[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Re: Peter Swire: No, You Can't Search My Laptop
________________________________________ From: Gordon Syme [gordon@twiceasgood.net] Sent: Monday, August 04, 2008 2:58 PM To: David Farber Subject: Re: [IP] Re: Peter Swire: No, You Can't Search My Laptop Prof. Farber, for IP if you wish David Farber wrote: > ________________________________________ > From: Steven M. Bellovin [smb@cs.columbia.edu] > Sent: Sunday, August 03, 2008 11:05 PM > To: David Farber > Cc: rca53@columbia.edu > Subject: Re: [IP] Re: Peter Swire: No, You Can't Search My Laptop > > On Sun, 3 Aug 2008 17:09:55 -0700 > David Farber <dave@farber.net> wrote: > >> But you raise, perhaps unintentionally, the more likely (inevitable?) >> and interesting controversy: if Customs can search your information >> stored on physical media at the border without a warrant, why do they >> need a warrant to search it at the "electronic border" as you >> transmit the same information it to and from your server when you are >> abroad? >> > This is precisely my concern; I blogged about it last month > (http://www.cs.columbia.edu/~smb/blog/2008-07/2008-07-10.html). The > issue of disclosure of keys may also be different. Just as people have > no right to conceal physical objects when crossing a border, is there a > right to conceal information you are importing or exporting? This is a > very different question than ordinary criminal cases. I'm starting to think that the only "safe" way to get your laptop into the US would be to create a VM containing your chosen OS and data and then leave this at home. Travel without a laptop until you arrive at your destination. At this point you can acquire a machine, generate a keypair and export the public key. A trusted third party then encrypts the VM and makes it available for download, probably with a service like Amazon's S3. The VM can contain all your actual data contained in encrypted volumes to minimise the risk of having to trust a third party (though this would require transporting a private key inside the VM). This way you avoid the problem of taking data through the border and also of taking a password through with you, the keys don't exist yet so how could you reveal the password? Nothing carried through and nothing concealed. It's an awful lot of work to get around the risk of border searches (and the associated data grabbing) and skirts around the problem rather than tackling it head-on through legal means. I suspect that there are definite business cases for going to this effort though. -Gordon -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC