From the Washington Post:
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.
Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.
The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as ‘pocket trash’ or ‘pocket litter.’ "
We have known for some time that the border agents have the authority to search a laptop without probable cause and as part of the routine border inspection. But the detention, for an unspecified period of time, without any suspicion or probable cause may raise some eyebrows, especially from business travelers, who often carry not only a laptop full of confidential company information, but also flash drives (encrypted or otherwise), cell phones, Blackberries (often with sensitive information) or even sensitive company plans printed on paper.
Attorneys who travel internationally are also concerned by the new revelation - confidential and sensitive client information is often stored on mobile devices, and the detention, discovery and sharing of such information may have devastating consequences for a client’s case or the confidentiality of such information.
No, I am not talking about the obvious use of digital cameras to secretly take photos of confidential documents, of secret installations, or to record some activity which is supposed to remain unrecorded. With relatively high quality digital cameras being built into increasingly smaller cases or as part of mobile phones, it is clear how many organizations or government agencies are banning digital cameras or phones which have digital cameras altogether.
This article focuses on another aspect of digital photography - the Exif (Exchangeable image file format) [sample here]. As many readers know, this is a format used by digital cameras to store information about the photo (metadata) which can describe techinical aspects of the photo (e.g. camera manufacturer and model, exposure time, flash, date and time photo taken, etc.) Such technical information does not seem to pose much of a security risk - knowing the model of the camera taken may be relevant in some cases to show ownership of the camera or to somehow authenticate the picture, but such use is limited. However, many photographers, professional and amateur alike, use Exif data to "tag" their photos and to store photo description and other relevant information. The advantage of this method is that once a photo is taken and subsquently tagged by the photographer with location, description, and other relevant information, anyone who has the digital file can read the Exif information. The disadvantage, unfortunately, is that anyone can read the Exif information.
There are two types of Exif information - automatically stored and user-created. Both are potentially dangerous in different ways. Let’s focus on the user-created Exif information first.
More than a year ago, a high profile article on the WashingtonPost.com illustrated how Exif data can be misused. An article by Brian Kerbs, "Invasion of the Computer Snatchers" interviewed a hacker, known online as "0×80" and allegedly promised anonimity. The story included a nice photo of the alleged hacker taken from an angle and with light effects as to mask the identity of the hero of the story. However, the Washington Post editors forgot to remove the Exif information from the photo. Incidentally, it contained some very revealing information, one of them "LOCATION: Roland, OK" which is a small town with population of 2,842. By confessing to controlling thousands of compromised PCs for malicious use, and by having his location revealed, the alleged hacker’s identity is almost openly revealed which may tip the authorities and subject him to criminal prosecution for variety of computer crimes.
The Washington Post gaffe shows how Exif data can be inadvertently "leaked" onto the Internet and can lead to potentially disastrous effects. I am not aware of any adverse consequences to the hacker into Post story but hopefully the point is made.
The second type of Exif information is the automatically stored data that is created most often by the camera. As indicated above, such data may be the time and date when the photo was taken, flash, resolution, camera type and model. However, one additional piece of automatically stored information may be GPS location. Some modern cameras (and increasing number of new models) come with either GPS device built-in or capable of attaching to one. The result is that the camera now will automatically store the GPS coordinates of each photo into its Exif data. This could be a very convenient tool - after all, everybody would like to have his or her pictures neatly placed on a map based on where they were taken. Professional photographers would also appreciate the convenience. But as the Washington Post story suggests, taking a photo of a secret object and leaving the Exif data intact before posting the photo on the Internet may pose problems.
Exif also often contains a thumbnail image of the original photo. We see many digital photos on the Internet where the face or another part of the photo is blurred out or redacted in some way. Unfortunately, many of the posters of those photos do not realize that the digital photo’s Exif information may contain a thumbnail version of the original, unedited, photo. This is an example of a photo in which the subject of the photo’s identity was masked only to be left intact in the Exif thumbnail embedded in the photo.
So, what is the solution? There are two prongs. One of procedural and one is technical. First, check what type of Exif information your camera can store and make adjustments, if necessary. Second, think twice before tagging photos with keywords or other descriptions especially if you are in the business of posting images online or sharing digital image files with others. Don’t forget that once you post or send a digital image with "dangerous" Exif information, there is no way to get it back. Third, use Exif removal software.
Hopefully this article would raise the awareness of Exif and would prevent future embarassing "accidents" like the Washington Post one from last year.