Fwd: [IP] U.S. Agents Seize Travelers' Devices

2008-02-09 Thread David Chessler

From: David Farber [EMAIL PROTECTED]

From: Sashikumar N [sashikumar.n@ ]
Sent: Thursday, February 07, 2008 1:46 PM
To: David Farber
Subject: U.S. Agents Seize Travelers' Devices

Dear Prof Dave,
Happen to read this link from slashdot, this is a disturbing news, a
direct assault on privacy...shocking that this could be real.


Clarity Sought on Electronics Searches
U.S. Agents Seize Travelers' Devices

By Ellen Nakashima
Washington Post Staff Writer
Thursday, February 7, 2008; Page A01

Nabila Mango, a therapist and a U.S. citizen who has lived in the
country since 1965, had just flown in from Jordan last December when,
she said, she was detained at customs and her cellphone was taken from
her purse. Her daughter, waiting outside San Francisco International
Airport, tried repeatedly to call her during the hour and a half she
was questioned. But after her phone was returned, Mango saw that
records of her daughter's calls had been erased.

A few months earlier in the same airport, a tech engineer returning
from a business trip to London objected when a federal agent asked him
to type his password into his laptop computer. This laptop doesn't
belong to me, he remembers protesting. It belongs to my company.
Eventually, he agreed to log on and stood by as the officer copied the
Web sites he had visited, said the engineer, a U.S. citizen who spoke
on the condition of anonymity for fear of calling attention to

Maria Udy, a marketing executive with a global travel management firm
in Bethesda, said her company laptop was seized by a federal agent as
she was flying from Dulles International Airport to London in December
2006. Udy, a British citizen, said the agent told her he had a
security concern with her. I was basically given the option of
handing over my laptop or not getting on that flight, she said.

The seizure of electronics at U.S. borders has prompted protests from 
travelers who say they now weigh the risk of traveling with sensitive 
or personal information on their laptops, cameras or cellphones. In 
some cases, companies have altered their policies to require 
employees to safeguard corporate secrets by clearing laptop hard 
drives before international travel.

Today, the 
Frontier Foundation and Asian Law Caucus, two civil liberties groups 
Francisco, plan to file a lawsuit to force the government to disclose 
its policies on border searches, including which rules govern the 
seizing and copying of the contents of electronic devices. They also 
want to know the boundaries for asking travelers about their 
political views, religious practices and other activities potentially 
protected by the First Amendment. The question of whether border 
agents have a right to search electronic devices at all without 
suspicion of a crime is already under review in the federal courts.

The lawsuit was inspired by two dozen cases, 15 of which involved 
searches of cellphones, laptops, MP3 players and other electronics. 
Almost all involved travelers of Muslim, Middle Eastern or South 
Asian background, many of whom, including Mango and the tech 
engineer, said they are concerned they were singled out because of 
racial or religious profiling.

Customs and Border Protection spokeswoman, Lynn Hollinger, said 
officers do not engage in racial profiling in any way, shape or 
form. She said that it is not CBP's intent to subject travelers to 
unwarranted scrutiny and that a laptop may be seized if it contains 
information possibly tied to terrorism, narcotics smuggling, child 
pornography or other criminal activity.

The reason for a search is not always made clear. The Association of 
Corporate Travel Executives, which represents 2,500 business 
executives in the United States and abroad, said it has tracked 
complaints from several members, including Udy, whose laptops have 
been seized and their contents copied before usually being returned 
days later, said Susan Gurley, executive director of ACTE. Gurley 
said none of the travelers who have complained to the ACTE raised 
concerns about racial or ethnic profiling. Gurley said none of the 
travelers were charged with a crime.

I was assured that my laptop would be given back to me in 10 or 15 
days, said Udy, who continues to fly into and out of the United 
States. She said the federal agent copied her log-on and password, 
and asked her to show him a recent document and how she gains access 

Truecrypt Encryption (WAS: Fwd: [IP] Re: Encrypted laptop poses legal dilemma)

2008-02-09 Thread David Chessler
I forwarded a couple of messages about US Customs seizing computers, 
sometimes failing to return them, and demanding passwords. Cellphones 
are also sometimes seized. The TSA claims it does not do this. This 
can cause problems for people who travel with company-sensitive or 
other private information. Some companies avoid the problem by wiping 
all data from the laptop and having the user access it by SSL or 
other secure method over the network. Other solutions are possible.

