In today's electronic age, direct access to an electronic device means complete access, in the proper hands.
Plan ahead for security
An improperly secured electronic device can easily be compromised using free tools and directions found on the internet. Meanwhile, an individual can create a copy or "mirror" image of an unsupervised electronic device without the owner's knowledge in just a few minutes.
It is the researcher's responsibility to plan ahead to protect any research information they may be obligated or required to protect when traveling in and out of the country. On April 21. 2008, the Ninth Circuit Court of Appeals ruled that U.S. customs has the right to inspect your laptop as you go through border security, including at U.S. airports. The court dismissed concerns regarding any privacy or First Amendment rights, holding that “reasonable suspicion of any crime or wrongdoing is not needed for customs officials to search a laptop or other personal electronic storage devices at the border.”
When planning your travel overseas or through any customs inspection or border crossing, it is imperative to consider what has been stored on your machine prior to getting to your destination. At a minimum you should:
- Remove from your laptop anything that constitutes a trade secret, proprietary information, or export-controlled technical data or information. Keep in mind that you will need to do more than just delete the files to ensure the files cannot be easily recreated.
- Leave at home any information you wish to keep confidential.
Full-disk or file encryption could provide some protection but it is unclear what might happen when an individual declines to provide the password if asked for it by government officials.
Suggested Methods to Secure Data
Disclaimer: The following provides some suggestions on possible methods of protecting one's research but it does not constitute the final word. In the end it is the researcher's responsibility.
Faculty/Staff
Always:
- Keep your operating system current and up-to-date with all of the latest security patches and updates installed
- Keep your virus protection up-to-date
- Secure your computer. Click here to learn more from VT's IT Security Department
- Useful Links:
OnGuard Online.Gov
Audit My PC- useful tools for PCS
IT Security at VT
Before you leave the United States:
- Remove anything from any electronic device that constitutes a trade secret, proprietary information, export-controlled technical data/information or anything you wish to keep confidential. Deleting a file is NOT enough! Be sure to use multiple passes with some type of shredder program. Please note: Be wary of free shredder programs found online- you get what you pay for.
At Your Home or Destination
- Utilize and work off a secure network (please see your department's system administrator) or through a secure connection
- Keep your work on an encrypted flash drive or an external hard drive and mail it to and from your destination
- E-mail the necessary documents or information to yourself and download them to your computer once you reach your destination. Be sure to completely remove (use a shredder program) the documents or information prior to crossing another border or returning to the U.S.
- Never let an electronic device out of your care and control
- Be aware of your surroundings.
IT Personnel
- Provide "terminal" laptops (terminal purpose only) that can be checked out and then re-imaged when the computer returns back to campus
- Utilize and work off of an external network
- Other Useful Links:
System Administrator Resources
Virginia Tech's Central Intrusion Detection System
National Security Agency Security Configuration Guides
SANS Institute Resources