Posted on Apr 16, 2017 by Rick Falkvinge

With laptops banned onboard aircraft, your data is no longer yours if you fly

New US regulations ban laptops on board some aircraft, requiring laptops to be in checked luggage. One of the first things you learn in information security is that if an adversary has had physical access to your computer, then it is not your computer anymore. This effectively means that the US three-letter agencies are taking themselves the right to compromise any computer from any traveler on these flights.




According to the United States Department of Homeland Security, which bills the ban as a “change to carry-on items” that affect “ten out of the more than 250 airports that serve the United States internationally”, there is a “security enhancement” because explosives can now be built into “consumer items”, and therefore laptops must now be banned from carry-on luggage and instead checked in.

When looking at this justification, the DHS notably fails to describe how it would be any safer flying with such alleged explosives in checked luggage rather than carry-on luggage onboard the same aircraft. In other words, the justification is utter nonsense, and so, there must be a different reason they issue this edict that they’re not writing about.

“The aviation security enhancements will include requiring that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.”

When Microsoft (finally) trained every single one of their employees in security in the big so-called “security push” around the turn of the century, there were about a dozen insights that they really hammered home, again and again. One of the most important ones related to this was the simple insight of “if an adversary has had physical access to your computer, then it’s not your computer anymore”.

After all, if somebody has had physical access to the machine itself, then they will have been able to do everything from installing hardware keyloggers to booting the machine from USB and possibly get root access to some part of the filesystem – even on a fully encrypted GNU/Linux system, there is a small bootstrap portion that is unencrypted, and which can be compromised with assorted malware if somebody has physical access. They could conceivably even have replaced the entire processor or motherboard with hostile versions.

This is a much more probable reason for requiring all exploitable electronics to be outside of passengers’ field of view.

Remember that both the NSA and the CIA have a history of routinely pwning devices, even from the factory, or intercepting them while being shipped from the factory. (There was one incident where this was revealed last year, after the courier’s package tracking page showed how a new keyboard shipped to a Tor developer had taken a detour around the entire country, with a remarkable two-day stop – marked “delivered” – at a known NSA infiltration facility.)

Now imagine that the laptops and other large computing devices of these travelers — remember that the Tor developer in question was an American citizen! — that these devices will be required to be surrendered to the TSA, the CIA, the NSA, the TLA, and the WTF for several hours while inflight. It’s just not your device anymore when you get it back from the aircraft’s luggage hold – if it was ever there.

If your laptop has been checked in and has been in the TSA’s control, it can no longer be considered your laptop. Any further login to the compromised laptop will compromise your encrypted data, too.

The choice of the ten particular airports is also interesting. It’s the key airports of Dubai, Turkey, Egypt, Saudi Arabia, Kuwait… all predominantly Muslim countries. Some have pointed this out as racial profiling, but there are signs it may be something else entirely and more worrying.

For example, the Intercept presents the measure as a “muslim laptop ban”. The might or might not be an accurate framing, but the worrying part is that this is a best case scenario. More likely, it is a so-called “political test balloon” to check for how much protesting erupts, and to put it bluntly, if they get away with it. If they do, then this can be a precursor to a much wider ban on in-flight laptops – or, as you would more correctly have it, a much wider access for three-letter agencies to people’s laptops and data.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service
  • Greg Hall

    This ban is ridiculous on so many levels. If a so called “terrorist” wished to implant an explosive device on board an Aircraft, they obviously have the skills, knowledge and mindset to do such an atrocity, yet apparently wouldn’t ever think to just buy a ticket to another destination without the ban!! Just laughable!

    Do the TSA, or other agencies, really expect the public to believe this will have foiled their plan? People need to get educated about what is going on in the world around them, and pay less attention to the brainwashing drivel that is being fed to them on the mainstream level. Indeed, as your article states, this is a test bed for more draconian control.

  • All it means is that anything which is personal and critical simply won’t be on the machine – it’ll be in the cloud, highly encrypted, accessible only after landing again and once new computers/systems have been obtained.

  • Hrvoje Kevic

    The only problem with the theory of this article I have is, how many people will have to be employed to examine every single piece of baggage, check if the laptop is in there, unlock the bag, take it out, do whatever needs to be done, put it back in the bag, and ensure it gets on its destination on time.

    Good and interesting theory, but I honestly find it hard to believe that this is really possible. Unless they are going to target a certain people or groups of people. But than again, there are also other ways how to get hold of this data.

    • Fred

      Obviously only interesting targets will be “processed” Hrvoje, what kind of argument is that? If you are not a politician, journalist, writer or activist of any sort, you’re perfectly fine. Sheeple have nothing to fear (until the slaughter house).