Device Security: How Border Searches Are Really Used 223
onehitwonder writes "Newly released documents reveal how the government uses border crossings to seize and examine travelers' electronic devices instead of obtaining a search warrant to take them, according to The New York Times' Susan Stellin. The documents reveal what had been a mostly secretive process that allows the government to create a travel alert for a person (regardless of whether they're a suspect in an investigation), then detain that individual at a border crossing and confiscate or copy any electronic devices that person is carrying. The documents come courtesy of David House, a fund-raiser for the legal defense of Chelsea Manning, formerly known as Pfc. Bradley Manning." A post at the ACLU blog (besides being free of NYT paywall headaches) gives more details, and provides handy links the documents themselves.
Re:Just upload your encrypted data online (Score:5, Informative)
This isn't exactly shocking news.
Oh, I disagree! The USG has established 100-mile 'non-Constitution' zones around the national borders. Due process and security of personal information is suspended.
How is that not shocking?
Re:Any different than those other governments? (Score:2, Informative)
You might want to check history of passports [wikipedia.org] as an hint that crossing borders has not always been so traumatic, even when borders were as well established as now (ref to Europe before WWI)
Comment removed (Score:5, Informative)
Re: You got it backwards (Score:2, Informative)
So instead of giving it to the border patrol, you tell them to get *their* own copy from the NSA.
There, fixed that for you.
Re:Just upload your encrypted data online (Score:5, Informative)
Why use TrueCrypt instead of mainstream encryption with a long key length?
https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html [schneier.com]
If you're really paranoid (no offense), you can encrypt with every known algorithm in series. Then only one of them has to actually work.
I'll take the last one first; although it's counter-intuitive, encrypting with every known algorithm doesn't actually increase security all that much. One of the main reasons is that as long as the algorithms used are known, an analyst can use the predilections of the various algorithms against the series, actually decreasing the number of possible outcomes. Of course, to do this the attacker would actually have to have some level of cryptanalysis training, but we're talking NSA here. They'll identify and use these tricks if they think it's worthwhile.
As for the first, one of the things that TrueCrypt (which is pretty bog standard mainstream encryption, and it uses only known and tested algorithms -- it's the implementation we're questioning here) provides that baked-in solutions usually don't, is plausible deniability. TrueCrypt allows you to encrypt data into the slack space of an already encrypted archive, thus allowing you not only to have two sets of data depending on the passphrase used, but to easily overwrite one set by modifying the other.
This means that if you're forced to give up your password at, say, the border, you can give the original password; they'll decrypt the archive, and if any data inside the encrypted image is modified, byebye secondary encrypted dataset. This means that you can protect not only against forced release of data, but also against modification (which can also be done with a hash check, but any fiddling will lose access to the original data).
Of course, anyone suspecting such a setup may write something to the inner archive to wipe your outer archive if it exists, just to prevent you from moving that data in the first place, but that's about as far as they can go.
If, for example, Miranda had been transporting a truecrypt archive on his thumb drive, had memorized the password to the Snowden files (or not even been given it) and then had a scrap of paper with the password to his more benign data on him, the confiscated USB drive would have shown absolutely nothing. IF he ever got the drive back with the data intact, he'd still have all the Snowden data (providing the password came through some other channel -- which wouldn't be difficult).