As for “time sensitive” data - guess again. I was in Illinois at Motorola two years ago, and one of the information security guys noted that the delta between the Motorola RAZR coming on the market and copycats hitting the market was on the order of months. If the plans for the phone had gotten out prior to the launch, it could have cost Motorola tens of millions of dollars. There are international data thieves that trade exclusively in stolen data. Heck, I’ve even heard stories from customers whose executives were the victim of a targeted theft of their laptop.

People with unchecked power are prone to abusing that power, and information is the ultimate power. Is the chance of exposing sensitive data in this manner small? Sure, but the ramifications in the case it gets out of your hands are large in a world where a $20 flash drive the size of a gumstick can store 2GB of data, and networks can move large amount of data around the world instantaneously.

Cardinal Richelieu once said “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him”. What if he had a whole hard drive?

The sheer amount of stuff out there makes it very unlikely that the “time sensitive” data a given company has on the laptop of one travelling employee will ever be noticed, let alone fall into the hands of a competitor.

And, yes, I do often leave my house and car unlocked. If I put the blinds down on my window it’s for the benefit of any passers-by rather than for my benefit. Besides, the nearest neighbours are 400 forested metres away in any direction.

In some cases, even exposing access to some types of data is sufficient to trigger liability, especially in cases where this data is that of customers, employees, or patients. Whether or not the TSA crawls through every file is immaterial. Why do you think all those companies are getting their asses fined for losing laptops - even though there’s no proof they fell into nefarious hands, or had the data on them compromised?

This, by the way, is not being driven by computer people - although I think they have a better understanding than most on the ways information can be used as a weapon. In fact, the paranoia is being driven by lawyers. It’s being driven by giant lawsuits that cost companies millions of dollars when someone from accounting loses a laptop with employee names and Social Security numbers - numbers that can be used to enable identity theft. It’s being driven by the massive PR nightmares that befall any company that loses a backup tape off the back of a truck. It’s being driven by technology companies whose intellectual property is extremely time sensitive in a market that is becoming more and more competitive.

You make a good point, however: it’s not reasonable for the TSA to look at, recognize, and copy every file. That’s why this is a dangerous move - it opens the door to the next logical argument you’ll hear from the TSA: “To protect the US, we need to copy everything on people’s drives as they come in and out of the US, after which the data will be examined more thoroughly.”

It sounds ludicrous, but then again so does wiretapping the phone calls and email of normal citizens without a warrant.

Your central thesis is a variant of the old “if you don’t have anything to hide, you don’t need to worry about this” chestnut. Computers have become the vessels for our private thoughts and lives - humans inherently have a need for privacy. Poor you, the passwords are annoying? Turn them off then. And while you’re at it, why not stop bothering to lock your home and car doors, and leave the blinds in your bedroom open?

After all, you’ve got nothing to hide, right?

The upshot of this is that those of us who simply want to use computers get really annoyed at having to type in all sorts of stupid passwords every freaking time we want to do anything. The truth is that NO ONE WANTS WHAT YOU HAVE ON YOUR LAPTOP! Even if you happened to have a file entitled “Credit card and banking information with associated pins” it’s unlikely the border guard cares. Your all time high score on Minesweeper or Scorched Earth is certainly safe and your work-related material won’t be up on YouTube courtesy of customs any time soon.

For example: I have a lot of data on my laptop from my various employers, with whom I have signed non-disclosure agreements. These agreements are legal contracts that obligate me to not disclose proprietary information owned by the company. Now, let’s say the TSA is searching my laptop and decides to access this sensitive data – at this point, I have now violated my non-disclosure agreement. But I didn’t have any choice. Am I liable?

Another example: Many of the US states now have data breach laws modeled on California’s SB-1386. These laws require companies to not disclose customer’s non-public personal information. Disclosure of this information requires the company to notify the customer, a process which is usually complicated by the fact that the precise customer who has had their information disclosed is not known (think of a laptop with hundreds of customer records on it). The result is an expensive legal and PR debacle for the company. Now, again, the TSA decides to look at some of the customer files on my machine as part of their search. Am I, or my company, liable for this “breach”?

The larger issue here is that this is the beginning of a dangerous precedent. The next logical step is for the TSA to note “Oh, we can’t possible search an entire machine in the time we have at the border. We need to be able to take a complete copy of your drive - that way, we can search it later.”

Giorgio and Matt have the right idea - storing the data in the cloud. However, that’s problematic for most travelers. Think about sales guys who need access to their data on the road. Sure, there are ways around this (wireless/cellular modem cards), but it’s yet one more complication that business would rather avoid.