I received an interesting email from a reader. To paraphrase, the question is how one can go about removing all personal information from a laptop prior to crossing the border so that, in the event the computer is searched, one’s email, contact lists, documents, browsing history, etc., remain private.

It’s an interesting question partially because of the technical issues it raises, and partially because, if I had received the same email a few years ago, I might have assumed that the person who wrote it was up to no good and just deleted it.  But, today, customs officials in many countries including Canada and the United States have asserted the right to search computer hard drives, including making copies. They apparently don’t even require any probable cause to do so and that makes a lot of people uncomfortable.

Personally, I think these searches are silly.  Terrorists already know how to protect their information and anyone caught at the border with child pornography on their hard drive deserves to be arrested and tossed in jail.  These searches are security theatre — they give the appearance of doing something while they utterly fail to accomplish their stated goals.

The problem is that these searches can expose our private correspondence, banking information, passwords, sensitive business documents and information with legal privilege to Government agents and it is not clear what they will be doing with it.  As a security consultant, you can bet that I’ve read Web pages on topics such as ‘improvised explosives’.  I can’t possibly understand how to protect against things I don’t know about.  But what will a young, overly-enthusiastic border guard think upon finding it in my browser history? Will he or she consider it within context? Or will I and every person in my contact list be investigated as a potential terrorist?

Some will undoubtedly feel that I shouldn’t write this article. But consider this:  Before you drive your vehicle across the border, you have the opportunity to clean it out. You can vacuum the stale fries from between the back seat, remove the half-empty bottle of Jack Daniels from your cooler and ensure that you didn’t accidentally leave a box of shotgun ammo in the trunk on your last hunting trip. You can also empty your briefcase and leave those solicitor-client privileged files at home along with the unfiled patent application for your latest invention. But what about your computer?

The obvious solution is to leave your computer at home, too. But, if you need it to do your job or you’d like to use it to keep in touch with friends and family while you’re on the road, that may not be a viable option.

You could have a second computer that you only use for travel.  But that confidential email you read using your Web browser might be cached on the hard drive. And it could stay there for a while.

Hard drive encryption is another option.  Full Disk Encryption (FDE) products will encrypt every bit on your hard drive and render it inaccessible without your passphrase.  I generally recommend using one of these products because it protects your information if your laptop is stolen.  The problem is what to do when border agents demand your passphrase.  While some may be prepared to politely decline, many people fear repercussions.

The technical problem you face is that even if you delete everything you don’t need, the files are not actually gone. Anyone with forensic software — and that, presumably, includes the border folks — can recover them. They can recover old email, Web pages you have visited and a long list of other things.

Software exists to clean up your hard drive and overwrite the disk space where files used to be, and that can certainly help.  The best known is Evidence Eliminator from Robin Hood Software Ltd. in the UK.  I tested a version a few years back and, while it certainly overwrote free space and prevented files from being recovered, it also ironically left a lot of evidence that it had been used. In other words, it will be painfully obvious to anyone with basic forensic training that you used a program called ‘Evidence Eliminator’. And it’s difficult to know how they will react to that.

Another option is to completely overwrite your hard drive using DBAN (a freely downloadable boot CD) and then reinstall the operating system.  Frequent travelers could make this process less painful by purchasing a Netbook with a small hard drive, installing all needed applications and then using Norton Ghost to make a copy of the entire system.  Next trip, run DBAN and re-image the laptop using Ghost.  If sensitive documents are generated while on the road they can be uploaded to a secure server and the system wiped using DBAN prior to the return trip.  Alternatively, some organizations provide remote desktop capabilities. This may prove to be an excellent solution for international travelers because all documents and other information remains on the user’s desktop or a corporate server and the notebook computer is used only as a remote terminal.

Finally, one could remove the computer’s hard drive altogether and boot from a ‘live CD’.  For example, Knoppix can be downloaded and burned to a CD or DVD and it includes a bootable Linux distribution and applications like OpenOffice.  While having no local storage may be inconvenient, if you just need Web access when you are on the road this approach guarantees that no information will remain once you turn off the computer’s power.  Every time you boot the computer you have a fresh environment.  Low cost USB flash drives can be used for temporary document storage and overwritten or physically destroyed when they are no longer required.  Some “live” distributions can also be booted from a USB drive.  But you may have to explain your unusual system at the border.

In summary, it’s your computer and there are ways for you to take charge of what information is stored on it.  It’s up to you.  Choose wisely.

5 Responses to Sterilizing your laptop for travel

  1. Robert McKenzie
    Mar 23, 2009

    Very good article and it raises some very valid points. It has become a very worrying trend with Customs officials just poking around your computer with out just cause. I think what scares me more then the thought of them finding anything incriminating (which they are unlikely to do) is inadvertently causing damage to my files/OS in their unskilled methods of looking through my computer.

    I keep a USB flash drive formated with TrueCrypt and store a full PortableApps.com suite of tools on there including Thunderbird and Firefox, as well OpenOffice and a copy of docs I use most. That image is backed up all the time so should the flash drive get lost, stolen or stolen-in-authority (confiscated by some Gov’t “agent”) then it’s no biggie. The files aren’t lost and I will know they will be of now use the “agent” either.


  2. Evolving Squid
    Mar 23, 2009

    Full disk encryption (a la TrueCrypt, et al), and all your private data on further encrypted partitions. In my case, I use Truecrypt to create mountable volumes in files and bury them in places where there would be big files anyway.

    So, if they compel the password by some means, they can search the drive and get very little. TC doesn’t save histories etc.

    I also consider my laptop to be disposable, as far as unreasonable and unwarranted search and seizure goes. They can take it and give me a receipt. That might cost me some $, but I have better things to do that argue with some unknowledgeable drone in customs.

    My really sensitive stuff is encrypted in checked baggage or encrypted and carried on my person.

  3. kingthorin
    Mar 23, 2009

    Evidence Eliminator alternative from MS:

  4. Dave Kalisher
    Mar 24, 2009

    Just backup your files on a secure USB derive and put it in your wallet. I doubt if anyone will search specifically there. And if they will, then your wallet is not be the only interesting item for them… you can ask the same thing about your mobile phone- that in these days can upload any kind of file.

  5. Ted
    Apr 29, 2009

    I advise not to keep any private information at your laptop. Keep it at the remote PC and connect it using remote access software. I wrote an article about this solution and you can read it at http://remote-access-software.net/security/reflections-about-cbp-and-remote-access.html

Leave a Reply