Tag Archives: travel

Personal International Infosec

This year I have a small number of international speaking engagements, and I just returned from the first of those in 2017…which means it was the first since the recent spat of increased DHS and Customs enforcement. It was also my first trip to a Muslim-majority country, and while not one on the magic list, it still made me consider my re-entry into the US and the possible attention therein. These things combined to make me far more attentive to and aware of my personal information security (infosec) than every before. This post will be an attempt to catalog the choices I made and the process I used, as well as details of what actual technological precautions I took prior to leaving and when actively crossing the border.

This trip was to the SLA Arabian Gulf Library Conference, held this year in Manama, Bahrain, where I was on a panel discussing future tech. This means flying internationally through a major city, which for me meant flights from Nashville to JFK to Doha International Airport in Qatar, then finally to Manama, Bahrain. The return was was the same, with the exception of flying back into the US via O’Hare in Chicago rather than JFK. This meant crossing into at least 2 foreign countries physically on each leg of the trip, although in Qatar I remained in the international section of the airport and didn’t go through customs and enter the country proper. Still, there were LOTS of checkpoints, which meant lots of potential checks of my luggage and technology.

Threat Model

What was my concern, and why was I thinking so hard about this prior to the trip? After all, I’m a law-abiding US citizen, and as the saying goes, if you’ve nothing to hide, why worry? First off, the “if you’ve nothing to hide” argument is dismissible, especially given the last 6 weeks of evidence of harassment and aggression at the US border. I am a citizen of the US, but I have also been very outspoken online regarding my feelings for the actions of the current administration. On top of that, information security isn’t just about the individual…it’s about everyone I’ve exchanged email with, texted, messaged on Facebook, sent a Twitter DM, and the like….the total extent of my communications and connections could, if dumped to DHS computers, theoretically harm someone that isn’t me, and that was not ok in my book. A primary goal was to prevent any data about my communications or contacts from being obtained by DHS.

DHS and Border Control has very, very broad powers when it comes to searching electronic devices at the border. I was not certain of the power granted to Border Agents in Qatar and Bahrain, but my working assumption was they had at least the powers that the US Agents did. I also assumed that the US agents would probably have better technological tools for intrusion, so if I could protect my data against that threat, I was safe for the other locations as well.

A secondary goal in my particular model was to attempt to limit the possibility for delay in my travels. If I could comply with requests up to a certain point without breaking my primary goal of data protection, that would likely result in less delay. When considering these levels of access, I thought about questions like: could I power on my devices without any data leakage? Could I unlock my devices if requested and allow the Agent to handle my phone, for instance, without risking data leakage? Could I answer questions about my device and the apps on it (or other apps in question, for instance social media accounts such as Facebook or Twitter) honestly without risking data leakage?

With all of that in mind, here’s how I secured my technology for border crossing. Your mileage may vary, as your threat model may be very different, and the manner in which you choose to answer the various questions above may be different. If everything had gone south and my devices were impounded, I’d be writing a very different post (and contacting the EFF). But for this particular trip, this is my story.

What to Take

First off, I decided quickly that I wasn’t going to travel with my MacBook Pro. I was lucky enough that I didn’t need it for this trip, because there wasn’t any work that I would be doing on the road that necessitated a general purpose computer. I had work to do, but it all involved writing…some email, some writing text for a project, some viewing of spreadsheets and analysis of them. Simple and straightforward things that luckily could easily be done with a tablet and a decent keyboard. I already had an iPad with the Apple keyboard case, which made for an easily-carried and totally capable computing device for the trip. I could load some movies and music on it, fire up a text editor, answer email, and generally communicate without issue. It’s also iOS based, which makes it enormously more secure than Mac OS from first principles.

Since both my main computing device and my phone ran the same OS, I was able to also double-up any planning and efforts in security, as any decision I made could be equally applied to both devices. This turned out to be very, very convenient, and saved me time and effort.

