Skip to content

Commit

Permalink
This is clean but needs another pass.
Browse files Browse the repository at this point in the history
  • Loading branch information
Amanda on Mona committed Feb 14, 2018
1 parent 53de43f commit 4d8df6d
Showing 1 changed file with 38 additions and 107 deletions.
145 changes: 38 additions & 107 deletions drafts/Chapter02-09-PhysicalSecurity.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Overview

What happens to your data if your device is seized or stolen? How should you prepare to cross international borders safely? Full disk encryption can
What happens to your data if your device is seized or stolen? How should you prepare to cross international borders safely? This session will talk about ways to approach border crossings, as well as walk through the process of enabling full disk encryption, which can help ensure that someone who has your physical device doesn't necessarily have all your data.

This module makes a few assumptions about your threat model. It is written with American journalists in mind -- if your work puts you in conflict with hostile state actors, you should seek out more specialized training.

Expand All @@ -11,7 +11,7 @@ This module makes a few assumptions about your threat model. It is written with
**Review date:** June 5, 2017
**Lesson duration:** 30 minutes
**Level:** Intermediate
**Preconditions:**
**Preconditions:** Participants should know how to back up their devices and how to choose a strong passphrase.

**What materials will participants need?**

Expand All @@ -21,12 +21,20 @@ They should bring their Android / iPhone and laptop.

Participants will need administrator access to their machines.

Everyone should read [Digital Privacy at the U.S. Border: Protecting the Data On Your Devices (EFF 217)](https://www.eff.org/wp/digital-privacy-us-border-2017).

**How should the instructor prepare?**

Touch base with IT staff to talk through your plans for the workshop -- you may need their support in actually enabling disk encryption.

Read through the material carefully and think about what will work for you, as a facilitator and instructor.

Assume that no more than 50% of participants will actually read the EFF guide that you sent around.

**Follow up**

Because most participants will not actually turn on full disk encryption during the session, set a deadline for everyone to do it and then be sure to follow up.

## Lesson Plan

**Groundwork**
Expand All @@ -37,7 +45,7 @@ Physical custody issues generally boil down to two categories: permanent loss of

**Theft or Permanent Loss** You leave your backpack in a taxi. Your laptop disappears from your hotel room. A thief swipes your phone when you're standing on the sidewalk. What are the risks:

*Activity:* Have participants spell out their concerns. Capture them on a white board or sticky notes. If someone malicious takes your laptop, what do you need to worry about?
*Activity: Have participants spell out their concerns. Capture them on a white board or sticky notes. If someone malicious takes your laptop, what do you need to worry about?*

You're looking for things like:

Expand All @@ -55,135 +63,55 @@ You're looking for most things from the first list, as well as things like:
+ they can tamper with your device or install malware on it

**So what can you do?**
You can mitigate what is available without your permission. But "mitigation" is a key word. You don't know, not really, that it can't be decrypted. The strategies that make sense vary a lot with your threat model.

Mitigation:

- Mitigate the data available without your permission:

- Full disk encryption. (Note that at a border you may be detained
> indefinitely or refused entry if you refuse to unlock
> your device.)
You can mitigate what is available without your permission. But "mitigation" is a key word. You don't know, not really, that it can't be decrypted. The strategies that make sense vary a lot with your threat model. The EFF's [Border Privacy Guide](https://www.eff.org/wp/digital-privacy-us-border-2017) is a great resource -- encourage folks to lean hard on it.

- Mitigate what data you carry on you in the first place:
+ Reduce the amount of data you carry across the border, or don't carry sensitive data across borders at all. This is in some ways the easiest solution, at least as far as border search is concerned. It is also, obviously the hardest. But if you have access to a secondary laptop and you're planning a trip, consider taking something other than your primary laptop to use. If you do use an alternate "travel device" and make sure that it doesn't contain your password manager, SSH keys or e-mail client.

- Border crossings: Consider using an alternate "travel device"
> that does not contain things like passwords or keys or
> sensitive work-related data. (SSH keys, GPG keys, password
> manager database, work documents, e-mail client.)
+ Do you need a smart phone on your trip? Or would a feature phone with longer battery life meet your needs?

- This is constrained by economics of the audience.
> Organizations may have "travel devices" or may have easy
> access to such infrastructure, but individuals may not
> have the resources to have extra devices on-hand.
+ Consider backing up, and completely wiping your phone before you leave on a trip. You can restore your device either after crossing or when you're back home.

- 1Password offers a [*travel
> mode*](https://www.theverge.com/2017/5/23/15681990/1password-travel-mode-feature-added-security)
> that won’t allow you to access to your passwords
> while traveling.
+ 1Password offers a [travel mode](https://www.theverge.com/2017/5/23/15681990/1password-travel-mode-feature-added-security) that won’t allow you to access to your passwords while traveling.

- Send your data to a trusted party (friend, coworker, lawyer),
> delete it from your device, and only receive access to it
> again after you are in a safe situation. (Alternatively,
> encrypt your data with a random key or password and give that
> key or password to your contact.)
+ Minimize the data available without your permission with full disk encryption, but know that you may not always be able to cross international borders without unlocking a device. The EFF has a good overview of [your rights at the US border](https://www.eff.org/wp/digital-privacy-us-border-2017#part-2). *Trainer Note: it is easy to slip into a debate about what the border patrol is likely to do, or a story swapping session about horrible things that have happened. Try to "park" those stories in a "parking lot" for discussion another time.*

- Mitigate risk of being affected by malware placed on your device
> after it has left your custody.
+ It is conceivable that authorities, especially, can modify the physical hardware of your device. Restoring your software from a backup won't protect against hardware modifications.

