Good Math, Bad Math

As you’ve probably heard, the US customs service has, recently, asserted the right to confiscate any and all computers and/or digital storage carried by anyone crossing the US border. They further assert
the right to demand all passwords, encryption keys, etc., from
the owners. They even further assert the right to keep or make copies of any data that they find, and to share it without limit with anyone they choose.

I don’t think I really need to stress how insane this is. Back
when I worked for IBM, I frequently travelled to Canada, because I
worked with development labs in Toronto and Ottawa. When I did that, I
carried a computer full of stuff that IBM considered to be highly
confidential and highly sensitive. (I’ve even still got a wall-plaque
from IBM thanking for me work on a project, where I’m not allowed to
ever tell anyone what I did to earn it!) What this policy
says is that the border service would have the right to turn that
information over to anyone they wanted, without informing me
or IBM that they had done so. Further, some of the information on that
laptop was encrypted, and I did not have the key. They were
encrypted with a system that would only allow them to be opened if the
computer could contact a particular IBM server from inside the IBM
firewall. So not only could the border service have confiscated the
computer and passed on confidential or private information – but they
could have arrested me for refusing to decrypt the information on the
computer – even though I couldn’t decrypt it.

This isn’t new news. They’ve been doing this for a while, and we know they’ve been doing it – they’ve made absolutely no attempt to
hide it.

The reason that I’m writing about it now is because I just read
something on Salon about how an allegedly knowledgeable and tech-savvy
person recommends coping with this, and I can’t possible disagree more
strongly. On the Salon Machinist blog, Denise Caruso wrote:

Swire notes that agents at the border are going further than just
taking image copies of people’s hard drives. They’re actually
demanding passwords and encryption keys so they can examine the
contents.

Of course, they promise to destroy the copies and the keys as soon
as they’re done — as long as they don’t find anything illegal, like a
downloaded song you didn’t pay for — so no security worries there,
right? There’s no such thing as a crooked customs or Border Patrol
agent.

This gives government agents access to information they would
never get by opening up your suitcase. In addition to e-mail,
spreadsheets, documents and personal financial information like credit
card receipts and photos, nowadays they can also listen to your stored
Skype calls and voice mails.

Not to mention that just having encrypted data on your hard drive
causes suspicion, or at least throws down the gauntlet. If you were
looking for illegal stuff and you ran into a file that looked like
this,

qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv z/9Ak4
/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88

wouldn’t you immediately need to know what it said? It could be a conspiracy! It could be a list of child pornographers! It could be a copyrighted magazine article! It could be a bootleg Led Zepplin video!

Urgh.

So I figure the best solution is to encode your files rather than
encrypt them, so that you could hide your stuff in plain sight. If
agents don’t know something is encrypted and it looks innocuous, they
won’t compel you to give them the key. “Here’s your laptop, ma’am.
Sorry for the inconvenience.”

That’s the wrong answer. The solution isn’t to try to hide the
fact that you’re taking your own/your employer’s privace seriously. The answer is to make encryption so absolutely routine that (A) finding encrypted files on a computer is so common and routine that it can’t be used as a distinguishing characteristic to allow them to justify confiscating your computer, and (B) to make it so incredibly painful and laborious for them to get any data off of a computer that they give up.

The first part of instructions for how to do this are below.

This connects back to something that I said in my review of Cory Doctorow’s book, “Little Brother”. In that book, Cory wrote about
the idea of histogramming. The idea of histogramming centers on
recognizing patterns in data, even when you can’t see what actual
information it contains. For example, if only 1/10th of one percent of all data on a typical person’s computer is encrypted; that non-criminals who frequently encrypt files are uncommon; and that on average, criminals have 50% of the data on their computer encrypted, then finding a computer that has 50% of its information encrypted raises a flag: there’s something unusual here that suggests that
the information on here might be related to a criminal activity.

The solution to this is to make encryption much more common, so that it’s no longer so rare that it raises a flag. In the novel, Cory wimped out, and had his protagonist’s best friend be the chief programmer at the most popular ISP in the city, and had them change the ISPs code in a way that transparently made everyone’s computers
encrypt all of the traffic going onto the network. In real life, it’s
not so easy. Technosavvy folks can’t wave a magic wand and make people start encrypting their data.

What we can do is start encrypting our data, and when we teach people to use computers, just set them up so that they’re using encryption. Set up your parents macintosh to use FileVault. Set up
your windows box to use an encrypted filesystem. Use PGP. Put passwords on your important documents. Just make the little bit of effort to use reasonable encryption on a routine basis.

