Post by thread:[OT] Legally stealing my data?

On Friday 02 May 2008 09:31:37 Tamas Rudnai wrote: > If this is true probably I will never visit US, that would have been far > too much. > > http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ I would think that the easiest way to work around this is to just encrypt and upload the information you need, and download it after you cross the border. You can then just bring along a laptop, which has nothing personal on it. Cheers. -- with metta, Shawn Tan Aeste Works (M) Sdn Bhd - Engineering Elegance http://www.aeste.net

Exactly! That's why I could not understand them. A serious terrorist always could avoid this kind of security checkings, but a legitimate person like us would always suffer. You can encrypt data on laptop too, but if you refuse giving out of your password, then they do not let you in the US plus keep your laptop - I think that's more than illegal, that's against all the human rights. On Fri, May 2, 2008 at 9:53 AM, Shawn Tan <spam_OUTshawn.tanTakeThisOuTaeste.net> wrote: {Quote hidden}> On Friday 02 May 2008 09:31:37 Tamas Rudnai wrote: > > If this is true probably I will never visit US, that would have been far > > too much. > > > > > http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ > > I would think that the easiest way to work around this is to just encrypt > and > upload the information you need, and download it after you cross the > border. > You can then just bring along a laptop, which has nothing personal on it. > > Cheers. > > -- > with metta, > Shawn Tan > > Aeste Works (M) Sdn Bhd - Engineering Elegance > http://www.aeste.net > -

>> If this is true probably I will never visit US, that >> would have been far >> too much. >> >> http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ > > I would think that the easiest way to work around this is > to just encrypt and > upload the information you need, and download it after you > cross the border. > You can then just bring along a laptop, which has nothing > personal on it. This seems to assume that downloaded data is safe from intrusion. As it also crossed the border on the way in, and as it is trivially easy to copy it at the rate that it comes in at (unlike the data on a laptop*) then why should it be considered secure? Russell * A laptop with a full 120 GB hard disk transfers data through customs at about 33 MB/second, give or take a factor of 2 to 4 in some cases.

On Friday 02 May 2008 10:28:27 Apptech wrote: > > I would think that the easiest way to work around this is > > to just encrypt and > > upload the information you need, and download it after you > > cross the border. > > You can then just bring along a laptop, which has nothing > > personal on it. > > This seems to assume that downloaded data is safe from > intrusion. As it also crossed the border on the way in, and > as it is trivially easy to copy it at the rate that it comes > in at (unlike the data on a laptop*) then why should it be > considered secure? Hmm, because it's encrypted? The problem with crossing the border with encrypted data on your laptop is that they can compel you to reveal your password. Downloading your data after, just removes all the hassle. Forcing the government to devote it's time to breaking strong encryption to get at your vacation photos, is probably fun too. -- with metta, Shawn Tan Aeste Works (M) Sdn Bhd - Engineering Elegance http://www.aeste.net

There are three major differences on copying my data from a laptop or from the data stream on the internet: 1. From the internet there is no immediate association to me as a person - if anything suspicious information discovered, then they start investigating who was this person who sent it or received it. 2. I am NOT sending my financial information, my source of my propriety firmware or anything in a way that someone else could read it. I use gpg with 256 aes or maybe twofish. And I do not give them my password, if they want to see it, work for that hard at least and break it first. 3. And finally, they would not refuse entering to the country because of encrypted data is sent over the net... What will they do if someone writes a malware spreading and infecting computers, then storing some encrypted information on it, and when one or more arrived in the target country as soon as it attached to the net it sends the sensitive data to the target server? If my computer is infected like this and they discover I would not be able to give them the password as I simply do not have, so they will refuse me to enter and keep my laptop so I will loose everything? Money, work and even my reputation... Next they even will hang me because of this? On Fri, May 2, 2008 at 10:28 AM, Apptech <.....apptechKILLspam@spam@paradise.net.nz> wrote: {Quote hidden}> >> If this is true probably I will never visit US, that > >> would have been far > >> too much. > >> > >> > www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ > > > > I would think that the easiest way to work around this is > > to just encrypt and > > upload the information you need, and download it after you > > cross the border. > > You can then just bring along a laptop, which has nothing > > personal on it. > > This seems to assume that downloaded data is safe from > intrusion. As it also crossed the border on the way in, and > as it is trivially easy to copy it at the rate that it comes > in at (unlike the data on a laptop*) then why should it be > considered secure? > > > > Russell > > * A laptop with a full 120 GB hard disk transfers data > through customs at about 33 MB/second, give or take a factor > of 2 to 4 in some cases. > > > > > > > -

