Strangely I managed to survive 4 weeks in China and Tibet without anyone hacking my stuff, and without taking any more precautions than I'd take travelling closer to home. You're a paranoid lot.

For the time being, the Chinese are far more aggressive in engaging in industrial espionage and efforts to purvey restricted technologies than any other nation on the planet. The Chinese security services have the will, the manpower, the resources, the know-how, and the freedom to mount pervasive information collection efforts, and they do just that against Western businesses and businessmen all the time, located both in China and indeed around the world.

In fairness, there are some people in and around these parts who currently or formerly had to spend a great deal of time and attention to this and related issues, and I can assure you the "paranoia" is well-founded and indeed very reasonable.

:rolleyes:

Tom Clancy called.

He said he wants to know how you got a copy of his latest draft.

Thats definitely a good idea

I am able to access my work network through a VPN authenticated by a SecurID - but I guess that still leaves whatever is on my machine vulnerable to the types of attacks others have mentioned

This idea is brilliant - I will definitely do this. I was going to pretty much forgo accessing any personal accounts/email while over there, but doing that should make it safe (enough)

Yea, I guess the overall answer is going to be leaving behind any non-essential tech at home, making sure the stuff I do bring is as secure as I can make it, and as much as possible not letting anything with a microchip in it out of my sight

I just received a memo from our legal department indicating that China was one of the countries where it was illegal to carry an encrypted notebook into. We were told to use a clean harddrive for China trips. I don't know how true it is.

The implication was that this ban was from China -- not the US bar on exportation of encryption

This is kind of true. This is my understanding:

The Chinese, in theory, want to be able to keep Chinese nationals from using encryption. They are much more lenient with foreign nationals, particularly those working for large corporations with a presence in China.

What they reserve the right to do is ask you (or your company, more specifically) for keys on demand. My firm does over $2 billion USD/year in China. They've never asked. If they did, or if we are unable to conduct business because of a restriction like that, we'd leave China, and they know it. I suspect this helps somewhat.

As a practical matter, the level to which the Chinese will work with a particular company is usually directly related to the amount of business a company brings to China. They've cleared us for strong encryption (network and disk based) as well as backhauling internet access out of China (and thus bypassing the "Great Firewall") for quite some time, but we are growing like a weed there. We also don't let nonprofessionals access the internet, so I guess they figure it's fewer minds being polluted with the uncensored version of the internet...