Although this applies to U.S citizens and the U.S. I suspect whatever the outcome of the permissibility of random searches of electronic devices, someone like myself entering the U.S. as a visitor would be under different rules. My concern is that they are willing to execute random searches period including the copying and imaging of data ‘just because’. And it isn’t just the U.S. either like many claim. With ACTA, random border searches of electronic devices are coming soon to Canada and other participating countries.

A few years ago, I was involved with a client that had a legal case against a Government. My laptop contained data that I was providing analysis on that affected the case. What if the government was to just image my laptop? They would now have information that they should not be privy to. That is bad. It under minds the legal system of all countries involved.

Any sensitive data on my laptop is encrypted and I consciously make sure that a forensic search won’t reveal the passphrases or anything like that. It annoys me that I have to worry about and deal with this prior to travel. The last few months due to ACTA, I now remove any sensitive client data from my laptop till I reach the hotel and then securely download what I need. Some say this is just silly. Most if not all of the data on my laptop I really don’t care if they saw or copied it, nothing really bad or incriminating about it — its the principle I guess.

I’m thinking about going a step further. Take a laptop that has nothing on it, and an O/S that runs from a CD or DVD. Boot off the DVD, download the data you need. Prior to travel back home, upload the data, and forensically wipe the hard drive.

If there is valid suspicion that an individual is doing something which could harm others or is illegal, search away. But random searches just because you can? I’m starting to feel like some of those old Russian movies I watched as a child, where you had to carry “papers” to show officials if requested. Not a free society.

Good articles and there is not an easy answer to this problem. On one hand there is the need for law enforcement to get the bad guys, but on the other hand, myself and my company have obligations to our customers, often legal obligations to not reveal certain information to any individuals or entities including government.

My laptop is encrypted, and contains virtual machines that have encrypted drives. In certain scenarios I even have hidden encrypted drives within encrypted drives. I am very doubtful a cursory search would find any evidence of these drives or their presence. However, if for some other reason your laptop was to be confiscated or the encrypted data was to be discovered what is one to do? If you are requested to enter or give the keys and/or pass phrases to allow access to the encrypted data and you refuse the border enforcement is just going to probe harder and the end result will be difficulties in the future when you travel. One can argue the border enforcement are just doing their job and trying to ensure the public safety so they require your cooperation. The best answer to this problem unfortunately is to use a forensically clean laptop that does not contain any data where there is a legal obligation to keep private. Once you have arrived at your hotel you pull the data down using a secure connection, preferably to a encrypted drive. Storing the data on encrypted drive not only protects the data from extraction, but once you delete the data from the drive, extraction of data fragments via slack space, trash etc. are more difficult than on a non-encrypted drive. Prior to your trip home, push the data back via the secure connection and wipe it from the drive. You only have to do this for data that you don’t want anyone to see or are under obligation to keep secret. As for the rest of the data, personal pictures, finances or whatever else they can look at it all they want. This is annoying to do, but I think it is probably the safest answer. You can cooperate and feel comfortable at the border, knowing you are not breaking any laws. You are more relaxed and are being completely honest with the border people. They are happier because they can do what they have been tasked with, and you are protecting your clients and customers data which will keep them happy.

I wonder what happens if the border enforcement ran a program while searching a laptop that caused it to delete data or render a program or the laptop useless? Is there any recourse? Probably not.

Update: May 18, 2008
Bruce Schneier posted on laptop border searches. Another one here. They are good articles and like mine basically say the same things. This is good as it appears to be getting more main stream attention now.

What I wonder is does that apply to encrypted volumes that may be present on a laptop? My laptop contains all my data related to my customers on an encrypted volume. That encrypted volume also holds all my bookmarks, e-mail, and web browser cache. The operating system and applications are not encrypted (yet), and assuming the officers searching my laptop were savvy enough to find the encrypted volume, I am wondering if I am required to give them my pass phrase to access the encrypted volume?

I probably would give it to them. I don’t have anything illegal and it is probably easier to just cooperate then end up being added to some list that would make future travel difficult or impossible. I just wonder where the law sits on this issue.

If I didn’t like my current employer so much, maybe they would hire me to do that work – although I expect I’d get bored really quickly.