Interesting People mailing list archives
Re: Appeals Court: Border electronics searches are okay
From: David Farber <dave () farber net>
Date: Thu, 24 Apr 2008 09:45:39 -0700
________________________________________ From: Dave Crocker [dhc2 () dcrocker net] Sent: Thursday, April 24, 2008 12:39 PM To: David Farber Cc: ip; EEkid () aol com; Richard Forno Subject: Re: [IP] Re: Appeals Court: Border electronics searches are okay Folks, Worrying about inspections at borders is titillating but probably distracts discussion from the larger and more pervasive examples of unwanted inspection of data on a laptop: physical theft or loss. Protect against that, in a way that is viable on a daily basis, and the border concern is automatically also dealt with. So it's fine to have concern over border inspection serve to motivate efforts at protecting mobile data privacy, but it probably should not guide design. We've seen the same distinction for developing trust-based mechanisms to "fight" spam and other abuse. Good for motivation, bad for design. The design needs to solve things in a way that fits into daily use, rather than being tailored too specifically for special use cases. And no matter how much you cross borders, it's a special case, compared with the rest of your laptop use. As with so many other security issues, in the case of laptop privacy, the core technical challenge is almost certainly a human factors one. Keeping data on a peripheral that is removed is inconvenient and really doesn't solve the problem, since the peripheral is also subject to inspection. And for a large enough amount of data, the i/o rate is not good enough or the storage choices are too limtied. Or both. So it is not likely to scale into widespread use. Having file or disk encryption performed automatically certainly sounds appealing, but it creates the question of how the data are unlocked. If it is convenient enough for daily use by mass-market users, does it really provide meaningful protection? So, for example, having login (boot-time or waking from sleep/hibernation) also unlock the data is extremely appealing, since it creates no new human-factors effort. But does it provide protection against a laptop stolen when you step away from it for a few seconds? Does it need to? I think this translates into the question of granularity for the user activity that controls the crypto. Does the human factors check take place at the right times to be useful while still being tolerable? d/ David Farber wrote:
depends on if you can hide it. Better, I think, is a very small size flash
drive that you keep all your private stuff on encrypted and "hidden"
Dave ________________________________________ From: EEkid () aol com [EEkid () aol com] Sent: Wednesday, April 23, 2008 7:40 PM To: David Farber Subject: Re: [IP] Appeals Court: Border electronics searches are okay Dr. Farber, I've noticed that it's very easy to remove the hard drive on some laptops.
Particularly the Dell's I've owned. Removing two screws and the hard drive slides out connected to a plastic drawer like holder. It can easily fit in a pants or jacket pocket. -- Dave Crocker Brandenburg InternetWorking bbiw.net ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Appeals Court: Border electronics searches are okay David Farber (Apr 23)
- <Possible follow-ups>
- Re: Appeals Court: Border electronics searches are okay David Farber (Apr 24)
- Re: Appeals Court: Border electronics searches are okay David Farber (Apr 24)
- Re: Appeals Court: Border electronics searches are okay David Farber (Apr 24)