Laptops Seized - PGP

This is a discussion on Laptops Seized - PGP ; In the Business section of today's Los Angeles Times (4 November), there is an article "Laptop seizure raises concerns over firms' data". The subhead is "Travel managers worry about what can hapen to proprietary information at customs". See . (I ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Laptops Seized

  1. Laptops Seized

    In the Business section of today's Los Angeles Times (4 November), there
    is an article "Laptop seizure raises concerns over firms' data". The
    subhead is "Travel managers worry about what can hapen to proprietary
    information at customs".

    See
    .
    (I don't know how long this link will remain valid. If it's 404, do a
    search at on "laptop".)

    Another reason to use PGP.

    --

    David E. Ross


    I use Mozilla as my Web browser because I want a browser that
    complies with Web standards. See .

  2. Re: Laptops Seized

    > In the Business section of today's Los Angeles Times (4 November), there
    > is an article "Laptop seizure raises concerns over firms' data". The
    > subhead is "Travel managers worry about what can hapen to proprietary
    > information at customs".


    > Another reason to use PGP.



    Well in the UK if the police ask you for your encryption keys and password
    you must
    surrender them or face prison (2 years), so there are cases in which not
    even PGP
    will help you if the authorities seize your laptop, they sure will not be
    able to crack
    open your secrets (financial information, personal mail, etc...) but you
    will get
    sent down as a punishment.


    I wish PGP would implement a steganography system like the one in
    Truecrypt, where
    users can safely give out the password if under duress but there is a
    second hidden
    container that can not be detected. I highly reccomend this system for
    people living in
    the UK who fear a corrupt policeman may demand the encryption keys that
    hides all the
    company information. (http://www.truecrypt.org)
    --

    Mapping the Internet 24/7: http://www.netdimes.org

  3. Re: Laptops Seized

    On Thu, 09 Nov 2006 11:06:35 -0000, Macarro wrote:

    >Well in the UK if the police ask you for your encryption keys and password
    >you must surrender them or face prison (2 years), so there are cases in which not
    >even PGP will help you if the authorities seize your laptop, they sure will not be
    >able to crack open your secrets (financial information, personal mail, etc...) but you
    >will get sent down as a punishment.


    >I wish PGP would implement a steganography system like the one in
    >Truecrypt, where users can safely give out the password if under duress but there is a
    >second hidden container that can not be detected.


    Is TrueCrypt a steganography program? I was under the impression that
    it was used for filesystem encryption. At any rate, as much as I love
    PGP I feel like this is a case of matching the program with the use.
    PGP is great for sending messages and files securely over inherently
    insecure transmission channels (such as SMTP), but it seems like there
    are far better options out there when you're talking about securing
    data that is intended to reside on a single host. Yes, the nested
    container concept with multiple keys that provide plausible
    deniability is a great thing. But I was a bit uncomfortable when PGP
    began to expand into volume encryption in the first place. It's a
    great program that excels at securely transmitting information over
    untrusted networks, and I'd rather let it be that. I can't help
    feeling that adding more bells and whistles to the program shifts
    emphasis away from its primary function, and that while far better
    solutions for filesystem encryption already exist. I suppose I'm a
    traditionalist in that sense: I like my programs to be small and
    specific.

    Though if you extended that concept a bit and started talking about
    incorporating plausible deniability into the message encryption--say,
    having one secret key passphrase decrypt an e-mail to an innocuous
    plaintext defined when the message was composed, and the "real" key
    decrypt to the message itself--well, that would just be the bee's
    knees.

  4. Re: Laptops Seized

    On Thu, 16 Nov 2006 04:44:00 -0000, Nicholas Chapel
    wrote:

    > On Thu, 09 Nov 2006 11:06:35 -0000, Macarro wrote:
    >
    >> Well in the UK if the police ask you for your encryption keys and
    >> password you must surrender them or face prison (2 years), so there are
    >> cases in which not even PGP will help you if the authorities seize your
    >> laptop, they sure will not be able to crack open your secrets
    >> (financial information, personal mail, etc...) but you will get sent
    >> down as a punishment.

    >
    >> I wish PGP would implement a steganography system like the one in
    >> Truecrypt, where users can safely give out the password if under duress
    >> but there is a second hidden container that can not be detected.

    >
    > Is TrueCrypt a steganography program? I was under the impression that
    > it was used for filesystem encryption.


    It is both, it hides your files and it hides them in an steganographic way
    inside a hidden undetectable container. (I guess by "filesystem" you mean
    files)

    As much as I like PGP the truth is that if I am forced to give my password
    away Truecrypt will protect me and PGP will not, now probably this is not
    applicable to you because in your country you can not be sent to prison
    unless you commit a crime and refusing to reveal your password is not
    enough to be jailed, so you have no need for Truecrypt then.

    Notice that I am talking about symetric virtual encrypted containers here.

    --

    Mapping the Internet 24/7: http://www.netdimes.org

  5. Re: Laptops Seized

    On Fri, 17 Nov 2006 10:04:23 -0000, Macarro wrote:

    >As much as I like PGP the truth is that if I am forced to give my password
    >away Truecrypt will protect me and PGP will not, now probably this is not
    >applicable to you because in your country you can not be sent to prison
    >unless you commit a crime


    Well, these *are* the days of Bush... What with the Patriot Act I
    think the powers that be have decided to throw that pesky little
    habeas corpus rule out the window. Now you can be 'detained' for any
    length of time in a secret prison without charges so long as you can
    make a flimsy accusation involving suspicion of terrorism. In an era
    when our infinitely wise government has decided that it is above the
    law, I don't think I'd want to take any chances. At least the UK
    government is being *straightforward* about the fact that they'll
    detain people for refusing to give up their encryption keys. This
    side of the pond you can only hope for the best and expect the worst.

  6. Re: Laptops Seized

    David E. Ross wrote:
    > In the Business section of today's Los Angeles Times (4 November), there
    > is an article "Laptop seizure raises concerns over firms' data". The
    > subhead is "Travel managers worry about what can hapen to proprietary
    > information at customs".



    Just don't travel with a laptop. Encrypt everything, get to where you're
    going, SSH it over.



    shg

+ Reply to Thread