EFF on securing digital information when crossing the border

The Electronic Frontier Foundation, long-time defenders of the common man’s rights in the electronic realm, has published a guide to keeping your digital devices private when entering the United States. It seems the defenders of freedom and liberty (ICE, DHS, TSA, and CBP) are able to take a few freedoms with your liberty at a border crossing by seizing your devices and copies of the data they store for up to five days. This requires no suspicion of wrongdoing, and copies of this data may be shared with other agencies thereby negating the five day limit.

Do you have a reason to protect your digital property? This is discussed in the paper. It may be confidential information, by way of a business contract or professional relationship (Doctors, Lawyers, Journalists, etc.). Or you may just want to keep your privacy on principle. No matter what your stance, the EFF has covered all the bases in this intriguing read. We think the best advice they give is to make an encrypted backup of your data on the internet, blank your computer before the border crossing, and restore it when you get to your destination. If you don’t have the data with you, it can’t be compromised. It that’s not an option, they have plenty of guidelines on cryptographic techniques.

[via Twitter]

47 thoughts on “EFF on securing digital information when crossing the border

  1. Hey Mike !

    Your work is wonderful !!!
    Could you please create a video tutorial about this bug for us : “Nginx PHP code execution via FastCGI”

    this is very important
    Thanks a lot dude !

    1. Vote for who? I don’t see any politicians trumpeting electronic freedom, at least not any politicians with even the slightest chance of being elected.

      1. Yes.. Vote.. Vote on electronic voting machines, machines that every other day a new video is released showing exploits, machines that engineers have testified before congress on the dangers of using these machines, the risk of faked elections, and undetectable tampering.

        How can one even begin to assume we still have a choice?

  2. Just a sad part of the be afraid, be very afraid, United States of America post 9/11/2001. When,if, it’s ever brought up by the elected managers, it’s generally in the form of partisan politics :(

  3. The “blank it out and pull it from the Internet at the other side” solutions ignore the realities of bandwidth, unfortunately.

    1. And it ignores how the NSA is sniffing the internet massively, not to mention that if you do this you will be immediately on the terrorist list, so if you do don’t blank data but fill it with irrelevant data so it’s not too obvious.

    2. There is the remote access alternative…

      If you need access to all your data then leave your system on at home and remote into it from anywhere in the world. Sure, you don’t have access to the file locally, but do you really need it locally?

      Just pointing out how easily defeated this system is. I’d be willing to bet the only people that get in trouble are college kids with pirated music and movies on their iPads.

  4. Is it illegal to use at90usb’s as the controller for all my usb drives… and configure them to do nasty things to DMA on machines that are not my own?

    1. Brilliant. It wouldn’t be difficult to write hardware-side code to do that. On your machine, you could easily write a driver that captures the usb connection and sends to “hey it’s safe to play nice” command before handing over control.

  5. Or just keep you private stuff on a cd/dvd or a flash drive and just mail it to yourself(twice if you worry about it getting lost)…

  6. Now the terrorists will know how to keep their evil plans from the good guys because of your posting. Thanks a lot hackaday.com!

    1. Those who give up their liberties for security, deserve neither.

      More Americans die in car accidents every year than on 9/11.

      Security of the population – first rallying slogan of any fascist government. And they take your liberties away one by one – never enough for all people to raise up at once.

      1. Miroslav, you are either with us or you are against us. Thank you for clarifying your position. Soon you too will love big brother.

  7. and against who this measures ? criminals will make sure to encrypt data so this pony and donkey show only to annoy and increase fear in general population

    1. Micro SDHC cards are a nice way to keep data from prying eyes :) Also that fact that every linux distro comes with a live usb ability, you can just boot off a usb stick, to their surprise have no hard drive in your laptop at all LOL. Keeping a nice little symbolic link between ~/Documents -> /media/MicroSdhc. Even if they get your USB stick, it’s not like they’ll find the micro, let alone be smart enough to put the pieces together.

      If you do keep a hard drive in there, I’d fill it with random files containing /dev/urandom. Like say piping the output from an ls command on a windows drive to get the same file system structure :) just to make them suffer a little bit lol formatted it in some strange filesystem like HFS (apple’s fs LOL, that’ll be a mind fuck)

  8. Or just stop voting for big government Marxists and “Israeli firsters.”

    But you may want to note your beloved EFF has a few lawyers who don’t want people to show an ID to vote… So much for “secure” voting…

    1. The voter ID isn’t relative to the topic at hand, if it where it addresses the least likely place where votes can be tampered with easily. The chief architects of the corrosion our US civil rights came from the right, not the left.

  9. US Citizens, once on US soil, are protected by the 4th and 14th amendments, in theory. Technically speaking, they have no right to confiscate ANYTHING without a court-ordered warrant or at the very least, probable cause (such as carrying a gun through the airport). Merely owning a digital device doesn’t appear to fall under either of these criteria.

