Laptops, TSA, and an open-ended "how would you do it?" question

Re: Laptops, TSA, and an open-ended "how would you do it?" question

Just found this quote:

"We have broad search authority at the borders to determine admissibility and look for anything that may be in violation of criminal law," says agency spokeswoman Lynn Hollinger.

I guess I'll have to leave the copy of Air Supply at home. :-)

xor

Re: Laptops, TSA, and an open-ended "how would you do it?" question

The first thing I look for in any new space is security cameras. And this thread seems to explain why the guys I hang out with always nab all the good seats and then I can't eat at all with my back to the crowd, nervous the whole time. I have some friends that sit diametrically opposite to me at tables when we're out to watch out behind our backs for ninja assassins.

So why can't we just do it 5th Element style, by drugging everyone up right before takeoff and waking them up as the plane lands? The money it would take to set that up and not mess it up I'm sure couldn't cost more than the circus of security we have to walk through now. Then you could actually get some sleep too.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

not to sound rude or anything when i make this statement... but what the fuck is he thinking taking a business laptop along with him on a pleasure trip?

if he's an accountant for a high-end firm, they should have issued him a computer specifically for business work, right? i mean, he's not doing the taxes for fortune 500 companies using a personal copy of Quick Books on an AOL connection, right?

Ugh, sorry... but sometimes we all touch on topics here on the forums (and i'm not targeting you, xor... you're cool with me but just happened to raise a point that is my catalyst for this rant) that just make me want to pound my head into a wall. How come computers make people forget all the basic rules of device use in a society?

For this scenario... imagine a police officer asking either of the following two questions...

Of course, the answer to the doofus in each above scenario is "don't use your duty weapon for pleasure outings and don't bring personal hardware on the job, fuckhead."

This is very similar to morons who post here asking for advice about worms, viruses, and removal of other malware. Imagine if there was a "Homeowners Forum" and someone posted the following there...

People would look at you funny and say "Salvage everything you can from the wreckage, knock the rest of the house down, let insurance cover your costs, and build a new goddamn house, moron. If you were a responsible person with back ups of all your key paperwork, etc. would have been in a fire safe or copied off-site, right? So what are you complaining about, aside from living in a Motel 6 for a couple months?"

And yet, this basic bit of logic totally fails to get in the heads of people with computers that went off the rails. Shit, that kind of a scenario can be addressed in under 24 hours for god's sake.

Heh, sorry... this turned into a little bit of a super-sized rant. We now return you to your regularly-scheduled Deviant Diatribe.

To recap... why in the name of all that is good and sane would your brother be taking anything with company data on any sort of a pleasure trip, inside the country or out?

P.S. - I think others have stated this above... but it makes total sense that in the future all business travelers will have forensically clean laptops and remote tunnel back to their home networks to do work on the road. That's the policy i use now, in fact, whenever i travel... simply because i don't want my laptop to get stolen and be up a creek there.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

Mite be a good idea to have a generic drive(as suggested), with a keylogger installed so this way we can at least see what they are doing to the devices.

Personally I'm really torn. Safety verses privacy you would have to be King Solomon to decide this one. I definitely see the importance of information to intelligence gathering but I can't help feel that this will be used badly. Like grabbing and fining someone for having some music or a program on their drive that they shouldn't.

Entities like RIAA say they are only after the biggest offenders, but look at who they went after in there landmark cases; students & individuals, not companies making large profits.

Industry was so quick to make traditional references to computer software/hardware e.g. file cabinets, brief cases, mailboxes, this could end up biting people in the arse.

It's a real quagmire.

xor

Thanks DO, you are alright by me to. He may end up taking just his PSP but of course this to can hold data. If it's a company laptop I told him to consult with his IT staffer before taking his PDA and other company owned devices outside the country. They do Citrix and VPN but still if passwords are cache locally as they often are you just gave someone a window into your world.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

I'll bite on this one. My wife is an accountant/bookkeeper. She owns the business. She also takes her laptop with her on vacations. Hell, she was working the day before our out of state wedding. There are the rare occasions where there is that one employee that isn't replaceable. He may not need that laptop while on vacation, but there may be that odd question that he needs the info on the laptop to answer.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

This whole idea and mindset goes along with a paper or at least an idea construct I (with a little help from Deviant) am working on and writing. Its basis is on what hackers see vs/along with what muggles notice.

I always notice it when guys are hunting for that perfect seat in a restaurant. I've noticed that the more "alpha" a guy acts, the more they desire that particular seat. Sometimes I'll take that seat just to watch them squirm. I mean, it's not all guys that are alpha, right?

Re: Laptops, TSA, and an open-ended "how would you do it?" question

i can feel the ice shifting beneath my feet when i put this response together, because i don't want to get you grumpy at me and i'm speaking with zero direct knowledge of you, your wife, and the accounting business...

but overall i'm given to respond to almost any such situation as you've described with a big yer doin' it wrong!!1!

even if we are talking about work related stuff here (which would mean a work laptop) there is almost NO reason i could possibly think of to have, say, the entire financial database sitting on the physical disk of the device that's doing the traveling. you could have a laptop all loaded with QuickBooks or whatever software you need to do the work, then a VPN allows you to connect back to the house or office where client files are saved.

to reiterate... i do not know you personally and do not know your exact situation. i will also admit that small office / home office situations are the ones that bend the rules the most with respect to resource use and available options. still, the fact that almost no one ever truly "needs" all the company data off-site is one of my more immutable rules of IT.

