US border agents can search your hard drive
A US court has ruled that border agents can search your laptop or other electronic devices when you enter the country. This is not unique to the US since many countries have a similar policy.
If you are selected for this search, they may download the entire contents of your hard drive. There have been reports that people have been questioned about the websites they have visited.
Encrypting your hard drive with Full Disk Encryption (FDE) won’t work. They will simply ask you to type in your password. Although a California court has ruled that you can ‘plead the fifth’ and not give them your password, they can ruin your day for doing so. They are perfectly within their rights to detain you or refuse you entry into the country. Besides, software is available that can test hundreds of thousands of passwords per second. This software recovers 24% of all passwords within a couple seconds.
What can you do?
You have 3 options here:
- Clean your hard drive
You can simply shred all the important data from your hard drive and then shred the free space. This process is called forensically cleaning your computer. If you have nothing on your computer, the border boys can look all they want. Of course this solution may defeat the purpose of traveling with a laptop in the first place.
If you have access to a secure network when you reach your destination, you can get your data after you have passed through customs. However, you will have to forensically clean the hard drive again when you return.
This is your best defense, but it is time consuming, cumbersome, and may require you to learn how to clean a hard drive.
- Hide the data
Some file vaults or FDE programs will allow you to render the icon linking you to your data to be invisible to Windows. What they don’t see, they can’t ask you about. Unfortunately, there is a simple way around this solution. If they boot up your computer using a Unix boot disk, which is faster than a Windows boot up, it all becomes visible again.
- Don’t travel with your encryption key
With APO file encryption, because you can keep your key anywhere, simply leave the key behind and have it e-mailed to you when you arrive. You could even keep the key archived in your gmail or Yahoo account. When you are asked to decrypt your files, you can honestly answer that you cannot, because you do not have the key.