Crossing the Border with Your Laptop

Posted by Robb Beggs on 10/19 at 08:48 AM

Just a reminder - you have no expectation of privacy when your cross the US border carrying your laptop, cell phone, or PDA - so what do you do to protect your data?

If you enter Canada with a laptop computer, don’t be surprised if it is searched for the presence of child pornography. It’s an automated search tool that reveals images, and these are inspected for contraband. No child porn? Thank you very much Sir, and have a nice day!

If you enter the United States with a laptop, things are a bit more draconian.

Under Department of Homeland Security policy:

• Officers may “detain” laptops “for a reasonable period of time” to “review and analyze information.” This may take place “absent individualized suspicion”
• Officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption or other reasons
• When a review is completed and no probable cause exists to keep the information, any copies of the data must be destroyed. Copies sent to non-federal entities must be returned to DHS. But the documents specify that there is no limitation on authorities keeping written notes or reports about the materials
• There are no provisions in place for ensuring the security or privacy of data obtained during this process
• Policies cover “any device capable of storing information in digital or analog form,” including hard drives, flash drives, cellphones, iPods, pagers, beepers, and video and audio tapes. They also cover “all papers and other written documentation,” including books, pamphlets and “written materials commonly referred to as ‘pocket trash’ or ‘pocket litter.’ “

And yes, the policy applies to Canadians visiting the States.

The concern is how do you secure corporate data against an increasingly hostile and xenophobic neighbor? What about personal e-mails that you don’t want to share, or discussions of medical conditions? What if you just want to maintain the privacy or your own data as much as possible?

What can you do to protect yourself?

If you encrypt some or all of the hard drive, expect to be asked for the password. If you don’t want to freely give it the agents at the border, expect “intense questioning” as a minimum.

Some people remove critical data from their laptops, and place it on a USB key or flash drive, which they carry in their pockets. However, agents have full authority to go thru your “pocket litter” in the search of evidence (as there is no criteria in place for why they would choose to search one laptop versus another, the term “evidence” is used loosly!).

Best solution? Assume that your laptop will be seized and viewed. If there is anything on the hard drive or residing in the system’s memory, it can be accessed during the review process … so COMPLETELY scrub your laptop. Run a low-level format, install the operating system, update it, install key office work applications, install remote access applications, and then install nothing else. That will become a “travel laptop”. Configure your system, and network, to allow secure remote access. When you need e-mail or documents from work, log on, access and use them, and when they are no longer needed by you, make sure you securely delete or wipe them.

It’s not perfect, but it is better than surrendering your corproate and personal data.