CBA on Securing Laptops to Cross U.S. Border
The Canadian Bar Assocation’s Practice Link has a substantial and practical article by Luigi Benetton, “How to Secure Your Laptop Before Crossing the Border.” Benetton sets out ten steps you can and should take if you’re planning to travel to the U.S. with a laptop used in your practice:
- Be Anonymous [… which is not a sure thing, hence… ]
- Travel with a “Bare” Computer
- Turn Off Your Computer, Early
- Back Up Your Data
- Use a Different User Account to Hold Sensitive Information
- Partition and Encrypt Your Entire Hard Drive
- Protect FireWire Ports
- Store Data on Small Devices
- Protect Phones and PDAs
- Clean Your Laptop When Returned
My own approach would be to strip my computer bare before getting to the border and then to draw down from a secure internet connection any data I needed upon arriving at my destination. Interestingly, one of the commentators on the Benetton article asks about software that can properly clean a laptop. Simple re-formatting might not do the trick. Any suggestions?
[We’ve raised this issue a number of times on Slaw:
Crossing the Border
FMC on Border Crossing
Laptops and Cross-Border Security
Loose Laptops Cause Flops ]
If you have a Mac, I believe there is an option to do a 30 pass format, where it basically fills your drive with 0’s and 1’s back and forth 30 times before finally finishing the format. Apparently this is the most secure that Apple offers, and *should* be good enough for most users.
Destroying data on a hard disk is a tricky business. A simple reformat is NOT enough to prevent easy data recovery. Writing multiple passes of 1’s and 0’s is better but still thought by most to be insufficient due to an effect know as “ghosting”. Ghosting is akin to writing on a paper pad and pulling away the top sheet only to have the imprint of the letters remain on the page below. Writing multiple passes of 0’s to a disk as the above poster suggested is a meager attempt to skirt this issue.
Enter “dban”. Dban is a free/open source software system for destroying hard drive data. It provides data destruction that is considered sufficient for many government agencies.
all the best,
(a concerned US college student)