The first thing that I did was backup the both the iPad and iPhone to a local computer here at my house (not iCloud) and ensure that those backups were successful. I stored those backups on my home network to ensure their safety…if anything went wrong later, these would be my “clean” images that I could revert to upon returning home. Then I used Apple Configurator 2 to “pair lock” my devices to my laptop, which would remain at home.

Pair Locking

This process was best described back in 2014 by security researcher Jonathan Zdziarski. While his instructions are fairly out of date, the general idea is still there and still works in iOS 10 and Apple Configurator 2. Basically, pair-locking an iOS device is a method by which the device is flashed with a cryptographic security certificate that prevents it from allowing a connection to any computer that doesn’t have the other half of the cryptographic pair on it. This means that once locked to my laptop (which, again, wasn’t in my possession and was still at my home), my iPhone and iPad would simply refuse to connect to any other computer in the world…whether that was someone that stole it from me and and attempted to reflash it using iTunes on their computer, or whether that is a diagnostic device being used by law enforcement.

This process is designed with the concept of using it for enterprise installation of iOS devices that need high security procedures to prevent employees from being able to connect their home computer to their work phone and retrieve any information. But it works very well for the purposes of preventing any possible attacker from accessing the phone’s memory directly through it’s lightning port. This processes ensures that even if the phone is unlocked and taken from my possession, DHS or other attacker cannot dump the memory directly or examine it using typical forensic information gathering devices.

Password Manager

Once both devices were pair-locked, I was left with two freshly installed iOS devices that I needed to reload with apps and content that would be useful for me. After loading a set of games and apps that would allow me to pass the time and still get some work done, as well as media I might want to consume on the road, I loaded my password manager (I use and am very happy with 1Password) and created a very, very long and complicated vault password that there was no possibility I could remember. I recorded that password on paper (left at home in a fireproof safe) and gave it to a trusted person that had instructions not to give the password to me until I had cleared the border and only over a secured channel.

I then changed the 1Password vault password to be that password plus a phrase that I knew and could remember (a sort of salt). 1Password was set up to allow me to login with TouchID, so I could still operate normally (logging into services and such) until such a time as that TouchID credential was revoked. Once revoked, I would be completely locked out of my passwords, with no ability to access them, until through a pre-arranged time and secure channel I got the vault password from either of the mentioned trusted sources. Those trusted sources, meanwhile, couldn’t access my password vault either, since the salt was resident only in my head.

It may be obvious, but I also ensured that everything in my life that was accessed with a password had a very strong one that was held by 1Password, and that I didn’t know and couldn’t memorize even if I tried. My bank, social media, dropbox…everything that could get a password, had a very, very secure one. Any service that supported 2-factor authentication had said 2 factor turned on, with the second factor set to an authentication app that supports a PIN (or, in the case of Very Important Accounts, a physical Yubikey that was left in TN as well). This is security 101, and not directly related to my border crossing…but if you don’t have the basics covered, nothing else really matters.

Sanitization

I made sure that iOS had most iCloud sync services off….no contact syncing, no calendar syncing, really the only thing I left syncing was my photo gallery. I did not install any social media apps (no Facebook app, no Twitter app, etc) and only logged in and out on the websites in question. The browser on both devices was set to not remember passwords, and I clear cache and history regularly when traveling. As far as I could, I eliminated anything that stored conversations or messages between myself and others…no Facebook Messenger app, etc. I deleted my email app, and didn’t enter my account information for email into the standard iOS mail app.

This was, keep in mind, just for the transit period. Once in country and across borders, I could use a VPN to connect to the ‘net and download any apps needed, log into them after retrieving the password from one of the trusted sources, and effectively use both devices normally (with basic security measures in place all the time, of course).