For my part, I’m going to write a bunch of articles on encryption: some on algorithms and how encryption works; some on how to set up things like PGP.

For starters, here’s how I set up GPG support in Firefox on my mac. GPG is an open-source encryption system. It’s important that it’s open-source: as you’ll see in later posts, one critical thing about encryption is making sure that no one could have hidden anything in the encryption layer between you and the people you want to talk to. A verifiable open-source system can provide reasonable assurances that there’s nothing hiding in the code, because anyone can see it, and it would inevitably be noticed.

Using GPG with firefox is quite easy: there’s a firefox plugin called FireGPG, which you can download at http://getfiregpg.org. You’ll notice that there’s something on that page labeled “MD5″; that’s a signature, which you can use to verify that no one is substituting a different version of FireGPG to listen in on you. I’m not going to go into how to check that today; for now, we’ll assume that we can trust FireGPG. If you want to be really careful, you can look up MD5, and check the download before installing it. Eventually, I’ll get aronud to showing you how to do that, but I want to ease into it. And one of the most basic facts of cryptography is that all communication ultimately relies on some degree of trust: so find a network that you can trust, and download and install GPG: There’s a link on the FireGPG site that tells you how to install GPG. Do that, and then run the FireGPG installer.

Once GPG is installed, you need to set up keys. To create a key, open the terminal/shell application, and do “gpg –gen-key”. There are some decent instructions about details of making a good, secure key in the GPG docs. I used the default options for key generation: it’s a DSA/Elgamal 2048 bit key without expiration.

What you’ve got now is a set of keys that you can use to securely communicate with other people, as well as to safely encrypt documents.
For communicating, you’ve got a key-pair: that is, a set of two keys. One of them, called the public key, you give to other people freely; the other, called the private key, you keep absolutely secret.

To get a copy of your public key to send to other people, go to the command line, and run “gpg -export -a”. You’ll get a bunch of strange looking text. For example, my public key, in the format
output by GPG, is:

	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Version: GnuPG v1.4.6 (Darwin)

	mQGiBEibDXMRBAD7oZ5YmV9nbQWlFPTjZ2co+Uv/56TiltrTVOFwN1jIZyilliTx
	DTTy3TEWpVU1rXrn+fomXAsT86noGeOVRJM32brlPg2FqWnFCcViM17zevCFB71O
	P7hnQ62koW97J1qAj81Yf9jmBKvnrUoRVnatxQ9iUHsgp8az2mKOXXpp+wCg7Ocq
	0spdJYIRWE3VuvjEttYRjjkEAIHlWhR1gEMmIHGlOQzHEwawCOnzwrs/okGbB2Y8
	QRYTgYtNQfgYLiJioSBdpOltUnhb65dzAdtI3Pt0ZC/KjA/wYUz/9XcITIpi53cZ
	k+8wptVvVQCGAh437Uyig5aihNj6lqMAgSFXd934oE07JXtuUYMAUtKn2w9kRqHx
	Kd89BADFVWUUjhjZMzWQMgdAn2V+wIUW228DJ+emuJU26FIwbFx8njuqPZhUcc/p
	/Eqp//wpzb0JtKKQD9jbVSOrImZio1qrvuPzfTwRqL6aISqOKrczj+mF9sM6jWl2
	VGmW3BonLVPAVcwDsGHNguE6V7HjU6Orquo/sne471iUx+C5VLRFTWFyayBDLiBD
	aHUtQ2Fycm9sbCAoQXV0aG9yIG9mIEdvb2QgTWF0aC9CYWQgTWF0aCkgPG1hcmtj
	Y0BnbWFpbC5jb20+iGAEExECACAFAkibDXMCGwMGCwkIBwMCBBUCCAMEFgIDAQIe
	AQIXgAAKCRCWj+f7t+e20tu/AKDc5TBuArqFPX/AXxzLjHqURrNPDgCgqi82myYR
	XEpFYgNv8U3onWnNu0O5Ag0ESJsNfRAIAKmcIeIKPR7WpjMZ12zJP7T+W+9mrjld
	VMwSE/tP7Xn57mS02Whp5LCBOvwdDwZxMFHVxPOe4X7LI9zoV8vq8bcvItWkWJf4
	5deGD+ZQlz//7eS+5FojVUgekGWOksp1YW5QK9bmsGUxwuxkQ1n+yNpLfvQfMZnh
	0+D3TaFCjy5/D1fOJzCNAl14I9KHY6VlaQP8Du7PbXGsWB59cmE10Sjk3eekmkY7
	136fH2lx2MpYYzjO1ehDS2DFlClTTXe/LCqPUTxd1XFeYUJj+/mXXO6kAJ/pwEMs
	ROF2xYMjwoVUN2G0bYdRW60V3fhVha3iqBxr8m0GG3t31AJl1vAMNa8AAwUH/241
	L6c//yD6w6JLYsTZFAChFojELnTb1VlDm9Ms8bERQJEkyEgTaG5Dd3YPX0Gx7cJ4
	Ro3K7xwGezhtqTkRvkVjQHjaGN5obyxNjOU1WaxpvJOfM/HmHYv2ZmsWJZkZJDVF
	uEYgnya/q2g7Zntq75ainnej52PK+JuIymkeYGLqgSCoOHS5htnqxmBLc5RZsqN9
	NDp2Zryb7NmqadpvK5HKUQjF0fzvTBDE93FFHUKQnYJIxQGIOnw5eCVuYq0TByLW
	NJBaHFa/8BrK3Us9yN+78p3cqo0quutsPk0K4pM+fJiy+1ACn+AkiCRNcQ06lCs+
	n5V8hz3hMrII0kofUpOISQQYEQIACQUCSJsNfQIbDAAKCRCWj+f7t+e20pUWAJ9U
	kJEi9hGf+3CmxMsDg7ruVCZJBACgpnBkckB59dqxLM/wVtH2dc+hvl4=
	=E94S
	-----END PGP PUBLIC KEY BLOCK-----