- (Note that there are many levels of paranoia here, including
> modification of the physical hardware of your device.)
- See entry about "travel devices" above.

- Border crossings: For smartphones, consider backing up your
> device ahead of time and planning to wipe and restore your
> device after crossing.
- (This can also be used to mitigate the amount of data you
> carry back up & wipe your device ahead of time, only
> maintain a minimum amount of information (important
> contacts and immediate travel information) rather than all
> of the data you would normally carry. Then restore your
> "full" encrypted backup after a crossing. However, you may
> be compelled to provide access and having such little data
> on you may be a red flag.)
+ Carry contact information for your attorney somewhere other than your phone, and consider telling the border agent that your device contains trade secrets and you're not authorized to authorize a search.

### Walkthrough: Full Disk Encryption

Disk encryption protects your data from being read if your device is
stolen. It only works when your device is turned off. It does not
provide protection if the adversary knows your device password.

< NOTE: Don't have participants enable FDE during your workshop. On a
smartphone it could take an hour or so, and on a laptop it could be take
as long as ten hours. Start the process in the evening and let it go
overnight. >

macOS:

Easy to turn on if you use
[*FileVault*](https://support.apple.com/en-us/HT204837)
What does full disk encryption protect: disk encryption protects data against being read when your computer is off.

- In system preferences
What does it not protect: if your device is already powered up, the device is decrypted, even if the screen is locked. If someone has your password, either because it was guessable or because you gave it to them, full disk encryption won't protect you.

- Security
**Important**: the process of enabling FDE can take many hours, and if you interrupt it you will lose access to everything that was on the disk. So show participants how it works, but **do not have them start the process** until they're sure that a) they have backed up the machine and b) they can live without it for 10-12 hours. Generally that means leaving it over night.

- FileVault tab
Make sure everyone knows where to find the disk encryption settings on their devices and has a plan to

- Enable FileVault

- Write down the recovery key on a piece of paper and store it
> somewhere safe.
#### MacOS:

- Depending on your threat model, you might want to decline
> the Apple iCloud recovery method. (State actors, targeted
> attempts at your data,
Use [FileVault](https://support.apple.com/en-us/HT204837).

Windows (Pro, Ultimate, or Enterprise editions only):
In `system preferences > Security > FileVault` you should see a toggle labeled `Enable FileVault`. When you are ready to actually encrypt the disk always write down the recovery key on a piece of paper and store it somewhere safe.

- BitLocker
> [*https://technet.microsoft.com/en-us/library/cc731549(v=ws.10).aspx*](https://technet.microsoft.com/en-us/library/cc731549(v=ws.10).aspx)
Depending on your threat model, you might want to decline the Apple iCloud recovery method, as it may leave your data vulnerable to state actors.

-
#### Windows (Pro, Ultimate, or Enterprise editions):

Windows (alternative; if, for example, you only have Windows "Home
edition")
Use [BitLocker] <https://technet.microsoft.com/en-us/library/cc731549(v=ws.10).aspx>.

- Veracrypt
Users that only have Windows "Home edition" can look into Veracrypt.

- TK instructions / tutorial link
#### iOS:

iOS
iOS has built-in device encryption ([see page 10](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)) -- but it is only as good as your passphrase.

- iOS has built-in device encryption as long as you have a
> passcode enabled. (p. 10,
> [*https://www.apple.com/business/docs/iOS\_Security\_Guide.pdf*](https://www.apple.com/business/docs/iOS_Security_Guide.pdf))
#### Android:

- Pick a strong device passcode!
Options will depend on the Android device. Nexus/Pixel devices have full disk encryption enabled by default, but you can double-check by going to `Device Settings > Security > Encryption` -- select `Encrypt phone` to start the process, and be sure to set a strong passphrase.

Android

- Depends on the Android device. Nexus/Pixel devices have it on by
> default (but you can double-check by doing the following
> steps anyway).
- In device settings:

- Security

- "Encryption" subsection

- "Encrypt phone"

- If given a "Secure start-up" option, choose to require it.

- Make sure you have a strong passcode.

- Your device is only secure as long as it is powered off, so


https://www.justsecurity.org/51759/dehumanized-border-travelers-push/

### Recommended Reading

Expand All @@ -196,6 +124,9 @@ https://www.justsecurity.org/51759/dehumanized-border-travelers-push/
+ [Privacy Complaints Mount Over Phone Searches at U.S. Border Since 2011](https://www.nytimes.com/2017/12/22/us/politics/us-border-privacy-phone-searches.html)
+ [“Dehumanized” at the Border, Travelers Push Back (Just Security, Feb 2018)](https://www.justsecurity.org/51759/dehumanized-border-travelers-push/)

+ [EFF 2017 Report on Digital Privacy at the US Boarder](https://www.eff.org/wp/digital-privacy-us-border-2017)
+ [Digital Privacy at the U.S. Border: Protecting the Data On Your Devices (EFF 217)](https://www.eff.org/wp/digital-privacy-us-border-2017)

**More training resources**


+ [Digital Privacy at the U.S. Border: Protecting the Data On Your Devices (EFF 217)](https://www.eff.org/wp/digital-privacy-us-border-2017)

0 comments on commit 4d8df6d

Please sign in to comment.