    Actually getting those constitutional protections to work for “we the people” is a different story altogether…

  10. Big Brother is watching..
    IMHO Orwill didn’t write 1984 as an instruction manual.
    Sadly the people in the USA (and many other places) are loosing their rights, their freedom and their privacy in a stunning pace.

  11. It’s probably about time America officially changed the lyrics of their national anthem, “land of the free and home of the brave” ? more like “land of the oppressed and home of the paranoid”

  12. DainBramage1991: I remember hearing that the 4th amendment doesn’t apply at border crossing. Maybe it had to do with you being on only halfway American soil or something (memory fails me about the details).

    In any case, it is not just your computer they can search but everything you are taking across the border, and its always been that way. It’s just that searching the computers is particularly obnoxious because there is no reason for them to do it and it is a royal headache for people who value their privacy.

  13. Just travel with tons of extra ‘noise’ along with your sensitive ‘signal’ – bring along tons of data that is similar to other things you have. If they want to sift through many TB of data it’s their problem.

  14. find or make a special usb plug that will only work on your system. when asked about accessing data on your thumbdrive tell them good luck and laugh in their face. or if you’re really paranoid, shove said drive up your bum. when asked about the thumbdrive up your rectum, tell them you’re into kinky sex and its filled with naughty things they should punish you for.

  15. dont know about that usb drive if it dosnt work at all they might get suspicious better would be to have a drive wich will switch memory chip given an external input like a small magnet or a photodiod you have to cover upon insertion to “boot into the secret chip”…

  16. A mate of mine had his xbox detained, they tried saying something along the likes of the drm/piracy because he downloaded a game to the HD that he got out of country, they wiped the whole HD causing all of his saves and achievement to vanish into nothing, and he couldn’t do anything about it…

  17. I like how these ‘experts’ talk like the NSA and FSB can’t nuke RSA 2048 and AES 256 cryptext inside an hour.. they have had the resources for decades and it’s even documented..

    1. http://www.pbs.org/wgbh/pages/frontline/homefront/preemption/nsa.html

      It’s also in some books I’m too lazy to dig up..if you didn’t know the NSA has had acres of the most powerful computing in the world you probably aren’t much of a security person..this hasn’t been news since the late 70s..

      There are also legal clauses in cryptography export laws and mention in countless cryptography history books. Most recent bills show the governments potential..if they couldn’t crack AES there would be no AES, and RSA 2048 takes only slightly longer with their resources..

      I can’t prove they can do what I say, but big number factoring in blocks isn’t isn’t exactly new..

      but hey..the internet and marketing are full of ‘experts’..just believe I’m clueless and going on being a hanger on ^^

      1. It’s also in some books I’m too lazy to dig up..if you didn’t know the NSA has had acres of the most powerful computing in the world you probably aren’t much of a security person..this hasn’t been news since the late 70s..

        NSA isn’t the only gut on this world can break/bypass RSA. Look at Lockheed Martin hacking back in 2011. RSA got f**ked up without any super or mainframe computer. Why could the attacker (or the Chinese!) do it? Cerfitication stolen. Passphrases had been stolen. Bam! Thousands of data flowed to an unknown server in Mongolia. No trace since then.

        There are also legal clauses in cryptography export laws and mention in countless cryptography history books. Most recent bills show the governments potential..if they couldn’t crack AES there would be no AES, and RSA 2048 takes only slightly longer with their resources..

        I’m sorry but there is something you missed in your points, perhaps in your 101 cryptographic lesson back in pre-school. Time to break an encryption(s).

        Don’t assume all encryptions work the same way. And also don’t assume every user out there uses the same encryptions over and over again. Perhaps you can crack single encryption each time. However something like PGP, MRPE or multi-encryptions come up. You know exactly you cannot or almost impossible to break it(them) instantly.

        Perhaps you may have the world most powerful super computers, smartest and brightest cryptographers and manpowers in your hands. You if you don’t have common sense, then you are still nothing but a high-school skid.

        but hey..the internet and marketing are full of ‘experts’..just believe I’m clueless and going on being a hanger on ^^

        Or perhaps many of these ‘experts’ are actually experienced with them, and you never experience anything.

        Get a life, also think and experience them first before you boast.

    2. enlighten me..how am I suppose to prove one of the worlds premier intelligence agencies can crack AES and RSA cryptext inside an hour, walk into a facility and video it happening?

      If you consider those acres of super computers they have had for almost 5 decades are at least moderately up-to-date and they have some of the top minds in the world, it’s not exactly rocket science to figure they have the capability..

      Also I’m talking about brute-force not cipher weaknesses…

  18. I suggest putting a goatse wallpaper on your desktop before leaving home, it is surely going to discourage any officer willing to put his nose in your stuff

  19. Reading throught the document reaffirms my decission not to travel at all. I wonder how much pressure would the travel industry put on Congress (and if it would be of any effect) if enough people stopped traveling and had a significant impact on their bottom line.

  20. just one more reason not to travel to the us,

    all our buisness ventures there was dropped 2 years ago and it seems we cut our losses short.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s