> I would think that the easiest way to work around this is > to just encrypt and > upload the information you need, and download it after you > cross the border. > You can then just bring along a laptop, which has nothing > personal on it. As others have noted here, the security agencies can (and do) un-encrypt the data as it goers by and check its contents. There have been mentions here in the past about password protected zip files attached to emails getting time delayed in transit - I cannot remember if it was days or weeks that they were delayed, but the time stamps on the mail headers showed it was when crossing the US borders. A better way would be to put the data on a flash card, USB or CF (I saw an announcement for a 32GB CF card recently) and stuff that in your shoe while going through customs. A CF card would fit nicely in a convenient slot in the heel while going through customs.

> -----Original Message----- > From: piclist-bouncesKILLspammit.edu [.....piclist-bouncesKILLspam.....mit.edu] On Behalf {Quote hidden}> Of Alan B. Pearce > Sent: 02 May 2008 11:02 > To: Microcontroller discussion list - Public. > Subject: Re: [OT] Legally stealing my data? > > > I would think that the easiest way to work around this is > > to just encrypt and > > upload the information you need, and download it after you > > cross the border. > > You can then just bring along a laptop, which has nothing > > personal on it. > > As others have noted here, the security agencies can (and do) un-encrypt > the > data as it goers by and check its contents. There have been mentions here > in > the past about password protected zip files attached to emails getting > time > delayed in transit - I cannot remember if it was days or weeks that they > were delayed, but the time stamps on the mail headers showed it was when > crossing the US borders. > > A better way would be to put the data on a flash card, USB or CF (I saw an > announcement for a 32GB CF card recently) and stuff that in your shoe > while > going through customs. A CF card would fit nicely in a convenient slot in > the heel while going through customs. If it was discovered during an XRAY etc, it would look far worse however! Mike ======================================================================= This e-mail is intended for the person it is addressed to only. The information contained in it may be confidential and/or protected by law. If you are not the intended recipient of this message, you must not make any use of this information, or copy or show it to any person. Please contact us immediately to tell us that you have received this e-mail, and return the original to us. Any use, forwarding, printing or copying of this message is strictly prohibited. No part of this message can be considered a request for goods or services. =======================================================================

> A better way would be to put the data on a flash card, USB > or CF (I saw an > announcement for a 32GB CF card recently) and stuff that > in your shoe while > going through customs. A CF card would fit nicely in a > convenient slot in > the heel while going through customs. You may not have had the same experiences that I have had going through customs :-). On at least some occasions they WOULD have found something in my shoe heel. And when that happens you are liable to have them ending up looking in a few others places for stuff "just in case" as well. Russell

>You may not have had the same experiences that I have had >going through customs :-). >On at least some occasions they WOULD have found something >in my shoe heel. >And when that happens you are liable to have them ending up >looking in a few others places for stuff "just in case" as >well. Yes, but was that entering or leaving the country? I am thinking you only need to hide it when entering, and AFAIK the shoe inspection is only on leaving a country.

Apptech wrote: {Quote hidden}>>> If this is true probably I will never visit US, that >>> would have been far >>> too much. >>> >>> www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ >>> >> I would think that the easiest way to work around this is >> to just encrypt and >> upload the information you need, and download it after you >> cross the border. >> You can then just bring along a laptop, which has nothing >> personal on it. >> > > This seems to assume that downloaded data is safe from > intrusion. As it also crossed the border on the way in, and > as it is trivially easy to copy it at the rate that it comes > in at (unlike the data on a laptop*) then why should it be > considered secure? > > > > Russell > It's pretty easy to encrypt stuff harder than that which is used for internet banking. Assuming that it was possible to break transport level encryption then the mafia or other similar organisations would have already done so and any flaws revealed. The fact that they persist in targeting end users which is a slow and difficult process rather than going for man in the middle attacks implies that it is likely impossible. If you are physically attached to your data then you can be compelled to give out keys to it. As to intercepting the data as it travels, china is trying, they have a fraction of the connected population and a free hand to do it, and they are failing. Encryption is illegal there as far as I'm aware, a friend of mine has a client with a branch office there. The great firewall was delaying their emails to the tune of 6 hours or so, and he was told its illegal for him to use a vpn to pass the data out. How much of that would be enforced is a separate issue.

