As you’ve probably heard, the US customs service has, recently, asserted the right to confiscate any and all computers and\/or digital storage carried by anyone crossing the US border. They further assert
\nthe right to demand all passwords, encryption keys, etc., from
\nthe owners. They even further assert the right to keep or make copies of any data that they find, and to share it without limit with anyone they choose.<\/p>\n
I don’t think I really need to stress how insane this is. Back This isn’t new news. They’ve been doing this for a while, and we know they’ve been doing it – they’ve made absolutely no attempt to The reason that I’m writing about it now is because I just read Swire notes that agents at the border are going further than just Of course, they promise to destroy the copies and the keys as soon This gives government agents access to information they would Not to mention that just having encrypted data on your hard drive wouldn’t you immediately need to know what it said? It could be a conspiracy! It could be a list of child pornographers! It could be a copyrighted magazine article! It could be a bootleg Led Zepplin video!<\/p>\n Urgh. <\/p>\n So I figure the best solution is to encode your files rather than That’s the wrong answer. The solution isn’t to try to hide the The first part of instructions for how to do this are below.<\/p>\n <\/p>\n This connects back to something that I said in my review of Cory Doctorow’s book, “Little Brother”<\/a>. In that book, Cory wrote about The solution to this is to make encryption much more common, so that it’s no longer so rare that it raises a flag. In the novel, Cory wimped out, and had his protagonist’s best friend be the chief programmer at the most popular ISP in the city, and had them change the ISPs code in a way that transparently made everyone’s computers What we can do is start encrypting our<\/em> data, and when we teach people to use computers, just set them up so that they’re using encryption. Set up your parents macintosh to use FileVault. Set up For my part, I’m going to write a bunch of articles on encryption: some on algorithms and how encryption works; some on how to set up things like PGP.<\/p>\n For starters, here’s how I set up GPG support in Firefox on my mac. GPG is an open-source encryption system. It’s important that it’s open-source: as you’ll see in later posts, one critical thing about encryption is making sure that no one could have hidden anything in the encryption layer between you and the people you want to talk to. A verifiable open-source system can provide reasonable<\/em> assurances that there’s nothing hiding in the code, because anyone can see it, and it would inevitably be noticed.<\/p>\n Using GPG with firefox is quite easy: there’s a firefox plugin called FireGPG, which you can download at http:\/\/getfiregpg.org<\/a>. You’ll notice that there’s something on that page labeled “MD5”; that’s a signature, which you can use to verify that no one is substituting a different version of FireGPG to listen in on you. I’m not going to go into how to check that today; for now, we’ll assume that we can trust FireGPG. If you want to be really careful, you can look up MD5, and check the download before installing it. Eventually, I’ll get aronud to showing you how to do that, but I want to ease into it. And one of the most basic facts of cryptography is that all communication ultimately relies on some degree of trust: so find a network that you can trust, and download and install GPG: There’s a link on the FireGPG site that tells you how to install GPG. Do that, and then run the FireGPG installer.