I mean, a machine that doesn’t boot has a much higher chance of striking someone as suspicious than a machine that boots into a generic looking Windows install. The former wouldn’t even require a functional hard drive. If I were an airport inspector, the first thing I’d do with a machine that didn’t boot past BIOS boot would be to rip out the hard drive and make sure it wasn’t a bomb.

The goal is for your machine to look as completely normal as possible. Attracting any attention at all is bad.

Great posting, two quick comments :

(1.) Canadian Border Services is just as bad – if not worse than – DHS, in terms of the “you have no rights, we can inspect every last bit and byte of the data on your laptop and there’s nothing you can do to stop us”.

The average Canadian is just as apathetic and ignorant about privacy and security as is the average American, they all will happily believe the old lie “if you don’t have anything to hide, you have nothing to worry about, when we image your laptop”, if this is told to them by an authority figure (like Bush, Obama or Canadian Prime Minister Stephen Harper).

The point is, make sure that you secure your laptop before you enter Canada, as well as when you leave it.

(2.) Although your measures are excellent, remember that some border guards will automatically assume that “you’re trying to hide something” if you can’t fire up your laptop and log in to it, for them. So I would recommend an alternate approach : simply set up a “dummy” account on your laptop that has nothing but recipes, documents named like “WHY I LOVE THE DHS.DOC” and so on, in its “home” (or “My Documents”) folder… then log in to that account when the Border Gestapo demand it.

Meanwhile, of course, your REAL account’s data is robustly encrypted. Sure, the Border Gestapo could theoretically image it, but they could do that anyway, with your whole hard drive. Besides, most border guards are idiots, they have no idea that you can have multiple accounts on the PC (you may have to find a way to hide the account names from the GNOME login screen), and even if they do detect these, you can simply say, “sorry these are for other people, I don’t even know the password for them”. (Why not create a few dummy accounts and then forget the passwords for these? That way it’s not a lie.)

Know your enemy. They’re on a power trip “because they can”, but they’re stupid. Play to their weaknesses, not their strengths.

When traveling, keep the USB stick on your person. If you are worried about going through customs, just back it up securely online. Don’t bring it with you through customs. Either bring a brand new stick in its packaging, or buy one when you arrive. Boot to a live CD (or honey pot OS) and recreate the bootable USB stick.

The USB stick would contain an encrypted copy of the key that encrypts your hard disk. An attacker would not only need a keylogger to get the password that decrypts your key, but sniff the USB traffic to obtain a copy of the encrypted key. (You would be more vulnerable while recreating the USB stick since you would be entering the passwords in order to download the copy of the encrypted USB stick, insert one time pad here for the truly paranoid).

When traveling, keep the USB stick on your person. If you are worried about going through customs, just back it up securely online. Don’t bring it with you through customs. Either bring a brand new stick in its packaging, or buy one when you arrive. Boot to a live CD (or honey pot OS) and recreate the bootable USB stick.

The USB stick would contain an encrypted copy of the key that encrypts your hard disk. An attacker would not only need a keylogger to get the password that decrypts your key, but sniff the USB traffic to obtain a copy of the encrypted key. (You would be more vulnerable while recreating the USB stick since you would be entering the passwords in order to download the copy of the encrypted USB stick, insert one time pad here for the truly paranoid).

I set up my partitions with dm-crypt root partition, a swap partition that’s randomly encrypted using /dev/urandom in /etc/fstab, a home partition for my “real” user account, and the rest of the drive is mounted when I want it with TrueCrypt.

When I set up the system, I create a first account that has its home directory on the root partition, with the password the same as the boot-up dm-crypt password on the root. Then, I put some “normal” files in that account’s Documents folder, and use it to set up my “real” account, which auto-mounts its separate partition (using pam-mount) as its home directory, and give it a much stronger password. Then I wipe the bash_history for the “fake” account. I also shut off the default account list on the GDM login screen. Finally I change /tmp to be a RAM disk that gets recreated every boot cycle.

So now, if I’m asked to boot, I put in the root partition dm-crypt password and choose the “fake” account to log in with, using the same password. The system comes up and the only thing mounted is the root partition with my “fake account” files in its home directory. Looks fine to anything but the most detailed examination, which you won’t get from a TSA agent with no clue, he just wants to see the system up and running.

I think this is much better than saying “my laptop is broken”, which is more likely to arouse suspicion. It hasn’t been put to the test as yet, though, because I don’t really travel internationally any more. If you’re REALLY worried, I would use the “fake” account occasionally to surf so there’s some Web history for the agent to look at.

All this is a far cry from back in 1995 when I traveled the world with a gym bag full of computer tapes that had to be hand-inspected and nobody ever said boo about, though! Pretty sad world we live in these days.

@Martin How would you modify the bootloader, so it boots into an unused operating system by default without attracting the attention that another operating system could be installed? I’ve tried this with GRUB, but have failed at every pass.

@Janne That was basically Schneier’s suggestion.

Put a new but cheap drive in it, install the default os, and then only add the public data (your presentation for instance) that you need for the trip. No personal info, no passwords, no confidential or non-public data of any kind.

Then leave it password unprotected, with no encryption or anything. Completely open, easily accessible, but without any data of any value whatsoever. And since it’s an old, crufty piece of semi-junk, it doesn’t even matter if someone is daft enough to steal it since the hardware is worthless and easy to replace anyhow.

Anything non-public you need to get access on the road, you do through ssh or similar to your real machine safe at home. And if you lose the old laptop, you have an otherwise clean memory stick with the public data you need with you (for presentations, bring it in odb, ppt and pdf formats, and any movie clips as separate files), something you should have in any case.

Make sure you really have nothing at all to hide, and nobody can argue with you when they come away empty-handed.

@Tony Yarusso Tomato tomahto.

@YaManicKill Well, that depends on the BIOS. Some passwords won’t prevent the system from booting, others only prevent modifications to the BIOS or boot order. So, it may or may not get rid of the evil maid attack depending on your BIOS configuration.