[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Re: Appeals Court: Border electronics searches are okay
________________________________________ From: Dave Crocker [dhc2@dcrocker.net] Sent: Thursday, April 24, 2008 12:39 PM To: David Farber Cc: ip; EEkid@aol.com; Richard Forno Subject: Re: [IP] Re: Appeals Court: Border electronics searches are okay Folks, Worrying about inspections at borders is titillating but probably distracts discussion from the larger and more pervasive examples of unwanted inspection of data on a laptop: physical theft or loss. Protect against that, in a way that is viable on a daily basis, and the border concern is automatically also dealt with. So it's fine to have concern over border inspection serve to motivate efforts at protecting mobile data privacy, but it probably should not guide design. We've seen the same distinction for developing trust-based mechanisms to "fight" spam and other abuse. Good for motivation, bad for design. The design needs to solve things in a way that fits into daily use, rather than being tailored too specifically for special use cases. And no matter how much you cross borders, it's a special case, compared with the rest of your laptop use. As with so many other security issues, in the case of laptop privacy, the core technical challenge is almost certainly a human factors one. Keeping data on a peripheral that is removed is inconvenient and really doesn't solve the problem, since the peripheral is also subject to inspection. And for a large enough amount of data, the i/o rate is not good enough or the storage choices are too limtied. Or both. So it is not likely to scale into widespread use. Having file or disk encryption performed automatically certainly sounds appealing, but it creates the question of how the data are unlocked. If it is convenient enough for daily use by mass-market users, does it really provide meaningful protection? So, for example, having login (boot-time or waking from sleep/hibernation) also unlock the data is extremely appealing, since it creates no new human-factors effort. But does it provide protection against a laptop stolen when you step away from it for a few seconds? Does it need to? I think this translates into the question of granularity for the user activity that controls the crypto. Does the human factors check take place at the right times to be useful while still being tolerable? d/ David Farber wrote: > depends on if you can hide it. Better, I think, is a very small size flash drive that you keep all your private stuff on encrypted and "hidden" > > Dave > ________________________________________ > From: EEkid@aol.com [EEkid@aol.com] > Sent: Wednesday, April 23, 2008 7:40 PM > To: David Farber > Subject: Re: [IP] Appeals Court: Border electronics searches are okay > > Dr. Farber, > > I've noticed that it's very easy to remove the hard drive on some laptops. Particularly the Dell's I've owned. Removing two screws and the hard drive slides out connected to a plastic drawer like holder. It can easily fit in a pants or jacket pocket. -- Dave Crocker Brandenburg InternetWorking bbiw.net -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC