CBP officer gave me a stern warning that my laptop shouldn't have ripped DVD/Blu-ray
#91
Join Date: Sep 2009
Posts: 376
BTW, zfone is great and I would reccomend it to anyone traveling, especially overseas. The implementation is quite simple and assuming both ends of the call use some (non-skype) form of voip, which you probably do for cost anyways, is simple as pie. I have it tied in for my home PBX and the PBX I setup for my lab at school
@QUERY, there is that speculation anytime the NSA gets involved in any security. I have always felt their key escrow movement years ago was kind of an admission that they were really expecting to lose the ability to effectively decrypt in the long term. They were involved in the design of DES, but as far as I know their involvement in AES is kind of a myth. The problem is, they are in a contradictory roll of being the encryption experts, and also one of the groups most likely to benefit from the holes...they have been involved in the HSA-3 competition helping evaluate proposals for NIST. Then again, so is Zimmerman so that's quite an interesting set of bedfellows.
#92
Join Date: Dec 2009
Location: LAX
Programs: CX MPC SL
Posts: 63
You didn't state what OS you had on the laptop but, assuming it was Windows XP or Vista, you probably don't have an administrator account on the laptop. Someone at your office does, however, and that person has access to ALL files of ALL accounts(either by default or by configuration). They also have access to the Computer Management snap-in(Local Users and Groups) for Administrative Tools. That person can also see all accounts by using the command line. Click Start, then Run, type in lusrmgr.msc in the Open field and click OK. The administrator of that laptop, if he/she has configured it for restrictive access, will have these features locked out so a user cannot access them or modify any settings already made.
#93
Join Date: Sep 2009
Posts: 381
"Yes, I know all of this (This is Vista Business FYI). However, if I am NOT THAT PERSON that has administrator access, how can I be forced to give access? Does this essentially mean that if you carry a laptop that you are NOT an administrator on that you share with other users (I am sure many small businesses do this), that has OTHER user accounts besides yours, you can have it seized based on failure to provide access to the USER folders of those other users?"
#94
Join Date: Dec 2009
Location: LAX
Programs: CX MPC SL
Posts: 63
I see your point. I doubt the CBP officer would. They are not in the trusting business. You only need to look at prior threads on this forum and you will see that they can confiscate laptops. What I would do in that situation would be to give the CBP officer the name and telephone number of a point of contact at your company who is able to provide that info. Many businessmen who travel with laptops have the company name and telephone info on them(business card taped to back-usually) in case they are lost or to differentiate them from another identical laptop. This would also work for a point of contact in a scenario such as this. I don't know what kind of info is on your laptop but if it contains intellectual property or info not meant for public dissemination, then you should NOT give out any usernames or passwords, period. Let the point of contact handle that. Your company should have an information security policy and procedures to follow regarding laptop use and information disclosures.
It's just a scary thought, but I suppose since it's not my laptop, and I have no personal interest in it, I wouldn't care if it was just taken. It's more silly and annoying and ridiculous than anything.
#95
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
#96
FlyerTalk Evangelist
Join Date: Jul 2000
Location: in the vicinity of SFO
Programs: AA 2MM (LT-PLT, PPro for this year)
Posts: 19,781
First, let me say it's this kind of crud that has led me to have a second "clean" hard drive for outside-the-US travel.
Or just delete them before returning through customs. Not great if you've got a long domestic connection, but it avoids the hassle.
No, just any major-studio one, and most others. I've bought unencrypted original DVDs - producers have to pay licensing fees to use the copy protection, and minor productions (and some large adult producers) will sometimes skip it to save cash[**}
[** while the older CSS optional on DVD, the formal standard for Blu-ray now requires the newer (AACS) encryption system, although I've seen some adult titles that are "out of compliance" and unencrypted. They won't play on some players. I don't remember if HD-DVD required AACS or it it was optional.]
