Going to the Beijing Olympics? Leave your gadgets at home or take steps to protect your privacy!

Brian Krebs, digital security reporter Washington Post, advises Popular Mechanics readers to leave their electronic gadgets at home - along with any expectation of privacy. But what if you need to take a notebook with you, and you need to stay in touch with others?
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Brian Krebs, digital security reporter Washington Post, advises Popular Mechanics readers to leave their electronic gadgets at home - along with any expectation of privacy.

Next week, travelers from all over the world will flood into China to see the world’s best athletes compete at the Beijing Olympics. Among those in attendance will be the press corps, powerful corporate executives and heads of state, including President Bush. Many of these people can’t afford to be disconnected from their jobs while at the games, but they may want to consider leaving their computers, smartphones and other gadgets at home—along with any expectations of privacy during their stay.

The piece is packed with sound advice:

  • "Personal electronic equipment carried abroad is vulnerable to installations of malicious software that can steal or manipulate data well after the traveler returns," the advisory warned.
  • "The use of cell phones, laptops, and PDAs in foreign countries exposes these devices to unauthorized access and theft of data by criminal or foreign government elements."
  • Travelers should assume they cannot protect electronically stored data and should not transmit sensitive government, personal, or proprietary information on the Internet or through telecommunications equipment."
  • The U.S. State Department has not issued a cyber-specific travel advisory for those headed to the Olympics, but it warns globe-trotters that foreign governments often place visitors under surveillance, and that hotel rooms, telephones, computers and other possessions may be searched without the consent or knowledge of the traveler.

The bottom line: If you don't need it, don't take it! But what if you need to take a notebook with you, and you need to stay in touch with others?

My security strategy goes something like this:

  • Forget untrusted systems. Assume that all communications are being monitored and take precautions against snooping.
  • Come up with one really strong passphrase that will used to secure data. This passphrases would exist in one place and one place only - my head.
  • Use this passphrase to protect any other passwords/passphrases you might need in a Password Safe file.
  • If I needed to take a cellphone, it would either be a new, clean one or I'd backup and then wipe my existing cellphone. If I needed the data I'd encrypt it (using TrueCrypt, storing the passphrase in Password Safe).
  • Any other data I'd need for the trip would be
  • My notebook would be wiped and I'd carry out a bare installation. Then, using TrueCrypt I'd create a hidden OS. All passwords/passphrases would be stored in Password Safe (although I'd still need to remember these to be able to access the hidden OS).
  • Into that secure OS I would install the following: - TrueCrypt (to allow me to encrypt/decrypt data) - Password Safe application - but NOT THE file containing the data - A secure wipe tool such as Eraser - A secure browser that can clean up after itself (such as Firefox) - A good strong antivirus package that is equipped with rootkit detection
  • Now I'd set up two disposable GMail accounts. One would be a receive account and I'd store the login data for this email account with Firefox in the hidden OS. I'd also set up this GMail account so that all connections were done over HTTPS. The second GMail account would be a secure drop off for any data I wanted to take out the country. Apart from the email address, no other info relating to this account would be taken with me.
  • Before I went on my trip I would give encrypted copies of all the data that I'd need while on the trip (the Password Safe file, cellphone backup, contacts, any other work I'd need) to a trusted friend or colleague (you can build redundancy into the system if you want by having more than one trusted person) along with the GMail email address that I'd set up. I'd leave them with instructions to send me the files when I asked for them.
  • Once in country, I'd request the encrypted data from my trusted friend or colleague.
  • While in country I'd be careful with the data I had, cleaning up after myself regularly. Any data that I was working with would be encrypted, and anything I was done with but wanted to keep would be sent to the drop off GMail account. I'd regularly purge the working GMail account.
  • Anything sensitive MUST be done over encrypted channels. No exceptions!
  • Before heading home I'd use Eraser to securely wipe any remnants of important data, as well as doing a free space wipe. If I was feeling really paranoid I'd make a Boot and Nuke disc and nuke the entire notebook. I'd also remember to wipe my cellphone, digital camera and anything else I'd taken (any data I'd want would be encrypted and sent to the drop off GMail address.
  • Once back home I'd wipe everything and recover from a backup. I'd also retrieve any data from the drop off GMail account and then close both GMail accounts.

Thoughts? Ideas? Further suggestions?

Editorial standards