Zero PC privacy when entering LOTFAP

[dot]

I came across this article today.. http://www.pcworld.com/article/id,142429-pg,1/article.html:shock:

Basically it is saying that on landing into the LOTFAP, you have no rights to privacy for content on your laptop or storage devices (HDD, USB Keys, CD's, DVDs etc). I am sure the chances of having such a search are slim, but it's scary stuff. If I were to follow the recommendations in the article, I don't think I would even bother taking my laptop anywhere... without the confidential content that I store on my PC (encrypted of course), there would be very little on there that would be of use to me in a business sense.

 

[Mal]

Do you really think Australian Customs are any different?

 

[NYCguy]

Do you really think Australian Customs are any different?

Exactly. I am sure they have the "power" to confiscate whatever they want, and return it at their leisure.

 

[Mal]

Exactly. I am sure they have the "power" to confiscate whatever they want, and return it at their leisure.

I havn't done full research, but researched my options if/when Customs does a secondary inspection when I arrive in the country. I have nothing to hide, but wanted to know my rights.

I couldn't find anything that gives me protection from Customs examining *anything* I had in my baggage/on me at the time.

While this article I'm about to quote is from an overseas newspaper, it sums up the situation well:

The Electric New Paper, Singapore - The Electric New Paper News

A spokesman for the Australian Customs Service told The New Paper that all incoming passengers, including airline crew, are risk-assessed before arrival.

The spokesman denied that they had acted on a tip-off.

He declined to provide details of how the risk assessment is done.

He said: 'On arrival, people may be selected for questioning and baggage examination for a variety of reasons.

'We do not disclose what the risk factors or indicators might be.'

The spokesman said customs officers can physically examine, X-ray screen, test or analyse any item coming into Australia.

The inspection can involve reading documents stored in a laptop.

 

[bambbbam2]

The US may stop searching if, as looks likely, they will lose an upcoming supreme court test case.

Judge: Man can't be forced to divulge encryption passphrase | The Iconoclast - politics, law, and technology - CNET News.com

 

[Mal]

The US may stop searching if, as looks likely, they will lose an upcoming supreme court test case.

That won't stop them searching - just will stop them forcing someone to reveal a password to their laptop if revealing the password will be incriminating. Normal windows passwords are trivial to discover (assuming the laptop is seized) or the data is easily accessible without the password. This case is only really relevant where someone encrypts portions of their HardDrive with a password that is not trivial to break.

 

[wallacej]

I don't want to go OT here, but I had to visit the abbreviations page to see what LOTFAP meant....

Nice to have a chuckle on a Friday night...

 

[dot]

Exactly. I am sure they have the "power" to confiscate whatever they want, and return it at their leisure.

I hadn't really thought about it, but I am sure you and Mal are right - Oz customs could exercise demand the same access to your PC...

It will be interesting to see if the challenges are upheld in the US courts or not.

 

[rwatts]

This case is only really relevant where someone encrypts portions of their HardDrive with a password that is not trivial to break.

"Plausible deniability".
Its pretty darn obvious that encrypted data is present - but not how much. Under Australia law you can be forced under warrant to assist with the extraction of data from a drive - ie to reveal passwords, encryption keys, etc. The trick is to have layers of encryption such that at some point you can plausibly deny that any further encrypted data is present.

Richard.

 

[NM]

I wonder what would happen if you forgot the password? Happens more often as I become chronologically challenged.

 

[Mal]

I wonder what would happen if you forgot the password? Happens more often as I become chronologically challenged.

Based on Australian Federal law, you could well be in trouble. State laws are slightly different depending on the jurisdiction.

 

[rwatts]

I wonder what would happen if you forgot the password? Happens more often as I become chronologically challenged.

Forgetting your operating system password is usually trivial. Forgetting the password for your 256 bit AES encrypted data definitely isnt

Could be interesting trying to convince a customs officer or court that you really have forgotten.

Richard.

 

[medhead]

Could be interesting trying to convince a customs officer or court that you really have forgotten.

Richard.

