Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Schneier on US Customs Notebook Searches: Do not follow the rules By Roger Halbheer, on May 20th, 2008 I just read this article by Bruce Schneier on what to do about US Customs searches: Taking your laptop into the US? Be sure to hide all your data first
So, if you look at part of his recommendations, they are:
- You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key – even if you also encrypt your entire hard drive – and keep your sensitive data there.
- […]consider putting your sensitive data on a USB drive or even a camera memory card: even 16GB cards are reasonably priced these days. Encrypt it, of course, because it’s easy to lose something that small. Slip it in your pocket, and it’s likely to remain unnoticed even if the customs agent pokes through your laptop. If someone does discover it, you can try saying: “I don’t know what’s on there. My boss told me to give it to the head of the New York office.” If you’ve chosen a strong encryption password, you won’t care if he confiscates it.
So, if you look at the two recommendations above, he actually tells you to lie at the customs control and try to hide data away from the officials… So, he suggests that you are committing a crime. Pretty risky game, isn’t it.
Well, to be fair: He gives another advice as well, which is using a forensically clean notebook and download the data from you corporate network once you crossed the border. This is a legal and safe practice.
Do not get me wrong: I do not like the rules of the US customs at all – not that they are alone, other countries do the same – as they simply are not on the standard for a developed country with a sound legal system. I do not have a problem if they search a notebook based on a court ruling with reasonable suspicion. But to do it just because the officer at customs had a bad night and does not feel well is not up to the standard the US measures the rest of the world.
This is no reason however, to become commit a criminal activity.
Roger
Related posts:
- The Debate on Security Metrics
- The Best Security Blogs on the Web
Leave a Reply
|
|
|