Now with FireGPG installed, when you write email, you’ll get a set of option buttons in Gmail or Yahoo mail that will allow you to digitally sign or encrypt messages. What you need to do to make that useful is to get your public key where people can find it. There are a bunch of good ways to do that: publish it on your website, email it to people who you’d like to have it, and register it with a key server. There’s a very good, trusted key-server at MIT. Just paste that key text into
the submit box on the key-server, and your key will be registered. People you communicate with through FireGPG will be able to get your key from the MIT keyserver, as well as any server that MIT shares public keys with.

Protect yourself. Do this. Use it. Tell others to use it too.

Comments

  1. #1 Valhar2000
    August 7, 2008

    Do you know what corporatiosn (such as IBM) think about this? It seems to me that it ought to be a very hated piece of legislation that would gather a lot of opposition, so I suspect there must be some sort of loophole in the law that will allow “the right people” to avoid it.

  2. #2 No One of Consequence
    August 7, 2008

    What seems stupid to me is:
    1) you could easily email/FTP/http any encrypted file you want, so you wouldn’t need to store it on your laptop to get it across the borders
    2) for a criminal organization with any decent resources, it would very little work to mask the files so that they appear to be something else. For example, it wouldn’t be rocket science to create an encryption program that took a JPG/PNG of decent size and adjusted the colors to layer an encrypted file on top of it. As long as the source and destination had the original JPG to use as a key, you could write a program to adjust the colors based on the file you wanted to encrypt and to someone viewing the JPG as a JPG, nothing would be obviously wrong.

  3. #3 Alex
    August 7, 2008

    If you use TrueCrypt, the open-source disk encryption program, you can set up a hidden encrypted volume inside another encrypted volume. As the system fills all empty space in the crypto volume with nulls, the only outward difference is that if you mount it with one key, you get the first volume, and if you mount it with the other, you get the other, so you can hand over the key to volume 1 and they will be none the wiser.

    Obviously this requires you to stash a convincing number of files in the decoy volume.

  4. #4 Brett
    August 7, 2008

    “The solution to this is to make encryption much more common, so that it’s no longer so rare that it raises a flag.”

    No offense, but IMHO, that’s a bit naive. The border agents are there to snoop around and make sure you’re not transporting things like child porn across the border. Any and all encrypted materials will raise flags, no matter how common encryption is.

    The only solution, IMHO, is either hidden volumes, ala TrueCrypt, or steganography.

    Hidden volumns are an interesting trick. Remember, when encrypting something, the idea is to transform the text into something that looks more or less uniformly random. Now imagine you create two encrypted volumes, and then tack one on the end of the other. You now have something that looks like one large encrypted volume, even though there’s actually two. When grilled for encryption keys, you provide the key to the first, public volume, without revealing the key to the hidden volume. But because the two volumes look uniformly random, it will be impossible, as an outsider, to detect that there even *is* a hidden volume.

  5. #5 Flaky
    August 7, 2008

    It’s strange that encrypted email isn’t used more often. My perception is that most businesses don’t use email encryption by default, which is odd, since it wouldn’t make the use of email any more difficult. A nice added bonus of using encryption is digital signature, which, besides its usual use, could be used to virtually eliminate spam (at the expense of anonymity, which in a business environment is irrelevant anyway).