<\/p>\n Once GPG is installed, you need to set up keys. To create a key, open the terminal\/shell application, and do “gpg –gen-key”. There are some decent instructions about details of making a good, secure key in the GPG docs<\/a>. I used the default options for key generation: it’s a DSA\/Elgamal 2048 bit key without expiration. <\/p>\n What you’ve got now is a set of keys that you can use to securely communicate with other people, as well as to safely encrypt documents. To get a copy of your public key to send to other people, go to the command line, and run “gpg -export -a”. You’ll get a bunch of strange looking text. For example, my public key, in the format Now with FireGPG installed, when you write email, you’ll get a set of option buttons in Gmail or Yahoo mail that will allow you to digitally sign or encrypt messages. What you need to do to make that useful is to get your public<\/em> key where people can find it. There are a bunch of good ways to do that: publish it on your website, email it to people who you’d like to have it, and register it with a key server. There’s a very good, trusted key-server at MIT<\/a>. Just paste that key text into Protect yourself. Do this. Use it. Tell others to use it too.<\/p>\n","protected":false},"excerpt":{"rendered":" As you’ve probably heard, the US customs service has, recently, asserted the right to confiscate any and all computers and\/or digital storage carried by anyone crossing the US border. They further assert the right to demand all passwords, encryption keys, etc., from the owners. They even further assert the right to keep or make copies […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[84],"tags":[],"class_list":["post-667","post","type-post","status-publish","format-standard","hentry","category-encryption"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4lzZS-aL","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/posts\/667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/comments?post=667"}],"version-history":[{"count":0,"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/posts\/667\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/media?parent=667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/categories?post=667"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.goodmath.org\/blog\/wp-json\/wp\/v2\/tags?post=667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nwhen I worked for IBM, I frequently travelled to Canada, because I
\nworked with development labs in Toronto and Ottawa. When I did that, I
\ncarried a computer full of stuff that IBM considered to be highly
\nconfidential and highly sensitive. (I’ve even still got a wall-plaque
\nfrom IBM thanking for me work on a project, where I’m not allowed to
\never<\/em> tell anyone what I did to earn it!) What this policy
\nsays is that the border service would have the right to turn that
\ninformation over to anyone they wanted<\/em>, without informing me
\nor IBM that they had done so. Further, some of the information on that
\nlaptop was encrypted, and I did not have the key<\/em>. They were
\nencrypted with a system that would only allow them to be opened if the
\ncomputer could contact a particular IBM server from inside the IBM
\nfirewall. So not only could the border service have confiscated the
\ncomputer and passed on confidential or private information – but they
\ncould have arrested me for refusing to decrypt the information on the
\ncomputer – even though I couldn’t<\/em> decrypt it.<\/p>\n
\nhide it.<\/p>\n
\nsomething on Salon about how an allegedly knowledgeable and tech-savvy
\nperson recommends coping with this, and I can’t possible disagree more
\nstrongly. On the Salon Machinist blog, Denise Caruso wrote: <\/a><\/p>\n\n
\ntaking image copies of people’s hard drives. They’re actually
\ndemanding passwords and encryption keys so they can examine the
\ncontents.<\/p>\n
\nas they’re done — as long as they don’t find anything illegal, like a
\ndownloaded song you didn’t pay for — so no security worries there,
\nright? There’s no such thing as a crooked customs or Border Patrol
\nagent.<\/p>\n
\nnever get by opening up your suitcase. In addition to e-mail,
\nspreadsheets, documents and personal financial information like credit
\ncard receipts and photos, nowadays they can also listen to your stored
\nSkype calls and voice mails.<\/p>\n
\ncauses suspicion, or at least throws down the gauntlet. If you were
\nlooking for illegal stuff and you ran into a file that looked like
