How to make sure you can give away your passwords to the DHS agents and still protect your personal and company data

1. The Trump Era

2. Who am I?
● Chief System Architect of
● I teach Network Security and Linux System
Administration

3. ● Slashdot 08.Feb.2017
US Visitors May Have to Hand
Over Social Media
Passwords: DHS
● Slashdot 12.Feb.2017
US-Born NASA Scientist
Detained At The Border Until
He Unlocked His Phone

4. ● Slashdot 18.May.2017
US and EU Reject Expanding
Laptop Ban To Flights From
Europe

5. ● Slashdot 18.May.2017
US and EU Reject Expanding
Laptop Ban To Flights From
Europe
● What does this actually
mean?

6. ● Now a simple trip to the US becomes threat to
your personal life and company data
● You do not have rights under the US law,
because technically you haven't entered the US
● The DHS agents may decide to copy all your
data, without notifying you.

7. ● By giving away your passwords to the DHS you
may violate the contract with your company and
immediately become liable under the laws of
your own country
● EU privacy laws state that customer data, such
as names, addresses, IDs and so on, should be
stored only on EU soil. If for whatever strange
reason you had left any such data on machine
that is searched by the DHS, you and your
company are liable under EU privacy laws
– EU GDPR

8. ● Why would you unlock your laptop/phone
– you may be detained until you provide your
passwords
– you will miss all your appointments
– you will lose the money for this whole trip
– you will lose potential customers
– miss conference or training

9. ● So what can YOU do?
– encrypt the data on your computer
● cripple on purpose your encrypted storage
● leave the beginning of your encrypted
storage at home or at any other third party,
that you can relay on
● make sure there is NO WAY for YOU to
recover the encrypted data, without that
part, that is NOT with you

10. ● Why would you leave most of your data on the
laptop and only cripple the encrypted storage?
– Internet in the US is actually BAD... VERY BAD
– Downloading 10-15GB of data may not even finish
for one night :(
– leaving most of your data on your PC means faster
restore time

11. ● What to encrypt
– all private data
– browser profile
– emails and email profiles
– all downloads
– all instant messaging logs
– settings of your applications

12. ● If you have a VPN, keep its keys in the
encrypted storage, so DHS would not have
access to them
● It is also a good idea to disable your VPN
keys/accounts while you are traveling to/from
the US.
– setup a simple and effective way to enable your
VPN once you have passed the border control

13. ● Keep all your passwords and keys encrypted
– make sure you can not retrieve them without a third
person that is NOT in the US right now
– this way you will NOT lie to a polygraph test and
you may hope for faster entry in the US

14. Phone
● Wipe your phone before boarding the flight to
the US
● Remove all facebook/google/slack/twitter and
etc. accounts
● Move all your private data to encrypted SD card
and remove it from your phone before boarding
the flight
– I'm sorry iPhone users... for you, you can backup
everything to the iCloud
● Once you are at the hotel, recover your phone
from your PC

15. What am I doing
● eCryptfs
● LUKS over a loop device
● Keep all passwords, including the one for the
eCryptfs on the LUKS
● Cripple the LUKS
● My wife has the important 5MB from the image
and she will tell me where she uploaded them
once I enter the US

16. Thank you!