Still wondering whether TrueCrypt will get an actively-maintained successor.
Uh, “will get”? There already are some available.
My question has always been what if the privacy I’m trying to protect at a border isn’t mine. In my case, I do public health research usually involving people who do illegal things (eg drug users). As a consequence, my university-owned laptop (with full disk encryption among other things) has research participant data on it, some of which could conceivably link individual people to specific crimes. Within the US, these data are protected by HIPAA and a Federal Certificate of Confidentiality (which allows researchers to refuse to disclose identifiable research information in response to legal demands). However, if I’m crossing into the US and a border guard demands the passphrase to decrypt it, then what? In practice, I’d probably just point out the laptop is owned by my institution and has protected data on it, and tell them I won’t give up the passphrase until told to do so by the institution’s lawyers. And resign myself to spending the next few hours or days in a lockup while the lawyers sort it out. Not an experiment I actually want to conduct…
They actually give you the password? If for whatever reason my work machine won’t boot past the encryption phase it is hosed. I imagine they have them stored somewhere but we don’t get the password. Mind you if for whatever reason I had to travel outside 'murrica I would be given a fresh machine with no data and not be allowed to store any local data on it. So barring it getting taken by surprise while it was on and I am logged in, if not good luck cause to log in you have to have not just the password but my chipped badge as well.
Don’t forget, that “border” zone extends 100 miles inland.
And 100 miles from any international airport as well. Yeah they got a lot of land covered.
It’s kind of hard to use the laptop without it. I want to share two of the most effective tools I know of to keep other eyes off your data (Edit: not always used on the data):
A bit more subtle is a combo of a Torx screwdriver and a sheet of sandpaper.
Also effective at finding out passwords…
I so want to create an encrypted honeypot for all my spook buddies to try and hack that just so happens to include a zero-day cryptolocker payload.
Bruce Schneier, as a thought experiment, developed some procedures to be able to cross national borders and still have access to secrets.
As well, this scenario was part of TrueCrypt’s design.
I’ll try to locate the info and update.
TIL that my entire state is a “border”.
This topic was automatically closed after 5 days. New replies are no longer allowed.
