[ISN] Re: Encryption is like a locked suitcase

From: mea culpa (jerichoat_private)
Date: Sat Aug 22 1998 - 00:29:16 PDT

  • Next message: mea culpa: "[ISN] Ex-Worker Arrested in Hacker Scheme"

    Reply From: Vin McLellan <vinat_private>
    	The new UK Government policy -- "Computer hard disc scanning by HM
    Customs & Excise" -- has just been announced as "What's New" on the UK's
    "Open Goverment" website: http://www.open.gov.uk/customs/discscan.htm
    	"Scanning for porno" at the UK border, as it has been described,
    entails _copying_ the traveller's hard-disk and then scanning for
    	British spokesmen are trying to make the point that nothing bad
    could be happening since all this takes place in the presence of the
    traveller, and with the traveller watching -- but, whatever the
    procedures, it is probably impossible to distinguish between scanning a
    computer's disk and copying that disk if officialdom controls the process. 
    	It is also predictable that "national security" agencies --
    particularly those whose overt or covert charters require them to produce
    commercial intelligence -- will quickly seize upon such a fortuitous
    opportunity to collect full-disk snapshots from travelling executives'
    laptops.  Cheaper than a satellite by far, and perhaps as useful as many. 
    	Primitive techie evasions -- even some of the less sophisticated
    stego packages -- could be fairly quickly spotted with some upgrade of the
    systems used to copy and scan laptop hard-disks at Customs posts and
    border crossings. 
    	(In many cases, it might be found to be in the "national interest" 
    to let the visitor skip through Customs, the better to exploit information
    that could be later retrieved from that copy of his hard-disk. Immigration
    authorities typically have high-grade info on who is carrying that PC;
    even what company he or she works for.) 
    	Remote access passwords would be treasures that might be readily
    available from temp and swap files, captured in snapshots off many
    businessmen's machines. 
    	Although UK Customs apparently demands, or intends to demand,
    passwords for encrypted files... even if the businessman refuses, many --
    indeed most -- desktop crypto packages (particularly in Windows machines,) 
    are said to capture crypto keys in either or both swap files and temp
    	Unless this UK policy is quickly shown to have a significant
    impact on the willingness of international businessmen to enter the UK to
    do deals, I think we can expect many other nations to quickly follow suit
    -- in pursuit of both porn and commercial intelligence which might give
    their domestic industries, bankers, or traders some advantage. 
    	Copying and scanning the hard disks of travellers and businessmen
    leaving a country might be an easy extension of this policy, since many
    countries have laws about what can not be taken out of the country too. 
    	The upshot, I presume, will be to thrust more transborder data
    traffic -- most of it wholly legal, commercial, traffic -- encrypted into
    Cyberspace... where snoops and spooks have a far more difficult time
    tracking who is sending what to whom. 
    	Ain't paranoia grand?
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:04 PDT