Airport searches of laptops, other devices intrusive

Re: Airport searches of laptops, other devices intrusive

Are these guys trained in computer forensic acquisition though? Even ripping an image improperly can leave room for disputing the evidence if it went to trial. I would love to hear the details from someone who does this. Perhaps the rules are different in these cases? The main issues I can think of with regards to whether the image would be of any use are 1) imaging a full disk can take quite some time, and obtaining a partial acquisition is often used when time constraints are present and 2) usually the investigator must choose partial acquisition data in accordance with a warrant. That is the US procedure for it, so if you are somewhere else the procedure may differ. I guess they might have a forensic tool that only looks for certain file types, hash values, or certain keywords when doing airport/border searches. It would be great if your friend or someone else in the know can clarify this.

I guess it brings up another question - at what point will they begin imaging cell phones and iPads/Ereaders/etc. during these searches?

*Note: I am really interested in this topic because I am thinking about getting a MS in Computer Forensics once I finish my BS in Information Systems Security - trying to learn what I can, and this discussion is full of good points.

Re: Airport searches of laptops, other devices intrusive

I agree that those who are really trying to hide something will most likely find other ways of smuggling contraband data into the country. This guy was apparently not very tech-savvy. He had left a trail of stupidity in planning his trip as well - law enforcement were familiar with his sex tourism destination, which raised their suspicions. It was weird how they did this though - they did not have a warrant and did not have him in custody. They just used a "random" search at the border as a means for searching his laptop.

Re: Airport searches of laptops, other devices intrusive

From a buddy of mine that has to do these, they CAN take the laptop away from you, rip an image and then return it to you. They may just ask you to boot it up and check random folders. As I understand it, it's all up to the officer doing the check.

Re: Airport searches of laptops, other devices intrusive

aside from stupidity, what stopped this guy from simply burning this stuff to disk, mail itback over the border, and then come into the country normally with a wiped "new" image. searching laptops at the border just catches the low hanging fruit and wastes my time when crossing. there are so many ways to get data into the country. it is logical not physical like drugs and the sooner these people understand that the better off we will all be.

Re: Airport searches of laptops, other devices intrusive

Deviant, I see where you are coming from, but I can think of one exception. In my cybercrime and computer forensics courses, we talked about the kiddie porn problem. One guy went to an Asian country where sex tourism is popular, spent some time with some underage boys, and took photos and videos of what he did there. He flew back to Mexico then attempted to re-enter the US legally from there. Of course, he was already under suspicion of being a pedophile, and when his computer was searched, they found the evidence. Normally what is on someone's personal computer is nobody's business, but I think in this case the search was justified. That's the bad thing - there will always be that one exception, and it is difficult to know how to catch people like that without trampling the rights of the rest of us

Re: Airport searches of laptops, other devices intrusive

So for those that are familiar with laptop searches, to the best of my knowledge you are allowed to watch them search the laptop. Does this include watching the screen? Or can they hide what they are doing from you?

If it's the latter, and they do attach it to some automated forensic tool. I don't think I could trust that laptop any more. While I'm sure that nothing malicious is actually added the possibility that even without admin rights or without me logging in they could've put software on there (Think unencrypted hard drive, how difficult is it to replace a binary when booted off your own media?).

I'd probably wipe the laptop and reformat at my next available chance. Has anyone witnessed border or airport personal booting off external media or hooking laptops up to external devices for automated testing?

Re: Airport searches of laptops, other devices intrusive

i am very pleased to read this. now, overall... i feel the best policy is to essentially have zero sensitive data on the laptop during border crossings. keep everything remote and VPN back into it from wherever you are.

that way, the whole device is basically just one big burn phone. still, that's financially unfeasible to anyone except businesses, really.

i like that there are certain things that are "protected" from unreasonable search, even in a border zone. and this makes sense, really... US Customs should be (in my view) in the business of guarding the border from import or export of controlled, sensitive materials (illegal weapons, illicit cash, smuggled and stolen items, etc) that they can actually prevent and stop.

there is no way to effectively prevent or stop digital transmission into or out of the USA. (there shouldn't be a way to do it at other nations' borders, either... but we have a lot of corporations to thank for that happening anyway. that's a whole other topic. ask Dingledine or Appelbaum about it in the context of Tor... man, they'll tear into so many big industry names, it's vicious and awesome.)

there's nothing that can be "inside of" a laptop hard drive which customs could ostensibly be really "stopping" from entering or exiting the country anyway. thus, i'm puzzled as to why anyone could consider it a worthwhile use of their resources to poke around there anyway. (outside of the context of a larger investigation of an individual who is already being held on other evidence)

Re: Airport searches of laptops, other devices intrusive

An update concerning border searches of laptops:

Judge limits DHS laptop border searches
I hate that these articles rarely actually link to the actual decision. Although in this case they did post "excerpts." Still. Searching for it now...the Northern District of California does not have the best of websites...

