> Sounds like a custom boot screen that displays large numbers in a
> countdown from ten would go over quite nicely.
I have a smaller device that does that, counting down from 30 when
operated. Further, it goes with another gadget intended to draw
(small quantities of) blood. If 80% of the TSA inspectors understand
that this medical device is not dangerous, 10% will try to steal
the device, and half of the remainder try to arrest me without
shooting first, that's still an unacceptable chance of death to me.
The TSA takes jokes very seriously. One passenger said "Knock
knock", and before his wife could answer, he found himself in
handcuffs. When he said "it was a joke!", the TSA-inspector-in-training
took it as a confession. Apparently he thought that a joke, *any*
joke, could have taken out the World Trade Center.
There's another technique that might work against minor-league
snoops (e.g. your wife, her divorce lawyer, and a private investigator,
or perhaps your kids looking for porn) but it would be best not to
annoy the TSA or Homeland Security with them.
There's a special kind of boot disk (e.g. on a CD-ROM) and
remote-bootable boot image commonly used by Internet Cafes and such.
It's probably also used by IT departments to set up computers in a
standard way when they have hundreds of setups a year for new
employees. When you boot it, it wipes the system and re-installs
a fresh version of the OS. The setup is pre-programmed and it
doesn't ask any questions. It also may not be particularly chatty
about what it's doing. (Now, if *YOU* boot up the system at customs
and let it wipe your drive, they may try to arrest you for destruction
of evidence.) Ok, this isn't really designed for crypto-quality
erasure but it could be adapted for it.
One cafe I know of used a boot over the network so the system image
couldn't get corrupted from the customer machines. The boot image
was on CD-ROM in a read-only drive on the server. It does not use
an actual secure erase program (which would take too long for a
large disk) but it might ensure that every hard disk sector gets
written over at least once. The main purpose of this is (a) wiping
out any viruses, spyware, or malware brought in by the last customer,
and (b) preventing the next customer from snooping on data left
behind by the last customer.
Some of the programs commonly used on Windows (e.g. Outlook) were
set up to use data files in the home directory on the user's USB
drive, which the user was expected to supply and take with him when
he leaves. The USB drive might have viruses on it that the user
picked up elsewhere (e.g. his work computer), but it shouldn't pick
up any new ones or infect other customers. Also, there was anti-virus
software installed on the system. Lots of users stopped by to
modify some spreadsheets, then print them on the color printers at
the cafe.
A potential snoop that comes in without a subpoena or badge might
be able to bring in forensic software but they can't walk out with
the computer, disassemble it and attach the hard drive to something
else, or other stuff that would attract attention. (The cafe tells
customers to be sure to reboot the system before they leave, and
does it if they forget.) Note: customers didn't get 'Administrator'
access to the system and I don't know whether the forensic software
would work without it.
How could you use it? Well, one simple way is to leave your laptop
powered off with a system-install CD/DVD in the CD/DVD drive. If
anyone just powers it up and waits, the system gets wiped. Use
with care: I'm not sure that holding the EJECT button down, THEN
powering up the laptop will consistently prevent code execution on
all laptops. Also, it's probably more likely that YOU will
accidentally wipe the system than some unauthorized person would
(but the valuable data you keep encrypted on a USB drive on a chain
around your neck, right?).
If you're designing your own quick-wipe program, the first thing
it should go after would be potential locations for the keys on
hidden partitions (without asking for the key!). Then get the
partition table, root directory, etc. of the public partition.
How secure is your data from snoops if you travel internationally,
take a laptop with a fresh install and some SPAM emails through
customs, and put your sensitive data on a USB flash drive, encrypted
with the strongest algorithm you can find (which we'll assume the
NSA can break anyway), and *mail* it? Or how about if you download
it (encrypted file, of course, and you might as well download it
with ssh) over the Internet from your company server?