Since the 'Government' is responsible, by law, to protect its citizens, what would you have them do? Can you deny that harmful things can be brought into the country in the form of encrypted information? If you data is so important to you that you need to have it with you while traveling, why not encrypt it and store it as an attachment in some email and then download it when you get to your destination. Just don't carry it with you through customs. It is hubris to think anyone gives a damn about your data anyway, especially some customs or TSA drone at an airport. Vic -- ______________________________________________________________ Victor Fraenckel KC2GUI windswaytoo ATSIGN gmail DOT com

> How are you going to prove that you have given them the key and > the data is supposed to be random junk? Well, you can generate a "key" that if you xor the encrypted data with, it reveals the War And Piece so they will be satisfied :-) On Fri, May 2, 2008 at 4:35 PM, sergio masci <EraseMEsmplxspam_OUTTakeThisOuTallotrope.net> wrote: {Quote hidden}> > > On Fri, 2 May 2008, David VanHorn wrote: > > > Large files full of random data, encrypted with large keys. > > :) > > -- > > The worst of all possible situations. What's going to happen WHEN the CIA > come knocking on your door in your own country (NOT the US) and demands > the key. How are you going to prove that you have given them the key and > the data is supposed to be random junk? > > Regards > Sergio > -

On Friday 02 May 2008 16:35:17 sergio masci wrote: > The worst of all possible situations. What's going to happen WHEN the CIA > come knocking on your door in your own country (NOT the US) and demands > the key. How are you going to prove that you have given them the key and > the data is supposed to be random junk? Can't you just set your guard dogs at them for trespassing and leave it at that? But it's funny how governments are so focused on catching data coming in, that they are happy losing data going out. I think that it's just as dangerous, if not more so, to lose sensitive information (laptops and CDs). -- with metta, Shawn Tan Aeste Works (M) Sdn Bhd - Engineering Elegance http://www.aeste.net

>In China they were XRaying all bags (but not shoes as far as >I know :-) ) before getting onto the train in Qingdao - 400 >to 500 km away from Beijing and Shanghai. When we went on the train from China to Russia they weighed all the bags, and we had to pay excess baggage. This got introduced as there were so many traders taking stuff from china to Russia that they had to control how much they took by making them pay excess baggage charges. We couldn't avoid it despite obviously being tourists. There was a train stop after we got on, before the border, and this seemed to be the stop the traders got on. You have never seen so much stuff tossed into a coach in a 10 minute stop. The corridor was absolutely solid with goods, which were then stacked in the traders compartment once the train got underway. Once that was done, the lady responsible for the coach made them sweep the corridor out before she laid out the carpet strip along the corridor. She wasn't having any truck with having to clean up after the traders !!! Quite a lesson the ways of international relations ... ;))

On Fri, May 2, 2008 at 9:34 AM, Vic Fraenckel <windswaytoospam_OUTgmail.com> wrote: > Since the 'Government' is responsible, by law, to protect its citizens, what > would you have them do? Can you deny that harmful things can be brought into > the country in the form of encrypted information? If you data is so > important to you that you need to have it with you while traveling, why not > encrypt it and store it as an attachment in some email and then download it > when you get to your destination. Just don't carry it with you through > customs. It is hubris to think anyone gives a damn about your data anyway, > especially some customs or TSA drone at an airport. By that logic, I have no reason to prevent random searches of my home or my person either.. Sorry, that's unacceptable. The government is also charged with defending our rights, which does conflict with other goals they have, but our rights are supposed to be inviolate. FWIW I oppose random traffic stops for the same reason. I applaud what they are trying to do, but I despise the methods they are using.

On Fri, 2 May 2008, Shawn Tan wrote: {Quote hidden}> On Friday 02 May 2008 16:35:17 sergio masci wrote: > > The worst of all possible situations. What's going to happen WHEN the CIA > > come knocking on your door in your own country (NOT the US) and demands > > the key. How are you going to prove that you have given them the key and > > the data is supposed to be random junk? > > Can't you just set your guard dogs at them for trespassing and leave it at > that? > > But it's funny how governments are so focused on catching data coming in, that > they are happy losing data going out. I think that it's just as dangerous, if > not more so, to lose sensitive information (laptops and CDs). Why is it so funny? The wrong piece of information could expose a corrupt government. Surely that's as dangerous to them as a bomb would be to us. Regards Sergio

On Sat, 3 May 2008, Apptech wrote: > > How can you prove that you didn't hide data in those > > pictures with > > steganography? > > Sssssh!!! > Don't tell people! > I was keeping quiet about that. > Go on joke! In the UK we have the RIP act. If an individual is asked for a password or encryption key he/she can be imprissioned for 2 years if he/she does not produce it. Furthermore that individual can be imprissioned for a further 3 years if he/she informs anyone that they were asked for the password or encryption key. So some a*hole sends you an email containing something "bad". You have no knowledge of the contents or the encryption key but you can be put away for it. Still laughing? Regards Sergio

>> The worst of all possible situations. What's going to happen WHEN the CIA >> come knocking on your door in your own country (NOT the US) and demands >> the key. How are you going to prove that you have given them the key and >> the data is supposed to be random junk? > >Can't you just set your guard dogs at them for trespassing and leave it at >that? Not the way the American legal system has come knocking on UK borders to get people extradited for supposed white collar crime - e.g. the 3 British bankers who have been extradited for dealing with the local Enron representatives ...

sergio masci wrote: > On Fri, 2 May 2008, David VanHorn wrote: > > >> Large files full of random data, encrypted with large keys. >> :) >> -- >> > > The worst of all possible situations. What's going to happen WHEN the CIA > come knocking on your door in your own country (NOT the US) and demands > the key. How are you going to prove that you have given them the key and > the data is supposed to be random junk? > > Regards > Sergio > When I was younger and making real money, I owned two safes. The first one was showy and behind a large picture, and held $200 in cash, that's all. The second was in my basement floor under a false floor. It held the real money, passports, precious documents. If the bad guys (cops _or_ robbers) came, they got the stuff inside the picture safe, nothing else. We never admitted to anyone that there were two safes. You can do that with encrypted files, too. Flash drives with TRUECRYPT.EXE and encrypted hidden containers will do the same function. Have one container unhidden, have several more hidden. Put junk in the unhidden container and several hidden ones, then put the good stuff in a final encyrpted, hidden container. The problem with governments are that they are both bad and good at the same time. Any government strong enough to give you anything you want, is strong enough to take everything you've got. As an old friend once told me, "government is like fire. Confined in a stove, it can keep you warm and cook your food. If it gets loose from the stove, it will just as easily burn your house down. The stove is the Constitution; if that is ever removed, things will become very bad in the USA".

On Fri, 2008-05-02 at 09:31 +0100, Tamas Rudnai wrote: > If this is true probably I will never visit US, that would have been far too > much. > > www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ > > ...So please tell me that it is fake :-) > Tamas Unfortunately I believe it's at least mostly true, most of this was actually reported about a week ago. I don't think people realize that when you try to cross the US border most of the "rights" people think they have disappear. The fact that this story surprises people is further evidence of that. TTYL

On Fri, 2008-05-02 at 11:02 +0100, Alan B. Pearce wrote: > A better way would be to put the data on a flash card, USB or CF (I saw an > announcement for a 32GB CF card recently) and stuff that in your shoe while > going through customs. A CF card would fit nicely in a convenient slot in > the heel while going through customs. This idea will most likely get you sent to the "strip search" room. Remember, in almost all US airports shoes must be removed and put through the XRay machine. What do you think their reaction will be if they see something hidden, nevermind a CF card or flash key in your shoe? TTYL

