused entry, fined or thrown in jail depending on where you are.
A better solution, at least on a Mac, is to encrypt your main account with File Vault and then create a second dummy account which is what you will use to login when asked by the border guard. However, for this to work and seem at all plausible, you will need to do a little prep.
First, under System Preferences -> Accounts -> Login Options, make sure that Automatic Login is disabled, which I believe it must be in order to use File Vault.
Next, also on the Login Options section, select ‘Name and password’ as the display method for the login window. With this method, you will need to enter in your username and will not disclose any usernames to the person inspecting your computer.
We also need to turn off fast user switching on the Login Options section as that shows a drop down list of users on the computer. If you use this feature on a regular basis, perhaps to lock your computer on the login screen, then you can do this step just before crossing the border; but DON’T forget.
Now add your dummy user to the system. Make sure the name is your full name and that the shortname (ie. login username) is something plausible and doesn’t reveal that this is a dummy account. So, for example, using myself as an example, if my ‘real’ account username is ‘douglas’, I would choose something like ‘doug’ or ‘dougr’ as my dummy account. After creating the account it is critical that you uncheck the box labelled ‘Allow user to administer this computer’. This will prevent the person inspecting the computer from running the ‘sudo’ command and running any revealing commands as the root user. If asked about this restriction you can plausibly deny anything saying that it’s your company’s corporate policy to not allow users to have admin access.
Finally, you need to make your dummy account look like it’s used on a regular basis. How you do this is up to you but I recommend that you spend a weekend using this account only for anything that isn’t important to you in terms of privacy. So surf the web and look for movies to rent, check the hours of your local market, whatever. Make sure you add some bookmarks and download some files. Customize your desktop background and basically make the account look like it belongs to you.
You are now ready to book a trip across an international border. But before you go, there are a couple things you need to do. first, if you haven’t turned off fast user switching (as mentioned above), do that now. You also need to log into your dummy account and freshen things up. Visit some websites so your browser history seems recent, some website cookies and cached files have been freshened and download a couple files. Make sure you log out of your ‘real’ encrypted account; otherwise, it will be sitting in a visible and decrypted form on your computer. And finally, to prevent anything from residing in memory, shut down the computer completely (ie. don’t put the computer into standby mode). Now, you’re ready, for the most part anyway.
It’s worth noting that this method will likely fool ninety-nine out of one hundred regular border guards. The possibility still remains that there my be a border guard with a technology background or specialized training and that they may or may not know what to look for and where to look for it. If you’re worried about that potential outcome then either don’t take your notebook or follow Chris’ advice and wipe your laptop clean.
Tue, 06 May 2008 10:45 Posted in Technology
Tags encryption, privacy
