International Business and Laptop Security

On more then one occasion individuals entering the United States have been stopped and the content of their laptops or other electronic devices has been inspected. Not only inspected, but on multiple occasions had their laptops confiscated. Their files, email, and pictures searched for any contraband. While this may shock some or enrage your sense of civil liberties the courts have upheld these searches in the name of securing our borders. While I do have strong feelings about this I took my thoughts past my opinions and thought about my travels for work.

What is the impact going to be later this year when I travel outside our borders? Will my laptop be confiscated? Will I be forced to give the government my passwords and encryption pass-phrases? Are they going to throw me in jail if I insist on being present when they examine my laptop? What safeguards are they using to ensure that the information contained on my laptop are secure?

I examined the current laws and was shocked to find out that not
only are these searches perfectly legal but Congress and the courts support them.
I was able to find out that a bill was recently introduced in the House of Representatives
that is supposed to protect citizens against unreasonable electronics searches at
the borders (Border Security Search Accountability Act of 2008). This bill itself
has not been signed into law yet but it does not protect individuals or companies
from having their confidential files examined.

The bill does not require the Department of Homeland Security to
store your information securely. It does call for later assessments of these
searches by other bodies of Homeland Security. The information does require
that a company or individual be notified if their information is copied, shared, or
entered into a database. The individual will also get a receipt for their laptop
or electronic device.

As a law-abiding citizen this is an inconvenience. As a corporation
this is yet another vector for data loss. This is one form of data loss that
can’t be taken care of by simply implementing full disk encryption (the bill stipulates
the information will be decrypted). So what do we do for our employees that
are traveling abroad?

The safest way for a corporation to deal with a laptop
being confiscated at the border is to be prepared. Be aware that your employees
could have their laptop confiscated. Understand what exposure you could face
if the laptop was lost while in the governments control (malicious or accidental).

The best way to prepare is to:

1. Define policies that prohibit the storage of sensitive information
on employee laptops. The utilization of secure network shares and remote access
technologies is more than enough to protect information while providing remote workers
access.

2. Identify procedures for identifying sensitive information on
employee’s laptops. This can be done via tools like Symantec’s Vontu or through
scripted regular expression searches.The last way is manual inspection of laptops
prior to an employee going on a trip abroad.

3. Educate employees that if their laptop is confiscated that they
report it immediately so that any remote access or privileges that user may have can
be revoked.

4. Insure that the employee gets some written form or receipt for
the property so that your corporate legal department can retrieve your property.

Once a laptop is returned it must be inspected manually for sensitive
information and documents. One of the disturbing ideas found within the documentation
is that the information may be stored or shared. Identifying what may have been
copied or shared is vital to protecting your company.

Click here for more information on the Border
Security Search Accountability Act of 2008