\nthis,<\/p>\n\nqANQR1DBwU4D\/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy\nZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG\/ELBvRa\nc9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv z\/9Ak4\n\/OLnLiJRk05\/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88\n<\/pre>\n
\nencrypt them, so that you could hide your stuff in plain sight. If
\nagents don’t know something is encrypted and it looks innocuous, they
\nwon’t compel you to give them the key. “Here’s your laptop, ma’am.
\nSorry for the inconvenience.” <\/p>\n<\/blockquote>\n
\nfact that you’re taking your own\/your employer’s privace seriously. The answer is to make encryption so absolutely routine that (A) finding encrypted files on a computer is so common and routine that it can’t be used as a distinguishing characteristic to allow them to justify confiscating your computer, and (B) to make it so incredibly painful and laborious for them to get any data off of a computer that they give up.<\/p>\n
\nthe idea of histogramming. The idea of histogramming centers on
\nrecognizing patterns in data, even when you can’t see what actual
\ninformation it contains. For example, if only 1\/10th of one percent of all data on a typical person’s computer is encrypted; that non-criminals who frequently encrypt files are uncommon; and that on average, criminals have 50% of the data on their computer encrypted, then finding a computer that has 50% of its information encrypted raises a flag: there’s something unusual here that suggests that
\nthe information on here might be related to a criminal activity.<\/p>\n
\nencrypt all of the traffic going onto the network. In real life, it’s
\nnot so easy. Technosavvy folks can’t wave a magic wand and make people start encrypting their data.<\/p>\n
\nyour windows box to use an encrypted filesystem. Use PGP. Put passwords on your important documents. Just make the little bit of effort to use reasonable encryption on a routine basis.<\/p>\n
\nFor communicating, you’ve got a key-pair: that is, a set of two keys. One of them, called the public key, you give to other people freely; the other, called the private key, you keep absolutely<\/em> secret. <\/p>\n
\noutput by GPG, is:<\/p>\n\n-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.6 (Darwin)\nmQGiBEibDXMRBAD7oZ5YmV9nbQWlFPTjZ2co+Uv\/56TiltrTVOFwN1jIZyilliTx\nDTTy3TEWpVU1rXrn+fomXAsT86noGeOVRJM32brlPg2FqWnFCcViM17zevCFB71O\nP7hnQ62koW97J1qAj81Yf9jmBKvnrUoRVnatxQ9iUHsgp8az2mKOXXpp+wCg7Ocq\n0spdJYIRWE3VuvjEttYRjjkEAIHlWhR1gEMmIHGlOQzHEwawCOnzwrs\/okGbB2Y8\nQRYTgYtNQfgYLiJioSBdpOltUnhb65dzAdtI3Pt0ZC\/KjA\/wYUz\/9XcITIpi53cZ\nk+8wptVvVQCGAh437Uyig5aihNj6lqMAgSFXd934oE07JXtuUYMAUtKn2w9kRqHx\nKd89BADFVWUUjhjZMzWQMgdAn2V+wIUW228DJ+emuJU26FIwbFx8njuqPZhUcc\/p\n\/Eqp\/\/wpzb0JtKKQD9jbVSOrImZio1qrvuPzfTwRqL6aISqOKrczj+mF9sM6jWl2\nVGmW3BonLVPAVcwDsGHNguE6V7HjU6Orquo\/sne471iUx+C5VLRFTWFyayBDLiBD\naHUtQ2Fycm9sbCAoQXV0aG9yIG9mIEdvb2QgTWF0aC9CYWQgTWF0aCkgPG1hcmtj\nY0BnbWFpbC5jb20+iGAEExECACAFAkibDXMCGwMGCwkIBwMCBBUCCAMEFgIDAQIe\nAQIXgAAKCRCWj+f7t+e20tu\/AKDc5TBuArqFPX\/AXxzLjHqURrNPDgCgqi82myYR\nXEpFYgNv8U3onWnNu0O5Ag0ESJsNfRAIAKmcIeIKPR7WpjMZ12zJP7T+W+9mrjld\nVMwSE\/tP7Xn57mS02Whp5LCBOvwdDwZxMFHVxPOe4X7LI9zoV8vq8bcvItWkWJf4\n5deGD+ZQlz\/\/7eS+5FojVUgekGWOksp1YW5QK9bmsGUxwuxkQ1n+yNpLfvQfMZnh\n0+D3TaFCjy5\/D1fOJzCNAl14I9KHY6VlaQP8Du7PbXGsWB59cmE10Sjk3eekmkY7\n136fH2lx2MpYYzjO1ehDS2DFlClTTXe\/LCqPUTxd1XFeYUJj+\/mXXO6kAJ\/pwEMs\nROF2xYMjwoVUN2G0bYdRW60V3fhVha3iqBxr8m0GG3t31AJl1vAMNa8AAwUH\/241\nL6c\/\/yD6w6JLYsTZFAChFojELnTb1VlDm9Ms8bERQJEkyEgTaG5Dd3YPX0Gx7cJ4\nRo3K7xwGezhtqTkRvkVjQHjaGN5obyxNjOU1WaxpvJOfM\/HmHYv2ZmsWJZkZJDVF\nuEYgnya\/q2g7Zntq75ainnej52PK+JuIymkeYGLqgSCoOHS5htnqxmBLc5RZsqN9\nNDp2Zryb7NmqadpvK5HKUQjF0fzvTBDE93FFHUKQnYJIxQGIOnw5eCVuYq0TByLW\nNJBaHFa\/8BrK3Us9yN+78p3cqo0quutsPk0K4pM+fJiy+1ACn+AkiCRNcQ06lCs+\nn5V8hz3hMrII0kofUpOISQQYEQIACQUCSJsNfQIbDAAKCRCWj+f7t+e20pUWAJ9U\nkJEi9hGf+3CmxMsDg7ruVCZJBACgpnBkckB59dqxLM\/wVtH2dc+hvl4=\n=E94S\n-----END PGP PUBLIC KEY BLOCK-----\n<\/pre>\n
\nthe submit box on the key-server, and your key will be registered. People you communicate with through FireGPG will be able to get your key from the MIT keyserver, as well as any server that MIT shares public keys with. <\/p>\n