It's been done by our government for quite some time. Using border control (on arrival into and/or on departure from the country) as an opportunity for counter-espionage-related searches -- FISA-type warrants or warrantless -- has been a growth industry of sorts.

Please tell me more about "duress passwords." How does those work?

I don't know how it works on a computer, but my bank offers a simlar "duress" PIN#. Let's say my ATM card's normal PIN# is 1234, the duress PIN# is 4321. If someone holds a gun to my head and demand that I give them the PIN#, I can just give 4321 and the ATM card. With the 4321 code, it will allow the robber to draw around $300 in US dollars and the receipt will show "account overdrawn" after that. (so the robber/kidnapper can't continue to draw money from it) Not sure if US banks offer this type of ATM card?

Thanks, but I'm specifically interested in my computer, as I travel with it internationally often. In Windows, only one password is allowed for. Is there software available that supplies the duress function?

I thought that reverse PIN thing was an urban myth.

Yes, that's pretty much exactly how TrueCrypt works.

TrueCrypt's bootloader will be the first thing you see when you turn on your computer, before Windows even starts. One password takes you to your normal Windows partition, the other takes you to your duress partition, which of course contains nothing you care about. To the person who has compelled you to give them your password, it's impossible to tell that they're looking at your duress partition.

I'm guessing it's one way of setting a password that if you enter it, it'll wipe the computer (or at least the important data) in the background, and look like it's doing normal work in the foreground.

I've had one for a building access code pin, it'll disarm the alarm, yet alert to entry-by-duress.

I swap hard drives in my laptop before traveling across borders. One is a "clean" version that has only the stuff I need when traveling, the other is my regular drive. It takes longer to apply the software patches than it does to swap drives.

I suppose some are like that, but Truecrypt uses it to access a different partition.

IronKey thumb drives do a hardware data destruction if the wrong password is entered a set number of times.

That's common, too.

http://www.truecrypt.org/docs/?s=plausible-deniability

Is a good link to how it works, alternative program would be PGP, but i like truecrypt.

My system (as well as external drives) i go beyond passwords and use biometrics as well as my laptop has a fingerprint scanner to unlock things. In cases of being forced to give up a password under duress i will use the duress password and duress finger to unlock. With that it wont show the my real data but more or less look like a fresh install of XP with no real data they can look all they want but there not going to find anything and cracking truecrypt is not likely even if they put it on a supercomputer running anti-encryption tools.

The other method i can do is with a USB key/dongle but I dont use that so much anymore because its getting harder and hard to find dongles as they can be easily damaged.

Truecrypt FDE
 

I use Truecrypt full-disk encryption on a disposable laptop which is imaged before I travel. I take a prepaid cellphone that has a factory firmware erase and a fresh SIM card when I travel.

Just give me receipts for what you take .. and have fun with AES256 (and I know how to generate key entropy .. it's not the dog's name you morons). Just don't make me stand there for 4 hours arguing about it. NO, YOU CAN'T HAVE THE PASSWORD.

Don't travel with anything you aren't prepared to loose.

Some laptops have a finger print scanner, and you can assign different user IDs to different fingers. Assign your index finger to the normal user ID, and your thumb to the duress ID. When asked to swipe your finger, swipe your thumb. The duress ID's start up folder has a script that will then proceed to wipe the computer clean.

I would hope you're right! But then, I read passages such as this:

---------------------------------
The exact wording from the Ninth Court’s Decision is as follows:

“First, we address whether the forensic analysis of Romm’s laptop falls under the border search exception to the warrant requirement. We review the legality of a border search de novo. United States v. Okafor, 285 F.3d 842, 845 (9th Cir. 2002). Under the border search exception, the government may conduct routine searches of persons entering the
United States without probable cause, reasonable suspicion, or a warrant. See United States v. Montoya de Hernandez, 473 U.S. 531, 538 (1985). For Fourth Amendment purposes, an international airport terminal is the “functional equivalent” of a border. See Okafor, 285 F.3d at 845 (citing Almeida-Sanchez v. United States, 413 U.S. 266, 272-73 (1973)). Thus, passengers deplaning from an international flight are subject to routine border searches.”1

Doesn't seem to matter if you're a citizen: when on the other side of the fence, some droid's perception of 'safety' is all that matters.

http://www.associatedcontent.com/art...op.html?cat=17
-----------------------------------

name withheld by demand

Customs: "Give me your iPod."

Me: (complies)

Customs: "Sir, are these illegal downloads?"

Me: "Uh, yes, officer."

Customs: "Cool, wanna trade?"

What they are talking about here is using boot passwords or encryption passwords, in the case of a duress password it would be for encryption(something like truecrypt). The issue with securing your computer using only a Windows password is your average low level computer guy knows how to get around it, remove it, or bypass it.

Windows has a failsafe built into the OS called the Admin password, your average computer owner doesn't change that, or know how to change it, so with a few keystrokes anyone can enter your system, and look for pretty much anything.

Another way to protect your data which is slightly less obvious than an encrypted windows/duress is the following. It requires a bit more computer savvy, and knowledge of UNIX systems. You duelboot your system and mask your key partition(truecrypt does something similar, but in a very different way). For instance you can use Ubuntu and Windows with your average GRUB loader(it is a boot loader), and mask your Windows partition before traveling, this would allow full access you a working part of your computer, and even if you encrypt your windows partition from Ubuntu you could use terminal to mount the other partition. After traveling you just go in and unmask your main partition, and can load it normally again through GRUB. Using this method it is possible for someone to find your partition, but it requires quite a bit of time, and Unix knowledge, also it looks significantly less suspicious than having a fully encrypted computer.

That being said if your laptop is ever out of your site in hands you don't trust utilize boot and nuke, then fully reformat, just in case anything nasty is added.

I will be upfront, I have not yet had any CBP look at my laptop with the above system, but it tends to confuse every IT person I ever met for 30 plus minutes, and then they are left with an encrypted partition, so should be just fine at the US border.