  6. #6 Mark C. Chu-Carroll
    August 7, 2008

    Brett:

    I’d argue that you’re the one being naive.

    The deal is, as more people adopt things like this, the goverment agencies are going to clue in. If people start using TrueCrypt, then if you have truecrypt installed, they’re going to learn to notice it.

    On the other hand, 5 out of 10 people carrying laptops have encrypted files, it’s simply not feasible for them to confiscate and decrypt all of them. They’re looking for ways of recognizing data that’s potentially interesting to them; by making encryption common, it will no longer be a meaningful marker.

  7. #7 Will
    August 7, 2008

    “The only solution, IMHO, is either hidden volumes, ala TrueCrypt, or steganography.”

    No offense, but IMHO, that’s very naive. Security through obscurity isn’t security at all. Not to mention there is good reason to not trust hidden volumes, ala TrueCrypt.

    Mark is right. The solution is to make encrypted files common place.

  8. #8 Dante
    August 7, 2008

    Proper export is with “gpg –export -a [ >public.txt ]”

  9. #9 Flaky
    August 7, 2008

    You could probably fool border agents by simply hiding a volume by removing it’s entry from the MBR. But there’s no way a hidden volume remains hidden if they get to analyze the visible volumes and conclude that there’s unaccounted for space on the drive. But professional criminals wouldn’t bother with such tricks anyway, they’d use the internet, set up/highjack a server somewhere and use ssh to copy files.

  10. #10 Kyle Lahnakoski
    August 7, 2008

    Can we use full drive encryption, add a long random password, and then smail-mail that password to my destination?

    I do not have the sophistication of IBM, so I can not force my laptop to be in a certain place for the password to work.

    Any suggestions?

  11. #11 Anonymous
    August 7, 2008

    “Security through obscurity isn’t security at all.”

    It’s not security through obscurity. It’s called deniability, and it’s a key feature of many cryptosystems.

    Besides, remember, we’re dealing with border guards, here. These people aren’t exactly technically literate. Can you break the deniability through sophisticated techniques? Sure. But I guarantee you, if you’re at the stage where law enforcement is employing such techniques, you’re already boned.

  12. #12 Will
    August 7, 2008

    “It’s not security through obscurity. It’s called deniability, and it’s a key feature of many cryptosystems.”

    I am well aware of the difference, but currently hidden volumes should not be trusted to provide deniability. Since there is good reason to not trust them for deniability, they should only be relied upon to provide obscurity.

    To assert that it is too difficult to get border guards to deal with technology isn’t very wise. Most of these types of weaknesses can be repackaged into point-and-click type systems. They may not fully break the system, but it would be easy to have a tool that flags a given hard drive as having a hidden volume. Sure if you do attract this level of law enforcement attention you are boned, but that is also side-stepping the main problem here. The current border policy is very broad and overly invasive. I, as a law abiding citizen, should not be forced to attempt to hide from the authorities who are ostensibly there to protect me and my country from harm. If one makes encryption technologies common this false idea that having encryption is criminal goes away.

    In my mind this policy stems from the bad argument of “Well if you are doing nothing wrong, what have you got to hide?”.

  13. #13 Aramael
    August 7, 2008

    My entire hard drive is encrypted. If I was ever asked for its password, I would certainly take my cue from the US Department of Justice: I don’t remember — it’s good enough for Alberto, it should be good enough for me.

  14. #14 Brett
    August 7, 2008

    Mark:

    Perhaps, but I’m still not convinced. You’d need a significant critical mass before the signal-to-noise ratio is high enough for law enforcement to stop bothering with investigating encrypted materials. And let’s face it, *most* people don’t understand the need to protect their privacy… heck, some might even think it’s a good idea that border guards are now digging into the content’s of people’s laptops (must… protect… children!).

    So, in principle, I would agree, if everyone used encryption, then the SNR would be so high that the government would be essentially screwed (well, until they passed a law requiring key escrow). I’m just not convinced you’d ever be able to get enough people onboard. *shrug*

  15. #15 wikinite
    August 7, 2008

    Any lawyers know if this law interferes with 5th amendment rights? If I have potentially incriminating encrytped files on my computer, and only I know the key then isn’t it the case that my being forced to relase that information incriminates myself?

  16. #16 Hank
    August 7, 2008

    Mark is right. The solution is to make encrypted files common place.

