Sign in with
Sign up | Sign in

DHS Introduces Rules for Airport Laptop Checks

By - Source: Tom's Hardware US | B 61 comments

DHS has unveiled a revised set of rules for laptop checks at border control.

There's nothing more annoying than doing the security dance with TSA officials at the airport; but hey, it keeps us all safe. As long as they're not hauling you off to inspect your luggage or perform a physical, the endless packing and repacking of laptops and electronics really isn't so bad.

One thing, though, that a lot of people have a problem with is the laptop checks DHS is allowed to do if they feel like it. Last year DHS polices came to light that said TSA could kidnap any device capable of storing information (including hard drives, flash drives, your cellphone, MP3 player, Kindle, pager, and any books or documents you happen to have lying around) for “a reasonable amount of time.” In other words, as long as they liked. Not only that, they could also share your data with other federal agencies or private entities for language translation, data decryption or, and this one is our personal favorite, “other reasons.”

The Obama administration this week unveiled new rules for searching computers and other electronic devices when people enter the United States. Designed to strike a balance between respecting travelers' privacy and protecting and securing the U.S. borders, the rules are a mix of good and bad as far as the average traveler is concerned.

According to PCWorld, DHS can still search electronic devices during border crossings without suspicion of wrongdoing. So even if you're not acting shady, they can still take away your computer. However, the revised rules stipulate that CBP must complete a search of an electronic device within five days and ICE must complete a search within 30 days.

DHS says that between October 1, 2008 and August 11, 2009, 221 million travelers were processed at U.S. borders and about 1,000 searches of laptop computers were conducted, of which 46 were in-depth examinations. Have you ever had an electronic device searched by DHS? Let us know in the comments below!

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 20 Hide
    razor512 , August 28, 2009 10:51 PM
    Yep if your going to travel, encrypt the drive and use a long complex password, you can remove the encryption later, don't use a password that can be brute forced

    use a long one

    they cant force you to give up encryption keys but they can brute force

    be sure the device is off and battery removed as you can recover encryption keys from memory up to 5 minutes in some cases after the laptop has been powered off, so turn it off and remove battery for about 5-10 minutes before packing the laptop up

    if they really want the data on the PC let then spend a few thousand dollars in hiring someone to attempt to crack it

    I have never had my equipment searched but if it ever is, they would have a hard time getting past the encryption only to find out that theres like multiple other encrypted drives and files in the pc, with nothing in them :) 

    isn't disappointment great :) 

    it is like those Russian dolls toys where when you open it it is the same exact doll just smaller until when you reach the last one and nothing :) 


    if theres a limit to the time they can hold a item then do that, put encrypted volumes in your ipods, pocket pc's pda' PSP' cellphones and any other device that holds data. it will be a great way you waste their time

    you don't need anything in them it will still show up as random data in a hex editor

    if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped

    it is an invasion of privacy, especially if other humans are looking at your content

    how many times have you seen on the news about people sending a computer to a repair shop and the workers will start looking through their personal files

    imagine giving your system to people whose job is to look through your stuff, it is a privacy problem

    if they replaced the human workers with hamsters or squirrels who have no interest in out personal stuff then I will be a little more ok with the searching but the way it is now, it has to stop, it is just a major inconvenience to anyone who goes through with it
  • 18 Hide
    SAL-e , August 29, 2009 12:43 AM
    I have been detained for more the 1h after the custom agent found a box of floppy disks. I was searched and the plane was delayed more then 30 min because of me. The big question is when and where this happen?
    It happened on the fly to Moscow from formal socialist country in 1988. I was sure that I will never going to experience police state when I move to USA, but congratulations every one USA now is no better then USSR just 20 years ago.

    There is absolutely no difference if they seize you computer for 30 days or for ever. They need only few minutes to copy entire drive and unlimited time to break the encryption sooner or later. And until I see the source code of Windows I am going to believe that there is backdoor put for them. The only encryption program I trust is TrueCrypt, but it is limited by the under lying OS. There is no way to guaranty that your encryption key was not stored by Windows into the swap file.

