Thursday, May 15, 2008

Getting your laptop data through security

Bruce SchneierSecurity technologist Bruce Schneier notes in the Guardian that border agents in the U.S., Britain, and other places can search your electronic device (laptop, mobile phone, etc.) upon demand. In the U.S. they can keep the device for an extended period to examine the contents. If you encrypt the disk, they'll just ask you to type in the password. Refuse and you'll regret the time you spend getting to know the agents real well.

So what to do with your sensitive data?

One suggestion is to encrypt just a small portion of the hard drive with the data. Leave the rest encrypted or not, but the little bit would likely remain undetected, at least at first look.

While customs agents might poke around on your laptop, they're unlikely to find the encrypted partition. (You can make the icon invisible, for some added protection.) And if they download the contents of your hard drive to examine later, you won't care.

That's not a perfect solution, and an alternative is to put the sensitive data on a small memory card which you can carry on your person. In the end, however, you'll still be at risk unless you have nothing to be discovered.

...your best defence is to clean up your laptop. A customs agent can't read what you don't have... Delete everything you don't absolutely need. And use a secure file erasure program to do it. While you're at it, delete your browser's cookies, cache and browsing history... Some companies now give their employees forensically clean laptops for travel, and have them download any sensitive data over a virtual private network once they've entered the country...

The Guardian article has more detail, and you can also look into the Schneier on Security blog and his Crypto-Gram monthly newsletter. Schneider is a sharp guy and a true security expert.

Thursday, May 01, 2008

New aviation security enhancements

The TSA announced improvements designed to ease some of the burden experienced by travelers.

Among the key improvements, DHS is providing airlines more flexibility to allow passengers to check in remotely who have been unable to do so because they have a name similar to someone on a watch list.

Each airline will now be able to create a system to verify and securely store a passenger's date of birth to clear up watch list misidentifications. By voluntarily providing this limited biographical data to an airline and verifying that information once at the ticket counter, travelers that were previously inconvenienced on every trip will now be able to check-in online or at remote kiosks.

Also new is the Checkpoint Evolution prototype which starts at Baltimore-Washington International Airport (BWI).

The BWI prototype includes Millimeter Wave technology used in random continuous use, multi-view X-ray and liquid bottle scanners. These technologies, in conjunction with changes to the checkpoint environment and processes, will be evaluated for operational efficiency over the coming months.

Saturday, April 26, 2008

Facial recognition technology in Britian

The Age reports in About-face for whiz-bang airport security system that air travellers to Britain "will soon be screened with automatic facial recognition technology in a bid to tighten security and ease congestion."

Holders of passports with embedded biometric chips will pass through automated gates that compare the data from the chip with facial scans.

There are concerns that passengers will react badly to being rejected by an automated gate. To ensure that no one on a police watch list is incorrectly let through the gates, the technology is likely to generate a small number of "false negatives". Those rejected may be redirected into passport queues staffed by control officers, or officers may be authorised to override automatic gates following additional checks.

This process will be available on a pilot basis to British and EU citizens with biometric passports.

Friday, April 25, 2008

New carry-on restrictions for China

CAACAccording to Reuters, starting May 1, 2008 China will restrict air passengers on domestic flights (except first class) to one piece of carry-on baggage. This restriction, in advance of the Olympics, was instituted "to guarantee aviation security." I guess first class passengers are less of a threat...


See Reuters, China restricts flight cabin baggage for security

Monday, April 21, 2008

Terrorists are watching the security system

Kip Hawley of the TSA told CBS News that terrorists are actively studying the U.S. aviation security system.

"They are building attack plans to get around our systems," Hawley told reporters. "We must be able to stop attacks that are designed to get around what we have in place."

In response, the TSA is training it's employees not only the basics of security, but also behavioral observation.

Specially trained TSA officers watch for "data points" to identify suspicious persons. Hawley says that behavior of a suspect with hostile intent is different from that of a stressed-out traveler.

See CBS News, Terror Trial Reveals Evolving Tactics, Transportation Chief Warns Of New Airline Sabotage Attempts

Sunday, April 20, 2008

The anti-hijacking safety bracelet

Digital Journal, in Upcoming Airline Security Project: The Anti-Hijacking Safety Bracelet, explains the work being done to create a bracelet for air travelers that can be utilized to administer a high-voltage, low power charge of electricity like the tasers used by police.

The idea is everybody gets an electronic bracelet at check-in. Then, if you act like a terrorist and need to be subdued, ZAP!, you're down on the floor.

Lamperd FTS ("Firearm Training Systems") is developing the technology. Their website says:

"Todays Security has many layers, should those layers fail there is one last line of defense- the EMD Safety Bracelet, patent #6,933,851. Lamperd Less Lethal has entered into a manufacturing agreement to develop and manufacture this product for world wide distribution using our current technology and expert knowledge in this field. Pending funding by a third party, we invite Investors to help develop this new technology; we anticipate tremendous interest and demand..."

Lamperd has created a video to explain how their system offers a last line of defense against terrorists. (Some people have difficulty viewing replays of the September 11 attacks on the World Trade Center, so you should know that this video contain such footage.)



If you're concerned about your RFID-enabled passport getting hacked, imagine how you'll feel about this taser system getting hacked!

I'm not convinced the public will accept this technology. Would you?

Wednesday, April 09, 2008

Profiling parity in Israel

In an update to my previous post, Profiling Arabs:

Attorney General Menachem Mazuz recently instructed the Israel Airports Authority "to implement visible equality" between Arabs and Jews in security checks at Ben-Gurion Airport.

Discriminatory treatment of Israeli Arabs had been alleged by the Association for Civil Rights in Israel and the Adalah Legal Center for Arab Minority Rights in Israel.

Mazuz's guidelines specify equal treatment in the examination of passengers' checked and carry-on baggage as well as the markings made on the baggage. For checked baggage, the current policy will remain in effect: The bags are machine-screened in front of the passenger. If the machine issues a security flag, the bags are opened and examined further, also in front of the passenger.

With regard to carry-on baggage, the current policy of directing members of various communities to different screening machines will have to be changed to conform with the new directives.

See Mazuz moves to limit racial profiling at Ben-Gurion Airport in Haaretz.com.