Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, September 15, 2008

DHS Report Says Leave Laptops At Home

The U.S. Department of Homeland Security appears to be of two minds about the security of information on portable devices.  On the one hand, it defends border searches of laptops as necessary to limit the movements of terrorists, to deter child pornography, and to enforce U.S. laws.  On the other hand, it has warned business and government travelers not to carry laptops or other electronic devices when traveling abroad, as a way to prevent “unauthorized access and theft of data by criminal and foreign government elements.”

In a document titled “Foreign Travel Threat Assessment: Electronic Communications Vulnerabilities,” published June 10 by the DHS’s critical infrastructure threat analysis division and recently posted to Wikileaks, DHS urges business leaders and U.S. officials to “leave [electronic devices] at home” when traveling.

Recognizing that for some it may be impossible to travel without a laptop and phone, DHS recommends buying a single-use cell phone locally, carrying a designated “travel” laptop with a minimum of information on it, and using temporary Internet e-mail accounts that are not associated with a corporate or government entity.

“Even with these strategies, however, travelers should assume that all communications are monitored,” the DHS Threat Assessment says.  “All visitors should be aware that they have no reasonable expectation of privacy in public or private locations,” the bureau warned.

Peter P. Swire, a law professor at Ohio State University’s Moritz College of Law and a senior fellow at the Center for American Progress, says travelers ought to take such warnings seriously and practice good computer hygiene.

Nonroutine searches, such as a strip search, are distinguished by their invasiveness and require a “reasonable suspicion” that the person searched is involved in an illegal activity.  It’s not clear from a legal perspective whether laptop searches are routine or nonroutine, and it probably won’t be until the Supreme Court rules on the issue or Congress passes a law requiring reasonable suspicion for searches of electronic devices, which could happen next year.

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=210601724

Posted on 09/15
NewsPermalink