If you're traveling overseas, try to leave your computer at home. If you must have it, put only a few files on it and leave as many as possible behind. Encrypt the files you do bring.
These are some of the steps that computer security analysts advise for international travelers anxious to avoid being the victim of data espionage. The AP reported Thursday that U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez.
Such incidents illustrate the care that business executives or government officials should take when they travel to places where rivals might try to filch vital trade secrets or sensitive information. Dangers exist even if travelers keep their laptops closely held the whole time but connect to Internet networks abroad.
"Unlike several years ago, people are traveling with the entire contents of their office in their briefcase and plugging into what we might call a promiscuous port, not knowing who they're talking to or who runs the Internet security provider they're connecting to," said Mark Rasch, a former federal computer crime investigator now with FTI Consulting Inc.
Experts suggest people reconsider bringing a computer when they travel to locales of uncertain trustworthiness.
If leaving the laptop home is impractical, the best bet is to deploy whole-disk encryption. That cloaks every file on a computer and grants access only to the user who enters the proper password. Some whole-disk encryption products are even free; Windows Vista comes with one, called BitLocker.
This will protect a computer that gets lost or stolen while it's turned off. But whole-disk encryption is far less secure if the user selects an easy-to-guess password. And it's all but pointless if the user logs in with the correct password and then leaves the machine unattended and unencrypted.
To address the latter issue, security analyst Bruce Schneier, chief technologist for BT Counterpane, uses whole-disk encryption on his laptop and then a second layer: He encrypts individual files on the machine separately, with a different password.
Travelers connecting to the Internet also should access business files only with methods that encrypt data streams against snoops. Such methods include VPNs (virtual private networks) for network traffic and SSL (secure sockets layer) for e-mail.
It's also key to deal with data on mobile devices. It's conceivable that a foreign government would try to install a tap on a prominent traveler's cell phone.
Getting physical access to the device is not required. Joel Brenner, the National Counterintelligence Executive, told a conference in December that business executives have picked up tracking bugs and other security vulnerabilities on their mobile devices during international business trips. Brenner advised leaving such devices home and using a temporary, disposable one while overseas.
Schneier points out that even cautious travelers could find their data copied at any international border crossing, if guards ask a traveler to enter decryption passwords so a computer can be inspected. (U.S. courts have yet to clarify whether you can say no to that question upon entry to this country.)
Schneier said several companies now deal with this issue by giving their employees a laptop whose hard drive has been wiped clean. While on their trips, the employees have things they need e-mailed to them. Then they wipe it clean again before they cross another border.
The approach has a downside for many business travelers, Rasch said: "You can't do a lot of work on the plane."