    Not to mention, and I’m really going out on a limb here, making privacy an issue that can make or break a candidate.

  17. #17 Brett
    August 7, 2008

    wikinite:

    That’s a fine question. For non-citizens, the answer is no. The government can basically do anything they want to you before admitting you to the country.

    If you *are* a US citizen, well… let’s just say I’ll be very interested to see if this goes to court, because it certainly strikes me as unreasonable search or seizure.

  18. #18 Mark C. Chu-Carroll
    August 7, 2008

    Kyle:

    If you’re trying to make it impossible for border agents/anyone else to confiscate your information by confiscating your computer, the only truly safe way of doing it is to not have the information on the computer.

    If you have encrypted files stored someone on the net, and you don’t have any cookies, browser history, or records pointing at them on the computer, then they can do anything they want to the computer, and they can’t get to the files.

    That is, in essence, the trick that IBM used with some of the stuff on the laptop I had when I was there. Basically I had stuff in my email which were the Lotus Notes equivalent of links to an encrypted document. (But being the horrifying ugly monstrosity that is lotus notes, the links themselves were encrypted, and could only be decrypted by the Notes server.) So there was an ugly encrypted looking thing sitting in the email, but it’s not really the data – just a link to it. And of course, there was the lotus notes database file, which was encrypted, and the Lotus Notes ID file, which was encrypted. The database was encrypted using a key hidden in the ID file, and I have no idea how the ID file was encrypted.

    Now, I haven’t traveled internationally for work since I went to Google, but the way that I currently work is by using a Macbook as a glorified Xterminal to connect to my Google server. I’ve got pretty much *nothing* work-related on my laptop, except for the software that lets me connect to Google’s VPN. My work is on a linux box under my desk, my documents are in Google Docs, my email is at gmail, etc. Take my laptop? I’ll be damned annoyed, because I’ve got 40-odd gigabytes of music, which will take *forever* to recover from backups. But there’s nothing revealing, either personally or about my job.

    That’s not because I’m paranoid, because I didn’t set it up that way deliberately. But in light of the way that the legal atmosphere in the US has been changing, I’m very glad that it is set up that way, and I encourage other folks to do the same as much as possible: encrypt everything, and don’t keep anything on a portable computer unless you don’t mind other people being able to look at it.

  19. #19 Scote
    August 7, 2008

    If you think making encryption more common is the solution then you should lobby your employer to incorporate encryption into GMail, not just https. While educating people is useful, convenience and utility is extremely critical to adoption.

  20. #20 Mark C. Chu-Carroll
    August 7, 2008

    Brett:

    The S-to-N doesn’t need to be *that* large before it starts becoming a serious problem for the border folks. Just a change from one person with encryption crossing a border to 10 people with encryption crossing is enough to start making an impact. The nature of the border system is that there’s a *huge* number of people passing through, and they’ve got very little time per person. Increase the number of people crossing with encrypted data by a factor of ten – even if it’s still just one person in 100 carrying a laptop – it becomes useless for them to screen that way.

  21. #21 Flaky
    August 7, 2008

    @wikinite:
    Apparently a federal judge has ruled that you can’t be forced to give up your encryption key:
    http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282

    I doubt that this will prevent you from getting arrested at the border though. An who knows, the DOJ might decide that your encrypted data might be full of Al-Qaida secrets and call you an enemy combatant, giving you a one-way ticket to Gitmo.

  22. #22 Will
    August 7, 2008

    “Any lawyers know if this law interferes with 5th amendment rights?”

    IANAL, but the 9th circuit recently ruled the 4th amendment does not apply to border crossings.

  23. #23 Brett
    August 7, 2008

    Mark:

    I’ll bet they’d only inspect 1 laptop in 100 *now*, given the sheer volume of people crossing the border… so if you’ve got a 1 in 100 chance that they’ll open you’re laptop, and only a 1 in 100 chance that it’ll contain encrypted contents, I disagree, the SnR just isn’t high enough (unless, there’s a correlation between those laptops they inspect, and those that use encryption… and I concede, such a correlation may exist).

    Personally, I’m betting you’d need at least 1 in 10 people using encryption, and that strikes me as a pretty tall order, given that 1 in 10 people probably don’t even realize the government has started searching laptops for illegal materials, and if they do, they probably don’t see the problem with it (“I don’t have any child porn on my laptop, so why should I care?”).

  24. #24 Brett
    August 7, 2008

    Incidentally, I may have gotten my math totally wrong there, so feel free to correct me if I’m wrong… there’s a reason I read your blog. :)

  25. #25 Charles
    August 7, 2008

    Can I also add the suggestion that disk wiping software use becomes more common as well?