    I agree that equipment should be searched for concealed weapons and explosives, but snooping inside my data has no justification at all. I would like to ask everybody to thing for a moment and answer to the following questions:
    1. If terrorist is coming to the country with laptop, the custom holds the laptop, but lets the terrorist enter the country, how this improves our security?
    2. If the government is allowed to hold your computers for data examination, should the government be allowed to hold anyone for 30 days for interrogation to find out what information we are holding in our heads? (Note the brain is much easier to crack!)
  • 18 Hide
    Shadow703793 , August 28, 2009 10:24 PM
    One word: TrueCrypt
    http://www.truecrypt.org/
    They do not have ANY rights to force you to decrypt the data woth out a warrant.
Other Comments
    Display all 61 comments.
  • 18 Hide
    Shadow703793 , August 28, 2009 10:24 PM
    One word: TrueCrypt
    http://www.truecrypt.org/
    They do not have ANY rights to force you to decrypt the data woth out a warrant.
  • 1 Hide
    Chief Tomohawk , August 28, 2009 10:31 PM
    better make sure ur laptop isnt pirated software heaven, lol then ud be in a heap of trouble
  • 20 Hide
    razor512 , August 28, 2009 10:51 PM
    Yep if your going to travel, encrypt the drive and use a long complex password, you can remove the encryption later, don't use a password that can be brute forced

    use a long one

    they cant force you to give up encryption keys but they can brute force

    be sure the device is off and battery removed as you can recover encryption keys from memory up to 5 minutes in some cases after the laptop has been powered off, so turn it off and remove battery for about 5-10 minutes before packing the laptop up

    if they really want the data on the PC let then spend a few thousand dollars in hiring someone to attempt to crack it

    I have never had my equipment searched but if it ever is, they would have a hard time getting past the encryption only to find out that theres like multiple other encrypted drives and files in the pc, with nothing in them :) 

    isn't disappointment great :) 

    it is like those Russian dolls toys where when you open it it is the same exact doll just smaller until when you reach the last one and nothing :) 


    if theres a limit to the time they can hold a item then do that, put encrypted volumes in your ipods, pocket pc's pda' PSP' cellphones and any other device that holds data. it will be a great way you waste their time

    you don't need anything in them it will still show up as random data in a hex editor

    if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped

    it is an invasion of privacy, especially if other humans are looking at your content

    how many times have you seen on the news about people sending a computer to a repair shop and the workers will start looking through their personal files

    imagine giving your system to people whose job is to look through your stuff, it is a privacy problem

    if they replaced the human workers with hamsters or squirrels who have no interest in out personal stuff then I will be a little more ok with the searching but the way it is now, it has to stop, it is just a major inconvenience to anyone who goes through with it
  • 8 Hide
    Shadow703793 , August 28, 2009 10:59 PM
    Oh one more word: IronKey
    https://www.ironkey.com/
    That works as well too.
  • 10 Hide
    ravenware , August 28, 2009 11:09 PM
    Quote:
    but hey, it keeps us all safe


    I laughed so hard I almost shit in my pants.

    This is still BS. My coworkers and I have to travel with laptops and blank drives quite often to perform forensic data collections and we have had instances were Totally Stupid Annoying officers confiscated blank hard drives and never returned them. We can not wait 30 days for our equipment to be returned either we need it immediately. So far we have not had an instance where they have confiscated a client original; not sure what to do when that happens.


  • 5 Hide
    salopar , August 28, 2009 11:14 PM
    suspected of having evil data in your harddrive that enable you to take over the plane!! i couldnt find a REAL good reason that allow the evil empire to take over your harddrive
  • 4 Hide
    bison88 , August 28, 2009 11:20 PM
    Encryption and Setting a user password on your laptop is a must for private files. I would never log into my computer for these guys much less as mentioned above unencrypt personal files for the Federal Government. Use those super computers and go to town, make em work.
  • -3 Hide
    Honis , August 28, 2009 11:43 PM
    Quote:
    if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped

    Actually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.
  • 12 Hide
    cldebuhr , August 29, 2009 12:02 AM
    Yep - Encryption is the key. If you've got a laptop, use whole disk encryption with a really good, long passphrase. Any sensitive files can be further protected inside of TrueCrypt container files. Use the passfile feature on TrueCrypt, which should essentially remove brute force from the table as a decryption option, provided "they" don't get your passfile. How to prevent that? Leave the passfile at home with a trusted party who will email it to you once you confirm that you're safely at your destination, and safely past the border. If you're worried that your passfile might be intercepted in transmission, then keep another (unused) maximum entropy passfile within the encrypted container and change the passfile to that one before your return trip. Leave it with another trusted party to email back to you upon your return (or just leave it at home before you leave in the first place). Under NO circunstances carry the clear text passfile with you. Yes, this will render you data inaccessible until someone send it to you, but its inaccessible to EVERYONE.

    And now for the how to piss off DHS department ... Use TrueCrypt to create a number of encrypted containers with strong passwords and maximum entropy passfiles. Then destroy the passfiles. Idealy ensure that the passfiles never actually existed in cleartext on any media your carrying wit you, but at least do a secure erase on them. Now you've got a number of encrypted containers, which can ONLY be accessed by brute force ... but you used maximum entropy passfiles to encrypt the volume header. That should suck up quite a few cycles on someone's supercomputer, and if they ever do get in, they'll find exactly ... nothing.
  • 7 Hide
    razor512 , August 29, 2009 12:03 AM
    HonisActually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.


    then we will just have to boycott the airlines and border checks, use portal guns to get where we need to go :) 

    or if needed you can also fill your portable medias free space with tons of the most disturbing non illegal content you can find and make all the workers scared to randomly check laptops with out a really good reason :) 

    anyway this will eventually ruin the economy further

    most major companies do not use the internet or mail when transporting highly sensitive information, and theres no trusting a someone else to look at it who isn't in the company, trust me giving the chance a worker getting $13 an hour wont resist copying info from a company computer if that information could be worth millions, companies will just avoid doing business with the US.

    those places go crazy about protecting the privacy of them self and their workers, if you even try to go to a private area or ask a worker for any information not giving out to you from the start, you can probably get arrested, why not extend some of that privacy our way, or level the playing field, if you can look through our stuff then we can look through your stuff at will.
  • 3 Hide
    Gin Fushicho , August 29, 2009 12:13 AM
    What the hell?! The Airports can do that?! Well... I better hide my porn. But seriously , I dont want them going around on my computer and fucking up the settings and deleting stuff. If I ever go anywhere I'm going to HEAVILY encrypt my computer. And I'm going to bitch about not being able to use it for the 7 days I'm gone in another state. In fact if I'd have to go through all that trouble I'll just mail the damn thing to the place I'm staying then fly after it gets there.
  • 18 Hide
    SAL-e , August 29, 2009 12:43 AM
    I have been detained for more the 1h after the custom agent found a box of floppy disks. I was searched and the plane was delayed more then 30 min because of me. The big question is when and where this happen?
    It happened on the fly to Moscow from formal socialist country in 1988. I was sure that I will never going to experience police state when I move to USA, but congratulations every one USA now is no better then USSR just 20 years ago.

    There is absolutely no difference if they seize you computer for 30 days or for ever. They need only few minutes to copy entire drive and unlimited time to break the encryption sooner or later. And until I see the source code of Windows I am going to believe that there is backdoor put for them. The only encryption program I trust is TrueCrypt, but it is limited by the under lying OS. There is no way to guaranty that your encryption key was not stored by Windows into the swap file.

