Traveling overseas? You'll need a visa and might need to disable your computer's encryption

: @orinthomas

A New York Times article recently told me something I didn't know about crossing borders with encrypted hard disks - namely that "both China and Russia prohibit travelers from entering the country with encrypted devices unless they have government permission" - http://nyti.ms/zVrGAE

The article itself is about the precautions that organizations take when sending their staff across to these countries. Essentially they give them a clean laptop expressly for the purpose of travelling to these countries. They put them on a separate remote access network when they are using remote access to communicate back whilst travelling within these countries. The organizations assume that the computers will be compromised during travel (even though they turn off items such as Bluetooth, the computer's microphone and cameras) and wipe the devices completely when the staff return to their point of origin.

[Clearly they should only use MacOS when travelling because it's so unhackable. *snerk*]

I'm wondering when the "no encryption" policy will become standard for all countries. I imagine the argument for it will be something about "protecting the borders from certain types of pornography" - but it certainly simplifies the process of customs installing keyloggers on your laptop if they don't have to worry about BitLocker protecting the boot environment. With the rumors of BitLocker on Windows Phone 8 swirling around, maybe the same policy will start to apply to phones as well.

The first rule of travelling with sensitive data probably should be "don't". If you must, there's no reason why you can't store an encrypted file somewhere in the cloud and keep the decryption key in a separate cloud. From the NYT article it sounds as though big business is taking the sort of approach you'd expect the characters in a Neal Stephenson novel to adopt. The precautions also doesn't sound too crazy, though it's always hard to tell the line between reasonable precaution and overt paranoia when it comes to computer security.

 

--

My book Windows Server 2008 R2 Secrets is for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material. If you are looking for a book on Windows Server 2008 R2 that will tell you stuff you don't know rather than reiterating stuff that you do, it might be right for you.

Discuss this Blog Entry 1

on Feb 16, 2012
This kind of article has been regularly recycled for many years. In fact, going back to the original release of Exchange 4.0 in 1996, there were fears expressed then that laptops containing the Exchange client wouldn't be allowed in France if they contained encrypted email. As to the notion of separate PCs used for travel to China, Russia, and other countries, I am certainly aware of instances where companies have mandated that travellers use a new PC for trips that is sanitized afterwards. When I led security efforts for HP in 2003-2006, we had a research project that measured the attempts made to penetrate PCs during travel. Some instances were discovered, but not as many as you might assume and certainly something like BitLocker will protect against most attempts to retrieve confidential data. However, extreme attempts to protect information are really only taken for people who are known to have corporate secrets (new product details, plans, research papers) in their possession and the vast majority of PC owners are quite safe to take their PC to foreign countries providing that they continue to practice reasonable "keep safe" computing habits. Plugging into a hotel network without having a good firewall on your PC is not, for example, a good thing to do. I'm also unsure how any country would attempt to detect encryption technology on a PC or mobile device. Think of the TSA queues that exist today or the queues to go through immigration at a busy international airport such as LHR or JFK and then treble them to allow agents to validate (in some way) that a PC is "clean". Not a viable plan perhaps? In short, newspapers print articles to sell copies. It's a good story but I have my doubts. Now, I am prepared to be proven wrong - so where's the evidence of new plans to check traveller PCs with the details of the technology that will be banned and why? - Tony

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.

Contributors

Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×