An empty disk looks suspicious. That there's encrypted volume is obvious if you go looking for it. Customs is allowed to ask you for the key, and for random fishing the most likely thing they'll do if you refuse is to pass you through but refuse entry for your computer. Encryption is not a panacea, and how best to use encryption and at the same time avoid suspicion in the case of random fishing is left as an exercise for the reader.
There are better ways still, but this is a good start.
...is even better. Probably the best way that's reasonably convenient.
Normal, in-spec CDs don't have any copy protection; there were attempts (some of which led to some nasty public backlash, including the Sony rootkit) to add it later on. Since these were done by exploiting design defects and not part of the standard, I don't know if that makes any difference for the DMCA or not.
All of the name brand ones will either stop recording, or replace the video with a solid or warning screen, if they detect a protected (ie Macrovision) source.
It's normal for there to be some performance hit. How big a hit that will be depends on a lot of factors; with due respect to ArizonaGuy, the speed of the underlying drive is a relatively small one (the speed of your CPU, the choice of encryption algorithms used, how much memory you have, and what programs you run all matter more.)
Using swap on a truecrypt boot volume is usually particularly painful - having enough memory and minimizing swapping (or better still, disabling swap) would in general be the first thing I'd suggest.
With effective encryption, good luck to them - although a lot of encryption is badly done. Getting around a logon password for Windows by removing the drive and searching it directly, sure (indeed, I've been told they have facilities for that in-airport at some ports of entry)
They're very unlikely to do this (or look at the partitions) while doing a quick fishing search on-site.
They could. On the other hand, no matter what capabilities the NSA actually has to break strong encryption, I strongly doubt they'd be willing to risk leaking out information about what those capabilities are for non-national-security matters.
Not impossible - just unlikely to remain secret unless very, very carefully done.
As long as you appear compliant, the frontline CBP guys are unlikely to keep the laptop for further search or to escalate it to someone with the technical skills to find well-hidden material.
[** while the older CSS optional on DVD, the formal standard for Blu-ray now requires the newer (AACS) encryption system, although I've seen some adult titles that are "out of compliance" and unencrypted. They won't play on some players. I don't remember if HD-DVD required AACS or it it was optional.]
1. Download and install Truecrypt (works on netbooks)
2. Set up your encrypted container
3. Move everything to the encrypted container
2. Set up your encrypted container
3. Move everything to the encrypted container
this is good advice whether or not you have any media on your drive. This is actually a better solution then whole disk encryption because it raises less eyebrows. CBP will definitely notice if they can't get your computer to boot because its wholly encrypted. However, these ladies and gents aren't Bill Gates and an encrypted container will most likely pass without notice. I would suggest not moving *everything* so that the CBP can make a show of searching through whats left.
...is even better. Probably the best way that's reasonably convenient.
Using swap on a truecrypt boot volume is usually particularly painful - having enough memory and minimizing swapping (or better still, disabling swap) would in general be the first thing I'd suggest.
Also, while TrueCrypt is a good encryption program, don't underestimate the decryption capabilities of the Federal Government. If warranted, they need only get the NSA involved.
As long as you appear compliant, the frontline CBP guys are unlikely to keep the laptop for further search or to escalate it to someone with the technical skills to find well-hidden material.
#97
Join Date: Sep 2009
Posts: 381
"Yeah, that all sounds reasonable. Problem is we are very small with NO IT management of any kind. We just outsource the IT and really have no internal policy of any kind whatsoever.
It's just a scary thought, but I suppose since it's not my laptop, and I have no personal interest in it, I wouldn't care if it was just taken. It's more silly and annoying and ridiculous than anything."
It's just a scary thought, but I suppose since it's not my laptop, and I have no personal interest in it, I wouldn't care if it was just taken. It's more silly and annoying and ridiculous than anything."
"First, let me say it's this kind of crud that has led me to have a second "clean" hard drive for outside-the-US travel."
They're very unlikely to do this (or look at the partitions) while doing a quick fishing search on-site.
They could. On the other hand, no matter what capabilities the NSA actually has to break strong encryption, I strongly doubt they'd be willing to risk leaking out information about what those capabilities are for non-national-security matters.
As long as you appear compliant, the frontline CBP guys are unlikely to keep the laptop for further search or to escalate it to someone with the technical skills to find well-hidden material."
They're very unlikely to do this (or look at the partitions) while doing a quick fishing search on-site.
They could. On the other hand, no matter what capabilities the NSA actually has to break strong encryption, I strongly doubt they'd be willing to risk leaking out information about what those capabilities are for non-national-security matters.
As long as you appear compliant, the frontline CBP guys are unlikely to keep the laptop for further search or to escalate it to someone with the technical skills to find well-hidden material."
Regarding your 1st paragraph, that's a good idea.
Regarding your 2nd paragraph, what if CBP sends it off to their cyber unit, a DHS cyber unit, or, like I stated before, to the NSA, for further inspection? Viable options, yes?
Regarding your 3rd paragraph, if you look at the paragraph you quoted, I stated, "If warranted...". There is no requirement for NSA to state any info regarding the confiscated laptop to the public. As I've already stated in post #90, the NSA would not broadcast that they had broken a code like AES.
Regarding your 4th paragraph, the presumption on this forum seems to be that CBP officers are not very bright. You can roll the dice with them at your own peril. Myself, I would never underestimate someone holding such a position, even if it's an Agricultural Specialist. What you need to realize is that they have contact with the public on a regular basis, both good and bad people. Attempting to employ subterfuge against a trained, experienced officer is not a wise course of action.@:-)
Last edited by Kiwi Flyer; May 21, 2010 at 4:41 pm Reason: merge consecutive posts
#98
FlyerTalk Evangelist
Join Date: Apr 2009
Location: where lions are led by donkeys...
Programs: Lifetime Gold, Global Entry, Hertz PC, and my wallet
Posts: 20,342
I suspect the CBP officer was jealous as he has not figured out how to do it. If they even think about touching my Amazing Race torrents they are in big trouble, guns or not !
#99
FlyerTalk Evangelist
Join Date: Jul 2000
Location: in the vicinity of SFO
Programs: AA 2MM (LT-PLT, PPro for this year)
Posts: 19,781
Regarding your 3rd paragraph, if you look at the paragraph you quoted, I stated, "If warranted...". There is no requirement for NSA to state any info regarding the confiscated laptop to the public. As I've already stated in post #90, the NSA would not broadcast that they had broken a code like AES.
Regarding your 4th paragraph, the presumption on this forum seems to be that CBP officers are not very bright.
Having had my laptop searched twice (both times in my presence, albeit with a relatively half-assed job of trying to keep me from looking) I've got a fair sense of what they do on a quick "fishing" job.
You can roll the dice with them at your own peril. Myself, I would never underestimate someone holding such a position, even if it's an Agricultural Specialist. What you need to realize is that they have contact with the public on a regular basis, both good and bad people. Attempting to employ subterfuge against a trained, experienced officer is not a wise course of action.@:-)
#100
FlyerTalk Evangelist
Join Date: Mar 2002
Location: An NPR mind living in a Fox News world
Posts: 14,165
Regarding your 2nd paragraph, what if CBP sends it off to their cyber unit, a DHS cyber unit, or, like I stated before, to the NSA, for further inspection? Viable options, yes?
Regarding your 3rd paragraph, if you look at the paragraph you quoted, I stated, "If warranted...". There is no requirement for NSA to state any info regarding the confiscated laptop to the public. As I've already stated in post #90, the NSA would not broadcast that they had broken a code like AES.
Regarding your 3rd paragraph, if you look at the paragraph you quoted, I stated, "If warranted...". There is no requirement for NSA to state any info regarding the confiscated laptop to the public. As I've already stated in post #90, the NSA would not broadcast that they had broken a code like AES.
