[mortov]

I guess you need to make sure your devices are wiped or left at home.

A backup just means you have your own copy of what just got taken off you at the border for no good lawful reason.

Having my own copy would not reassure me of much.

[lambda]

Or make sure that they have full-disk encryption and are cold shutdown when you cross the border.

While jurisprudence is still a bit fuzzy on this (it has flipped back and forth on a few appeals in a few separate cases, and never been conclusively decided by the Supreme Court), there have been ruling upholding the fact that you can't be forced to hand over your password due to the fifth amendment, unless the Government can already show that they know via other means that you have incriminating files on there.[1]

On the border, you would probably be safe from mandatory disclosure of your password without the border patrol getting a court order, and of course the whole point of this complaint is that the government is using border crossing as an end-run around the courts, being able to do searches that a court wouldn't otherwise approve.

So, using full-disk encryption that you trust, on all electronic devices that you carry, and making sure that they are cold shutdown, is probably sufficient. You should of course have a backup as well, as the border patrol may impound your devices while they try to decrypt them.

All in all, how much effort we have to do to defend ourselves from our own government is getting ridiculous. I don't know how to convince the American public of this, but we are not only violating the privacy of tons of people, but killing people who choose to drive rather than fly[2] due to the excess hassle that our "security" systems provide.

1: https://en.wikipedia.org/wiki/Key_disclosure_law#United_Stat... 2: https://www.schneier.com/blog/archives/2013/09/excess_automo...

[chiph]

Even with full-disk encryption, an image will be made of the drive, and the government will keep a copy on the chance that the password will be revealed later. Or the algorithm gets broken/weak enough at some point in the future.

[toomuchtodo]

Silly question.

Let's assume you have a device like a Macbook Pro or a Macbook Air, where you can't physically remove the drive without ungluing the device. You hotrod the firmware so only trusted USB devices with a specific encryption key are permitted to connect. How would the drive be imaged?

[lambda]

Thunderbolt target disk mode: http://support.apple.com/kb/PH3838

Perhaps you could solve this by "hotrodding" the firmware, but it's not particularly obvious how you could do that without risking bricking your laptop.

[toomuchtodo]

Perhaps Apple needs to require a password to boot off USB or to access target disk mode.

[Torgo]

It's too bad the newer Macbook Pros don't come with ExpressCard slots anymore. I used to boot off a fast SSD expresscard. No disadvantages at all, other than the card ran hot. Remove the internal drive and when you pop out the Expresscard, much lower attack surface.

[andrewpi]

After the past week's NSA revelations, just what full disk encryption system should we be trusting? I think it's fair to assume that any commercial implementation is compromised.

[lambda]

[TrueCrypt](http://www.truecrypt.org/) or [dm-crypt](https://en.wikipedia.org/wiki/Dm-crypt) are both open source (technically, TrueCrypt has source available but doesn't meet the definition of an open-source license, though there's some debate on that point), and thus publicly auditable.

Also, I'm less worried about FDE being vulnerable to Border Patrol than about, say, SSL vulnerabilities across the whole network. The plausible deniability, which they would need to use to protect their sources if they found information, is a lot lower if you know you have been stopped and your laptop searched, rather than just tapping all internet traffic so you don't even know when you've been searched. Mac OS X's File Vault 2 and Windows's BitLocker are probably sufficient if if you aren't particularly paranoid about being individually targeted for something big, but I would be more inclined to trust the open solutions.

[rdl]

I FDE (on macs, FileVault 2 is by far the easiest, even though Apple is one of the more likely backdoor providers), but I also don't keep anything sensitive on it.

If seized at the airport, it provides a useful bit of information on whether they can break filevault 2. It seems implausible they would even if they could without a "plausible non-cryptographic alternative".

[willbill]

Moxie Marlinespike of WhisperNet has explicitly said that he leaves his devices at home when traveling because of this.