Laptops Seized

In the Business section of today's Los Angeles Times (4 November), there
is an article "Laptop seizure raises concerns over firms' data". The
subhead is "Travel managers worry about what can hapen to proprietary
information at customs".

See
<http://www.latimes.com/business/la-fi-biztravel4nov04,1,4005880.story>.
(I don't know how long this link will remain valid. If it's 404, do a
search at <http://www.latimes.com> on "laptop".)

Another reason to use PGP.

--

David E. Ross
<http://www.rossde.com/>

I use Mozilla as my Web browser because I want a browser that
complies with Web standards. See <http://www.mozilla.org/>.

> In the Business section of today's Los Angeles Times (4 November), there[color=blue]
> is an article "Laptop seizure raises concerns over firms' data". The
> subhead is "Travel managers worry about what can hapen to proprietary
> information at customs".[/color]
[color=blue]
> Another reason to use PGP.[/color]


Well in the UK if the police ask you for your encryption keys and password
you must
surrender them or face prison (2 years), so there are cases in which not
even PGP
will help you if the authorities seize your laptop, they sure will not be
able to crack
open your secrets (financial information, personal mail, etc...) but you
will get
sent down as a punishment.


I wish PGP would implement a steganography system like the one in
Truecrypt, where
users can safely give out the password if under duress but there is a
second hidden
container that can not be detected. I highly reccomend this system for
people living in
the UK who fear a corrupt policeman may demand the encryption keys that
hides all the
company information. ([url]http://www.truecrypt.org[/url])
--

Mapping the Internet 24/7: [url]http://www.netdimes.org[/url]

On Thu, 09 Nov 2006 11:06:35 -0000, Macarro <any@email.invalid> wrote:
[color=blue]
>Well in the UK if the police ask you for your encryption keys and password
>you must surrender them or face prison (2 years), so there are cases in which not
>even PGP will help you if the authorities seize your laptop, they sure will not be
>able to crack open your secrets (financial information, personal mail, etc...) but you
>will get sent down as a punishment.[/color]
[color=blue]
>I wish PGP would implement a steganography system like the one in
>Truecrypt, where users can safely give out the password if under duress but there is a
>second hidden container that can not be detected.[/color]

Is TrueCrypt a steganography program? I was under the impression that
it was used for filesystem encryption. At any rate, as much as I love
PGP I feel like this is a case of matching the program with the use.
PGP is great for sending messages and files securely over inherently
insecure transmission channels (such as SMTP), but it seems like there
are far better options out there when you're talking about securing
data that is intended to reside on a single host. Yes, the nested
container concept with multiple keys that provide plausible
deniability is a great thing. But I was a bit uncomfortable when PGP
began to expand into volume encryption in the first place. It's a
great program that excels at securely transmitting information over
untrusted networks, and I'd rather let it be that. I can't help
feeling that adding more bells and whistles to the program shifts
emphasis away from its primary function, and that while far better
solutions for filesystem encryption already exist. I suppose I'm a
traditionalist in that sense: I like my programs to be small and
specific.

Though if you extended that concept a bit and started talking about
incorporating plausible deniability into the message encryption--say,
having one secret key passphrase decrypt an e-mail to an innocuous
plaintext defined when the message was composed, and the "real" key
decrypt to the message itself--well, that would just be the bee's
knees.

On Thu, 16 Nov 2006 04:44:00 -0000, Nicholas Chapel
<nicholas.chapel@no.spam.please.duke.edu> wrote:
[color=blue]
> On Thu, 09 Nov 2006 11:06:35 -0000, Macarro <any@email.invalid> wrote:
>[color=green]
>> Well in the UK if the police ask you for your encryption keys and
>> password you must surrender them or face prison (2 years), so there are
>> cases in which not even PGP will help you if the authorities seize your
>> laptop, they sure will not be able to crack open your secrets
>> (financial information, personal mail, etc...) but you will get sent
>> down as a punishment.[/color]
>[color=green]
>> I wish PGP would implement a steganography system like the one in
>> Truecrypt, where users can safely give out the password if under duress
>> but there is a second hidden container that can not be detected.[/color]
>
> Is TrueCrypt a steganography program? I was under the impression that
> it was used for filesystem encryption.[/color]

It is both, it hides your files and it hides them in an steganographic way
inside a hidden undetectable container. (I guess by "filesystem" you mean
files)

As much as I like PGP the truth is that if I am forced to give my password
away Truecrypt will protect me and PGP will not, now probably this is not
applicable to you because in your country you can not be sent to prison
unless you commit a crime and refusing to reveal your password is not
enough to be jailed, so you have no need for Truecrypt then.

Notice that I am talking about symetric virtual encrypted containers here.

--

Mapping the Internet 24/7: [url]http://www.netdimes.org[/url]

On Fri, 17 Nov 2006 10:04:23 -0000, Macarro <any@email.invalid> wrote:
[color=blue]
>As much as I like PGP the truth is that if I am forced to give my password
>away Truecrypt will protect me and PGP will not, now probably this is not
>applicable to you because in your country you can not be sent to prison
>unless you commit a crime[/color]

Well, these *are* the days of Bush... What with the Patriot Act I
think the powers that be have decided to throw that pesky little
habeas corpus rule out the window. Now you can be 'detained' for any
length of time in a secret prison without charges so long as you can
make a flimsy accusation involving suspicion of terrorism. In an era
when our infinitely wise government has decided that it is above the
law, I don't think I'd want to take any chances. At least the UK
government is being *straightforward* about the fact that they'll
detain people for refusing to give up their encryption keys. This
side of the pond you can only hope for the best and expect the worst.

David E. Ross wrote:[color=blue]
> In the Business section of today's Los Angeles Times (4 November), there
> is an article "Laptop seizure raises concerns over firms' data". The
> subhead is "Travel managers worry about what can hapen to proprietary
> information at customs".[/color]


Just don't travel with a laptop. Encrypt everything, get to where you're
going, SSH it over.



shg