As you’ve probably heard, the US customs service has, recently, asserted the right to confiscate any and all computers and/or digital storage carried by anyone crossing the US border. They further assert
the right to demand all passwords, encryption keys, etc., from
the owners. They even further assert the right to keep or make copies of any data that they find, and to share it without limit with anyone they choose.
I don’t think I really need to stress how insane this is. Back
when I worked for IBM, I frequently travelled to Canada, because I
worked with development labs in Toronto and Ottawa. When I did that, I
carried a computer full of stuff that IBM considered to be highly
confidential and highly sensitive. (I’ve even still got a wall-plaque
from IBM thanking for me work on a project, where I’m not allowed to
ever tell anyone what I did to earn it!) What this policy
says is that the border service would have the right to turn that
information over to anyone they wanted, without informing me
or IBM that they had done so. Further, some of the information on that
laptop was encrypted, and I did not have the key. They were
encrypted with a system that would only allow them to be opened if the
computer could contact a particular IBM server from inside the IBM
firewall. So not only could the border service have confiscated the
computer and passed on confidential or private information – but they
could have arrested me for refusing to decrypt the information on the
computer – even though I couldn’t decrypt it.
This isn’t new news. They’ve been doing this for a while, and we know they’ve been doing it – they’ve made absolutely no attempt to
The reason that I’m writing about it now is because I just read
something on Salon about how an allegedly knowledgeable and tech-savvy
person recommends coping with this, and I can’t possible disagree more
strongly. On the Salon Machinist blog, Denise Caruso wrote:
Swire notes that agents at the border are going further than just
taking image copies of people’s hard drives. They’re actually
demanding passwords and encryption keys so they can examine the
Of course, they promise to destroy the copies and the keys as soon
as they’re done — as long as they don’t find anything illegal, like a
downloaded song you didn’t pay for — so no security worries there,
right? There’s no such thing as a crooked customs or Border Patrol
This gives government agents access to information they would
never get by opening up your suitcase. In addition to e-mail,
spreadsheets, documents and personal financial information like credit
card receipts and photos, nowadays they can also listen to your stored
Skype calls and voice mails.
Not to mention that just having encrypted data on your hard drive
causes suspicion, or at least throws down the gauntlet. If you were
looking for illegal stuff and you ran into a file that looked like
this,qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv z/9Ak4 /OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
wouldn’t you immediately need to know what it said? It could be a conspiracy! It could be a list of child pornographers! It could be a copyrighted magazine article! It could be a bootleg Led Zepplin video!
So I figure the best solution is to encode your files rather than
encrypt them, so that you could hide your stuff in plain sight. If
agents don’t know something is encrypted and it looks innocuous, they
won’t compel you to give them the key. “Here’s your laptop, ma’am.
Sorry for the inconvenience.”
That’s the wrong answer. The solution isn’t to try to hide the
fact that you’re taking your own/your employer’s privace seriously. The answer is to make encryption so absolutely routine that (A) finding encrypted files on a computer is so common and routine that it can’t be used as a distinguishing characteristic to allow them to justify confiscating your computer, and (B) to make it so incredibly painful and laborious for them to get any data off of a computer that they give up.
The first part of instructions for how to do this are below.
This connects back to something that I said in my review of Cory Doctorow’s book, “Little Brother”. In that book, Cory wrote about
the idea of histogramming. The idea of histogramming centers on
recognizing patterns in data, even when you can’t see what actual
information it contains. For example, if only 1/10th of one percent of all data on a typical person’s computer is encrypted; that non-criminals who frequently encrypt files are uncommon; and that on average, criminals have 50% of the data on their computer encrypted, then finding a computer that has 50% of its information encrypted raises a flag: there’s something unusual here that suggests that
the information on here might be related to a criminal activity.
The solution to this is to make encryption much more common, so that it’s no longer so rare that it raises a flag. In the novel, Cory wimped out, and had his protagonist’s best friend be the chief programmer at the most popular ISP in the city, and had them change the ISPs code in a way that transparently made everyone’s computers
encrypt all of the traffic going onto the network. In real life, it’s
not so easy. Technosavvy folks can’t wave a magic wand and make people start encrypting their data.
What we can do is start encrypting our data, and when we teach people to use computers, just set them up so that they’re using encryption. Set up your parents macintosh to use FileVault. Set up
your windows box to use an encrypted filesystem. Use PGP. Put passwords on your important documents. Just make the little bit of effort to use reasonable encryption on a routine basis.
For my part, I’m going to write a bunch of articles on encryption: some on algorithms and how encryption works; some on how to set up things like PGP.
For starters, here’s how I set up GPG support in Firefox on my mac. GPG is an open-source encryption system. It’s important that it’s open-source: as you’ll see in later posts, one critical thing about encryption is making sure that no one could have hidden anything in the encryption layer between you and the people you want to talk to. A verifiable open-source system can provide reasonable assurances that there’s nothing hiding in the code, because anyone can see it, and it would inevitably be noticed.
Using GPG with firefox is quite easy: there’s a firefox plugin called FireGPG, which you can download at http://getfiregpg.org. You’ll notice that there’s something on that page labeled “MD5″; that’s a signature, which you can use to verify that no one is substituting a different version of FireGPG to listen in on you. I’m not going to go into how to check that today; for now, we’ll assume that we can trust FireGPG. If you want to be really careful, you can look up MD5, and check the download before installing it. Eventually, I’ll get aronud to showing you how to do that, but I want to ease into it. And one of the most basic facts of cryptography is that all communication ultimately relies on some degree of trust: so find a network that you can trust, and download and install GPG: There’s a link on the FireGPG site that tells you how to install GPG. Do that, and then run the FireGPG installer.
