GPSOLO December 2008
Safeguarding Your Data on the Road
For some time I, along with other commentators, have encouraged you to make backup copies of your critical files and carry them with you when you travel, so that if anything happens to your computer while you travel, you can still do your work, either using a replacement computer or, if your hard drive fails but your computer remains otherwise operable, using your own computer with an external drive. Although encryption of your data remains a good idea, it no longer provides the level of protection that you need for your data.
Times have changed. Now when you travel, in addition to the risks of damage to your computer, failure of your computer, and theft, your data has a new risk: required disclosure. In April 2008 a three-judge panel of the United States Ninth Circuit Court of Appeals, in United States v. Arnold, 523 F. 3d 941 (9th Cir. 2008), ruled that computers and other means of electronic storage fall into the same category as luggage, making them fully searchable at borders. The Fourth Amendment notwithstanding, border agents do not even need a reasonable suspicion for an electronic content search. Although the case did not specifically deal with electronic storage other than a computer, the use of the term “or other personal electronic storage devices” makes it exceedingly clear that the court intended its decision to apply to all electronic storage. That means that the decision not only places the contents of your computer memory at risk, it also places the contents of the memory of your USB drives, external hard drives, PDAs, and smart phones at risk. It even applies to the content of your cameras and iPods. The decision did limit itself to “border” searches, relying on a long-standing exception to the search and seizure protections of the Fourth Amendment; at least for now, this would apply only to international travel. In the aftermath of the Patriot Act and its handling of the Fourth Amendment, however, I am not at all sure that I trust this limitation to the border to hold against further attempts to whittle away at Fourth Amendment rights by allowing electronic content searches at all airports.
That said, the question becomes, how do we safely transport our information so that we can use it while traveling without exposing it to the risk of confidentiality breaches by a search? First, strip your computer of all confidential data prior to traveling. Second, if you carry an external hard drive or other electronic memory storage device with you, strip all confidential information off of it before you leave as well. If you have no confidential information on your devices, then you do not risk disclosing it.
Unfortunately, if you don’t take your confidential information with you, you don’t have it to work on during your trip, unless, of course, you make other arrangements. Technology offers two solutions to us for this dilemma. Both solutions require that you have Internet access during your travels. Because Internet access is available fairly readily in most parts of the world, that requirement should not pose a serious problem.
Solution one. Set your desktop computer up for remote access, connect to it online from wherever you travel, and you will have access to your information. Without regard to whether you work on the Windows or the Mac platform, software solutions provide the ability to remotely access your computer. If you can get online, you can access it remotely and, thereby, gain access to your data, use it, and then leave it where it started, on the hard drive of a computer sitting safely in your home or office. Be sure to password-protect your access and to use a strong password (one that contains at least eight characters and both letters and numbers). Encrypting the data on your computer always helps protect it from invasion.
Solution two. Obtain an online storage location and, before you leave, upload the data to that site. Be sure to encrypt it first to protect it. When you get to a location where you want to use it, download it and work on it; then re-encrypt it and upload it to the online storage location. Be careful to re-encrypt the data prior to uploading it to your online storage location to ensure that it remains protected, and don’t forget to erase it from your computer before traveling again.
You can readily find online storage facilities. Some are set up for business use, others for personal use. If you properly encrypt your data, it should not make much difference which you use. For example, I often use the Apple MobileMe server, which has the advantage of allowing you to designate a portion of your space for public access on either a password-protected or not-password-protected basis. This feature allows you to leave online a file that you want someone else to download with your permission, thereby eliminating the hassle of trying to e-mail it to that person only to discover that her e-mail provider won’t let her receive attached files of that size.
Using the Internet this way, however convenient, creates its own risks. Internet access puts you in danger of data capture and hacking. Wireless connections put your data in even greater risk of interception by bad-intentioned techies. Recent reports have revealed that some criminals go to the extreme of setting up a hotspot disguised as a public access point in order to induce people to use it and expose their data. As a result, I cannot over-emphasize the importance of proper encryption prior to transmittal. You can, however, further reduce your risk by avoiding public WiFi hotspots. By public, I include Internet cafés, hotels, airports, and coffee shops. Although cellular signals can be intercepted with appropriate equipment, I believe that you further reduce the risk of exposure to your data by using a private (your personal account) cellular WiFi card with your computer to access the Internet. Recently, a number of manufacturers have made a cellular connection card available as a built-in option on their laptop computers. Because they require a separate account for each computer, I am not a fan of these devices, despite their convenience. As a matter of both convenience and economics, consider using a USB-connecting device; you can move it easily from one computer to another, it works with computers that lack PCMCIA and/or Express 34 slots (almost all current computers have a USB port), and if you find the service from the current provider less than satisfactory, you can always arrange to get another card and another provider.
These recommendations will not completely remove risk from traveling with your data (or even using it), but they will lower the exposure level while maximizing availability in a reasonably secure manner.
Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California. A frequent speaker on technology topics, he is the special issue editor of GPSolo’s Technology & Practice Guide and editor-in-chief of the Technology eReport. In addition to being licensed as an attorney in California, he has been admitted as a Solicitor of the Supreme Court of England and Wales. He holds faculty positions at California State University of the East Bay and the University of Phoenix. He may be reached at firstname.lastname@example.org. You may also get updated technology information from his blog: jallenlawtekblog.com.