Crossing Borders

At this point, I had a device that couldn’t be memory dumped, that had very little personal information on it, and even less information about my contacts on it. It mostly acted normally for me, because 1Password handled all of my logins and I used TouchID during daily usage…right up until I needed to cross a border. Before I did so, I deleted my TouchID credentials via Settings (by deleting the fingerprint credential), and powered-cycled my phone. Those two actions did several things all at once:

The first was that it prevented me from being able to know or retrieve any passwords for anything in my life. That’s a pretty scary situation, but I knew it was fixable in the future (this wasn’t a permanent state). It also meant that if I were asked to unlock my phone, I could do so pretty much without anything of interest being capable of access. Without the ability to dump the phone forensically, officers could ask me for passwords for accounts and I could truthfully say that I had no way of telling them, because the password manager knew them all and I didn’t. And I couldn’t give them the password vault login because I literally didn’t know it.

The idea with all of this was to create a boundary of information access beyond which, if DHS wanted to try and access, they would need to impound the phone and potentially subpoena the information from me with a warrant. My guess (which turned out to be correct) was that they would ask to have it powered on, and maybe they would ask to see it unlocked, but that would be it. If they pried further, well…I was prepared to tell them truthfully that I didn’t know, that I couldn’t know. And I would call a lawyer if detained, and proceed from there.

The worst case scenario for me was minimal delay and discomfort. I am enormously privileged in my position to be able to think about this sort of passive resistance without actual fear for bodily harm or other forms of retribution. For me, the likely worst case, even if things had escalated to asking for social media passwords, would have been the confiscation of my devices and my being detained for a time. This is assuredly not the worst case for many, and it is extraordinarily important that each person judge their own risks when deciding on security practices.

For some, it is far better to simply not carry anything. Or to carry a completely blank device. Or purchase an inexpensive device when you arrive in the country of your destination. For me, I had the ability to prepare and be ready for resistance if needed. Your mileage may, and should, vary.

Conclusion

The results of all this thought and effort? Nothing at all. Not a single bit of attention was paid to me at the various border crossings, by either US or foreign agents. On the leg of my flight leaving Qatar, I went through no fewer than 4 security checkpoints from the time I landed until getting onto the plane taking me to O’Hare, and at each one there was a baggage scanner and metal detector, agents pulling people out of line for additional screening, and the like. When I finally got to my gate, it had its own private security apparatus,  again with metal detector and baggage X-ray. At this security checkpoint, I was randomly selected for additional screening, but the agent in question (a Qatar security agent) was incredibly professional, thorough, and neither invasive nor abusive. I got a pat down (much less severe than those I’ve been given at US airports), and they asked to look inside my carryon…they even asked me to power on my iPhone and iPad. But they didn’t ask to unlock them, and they didn’t ask for passwords of any type.

When entering into the US at O’Hare, the plane was greeted by DHS agents at the gate, who asked to check passports upon exiting the plane. The agent I was greeted by barely had time to glance at my US Passport before waving me through…again, the privilege of my appearance and nationality was evidenced by the fact that several of my fellow passengers were not waved through so easily. The last thing I heard as I walked up the jetway towards Customs was a DHS Agent saying to the robed gentleman behind me “So you don’t speak very much English, huh….”

The current state of our country cannot stand. We are a nation of immigrants many peoples1, and a nation that believes in the privacy of our affairs and effects. This concern I had for my own and my friends’ information shouldn’t have been necessary. We should be able to be secure in our possessions, even and especially when those possessions are information about ourselves and our relationships to others. I do not want to be in a position where I have to threat model crossing the border of my own country. And yet, here we are.

I’d love any thoughts about the process described above, especially from security types or lawyers. Any holes or issues, any thoughts about what was useless, anything at all would be great to hear. I hope, as I so often hope these days, that all of this information never becomes applicable to you and that you never need to use it. But if you do, I hope this helped in some way.

I was called out on Twitter for my use of “immigrant” as an inclusive term for people in the US, when, of course, many US citizens ancestry is far more complicated and difficult than “they chose to come here”. It was written in haste and while it works for the emotion I was attempting to convey, it definitely undercuts the violent and difficult history of many people in the US. I’ve edited the text to reflect the meaning more clearly and left the original to indicate my change.