There are law enforcement agencies with decent encryption-breaking capability, but, this, too, is expensive. It's a lot easier and cheaper for a customs guy to manipulate or intimidate someone into spilling their guts than it is to confiscate the laptop and send it off somewhere.
#101
Used to be 'Travelergcp'
Join Date: Jul 2003
Location: New Orleans
Programs: AA Plat, Marriott Gold, Hyatt Globalist
Posts: 2,826
If you use a Mac it is easy to make an encrypted DMG to store files, without using the system-wide file vault.
I'd try to play nice with CBP. While you may ultimately prevail on the privacy issues, they have pretty much unlimited authority to seize property entering the US.
I'd try to play nice with CBP. While you may ultimately prevail on the privacy issues, they have pretty much unlimited authority to seize property entering the US.
#102
Join Date: Sep 2009
Posts: 381
"There is also the practical aspect to all of this. I very much doubt that NSA would go through the non-trival expense of getting into a traveler's laptop unless there was a darn good national security reason to do so. If I were the DIRNSA, I wouldn't touch this job unless I was 100% reimbursed by Nappy.
There are law enforcement agencies with decent encryption-breaking capability, but, this, too, is expensive. It's a lot easier and cheaper for a customs guy to manipulate or intimidate someone into spilling their guts than it is to confiscate the laptop and send it off somewhere."
There are law enforcement agencies with decent encryption-breaking capability, but, this, too, is expensive. It's a lot easier and cheaper for a customs guy to manipulate or intimidate someone into spilling their guts than it is to confiscate the laptop and send it off somewhere."
Regarding your 2nd paragraph, point taken. Add to that they can ask the right questions to trip a pax up in his/her own lies.
#103
FlyerTalk Evangelist
Join Date: Sep 2007
Location: SJC, SFO, YYC
Programs: AA-EXP, AA-0.41MM, UA-Gold, Ex UA-1K (2006 thru 2015), PMUA-0.95MM, COUA-1.5MM-lite, AF-Silver
Posts: 13,437
As I noted before to break a 256 AES key now requires 2^110 brute force attempts. Thus one merely needs a pass phrase that is resistant to 2^110 attempts. Assuming a dictionary of 65,000 words, i.e. 2^16, one just needs to construct a pass phrase consisting of 110/16 = 7 random words.
So the way to defeat that is to use not only a password, but also a keyfile. A keyfile is a file that gets combined with the password-generated key to create the decryption key. So now the brute force attacker needs to iterate not only over all possible passwords, but all possible keyfiles.
Good luck breaking that.
You think?
So?
#104
Join Date: May 2009
Location: Silicon Valley
Programs: UA GS, WN A-List, AA Exec Plat, National Emerald
Posts: 1,020
Another lazy law, if you ask me. I agree that P2P sharing of files that are ripped from personal inventory is a problem. But to try to make a federal case against a person that buys/rents a DVD, decides to watch it on a device that doesn't have a DVD player, rips it to a compatible format, watches the movie and deletes the file when done.
Its easier to ban copying in all forms with a few exceptions than try to figure out a fair way to allow media transfers. Lazy regulations.
Its easier to ban copying in all forms with a few exceptions than try to figure out a fair way to allow media transfers. Lazy regulations.
In any event, the law is complicated, and (most likely) the TSA agent is not an attorney. Since he was giving you legal advice, you should file a complaint against whoever licenses attorneys in that state, and consult an attorney to determine if you have the right to sue under state law.
#105
Join Date: Feb 2010
Posts: 1,347
Some BluRay disks come with a digital file that's expressly intended for viewing on your computer.
In any event, the law is complicated, and (most likely) the TSA agent is not an attorney. Since he was giving you legal advice, you should file a complaint against whoever licenses attorneys in that state, and consult an attorney to determine if you have the right to sue under state law.
In any event, the law is complicated, and (most likely) the TSA agent is not an attorney. Since he was giving you legal advice, you should file a complaint against whoever licenses attorneys in that state, and consult an attorney to determine if you have the right to sue under state law.
FB