Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: Peter Swire: No, You Can't Search My Laptop
From: David Farber <dave () farber net>
Date: Mon, 4 Aug 2008 15:08:56 -0700


________________________________________
From: Jeff Nye [jpn213 () gmail com]
Sent: Monday, August 04, 2008 5:01 PM
To: gordon () twiceasgood net
Cc: David Farber
Subject: Re: [IP] Re: Peter Swire: No, You Can't Search My Laptop

Hi Gordon,

If you're willing to expose a port on your home network, then from
your destination you could use scp to transfer the VM to your location
using password authentication.  Then you do not have to trust a third
party.

I still don't understand the goal of the CBP search policy.  Suppose I
arrive at the border with a laptop or 100 DVDs full of random looking
data.  That data could be noise or it could be encrypted nuclear
secrets.  As far as I can tell, CBP has no way to distinguish between
the two cases because the data could have been XORed with a one time
pad.  If CBP asks me whether the DVDs contain any encrypted data, they
lose because I can (a) lie, or (b) correctly answer "yes" and provide
a "key" that is the XOR of my data with a stream of zeros.  I don't
see an effective response from CBP for either choice.

So I'm puzzled why they're putting people through the hassle.

Jeff



On Mon, Aug 4, 2008 at 3:17 PM, David Farber <dave () farber net> wrote:

________________________________________
From: Gordon Syme [gordon () twiceasgood net]
Sent: Monday, August 04, 2008 2:58 PM
To: David Farber
Subject: Re: [IP] Re:     Peter Swire: No, You Can't Search My Laptop

I'm starting to think that the only "safe" way to get your laptop into the US
would be to create a VM containing your chosen OS and data and then leave this
at home. Travel without a laptop until you arrive at your destination.

At this point you can acquire a machine, generate a keypair and export the
public key. A trusted third party then encrypts the VM and makes it available
for download, probably with a service like Amazon's S3.

The VM can contain all your actual data contained in encrypted volumes to
minimise the risk of having to trust a third party (though this would require
transporting a private key inside the VM).

This way you avoid the problem of taking data through the border and also of
taking a password through with you, the keys don't exist yet so how could you
reveal the password? Nothing carried through and nothing concealed.

It's an awful lot of work to get around the risk of border searches (and the
associated data grabbing) and skirts around the problem rather than tackling it
head-on through legal means. I suspect that there are definite business cases
for going to this effort though.

-Gordon



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]