Before we start encrypting and encoding, how is the search itself legal?

ACLU, where are you?

Why not just leave it on a server you can access on the other side? Something like Google Docs, for instance?

If you're going to have internet access on the other side of the border, it's probably best just to bring an empty laptop across and use it as a dumb terminal.

Excellent advice to leave sensitive material on a server and access it remotely. How about an explanation of how exactly to accomplish it without inadvertently creating a security flaw?

what I don't know is a lot. You just made it a little less. Not good news but my friend who has been living in Europe for the last 2 years might want to know this as he returns home.

Feels like the walls are moving in.

Laptop seizures at customs raise outcry

Complaints from travelers and privacy advocates have spurred lawmakers to challenge the policy of random inspections.

http://www.latimes.com/business/la-fi-laptops26-2008jun26%2c0%2c4415017.story

Opening Statement of US Senator Russ Feingold

Hearing on 'Laptop Searches and Other Violations of Privacy Faced by Americans Returning From Overseas Travel'

http://www.commondreams.org/news2008/0625-01.htm

Protecting Yourself From Suspicionless Searches While Traveling

http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t

The "leave everything encrypted on a server and then access remotely" solution has its problems as well, since, at least in theory, any electronic communication from inside the country to outside the country is surveillable. I guess the difference is that a) you don't subject nearly so many documents to scrutiny and b) whatever you do access remotely is crossing the wires along with a lot of other data.

One important thing to learn, however, if you're going to access your info via a server is to install and use ssh. I don't think the government could, much less would, try to decrypt every single ssh packet that crosses the wire. There are too many legitimate uses of ssh.

Hi Elydog - as far as I can tell, the search is legal in the same way that customs has the right to go through your suitcase to check for contraband whenever you cross a border. Lots of people are making noise about how the analogy doesn't hold, but whether they make any headway with their arguments in the present environment is debatable at best.

Hi Greg,

I don't know the technical aspects of how to do it, but it's not unknown. Any kind of network connection is a security risk, but I guess that risk has to be balanced against the possibility of a random laptop seizure and its potential ramifications for each individual. Someone will do the cost benefit analysis on that, but I haven't seen it yet.

Good tools for encryption and security:

http://www.truecrypt.org/

http://www.schneier.com/essay-199.html

I agree that the only reasonable workaround is not to carry data across a border. Encryption is not only unsafe but, given the paranoid nature of these authorities, likely to make matters much worse (something that privacy and security experts have warned about for years).

However, Americans should ask themselves why other countries don't find it necessary to do this. Why is America special? And why is the US content to mutate into the same kind of authoritarian state that it traditionally despised?

As more mundane measures at home, given the widespread wiretapping going on in the US, I advise secure proxies for web browsing (such as the excellent OpenVPN, although there are anonymising systems like Tor), and GPG for sensitive email.

http://openvpn.net/

http://www.torproject.org/

http://www.gnupg.org/

Also, as other posters have mentioned,

http://www.truecrypt.org/ for disk encryption

Although, I would repeat, I don't think that disk encryption should make anyone comfortable crossing a border.

I am required to. It's MILSPEC rigorous so it's fairly hard to break.

Note also that they can and DO take USB drives, cameras, other recording devices and/or all the removable media in them like SD and CF cards. Most of those devices have no capacity to encrypt so you're basically screwed. Unless of course you dump everything to an encrypted hard drive and wipe them out.

If they really want to see they can eventually break most encryption, the question is how much time do that expect to take. Moreover 'they' can scan the media itself with spectroscopy and magnetometer tools to recover bits from deleted media if they really really want to. That does destroy the media though.

BTW Federal law enforcement agency desktop computers are more and more often installed with hardware failsafes that one-way encrypt or lock down hard drives if either the power is disconnected or, the cabinet is opened. Reverting this takes shipping the box to some tech services center who 'fix' and send it back. Harder to do, much harder with laptops so one way to address that is what's called destructive booting. Establish a 'panic' password to the drive and when its used, it flags system to start a 7 pass diskwipe program that trashes the disk. Another neat trick is to fire off a simple command to the hardware that shuts off all fans and then runs an embedded burn in program in firmware which, if unattended, will eventually fry or melt some part of the machine, might even start a fire. Back in the day drives were made with the ability to force park crash the heads into the drive platters thereby ruining large parts of the disk surface and wrecking the mechanics. That's almost impossible to do now w/o writing your own drive firmware.

I go in and out of the US for work on a regular basis. For about the past 2 years I have been doing a full hard-drive encryption with TrueCrypt (similar to PGP, but open source, and in my opinion just as effective). That secures all the data if the laptop is lost, and then I FedEx it to myself on the other side. Keeps it away from the TSA's prying eyes and also helpful because it lessens the luggage I have to carry around.