(((From Dave Farber's "Interesting People" list, August 3:)))
...you raise, perhaps unintentionally, the more likely (inevitable?)
and interesting controversy: if Customs can search your information stored on physical media at the border without a warrant, why do they need a warrant to search it at the "electronic border" as you transmit the same information it to and from your server when you are abroad?
This is precisely my concern; I blogged about it last month
(http://www.cs.columbia.edu/~smb/blog/2008-07/2008-07-10.html).
The issue of disclosure of keys may also be different. Just as people have no right to conceal physical objects when crossing a border, is there a right to conceal information you are importing or exporting? This is a very different question than ordinary criminal cases.
(((Okay, this is the good part – the Rube-Goldbergian scheme by which the canny globalist legally, or at least semi-legally, encrypts and ships his data by means unknown even to *himself.*)))
I'm starting to think that the only "safe" way to get your laptop into the US
would be to create a VM containing your chosen OS and data and then leave this at home. Travel without a laptop until you arrive at your destination.
At this point you can acquire a machine, generate a keypair and export the public key. A trusted third party then encrypts the VM and makes it available for download, probably with a service like Amazon's S3.
The VM can contain all your actual data contained in encrypted volumes to minimise the risk of having to trust a third party (though this would require transporting a private key inside the VM).
This way you avoid the problem of taking data through the border and also of taking a password through with you. The keys don't exist yet so how could you reveal the password? Nothing carried through and nothing concealed. (((What kind of world have we blundered into, ladies and gentlemen? This makes the late Alexander Solzhenitsyn's samizdat look like a walk in Gorky Park.)))
It's an awful lot of work to get around the risk of border searches (and the associated data grabbing) and skirts around the problem rather than tackling it head-on through legal means. I suspect that there are definite business cases for going to this effort though.
-Gordon Syme
