What Do Laptop Bans on Airplanes Mean for Data Security?

What Do Laptop Bans on Airplanes Mean for Data Security?

In March, many international business travelers were taken by surprise when the US and UK abruptly issued bans on carry-on laptops and other large electronic devices on inbound flights from a number of airports in the Middle East, North Africa, and Turkey, citing intelligence that terrorists may attempt to target US-bound airplanes on these routes by “smuggling explosive devices in various consumer items.” As long as the bans are in place, such items cannot be carried onto these flights and must be checked instead. On Thursday, Politico reported that US airlines were bracing for the Department of Homeland Security to expand the ban to flights from Europe and other parts of the world, though any such expansion is not expected to be implemented until President Donald Trump returns from an overseas trip this weekend.

An expanded ban would have obvious consequences for business travelers, who would no longer be able to get any work done on these long-haul international flights, but global security consultant Luke Bencie warns at the Harvard Business Review that organizations whose employees travel across the oceans on business have another reason to be concerned—namely, that checking a laptop at an airport could put the device, and any sensitive data it may contain, at risk:

In today’s globalized business environment, the craft of spying has never been more lucrative. For intelligence collectors, the idea of forcing travelers to become separated from their large electronics is like winning the lottery.

It has been well documented, particularly by the U.S. Congress’s own investigation into intellectual property theft, that foreign intelligence services from countries such as China, Russian, Iran, North Korea, France, and Israel are a genuine threat to business travelers. Much of this theft occurs while American business travelers are operating overseas. Covert hotel intrusions (where laptops’ and smartphones’ memory can be discretely cloned), electronic intercepts and eavesdropping, and email monitoring are all common, and easily performed, techniques used by governments to collect public- and private-sector intelligence. This collection can be used for a nation’s competitive economic advantage, in terms of minimizing research and development time, bypassing patent laws, gaining an unfair advantage for cost proposals, obtaining leveraging over an opponent prior to a negotiation, as well as blackmailing employees into revealing corporate secrets.

It may seem incomprehensible to an unseasoned international traveler that while they are sipping champagne in the business lounge, a member of another nation’s intelligence service is riffling through their luggage looking to exploit sensitive corporate information on a laptop. But is it really that hard to believe? Many of us have unpacked in our hotel room and found a flier in our luggage that reads, “This bag has been searched by TSA.” Why do people find it inconceivable that an intelligence operative could be in the baggage loading area downloading your hard drive? Or uploading hard-to-detect spyware?