Friday, 25 September 2009

More on Border Hassles

Perhaps I was a bit hasty in speaking about how easy it would be to smuggle much of the data past border security. Here's why: The DHS retains the right to mirror all your data. To me, this means they aren't just rooting around like an incompetent baggage handler, but instead running programs to search through your data for various patterns. Thus, any solutions dependant on retaining the data in some encrypted format would be poorly advised, because they would encounter this data, and either crack it themselves, or request the key from you. Request the key with a court. That's the kind of request you can't really say no to.

This doesn't prevent people from merely hiding microSD cards - that'd be damn hard to find, since they're smaller than a fingernail. Or just don't physically transport the data at all, and email it to yourself (or a trusted party) encrypted with a one time pad, and waltz across the border without carrying anything illicit. One Time Pads, it should be noted, can provide perfect protection if implemented correctly.

And again, it only effects people physically carrying data into the country. On their persons. Through customs. Anyone involved in data smuggling would know how to easily evade it, unless they've completely failed to do their homework.

The problem is that data is just too easily transformed, and too easily transmitted electronically. This only accomplishes making the border crossing security experience more elaborate, while returning a minimum of additional security. The most this policy will accomplish is annoying the hell out of legit citizens.

Here's some documents from Customs and Border Protection relevant to the policy:
Here's the press release.
Here's the Factsheet for the policy. (40kb)
Here's the actual policy. (Warning, 6mb)

Here's pretty much all you need to defeat the policy.
So... we're assuming Al Quida doesn't know how to use google for anything other than learning how to dig holes?

No comments: