News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Steven J. Vaughan-Nichols's picture
Steven J. Vaughan-Nichols

Cyber Cynic

More posts | Read bio

April 30, 2008 - 7:54 P.M.

Road warrior security

5 comments

I see that a group calling itself the Association of Corporate Travel Executives is warning its members to limit the amount of proprietary business information they carry on laptops and the like because they're afraid that government agents can seize that data at border crossings.

Excuse me if I grin a little at this. There must be thousands, tens of thousands, of laptops and USB drives stolen every day, and you're worried about border guards? Please, get a clue. Custom agents are the least of your worries.

The real problem is carrying any proprietary business data on a laptop. Of course, the guy who swipes your notebook is probably far more likely to fence it for a dime on the dollar of its list value than he is interested in finding out your sales forecasts for the Acme SuperJuicers or even looking to see if you have customers' credit card numbers. Still, the way I figure it, a common, every day thief is a lot more likely to look at your data than U.S. Customs and Border Protection officials.

In any case, you shouldn't have any unprotected proprietary information on your laptop. Or, for that matter, any unprotected data of any importance. Sooner or later someone in your company is going to lose their laptop. So, the way I see it, you have two choices. You can either 1) Not put any important data on the laptop-that's what secure network connections like SSL (Secure Socket Layers) and VPNs (Virtual Private Networks) are for. Or, 2) use some kind of encryption system.

I'm going to presume that most of you are going to opt for number two, if you elect to do anything except rely on luck to protect your data. If you look behind door number two, you'll see you get a choice between encrypting the entire hard drive or just certain files.

The hard drive encryption systems, like Microsoft's EFS (Encryption File System) or the newer BitLocker, which can encrypt an entire Windows volume, have always made me a bit nervous. Hard drives are always doing bad things to me, and anything that gets between my hard drive repair tools and repairing the drive makes me twitchy.

So, when I look for laptop security, I look to PGP's Desktop Professional. It can be used with both Windows and Mac laptops-no Linux darn it-and you can set it to encrypt on a partition basis. What I always do is to set up one partition for the operating system and applications and the other partition, the encrypted one, for data.

In addition, Desktop Professional encrypts most common Windows and Mac e-mail and IM connections. Since, generally speaking, I'm more worried about someone tapping into my online conversations than I am someone stealing and then trying to crack my hard drive, I appreciate this feature a lot.

In any case, please, forget about worrying over border guards. Common thieves and forgetfulness-did I just leave my laptop in the taxi??-are much more likely to give you trouble. Just encrypt your data and then you won't have to worry about it so much. Of course, you'll still need to explain whow you lost your corporate laptop to the boss, but that's another problem entirely.

What People Are Saying

Add new comment

Security? Not Available

Submitted by Chuck on May 2, 2008 - 11:26 A.M.

Security and privacy are hugh issues. However, if the information on your laptop is your only source of proprietary information and you need to act upon some of that information when you return from your trip, you are out of luck if your laptop is seized for a period of time. Even if you diligently backup your laptop and did so just prior to your trip, it obviously is of little good if you worked on a project at the location of your business trip. Even if you have an online backup, what will you download it to if your laptop is your only computer?

Reply | Report this comment

Encryption isn't an answer

Submitted by George on May 2, 2008 - 2:56 A.M.

Border security doesn't (yet) routinely check computers - they have to be suspicious of the traveler for some reason. If they've already decided to check the traveler's computer, they will be extremely suspicious of any encrypted material they find. Their likely response will be to detain the traveler until someone provides them with the decryption key.

The problem is that HLS, TSA, etc. won't disclose how a name gets on their watch lists. No one really knows what may arouse suspicion: a person's name, the company they work for, where or how often they travel, etc.

I agree that companies are in little danger from border security disclosing their data, but what about the legal and business costs (should customers find out) that come from having their employees detained? The guy in the news was arrested for porn, not for smuggling CBN weapon plans.

It's already been decided by the courts that HLS doesn't need a warrant to check computers. What if law enforcement (FBI, DEA, ATF, IRS, etc.) asks that all travelers' computers be checked for illicit material? What if TSA begins doing the same for domestic travelers?

Encrypting sensitive material isn't an answer - it's just a step closer to a much bigger problem.

Reply | Report this comment

You've completely missed the

Submitted by Anonymous on April 30, 2008 - 8:25 P.M.

You've completely missed the point. If this invasion of privacy doesn't bother you, then you won't mind when they come to your home to seize all your data for no reason either. Have fun with that.

Reply | Report this comment

Invasion

Submitted by sjvn on May 1, 2008 - 9:05 A.M.

I'm addressing the point made by the group. As for an invasion of my privacy, I agree it is. But, in 2008, if you travel by air, you've already given up your privacy. The only thing I've managed to avoid in air travel in the last two years has been a strip-search. I imagine I'll have to endure one of those soon.

Is that horrid? Yes. It's also just the way things are now, and, unfortunately, I don't see it changing anytime soon.

Steven

Reply | Report this comment

Your words were

Submitted by Anonymous on May 1, 2008 - 11:03 A.M.

"In any case, please, forget about worrying over border guards."

This is your own editorial, not the point made by the group. My original comment still stands. In the larger scope people should be MORE worried about this new invasion of privacy and not shrug it off as you suggest.

Reply | Report this comment

Related Posts

WTF FTW LOL@ITBW!!1! (and Flash Portal)
Mac OS X: Vulnerable to new Trojans
Indian police: Terrorist attack used U.S. citizen's WiFi
Live Mesh first look: The future of computing?

Today's Top Stories

Context-aware mobility: What is it and how will it change the business world?
Vista Ultimate users fume, rant over Windows 7 deals
Elgan: The carrier coup must be stopped
DOJ officially opens investigation into Google Book Search
Judge temporarily dismisses MySpace cyberbully case
Mozilla slates first Firefox 3.5 patch
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.