Friday, 16 May 2008

travel advice

Taking your laptop into the US? Be sure to hide all your data first (Guardian, Thursday May 15 2008)

In fact, why only do this when travelling?

Many search warrants in the UK are granted by magistrates. As a rule, magistrates are incompetent twats, who receive an impressive six days of training before being allowed to throw people in jail and order the violation of the sanctity of someone's home. Consequently, any turd in a suit, for example a TV licence inspector, can convince a magistrate to issue a search warrant, on the basis of the fuzzy concept 'reasonable grounds'. During the search, computer equipment may be confiscated and subjected to computer forensics.

(By the way, Britain is really the odd one out in Europe. For example, no search warrant would ever be issued in Germany for the trifling matter of TV licences.)

For a minority of us, our PCs and laptops contain some data that might be incriminating in a legal sense. Very often, this data is present without us realising it. Examples are browsing histories and cached data, which may reveal we have a predilection for a certain type of images. For a minute portion of computer users, there may be an actual intent to break the law by storing certain data. For most of us however, it is simply a huge embarrassment to find our most private data, such as diaries and nude images of lovers, in the hands of a spotty lab technician, even if this data is not unlawful.

There are a few things however that computer users can do to arm themselves against this form of oppression. First, never use any Microsoft crap. Use of Vista and related inferior products will in the end make you lose your sanity. More important in this context is that they offer the user little control over what happens behind the scenes, and it is difficult to ascertain that data one thinks has been deleted is really gone irretrievably.

Secondly, one should make an inventory of log files and 'tmp' directories where data is silently being collected while one views and manipulates other files. Notorious culprits are multimedia players, which create logs of viewed files, and file browsers, which keep 'deleted' files until the relevant 'trash cans' are explicitly emptied. All such log files and temporary directories should be erased regularly. Computer savvy users may want to write scripts to do that automatically upon logout. This will of course only be effective if one logs out regularly, which is recommended in any case.

It may also be advisable to run tools that temporarily swallow up all unused memory and erase any residual information contained therein.

Lastly, one should keep confidential data separate from other data, on an encrypted hard disk, with an outer and hidden volume, accessible with two different passwords. From here, Bruce Schneier's instructions in above-mentioned article should be followed.

Addendum (2008-06-08):

It seems many computer users in the past have been screwed thanks to their browsers. Apart from aforementioned browsing history, there is the cache, which stores copies of visited web pages, including images therein. Furthermore, many sites leave cookies, which represent evidence of browsing habits. Some browsers (e.g. Firefox) can be configured to clear some or all private data upon closing. Make use of this!

Lastly, beware of compromised software or hardware. After someone who cannot be trusted has had access to one's computer equipment, it is no longer safe to enter a password, as spyware might have been installed that monitors the keyboard.

Addendum (2008-06-17):

As we already knew, Microsoft sucks:

Vista encryption 'no threat' to computer forensics
(The Register, Friday 2nd February 2007)

In contrast, full disk encryption is entirely secure, given a few precautions. In particular, the machine must be switched off well before the adversary gets hold of it. And of course, a strong password is essential.

Cf. The impact of full disk encryption on digital forensics

No comments: