问HN:在前往美国时如何保护机密信息
我是一个小型加拿大公司的首席技术官,我们为工业客户构建能源管理和流程优化平台。我们的许多客户是大型美国公司,一些员工会前往客户现场进行实施或咨询工作。因此,他们需要携带公司手机和笔记本电脑跨越边境。
最近的新闻中,一名前往德克萨斯州参加会议的法国研究人员的笔记本电脑被美国当局扣押,原因并不明确。似乎在美国边境类似案件的数量有所增加。
如果公司的笔记本电脑被美国海关扣押,这将客观上代表着安全漏洞,并威胁到我们客户数据的机密性。咨询师需要在他们的计算机上拥有一些数据集的本地副本(如生产数据、能源相关信息等),以便进行分析。
我正在考虑向所有员工发出警告,但我想知道你们是否有关于此事的建议:
- 限制我们风险的技术措施。我们使用加密磁盘,边境官员是否可以强迫你提供密码/加密密钥?
- 保护美国公司数据机密性的法律措施。联邦政府是否可以仅仅因为数据跨越边境就扣押美国公司的机密数据?
感谢你的帮助!
查看原文
I am the CTO of a small Canadian company, we build energy management and process optimization platforms for industrial clients. Many of our clients are large US companies, and some of our employees travel to clients' sites for implementation or consulting work. As a result, they have to cross the border with their company phone and laptop.<p>In recent news, a French researcher traveling to a conference in Texas had his laptop seized by the US authorities, for reasons that are not well explained. It seems that the number of similar cases has increased at the US border.<p>If a company laptop was ceased by the US customs, this will objectively represent a security breach and threaten the confidentiality of our clients' data. Consultants have to have a local copy of some dataset (like production data, energy related info... ) from facilities to perform analysis on their computer.<p>I am considering issuing a warning to all our employees about this, but I am wondering if some of you have recommendations regarding this:
- technical measures to limit our exposure. We use encrypted disks, can the border officer force you to provide the password / encryption key?
- legal measures to protect the confidentiality of data from US-based companies. Can the federal government seized confidential data from US-based companies just because it crosses the border?<p>Thanks for your help!