The following may be a solution for individual travelers without 
access to high-speed internet connections when in the field, or who 
lack access to secure connections to a secure server.

From: David Farber [EMAIL PROTECTED]

Sent: Friday, February 08, 2008 11:27 PM
To: David Farber
Subject: Re: [IP] Encrypted laptop poses legal dilemma


Check this as the perfect technological answer to the problem presented below.

Given my position , however, please do not use my name or my 
company's name if you post this.  Like anything, it has as many 
legitimate as illegitimate uses; this is public information and, 
ironically, was brought to my attention by some of the top security 
experts in the industry.


Creates a virtual drive inside of any object of your choosing.  But 
goes one better.  You can encrypt within the encryption in ways 
undetectable.  Thus you can give a password and allow others to open 
it and inspect.  Those looking will never know that within the 
encrypted space there is another deeper form of encryption.  That 
said, I'd really hate to see the gov't or someone else shut this 
down.  At the same time, for people traveling who are doing 
legitimate things that overreaching gov't officials have no right to 
see (and for which it is too late once compromise), this presents a 
valid solution.  It is also incredibly useful for anyone carrying 
sensitive information b/c it gives you two layers of protection if 
your storage device or laptop is stolen.  Know that if you mount it 
to a flash drive, it formats the entire drive.  Most people create an 
object and mount it to that.  Also, never, ever forget your password 
- did that once - and lost 50 megs worth of data.  (might want to use 
roboform, which encrypts and protetcts your passwords).  There's no 
getting inside of this. Ever.  It's about as rock solid as it gets.


Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: padlocks with backdoors - TSA approved

2007-02-27 Thread David Chessler

At 03:20 PM 2/26/2007, you wrote:

?xml version=1.0 encoding=US-ASCII? Hi,

has this been mentioned here before?

I just had my crypto mightmare experience.

I was in a (german!) outdoor shop to complete my equipment
for my next trip, when I came to the rack with luggage padlocks
(used to lock the zippers).

While the german brand locks were as usual, all the US brand locks
had a sticker

   Can be opened and re-locked by US luggage inspectors.

Each of these (three digit code) locks had a small keyhole for the
master key to open. Obviously there are different key types
(different size, shape, brand) as the locks had numbers like TSA005
tell the officer which key to use to open that lock.

Never seen anything in real world which is such a precise analogon of
a crypto backdoor for governmental access.

Ironically, they advertise it as a big advantage and important feature,
since it allows to arrive with the lock intact and in place instead of
cut off.

This is the point where I decided to have nightmares from now on.

This is why I don't bother with padlocks until I get to the hotel 
room. It is a good idea to slow down the petty thief, but a twist 
tie from a plastic bag will work. I use the nylon straps used to 
hold cable bunches in place. I use many different colors, so it is 
most unlikely that a petty thief would have one handy (black or white 
are very common.

When last I flew they TSA had cut the cable ties. I took the suitcase 
directly to the baggage desk and we examined it together. (Do not 
pile up books in your suitcase. The TSA does not distinguish between 
books and Semtex: it considers both equally dangerous.)


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Judge Hints at Code in 'Da Vinci' Ruling

2006-04-27 Thread David Chessler


Judge Hints at Code in 'Da Vinci' Ruling

LONDON - The judge who presided at the Da Vinci Code copyright 
infringement trial has put a code of his own into his ruling, and he said 
Wednesday he would probably confirm it to the person who breaks it.

Since Judge Peter Smith delivered his ruling April 7, lawyers in London and 
New York began noticing odd italicizations in the 71-page document.

In the weeks afterward, would-be code-breakers got to work on deciphering 
Smith's code.

I can't discuss the judgment, Smith said in a brief conversation with The 
Associated Press, but I don't see why a judgment should not be a matter of 

Italics are placed in strange spots: The first is found in the first 
paragraph of the 360-paragraph document. The letter s in the word 
claimants is italicized.

In the next paragraph, claimant is spelled with an italicized m, and so on.

The italicized letters in the first seven paragraphs spell out Smithy 
code, playing on the judge's name.

Lawyer Dan Tench, with the London firm Olswang, said he noticed the code 
when he spotted the striking italicized script in an online copy of the 

To encrypt a message in this manner, in a High Court judgment no less? 
It's out there, Tench said. I think he was getting into the spirit of the 
thing. It doesn't take away from the validity of the judgment. He was just 
having a bit of fun.