Re: Airport searches of laptops, other devices intrusive

I was in Amsterdam last Christmas, and they still have armed guards with MP5's and M16's all over the place.

This Christmas I also visited Switzerland, and the Zurich airport was blanketed by security personal with shot-guns and other types of weapons.

As for searching of laptop at the border, the next time I am going back to visit my parents in Switzerland I will be leaving my main laptop behind, carrying only a small secondary laptop. This laptop will be clean installed with FreeBSD. After I get to my destination I will install whatever I need on it to get work done, and SSH back home to access to my files.

When I head back home, I leave the laptop in Switzerland. Problem solved. I don't have a laptop to search any more. It is going to make my travel so much easier and nicer. No more need to pull out a laptop during inspection.

It is really pathetic that it has come down to this.

I don't think that a personal laptop is the same as papers in a brief case. I store way more private data on my laptop than I would on paper in a brief case. Now I hear some you say, why is that? Well my laptop has more storage. It makes sense in this day and age to have all the information required at ones finger tips, not only that, it is becoming almost impossible to remember all the information someone is required to remember. Social security number, bank account numbers, pin numbers, insurance policy numbers, passwords (yeah, I will admit, those are stored in Mac OS X's Keychain). My computer is more an extension of my brain, and another place to store data long-term. Paper in a briefcase is not the same thing. It does not compare.

Re: Airport searches of laptops, other devices intrusive


*rolling on the floor laughing*
great idea...

another case of the government going too far... so is there any other way to avoid it?

Re: Airport searches of laptops, other devices intrusive

lol moral of the story... dont leave the country ;)

on a semi more practical note, i would assume an easy practice used to get around this problem would be to just simply get a laptop only for travel (just like haveing a con / hacking laptop and a work laptop). never mix data betwen the too and use crypto to secure sensetive data when needed

Re: Airport searches of laptops, other devices intrusive

that's the point, the inspector skill level ...
how trained they are ....
if all can be hide with a rootkit (for say it in some way, for example, if you got windows, make a driver for hide stuff), or if they're not so stupid, so, if anyone gets information, or a experience with this,post, because that really will enlight some stuff for make our privacy rights effective ...
any experience with this ?

ah, by the ways,that mess is only on the airports, but, if you want to make small travels, would be insteresting take a bus for avoid all this crap, ¿ don't you think ? :S

(sorry for my english, I'm working on it ... I actually speak spanish )


Au Revoir !

Re: Airport searches of laptops, other devices intrusive

What interests me is the process. If someone wants to manually surf the contents of my laptop as a requirement to cross a checkpoint and return home... then I likely wouldn’t fuss as my potential exposure is low.

I would be more concerned if they were to attach it to a harness. Once attached to a harness my device is no longer protected by the inspector's skill level and instead vulnerable to a myriad of automated forensics. The replication or imaging of whole volumes for deeper analysis at a later time would be possible. It may not be completely feasible for all devices but possible.

Re: Airport searches of laptops, other devices intrusive

I can remember Amsterdam airport 30 years ago when it was not uncommon to see armed soldiers with M16's all around the boarding areas and throughout the airport. Terrorism in Europe and many others nations is not as newbee as it is to us since 9/11.

Granted, if anyone really wanted to get a laptop or even parts of a bomb for reconstruction at the other end they could simply courier ahead so it would be there when they arrived. Judging by the luggage handling abuse at airports it might be more prudent to mail your laptop ahead to your destination fully insured.

Re: Airport searches of laptops, other devices intrusive

this is too much, now they violate the privacy of a citizen ....
not weird, this is not new actually, but this make that MORE evident .....
anyways, it's matter of see how much they check your stuff :) (surely there are thousands of ways to hide stuff of them. i don't know, but, it's matter of letting the creativity FLOW !)

actually, i don't understand why they do this, i mean, a terrorist will never be so stupid (or maybe yes? i don't think so .. )

as xor said "they can have my laptop when they pry it from my cold dead hands."

anyways, i live on argentina, but i had on mind the idea of going to USA :S

here the things are more soft =D

Adieu !