  26. #26 Matt Springer
    August 7, 2008

    I concur with the several recomendations of TrueCrypt. Its use of individual files as containers means an encrypted file won’t stand out any more conspicuously than a pile of complicated Excel (or whatever) data. In any case for the moment you’re not legally obligated to give your password to any US federal agent, and you certainly shouldn’t in any case. And for heaven’s sake use a good password. Mine is a 12 character random-letter-and-number password, and that’s probably the absolute bare minimum.

    In any case it’s very troubling that data can be searched with impunity. You can’t smuggle anything in the bits of a hard disk that can’t be “smuggled” out as an encrypted email in the first place.

  27. #27 Lassi Hippeläinen
    August 7, 2008

    You’ve got it all wrong.

    Do not travel across the US border with a laptop. Prearrange a laptop on location, with a clean install. Use the company intranet (based on VPNs) to download your files to it. The rule (which isn’t new, only newly published) makes travel lighter.

    Unless you work for a non-international corporation, like Halliborton…

  28. #28 Sili
    August 7, 2008

    Is there a similar simple solution for Opera?

    I looked around for it a while back, but have neither the expertise nor patience to find it.

  29. #29 Eric Gunnerson
    August 7, 2008

    International corporations hate this. Lawyers who work international cases especially hate this, because it may end up disclosing information that they are legally required not to disclose.

  30. #30 le.gail.savant
    August 7, 2008

    The really disturbing thing about all this is, neither the posting nor any of the comments seem to approach this as a matter of bad policy and misuse of government resources. Of course this kind of random search overwhelmingly causes problems for normal, innocent people, not wrongdoers. As soon as word got out about these searches, anyone who has something really bad to transport does it over the Internet so there’s nothing to incriminate on his or her laptop. Perhaps the agents caught some wrongdoer with child porn or something when the program started, but I’ll be not recently. But, how do we regard this waste of resources and infringement on personal liberty? We look for a technological fix, or try to find a court to enforce our rights (fat chance). Where’s the political uproar? Why don’t our representatives step in and pass laws to require border agents to respect our rights and use their limited resources in more sensible ways to target situations where there’s actual evidence of wrongdoing? I think it’s because we’re becoming used to the sort of government that does not represent us, where legislators are in the pocket of the wealthy and the executive branch is an instrument of social control not meeting public needs. But, if we work on technical solutions while the government works on social control, who will win the contest?

  31. #31 Mark C. Chu-Carroll
    August 7, 2008

    Re: #30

    I’m enough of a cynic that I don’t even bother to make arguments about whether something insane that law enforcement does is good policy or good use of resources. Because looked
    at from that angle, a huge portion of everything done by police/border agents/federal agents is deeply offensive, morally unacceptable, and a waste of time and money even if it were morally OK.

    But that’s not going to change. Because in the US, we have two political parties. One of them is the authoritarian loonies, who pretty much think that anything the government wants to do to protect them is just peachy. And the other party is a bunch of wretched cowards who’ll never stand up for an issue like this, because they’re afraid that the other guys will accuse them of coddling criminals.

    The only way to fix things like this is from the bottom up: throw a wrench into the works so that it not only doesn’t accomplish anything, but it makes the work of the people engaging in the unacceptable behavior so miserable that they’ll stop doing it.

    If they’re constantly getting stuck trying to dig out every piece of encrypted information, only to discover that it’s pretty much all on the level of email to grandma, boring blog posts, and bureaucratic rubbish, they’re going to get sick of it, and soon enough, they’ll give up because it’s futile. Not because they think they’re doing anything wrong, but just because it’s *boring*.

  32. #32 Anonymous
    August 7, 2008

    Re: #31. No, it only looks like we have two separate parties. But by the way they vote, they are statistically indistinguishable.

    Anything else I agree with.

  33. #33 Paul Murray
    August 7, 2008

    “an encryption program that took a JPG/PNG of decent size and adjusted the colors to layer an encrypted file on top of it”

    Wiki or google “Steganography”

  34. #34 Paul Murray
    August 7, 2008

    “It’s strange that encrypted email isn’t used more often.”

    Heck – it’s strange that mail isn’t signed more often. If I had my way, the outgoing mail server of every big company and government dept would stamp outgoing mail with a certificate.

    Furthermore: I’d give everyone in the organisation two email accounts: official and non-official. Let’s face it: people exchange personal emails. The official one would be crypto stamped and archived forever. The non-official one would not be, but there’d be strict limits on attachments and length, and a boiler plate disclaimer added to the end.

