Safety tips for travelers' protections

These are some of the steps that computer security analysts advise for international travelers anxious to avoid being the victim of data espionage. The AP reported Thursday that U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez.

Such incidents illustrate the care that business executives or government officials should take when they travel to places where rivals might try to filch vital trade secrets or sensitive information. Dangers exist even if travelers keep their laptops closely held the whole time but connect to Internet networks abroad.

"Unlike several years ago, people are traveling with the entire contents of their office in their briefcase and plugging into what we might call a promiscuous port, not knowing who they're talking to or who runs the Internet security provider they're connecting to," said Mark Rasch, a former federal computer crime investigator now with FTI Consulting Inc.

Experts suggest people reconsider bringing a computer when they travel to locales of uncertain trustworthiness.

If leaving the laptop home is impractical, the best bet is to deploy whole-disk encryption. That cloaks every file on a computer and grants access only to the user who enters the proper password. Some whole-disk encryption products are even free; Windows Vista comes with one, called BitLocker.

This will protect a computer that gets lost or stolen while it's turned off. But whole-disk encryption is far less secure if the user selects an easy-to-guess password. And it's all but pointless if the user logs in with the correct password and then leaves the machine unattended and unencrypted.

To address the latter issue, security analyst Bruce Schneier, chief technologist for BT Counterpane, uses whole-disk encryption on his laptop and then a second layer: He encrypts individual files on the machine separately, with a different password.

Travelers connecting to the Internet also should access business files only with methods that encrypt data streams against snoops. Such methods include VPNs (virtual private networks) for network traffic and SSL (secure sockets layer) for e-mail.

It's also key to deal with data on mobile devices. It's conceivable that a foreign government would try to install a tap on a prominent traveler's cell phone.