Reply From: Vin McLellan <vinat_private> The new UK Government policy -- "Computer hard disc scanning by HM Customs & Excise" -- has just been announced as "What's New" on the UK's "Open Goverment" website: http://www.open.gov.uk/customs/discscan.htm "Scanning for porno" at the UK border, as it has been described, entails _copying_ the traveller's hard-disk and then scanning for whatever. British spokesmen are trying to make the point that nothing bad could be happening since all this takes place in the presence of the traveller, and with the traveller watching -- but, whatever the procedures, it is probably impossible to distinguish between scanning a computer's disk and copying that disk if officialdom controls the process. It is also predictable that "national security" agencies -- particularly those whose overt or covert charters require them to produce commercial intelligence -- will quickly seize upon such a fortuitous opportunity to collect full-disk snapshots from travelling executives' laptops. Cheaper than a satellite by far, and perhaps as useful as many. Primitive techie evasions -- even some of the less sophisticated stego packages -- could be fairly quickly spotted with some upgrade of the systems used to copy and scan laptop hard-disks at Customs posts and border crossings. (In many cases, it might be found to be in the "national interest" to let the visitor skip through Customs, the better to exploit information that could be later retrieved from that copy of his hard-disk. Immigration authorities typically have high-grade info on who is carrying that PC; even what company he or she works for.) Remote access passwords would be treasures that might be readily available from temp and swap files, captured in snapshots off many businessmen's machines. Although UK Customs apparently demands, or intends to demand, passwords for encrypted files... even if the businessman refuses, many -- indeed most -- desktop crypto packages (particularly in Windows machines,) are said to capture crypto keys in either or both swap files and temp files. Unless this UK policy is quickly shown to have a significant impact on the willingness of international businessmen to enter the UK to do deals, I think we can expect many other nations to quickly follow suit -- in pursuit of both porn and commercial intelligence which might give their domestic industries, bankers, or traders some advantage. Copying and scanning the hard disks of travellers and businessmen leaving a country might be an easy extension of this policy, since many countries have laws about what can not be taken out of the country too. The upshot, I presume, will be to thrust more transborder data traffic -- most of it wholly legal, commercial, traffic -- encrypted into Cyberspace... where snoops and spooks have a far more difficult time tracking who is sending what to whom. Ain't paranoia grand? _Vin -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:04 PDT