[drvdevd]

Right. The best scheme requires no bravado. You should be able to tell the truth:

1) use FDE with a LUKS-like scheme where the encryption header can be backed up and then removed (making sure you can restore it at your destination somehow).

2) Destroy the header before travel. Carry live media if you need to use the machine while traveling but keep it minimally provisioned (nothing personal on there).

3) Your machine essentially now contains random data (even to you), perhaps except the partition table and/or boot parition(s). Tell the authorities that you "fill your hardisk up with random data before traveling in case of theft."

This is a true statement because: a) without the LUKS header your own data is essentially random, even to you and b) the scheme does protect your data in the event of theft.

Thus you can safely utter it with no bravado.

An even better scheme would use verified boot of some kind so that if the device is confiscated and returned, and its critical to you, you may have some way of proving the boot loader hasn't been tampered with. But I can't speak as to the difficulty of this.

[throwawayish]

It's just such a moot point.

If you have relevant data, then you simply don't cross borders with a device containing such data (or with a computer at all). This is just common sense. This "plausible deniable encryption at the border" nonsense is just a cryptonerds imagination.

[tristanj]

This sounds cool when you are the one doing all the talking, but when the border agent asks a simple question such as,

Do you have personal data on this device?

and you answer No (when you really do), then you're looking at 5 years in prison under §1001(a)(2). https://en.wikipedia.org/wiki/Making_false_statements

[vinceguidry]

You'd have to give them a reason to arrest and charge you first.

[bigbugbag]

You are at the US border asking for entry, unless you're a US citizen you basically have no rights and gave them a reason to arrest you.

[vinceguidry]

They don't just arrest everybody with no rights.

[raarts]

What if it's empty?

[tristanj]

Then you can answer in a way that doesn't violate §1001(a). Honestly though, I don't think the scheme is smart in the first place because it can put you in trouble if authorities question you.

A much better method I have heard is to ship your electronics beforehand, travel with only a burner cellphone, then pick up the electronics after you arrive. Repeat when traveling out of the country.

[rocho]

But then you have a huge problem if the shipment is damaged or delayed. I think the best way is to upload encrypted data somewhere and retrieve it after entering the country.

[drvdevd]

I think this is probably correct. But I would be sure to encrypt my device before mailing it too.

[semi-extrinsic]

> Tell the authorities that you "fill your hardisk up with random data before traveling in case of theft."

Better yet, tell them your laptop broke while in the airport before boarding the plane, and you are going to buy a new harddisk/get it serviced when you arrive at your final destination. Much more plausible.

[tristanj]

> tell them your laptop broke while in the airport before boarding the plane, and you are going to buy a new harddisk/get it serviced when you arrive at your final destination

It's a felony to make false or deliberately misleading statements to U.S. border agents. Unless your laptop actually broke while in the airport, performing the scheme you described is a felony.

[drvdevd]

And as in the original "scheme" -- this is a question of technicalities and (perhaps only if you're a US citizen, perhaps not), whether or not the authorities in question are willing to take it to trial and prove that you "lied".

If you removed a key header which is crucial to the operation of your device in the airport, then the question is whether you can legally say, "my laptop broke in the airport," even if it was you who deliberately broke it.

This also covers the case of the question, "Does this device contain personal data?" To which you can truthfully answer, "Yes."

The point, in my original scenario also is not to lie, but to simply avoid being able to provide access under duress.

[semi-extrinsic]

Sure, just as the scheme described in the post I was replying to. In both cases it's assumed that the lie is undetectable, by virtue of properly encrypted data being indistinguishable from random noise, and of the scheme not being shared with anyone else nor written down.

[hx87]

...and how would they prove that, or even suspect it in the first place?

[hollander]

Still you aren't telling the truth when you say that you filled the harddisk with random data. Without headers the data is random, but you have a backup. Where do you keep that? Is it somewhere in the cloud where you can download it to restore it when in the US? If they really don't trust it, and keep you for several days (I don't know if this is possible without other offenses), at what point will you break and tell just to get away? How strong are you when you're there all alone and haven't really done anything?

Why not whipe the disk and enter with a clean system if it's so critical?

[drvdevd]

I agree - basically. The scheme is designed to be a half truth essentially. One that you can mentally convince yourself of in a tight situation, which would relieve you somewhat of the need to be "tough", psychologically speaking. At least for a while, anyway.

wrt giving up the key under extended duress, I was thinking the same thing and aside from simply wiping the disk I can think of another scheme that might serve you well: give the header to a trusted 3rd party who could simply be the one actually controlling access to your data. Your lawyer for example.

[hollander]

If you give it to your lawyer, it's still half truth, and still you can break and call him to mail the headers to you. If this is so important, setup a server that you control with your data encrypted on it, and enter the US with a clean Ubuntu system, or even a Chromebook with a fresh account.

[coldtea]

>3) Your machine essentially now contains random data (even to you), perhaps except the partition table and/or boot parition(s). Tell the authorities that you "fill your hardisk up with random data before traveling in case of theft."

Sounds like a sure-fire way to get them to harass you more and pay closer attention to yourself.

[drvdevd]

Yeah perhaps this is not the best hypothetical response...

I still believe there is a way to adjust such an encryption scheme to meet the ideal criteria:

1. you're not lying 2. you can't provide access 3. you're not drawing extra attention to yourself

[rdslw]

If this is what happens, then this is not a free country. There is a border where you must stop in harassing your own citizens under the pretext of security.

[coldtea]

Few countries (if any) are really free.

[bigbugbag]

> Tell the authorities that you "fill your hardisk up with random data before traveling in case of theft."

And you just made yourself a suspicious person to be further questioned and searched, while probably committed an offense that could send you to jail.

[drvdevd]

But again - the point is not to lie, technically and thus avoid commiting an actual offense. If your data is important enough to you, you probably will want to consult your lawyer before attempting such a scheme :)