Security and Inconvenience

I am typing this on a Tandy 102 Portable Computer. This marvel of the 1980s has been gathering dust on my computer lab shelves for who knows how long. But I was forced to resurrect it after discovering that current airline seat trays are too small for me to use my laptop comfortably. I need something smaller, but I want a full-sized keyboard. My options were limited, so I have put my old favorite back into service.

Don't worry, this is not going to be nerd's delight of how good the old stuff was. Instead, it is going to be a real life example of the often awkward relationship between security and convenience. With a little of why we do not recommend "security by obscurity" thrown in for good measure. Spoiler alert: mindfulness is going to be a key concept in considering our cybersecurity when we travel.

As I contemplated what I will take my next trip instead of my apparently oversized laptop, I was reminded of the trade-offs that dog so many of our cybersecurity decisions. I try to remind myself that every trip I take with my laptop might be the last, that laptops can be stolen or get left behind or lost. I try to make sure that there is as little of value on my laptop as possible.

But there are pretty severe limits on my ability to imagine, so every so often I go through an exercise: I take one of our spare laptops, wipe that spare laptop clean, do a fresh install of my preferred operating system on it and then I try using that spare laptop as if I were on the road. The number of pieces of data I find that I need to add to the vanilla machine is depressing. Add the modern browser's tendency to helpfully remember things for me and I realize that while it would be a drag if my laptop died, it would be a bit of security nightmare if it were stolen.

And we have not even mentioned the possibility of being hacked remotely if I were to use random WiFi on my trip, something I also try to avoid as much as possible. Please don't use WiFi unless you know who is providing it and why they are providing it. The laptop you save may be your own.

The 102 is a very different kettle of fish from a modern laptop. The 102 cannot be hacked remotely because it does not know how to connect to a network. Any network. I gather that, if I really put my mind to it, I could get it online. But as it stands, in the original configuration, the 102 does not have the hardware or the software to use the Internet. Or graphical interfaces. Or a mouse. Just eight lines of 40 characters in dot matrix splendor.

So when I take the 102 on the road, what am I risking? I am risking someone stealing it for whatever notes I have on it. No one is stealing it for its resale value. So if someone steals it, they are stealing it because they are targeting me specifically and hoping to get whatever information I have typed into it. So long as I avoid making a list of passwords or something else equally ill-advised, I am in pretty good shape.

In other words, my risk is the same for the 102 as it is for a physical notebook whose pages I remove after every trip. (I am aided in my policy of deleting files off of the 102 after every trip because the storage is limited and if I don't remove the old files, I quickly run into issues creating new files.)

Since I have little reason to believe that anyone is targeting me specifically, I feel confident that the 102 will be a solid choice as my new virtual typewriter. No email, no browsing, no shared documents in the cloud; if I need any of that, I will have to rely on my phone. Not idea, but for me personally, I don't mind doing these things on my phone but I really dislike typing even moderate documents on my phone.

In exchange for that security, there is inconvenience. Getting my notes off of the 102 is a bit of pain in the neck. At least that is how I remember it: let's find out.

How Hard Was The File Transfer?

Wow, that was more of a pain in the neck then I expected, or even imagined. The combination of how out of practice I am and current typical hardware configurations of desktops turn out to require some untangling. However, untangled they are now. Thanks to the magic of Linux shell scripts, the pain is now very much wrapped in a script but HOLY COW was that a trip down memory lane.

Since it was so hard for me to get the file off of the 102, it is tempting for me to think of this as a kind of security: security by obscurity. Alas, any sense of security should be fleeting because it is false. Yes, it was work to figure out how to get the file in a clean, easy, repeatable way. But obscurity is brittle: now that I have been forced to relive the good old days of RS-232 hardware and getty software, I now have a clean, easy, repeatable way to get files off of the 102. Good news for me, since I intend to do this somewhat frequently. Bad news for me if I were expecting that the obscurity would save me in the event of a security breach. To the right opponent, this task would be an annoying 15-45 minutes. Is that enough disincentive? I have no idea and I don't want to find out if I can avoid it.

Conclusion

Mindfulness is really the only way to keep up your cybersecurity. The enemy of mindfulness is routine and the comfort that routine can bring. Many of us travel for work. Many of us try to be productive when we travel for work. Many of us assume that our work laptops will always be there for us and that our work laptops won't pick up any malware on our travels. Comforting as these assumptions are, we cannot all them to control our behavior. Just because you're paranoid doesn't mean that they aren't out to get you.