Data at the border

This post is for no one in particular (unless it is for someone in particular) who may be crossing from one country into another in the near future with one or more gadgets full of information that could be considered confidential. Data crosses borders, though cables, towers sending transmissions, and space. Some things about you are already there ahead of you, and some data you bring with you… on your laptop, mobile, USB stick, SD card, and  the like.

Today’s blog is focused on the latter: The data you physically cart with you when you show up at the checkpoint, the airport, train station, port or at whatever official point of entry you may find yourself.

There are a lot of reasons for this: You’re traveling from a country with one set of laws to a country with another set of laws. You may be working on a project that runs afoul of restrictions on free speech, or you may be in contact with sources whose names are on lists on either side of the border, or both. You may already be on one of these lists, or both, depending on what you’ve been up to previously and how interesting it is.

Decide what to offload…

This could just be a few files, or it could be a a lot more. It’s likely more than you think. Consider your contacts, your calendar, your photo and video libraries, your documents. Think about your email accounts and your web browser history. Think about anything that could cause you to spend more time at border control instead of less time. We’ll leave it at that.

What you can use…

Hidden volumes with Veracrypt. Use the open source file encryption software’s hidden volume creator to essentially create an invisible section on your computer where you can store sensitive work information, contact details or whatever it is that may cause trouble at border control. If you’re asked to open your computer, turn it on and click around, you can do so without worrying that this section of your hard drive showing up. Move this over to an SD card that can be removed from your computer or even installed in something else like a camera or kept somewhere else more discrete.

Offload your encrypted archive. Or, don’t carry it with you at all. Use Veracrypt or GPG encryption to encrypt a directory of your classified information and then store it anywhere you like in the cloud. So long as you’ve given it a complex password, you can rest assured that no one is opening it except for you on your computer.

 Protect your encrypted files from password cracking with a keyfile. For extra protection using Veracrypt, require that the password is used along with a keyfile that only exists on your laptop or in some hidden location you’ll find again. This file doesn’t look suspicious. It can be any piece of data you choose. It could be a jpeg of your cat. It’s just that when you try to open your encrypted volume with your passphrase, you’ll also need to tell Veracrypt to include this file as well to unlock your stuff. It’s essentially creating a method to ensure the encrypted volume still can’t be opened if someone manages to guess the passphrase.

Create an anonymous place online to keep your encrypted file. After you’ve secured your sensitive data, it’s got to go somewhere it won’t readily attract much attention. you could store it somewhere far inside one of your program folders on your computer, but as it’s securely encrypted, you could store it in the cloud and not worry about it. Give it a random, non-interesting name and upload it to Google Drive or Dropbox, or your own server, or anywhere. When you’re safely beyond the reach of border control, turn on your VPN or Tor Browser and get it back (and to put it there).

Relay your data with someone you trust. This is an alternative to storing it online, and can be useful, particularly if it’s just a few files and the size isn’t to difficult or time consuming to transfer. If you have a good contact where you’re going, you can send them the files in advance, and have them waiting for you there when you arrive. Conversely, if there’s someone you trust on the side of the border you’re leaving, they can securely relay your data to you when you’re past all the checkpoints. You’d stlll want to encrypt the files using either Veracrypt or GPG, but we’re going to add a couple of channels of communication between you and your contact to shift the data.

The first channel is called OTR. the second is called volatile file sharing. And you’re better off using Tor or a VPN for doing these as well. OTR is a quick and anonymous-friendly way of having a quick chat, sharing links or files and not leaving much of a data trail for the effort. Volatile file sharing creates short, instant web links that will only exist for as long as you need them, and then vanish without a trace when you turn them off.

Jump on a secure, open source OTR messaging service, like, Jitsi, Cryptocat, Adium or Pidgin+OTR. Verify you’re talking to the right person. Both of you should have the Tor browser running. Through the Tor Browser the encrypted file can be sent using Volatile file sharing service FileTea. Even better, the person sending the file could use OnionShare which creates a Tor-access-only URL. As soon as the file has it’s temporary link, share it through the OTR messenger. As soon as it’s downloaded, disable the link. Fini!

There’s an app for that…

There’s also an excellent resource on the Umbrella App for iPhone or Android called “How should I prepare to cross a hostile border?” which can help you sort out an entire plan for both digital and physical security.