Bob Axtell wrote: > When I was younger and making real money, I owned two safes. The first > one was showy and behind > a large picture, and held $200 in cash, that's all. The second was in my > basement floor under a false floor. > It held the real money, passports, precious documents. LOL :) so this is not just a friend of mine's thought. He was on holiday in a roulotte. He hid a wallet below the pillow or so, with just a bit of money. And then put the real money somewhere else... -- Ciao, Dario

If you still live in England, you have absolutely no reason to carry a laptop with you in US. Just store your interesting information on a server with FTP access, buy a laptop in US (now is cheaper than anywhere in the world because of dollar fall, I've seen amazing laptops at $700) and load it with the software you have stored. BTW, a plastic USB storing device is not very visible on Xray. They put to take out your shoes only when go out from US, not when you go in, I guess is just for amusement... :) The guys from Xray are making two dollar bets on how fast are peoples... On 5/2/08, Tamas Rudnai <@spam@tamas.rudnaiKILLspamgmail.com> wrote: {Quote hidden}> If this is true probably I will never visit US, that would have been far too > much. > > http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/ > > ...So please tell me that it is fake :-) > Tamas > > > -- > Rudonix DoubleSaver > http://www.rudonix.com > -

> He was on holiday in a roulotte. He hid a wallet below the pillow or so, > with just a bit of money. And then put the real money somewhere else... Sounds like a common solution to me. So tell me the end of the story, your friend went back and the wallet with the small money was still there, but the other one has gone? :-) On Fri, May 2, 2008 at 4:31 PM, Dario Greggio <KILLspamadpm.toKILLspaminwind.it> wrote: {Quote hidden}> Bob Axtell wrote: > > > When I was younger and making real money, I owned two safes. The first > > one was showy and behind > > a large picture, and held $200 in cash, that's all. The second was in my > > basement floor under a false floor. > > It held the real money, passports, precious documents. > > > LOL :) > so this is not just a friend of mine's thought. > > He was on holiday in a roulotte. He hid a wallet below the pillow or so, > with just a bit of money. And then put the real money somewhere else... > > -- > Ciao, Dario > -

>> through the XRay machine. What do you think their reaction will be if >> they see something hidden, nevermind a CF card or flash key in your >> shoe? > >Hmm, I assumed he meant "down the heel, in the socks" Well, that was my initial thought, on the basis that one could probably slip a CF card down your sock without it being too noticeable when you come into the country. But then such a card could just as easily be tucked into a shirt pocket, or put in with the camera (make sure there are a few photos on it, its a spare card for the camera ...), or any of a number of other places. Hmm, now The Gadget Show has been playing with some rugged USB drives recently ... ;))))

Tamas Rudnai wrote: >>He was on holiday in a roulotte. He hid a wallet below the pillow or so, >>with just a bit of money. And then put the real money somewhere else... > > Sounds like a common solution to me. So tell me the end of the story, your > friend went back and the wallet with the small money was still there, but > the other one has gone? :-) I see :) Oh, no, nothing bad happened - though it was "bad" part of Italy (don't want to tell the exact place, in case anyone on hte list may feel offended :))) BTW I never did that.. -- Ciao, Dario

Just program the data to a 18F USB device that you make a "product" from like a USB serial converter... when you arrived download the firmware... You can scramble the data so even if they read it out hard to prove if that is a junk that left there after the development phase or is an encrypted data. There are millions of way to slip data into and from a country, bad guys will use them even more advanced methods, and you suffer the rest. Maybe they could get caught some pedofils or illegal Microsoft users but is that really worth the effort? Tamas On Fri, May 2, 2008 at 5:19 PM, Alan B. Pearce <RemoveMEA.B.PearceTakeThisOuTrl.ac.uk> wrote: {Quote hidden}> >> through the XRay machine. What do you think their reaction will be if > >> they see something hidden, nevermind a CF card or flash key in your > >> shoe? > > > >Hmm, I assumed he meant "down the heel, in the socks" > > Well, that was my initial thought, on the basis that one could probably > slip > a CF card down your sock without it being too noticeable when you come > into > the country. But then such a card could just as easily be tucked into a > shirt pocket, or put in with the camera (make sure there are a few photos > on > it, its a spare card for the camera ...), or any of a number of other > places. > > Hmm, now The Gadget Show has been playing with some rugged USB drives > recently ... ;)))) > > -

