Reply From: Vin McLellan <vin@shore.net>
The new UK Government policy -- "Computer hard disc scanning by HM
Customs & Excise" -- has just been announced as "What's New" on the UK's
"Open Goverment" website: http://www.open.gov.uk/customs/discscan.htm
"Scanning for porno" at the UK border, as it has been described,
entails _copying_ the traveller's hard-disk and then scanning for
whatever.
British spokesmen are trying to make the point that nothing bad
could be happening since all this takes place in the presence of the
traveller, and with the traveller watching -- but, whatever the
procedures, it is probably impossible to distinguish between scanning a
computer's disk and copying that disk if officialdom controls the process.
It is also predictable that "national security" agencies --
particularly those whose overt or covert charters require them to produce
commercial intelligence -- will quickly seize upon such a fortuitous
opportunity to collect full-disk snapshots from travelling executives'
laptops. Cheaper than a satellite by far, and perhaps as useful as many.
Primitive techie evasions -- even some of the less sophisticated
stego packages -- could be fairly quickly spotted with some upgrade of the
systems used to copy and scan laptop hard-disks at Customs posts and
border crossings.
(In many cases, it might be found to be in the "national interest"
to let the visitor skip through Customs, the better to exploit information
that could be later retrieved from that copy of his hard-disk. Immigration
authorities typically have high-grade info on who is carrying that PC;
even what company he or she works for.)
Remote access passwords would be treasures that might be readily
available from temp and swap files, captured in snapshots off many
businessmen's machines.
Although UK Customs apparently demands, or intends to demand,
passwords for encrypted files... even if the businessman refuses, many --
indeed most -- desktop crypto packages (particularly in Windows machines,)
are said to capture crypto keys in either or both swap files and temp
files.
Unless this UK policy is quickly shown to have a significant
impact on the willingness of international businessmen to enter the UK to
do deals, I think we can expect many other nations to quickly follow suit
-- in pursuit of both porn and commercial intelligence which might give
their domestic industries, bankers, or traders some advantage.
Copying and scanning the hard disks of travellers and businessmen
leaving a country might be an easy extension of this policy, since many
countries have laws about what can not be taken out of the country too.
The upshot, I presume, will be to thrust more transborder data
traffic -- most of it wholly legal, commercial, traffic -- encrypted into
Cyberspace... where snoops and spooks have a far more difficult time
tracking who is sending what to whom.
Ain't paranoia grand?
_Vin
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sun Aug 23 19:51:36 1998