DHS Introduces Rules for Airport Laptop Checks

There's nothing more annoying than doing the security dance with TSA officials at the airport; but hey, it keeps us all safe. As long as they're not hauling you off to inspect your luggage or perform a physical, the endless packing and repacking of laptops and electronics really isn't so bad.

One thing, though, that a lot of people have a problem with is the laptop checks DHS is allowed to do if they feel like it. Last year DHS polices came to light that said TSA could kidnap any device capable of storing information (including hard drives, flash drives, your cellphone, MP3 player, Kindle, pager, and any books or documents you happen to have lying around) for “a reasonable amount of time.” In other words, as long as they liked. Not only that, they could also share your data with other federal agencies or private entities for language translation, data decryption or, and this one is our personal favorite, “other reasons.”

The Obama administration this week unveiled new rules for searching computers and other electronic devices when people enter the United States. Designed to strike a balance between respecting travelers' privacy and protecting and securing the U.S. borders, the rules are a mix of good and bad as far as the average traveler is concerned.

According to PCWorld, DHS can still search electronic devices during border crossings without suspicion of wrongdoing. So even if you're not acting shady, they can still take away your computer. However, the revised rules stipulate that CBP must complete a search of an electronic device within five days and ICE must complete a search within 30 days.

DHS says that between October 1, 2008 and August 11, 2009, 221 million travelers were processed at U.S. borders and about 1,000 searches of laptop computers were conducted, of which 46 were in-depth examinations. Have you ever had an electronic device searched by DHS? Let us know in the comments below!

  • Shadow703793
    One word: TrueCrypt
    They do not have ANY rights to force you to decrypt the data woth out a warrant.
  • Chief Tomohawk
    better make sure ur laptop isnt pirated software heaven, lol then ud be in a heap of trouble
  • razor512
    Yep if your going to travel, encrypt the drive and use a long complex password, you can remove the encryption later, don't use a password that can be brute forced

    use a long one

    they cant force you to give up encryption keys but they can brute force

    be sure the device is off and battery removed as you can recover encryption keys from memory up to 5 minutes in some cases after the laptop has been powered off, so turn it off and remove battery for about 5-10 minutes before packing the laptop up

    if they really want the data on the PC let then spend a few thousand dollars in hiring someone to attempt to crack it

    I have never had my equipment searched but if it ever is, they would have a hard time getting past the encryption only to find out that theres like multiple other encrypted drives and files in the pc, with nothing in them :)

    isn't disappointment great :)

    it is like those Russian dolls toys where when you open it it is the same exact doll just smaller until when you reach the last one and nothing :)

    if theres a limit to the time they can hold a item then do that, put encrypted volumes in your ipods, pocket pc's pda' PSP' cellphones and any other device that holds data. it will be a great way you waste their time

    you don't need anything in them it will still show up as random data in a hex editor

    if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped

    it is an invasion of privacy, especially if other humans are looking at your content

    how many times have you seen on the news about people sending a computer to a repair shop and the workers will start looking through their personal files

    imagine giving your system to people whose job is to look through your stuff, it is a privacy problem

    if they replaced the human workers with hamsters or squirrels who have no interest in out personal stuff then I will be a little more ok with the searching but the way it is now, it has to stop, it is just a major inconvenience to anyone who goes through with it
  • Shadow703793
    Oh one more word: IronKey
    That works as well too.
  • ravenware
    but hey, it keeps us all safe

    I laughed so hard I almost shit in my pants.

    This is still BS. My coworkers and I have to travel with laptops and blank drives quite often to perform forensic data collections and we have had instances were Totally Stupid Annoying officers confiscated blank hard drives and never returned them. We can not wait 30 days for our equipment to be returned either we need it immediately. So far we have not had an instance where they have confiscated a client original; not sure what to do when that happens.

  • salopar
    suspected of having evil data in your harddrive that enable you to take over the plane!! i couldnt find a REAL good reason that allow the evil empire to take over your harddrive
  • bison88
    Encryption and Setting a user password on your laptop is a must for private files. I would never log into my computer for these guys much less as mentioned above unencrypt personal files for the Federal Government. Use those super computers and go to town, make em work.
  • Honis
    if enough people do this, the searching will become too expensive and annoying and it will eventually be scrapped
    Actually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.
  • cldebuhr
    Yep - Encryption is the key. If you've got a laptop, use whole disk encryption with a really good, long passphrase. Any sensitive files can be further protected inside of TrueCrypt container files. Use the passfile feature on TrueCrypt, which should essentially remove brute force from the table as a decryption option, provided "they" don't get your passfile. How to prevent that? Leave the passfile at home with a trusted party who will email it to you once you confirm that you're safely at your destination, and safely past the border. If you're worried that your passfile might be intercepted in transmission, then keep another (unused) maximum entropy passfile within the encrypted container and change the passfile to that one before your return trip. Leave it with another trusted party to email back to you upon your return (or just leave it at home before you leave in the first place). Under NO circunstances carry the clear text passfile with you. Yes, this will render you data inaccessible until someone send it to you, but its inaccessible to EVERYONE.

    And now for the how to piss off DHS department ... Use TrueCrypt to create a number of encrypted containers with strong passwords and maximum entropy passfiles. Then destroy the passfiles. Idealy ensure that the passfiles never actually existed in cleartext on any media your carrying wit you, but at least do a secure erase on them. Now you've got a number of encrypted containers, which can ONLY be accessed by brute force ... but you used maximum entropy passfiles to encrypt the volume header. That should suck up quite a few cycles on someone's supercomputer, and if they ever do get in, they'll find exactly ... nothing.
  • razor512
    HonisActually, they'll just raise your taxes or make encrypting information illegal. Welcome to the Change.
    then we will just have to boycott the airlines and border checks, use portal guns to get where we need to go :)

    or if needed you can also fill your portable medias free space with tons of the most disturbing non illegal content you can find and make all the workers scared to randomly check laptops with out a really good reason :)

    anyway this will eventually ruin the economy further

    most major companies do not use the internet or mail when transporting highly sensitive information, and theres no trusting a someone else to look at it who isn't in the company, trust me giving the chance a worker getting $13 an hour wont resist copying info from a company computer if that information could be worth millions, companies will just avoid doing business with the US.

    those places go crazy about protecting the privacy of them self and their workers, if you even try to go to a private area or ask a worker for any information not giving out to you from the start, you can probably get arrested, why not extend some of that privacy our way, or level the playing field, if you can look through our stuff then we can look through your stuff at will.