(the other being that, if everything is setup properly, there is absolutely zero earthly reason that any user needs anyone else's password. ever. for any reason. any user(s) who share each others' passwords are being lazy and any sysadmin who says "just login as him/her when you need to do [some thing]" is quite possibly being a fucktard.)

Re: Laptops, TSA, and an open-ended "how would you do it?" question

So let me make sure I have this right. Your objection is not that he is taking a company computer with him but the fact that he is taking company data? Given that is the case, I agree 100%.

I take a company computer with me just about everywhere I go and that's because I believe that only company computers should be able to connect to the company network. I use this computer for just about everything but it's primary role while on the road is to use to connect back to the desktop in my office where all my data is stored.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

Yea, I'm pretty anal about securing the data. Not all the info is on the laptop. Some is though. I've got it secured as much as possible, so that she'll still use that security. I thought about putting the data in an encrypted container, but was over ruled on that one. She can vpn back to home for anything she doesn't have with her. I'd love to keep all the data here and do the vpn thing for everything, but Quickbooks in their infinite wisdom started using some weird database scheme for the data that needs it to be stored on a computer that's running the program. I used to have all the data on a nice secure bsd based server that did a nightly rsync to an off site server for backup. Now someone has to remember to copy the files manually to the server from a winblows box. The whole setup is as good as I can get it with what I've got to work with. Luckily she doesn't travel too often.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

yeah, i ran into that at a few of my clients' places. Intuit keeps insisting that they have this "Database Administration Module" that you can run on the server machine but it doesn't work worth shit. Ultimately, i've just had all my clients buy an additional license and create a user with no permissions in the database. That dummy account logs in on the server and hosts in multi-user mode. It's lame, but i personally think that was Intuit's plan all along... no other reason for the database code to have been so badly implemented.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

First, it isn't TSA, its ICE. They're the ones who have the job of stopping contraband at the border and immigration points, not TSA. TSA is just for aircraft.

For what it's worth, by brother just flew in yesterday from the UK where here lives. His laptop was in his carry-on, and ICE at JFK didn't seem to care at all.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

yeah, i've actually never been given a hard time when traveling between borders (**huge knock on wood**) and am routinely impressed with how the border staff are trained so much better than TSA and most other screeners whom you'll ever meet.

Customs agents adjust their demeanor to put you at ease, but often will ask a quick and simple question (sometimes when you're about to gather back your documents and walk away) just to gauge your reaction. If they fire quickly at you an inquiry of how whether you visited anywhere outside of a specific city overseas, it's not because they're wondering if you came into contact with pathogens in rural regions... they're just trying to judge the appropriateness of your expression changes or any delay you have in answering them.

almost 100% of the time now, i just breeze through security (even back in the states) in the "nothing to declare" line and that's the end of it. the one time i was singled out for extra screening was (heh, this is no shock) coming back from Amsterdam. it looked like they basically told everyone on the entire plane who was under the age of 50 to step to one side after we'd gotten our bags. it was cute how they called it "agricultural" screening. yeah... because of all those people who bring in Dutch tulips illicitly.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

So that explains why Thorn and I seem to get through just about everywhere without so much as a 2nd glance.

Another trick I sometimes use, especially with ICE agents is to show my military ID card instead of a drivers license.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

I think many of us have found when traveling *TO* the states and internally, wearing TLA logo shirts goes a long way to making life easier.

That said, don't wear the same shirt when *Leaving* the states. It's a weird world out there.

Re: Laptops, TSA, and an open-ended "how would you do it?" question

Lucky you. I had to talk my way through Dubai customs (read: yell) without an entrance stamp or any documentation saying I entered legally, I've had to explain why I have foreign sand on my flip flops when entering Australia, and have my pool cue confiscated because of its deadly weapon status from my carry on. Plenty of 'random checks' along the way.

Most of the time I get grief trying to leave another country, though I have had various "let me see your ID again" moments, no matter what ID I use in the states. LAX in particular. I hate LAX.

I do agree that border staff pay more attention to some of the important items rather than the fact that someone's newborn has booties(!) on while going through a metal detector. I never got a hard time from a border guard when crossing. Except for that one time in TJ. Damn bike cops.

I have found that being prepared in Heathrow can get you through a checkpoint quickly. When going out to the gulf, I always came through there and had to pity the staff who looked exhausted, underpaid, and very frustrated with the constant crowds. I always had everything ready and they let me through with a look that said "thanks for having one back, your passport and boarding pass ready, and for not being an asshole".

I watched an army guy get loud and complain about his bag being checked for a moment, and tried to warn him. They had to hold the plane for that one he was in extra screenings for so long.


While I don't have the solution to a better airport experience, like many situations I think a general class in basic critical thinking should be mandatory.