Smith was arguably the highlight of the trial, with his acerbic questions 
and witty observations making the sometimes dry testimony more lively. 
Though Smith on Wednesday refused to discuss the judgment or acknowledge 
outright that he'd inserted a secret code in its pages, he said: They 
don't look like typos, do they?

When asked if someone would break the code, Smith said: I don't know. It's 
not a difficult thing to do. And when asked if he would confirm a correct 
guess to an aspiring code-breaker, he said, Probably.

Tench said the judge teasingly remarked that the code is a mixture of the 
italicized font code found in the book The Holy Blood and the Holy Grail 
_ whose authors were suing Dan Brown's publisher, Random House, for 
copyright infringement _ and the code found Brown's The Da Vinci Code.

Authors Michael Baigent and Richard Leigh had sued Random House Inc., 
claiming Brown's best-selling novel appropriated the architecture of 
their 1982 nonfiction book, The Holy Blood and the Holy Grail.

Both books explore theories that Jesus married Mary Magdalene, the couple 
had a child and the bloodline survives, ideas dismissed by most historians 
and theologians.

The Da Vinci Code has sold more than 40 million copies _ including 12 
million hardcovers in the United States _ since its release in March 2003. 
It came out in paperback in the United States earlier this year, and 
quickly sold more than 500,000 copies. An initial print run of 5 million 
has already been raised to 6 million.

Since the judgment was handed down three weeks ago, Tench said it took 
several weeks _ and several watchful eyes _ to catch the code. Now, London 
and New York attorneys are scrambling to solve it.

I think it has caught the particular imagination of Americans, Tench 
said. To have a British, staid High Court judge encrypt a judgment in this 
manner, it's jolly fun.

I'm definitely going to try to break the code, said attorney Mark 
Stephens, when learning of its existence.

Judges have been known to write very sophisticated and amusing judgments, 
Stephens said. This trend started long ago ... one did a judgment in 
rhyme, another in couplets. There has been precedent for this.

It adds a bit of fun of what might have been a dusty text, he said.

On the Net:


A service of the Associated Press(AP)


*** FAIR USE NOTICE. This message contains copyrighted material the use of 
which has not been specifically authorized by the copyright owner. This 
Internet discussion group is making it available without profit to group 
members who have expressed a prior interest in receiving the included 
information in their efforts to advance the understanding of literary, 
educational, political, and economic issues, for non-profit research and 
educational purposes only. I believe that this constitutes a 'fair use' of 
the copyrighted material as provided for in section 107 of the U.S. 
Copyright Law. If you wish to use this copyrighted material for purposes of 
your own that go beyond 'fair use,' you must obtain permission from the 
copyright owner.

For more information go to:


The Cryptography 

USATODAY.com - EU needs more time for biometric passports

2005-05-20 Thread David Chessler
So much for the US government's big rush to get them done this year, to the 
extent that they haven't thought out the implications of the RFID chip 
(although they realize they should call it anything but RFID, because the 
acronym RFID is a magnet for animosity).


EU needs more time for biometric passports
BRUSSELS, Belgium (AP) — The European Union on Wednesday told the U.S. 
Congress the bloc needed another year to implement new U.S. rules on secure 
biometric passports, which include a computer chip with data such as a 
digital photo of the passport holder.

EU justice and interior ministers had said last year they would meet this 
year's Oct. 26 deadline. But only six of the 25 EU countries Belgium, 
Finland, Luxembourg, Germany, Austria, and Sweden will be ready to issue 
biometric passports by that date.

After Oct. 26, citizens from 27 visa-exempt countries will have to apply 
for a visa or have a biometric passport.

The EU's Justice and Home Affairs Commissioner Franco Frattini wrote on 
Wednesday to James Sensenbrenner, head of the U.S. House of 
Representative's Judiciary Committee that although the bloc had made 
substantial progress, it would require more time, until Aug. 28, 2006, to 
introduce the new passports.

Despite all the progress ... we would urge the Congress to consider a 
second extension of the deadline, Frattini said in the letter. The United 
States had already extended the original Oct. 26, 2004, deadline by a year.

Frattini said the issuing of similar U.S. passports was also experiencing 
a certain slippage due to problems in adapting the new technology to 
passports. Japan also will be unable to meet the U.S. deadline, officials said.