    I agree that equipment should be searched for concealed weapons and explosives, but snooping inside my data has no justification at all. I would like to ask everybody to thing for a moment and answer to the following questions:
    1. If terrorist is coming to the country with laptop, the custom holds the laptop, but lets the terrorist enter the country, how this improves our security?
    2. If the government is allowed to hold your computers for data examination, should the government be allowed to hold anyone for 30 days for interrogation to find out what information we are holding in our heads? (Note the brain is much easier to crack!)
  • 6 Hide
    steiner666 , August 29, 2009 3:43 AM
    GenKhan2One Word: Paranoia46 out of 221 Million people had something of interest.If the entire population of the planet, 6 billion people, crossed the border with devices in hand there would only be about 1300 intensive searches. Much ado about nothing. You have nothing of value or interest on your devices. Remove youR tin foil hat.


    yeah... ya know what? I'm just gonna totally stop worrying about the privacy of my data. Because you said so, and because i'm confident that all ppl empolyed by the US government adhere to rules and good moral standards.. and they would never do/take anything for their own personal gain either.

    ...TH comments need to have a eyeroll emote
  • 0 Hide
    thejerk , August 29, 2009 3:50 AM
    Sal-e... don't run a swap file if you believe the key is stored there.

    And, everyone else... FedEx your electronics to your destination.
  • 11 Hide
    Anonymous , August 29, 2009 4:04 AM
    Someone missed the whole point. The Fourth Amendment to the United States Constitution is the part of the Bill of Rights which guards against unreasonable searches and seizures.

    The key issue here is that the DHS, or any law enforcement agency, needs reasonable cause to search and seize a computer. It is these FREEDOMS that the war on terror seeks to protect. Why would our government betray its citizens and the spirit of the constitution in such a way? It seems unconstitutional.
  • 2 Hide
    SAL-e , August 29, 2009 4:41 AM
    otaconHow do I know that? I used to work for the TSA. 1,000 out of 221,000,000 coming into the USA....what are the odds you're going to get picked? Sheesh some people are idiots... give me a thumbs down I don't care... some of you people are nuts.


    otaconIf you're coming into this country with a fully encrypted latop AND they picked you for some reason to go over your laptop?...LOL you won't get the laptop back until they read the files and if they can't?... it will have some kind of "accident" and you'll never get it back. Just put the files on a thumb drive and stick it in your check bagged... this isn't rocket science.

    Thank you for providing the prof. That is exactly why TSA should not be allowed to do this on first place.
  • 0 Hide
    SpadeM , August 29, 2009 6:19 AM
    Quote:
    but hey, it keeps us all safe.

    Good thing you're Irish or else I'd say you'd qualify to be a perfect American citizen with that statement.

    I'm sure terrorists will keep laptops or other media devices full of evidence against them and get caught cause the DHS is so effective in it's job. But hey, whatever helps you sleep at night right?
  • 2 Hide
    climber , August 29, 2009 6:28 AM
    One note about truecrypt, the documentation states that disk defragmentation software can pose problems for encrypted volumes: http://www.truecrypt.org/docs/ "look up defragmentation". with respect to thumbdrives, I wouldn't doubt that at some point they'll use x-ray machines with enough resolution to see them in your luggage, open them up and seize those too. Some day in the future the US government may require all storage devices have a hardware based backdoor for the government (NSA, CIA, FBI) to get past any and all encryption, this couldn't work for optical media. Since many thumb drives have built in encryption, I wouldn't doubt a requirement on any device made or sold in the US which is capable of storing digital information must have a means of recording encryption keys, passphrases/files, etc. I can also see new legislation requiring the US Postal Service and any courier companies handling electronic devices to permit searching and data copying of storage media. Several months ago I watched a TV show on PBS in the US on the NSA. After 9/11 the NSA started a program of collecting information on US citizens. They put in splitters in AT&T fiber optic cables at the switching stations in the US as those cables came in from Asia and Europe. The copied every bit, yes bit as in eight bits in a byte, of data that came across. They store 9PB, petabytes of data on americans each month, that's 12 filing cabinets of info each month on every american. Now they are just trying to crab more. In Canada, ISP's must now allow the RCMP to intercept all internet traffic. This kind of thing makes a wanna live in a log cabin abscent of all technology.
  • 1 Hide
    climber , August 29, 2009 6:34 AM
    Just for reference, the TV show I was referring to was on NOVA, on PBS, I think it was called, "Th Spy Factory", original program air date, Feb. 3, 2009. http://www.pbs.org/wgbh/nova/spyfactory/about.html
Display more comments