Concerns & Travels

It has been quite a couple of months since my last post, and I suppose the best I can say right now is that my fears that were outlined in Stand, Fight, Resist have only amplified. Fascism is no longer a theoretical threat, it is real and it is working systematically to tear down the checks and balances of our republic, from an open and free press to judicial oversight of legislative and executive overreach. In the midst of all of this, I have never been prouder to be a librarian, to watch the profession react (sometimes poorly, but react all the same) to these political times. I’ve been doing what I can as a citizen to communicate to my elected representatives how important their choices are, and what they might mean for our collective future. I’m also looking for opportunities to write and present on privacy and information security for libraries and librarians, trying to help where my particular set of knowledge and skills may.

As a librarian and technologist, I’m doing several thing over the next few months that I wanted to mention here…if you are attending any of these events, please let me know!

February 24-26th – MisInfoCon, Cambridge, MA – http://www.misinfocon.com

I’m incredibly excited to be a part of this event, which is being hosted by the MIT Media Lab and the Neiman Foundation for Journalism. From their website:

MisinfoCon is a community of people focused on the challenge of misinformation and what can be done to address it. The gathering seeks to strengthen the trustworthiness of information across the entire news ecosystem: journalism, platform, community, verification, fact checking and reader experience.

Bringing together participants from different backgrounds to lead discussions and develop and test product prototypes, our goal is to connect leaders and develop actionable steps on how the various sectors can work together.

This is obviously somewhere where I think librarians have enormous knowledge and potential to make a difference. I often find that, unfortunately, journalists and policy makers don’t think about librarians in this capacity, but I’ll be there flying the librarian flag high. I hope others are there to help me in that quest.

March 5-10th – Special Libraries Association, Arabian Gulf Chapter Conference, Manama, Bahrain
http://slaagc.com/

I am very excited about the opportunity to meet and speak with librarians from the Middle East, as it is a part of the world where I have very little personal knowledge of their challenges and opportunities. At the same time, the last couple of weeks have made me extremely cautious of international travel…especially to a Muslim-majority country. Not because I am concerned about my safety there, or that I have worries about Islam, but because of the recent actions of my own country relating to re-entry into the United States. Reports of highly-improper questioning, requests for social media information (including passwords), and seemingly arbitrary delays and overly-aggressive confrontations with DHS officers have all made me carefully consider what I am comfortable with on those fronts. And I’m a white male American, cis-presenting and everything…I am, as Scalzi pointed out, playing this game on easy mode. I cannot imagine the difficulties and considerations that must go into this sort of travel if I were not.

June 10-15th – Next Library 2017, Aarhus, Denmark
http://www.nextlibrary.net

I will be participating in the Next Library conference, as a part of a panel on Smart Libraries. It will be the European debut of Measure the Future, and I am very excited to be a part of it. I’ve spent most of the last 2 years thinking about and working on the development of sensor-based metrics that give librarians much better ideas of usage and attention in their spaces. I can’t wait to meet and learn from the amazing librarians in Aarhus.

There are a couple of open possibilities in April and May, but those aren’t quite nailed down yet, including maybe a couple of online “Personal Information Security” classes that I’m hoping to offer very soon. If you’re interested in that, watch this space.

Fall 2016 Speaking & Travel

After spending much of 2015-2016 spread between home here in Sewanee and my residency as a Fellow at Harvard, this summer has been a much-needed break from work travel. That break is just about over, however, and I’ll be doing a few trips in the Fall that I thought might be of interest to some. If you’re going to be around at any of these, please say hello!

If you are someone who is currently looking for a speaker for an event or conference in 2017, now would be the time to take a look and see if I might be a good fit for your needs. I love speaking to groups about the future of libraries and information, innovation and how your organization can become more flexible and responsive, privacy and information security, and a lots of other topics. Please feel free to contact me and let’s see if I’m a good fit for your group.

August 2016

The most exciting trip this Fall is undoubtedly going to be doing the Opening Keynote at the 3rd International Congress for Information Management (Congreso International GID) in Cali, Colombia. It’s a rare opportunity to meet and learn from international librarians from all over Latin America, and I’m so very excited that I have the opportunity to work with Los Profesionales en Gestión de la Información y la Documentación de América Latina to make it happen.

