Getting Data Past Borders

Bruce Schneier uses reports that Sudan is searching all laptops being brought into the country to sound a warning: “Your privacy rights when trying to enter a country are minimal, and this kind of thing could happen anywhere… If you’re bringing a laptop across an international border, you should clean off all unnecessary files and encrypt the rest.”

Some commenters take the discussion a bit further, pointing out this may not be enough. Officials may demand you decrypt your files, so a better way would be to encrypt your data in an unpartitioned portion of your hard drive using something called TrueCrypt, which creates a “virtual encrypted disk” within a file (for Windows and Linux.)

Others suggest that this might not be enough, and that it may be better to use some kind of steganography (hiding data within innocent data, like a photo or music file.) It goes without saying that whatever you do encrypt you should have backed up somewhere safe back home. Another option is not to have anything on your laptop and to download what you need once you’re in country, but unless you have a private network you can do this on, chances are your downloads will be monitored.

This is all not as fanciful or infrequent as it sounds. One poster, Abbas Halai, said he had on three occasions entering the U.S. been asked to login to his laptop and then leave the room.

Steganography And The War On Child Porn

A few weeks ago I wrote about steganography — the hiding of information inside other stuff, usually referring these days to hiding data inside photographs (FEER column here, here; both subscription only).

One usage I missed was in trying to track down paedophiles. So instead of bad guys hiding their bad stuff inside other files, police appear to be able to use a similar technology to trace the bad guys. Australia’s Sunday Telegraph (subscription only) reports on how the country’s high-tech police squad is “using evolving new technology to catch criminals, such as special ‘signatures’ on digital photographs that can tell investigators where and when an image was taken.” Already, the paper says, “one of these signatures has helped police to find one abused young Australian girl whose photographs had been posted on the Internet.”

The paper doesn’t go into further detail, but I assume the use of steganography in this case would involve embedding something into a digital photograph which might then be able to ‘phone home’ in some way. Or does anyone have any better ideas?

The Australian High Tech Crime Centre (AHTCC) campaign is part of Operation Auxin, which has already “resulted in the arrest of more than 200 people”, the paper says.