A Site for Photographers by Photographers

Community > Forums > News > Newspaper/Magazine article > Travellers beware--again!

Travellers beware--again!

Nick Sanyal , Jun 27, 2008; 12:50 p.m.

Bad news for travelers:



    1   |   2   |   3   |   4   |   5   |   6   |    ...     Next    Last

Matt Laur , Jun 27, 2008; 01:10 p.m.

Definitely one of several good arguments for burning your overseas image files to DVD and posting copies of them back to yourself in advance of passing again through airports, baggage handling, customs, etc.

It will be interesting to hear what comes up in the hearings mentioned in the article. Congress has the ball, in terms of further clarifying what the long-standing authority to inspect baggage really means, when it translates to the hundreds of GB of data that people now routinely carry with them. The papers in your briefcase, the currency in your wallet, etc., have been subject to the same sort of inspection for many years. The advent of very small, huge capacity storage devices has completely altered the landscape. It's sort of like inspecting baggage and finding rolls of microfilm containing thousands of images that no customs agent could possibly, personally see or understand without specialized equipment and the time to actually do the work. So the question is - are any forms of data (microflim, paper, binary data) - as legitimately subject to inspection as the courts have repeatedly said they are? The only way to change that is legislatively. That would be up the legislative agendas set by the leaders of each house of congress. Give 'em a call, if you've got the perfect border control vs. privacy recipe in mind - I'm sure they'd love to hear it.

Michael Christensen , Jun 27, 2008; 01:29 p.m.

The implications of this are broader than merely affecting the rights of airline travelers and shows just how simple laws designed to protect us from terrorism can be abused. TSA inspecting for bomb-making/hazardous materials certainly does not extend to reading your email, acquiring information/personal records from your hard-drive and potentially sharing that information with iintelligence and law enforcement agencies ... or does it?

Matt Laur , Jun 27, 2008; 01:53 p.m.

That's the problem, Michael. As seen with the Khan network (out of Pakistan), detailed information is a type of bomb-making material. Money, likewise, is a such a material... and cryptography (such as large encryption keys ferried on portable storage devices) are central to harder-to-crack over-the-internet bad guy communications channels about finances and logistics. And of course, the days when purveyors of truly nasty child-exploiting wares out of, say, Russia or southeast Asia had to carry video tapes ... those days are long gone. But large MPGs and whatnot can now be deeply encrypted onto portable storage, and hauled around in relative obscurity without having to first transit overseas routers that are more easily traced back to unique IP addresses. When you bury 50GB of such exploitive material in a hidden file on a laptop drive, it can take an IT forensics guy a little while to have his bots sniff it out. Just a couple of examples.

It's certainly not worth fretting about such things (searching-wise) unless you've got some other array of indicators that the person carrying the laptop/storage falls into some profile that merits a look. Tickets bought with a Visa card that tracks back to well-used Russian organized crime front-business accounts... or someone who's just done a 24- hour round trip through Thailand and back, that sort of thing.

I've been singled out in Denver on a domestic flight. Business emergency, with little to go on for planning... so it was a one-way ticket, bought by sheer coincidence with a debit card, and I had no checked bags, plus I have the official IT Guy Long Hair. Red flags galore! I got the special bag check treatment flag for months afterwards... but only on domestic flights. Flying in and out of the country: not a problem. I don't envy anyone the job of having to think about ways to spot the habits or intent or circumstances of some bad actors out of millions of travelers. It would almost be refreshing to go back to the quaint old days when just risking a hijack detour to Cuba were all that one had to consider.

Nick Sanyal , Jun 27, 2008; 02:59 p.m.

"TSA inspecting for bomb-making/hazardous materials certainly does not extend to reading your email, acquiring information/personal records from your hard-drive and potentially sharing that information with iintelligence and law enforcement agencies ... or does it?"

That's the scary part "..or does it?"

Nobody knows, nobody tells, very few question! One more freedom is captive.

Rainer T , Jun 27, 2008; 04:55 p.m.

-- "...and cryptography (such as large encryption keys ferried on portable storage devices) are"

There is absolutely no need to move large encryption keys (aka one-time-pads) arround. Just use a 2Kbit key (or 4Kbit key if you're paranoid) for the typical asymetric encryption and you can be save that noone will be able to crack your stuff in any reasonable time. (The largest public key that was brocken by a brute force attack on thousands of machines working in parallel was obout 650 bits long (each bit is doubling the afford to be made)). Reasonable time is in that case many many many years (eventually longer than you live).

And also using asymetric encryption, there is absolutely no need to move the (private) key at all. You just publish your public key on the internet.

Also, (on the front of symetric cryptography), 3des and aes256 are regarded as "save for use", and their keylength is 168bits and 256bits.

Matt Laur , Jun 27, 2008; 06:17 p.m.

I'm simplifying a bit, Rainer. It's not like we're talking about hard drives full of huge keys. We're talking first and foremost about keys moving around courier-style, sometimes with, and sometimes without additional payload.

But with keys - even just a couple kb of hash - the main thing is to get it to the other people who will need it (to encrypt communications with them) without any chance of that delivery being picked up by a man in the middle. There's a reason that diplomatic couriers carry disk drives to and from overseas embassies... and a reason that bad guys do the same. The Al Queda IT guy they picked up in Pakistan a couple years back had a laptop that was a treasure trove of keys, IM trails, VoIP targets, steganographic tools, and good ol' spreadsheets with org charts. A huge find, and just the tip of the iceberg.

Walter Degroot , Jun 27, 2008; 06:48 p.m.

times have changed. we have to takle this seriously. I, Too would like to see things like they were in the "good old days" but there are nutcases ouit there who feel it is their goal in life to destroy western civilization.

The Good, Calm, and Peaceful Muslims and America have not spoken out against these evil prople. Perhaps they are more afraid then we are. Many are here because it is not safe in their homeland.

When we talk about Rights & Freedoms we must take into account that these evil folks take advantage of this to do their dirty work.

Michael Harris , Jun 27, 2008; 06:55 p.m.

We should ban the entire internet then if you're worried about embedded jpgs.

Michael Harris , Jun 27, 2008; 06:58 p.m.

I meant mpgs and think of all the terror that could have been spread with the Paris Hilton video.

    1   |   2   |   3   |   4   |   5   |   6   |    ...     Next    Last

Back to top

Notify me of Responses