So-called biometric features can reduce patterns of fingerprints, irises, 
voices and faces to mathematical algorithms that can be stored on a chip or 
machine-readable strip. EU countries also want to include a fingerprint on 
the chip.

Despite all the progress made ... in reinforcing the security of passports 
you are surely aware that critical aspects of the biometric technology, 
such as data security and interoperability of reading devices, are still 
being finalized, wrote Frattini.

Frattini said the EU shares the view of the United States that more secure 
travel documents are an important tool in the fight against international 
crime and terrorism.

The United States is urging European countries to have new biometric travel 
documents in place as part of its tighter border security checks following 
the Sept. 11, 2001, terrorist attacks.

All new U.S. passports issued by the end of 2005 are expected to have a 
chip containing the holders' name, birth date and issuing office, as well 
as a a photo of the holders' face. The photo is the international standard 
for biometrics, but countries are free to add other biometrics, such as 
fingerprints, for greater accuracy.

Also Wednesday, the EU head office released a report on the impact of using 
biometrics, which said more large-scale field trials were needed to ensure 
the new technology worked properly. It also urged governments to ensure 
safeguards for privacy and data protection in the use of biometric data.

Copyright 2005 The Associated Press. All rights reserved. This material may 
not be published, broadcast, rewritten or redistributed.

Links referenced within this article

Find this article at:
*** FAIR USE NOTICE. This message contains copyrighted material the use of 
which has not been specifically authorized by the copyright owner. This 
Internet discussion group is making it available without profit to group 
members who have expressed a prior interest in receiving the included 
information in their efforts to advance the understanding of literary, 
educational, political, and economic issues, for non-profit research and 
educational purposes only. I believe that this constitutes a 'fair use' of 
the copyrighted material as provided for in section 107 of the U.S. 
Copyright Law. If you wish to use this copyrighted material for purposes of 
your own that go beyond 'fair use,' you must obtain permission from the 
copyright owner.

For more information go to:

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Reuters -- British Firm Breaks Ground in Surveillance Science

2005-03-20 Thread David Chessler

British Firm Breaks Ground in Surveillance Science
Mon Mar 14, 2005 08:08 AM ET
By Mark Trevelyan, Security Correspondent
MALVERN, England (Reuters) - The suicide bomber clips a shrapnel-filled 
belt around his waist and buttons up his jacket to conceal it.

As he turns back and forth in front of a semi-circular white panel, about 
the size of a shower cubicle, a computer monitor shows the metal-packed 
cylinders standing out clearly in white against his body.

This is no real security alarm: it's a demonstration at the British 
technology group QinetiQ of a scanning device that sees under people's 
clothes to spot not just metal but other potential threats like ceramic 
knives or hidden drugs.

The electromagnetic technology, known as Millimeter Wave (MMW), is just one 
aspect of a potential revolution in security screening being pioneered at 
QinetiQ, formerly part of the research arm of the British defense ministry.

Actually, detecting a suicide bomber in the lobby of an airport is not a 
great thing to happen, Simon Stringer, new managing director of QinetiQ's 
security business, says with British understatement.

It's slightly better than having him do it in the departure lounge or 
perhaps on the plane, but you're still doing to have to deal with a 
significant problem.

That's why, he says, the trend for the future will be to move the scanners 
outside the terminal building and operate them in stand-off mode -- 
checking people from a distance before they even set foot inside.

The advantage is obvious: to spot potential attackers without alerting them 
to the fact, and gain precious seconds for security forces to prevent an 

Another prospect in store for air travelers is hyperspectral sensing that 
will check for chemicals called pheromones, secreted by the human body, 
which may indicate agitation or stress.

People under stress tend to exude slightly different pheromones, and you 
can pick this up ... There are sensing techniques we're working on, 
Stringer said.

The stress may have an innocent cause, such as fear of flying, but could 
also betray the nervousness of a potential attacker. The point is to alert 
security staff to something unusual that may need further investigation.

As with MMW, the technology could function at a distance and without the 
need for people to wait in line. By conducting such checks while people are 
approaching the airport and moving through it, authorities could avoid 
bottlenecks and queues.

As the passenger proceeds through the terminal, the next layer of 
surveillance could be carried out through cognitive software which 
monitors his or her movements and sounds a silent alarm if it picks up an 
unusual pattern.

Someone who's been back in and out of the same place three times or keeps 
bumping into the same people might be something that's worthy of further 
investigation ... I think that's really the sort of capabilities we're 
going to be looking at, Stringer said in an interview.

