% fortune -ae paul murphy

Laptop security

Last Thursday's issue of an Information Week newsletter I get included an editorial comment by CMP editor Barbara Krasnoff about the problem that data on laptops can be examined by airport security and other government agents on the pretence of looking for prohibited classes of pornography or other materials.

As she puts it:

What do you have on your laptop that you might not want anyone else to see?

Is there, for example, a record of your doctor visits and which medications you take? Some music downloaded from the Web that may or may not be copyright-compliant? How about the spreadsheet listing your employees, how much they make, and who may become part of your company's projected layoffs? Or the e-mail you sent to your senator complaining about the treatment you recently receiving from airport security personnel?

How would you like all that to be read by customs agents the next time you come back from, say, London?

A recent InformationWeek article described how former Anaheim, Calif., junior high school math teacher Michael Timothy Arnold's laptop, CDs, and memory stick were examined by border agents at the Los Angeles International Airport when he came back from the Philippines in 2005. A lower court found that the contents of electronic devices are even more personal than, say, a diary, and that agents must have reasonable suspicion before examining the contents. The government disagreed and is appealing. At least two organizations -- the Electronic Frontier Foundation and the Association of Corporate Travel Executives -- believe the ruling was correct and have filed an amicus brief with the court.

That's a consequence of carrying the information with you - and completely avoidable only by not doing so.

On the same day that the newsletter arrived, the news broke that someone had managed to gain access to the email folders on up to 1,500 PCs in the Office of the U.S. Secretary of Defence - an embarrassment that was unembarrassedly dismissed as essentially business as usual by the people responsible for letting it happen.

Fundamentally that was an inevitable consequence of the technology they use, and completely avoidable only by abandoning it.

What these two news items have in common is that they represent the collision of unopposable forces with immovable objects: officialdom will feather its own careers and pry into your business, and if that means using Wintel in sensitive environments or forcing travellers to hand over laptops and passwords, than that's exactly what they'll do.

But you don't have to get crunched: adopt centralised Unix computing with decentralised management and you can abandon the laptop to history while reducing the pool of potential attackers to those with significant skill, patience, and resources.

Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.