{ dubovsky.com rantings }

Competition is good for everyone! Well, everyone save the entrenched leader. Help Firefox set a new record for most downloads in a day.

Boing Boing recently mentioned an EFF article Protecting Yourself From Suspicionless Searches While Traveling. The article is interested and well-researched, and it mentions using disk encryption to secure your data. The problem, as noted:

We don’t know what a border patrol agent will do when confronted with an encrypted machine. One possibility is that the agent will simply give up and let the traveler pass with her belongings. Other possibilities are that the agent will turn the traveler and her machine away at the border, or that he will seize the laptop and allow the traveler to continue on.
[...]
If you don’t want to comply, CBP cannot force you to decrypt your data or give over your password.
[...]
If, however, you don’t respond to CBP’s demands, the agency does have the authority to search, detain, and even prohibit you from entering the county.

The article offers a few ways of dealing with this problem, such erasing your sensitive data and downloading it from a secure site once you’re safely across the border. Good idea, but a bit cumbersome and possibly prone to error (erased data may not really be gone). One great tool that makes the encryption process trivial (as well as free, as in speech) isn’t mentioned, though: TrueCrypt.

All disk encryption software makes it (at least somewhat) obvious that you’ve encrypted something. An agent may see that your email is stored an encrypted volume and ask for your password. TrueCrypt has a feature called hidden volumes which allow you to have two passwords for a single encrypted drive: each one will unlock (decrypt) different content, both hiding in the same file. You put all your sensitive data in one and some junk files in the other. So, the agent asks for your password, you type in the junk one, and they see an encrypted volume with a few family photos, maybe an old bank statement, etc. The wonderful part here is that, due to the random appearance of encrypted data, there is no way to tell if there is a second, hidden, volume. The agent cannot demand the “real” password, because there is no way to prove that the first one isn’t the only password (i.e., you’re just using TrueCrypt in the normal single-volume mode).

If you want the gory details of how it works, read the above link on the TrueCrypt site. Whether you understand it or not, it is worth knowing about if you need to secure your data against prying eyes.