While many of these technologies are still under development, others have 
already been rolled out to clients by QinetiQ, which made group operating 
profit of 28 million pounds ($53.9 million) in the six months to last 

Millimeter wave, for example, has been tested at airports and, in a 
different application, is being used by British immigration authorities and 
Channel Tunnel operator Eurotunnel to detect illegal immigrants trying to 
enter the country as stowaways in the back of trucks.

Stringer says the potential market for MMW runs into the hundreds of 
millions of dollars and goes well beyond the transport sector.

We're spending quite a lot of time talking to multinationals who want to 
establish perimeter security systems around plant, installations and 
buildings, he said.

QinetiQ -- owned 30 percent by private equity group Carlyle and 56 percent 
by the British government -- expects rapid growth for its security business 
as it gears up for a stock market launch.

But how will ordinary people embrace the prospect of surveillance 
technology that sees through their clothes, checks how much they're 
sweating and tracks their airport wanderings between the tax-free shops and 
the toilets?

Stringer acknowledges that some might see this as George Orwell's Big 
Brother come true. There are always going to be issues of privacy here and 
they're not to be belittled, they're important.

But he says smarter technology will actually make the checks less intrusive 
than those now in standard practice, such as being searched head to foot 
after setting off a metal detector alarm.

Personally I find that more irritating than the idea of someone just 
scanning me as I walk through, he said.

You're under surveillance in airports anyway. What you're 

Re: Clipper for luggage

2003-11-17 Thread David Chessler
At 03:00 PM 11/16/03, peter gutmann wrote:
Bill Frantz [EMAIL PROTECTED] writes:

I usually travel with zipper closed duffel bags.  I fasten the zipper
with a screw link.  Anyone can unscrew the link and get into the bag,
but it
does effectively keep the zipper closed in transit.  I suppose it also
provides some level of security because someone wanting to do a quick
from luggage will probably pick a less-secured piece.

Whentrue locks are banned, that's actually a rather good protection 
mechanism, constituting a type of hashcash for luggage.  Someone who's 
looking for targets of opportunity and has a choice between a 
Clipper-locked container they can get into almost unnoticed in 5 seconds 
or something where it'll take a minute or two of obvious fiddling will 
presumably go for the Clipper-lock. Just don't go overboard with those 
custom foot-long screw machined locks.
TSA had been recommending electricians cable ties made of nylon. The 4 (10 
cm) or 8 (20 cm) sizes work well in most zipper-type locks. They can't 
easily be removed without cutting them. I had improved the ties by using 
colored ones (available at most electrical supply houses and better 
hardware stores), so that there would be clear evidence of entry. For 
further security I dropped a bit of colored sealing wax on each cable tie. 
On a longer trip I have to carry spare cable ties. I made sure not to have 
spares of the color I used on each leg. I also tried to carry the spare 
cable ties and spare sealing wax (several colors) in my carry-on (or my 
pockets). These can easily be cut with fingernail clippers, which are now 
legal to carry, and which can also be carried in an unlocked pocket on 
the checked bag.

For some years, numbered one-use nylon or plastic ties have been available 
in luggage supply stores. These also have to be cut or broken to open the 
suitcase, and they cannot readily be replaced because the serial numbers 
are unique.

None of these totally prevent theft, but any lock that can fit through most 
zippers can easily be cut with a short 12-inch bolt cutter (30 cm long), 
that can be bought for $10 at Sears or most hardware stores, and that will 
fit in the pockets of most work-clothing. (Indeed, it can probably be cut 
with an 8 (20 cm long) diagonal cutting pliers (or electricians pliers).) 
Given the lax security in the back areas of the airports, it's easy enough 
for the baggage handlers to have cutting instruments. But, if the object is 
to be able to tell immediately that the suitcase has been opened, and so 
file a claim, they will work.

Indeed, if all you have to do is slow down a thief, then a twist tie or 
the plastic seal from a garbage bag can be used to seal the lock.

Hard-sided luggage is more difficult to lock in this way. However, the 
plastic cable ties are available in lengths up to about 48 (120 cm). These 
can be passed around the bag and tightened (if necessary, two or more can 
be linked together). Since these are not available in colors, and are too 
big to be convenient in carry-ons (and might invite queries since they are 
the same things that police use as handcuffs), the lock portion should be 
sealed with sealing wax. 

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]