Post on 22-Jan-2018
The Trump Era
Who am I?
● Chief System Architect of
● I teach Network Security and Linux System Administration
● Slashdot 08.Feb.2017
US Visitors May Have to Hand Over Social Media Passwords: DHS
● Slashdot 12.Feb.2017
US-Born NASA Scientist Detained At The Border Until He Unlocked His Phone
● Slashdot 18.May.2017
US and EU Reject Expanding Laptop Ban To Flights From Europe
● Slashdot 18.May.2017
US and EU Reject Expanding Laptop Ban To Flights From Europe
● What does this actually mean?
● Now a simple trip to the US becomes threat to your personal life and company data
● You do not have rights under the US law, because technically you haven't entered the US
● The DHS agents may decide to copy all your data, without notifying you.
● By giving away your passwords to the DHS you may violate the contract with your company and immediately become liable under the laws of your own country
● EU privacy laws state that customer data, such as names, addresses, IDs and so on, should be stored only on EU soil. If for whatever strange reason you had left any such data on machine that is searched by the DHS, you and your company are liable under EU privacy laws– EU GDPR
● Why would you unlock your laptop/phone– you may be detained until you provide your
passwords
– you will miss all your appointments
– you will lose the money for this whole trip
– you will lose potential customers
– miss conference or training
● So what can YOU do?– encrypt the data on your computer
● cripple on purpose your encrypted storage● leave the beginning of your encrypted
storage at home or at any other third party, that you can relay on
● make sure there is NO WAY for YOU to recover the encrypted data, without that part, that is NOT with you
● Why would you leave most of your data on the laptop and only cripple the encrypted storage?– Internet in the US is actually BAD... VERY BAD
– Downloading 10-15GB of data may not even finish for one night :(
– leaving most of your data on your PC means faster restore time
● What to encrypt– all private data
– browser profile
– emails and email profiles
– all downloads
– all instant messaging logs
– settings of your applications
● If you have a VPN, keep its keys in the encrypted storage, so DHS would not have access to them
● It is also a good idea to disable your VPN keys/accounts while you are traveling to/from the US.– setup a simple and effective way to enable your
VPN once you have passed the border control
● Keep all your passwords and keys encrypted– make sure you can not retrieve them without a third
person that is NOT in the US right now
– this way you will NOT lie to a polygraph test and you may hope for faster entry in the US
Phone
● Wipe your phone before boarding the flight to the US
● Remove all facebook/google/slack/twitter and etc. accounts
● Move all your private data to encrypted SD card and remove it from your phone before boarding the flight– I'm sorry iPhone users... for you, you can backup
everything to the iCloud
● Once you are at the hotel, recover your phone from your PC
What am I doing
● eCryptfs● LUKS over a loop device● Keep all passwords, including the one for the
eCryptfs on the LUKS● Cripple the LUKS● My wife has the important 5MB from the image
and she will tell me where she uploaded them once I enter the US
Thank you!