  35. #35 Chad
    August 8, 2008

    Border Agent: What is your encryption key?
    You: I do not recall.
    Border Agent: I said, what is your encryption key?!?!?
    You: To the best of my recollection, I do not recall.

  36. #36 Ian
    August 8, 2008

    Good info. Thanks!

  37. #37 Uncle Al
    August 8, 2008

    FEDEX everyting of importance and board the plane in lime green satin hot pants (terrorist data having been tattooed in UV ink upon the inner wall of your rectum, hidden beneath a dental crown, encrypted in the DNA of cultured white blood cells, laser microprinted upon your thumbnail… or written upon the far end of your 8 GB flash drive then removed from memory allocation).

    Homeland Severity could not catch a cold.

    Every French household worth robbing had a Father Confessor pronouncing on matters of faith. The US has about 3 million incarcerated felons. Induct them into Homeland Severity and board them in productive households “to protect America at the grassroots level”. Freedom is compliance. Compliance requires surveillance. The protected must pay for their protection. The Mafia has a business model.

  38. #38 George
    August 8, 2008

    It seems to me, the better answer is to change the procedures. This is our border control, we need changes. In the mean time, I carry very little sensitive data across the border. I may take it with me, but I purge it. It is s simple matter to restore it.

    I ususally have a few new things created on the trip that I could not drop back at work. But its incremental and not much.

  39. #39 Mark C. Chu-Carroll
    August 8, 2008

    George:

    I agree with you in theory. But as I said in #31, I don’t believe that in the current political climate that anyone in power is going to stand up and say “we need to change this”. They’re all either authoritarian enough that they don’t like people keeping secrets from the government, or they’re too afraid of someone claiming that “they’re trying to protect the terrorists/criminals. The procedures aren’t going to change on the basis of what’s right and wrong, or even what’s useful/not useful. The only way the procedure is going to change is if *we* make it unpleasant enough for the border agents to follow the current procedure that they change it for their own convenience.

  40. #40 Daithi
    August 8, 2008

    I can’t tell you how much I hate receiving an encrypted email. It is a pain in the ass when compared to a regular email that I just open up and read.

    I also don’t bother going through the hassle to encrypt anything on my PCs, because I don’t want to spend the time installing the software; I don’t want to risk corrupting a drive and losing my documents; I don’t want to risk degrading my computers performance; I don’t want to worry about forgetting passwords; I don’t want the hassle.

    The thought of my mom installing and using encryption software is LOL funny. I think you are going to have a hard time convincing any where near 50% of the population to start using encryption.

  41. #41 Chris Lomont
    August 8, 2008

    To those suggesting TrueCrypt or similar to make hidden volumes: these hidden volumes are easy to detect. On an unencrypted machine, the slack space (space on the disk not used currently by files) is not random, but often consists of old files, which have detectable entropy bias and readable data. So when you encrypt a drive, this slack space has very random seeming content, so much so that it is easily detectable as encrypted.

    Cut to the plausible deniability options with a fake volume and a second, hidden volume. Once the first is opened to show the border guards that your machine has nothing bad on it, all they have to do is run an entropy test on the rest of the drive and they will detect that there is a lot of encrypted space still on the drive. Although this does not prove the space is a second encrypted partition in the mathematical sense, it should be enough evidence for them to detain you if they really wanted to. And a court might support them in this case.

    Of course in real life they are not that smart or sophisticated. But if you’re really trying to hide information using the plausible deniability features of these tools is *not* a good solution. They are easy to detect.

    I am unaware of any solution to this problem, since common files on a machine are very structured compared to encrypted files. Steganography might help (encrypt data, then hide data in allowable data like mp3s, images, movies, etc).

    I have a paper coming out soon with a pretty neat place to hide data that is currently not checked by any tools I have heard about, but of course once the paper is out these spaces will no longer be safe either :)

    Good luck all.

  42. #42 rolltimer
    August 8, 2008

    @Mark

    ohhhh… “40-odd gigabytes of music” on your laptop that the border guards just seized. Just a few innocent downloads, huh? RIAA might be standing by to deal with that.

    I like what someone else suggested. Remove the hard drive and fed-x it to your destination. Replace with hard drive containing only a basic operating system. Nothing else. When you get to your destination, swap drives.

  43. #43 Mark C. Chu-Carroll
    August 8, 2008

    rolltimer:

    As it happens, that entire 40-odd gigabytes of music is legal. Seriously, there’s not a single track on my laptop that isn’t either free or legally purchased.