September 2016

I’ll be traveling a lot in September for Measure the Future, working to make sure that our first three installations are going well and answering the questions that people want answered. And I can’t say much more than that until I get to that point, but keep your fingers crossed for us.

October 2016

For the first time in a few years, I’m attending Internet Librarian! It’s the 25th anniversary of the conference, and early in my career it was really important to me. IL helped me in so many ways, from getting early presentations under my belt to meeting people that would turn out to be lifelong friends and vital colleagues and collaborators. I’m doing two different presentations there: one on Blockchain and what it might mean for digital information, and the other on Measure the Future and what room-use analytics can do to improve your services to your patrons.

November & December 2016

If everything goes according to plan, these will be the months where Measure the Future is being evaluated and polished for launch at ALA Midwinter 2017, because oddly I don’t have any speaking engagements for these months yet. If you’d like to talk to me about a workshop or presentation for your library or library system, get in touch! I’d love to work with you.

Kentucky and New South Wales

So over the next 10 days I will be doing talks in two different states, but also on two different continents. Here’s the details, if anyone is interested in coming to say hello!

Tomorrow I am driving up to beautiful Louisville, KY for the Kentucky Library Association Conference. I’m speaking twice on Thursday, once on mobile devices in libraries and once on the future of technology and media. As a native of that fine Commonwealth, I am very excited to be able to be a part of KLA. I’ll have a LibraryBox with me, sharing files as I go…if you have questions or just want a demo, find me and say hello!

Unfortunately, I am not able to stay as long as I wanted at KLA, and I have to head back south on Thursday evening and spend all day Friday packing like mad because on Saturday I leave to give a keynote at the New South Wales State Library in Sydney, Australia. I’m in Sydney all of the following week, and would very much like to have a meetup with all the awesome librarians there. I was thinking of something maybe Wednesday night, Sept 18, but I’m open to suggestions as to where…any natives want to speak out for their favorite pub? I’ll plan something, and send it out to the LibraryBox discussion group as well…maybe we can get some librarians and techies together in Sydney for a few rounds. Email me (griffey at gmail) if you have suggestions, or throw me a message @griffey on twitter.

I’m very excited to get to meet new librarians and talk technology…if you are attending one of the above events, please find me and introduce yourself.

I could go to Australia

I could do these dishes I could try
To do these dishes
I could decide to do these dishes
Time to decide

or i could go to Australia
And carry a bowie knife
and wear my hair like Hepburn parted on the side
and learn card tricks and physics and buy
everyone drinks and take boxing and try
eating things only with chopsticks and finally
be like a person I think you might like

I could do these dishes
I could try to do these dishes.
I could decide to do these dishes
I should decide to do these dishes
Time to DECIDE….

Fuck it
I’m gonna go to Australia

Australia, by Amanda Fucking Palmer

I am completely thrilled to be able to announce that in February of 2012, I’ll be doing one of the keynotes for the Victorian Association for Library Automation (now more formally called VALA – Libraries, Technology and the Future Inc.) 2012 Conference. While “Victorian Association for Library Automation” sounds a bit like a group of steampunk library cosplayers, it is actually an incredibly forward-thinking organization that helps foster and understand the use of technology in libraries and other information professions.

So come February 6-9, 2012, I’ll be in Melbourne, Australia for the VALA 2012 conference. It will be my first time visiting that particular continent, and I can’t wait to meet with all the great Australian, New Zealand, and other librarians that will be attending.

Going away

For the next several days, I will be off to Chicago, to enjoy the company of friends, judge the Raw Deal World Championship, and watch grown men roll around half naked.

I’m going to see Wrestlemania while in Chi-town.

I understand that most people think this is silly. Let’s just say that I enjoy the deconstruction of storytelling, while maintaining the tropes present in classical narrative forms. It’s self-referential, and wonderfully postmodern in its technique. Plus, HHH is so going to pwn Cena it’s not even funny.