In the book, "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" or "Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy" (sorry, I read both recently), the author describes an incident where when she got back to her hotel room one night her door was open, the safe was open, and her laptop was laying there. She did cybersecurity reporting and wed how some governments abuse spyware to spy on their citizens.
I imagine the target audience for this type of security would be journalists and cybersecurity researchers whom governments might target. I'm sure other jobs could use this information to protect themselves better.
Large government agencies can afford to design systems that probably do not need these requirements, and they also probably wouldn't have any sensitive information on any unattended device.
It seems that this might blow other types of cover, though.
If the border guard notices glitter-covered screws on Ordinary Joe's laptop, that might tip off the Imperial Guards to keep a close eye on him during his stay.
If success requires getting people to care about anything at all we've already lost. Electronics should just come with tamper-evidence as a feature. They should come with these things pre-applied so that everyone has them whether they care or not. Then they can't single you out for having them.
I run a service that needs some measure of L1 security (true randomness), and the servers that actually generate the random numbers get this sort of treatment. We get all the manufacturer's features like intrusion detection switches that tie into the TPM, but we also do some other tamper protection.
I am not going to detail everything that happens to these servers, but glitter epoxy and other annoying seals on the places the server might be accessed are some of the physical protection features.
I was in the park with some friends yesterday and we took a cooler with some ice and beers in it. Not long after we arrived a lady came over and asked if we had seen a red purse she had lost. We hadn’t, but helped look in the immediate surrounding area for a few minutes.
She asked very shyly, if it wasn’t too much trouble etc., if she could look under the cooler as well. It might sound silly but I think it was completely understandable. While unlikely, she wanted to eliminate the possibility that the purse was in our area, before moving on.
I think a lot of tamper seals are like this. If you have a leak and need to decide if it was either from an unscrupulous employee in the office or from someone else at home tampering with your laptop then being able to definitively eliminate the latter will help you focus on the other possibilities.
It's fiddly and annoying, the exact opposite of what you'd put in a movie, or even a boring novel.
From my year in the (redacted) MoD, I still get bad memories of having to deal with stuff like https://www.3m.com/3M/en_US/p/d/b5005310025/ or rather the equivalent from twenty years ago...
btw. is anyone working on Haven or a reboot (eg. looking at https://github.com/guardianproject/haven/issues/465)
This is not the way security works in a professional context. Did someone search my hotel room? who cares? Did someone go through my phone? who cares? The real purpose of detecting an intrusion is not to protect something there. The purpose is the detection--and you don't want an adversary to know you detected their activity. It's a test. You don't have anything in this world that you can actually protect. So the question to answer is, "Am I of interest?"
Like is the NSA covering their laptop screws in glitter nail polish? Are covert CIA agents? SOF?
Who needs this level of secrecy that would not have the physical security in place to protect the device in the first place?