A Slashdot post discusses how to keep your data private when entering the United States. Given that customs officials have the right to examine any electronic device you’re carrying to the point of copying the data or even making disk images. What can one do?
User “loafula” has a neat suggestion in a reply titled “Mess with them”
Make a folder called “Terror Plans” and fill it with images of cute, cuddly kittens.
I wonder how well this would work as it is within the realm of possibility that you could indeed have terror plans embedded in the images using Stegonagraphy. The suggestion is very amusing, but I don’t think I’d ever do it. Why would I want to be delayed and spend an evening in a waiting room/holding cell.
Rather, I’d use the system I have on my laptop right now. The physical drive is partitioned into two logical drives. The first, c:, is a normal Windows boot partition. All my apps are installed there, but the user folders contain only the sample files the Windows install provides. Windows will give the casual user no clue another partition exists. You have to go into the control panel’s Disk Management application to see the boot partition occupies only a quarter of the physical drive. The remainder appears to be an unformatted partition.
To get at the goods, all I need to do is run TrueCrypt, select the second partition, click mount, and enter the password. The d: drive appears, full of my data.
The only weakness is the customs people may be suspicious about the empty ‘space’ if they were to get that far, which I doubt. There are ways around that too, however.
I heard an interesting story about a Canadian legal firm that feels confidential client data should not be subject to wholesale seizure just because a lawyer crosses the border. What they do is leave the data on their firm’s servers. The laptops they carry have Windows and their applications installed, but no data, visible or hidden. When they need the confidential files, they connect to the Internet, establish a secure VPN connection to their firm’s server, and access the data just as they would if they were sitting in their office.
There’s no way the customs officials can seize data that’s not there.