On Friday 02 May 2008 17:34:30 Tamas Rudnai wrote: > Just program the data to a 18F USB device that you make a "product" from > like a USB serial converter... when you arrived download the firmware... You > can scramble the data so even if they read it out hard to prove if that is a In the same vein, you could print out the encrypted data in armored text (or some sort of 2D bar code). Then, just cross the border with sheafs of paper in your luggage. You can even bind it together into some sort of book and just waltz across the border while pretending to read it. -- with metta, Shawn Tan Aeste Works (M) Sdn Bhd - Engineering Elegance http://www.aeste.net

Vic Fraenckel wrote: > Since the 'Government' is responsible, by law, to protect its citizens, > what would you have them do? Can you deny that harmful things can be > brought into the country in the form of encrypted information? If you followed the discussion, you probably got a reasonable impression how encrypted information can be brought into the country in a number of ways, bypassing the random copying of private data from private notebooks. > If you data is so important to you that you need to have it with you > while traveling, why not encrypt it and store it as an attachment in > some email and then download it when you get to your destination. This sounds as if you would contradict yourself here. If it's that easy to circumvent this random intrusion, what makes you think this is a useful measure? Don't you think that the "bad guys" are just as smart? Besides, this sounds as if you never were on the road (or better, "in the air") visiting clients, for example. There's all kinds of stuff that I have in my computer, just in case. Some is sensitive, some is private... the thing is, I use my computer for more than hobby PIC projects and downloading pictures :) So, according to this advice, I'd have to carefully search my system, separate all the private and sensitive data, remove it (and making sure I know from where I removed it, as some programs are a bit picky about where to find their data files), make sure I don't run any of those picky programs while their data is not where they expect it, upload it (maybe GB) to some server, then at the target location get it all down again, distribute it to the correct places, yada yada yada. Lots of work -- for what? > Just don't carry it with you through customs. It is hubris to think > anyone gives a damn about your data anyway, especially some customs or > TSA drone at an airport. So why would they want to copy it? Gerhard

> If you still live in England, you have absolutely no > reason to carry a > laptop with you in US. > Just store your interesting information on a server with > FTP access, > buy a laptop in US (now is cheaper than anywhere in the > world because > of dollar fall, I've seen amazing laptops at $700) and > load it with > the software you have stored. > BTW, a plastic USB storing device is not very visible on > Xray. For customs I carry my camera Flash cards in a small bag that fits in my closed hand. If they spot it, which varies, I open it and show them the cards. I point out that they are my canmera cards and that I'd rather not have them XRayed. Almost always they accept this, glance at them and let me through. Occasionally they insist on XRaying them. I do not think that XRays at the level they use are liable to be a problem but it's a possibility which I'd rather avoid. Apart from photos since last PC session I always have duplicates of my photo files on laptop HDD and maybe CD/DVD/external HDD as well. I do get the occasional corrupt photo file for reasons unknown - but this is true locally as well as on international trips. > They put to take out your shoes only when go out from US, > not when you > go in, I guess is just for amusement... :) Gaggle "Richard Reid" shoe or "Abdul Raheem" shoe Russell

sergio masci <smplx <at> allotrope.net> writes: > Why is it so funny? The wrong piece of information could expose a corrupt > government. Surely that's as dangerous to them as a bomb would be to us. They are not afraid because all governments are corrupt. That's why it's 'legal' to extradite citizens to a country they have nothing to do with because they wrote some software or other and that's why data about foreign bank accounts obtained illegally by breaking the law can be used 'in support' of a legal investigation that can put people in jail and worse. In general, the act of a citizen of a country that condones or helps another country to obtain and export data, goods or people from his own country against prevailing laws is called treason. It's the voter's choice how much of this treason they are willing to support, at least in democratic countries. Oh, and, by the way, treason commited by state officials, such as members of the security forces, police, government employees and army are much, much worse than treason commited by private individuals. Some places they still hang those who do such things. Peter