With laptops banned onboard aircraft, your data is no longer yours if you fly

Government agent compromising vulnerable electronics

New US regulations ban laptops on board some aircraft, requiring laptops to be in checked luggage. One of the first things you learn in information security is that if an adversary has had physical access to your computer, then it is not your computer anymore. This effectively means that the US three-letter agencies are taking themselves the right to compromise any computer from any traveler on these flights.

According to the United States Ministry of Peace Department of Homeland Security, which bills the ban as a “change to carry-on items” that affect “ten out of the more than 250 airports that serve the United States internationally”, there is a “security enhancement” because explosives can now be built into “consumer items”, and therefore laptops must now be banned from carry-on luggage and instead checked in.

When looking at this justification, the DHS notably fails to describe how it would be any safer flying with such alleged explosives in checked luggage rather than carry-on luggage onboard the same aircraft. In other words, the justification is utter nonsense, and so, there must be a different reason they issue this edict that they’re not writing about.

“The aviation security enhancements will include requiring that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.”

When Microsoft (finally) trained every single one of their employees in security in the big so-called “security push” around the turn of the century, there were about a dozen insights that they really hammered home, again and again. One of the most important ones related to this was the simple insight of “if an adversary has had physical access to your computer, then it’s not your computer anymore”.

After all, if somebody has had physical access to the machine itself, then they will have been able to do everything from installing hardware keyloggers to booting the machine from USB and possibly get root access to some part of the filesystem – even on a fully encrypted GNU/Linux system, there is a small bootstrap portion that is unencrypted, and which can be compromised with assorted malware if somebody has physical access. They could conceivably even have replaced the entire processor or motherboard with hostile versions.

This is a much more probable reason for requiring all exploitable electronics to be outside of passengers’ field of view.

Remember that both the NSA and the CIA have a history of routinely pwning devices, even from the factory, or intercepting them while being shipped from the factory. (There was one incident where this was revealed last year, after the courier’s package tracking page showed how a new keyboard shipped to a Tor developer had taken a detour around the entire country, with a remarkable two-day stop – marked “delivered” – at a known NSA infiltration facility.)

Now imagine that the laptops and other large computing devices of these travelers — remember that the Tor developer in question was an American citizen! — that these devices will be required to be surrendered to the TSA, the CIA, the NSA, the TLA, and the WTF for several hours while inflight. It’s just not your device anymore when you get it back from the aircraft’s luggage hold – if it was ever there.

If your laptop has been checked in and has been in the TSA’s control, it can no longer be considered your laptop. Any further login to the compromised laptop will compromise your encrypted data, too.

The choice of the ten particular airports is also interesting. It’s the key airports of Dubai, Turkey, Egypt, Saudi Arabia, Kuwait… all predominantly Muslim countries. Some have pointed this out as racial profiling, but there are signs it may be something else entirely and more worrying.

For example, the Intercept presents the measure as a “muslim laptop ban”. The might or might not be an accurate framing, but the worrying part is that this is a best case scenario. More likely, it is a so-called “political test balloon” to check for how much protesting erupts, and to put it bluntly, if they get away with it. If they do, then this can be a precursor to a much wider ban on in-flight laptops – or, as you would more correctly have it, a much wider access for three-letter agencies to people’s laptops and data.

Syndicated Article
This article was previously posted at Private Internet Access.

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Leave a Reply to Anonymous Cancel Reply

Your email address will not be published.

Since I'm not a robot spammer I'm also answering this easy question:

Discussion

  1. David Robert Davidson

    Thank you for sharing this article with us today sir. Truly informative. I learned allot in terms of when the next time I fly, commercially, and how government does business in the name of Homeland Security. Best wishes….

  2. Colin

    The ban on anything larger than a mobile phone on certain airlines flying to the US (and their lapdog, Britain) seems to be an American commercial dig at carriers including Emirates, Etihad and Qatar Airlines who Delta, American and United Airlines allege, are subsidised by their governments.
    Is it working in that sense? Maybe, Certainly Emirates has just announced that it is reducing capacity on some of its routes to the USA.
    That said, yes of course it is yet another opportunity for the securocrats to get their grubby little fingers on your data. Maybe the answer is to encrypt all the data on your laptop, then store it in the cloud, or email it to a contact already in the USA/UK, and finally do a secure delete of your hard disc. Better still, remove the old drive, and put a new one. with just an operating system and a few harmless files, in your laptop before you travel.

  3. Anonymous

    I see, as pc computer operator, that a great number of organisations are free to access to our computers anyway!
    example, because it is so important install dropbox software? why?
    ..this only an example, we can see in all situations that all websites, all the organisations which we can find online wants to catch all thay can have. more than necessary, many more!

arrow