Home page logo

interesting-people logo Interesting People mailing list archives

Re: Peter Swire: No, You Can't Search My Laptop
From: David Farber <dave () farber net>
Date: Mon, 4 Aug 2008 12:17:18 -0700

From: Gordon Syme [gordon () twiceasgood net]
Sent: Monday, August 04, 2008 2:58 PM
To: David Farber
Subject: Re: [IP] Re:     Peter Swire: No, You Can't Search My Laptop

Prof. Farber, for IP if you wish

David Farber wrote:
From: Steven M. Bellovin [smb () cs columbia edu]
Sent: Sunday, August 03, 2008 11:05 PM
To: David Farber
Cc: rca53 () columbia edu
Subject: Re: [IP] Re:    Peter Swire: No, You Can't Search My Laptop

On Sun, 3 Aug 2008 17:09:55 -0700
David Farber <dave () farber net> wrote:

But you raise, perhaps unintentionally, the more likely (inevitable?)
and interesting controversy: if Customs can search your information
stored on physical media at the border without a warrant, why do they
need a warrant to search it at the "electronic border" as you
transmit the same information it to and from your server when you are

This is precisely my concern; I blogged about it last month
(http://www.cs.columbia.edu/~smb/blog/2008-07/2008-07-10.html).  The
issue of disclosure of keys may also be different.  Just as people have
no right to conceal physical objects when crossing a border, is there a
right to conceal information you are importing or exporting?  This is a
very different question than ordinary criminal cases.
I'm starting to think that the only "safe" way to get your laptop into the US
would be to create a VM containing your chosen OS and data and then leave this
at home. Travel without a laptop until you arrive at your destination.

At this point you can acquire a machine, generate a keypair and export the
public key. A trusted third party then encrypts the VM and makes it available
for download, probably with a service like Amazon's S3.

The VM can contain all your actual data contained in encrypted volumes to
minimise the risk of having to trust a third party (though this would require
transporting a private key inside the VM).

This way you avoid the problem of taking data through the border and also of
taking a password through with you, the keys don't exist yet so how could you
reveal the password? Nothing carried through and nothing concealed.

It's an awful lot of work to get around the risk of border searches (and the
associated data grabbing) and skirts around the problem rather than tackling it
head-on through legal means. I suspect that there are definite business cases
for going to this effort though.


Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]