You may have heard about the new Homeland Security search rules that basically allow the U.S. government to grab your laptop (or any other digital or analog information carrier) from you upon entering the United States, take it to a location of their choice and read and copy anything off it and share it with anyone of their choice, and keep your stuff for as long as they like.

Do you think I’m kidding? Here’s a quote:

Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

Mitch Wagner over at the InformationWeek blog has a good write-up of the new rules with some interesting links on how to protect your data. I personally think that it’s looking more and more like the Department of Homeland Security is turning the USA into an Orwellian totalitarian state this way, and that the government is using the people’s fear of terrorists to bully the populace into accepting these measures.
What’s even scarier is that it’s also happening here in Europe. Just mention terrorists or national security and you can get close to anything done.

The big question in my mind is: does nobody realise that anyone with a half-decent understanding of security and/or encryption can circumvent these rules? Does anyone anywhere ever seriously believe that terrorists, smugglers or traders in child pornography actually personally carry their data around when travelling? You’d think that they’d understand that the first rule of illicit transport of anything is: avoid the bottlenecks and choke-points (such as airports etc.). I.e.: you go through customs, your stuff goes through an unguarded back door.

A last thought that a friend of mine pointed out today: is the fact that I’m writing and publishing this on-line probable cause for stopping & searching me next time I go to the US? Brrrrr…

UPDATE: Two interesting quotes from the RISK digest. First from an R.G. Newbury:

The worst features of this are that IF you have done the smart thing and
used strong encryption to protect your data, the Customs agent will be MORE
likely to take away your entire laptop for examination… and he will take
your entire laptop, not just the hard drive out of it.

In effect, you have no Fourth or Fifth Amendment rights when crossing the
border into the US. Must scare the living bejusus out of most corporate
counsel and CIO guys.

And another one from Steven M. Bellovin:

It’s worth noting — repeating, actually — that border searches of laptops
are not restricted to the US.  See, for example,
http://news.bbc.co.uk/1/hi/sci/tech/150465.stm which reports on British
policy.  Also note the date: 1998.  I have a different question: which
developed economies have explicit policies saying that they will not search
(the information on) laptops?