A Guide to Defending Privacy at U.S. Border

Take a look at the EFF’s latest article “Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices”

Account Passwords vs. Full Disk Encryption:

This distinction makes a major practical difference. Bypassing an account password is a routine operation that can be done automatically with forensic software that bypasses the operating system and looks directly at the disk, your account password is no obstacle for this forensic software. Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.

Simply deleting data from your hard drive with your normal OS file deletion features is not secure and the data is still present and recoverable on your hard drive. Just because deleted files are no longer visible in your operating system’s file manager does not mean that a forensic expert can’t undelete them or deduce that they were once present.

If a border agent asks you to provide an account password or encryption passphrase or to decrypt data stored on your device, you don’t have to comply. Only a judge can force you to reveal information to the government, and only to the extent that you do not have a valid Fifth Amendment right against self-incrimination.

It’s extremely important that you do not tell a lie to a border agent. If you are absolutely sure that you don’t want to answer a specific question, it’s better to politely decline to answer than to give a false answer.

Be aware that border agents may search your camera, copy its contents, or try to undelete images or videos that you believe you’ve deleted and that are no longer visible from the camera’s user interface.

Uncrackable Passwords

The H has an interesting article on storing passwords to prevent unauthorized access and identity theft.  The article discusses the following methods and downfalls associated with each:

  1. Plaintext
  2. Hashing
  3. Hashing with salt
  4. Key stretching
  5. Hashing with multiple rounds
  6. Determining cipher used

Most importantly, don’t reinvent the wheel if you’re building an application requiring authentication.  Rely on tested frameworks such as OAuth or PHPass.

 

 

 

Stallman: Still an eccentric?

There’s an interesting article at OSNews about Richard Stallman and his FSF principles.  His philosophy rings especially true in these times with the recent passing of the NDAA, SOPA discussions, and the growing threat of increased monitoring and restrictions.

To summarize:

However, as the world changes, the importance of the ability to check what the code in your devices is doing – by someone else in case you lack the skills – becomes increasingly apparent. If we lose the ability to check what our own computers are doing, we’re boned.

The article also links to Cory Doctorow’s 28C3 keynote titled ‘The Coming War on General Purpose Computation‘. (video and transcript available)

Abstract:

The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.

Future of the Global Positioning System (GPS)

There’s an interesting read from the Congressional Budget Office (USA) on cost estimates for the next generation GPS system.  This is particularly of interest now due to reports that Iran may have jammed the captured US drone’s GPS receiver in order to prevent it from returning “home”.

What is GPS?

The GPS uses a constellation of at least 24 satellites, each of which transmits precise data on the time and its location. Receivers—both military and civilian—use the data transmitted by the satellites to calculate their own position; information from a minimum of 4 satellites is required to determine a position accurately in three dimensions.

Solutions for next generation GPS:

As the Department of Defense’s satellites reach the end of their service lives, the department plans to replace them with ones that can counter deliberate interference by generating stronger signals. Analysis —namely, improving military receivers to retain the GPS signal even in the presence of such jamming—would be less expensive than DoD’s plan for upgrading its constellation of GPS satellites. Furthermore, the alternative would yield benefits almost a decade earlier than DoD’s plan. However, the improvements to military receivers could make them larger and heavier (and thereby less useful to personnel operating on foot) until they could incorporate the substantial gains that have been achieved in miniaturization in other applications.

  • Option 1 would improve current military GPS receivers by fitting them with better antennas and by adding inertial navigation systems.
  • Option 2 would capitalize on a DoD research and development program by enabling current GPS receivers to integrate information received via the Iridium commercial communications satellite network.
  • Option 3 would include the improvements of both Option 1 and Option 2.

Read the complete article here.

Wall Street Journal’s Surveillance Catalog

Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.

The documents fall into five general categories: hacking, intercept, data analysis, web scraping and anonymity.

Check out the Surveillance Catalog here.