Encryption: do it when you travel

The Department of Homeland Security just disclosed its official policy on laptop seizures. It says it can and will take laptops of foreigners and U.S. Citizens for as long as it wants, for whatever it wants.

How can they get away with this? Because an out-of-touch judiciary says so. Border agents can search laptops without any suspicion of wrongdoing, according to the 9th Circuit, the most recent court to rule on the issue. And so the DHS policy, which they have been following for years.

If you don’t encrypt, you might as well just hand over your clients’ information. If you represent defendants in criminal matters, you might just create more business for yourself, when DHS stumbles across your notes on a file.

If you want to keep your information secure, encrypt it, and when you travel—or in other cases when you know there is a likelihood your computer will be searched—shut it down completely to protect against a cold-boot attack.

Travelers’ Laptops May Be Detained At Border | /.
DHS border policy: we can steal anything from you, read all your data, and disclose it to anyone we want | BoingBoing


  1. Won’t they just seize the laptop and run decryption algorithms on it and/or not give it back until you agree to give them the decryption key? With encryption software so ubiquitous, I cannot imagine that DHS would be stumped by an encrypted laptop. If the data was maintained on offsite secure servers, then it would not be on the laptop, but the machine would still have access to it with a net connection or VPN hookup to your office server. Wouldn’t that be a better solution?

  2. Avatar Kenneth Hoffman says:

    There is an interesting discussion on the Interesting People (IP) listserve. The archives are here:

  3. Avatar Sam Glover says:

    I don’t think decryption is as easy as that. What I have heard from a forensics expert is that they can get some information off an encrypted drive, but it is usually “fuzzy” at best.

    When I leave the country, I will probably not travel with a laptop. I have remote access to my office server, and I use webapps for email, calendar, and tasks. I can do without a laptop as long as I have access to a computer.

    But not everyone has a server back at the office. Encryption is another layer of insurance if you have to bring it along.

  4. Avatar Marc says:

    This policy is one reason I can no longer travel to the USA for business. I *HAVE* to bring my tools with me to work, and my main tool is a very expensive laptop with lots of software tools and hardware addons for validating security, solving problems, etc.. Yes, I have a full backup, but the time and expense of restoring that tool means I cannot run the risk of having them confiscate it. So I now just turn down contracts in the USA if I cannot do the work remotely.

    As for encryption and security, there are mechanisms available that basically make your data just another lump of metal if they don’t have the keys. At least for the next few months. Who knows what some smart cookie will come up with to turn today’s locked-up-tight security tools into so much swiss cheese?

    Of course, if you lose your laptop to the American border gestapo you either have to use public terminals or get another laptop right away. I’d recommend the latter. Do you really want to use public terminals (possibly infested with malware with no way to check) to access private information? Paranoia is only a flaw if they weren’t out to get your data.

    Alternatively, have your office courier a basic laptop to your first stop after the border. They don’t confiscate packages last I checked, and one is not yet subject to search-and-seizure outside of the border zones.

Leave a Reply