Once GPG is installed, you need to set up keys. To create a key, open the terminal/shell application, and do “gpg –gen-key”. There are some decent instructions about details of making a good, secure key in the GPG docs. I used the default options for key generation: it’s a DSA/Elgamal 2048 bit key without expiration.
What you’ve got now is a set of keys that you can use to securely communicate with other people, as well as to safely encrypt documents.
For communicating, you’ve got a key-pair: that is, a set of two keys. One of them, called the public key, you give to other people freely; the other, called the private key, you keep absolutely secret.
To get a copy of your public key to send to other people, go to the command line, and run “gpg -export -a”. You’ll get a bunch of strange looking text. For example, my public key, in the format
output by GPG, is:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (Darwin) mQGiBEibDXMRBAD7oZ5YmV9nbQWlFPTjZ2co+Uv/56TiltrTVOFwN1jIZyilliTx DTTy3TEWpVU1rXrn+fomXAsT86noGeOVRJM32brlPg2FqWnFCcViM17zevCFB71O P7hnQ62koW97J1qAj81Yf9jmBKvnrUoRVnatxQ9iUHsgp8az2mKOXXpp+wCg7Ocq 0spdJYIRWE3VuvjEttYRjjkEAIHlWhR1gEMmIHGlOQzHEwawCOnzwrs/okGbB2Y8 QRYTgYtNQfgYLiJioSBdpOltUnhb65dzAdtI3Pt0ZC/KjA/wYUz/9XcITIpi53cZ k+8wptVvVQCGAh437Uyig5aihNj6lqMAgSFXd934oE07JXtuUYMAUtKn2w9kRqHx Kd89BADFVWUUjhjZMzWQMgdAn2V+wIUW228DJ+emuJU26FIwbFx8njuqPZhUcc/p /Eqp//wpzb0JtKKQD9jbVSOrImZio1qrvuPzfTwRqL6aISqOKrczj+mF9sM6jWl2 VGmW3BonLVPAVcwDsGHNguE6V7HjU6Orquo/sne471iUx+C5VLRFTWFyayBDLiBD aHUtQ2Fycm9sbCAoQXV0aG9yIG9mIEdvb2QgTWF0aC9CYWQgTWF0aCkgPG1hcmtj Y0BnbWFpbC5jb20+iGAEExECACAFAkibDXMCGwMGCwkIBwMCBBUCCAMEFgIDAQIe AQIXgAAKCRCWj+f7t+e20tu/AKDc5TBuArqFPX/AXxzLjHqURrNPDgCgqi82myYR XEpFYgNv8U3onWnNu0O5Ag0ESJsNfRAIAKmcIeIKPR7WpjMZ12zJP7T+W+9mrjld VMwSE/tP7Xn57mS02Whp5LCBOvwdDwZxMFHVxPOe4X7LI9zoV8vq8bcvItWkWJf4 5deGD+ZQlz//7eS+5FojVUgekGWOksp1YW5QK9bmsGUxwuxkQ1n+yNpLfvQfMZnh 0+D3TaFCjy5/D1fOJzCNAl14I9KHY6VlaQP8Du7PbXGsWB59cmE10Sjk3eekmkY7 136fH2lx2MpYYzjO1ehDS2DFlClTTXe/LCqPUTxd1XFeYUJj+/mXXO6kAJ/pwEMs ROF2xYMjwoVUN2G0bYdRW60V3fhVha3iqBxr8m0GG3t31AJl1vAMNa8AAwUH/241 L6c//yD6w6JLYsTZFAChFojELnTb1VlDm9Ms8bERQJEkyEgTaG5Dd3YPX0Gx7cJ4 Ro3K7xwGezhtqTkRvkVjQHjaGN5obyxNjOU1WaxpvJOfM/HmHYv2ZmsWJZkZJDVF uEYgnya/q2g7Zntq75ainnej52PK+JuIymkeYGLqgSCoOHS5htnqxmBLc5RZsqN9 NDp2Zryb7NmqadpvK5HKUQjF0fzvTBDE93FFHUKQnYJIxQGIOnw5eCVuYq0TByLW NJBaHFa/8BrK3Us9yN+78p3cqo0quutsPk0K4pM+fJiy+1ACn+AkiCRNcQ06lCs+ n5V8hz3hMrII0kofUpOISQQYEQIACQUCSJsNfQIbDAAKCRCWj+f7t+e20pUWAJ9U kJEi9hGf+3CmxMsDg7ruVCZJBACgpnBkckB59dqxLM/wVtH2dc+hvl4= =E94S -----END PGP PUBLIC KEY BLOCK-----
Now with FireGPG installed, when you write email, you’ll get a set of option buttons in Gmail or Yahoo mail that will allow you to digitally sign or encrypt messages. What you need to do to make that useful is to get your public key where people can find it. There are a bunch of good ways to do that: publish it on your website, email it to people who you’d like to have it, and register it with a key server. There’s a very good, trusted key-server at MIT. Just paste that key text into
the submit box on the key-server, and your key will be registered. People you communicate with through FireGPG will be able to get your key from the MIT keyserver, as well as any server that MIT shares public keys with.
Protect yourself. Do this. Use it. Tell others to use it too.