Written by Mwendwa Kivuva
Humans have been traveling across the globe even before borders were drawn for reasons ranging from business, exploration, social, medical, education, and migration. After 9/11, traveling became more complex with tight Visa rules, military grade screening of passengers, and increased surveillance. The latest casualties of these tight measures are ICT savvy travelers.
In March 2017, The US and Britain introduced new regulations for flights[1] from Middle East, and Africa. The regulations ban passengers from carrying large electronic devices citing security concerns. The countries affected[2] were Jordan, Egypt, Turkey, Saudi Arabia, Qatar, Kuwait, Morocco and the United Arab Emirates. The circular from the US homeland security read:
These enhancements apply to 10 specific airports. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).
With the new regulations, any device bigger than a hand help phone should be put in the checked-in luggage, and not carried onboard by the passenger. The listed devices are laptops, tablets, e-Readers cameras, Portable DVD players, and electronic game units larger than a smartphone, travel printers, and scanners.
In the age of Snowden and Wikileaks, these regulations pose a cyber security risk. It gives a window of opportunity for anybody targeting data in the devices to get access to the checked-in devices, usually a laptop. The checked-in laptops of persons of interests will either be cloned, or disappear altogether. A federal agent will mark the luggage of the person of interest, and along the several luggage transfer chain, locate it and remove the laptop and clone the hard disk getting away with a wealth of data. This process can be done by either physically removing the hard disk, using a live CD like Tails[3] to copy the contents of the laptop, or just crack the user account and gaining access to the laptop. This may sound far fetched, but federal agents have been known to go to great lengths to access information they deem necessary in their work.
Airlines have started being creative to help their clients experience the same convenience they are used to. For example, Emirates Airlines has introduced two services to it’s clients[4], a laptop handling service that lets clients use their devices until before boarding, and complimentary laptops for business and first class customers, where the customers are given Microsoft Surface 3 tablets to work onboard. Although this does not remove the security concerns mentioned above, it gives those who can afford a window to be productive while flying.
How do you secure your data while traveling?
The Electronic Frontier Foundation[5], an international non-profit digital rights group based in San Francisco, California, gives some suggestions on traveling with data, especially after the U.S. government reported an increase in the number of electronic media searches at the US border.
- Store all sensitive data on a secure cloud offering like Dropbox or SpiderOak, or better still on a private hosted server.
- Use a Chromebook as your travel laptop, which by default store all data on the cloud
- If you must travel with your data, have two hard drives which you swap on convenience. One with a clean operating system install without any data, and another with the operating system and data, but only swapped when the laptop is in use.
- Always use full strong disk encryption for all your data.
The next debate on information confidentiality is usually centered around the question, “Why should I care if I have nothing to hide?” The next article will try to answer that question. Do you have anything to hide?
Sources:
[1] Mideast Airlines Face Laptop Bans on Flights to U.S., Britain https://www.bloomberg.com/news/articles/2017-03-21/mideast-airlines-say-new-u-s-restrictions-will-force-changes
[2] Fact Sheet: Aviation Security Enhancements for Select Last Point of Departure Airports with Commercial Flights to the United States
https://www.dhs.gov/news/2017/03/21/fact-sheet-aviation-security-enhancements-select-last-point-departure-airports
[3] Privacy for anyone anywhere https://tails.boum.org/
[4] Emirates introduces tablet loan service to US-bound First and Business Class customers https://www.emirates.com/media-centre/emirates-introduces-tablet-loan-service-to-us-bound-first-and-business-class-customers
[5] Strong Full-Disk Storage Encryption https://www.eff.org/wp/digital-privacy-us-border-2017#full-disk