<<< Date Index >>>     <<< Thread Index >>>

[IP] more on Police Blotter: Laptop border searches OK'd





Begin forwarded message:

From: Roger Weeks <rjw@xxxxxxx>
Date: July 28, 2006 12:43:18 PM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] more on Police Blotter: Laptop border searches OK'd

Dave -

For IP on the laptop border searches:

I'm suprised that no one else has mentioned this so far, but this type of situation is one of the many excellent reasons to use an encrypted filesystem on your laptop hard disk, and to set up other types of security.

For example, my PowerBook G4 is set up to use the built-in feature of OS X called FileVault, which encrypts the user's home directory. The home directory on OS X contains the browser cache for Safari, Firefox, and Camino, and I have to assume, any other browser cache for Opera and other browsers.

I have also set an Open Firmware boot password.  See
http://www.apple.com/downloads/macosx/apple/openfirmwarepassword.html
for details. When I travel I never put my laptop to sleep, but rather I shut it all the way down. This is marginally less convenient, but it means that if my laptop is stolen or confiscated, the Open Firmware password will be the first thing that the attacker sees. Supposing that is broken, they will then have to deal with logging into my laptop.

My root account is disabled, like all OS X installs. I have my login preferences set to not show the usernames on the computer, so the attacker will have to guess both a login name and password.

If the attacker were to take the hard disk out of my laptop and make an image of it with forensic software, they would find an encrypted partition. I'm sure the NSA probably has the horsepower to throw at cracking AES-128 encryption, but chances are my laptop will never get to them if we're talking about local law enforcement.

For those in the Windows or Linux world, you can set a BIOS password on your laptop which is very similar to the Open Firmware boot password for Apple Hardware.

Windows XP and Windows 2003 both include support for encrypting filesystems using DESX or 3DES, via the Encrypted File System. PGP Corp sells a product called "PGP Whole Disk Encryption" for Windows 2000 & XP that uses AES-256 encryption.

Linux users can make a loopback encrypted filesystem for storing anything they wish to be encrypted. See http://www.tldp.org/HOWTO/ Cryptoloop-HOWTO/ for details.

I don't believe it is a crime in any US Federal or State law, or in Canadian law, to set passwords and use encryption. In the US, I believe that a warrant would be necessary for law enforcement to ask for your password, but I don't know if you have to comply. IANAL.

--
Roger J. Weeks
Systems & Network Administrator
Mendocino Community Network
Now offering DSL across California



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/