Saturday, May 17, 2008

Cleanse or secure your electronics before crossing the border

Over the past weeks, I've done a lot of travelling. First to Geneva and then to the US. On both occasions, I had to be very mindful of what information I have on my laptop and my USB drives, since I am subject to the Personal Information International Disclosure Protection Act.

This new law prohibits the export of personal information by Nova Scotia public bodies and their service providers. As a lawyer to a number of public bodies and an instructor at Dalhousie Law School, my laptop an blackberry are subject to those laws. Since I didn't want to go to the bother of asking the chief executive of each public body I work for wheter I had one-off permission to take their data with me (and since I wouldn't need their data on the road), I had to delete all traces of such personal information from my portable electronics. While this is a concern for public bodies in Nova Scotia and their service providers, it's also a concern for anyone who is crossing the border into the United States as increasingly customs officers are scrutinizing laptops at the border.

Bruce Schneier, who always has interesting things to say, has an article in the Guardian on how to secure your laptops if you're taking them into the US. It's a good read and probably something to bookmark to read next time you're crossing the frontier: Read me first: Taking your laptop into the US? Be sure to hide all your data first Technology The Guardian.

1 comment:

DallasDeckard said...

Frankly, this new law is rather useless for the purpose it was intended. Nova Scotian medical companies that outsource to the United States *must* send personal data. For example, say a patient in Nova Scotia is sent to a U.S. cancer center for a CAT scan and treatment. Can that Nova Scotian company refrain from sending pertinent medical data to the U.S. treatment center? No. So frankly, the law is just posturing by the Nova Scotian lawmakers and politicians.

In point-of-fact, it is just a big pain in the butt for people like you. Terrorists aren't going to clean personal data from their computers before passing from Nova Scotia into the U.S. because of this law, so how does this law help? Seriously?

All this does is create a logistical nightmare for medical firms, charitable organizations, churches, athletic teams, and so on. If any Nova Scotian thinks this law has made their privacy safer, they're deluded. If the U.S. wants information on a suspected terrorist, Nova Scotian officials are going to give it to them. Why? Because the consequences of not doing that could be catastrophic. Suppose they refuse, and there is a terrorist incident in Nova Scotia or the U.S. that results from their refusal. What would be the fallout? Does Nova Scotia want to become an international pariah for refusing to help stop a terrorist act that could claim the lives of countless Nova Scotian or U.S. citizens? I don't think so.

I have friends and family in Nova Scotia, and they care about me and other friends and family in the U.S. as we care about them. No one in Nova Scotia or the U.S. wants another 9/11 and the first time someone in Nova Scotia refuses to give up private information on a terrorist that leads to a terrorist act, every official that had a hand in it will be lynched before you can say "boo".

The law is silly, and any intelligent Nova Scotian should know that. This means you, David.