I don't think it would go that far. If you are important enough as a risk there are intelligence types that have the ability to crack the various encryption systems.

It is well known that the US government shorten the DES key length most likely to be crackable by CIA, NSA or whoever.

WE also know that Us has in the past made it illegal to export some encryption technology to non-US types. If this is still the case, forgetting your password at US customs might be the least of you worries. They might decide to do you for stealing security related US technology.

 

[rwatts]

I don't think it would go that far. If you are important enough as a risk there are intelligence types that have the ability to crack the various encryption systems.

There is a reason why AES is a DSD Approved Cryptographic Algorithm (DACA) for Australian classified material - with either 128, 192 or 256 bit key lengths. Believe it or not the US does not have access to all Australian material.

It is well known that the US government shorten the DES key length most likely to be crackable by CIA, NSA or whoever.

DES has been out of favour for a long time. Triple DES (3DES) is allowable if two or three distinct keys are used.

Its the key management where most systems break down - the Germans certainly learnt that (eventually).

WE also know that Us has in the past made it illegal to export some encryption technology to non-US types. If this is still the case, forgetting your password at US customs might be the least of you worries. They might decide to do you for stealing security related US technology.

Making it illegal to export the technology was a failure - it just spurred the development of alternatives.

Remember its not only the US that can cause problems. In many countries the mere possession of cryptographic technology or encrypted material is a criminal offence (eg France until 1999). Most countries restrict the import and export of cryptographic material in some way (Australia by way of category 5 of the Defence and Strategic Goods List).

The topic however is the LOTFAP. Remember you dont actually have to commit any offence to be in a lot of trouble there and you wont earn points or SCs from the free (rendition) trip to Egypt

Richard.

 

[bambbbam2]

"Plausible deniability".
Its pretty darn obvious that encrypted data is present

Not if you use something like the open source TruCrypt

TrueCrypt - Wikipedia, the free encyclopedia

 

[rwatts]

Not if you use something like the open source TruCrypt

TrueCrypt - Wikipedia, the free encyclopedia

Which like FreeOTFE provides plausible deniability through layering. Still pretty obvious that encrypted data is present. Even if not able to be proved to the standard of a court of law, its enough to keep them interested (and you missing your flight connections, etc). At least you can "give up" a key to expose data you dont care about while keeping the real secrets safe and hopefully enjoy your visit to the LOTFAP. (I really am trying to keep on topic!)

Richard

 

[straitman]

(I really am trying to keep on topic!)

Richard

That's rather a novelty around here :!:

 

[simongr]

Frankly as I dont transport child cough on my laptop I have no reason to encrypt the information and would not be overly concerned about customs checking on the HDD - now if they had a look at those downloaded episodes of Lost I might be a tad more concerned

 

[Evan]

My harddrive is encrypted with a 256bit AES encryption (I thought it would slow it down but not noticable) and also i encrypt sensitive files and emails with a different product.

I would generally be willing to log onto my system and show them around shall we say, but if they want me to decypt an email of file then thats another matter and not trivial in so much that i don't store the required key even on my notebook, must be accessed via a VPN.

OT a little, Our company has a special agreement with the Chinese govt to allow us to bring our encrypted notebooks into China.

As yet i have never had a notebook looked at (or a phone or ipod etc) yet and i don't think it will ever happen, i think you would have to be a high risk group to have that happen to you. Then again there is always a first time for everything.

E

 

[JohnK]

Do you really think Australian Customs are any different?

I had my first secondary in BNE about 2 years ago.

I had a lady officer going through my luggage with a fine tooth comb and asking questions trying to trap me and then another officer came over and asked if I had a mobile phone. I handed it to them and they went to a room. They returned a few minutes later and asked me to switch off my mobile phone and then turn it on again. There is a sim password so I guess they are just cecking to see whether you are really the owner of the mobile phone.

I have nothing to hide but I do not particularly like strangers going through the personal photos in my mobile phone and through my phonebook. The lasy officer was really disappointed she wasted her time. Anyway there is nothing you can do about it and just keep smiling and keep your cool....