    I’ve had enough friends and family in the music business to understand how hard it is to even break even making music; and I’m paid well enough to be able to afford to buy music when I want to. I’ve downloaded things or swapped files with friends to hear what something sounded like, but if I like it, I buy it.

    Now, it’s true that the RIAA claims that when I rip one of my CDs so that I can listen to it on my iPod, that I’m pirating music. But that’s an argument that they’ve never even had the chutzpah to make in court.

  44. #44 mike
    August 9, 2008

    I was grounded by my parents for ‘breaking the internet’ when a browser upgrade changed the homepage off the e-mail provider. Good luck teaching my parents to encrypt their data.

  45. #45 Jérôme ^
    August 9, 2008

    You’re totally right, burying them under our mass is the only tactic we’ve got right now. (I’m still worried that we’re on the losing side of Moore’s law however).

    And, for the same reason, I encourage everybody to auto-add spooky Echelon keywords to the headers of each mail they send out. I’ve got a trivial vim script that adds things like
    X-Boo: botulinum imperialistic bomb Hezbollah Hamas
    to each outgoing mail.

  46. #46 Kaleberg
    August 9, 2008

    So, has DHS been confiscating iPods? While you might not want to run off your iPod in general it makes a good place to hold your private data, ideally encrypted. You can also use it to store and play your music and lots of other stuff.

  47. #47 Jud
    August 10, 2008

    Mark, I doubt your recommendation will work. You are making an assumption not supported by the evidence, i.e., that the folks working for the government will act out of a sincere desire to get data off your computer.

    Confiscating your laptop is something the TSA can do with impunity simply because They Don’t Like the Cut of Your Jib. Actually getting information off the confiscated machine is then Someone Else’s Job. So high percentages of folks with encrypted information really won’t bother the TSA.

    Think of the percentage of folks who don’t like Bush. They make up something like 71% or more of the U.S. voting-age population at this point. So a dislike of Bush isn’t an indicator of anything. But how long do you think it would take the TSA to confiscate your laptop after a few choice remarks on your part about El Jefe?

    But the info on encryption is interesting, so please go ahead with it anyway.

  48. #48 CCPhysicist
    August 11, 2008

    As an academic, I know that it would be a violation of federal law (FERPA) to provide someone access to a student’s grades. A legitimate law enforcement request needs to go through the university, not me. So, in addition to being anti-competitive in a knowledge economy, it is inconsistent with other laws.

    PS – I’m sure NSA would love to have you e-mail the files to their computer. Gives them something to do on weekends.

  49. #49 apk
    August 12, 2008

    Remember, folks: these Border Agents are technically not on United States soil. Don’t get all nitpicky with grand notions of constitutional rights. As things stand right now, such notions do not apply.

  50. #50 WotWot
    August 13, 2008

    I only have minor personal info on my comp, and do not cross borders with it, so this problem has no immediate impact on me. But I hate governments having this much arbitrary power, it is seriously scary stuff.

    Set up your parents macintosh to use FileVault.

    Don’t know why, but the general opinion among the Mac tech heads is that FileVault is a pain to use, and I don’t know anybody who uses it. They all seem to use specific encrypted disk images (created with Disk Utility), or similar.

    Anyway, if you have such encryption, it is obvious, and all they have to do is demand the password from you. For encryption swamping to work, then you must have the right to refuse to hand over passwords, thus forcing them to crack it using brute force. It is either that or you must be able to hide an encrypted volume properly.

    Chris @ 41

    Cut to the plausible deniability options with a fake volume and a second, hidden volume. Once the first is opened to show the border guards that your machine has nothing bad on it, all they have to do is run an entropy test on the rest of the drive and they will detect that there is a lot of encrypted space still on the drive. Although this does not prove the space is a second encrypted partition in the mathematical sense, it should be enough evidence for them to detain you if they really wanted to.

    Presumably you could use a program that writes random data to all unused drive space. That would make it extremely difficult for them to prove some of it was a (properly) hidden encrypted volume, which would give you strong plausible deniability.

  51. #51 Odysseus
    August 13, 2008

    To get a copy of your public key to send to other people, go to the command line, and run “gpg -export -a”.

    Sorry, but shouldn’t it be “gpg –export -a”? At least my shell won’t accept the single hyphen.
    I really hate being that picky. Good post, more of this!

  52. #52 MrPeach
    August 19, 2008

    I’m just going to encrypt with the password “fuck you asshole” ^_^

The site is currently under maintenance and will be back shortly. New comments have been disabled during this time, please check back soon.