Traveler security

I found the article Traveling Light in a Time of Digital Thievery, published in the New York Times, very interesting.

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "the Chinese are very good at installing key-logging software on your laptop."

This proves that passwords are not the most secure way to protect your computer. Don't get me wrong, I still think that a password is fairly good protection against access to your account, as long as your password is a good password. Having a two-factor authentication will also help a lot to protect your account, as long as the physical access to your computer is protected.

When you travel in a hostile country there is not much you can do against the resources of the local national security agency. It is very hard to protect your computer from Van Eck phreaking, and to explain to your hotel housekeeping why you are covering your bedroom with aluminum foil to block electric radiations. When you are going to meetings in a company you cannot avoid being in a conference rooms with the walls covered with antennas. The only real solution to protect yourself is to leave your laptop at home.

When you are a traveling on business the laptop is your work tool. It is not always possible to leave without it. In this case my advice would be to use a temporary computer. Before you leave for your trip you only get the files you absolutely need. For your email, you should setup a temporary email address on a site like yahoo or Google. Once you are done with your trip you give back your temporary computer to your IT department and make sure that they will wipe it before it is used again.

Comments !