The speakers now get to some technical and legal aspects of dealing with the password issue and data encryption when crossing the border, and provide tips applicable to the situation where you stick to the tactic of actually not knowing or refusing to turn over the password during your trip.
I wanted to talk really quickly about password strength for full disk encryption. I think it’s a topic that a lot of people are probably already familiar with. You may know that EFF built a machine to crack the Data Encryption Standard back around 1998. So our non-profit organization was able to crack 56-bit keys in 1998. These passwords here are all about 56 bits or entropy, so it’s very likely that the government can crack them if it’s so inclined.
In fact, there are rainbow tables for password cracking. And depending on how your disk crypto implements key derivation, it’s likely that you may not be able to remember a long enough random string to get outside of the rainbow tables that have been published.
The government may have better cracking capability than you, and so there are a lot of ideas for ways to choose a good passphrase, there are lots of resources on this. There’s a technique called Diceware from Arnold Reinhold – it’s basically a technique for choosing random words. If you actually do the calculation – there was a great xkcd panel about this sometime last year – you can see that choosing a small number of random words can give you as much entropy in your passwords as choosing some unpronounceable string. So here’s an unpronounceable string that’s very hard to remember (see image to the upper right), and if you had just a few really random words you could actually reach a similar entropy level, and you might actually remember them.
Okay, if you think random.choice () in Python chooses good random numbers, you can choose random words out of a dictionary, find out how many bits are in your passphrase.
I think passphrase strength is something that people are becoming fairly familiar with, but it’s a good thing to keep an eye on. Of course there are systems that are using key derivation, or key stretching, like PBKDF2, where they’ll do some expensive thing to derive the actual crypto key from your passphrase, and that makes brute-force attacks a lot harder. My advice is if you don’t know how your disk encryption system uses key derivation, then you should cheat it as if it doesn’t, and make sure that you use an adequately strong passphrase to resist brute-force attacks.
I think I’m gonna hand it over to Marcia to talk a little bit about the question of: if you have this great passphrase that you remember and you know it, and you’re coming across the border, and they say: “So, would you mind unlocking your disk for us?” – what will happen then?
Marcia Hofmann speaking: Okay, we get this question a lot, and this is something that I think deserves a little bit of time. In the United States we have a constitutional amendment called the Fifth Amendment, and among other things, it says that you can’t be forced to be a witness against yourself. The origin of this constitutional right is the days when the authorities would torture people to turn over information about themselves. And this is basically intended to ensure that if the government is going to prosecute you for something, the evidence that they get is not something that they force you to reveal to them, that only you know – but rather evidence that they collect in the course of their investigation. So basically, they can’t make you give them the information that they are going to use to go after you.
So this is the rule in the United States, and in order for you to have this protection, three things need to be present. First of all, the government has to compel you to give testimonial evidence against yourself, and when I say ‘testimonial’ what I mean is it needs to be something that’s in your mind. They have to be forcing you to turn over something that you know, that isn’t memorialized anywhere and that isn’t physical evidence. And the last thing is it would have to tend to incriminate you, and when I say ‘incriminate’ what I mean is not something that shows evidence of your guilt, but something that they might use to bring a prosecution against you. It doesn’t need to be direct evidence itself, it could be something that’s just a link in the chain that would tend to incriminate you.
So if you have a situation where there is something on your computer that might tend to incriminate you, you may very well have a valid Fifth Amendment right not to turn over that information. It is very important to know that this is not the case in all countries, and there are several countries, in fact, that have key disclosure laws, where the government can force people under certain circumstances to decrypt data or to turn over encryption passphrases. Some of these laws are in, for example, the United Kingdom, the Netherlands has one, France has one, Australia, Canada, Finland, Belgium. And so, if you are taking encrypted data somewhere and you know your encryption passphrase, it’s important to know whether or not a country has such a law.
I also understand that Russia and China require people bringing encrypted data into those countries to seek permission of the government to do so. So I think it’s also important to consider whether or not you are going to a country that has a law like that.
So even if you have a valid right not to turn over information, you should be aware that refusing to provide that information could still have adverse consequences for you. For example, it may lead a border agent to conclude that you’re difficult, and it could lead to questioning or even in a very extreme case refusal of admission. So it’s important to think before your trip about how you would deal with requests to decrypt information. And, again, I mentioned before that we think an IT policy could be helpful in certain situations, and this is one of them.
You could have a policy where your employees actually don’t know their encryption passwords while they’re traveling, and they only learn them upon reaching the destination. So I think that puts them in a much better feeling position if they are being asked to turn over an encryption password, because they can simply say: “Listen, I honestly don’t know it.” You’re not lying, and there’s nothing you can do, and I think that in some circumstances that might be a pretty decent solution.
Okay, I’m gonna turn it back over to Seth.
Seth Schoen speaking: The idea of not knowing your password, I think, is a very interesting one. It’s one that I’ve been thinking about a lot. I should say it’s not clear yet how readily border agents will believe you if you tell them the truth that you don’t know the password to your own computer. They are probably much more accustomed to people actually knowing their own password, because that’s certainly the common case. So there is this question of whether they believe you, but certainly in terms of the ability to truthfully refuse to cooperate because you are simply unable to give them the information that they want. It seems like a potentially powerful tactic.
So if you don’t have an IT department doing this for you, you know, one way you can do it for yourself is to change your disk passphrase to something that you can’t remember because it’s a random thing that’s not memorable to you, and send that in some other way. And there are lots of choices about what that other way could be: encrypted email, giving it to someone else who is traveling separately – lots of possibilities.