DHS CBP Laptop/PDA/Phone Search - Questions

Homeland Security (CBP) Laptop/PDA/Phone Search - What is your organization doing to protect internal/customer/partner data entrusted to traveling employee’s/contractors?

Based on an email thread with my team related to this topic I started thinking, “Am I really doing everything I can to protect the data entrusted to me?” To help me understand what other options are out there I recently posted a question on Linkedin Question ”

I’m trying to find and consolidate answers about how we should respond in a manner that both complies with CBP request for access and the requirement to protect the data.  The impact on personal privacy and Constitutional rights is an entirely different subject that I am simply unable to address.  After a week or so of responses from Linkedin and this blog entry I’ll try and recap the best and brightest answers here for further discussion.  Let me be clear - I’m not looking to start a discussion about whether or not DHS CBP is correct in its approach, simply that this is the hand we currently have been dealt - what are our options for playing out the hand?

I was hoping for a miracle here.  The answers I received on linkedin ranged from helpful to atrocious.  Seems the best idea the community had at the point I asked the question was to leave your data at home.  Unfortunately if I leave and take my laptop I have a need for the data… 

download speeds in some areas might support a secure download of smaller amounts of sensitive data (assuming it is a secure download).

I guess for now the answer is using VM’s and downloading data and/or external biometric/encrypted storage devices for customer data (and encryption keys) in transit.

If you find better/updated recommendations I’m happy to hear about them!

Looks like there is a new regulation being proposed: Second bill tackles laptop border searches (“http://www.cybersecurityinstitute.com/index.php/weblog/more/second_bill_tackles_laptop_border_searches/)